Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp3846546pxy; Mon, 26 Apr 2021 11:07:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJznEqKfjlJaVkXLFyYrPpQn27k+BbFRj0EBR1CPudBhL3m+Y/Vm4yuBkUrp3Mayox9K4WxT X-Received: by 2002:a05:6402:2219:: with SMTP id cq25mr22176774edb.60.1619460439394; Mon, 26 Apr 2021 11:07:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619460439; cv=none; d=google.com; s=arc-20160816; b=YdPvwN2BeqIaxYE4YQ4CfdiTlq6VqIJ9zOa+5CusGnlVyOd1WAI/24vbymUyvXtnZI Y2SNAaZFbj3BqKYVnobdJOu2heW7rV1p+Z+4CPW7CScVs3cPtt1A/54jUjy6WwLyKasU MECvAyibwnthJHOHKg1QCvGhvNZGmPw97afRWpy8wDzeCu6m/5tJ130TRcvHuczkRN2J o/PZ8DoHw4bo9s8h5EvB8cyUvoMuQ2CFUqVM5vThrdKyQrdel69UC8IKn0t2d9IvrOaA BylVUd2HttzzVI5JkP/KVAdwFOejgbleOS3Pku/tX1g+rSHsWTkrmqbuufzyPdLXjXdZ 4pmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :ironport-sdr:ironport-sdr; bh=EBbvYTHwG/EelyGkT9gkAq2tvp7ns7Q5Jy+sS2hg+9s=; b=vzrRui5pTYtkA6XRokAyZ13j97n0E/4FGhJISvtg91GNBuRrde5OYZt27BlKn4QLId AUK9yKPCMMAj7Imc9B4QAuybQ+S0Q73IF3ETL6MZDlo9ns2PuVL/OTLrwq20i0zbcxZN AJZJcYbc+7On6u6QSkn3B6XzqjL3aXrN3yGkmYvkIx/i7GVNDYipXLbkzJLhAC9Rt5XP gH9hPmf+II5DdCgj+T0TG31+auoVbak/k2HCuAnXH9yMsT+Tnv0EYtUhwY+fRRkWXSKI cVLYT/J0dhFRe2rka86cqOzFmaFgxiOrq5CtVHCw9zUEjlfcJUzPkOzq66cNcg9FOaCX dmIA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n17si14317554ejb.145.2021.04.26.11.06.55; Mon, 26 Apr 2021 11:07:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236418AbhDZSFg (ORCPT + 99 others); Mon, 26 Apr 2021 14:05:36 -0400 Received: from mga04.intel.com ([192.55.52.120]:22347 "EHLO mga04.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234480AbhDZSDp (ORCPT ); Mon, 26 Apr 2021 14:03:45 -0400 IronPort-SDR: Seaw6DDaFcgfIJWbOCBUJNgJXPY+g24ySl16A4aMcJ/NjP3fOVV9h6/tz5zHa7ufz1YHtLYLZ+ o2/HPVJ9jsRQ== X-IronPort-AV: E=McAfee;i="6200,9189,9966"; a="194263271" X-IronPort-AV: E=Sophos;i="5.82,252,1613462400"; d="scan'208";a="194263271" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Apr 2021 11:02:55 -0700 IronPort-SDR: Wp6nERpNgXJ0RPJu0MV38RUKJ03VS1th05mt1yPeJGFCEejXkMuqmzxG5F7YbrKx3GXNsuHJKA 7GkYUaSUdJiQ== X-IronPort-AV: E=Sophos;i="5.82,252,1613462400"; d="scan'208";a="447353428" Received: from ssumanpx-mobl.amr.corp.intel.com (HELO skuppusw-mobl5.amr.corp.intel.com) ([10.254.34.197]) by fmsmga004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Apr 2021 11:02:53 -0700 From: Kuppuswamy Sathyanarayanan To: Peter Zijlstra , Andy Lutomirski , Dave Hansen , Dan Williams , Tony Luck Cc: Andi Kleen , Kirill Shutemov , Kuppuswamy Sathyanarayanan , Raj Ashok , Sean Christopherson , linux-kernel@vger.kernel.org, Sean Christopherson , Kuppuswamy Sathyanarayanan Subject: [RFC v2 23/32] x86/boot: Avoid unnecessary #VE during boot process Date: Mon, 26 Apr 2021 11:01:50 -0700 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sean Christopherson Skip writing EFER during secondary_startup_64() if the current value is also the desired value. This avoids a #VE when running as a TDX guest, as the TDX-Module does not allow writes to EFER (even when writing the current, fixed value). Also, preserve CR4.MCE instead of clearing it during boot to avoid a #VE when running as a TDX guest. The TDX-Module (effectively part of the hypervisor) requires CR4.MCE to be set at all times and injects a #VE if the guest attempts to clear CR4.MCE. Signed-off-by: Sean Christopherson Reviewed-by: Andi Kleen Signed-off-by: Kuppuswamy Sathyanarayanan --- arch/x86/boot/compressed/head_64.S | 5 ++++- arch/x86/kernel/head_64.S | 13 +++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S index 37c2f37d4a0d..2d79e5f97360 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -622,7 +622,10 @@ SYM_CODE_START(trampoline_32bit_src) popl %ecx /* Enable PAE and LA57 (if required) paging modes */ - movl $X86_CR4_PAE, %eax + movl %cr4, %eax + /* Clearing CR4.MCE will #VE on TDX guests. Leave it alone. */ + andl $X86_CR4_MCE, %eax + orl $X86_CR4_PAE, %eax testl %edx, %edx jz 1f orl $X86_CR4_LA57, %eax diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S index 04bddaaba8e2..92c77cf75542 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -141,7 +141,10 @@ SYM_INNER_LABEL(secondary_startup_64_no_verify, SYM_L_GLOBAL) 1: /* Enable PAE mode, PGE and LA57 */ - movl $(X86_CR4_PAE | X86_CR4_PGE), %ecx + movq %cr4, %rcx + /* Clearing CR4.MCE will #VE on TDX guests. Leave it alone. */ + andl $X86_CR4_MCE, %ecx + orl $(X86_CR4_PAE | X86_CR4_PGE), %ecx #ifdef CONFIG_X86_5LEVEL testl $1, __pgtable_l5_enabled(%rip) jz 1f @@ -229,13 +232,19 @@ SYM_INNER_LABEL(secondary_startup_64_no_verify, SYM_L_GLOBAL) /* Setup EFER (Extended Feature Enable Register) */ movl $MSR_EFER, %ecx rdmsr + movl %eax, %edx btsl $_EFER_SCE, %eax /* Enable System Call */ btl $20,%edi /* No Execute supported? */ jnc 1f btsl $_EFER_NX, %eax btsq $_PAGE_BIT_NX,early_pmd_flags(%rip) -1: wrmsr /* Make changes effective */ + /* Skip the WRMSR if the current value matches the desired value. */ +1: cmpl %edx, %eax + je 1f + xor %edx, %edx + wrmsr /* Make changes effective */ +1: /* Setup cr0 */ movl $CR0_STATE, %eax /* Make changes effective */ -- 2.25.1