From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8840AC7EE37 for ; Tue, 6 Jun 2023 23:55:25 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E13898E0002; Tue, 6 Jun 2023 19:55:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D9CC98E0001; Tue, 6 Jun 2023 19:55:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C15648E0002; Tue, 6 Jun 2023 19:55:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id AB1B28E0001 for ; Tue, 6 Jun 2023 19:55:24 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 664921C7DC7 for ; Tue, 6 Jun 2023 23:55:24 +0000 (UTC) X-FDA: 80873982168.01.2E50F0C Received: from mail-oi1-f176.google.com (mail-oi1-f176.google.com [209.85.167.176]) by imf06.hostedemail.com (Postfix) with ESMTP id 8A0C1180006 for ; Tue, 6 Jun 2023 23:55:21 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=gmail.com header.s=20221208 header.b="CjEn0PX/"; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf06.hostedemail.com: domain of isaku.yamahata@gmail.com designates 209.85.167.176 as permitted sender) smtp.mailfrom=isaku.yamahata@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1686095721; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=hOQzrbZHUmoia05eqN4EKqzf+zpJ0+8eDnjMC/lIzAY=; b=ZT+RSThWFx0F4dnp/7kruesN+LQdd5eHvCNoG3G2l3QeJ+nQPxSbY8iHwemBUZcF2QF/3c hgTTYkrjwnMrgdN8Yj28PoP16UR6k/yPcpOeM3mXQakX3Y13wS5Mrq9g+qB+5+XkODZwgf fdhUDYe3MHRYEj5OXvVPPzvEnuNkP3U= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=gmail.com header.s=20221208 header.b="CjEn0PX/"; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf06.hostedemail.com: domain of isaku.yamahata@gmail.com designates 209.85.167.176 as permitted sender) smtp.mailfrom=isaku.yamahata@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1686095721; a=rsa-sha256; cv=none; b=ct6xXVsYircwppTOofREPSn+jGfb14El7hj3nMD9wSAcsLEeHBVLycwhJzoBHJhXkFtJUp DXVOR7upp/6cyq68MznLp8T1PdOoq3a41rNcZImYWxayP0Zhftwu14d8MKz/G+1wbfCJSM YMJohk+1HhM9wevc3TD36nc0K7MIMoQ= Received: by mail-oi1-f176.google.com with SMTP id 5614622812f47-38c35975545so5923236b6e.1 for ; Tue, 06 Jun 2023 16:55:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686095720; x=1688687720; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=hOQzrbZHUmoia05eqN4EKqzf+zpJ0+8eDnjMC/lIzAY=; b=CjEn0PX/YnBT84EeHkI2HUb/xuybRHwrnHPVLMn6DJp2+p7g0yGBKLgbBd274wYFBP oUBlcHDTW07BHfBwF1OZPnBbIWlpj4tsXMbh8Fd0+C9CZt7PGLQgdj8grcnA8vTHU4l1 uSf9qijgraFQawrHkUoG/m19jOlJsl+TFLEPAC1Src+FJpEd5T3221DmP6FhvSd/LaCj xu+nDO97y5jq5RV13IFYE2FbZbtq7OiCkX3N9nCryAyGf+6/zlw9pMXqt2VxaixnnrCw 1pOaRuS5mZjwoGPaqS1X+yseRtmZlGjqEMWfzDSvVDSYzt6j/fJYkyPcTwVWeoEo67hB sq0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686095720; x=1688687720; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=hOQzrbZHUmoia05eqN4EKqzf+zpJ0+8eDnjMC/lIzAY=; b=IVXSz+4YkvvutL29pc0HsUZGErXuXWePQODHcEQZKLPSXz2hd+FHh9gAG5+mk0OIK3 bdQKipos5Sfp9N/u2vzIgVKCfxovcmHFLkXcClAVah5ckq3/KqqqefKe/s0k8XJgnFzz 4maOF3BjcU15t7M7LlnbyuWYp4qn1xTonFnDTRVkq1mPO0Sie8KwGLcW3PXbkP6ZLqHp ADlJasnzBcd/2iuLN3oERU+1r2+g6JnyCB6kHws8KcagtxBbI+oVGBITItEHRK/hP7OY 9Wxs0f/5Zddo7KRhvMrVSiYZJy7i8c4zije2VtuxQYsiTlcZHrSxpK0GnMb5lP+BSFq1 xwMQ== X-Gm-Message-State: AC+VfDwLtMo5KEBgwiIv+QAddOkzuOG2ggvIo+/gOTcTzkIsbj3eQ7w0 jrVoK9f1HYA2cfqSdA9Wqyc= X-Google-Smtp-Source: ACHHUZ77yKkNd1sB9/1XDc5LEp4kwfnUwG9/M7xu36reZ3x760fMAC7fjNyIU3XsgNvJlrOMZ5lWRg== X-Received: by 2002:a05:6808:2cc:b0:39a:bd0e:43d with SMTP id a12-20020a05680802cc00b0039abd0e043dmr3132835oid.36.1686095720356; Tue, 06 Jun 2023 16:55:20 -0700 (PDT) Received: from localhost ([192.55.54.50]) by smtp.gmail.com with ESMTPSA id 15-20020aa7924f000000b0066199088a2dsm258965pfp.193.2023.06.06.16.55.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 06 Jun 2023 16:55:19 -0700 (PDT) Date: Tue, 6 Jun 2023 16:55:18 -0700 From: Isaku Yamahata To: Kai Huang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org, dave.hansen@intel.com, kirill.shutemov@linux.intel.com, tony.luck@intel.com, peterz@infradead.org, tglx@linutronix.de, seanjc@google.com, pbonzini@redhat.com, david@redhat.com, dan.j.williams@intel.com, rafael.j.wysocki@intel.com, ying.huang@intel.com, reinette.chatre@intel.com, len.brown@intel.com, ak@linux.intel.com, isaku.yamahata@intel.com, chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com, isaku.yamahata@gmail.com Subject: Re: [PATCH v11 05/20] x86/virt/tdx: Add SEAMCALL infrastructure Message-ID: <20230606235518.GD2244082@ls.amr.corp.intel.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Rspam-User: X-Stat-Signature: 3o5hsukqk1fo5ciirpsw3arxfith11yt X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 8A0C1180006 X-HE-Tag: 1686095721-781238 X-HE-Meta: U2FsdGVkX1/gd2jwq5nypGz32EwTBq7nPXQc5zWreG/lLJDetCJnOHY2ZA7F5BSI46aHShnsQo0Ap7ROGbnD9DVHu4aCutm63pRLOUCQXkaHvTNkJM6v5hNOaTuuD5TVQ2pdfg3BP3rQOm4W8blTAB6NEN9V/eCrVmRQay/WsbwAxGmqbL9JGwQD/wwxucQJ4jqOG+9N615wkdmYvysguVkTE9St2FYMnD5uljp94GoMiWqbMHDSQixmPn4Cwdr1MT6p2pbKWuF6plPAV3nk/cGTvSJSovv36kzVUt+BXaoh+2d/wkrqMMT3OINV/V07wn7xVzBH3MUZfyBgO/+XtgQ6J8YiI6qfWN2ZodcqiwFhn9g9Tasp94p9xamrbS6T9wE56iX5oVhz9rvYXN+g8IVgJyCNPyjToI60hvZD1Cmqx6FI/PAu0zHo0J8VcRJnOWDK6KrNhGEVO0jzVb56u7o/rEi8LdoPnoRGFGKihHP91mUaJ8zOJQ5HM1d7GUXVbrQrzTsPhUmFuWM/trcEZCeX8d8dY+wLZVpX2GrcI4V7hONViLhG+A5KcFtfLCqA0Jn5ZGg2Hv466lJ6+zTvxVEmI/yw+9etrZ2hodUVvYCyuMgzGqTricpoEpkBMXXF3OST7wVF9rZKMKrUC8hSgzm0Cn2secDsFuYJizRblx3LrsKLxC+bOb0tBTUw4NRgvXXeE+tHjJqlDKsfOqBhAWR0Ebk5CVIE8DI66NQ+Jcs6o9quc6tPfo/9Pmt/MUJ1dSofomd+9B5qQ/siL+XqH9cdU4V0/4gEmxeovqhi1cRTb5WkR3l66bp1hPBFFZTC8Bo8x60OJz6qaY4hl0qE2lCIRM//SwLdOYJz9cjP8qTLUz3GAohE0JqxFmc9VSate/gGgRfqTWskKfIDTgC+RFswR19LsOKXrAK8YdLtO49GngmNTiBME5i2jRR9uz8b1qVSFGJHr7ILnoOqx4a j9SiUuux 5Im/ws+fScR9XEfeEmvSU2Gd2YihsVhQz5gLhG5OLYpGrycV7y9QMVKv/54OhVB7QLqcHha+W1yBbZB64A1v6caMpsQDWDhcvzX/YXXyL95pB8dRgk/UNEOq9vu7UPjKT1T9hvgkWsuPcKF3fJ7CsP2G94JP1fmXcqcAdWMV/J9iru6/k6WJrf010EJN9FQPgBo2/BAsnYQihRfQzLmk1a3bgEjedzJEsQ1CyshsOkijzY3Wc0Q0GPHcnPDbcE383emqFjFGBHFT/7D9vDFKzAU33j/W8g3c7bDe0VP3gly9aM71cMr4BHibT1nr62mKD5kfp+PKRJzjqx+KUmhdSlsHrpAYDegowhc0CU4wHvzIfJy5fuSYqTyLW/5UA+mK7+edNFyCGnYRdRTSHo2Y1QdDeWqrmKdFiQb9EJ8OVwby7c6e9QCeEBnglSCQSxWY3r+lN6CXK2zpY5EC2ZH6iw6okjWcc4LmDEjnqyv2surEpBJHpq49RiJ9dLr2pGeI5n+o46wrz3UK3QuF7XQ/fDZpdYtBilRuRYnPN X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Jun 05, 2023 at 02:27:18AM +1200, Kai Huang wrote: > TDX introduces a new CPU mode: Secure Arbitration Mode (SEAM). This > mode runs only the TDX module itself or other code to load the TDX > module. > > The host kernel communicates with SEAM software via a new SEAMCALL > instruction. This is conceptually similar to a guest->host hypercall, > except it is made from the host to SEAM software instead. The TDX > module establishes a new SEAMCALL ABI which allows the host to > initialize the module and to manage VMs. > > Add infrastructure to make SEAMCALLs. The SEAMCALL ABI is very similar > to the TDCALL ABI and leverages much TDCALL infrastructure. > > SEAMCALL instruction causes #GP when TDX isn't BIOS enabled, and #UD > when CPU is not in VMX operation. Currently, only KVM code mocks with > VMX enabling, and KVM is the only user of TDX. This implementation > chooses to make KVM itself responsible for enabling VMX before using > TDX and let the rest of the kernel stay blissfully unaware of VMX. > > The current TDX_MODULE_CALL macro handles neither #GP nor #UD. The > kernel would hit Oops if SEAMCALL were mistakenly made w/o enabling VMX > first. Architecturally, there is no CPU flag to check whether the CPU > is in VMX operation. Also, if a BIOS were buggy, it could still report > valid TDX private KeyIDs when TDX actually couldn't be enabled. > > Extend the TDX_MODULE_CALL macro to handle #UD and #GP to return error > codes. Introduce two new TDX error codes for them respectively so the > caller can distinguish. > > Also add a wrapper function of SEAMCALL to convert SEAMCALL error code > to the kernel error code, and print out SEAMCALL error code to help the > user to understand what went wrong. > > Signed-off-by: Kai Huang > --- > > v10 -> v11: > - No update > > v9 -> v10: > - Make the TDX_SEAMCALL_{GP|UD} error codes unconditional but doesn't > define them when INTEL_TDX_HOST is enabled. (Dave) > - Slightly improved changelog to explain why add assembly code to handle > #UD and #GP. > > v8 -> v9: > - Changed patch title (Dave). > - Enhanced seamcall() to include the cpu id to the error message when > SEAMCALL fails. > > v7 -> v8: > - Improved changelog (Dave): > - Trim down some sentences (Dave). > - Removed __seamcall() and seamcall() function name and changed > accordingly (Dave). > - Improved the sentence explaining why to handle #GP (Dave). > - Added code to print out error message in seamcall(), following > the idea that tdx_enable() to return universal error and print out > error message to make clear what's going wrong (Dave). Also mention > this in changelog. > > v6 -> v7: > - No change. > > v5 -> v6: > - Added code to handle #UD and #GP (Dave). > - Moved the seamcall() wrapper function to this patch, and used a > temporary __always_unused to avoid compile warning (Dave). > > - v3 -> v5 (no feedback on v4): > - Explicitly tell TDX_SEAMCALL_VMFAILINVALID is returned if the > SEAMCALL itself fails. > - Improve the changelog. > > --- > arch/x86/include/asm/tdx.h | 5 +++ > arch/x86/virt/vmx/tdx/Makefile | 2 +- > arch/x86/virt/vmx/tdx/seamcall.S | 52 +++++++++++++++++++++++++++++ > arch/x86/virt/vmx/tdx/tdx.c | 56 ++++++++++++++++++++++++++++++++ > arch/x86/virt/vmx/tdx/tdx.h | 10 ++++++ > arch/x86/virt/vmx/tdx/tdxcall.S | 19 +++++++++-- > 6 files changed, 141 insertions(+), 3 deletions(-) > create mode 100644 arch/x86/virt/vmx/tdx/seamcall.S > create mode 100644 arch/x86/virt/vmx/tdx/tdx.h > > diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h > index 4dfe2e794411..b489b5b9de5d 100644 > --- a/arch/x86/include/asm/tdx.h > +++ b/arch/x86/include/asm/tdx.h > @@ -8,6 +8,8 @@ > #include > #include > > +#include > + > /* > * SW-defined error codes. > * > @@ -18,6 +20,9 @@ > #define TDX_SW_ERROR (TDX_ERROR | GENMASK_ULL(47, 40)) > #define TDX_SEAMCALL_VMFAILINVALID (TDX_SW_ERROR | _UL(0xFFFF0000)) > > +#define TDX_SEAMCALL_GP (TDX_SW_ERROR | X86_TRAP_GP) > +#define TDX_SEAMCALL_UD (TDX_SW_ERROR | X86_TRAP_UD) > + > #ifndef __ASSEMBLY__ > > /* TDX supported page sizes from the TDX module ABI. */ > diff --git a/arch/x86/virt/vmx/tdx/Makefile b/arch/x86/virt/vmx/tdx/Makefile > index 93ca8b73e1f1..38d534f2c113 100644 > --- a/arch/x86/virt/vmx/tdx/Makefile > +++ b/arch/x86/virt/vmx/tdx/Makefile > @@ -1,2 +1,2 @@ > # SPDX-License-Identifier: GPL-2.0-only > -obj-y += tdx.o > +obj-y += tdx.o seamcall.o > diff --git a/arch/x86/virt/vmx/tdx/seamcall.S b/arch/x86/virt/vmx/tdx/seamcall.S > new file mode 100644 > index 000000000000..f81be6b9c133 > --- /dev/null > +++ b/arch/x86/virt/vmx/tdx/seamcall.S > @@ -0,0 +1,52 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > +#include > +#include > + > +#include "tdxcall.S" > + > +/* > + * __seamcall() - Host-side interface functions to SEAM software module > + * (the P-SEAMLDR or the TDX module). > + * > + * Transform function call register arguments into the SEAMCALL register > + * ABI. Return TDX_SEAMCALL_VMFAILINVALID if the SEAMCALL itself fails, > + * or the completion status of the SEAMCALL leaf function. Additional > + * output operands are saved in @out (if it is provided by the caller). > + * > + *------------------------------------------------------------------------- > + * SEAMCALL ABI: > + *------------------------------------------------------------------------- > + * Input Registers: > + * > + * RAX - SEAMCALL Leaf number. > + * RCX,RDX,R8-R9 - SEAMCALL Leaf specific input registers. > + * > + * Output Registers: > + * > + * RAX - SEAMCALL completion status code. > + * RCX,RDX,R8-R11 - SEAMCALL Leaf specific output registers. > + * > + *------------------------------------------------------------------------- > + * > + * __seamcall() function ABI: > + * > + * @fn (RDI) - SEAMCALL Leaf number, moved to RAX > + * @rcx (RSI) - Input parameter 1, moved to RCX > + * @rdx (RDX) - Input parameter 2, moved to RDX > + * @r8 (RCX) - Input parameter 3, moved to R8 > + * @r9 (R8) - Input parameter 4, moved to R9 > + * > + * @out (R9) - struct tdx_module_output pointer > + * stored temporarily in R12 (not > + * used by the P-SEAMLDR or the TDX > + * module). It can be NULL. > + * > + * Return (via RAX) the completion status of the SEAMCALL, or > + * TDX_SEAMCALL_VMFAILINVALID. > + */ > +SYM_FUNC_START(__seamcall) > + FRAME_BEGIN > + TDX_MODULE_CALL host=1 > + FRAME_END > + RET > +SYM_FUNC_END(__seamcall) > diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c > index 2d91e7120c90..e82713dd5d54 100644 > --- a/arch/x86/virt/vmx/tdx/tdx.c > +++ b/arch/x86/virt/vmx/tdx/tdx.c > @@ -12,14 +12,70 @@ > #include > #include > #include > +#include > #include > #include > #include > +#include "tdx.h" > > static u32 tdx_global_keyid __ro_after_init; > static u32 tdx_guest_keyid_start __ro_after_init; > static u32 tdx_nr_guest_keyids __ro_after_init; > > +/* > + * Wrapper of __seamcall() to convert SEAMCALL leaf function error code > + * to kernel error code. @seamcall_ret and @out contain the SEAMCALL > + * leaf function return code and the additional output respectively if > + * not NULL. > + */ > +static int __always_unused seamcall(u64 fn, u64 rcx, u64 rdx, u64 r8, u64 r9, > + u64 *seamcall_ret, > + struct tdx_module_output *out) > +{ > + int cpu, ret = 0; > + u64 sret; > + > + /* Need a stable CPU id for printing error message */ > + cpu = get_cpu(); > + > + sret = __seamcall(fn, rcx, rdx, r8, r9, out); > + > + /* Save SEAMCALL return code if the caller wants it */ > + if (seamcall_ret) > + *seamcall_ret = sret; > + > + /* SEAMCALL was successful */ > + if (!sret) > + goto out; > + > + switch (sret) { > + case TDX_SEAMCALL_GP: > + pr_err_once("[firmware bug]: TDX is not enabled by BIOS.\n"); > + ret = -ENODEV; > + break; > + case TDX_SEAMCALL_VMFAILINVALID: > + pr_err_once("TDX module is not loaded.\n"); > + ret = -ENODEV; > + break; > + case TDX_SEAMCALL_UD: > + pr_err_once("SEAMCALL failed: CPU %d is not in VMX operation.\n", > + cpu); > + ret = -EINVAL; > + break; > + default: > + pr_err_once("SEAMCALL failed: CPU %d: leaf %llu, error 0x%llx.\n", > + cpu, fn, sret); > + if (out) > + pr_err_once("additional output: rcx 0x%llx, rdx 0x%llx, r8 0x%llx, r9 0x%llx, r10 0x%llx, r11 0x%llx.\n", > + out->rcx, out->rdx, out->r8, > + out->r9, out->r10, out->r11); > + ret = -EIO; > + } > +out: > + put_cpu(); > + return ret; > +} > + > static int __init record_keyid_partitioning(u32 *tdx_keyid_start, > u32 *nr_tdx_keyids) > { > diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h > new file mode 100644 > index 000000000000..48ad1a1ba737 > --- /dev/null > +++ b/arch/x86/virt/vmx/tdx/tdx.h > @@ -0,0 +1,10 @@ > +/* SPDX-License-Identifier: GPL-2.0 */ > +#ifndef _X86_VIRT_TDX_H > +#define _X86_VIRT_TDX_H > + > +#include > + > +struct tdx_module_output; > +u64 __seamcall(u64 fn, u64 rcx, u64 rdx, u64 r8, u64 r9, > + struct tdx_module_output *out); > +#endif > diff --git a/arch/x86/virt/vmx/tdx/tdxcall.S b/arch/x86/virt/vmx/tdx/tdxcall.S > index 49a54356ae99..757b0c34be10 100644 > --- a/arch/x86/virt/vmx/tdx/tdxcall.S > +++ b/arch/x86/virt/vmx/tdx/tdxcall.S > @@ -1,6 +1,7 @@ > /* SPDX-License-Identifier: GPL-2.0 */ > #include > #include > +#include > > /* > * TDCALL and SEAMCALL are supported in Binutils >= 2.36. > @@ -45,6 +46,7 @@ > /* Leave input param 2 in RDX */ > > .if \host > +1: > seamcall > /* > * SEAMCALL instruction is essentially a VMExit from VMX root > @@ -57,10 +59,23 @@ > * This value will never be used as actual SEAMCALL error code as > * it is from the Reserved status code class. > */ > - jnc .Lno_vmfailinvalid > + jnc .Lseamcall_out > mov $TDX_SEAMCALL_VMFAILINVALID, %rax > -.Lno_vmfailinvalid: > + jmp .Lseamcall_out > +2: > + /* > + * SEAMCALL caused #GP or #UD. By reaching here %eax contains > + * the trap number. Convert the trap number to the TDX error > + * code by setting TDX_SW_ERROR to the high 32-bits of %rax. > + * > + * Note cannot OR TDX_SW_ERROR directly to %rax as OR instruction > + * only accepts 32-bit immediate at most. > + */ > + mov $TDX_SW_ERROR, %r12 > + orq %r12, %rax > > + _ASM_EXTABLE_FAULT(1b, 2b) > +.Lseamcall_out: > .else > tdcall > .endif > -- > 2.40.1 > Reviewed-by: Isaku Yamahata -- Isaku Yamahata