Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2473824pxb;
        Fri, 5 Feb 2021 20:38:41 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyWTLqtzcomxMbIVw0eegJOS03ixHwdnl1tAZcHO+oLIx0hJC85c2aJtWbjeXInGq6Qw/qY
X-Received: by 2002:a17:906:a099:: with SMTP id q25mr7031354ejy.420.1612586321375;
        Fri, 05 Feb 2021 20:38:41 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1612586321; cv=none;
        d=google.com; s=arc-20160816;
        b=PWuKsU0Boh+1MiqjeMYz2QXVDItjfWReKY6RB2jFUnxIzwko4TpXWIYU4PyWZH5xlp
         5lSBftUf3ZlRY30BqZACH9TBX/rUFUFJcWvjvzUWdF/z2qeiLsxh+i7nL0J45cCmwTrC
         cYvv1KSdzGxU+w7Qisq7OpL+vIE00Ej0y//+4/Bhn1JKV8Qu9mzKOiF9Yr0tFYsM0w2M
         JadXgRwupUlOyNmODeC07K50IkUMMLRL+zquF0AJ2DSZME7x3S1KqyeAEwqxEIHHejcG
         W6XGI6PW/+1ciuuym6fENicQPOKZ6MOwZxCZP7PQdKUQByjtzJ4UcamSadmifCu55SP3
         MWHQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :ironport-sdr:ironport-sdr;
        bh=EBbvYTHwG/EelyGkT9gkAq2tvp7ns7Q5Jy+sS2hg+9s=;
        b=uEbMqySTOzFxpqx5XSotindRYPPiQA83CRUZzeHvF2HACHCVirvoWQaDde4+XPX7jV
         S+xJzDNlO6CgsHaetmjD5l61zh2rfMeoD0KxEmNKA9pii63vyDh9gNDhWKHoZRp4WulG
         wPumZJIv+CiVNqJ5f74U7qQKHpI12I+BeQzK3pWBbP9lI3U/Ro2GoQXZGmMdPz35kAsL
         bG567kcAE/uqwCQKXgTHKZA7CsEcMm/haWk57Mjh5leTpmE+CWx1lOuKo7m2D9l/3Wt/
         voJO6TI9eGftiPtMRck9GOh6GRR1m8N/Jj5/K5rL0FKaNliMS2AkUgbpssNmdqqf4Ev0
         Fh8A==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id a20si6583047ejj.97.2021.02.05.20.38.17;
        Fri, 05 Feb 2021 20:38:41 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230038AbhBFEgq (ORCPT <rfc822;lkml.email@gmail.com> + 99 others);
        Fri, 5 Feb 2021 23:36:46 -0500
Received: from mga09.intel.com ([134.134.136.24]:27618 "EHLO mga09.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S229669AbhBFCbc (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 5 Feb 2021 21:31:32 -0500
IronPort-SDR: NBoEhsLj7KzMEHAcZKacTlOFZuTu7J26KvSzUENw2gI1HyohHeqj/p9+KC5ABW5yMR3xX6mwrb
 1zXoMhVZIU8g==
X-IronPort-AV: E=McAfee;i="6000,8403,9886"; a="181650746"
X-IronPort-AV: E=Sophos;i="5.81,156,1610438400"; 
   d="scan'208";a="181650746"
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
  by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Feb 2021 15:39:13 -0800
IronPort-SDR: 1A5WZdpfaX/Q//kJlKMe9ouvvowtpuAn7h6VQbS+8N32T3U9rg2ZBFi/u+OP1kA8/X+7ky5VLT
 +3muR9q9gowg==
X-IronPort-AV: E=Sophos;i="5.81,156,1610438400"; 
   d="scan'208";a="416183951"
Received: from mdhake-mobl.amr.corp.intel.com (HELO skuppusw-mobl5.amr.corp.intel.com) ([10.209.53.25])
  by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Feb 2021 15:39:13 -0800
From:   Kuppuswamy Sathyanarayanan 
        <sathyanarayanan.kuppuswamy@linux.intel.com>
To:     Peter Zijlstra <peterz@infradead.org>,
        Andy Lutomirski <luto@kernel.org>,
        Dave Hansen <dave.hansen@intel.com>
Cc:     Andi Kleen <ak@linux.intel.com>,
        Kirill Shutemov <kirill.shutemov@linux.intel.com>,
        Kuppuswamy Sathyanarayanan <knsathya@kernel.org>,
        Dan Williams <dan.j.williams@intel.com>,
        Raj Ashok <ashok.raj@intel.com>,
        Sean Christopherson <seanjc@google.com>,
        linux-kernel@vger.kernel.org,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        Kuppuswamy Sathyanarayanan 
        <sathyanarayanan.kuppuswamy@linux.intel.com>
Subject: [RFC v1 17/26] x86/boot: Avoid unnecessary #VE during boot process
Date:   Fri,  5 Feb 2021 15:38:34 -0800
Message-Id: <fde86d8f8c611abea1672d8ece8446db381d8214.1612563142.git.sathyanarayanan.kuppuswamy@linux.intel.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1612563142.git.sathyanarayanan.kuppuswamy@linux.intel.com>
References: <cover.1612563142.git.sathyanarayanan.kuppuswamy@linux.intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Sean Christopherson <sean.j.christopherson@intel.com>

Skip writing EFER during secondary_startup_64() if the current value is
also the desired value. This avoids a #VE when running as a TDX guest,
as the TDX-Module does not allow writes to EFER (even when writing the
current, fixed value).

Also, preserve CR4.MCE instead of clearing it during boot to avoid a #VE
when running as a TDX guest. The TDX-Module (effectively part of the
hypervisor) requires CR4.MCE to be set at all times and injects a #VE
if the guest attempts to clear CR4.MCE.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Reviewed-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
---
 arch/x86/boot/compressed/head_64.S |  5 ++++-
 arch/x86/kernel/head_64.S          | 13 +++++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
index 37c2f37d4a0d..2d79e5f97360 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -622,7 +622,10 @@ SYM_CODE_START(trampoline_32bit_src)
 	popl	%ecx
 
 	/* Enable PAE and LA57 (if required) paging modes */
-	movl	$X86_CR4_PAE, %eax
+	movl	%cr4, %eax
+	/* Clearing CR4.MCE will #VE on TDX guests.  Leave it alone. */
+	andl	$X86_CR4_MCE, %eax
+	orl	$X86_CR4_PAE, %eax
 	testl	%edx, %edx
 	jz	1f
 	orl	$X86_CR4_LA57, %eax
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
index 04bddaaba8e2..92c77cf75542 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -141,7 +141,10 @@ SYM_INNER_LABEL(secondary_startup_64_no_verify, SYM_L_GLOBAL)
 1:
 
 	/* Enable PAE mode, PGE and LA57 */
-	movl	$(X86_CR4_PAE | X86_CR4_PGE), %ecx
+	movq	%cr4, %rcx
+	/* Clearing CR4.MCE will #VE on TDX guests.  Leave it alone. */
+	andl	$X86_CR4_MCE, %ecx
+	orl	$(X86_CR4_PAE | X86_CR4_PGE), %ecx
 #ifdef CONFIG_X86_5LEVEL
 	testl	$1, __pgtable_l5_enabled(%rip)
 	jz	1f
@@ -229,13 +232,19 @@ SYM_INNER_LABEL(secondary_startup_64_no_verify, SYM_L_GLOBAL)
 	/* Setup EFER (Extended Feature Enable Register) */
 	movl	$MSR_EFER, %ecx
 	rdmsr
+	movl    %eax, %edx
 	btsl	$_EFER_SCE, %eax	/* Enable System Call */
 	btl	$20,%edi		/* No Execute supported? */
 	jnc     1f
 	btsl	$_EFER_NX, %eax
 	btsq	$_PAGE_BIT_NX,early_pmd_flags(%rip)
-1:	wrmsr				/* Make changes effective */
 
+	/* Skip the WRMSR if the current value matches the desired value. */
+1:	cmpl	%edx, %eax
+	je	1f
+	xor	%edx, %edx
+	wrmsr				/* Make changes effective */
+1:
 	/* Setup cr0 */
 	movl	$CR0_STATE, %eax
 	/* Make changes effective */
-- 
2.25.1