From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E193AC7EE23 for ; Wed, 7 Jun 2023 18:54:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4058C6B0074; Wed, 7 Jun 2023 14:54:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3B4E98E0001; Wed, 7 Jun 2023 14:54:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 255996B007B; Wed, 7 Jun 2023 14:54:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 14AD26B0074 for ; Wed, 7 Jun 2023 14:54:01 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id D49B3A037E for ; Wed, 7 Jun 2023 18:54:00 +0000 (UTC) X-FDA: 80876851440.23.3DAC962 Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by imf12.hostedemail.com (Postfix) with ESMTP id B761240009 for ; Wed, 7 Jun 2023 18:53:58 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=gmail.com header.s=20221208 header.b=LrSIqPYI; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf12.hostedemail.com: domain of isaku.yamahata@gmail.com designates 209.85.210.176 as permitted sender) smtp.mailfrom=isaku.yamahata@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1686164038; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=CWlI8O5y17mVIgSckRO28rpjnfk78X92V4g11ktEnnQ=; b=b10eFG7hYBVvbCDCz4Uc0qgn1G/XBNaveD9MyggXvAmbnPTsLoMuF4qWfC5LWc5qMAe5Q/ eP1hJbWGPNAeoteq5cr+mSzyQfLOCZmVNEAn0GFdpxsvFaVoXj5wKUGyO8ISKqrmMvI0zF izq/t9cXW1adiDoxy9Pem1qa/sBgHwA= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=gmail.com header.s=20221208 header.b=LrSIqPYI; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf12.hostedemail.com: domain of isaku.yamahata@gmail.com designates 209.85.210.176 as permitted sender) smtp.mailfrom=isaku.yamahata@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1686164038; a=rsa-sha256; cv=none; b=rWn6Y3Y263mDGmDrse5WwEet6KRdEo9yzMtUW+ugpkO8KJvH7fCJH2oDsleHb2AmVzEFnm t/JTtzp8BdnbqrtO7XJyhY0M5GwgBiXReIdavxIe8Tnkr5W0HA+cZK882yoUXY1XcBnRiL 3GlnsspZnCfTuG5Ca8WbmWbFiS9NofU= Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-662b85f4640so412227b3a.0 for ; Wed, 07 Jun 2023 11:53:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686164037; x=1688756037; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=CWlI8O5y17mVIgSckRO28rpjnfk78X92V4g11ktEnnQ=; b=LrSIqPYIl2O2Vb7lnDHMQaAJbXiVOZhw8EnOdrmM+4Yq6NcCwopRy54dAnHyLKik1N vKHSVT487M6ibmwfs5fmti5ThA0U6IlWp+XMlljGp2Vb52tp+h9/TXHDcYlDQEaZkLvC QHMRKHS5z+P+e94aRD5q5oIuMQ1z/q5JSyiD7IfN0G+7JpjsVFs/che2oi9MKW8suAEf R7cmM15MdF3Ep3Z98w2ypVreOu9VaGXAgrhRtIGSTwN0tswPxKMd0ZUdhfSO5OJ6ldeO 6fS/KBCqzZA6oDXAPw8KwQw1raW/6FMFjNZ6whQZo7dmu9uXUuJOpQLAE1iHj6Y2tZJy 32PQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686164037; x=1688756037; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=CWlI8O5y17mVIgSckRO28rpjnfk78X92V4g11ktEnnQ=; b=YXmOu1CM430LtoEjIxmXu8zQGSnvPliLiboLYF9a4M4TlJaCNGxzMjlllXKEj681S3 TmHOI13Njw144eM010ZbuSsx4RDUHEsQL2P1gLN2X7INRnoAc8c4YxOqOhgP+jXtgfur hATaMTFzY6LRPL/c7S9/HOofgUrHcMrHZnzpw7V+LXyquDe+Kf3wVA2zvLBSn9S/3/NW YmAveCJw4fxHhRqpH2ZHYMLf6GXqUeDXFIb03YshWcQJdWoCLMKbkt152m/+yYcn/6uQ W5xRFxumLaGtlRLuEujipDg+f/AhN65d1Ug2N48HNsg7M8wgKgZceU6vnXAAid8zD1bZ OENQ== X-Gm-Message-State: AC+VfDyPMw/sOg7XFdyTWpDegDi4/tng7NvlI2vgCeG0r+JaW/JUZJwX UzRli+6tqyMltXNHkWeTJyc= X-Google-Smtp-Source: ACHHUZ74yVXNTUyi/V0LeKw31FQ74c28oWW2Gy0sH1FOyjyS4+1dENhhE4ZRoViIU8ul9JyRxCWSBA== X-Received: by 2002:a05:6a00:1252:b0:660:523a:8fef with SMTP id u18-20020a056a00125200b00660523a8fefmr2920833pfi.13.1686164037156; Wed, 07 Jun 2023 11:53:57 -0700 (PDT) Received: from localhost ([192.55.54.50]) by smtp.gmail.com with ESMTPSA id n35-20020a635923000000b0051303d3e3c5sm9372544pgb.42.2023.06.07.11.53.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Jun 2023 11:53:56 -0700 (PDT) Date: Wed, 7 Jun 2023 11:53:55 -0700 From: Isaku Yamahata To: Dave Hansen Cc: Kai Huang , linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org, kirill.shutemov@linux.intel.com, tony.luck@intel.com, peterz@infradead.org, tglx@linutronix.de, seanjc@google.com, pbonzini@redhat.com, david@redhat.com, dan.j.williams@intel.com, rafael.j.wysocki@intel.com, ying.huang@intel.com, reinette.chatre@intel.com, len.brown@intel.com, ak@linux.intel.com, isaku.yamahata@intel.com, chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com, isaku.yamahata@gmail.com Subject: Re: [PATCH v11 05/20] x86/virt/tdx: Add SEAMCALL infrastructure Message-ID: <20230607185355.GH2244082@ls.amr.corp.intel.com> References: <92e19d74-447f-19e0-d9ec-8a3f12f04927@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <92e19d74-447f-19e0-d9ec-8a3f12f04927@intel.com> X-Rspam-User: X-Stat-Signature: isbziijr3saabjcmk86gmpe7f43ajoow X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: B761240009 X-HE-Tag: 1686164038-731468 X-HE-Meta: U2FsdGVkX1+5XJO0kYi9IonTOeEoNa11EXMa2niSU1YA2HJ2hLumdCVQz2zllS+LSgjYhrKtcvCA03G1PxSR0BuMUswRRWOA6gwazrDuDR0lsjTSPPBl0dcpGQqNNDuEdw4Dto+IiIwQUHRWHw9L6T1s+l+f5KfiJ2NmA67tULbwQcA6BT1snxKpHt5nV5n2H1eHks4liJH9l2N4Q4p0eVuz0j7pm0KZmVFAx2K4y8nLk5F+fPCA/bH8AvXHsUOzmz6ck6lB+eSun1Ljxl1kxRzTkjquX5cty04vO10AlKzEwvShzfMCoCZ8bKfCPxQJfHjDXfa4imyME5rdi/hpYrE23zKyEbwY9jZTIl7Td3KVMuUBz8bFIv9zF3PJUUomzZZb9yyRz0/HnZrtZ/Dcc7CF8n1BX/JzIdp2ZjpLZSZEJuHmif9jDOo8bdfXQD4mNsiplVsNBFBepbeUcYRiC7g8/78QClWbI4FGjBs4gHWCV7pYkqjLzuYACiULn76bgG2bKGxStplQ9yB9N0KiSvrL8M4EoiQswwMhKYb7lyh5RK31KinezH4fY2SrMcnY5XM/XB4lS5chkxnG2nWUDnKq/UdBxMQUwyZMOlpz104QdRByGtYZ92j261ExsGlEV4Qzv/lsjDz7IDDdjZgKKIXM2l3ED2sSczJROhEFjYro7+mC1WstG9peCXhQ9PbUmEcqiltvyg7yDp7h31UxmcTb3+XjrNQejGzq/bCoXKU1abDIvMGOptl7w+/qnZSvqC13kHYV/uWXTT+6PfPDsmzwT1LwP/6heXa9A9sYaXSkvIhcu1PfEXyStyFyoBhoNnbbS2mzC7nfNd2Q8jDBX9msLrZ994T1W2lBaIhLjnPl/aUdhzPgIzAziacb1EIJBv2GVyBm//GjpQYwelznou3x+DIP42ZZwFuG4lrauDp2UjU8gXieEKqXUWzDHm0aCqPoTrAkbQOYsfs7qhU f+ScMWU7 Fe5w0TtVCLjvKWILubHI3aXt5SM8a6uCl+ZNtEa2Qx30VuHk4mb7KgR5Ds3PggiLVk5eS5fUBljrgWgvggh+uya4cnGwsHZ5ngNPKRpKawEtlDr1Vdc3pWBRbX7x1FWckPJMrJDVWjedla+dPVwSfFZzgARTrnngQkERK4XjKPIqpU3hoTnd5WP1gpFLdHANrUbzxtF6pOfS+UZQG9wldrNBo7ktD4p/tN42YqbRaJ9fS7GoevyIfHqEY/ovXSMOK6D1uhvkIF1Whe9gAtQYYnkFOFS4Mo4YlSM9xsj9bj1CCL4TjWtdJgaecrW/j2ARWgbbzkcEbaKE84+jKG6oX4jvhj0blou6lhgoTSRZFbSJDU6nOiBf1g0c4rzrggldX+3rvfp8Xv/8dIMV99elZSzYshWz4JEKoWO8PpbIHnX8qCt0rDEPxlzMWKEYPcQLMqjvRMjG+Az0g8Gfw7FrvmEDITZ6aDw5yCRFmlEW9EeunbP+0jNx47iCkVZL2+a7eNjh4bv8Lx7cCsPe9liCnoBxrnfNJpnCeQCir X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Jun 07, 2023 at 07:24:23AM -0700, Dave Hansen wrote: > On 6/4/23 07:27, Kai Huang wrote: > > TDX introduces a new CPU mode: Secure Arbitration Mode (SEAM). This > > mode runs only the TDX module itself or other code to load the TDX > > module. > > > > The host kernel communicates with SEAM software via a new SEAMCALL > > instruction. This is conceptually similar to a guest->host hypercall, > > except it is made from the host to SEAM software instead. The TDX > > module establishes a new SEAMCALL ABI which allows the host to > > initialize the module and to manage VMs. > > > > Add infrastructure to make SEAMCALLs. The SEAMCALL ABI is very similar > > to the TDCALL ABI and leverages much TDCALL infrastructure. > > > > SEAMCALL instruction causes #GP when TDX isn't BIOS enabled, and #UD > > when CPU is not in VMX operation. Currently, only KVM code mocks with > > "mocks"? Did you mean "mucks"? > > > VMX enabling, and KVM is the only user of TDX. This implementation > > chooses to make KVM itself responsible for enabling VMX before using > > TDX and let the rest of the kernel stay blissfully unaware of VMX. > > > > The current TDX_MODULE_CALL macro handles neither #GP nor #UD. The > > kernel would hit Oops if SEAMCALL were mistakenly made w/o enabling VMX > > first. Architecturally, there is no CPU flag to check whether the CPU > > is in VMX operation. Also, if a BIOS were buggy, it could still report > > valid TDX private KeyIDs when TDX actually couldn't be enabled. > > I'm not sure this is a great justification. If the BIOS is lying to the > OS, we _should_ oops. > > How else can this happen other than silly kernel bugs. It's OK to oops > in the face of silly kernel bugs. TDX KVM + reboot can hit #UD. On reboot, VMX is disabled (VMXOFF) via syscore.shutdown callback. However, guest TD can be still running to issue SEAMCALL resulting in #UD. Or we can postpone the change and make the TDX KVM patch series carry a patch for it. -- Isaku Yamahata