Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp152455pxj; Fri, 14 May 2021 00:02:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyNwZWhsS/3jOz4ECmTth8+lmLouxwo6onskUpM5c5LoXbEsOdJHqnAyhEAPS0S5NKAhfiV X-Received: by 2002:a17:906:d8d4:: with SMTP id re20mr46476378ejb.505.1620975764523; Fri, 14 May 2021 00:02:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620975764; cv=none; d=google.com; s=arc-20160816; b=OEJ6IXdkxrmz62bOlmITZ+uWBc94a8c079n+rFBmK6/7+TAkbnu3MhzIrZXKjFyhnW w2ypTxaJo9Ib45b+9J5DF0Feeaar+Q2TFQNm7CJAtH5BKHj3Cq2BpLPGvQfN72Gg1+kN eKjPoYkI75gVZpsg9mnGF0yn6qx7P6+zAF04jNzX1uLsBKi60J+ZH38PqtqEpK+Wfa2T D4B4L2hMdatztajEO6BACBgM6npIfNRyBI+JYz1jRDWQv9EmjZ4gid622pkkZHGaZnQN m4wqxHCikdy/ZM7tsCQLNMkXoP/77xgfyny4bK218elmk36/LsT45GAPLq7VWHOo04xQ kNgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:autocrypt:from :references:cc:to:subject:ironport-sdr:ironport-sdr; bh=p1LrtyjbGYpWnJJz8VmpGiLcxtb5eEZHrvKrGgGcK9c=; b=UQhf//KT84qGufb/f9ZhqjMz4V0qMKzSeaJlIE2JKVCOwUhxRKofWLn/9HKTtF4DAK 5ShGwSqKC1Uzmy9ytcoINv7Xm/bOXE7e+rkhxj//cJyhbHyAzZ/wSlNEYPr6zoxmX0KW 77Gbn26OVOICkYz0Q45UeSMt8VwyRLhvjTLC+ytLFGHb0zOwed2Ru8yOsbwaGWBQgAcK 4sItotWdbWVXqY5g6VYIEMlfP5hjAQql3ewhjpTRsvPI5cVvxdWwIPAJo47eP6lpjhIP 4fY1FEsPlTTb/VXyM6fL4BPU1CsSpbZf3hNHydderZOuib5LHKSvUGii8FC3VcWYVZ8j VP9g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j7si6288752ejm.492.2021.05.14.00.02.21; Fri, 14 May 2021 00:02:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232571AbhEMUP0 (ORCPT + 99 others); Thu, 13 May 2021 16:15:26 -0400 Received: from mga11.intel.com ([192.55.52.93]:24182 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231742AbhEMUPZ (ORCPT ); Thu, 13 May 2021 16:15:25 -0400 IronPort-SDR: 0xWxLh56tE2BA+nI61rYacXbQHZ/W1ZY6RQTPHgO4Tps+AH4GPXMZYqHyLt4gOuq5kshl9b150 9alFA0C892RA== X-IronPort-AV: E=McAfee;i="6200,9189,9983"; a="196952103" X-IronPort-AV: E=Sophos;i="5.82,296,1613462400"; d="scan'208";a="196952103" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 May 2021 13:14:14 -0700 IronPort-SDR: NvPTOf05gZMS+EjR0DEIQoFpEP4aX1Sr7ruY4X3+EkGGTfHmMG7733eIDsu6hBM8ROg6BYkTU8 FDkuIpuvvrgw== X-IronPort-AV: E=Sophos;i="5.82,296,1613462400"; d="scan'208";a="456786263" Received: from rgandiko-mobl.amr.corp.intel.com (HELO [10.212.226.208]) ([10.212.226.208]) by fmsmga004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 May 2021 13:14:13 -0700 Subject: Re: [RFC v2 08/32] x86/traps: Add #VE support for TDX guest To: Andi Kleen , Kuppuswamy Sathyanarayanan , Peter Zijlstra , Andy Lutomirski , Dan Williams , Tony Luck Cc: Kirill Shutemov , Kuppuswamy Sathyanarayanan , Raj Ashok , Sean Christopherson , linux-kernel@vger.kernel.org, Sean Christopherson References: <8a1d6930f784cb57c957cf20cea870947db91e05.1619458733.git.sathyanarayanan.kuppuswamy@linux.intel.com> <73752227-6eaf-2de6-3ac6-5ee280980c18@linux.intel.com> From: Dave Hansen Autocrypt: addr=dave.hansen@intel.com; keydata= xsFNBE6HMP0BEADIMA3XYkQfF3dwHlj58Yjsc4E5y5G67cfbt8dvaUq2fx1lR0K9h1bOI6fC oAiUXvGAOxPDsB/P6UEOISPpLl5IuYsSwAeZGkdQ5g6m1xq7AlDJQZddhr/1DC/nMVa/2BoY 2UnKuZuSBu7lgOE193+7Uks3416N2hTkyKUSNkduyoZ9F5twiBhxPJwPtn/wnch6n5RsoXsb ygOEDxLEsSk/7eyFycjE+btUtAWZtx+HseyaGfqkZK0Z9bT1lsaHecmB203xShwCPT49Blxz VOab8668QpaEOdLGhtvrVYVK7x4skyT3nGWcgDCl5/Vp3TWA4K+IofwvXzX2ON/Mj7aQwf5W iC+3nWC7q0uxKwwsddJ0Nu+dpA/UORQWa1NiAftEoSpk5+nUUi0WE+5DRm0H+TXKBWMGNCFn c6+EKg5zQaa8KqymHcOrSXNPmzJuXvDQ8uj2J8XuzCZfK4uy1+YdIr0yyEMI7mdh4KX50LO1 pmowEqDh7dLShTOif/7UtQYrzYq9cPnjU2ZW4qd5Qz2joSGTG9eCXLz5PRe5SqHxv6ljk8mb ApNuY7bOXO/A7T2j5RwXIlcmssqIjBcxsRRoIbpCwWWGjkYjzYCjgsNFL6rt4OL11OUF37wL QcTl7fbCGv53KfKPdYD5hcbguLKi/aCccJK18ZwNjFhqr4MliQARAQABzShEYXZpZCBDaHJp c3RvcGhlciBIYW5zZW4gPGRhdmVAc3I3MS5uZXQ+wsF7BBMBAgAlAhsDBgsJCAcDAgYVCAIJ CgsEFgIDAQIeAQIXgAUCTo3k0QIZAQAKCRBoNZUwcMmSsMO2D/421Xg8pimb9mPzM5N7khT0 2MCnaGssU1T59YPE25kYdx2HntwdO0JA27Wn9xx5zYijOe6B21ufrvsyv42auCO85+oFJWfE K2R/IpLle09GDx5tcEmMAHX6KSxpHmGuJmUPibHVbfep2aCh9lKaDqQR07gXXWK5/yU1Dx0r VVFRaHTasp9fZ9AmY4K9/BSA3VkQ8v3OrxNty3OdsrmTTzO91YszpdbjjEFZK53zXy6tUD2d e1i0kBBS6NLAAsqEtneplz88T/v7MpLmpY30N9gQU3QyRC50jJ7LU9RazMjUQY1WohVsR56d ORqFxS8ChhyJs7BI34vQusYHDTp6PnZHUppb9WIzjeWlC7Jc8lSBDlEWodmqQQgp5+6AfhTD kDv1a+W5+ncq+Uo63WHRiCPuyt4di4/0zo28RVcjtzlGBZtmz2EIC3vUfmoZbO/Gn6EKbYAn rzz3iU/JWV8DwQ+sZSGu0HmvYMt6t5SmqWQo/hyHtA7uF5Wxtu1lCgolSQw4t49ZuOyOnQi5 f8R3nE7lpVCSF1TT+h8kMvFPv3VG7KunyjHr3sEptYxQs4VRxqeirSuyBv1TyxT+LdTm6j4a mulOWf+YtFRAgIYyyN5YOepDEBv4LUM8Tz98lZiNMlFyRMNrsLV6Pv6SxhrMxbT6TNVS5D+6 UorTLotDZKp5+M7BTQRUY85qARAAsgMW71BIXRgxjYNCYQ3Xs8k3TfAvQRbHccky50h99TUY sqdULbsb3KhmY29raw1bgmyM0a4DGS1YKN7qazCDsdQlxIJp9t2YYdBKXVRzPCCsfWe1dK/q 66UVhRPP8EGZ4CmFYuPTxqGY+dGRInxCeap/xzbKdvmPm01Iw3YFjAE4PQ4hTMr/H76KoDbD cq62U50oKC83ca/PRRh2QqEqACvIH4BR7jueAZSPEDnzwxvVgzyeuhwqHY05QRK/wsKuhq7s UuYtmN92Fasbxbw2tbVLZfoidklikvZAmotg0dwcFTjSRGEg0Gr3p/xBzJWNavFZZ95Rj7Et db0lCt0HDSY5q4GMR+SrFbH+jzUY/ZqfGdZCBqo0cdPPp58krVgtIGR+ja2Mkva6ah94/oQN lnCOw3udS+Eb/aRcM6detZr7XOngvxsWolBrhwTQFT9D2NH6ryAuvKd6yyAFt3/e7r+HHtkU kOy27D7IpjngqP+b4EumELI/NxPgIqT69PQmo9IZaI/oRaKorYnDaZrMXViqDrFdD37XELwQ gmLoSm2VfbOYY7fap/AhPOgOYOSqg3/Nxcapv71yoBzRRxOc4FxmZ65mn+q3rEM27yRztBW9 AnCKIc66T2i92HqXCw6AgoBJRjBkI3QnEkPgohQkZdAb8o9WGVKpfmZKbYBo4pEAEQEAAcLB XwQYAQIACQUCVGPOagIbDAAKCRBoNZUwcMmSsJeCEACCh7P/aaOLKWQxcnw47p4phIVR6pVL e4IEdR7Jf7ZL00s3vKSNT+nRqdl1ugJx9Ymsp8kXKMk9GSfmZpuMQB9c6io1qZc6nW/3TtvK pNGz7KPPtaDzvKA4S5tfrWPnDr7n15AU5vsIZvgMjU42gkbemkjJwP0B1RkifIK60yQqAAlT YZ14P0dIPdIPIlfEPiAWcg5BtLQU4Wg3cNQdpWrCJ1E3m/RIlXy/2Y3YOVVohfSy+4kvvYU3 lXUdPb04UPw4VWwjcVZPg7cgR7Izion61bGHqVqURgSALt2yvHl7cr68NYoFkzbNsGsye9ft M9ozM23JSgMkRylPSXTeh5JIK9pz2+etco3AfLCKtaRVysjvpysukmWMTrx8QnI5Nn5MOlJj 1Ov4/50JY9pXzgIDVSrgy6LYSMc4vKZ3QfCY7ipLRORyalFDF3j5AGCMRENJjHPD6O7bl3Xo 4DzMID+8eucbXxKiNEbs21IqBZbbKdY1GkcEGTE7AnkA3Y6YB7I/j9mQ3hCgm5muJuhM/2Fr OPsw5tV/LmQ5GXH0JQ/TZXWygyRFyyI2FqNTx4WHqUn3yFj8rwTAU1tluRUYyeLy0ayUlKBH ybj0N71vWO936MqP6haFERzuPAIpxj2ezwu0xb1GjTk4ynna6h5GjnKgdfOWoRtoWndMZxbA z5cecg== Message-ID: <28e706d4-960e-a320-e8ea-84aff42ad6a4@intel.com> Date: Thu, 13 May 2021 13:14:11 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <73752227-6eaf-2de6-3ac6-5ee280980c18@linux.intel.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/13/21 12:47 PM, Andi Kleen wrote: > I don't see what could be added. If you have concrete suggestions please > just propose something. Oh, boy, I love writing changelogs! I was hoping that the TDX folks would chip in to write their own changelogs, but oh well. You made my day! -- Virtualization Exceptions (#VE) are delivered to TDX guests due to specific guest actions which may happen in either userspace or the kernel: * Specific instructions (WBINVD, for example) * Specific MSR accesses * Specific CPUID leaf accesses * Access to TD-shared memory, which includes MMIO #VE exceptions are never generated on accesses to normal, TD-private memory. The entry paths do not access TD-shared memory or use those specific MSRs, instructions, CPUID leaves. In addition, all interrupts including NMIs are blocked by the hardware starting with #VE delivery until TDGETVEINFO is called. This eliminates the chance of a #VE during the syscall gap or paranoid entry paths and simplifies #VE handling. If a guest kernel action which would normally cause a #VE occurs in the interrupt-disabled region before TDGETVEINFO, a #DF is delivered to the guest. Add basic infrastructure to handle any #VE which occurs in the kernel or userspace. Later patches will add handling for specific #VE scenarios. Convert unhandled #VE's (everything, until later in this series) so that they appear just like a #GP by calling do_general_protection() directly. -- Did I miss anything?