Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1691424pxj; Wed, 19 May 2021 11:34:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwMZQ12XGuDDMJSjLdyoi9spk3PL0Xe5bSWAUhZGl39T99/vBUDrevm3F7/DKJmATWOcXp4 X-Received: by 2002:a5e:a619:: with SMTP id q25mr844570ioi.95.1621449251953; Wed, 19 May 2021 11:34:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621449251; cv=none; d=google.com; s=arc-20160816; b=Jnb67YQv6Cdy40qinph+jKj4jLB1drvsqeZf4jdyYKJEvrL3fXfJjbnKHHVtN82Ujk JnpSUg9PpnCvl17xds20XI7o4pkCM7NsRCn9hn2TBVtXDr0bzG0j3Gxj5j4lRG+s8MPD jNFQvIKAGQdKFEGycgj0ElJyXM2Oz1tdpB08h+r+sYRpDWQmO5D4ISpYJOQxkf1VLx9q 9lKNyfCU7/J4TrxNpsRjivGrVdAi5nKawIiMSzCXSM8sjG/vDzFj1F3ahA/MRRvAqAT/ wYH1+F0/9Jhsln0uIULRwfLEEJIaVyjD1WAXKaU1cViJ05vEaFWqqgyueukhZvp9QMjk mQMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:ironport-sdr:ironport-sdr; bh=CRDTcu5OhZtWELXPefVVG98SNNB6omoHNVEOuqmkwAI=; b=CXTTcn7qde/ElycyDn1b2+slFU9TLssP8TkYxG4dY/IE5OWUqLeljdhSyk4coyBjik 5rHqU1EPt6g0tVZ3hs+oFH6Oxv1sqjUbz632xV0pjcL4PLh8JrMlS7O3SztCoH5AhhRv oAj7WcQ7hy4pHdOc40b8YcyehZ93w9mcFr3houCjuPCvisoQcKKzlks8Gut+BiuOfewC m24ju4OGzX29bXW2DovTqJ53O3ErONeaATwtvM+XD9AohihZ51yVbQepd9Msvim/FLK2 E3/UN3UeNUjYbeG+bYU2MJAFieLKS1vF2YLjLIV96+kzydlbVsB2jEz+psr9tRjsNYMy 7AsA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x17si35488jan.4.2021.05.19.11.33.59; Wed, 19 May 2021 11:34:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236043AbhERUNi (ORCPT + 99 others); Tue, 18 May 2021 16:13:38 -0400 Received: from mga12.intel.com ([192.55.52.136]:15947 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231580AbhERUNi (ORCPT ); Tue, 18 May 2021 16:13:38 -0400 IronPort-SDR: lW+E/tN/Vo5eHLG8t+wWMBOtbZF8j8aDRVqUYVDeqeyTvMm7FThuAEc0eS6PzdvkMAui6wHcyX 6JiJRMZJvJvQ== X-IronPort-AV: E=McAfee;i="6200,9189,9988"; a="180412480" X-IronPort-AV: E=Sophos;i="5.82,310,1613462400"; d="scan'208";a="180412480" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 May 2021 13:12:19 -0700 IronPort-SDR: 7GyFl8XF4rtUcZ0YJIFXpM9+DMHHP8/7cRhj8uZOsIGSElbYivynm+SCWpFS/qZIMRRZh0X1oJ 71Og0/s8YcqQ== X-IronPort-AV: E=Sophos;i="5.82,310,1613462400"; d="scan'208";a="439611380" Received: from dwchow-mobl.amr.corp.intel.com (HELO skuppusw-mobl5.amr.corp.intel.com) ([10.212.41.14]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 May 2021 13:12:18 -0700 Subject: Re: [RFC v2-fix 1/1] x86/tdx: Wire up KVM hypercalls To: Dave Hansen , Peter Zijlstra , Andy Lutomirski Cc: Tony Luck , Andi Kleen , Kirill Shutemov , Kuppuswamy Sathyanarayanan , Dan Williams , Raj Ashok , Sean Christopherson , linux-kernel@vger.kernel.org, Isaku Yamahata References: <2a4e9702-5407-aa95-be9b-864775bbaabd@intel.com> <20210518001551.258126-1-sathyanarayanan.kuppuswamy@linux.intel.com> From: "Kuppuswamy, Sathyanarayanan" Message-ID: Date: Tue, 18 May 2021 13:12:16 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/18/21 8:51 AM, Dave Hansen wrote: > Question for KVM folks: Should all of these guest patches say: > "x86/tdx/guest:" or something? It seems like that would put us all in > the right frame of mind as we review these. It's kinda easy (for me at > least) to get lost about which side I'm looking at sometimes. > > On 5/17/21 5:15 PM, Kuppuswamy Sathyanarayanan wrote: >> From: "Kirill A. Shutemov" >> >> KVM hypercalls use the "vmcall" or "vmmcall" instructions. >> Although the ABI is similar, those instructions no longer >> function for TDX guests. Make vendor specififc TDVMCALLs > > "vendor-specific" > > Hyphen and spelling ^ I will fix it next version. > >> instead of VMCALL. > > This would also be a great place to say: > > This enables TDX guests to run with KVM acting as the hypervisor. TDX > guests running under other hypervisors will continue to use those > hypervisors hypercalls. I will include it. > >> [Isaku: proposed KVM VENDOR string] >> Signed-off-by: Kirill A. Shutemov >> Signed-off-by: Isaku Yamahata >> Reviewed-by: Andi Kleen >> Signed-off-by: Kuppuswamy Sathyanarayanan > > This SoB chain is odd. Kirill wrote this, sent it to Isaku, who sent it > to Sathya? Initially we have used "0" as vendor ID for KVM. But Isaku proposed a new value for it and sent a patch to fix it. But, I did not want to carry it as separate patch (for one line change). So I have merged his change with this patch, and added his signed-off with comment ([Isaku: proposed KVM VENDOR string]) +#define TDVMCALL_VENDOR_KVM 0x4d564b2e584454 /* "TDX.KVM" */ > >> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig >> index 9e0e0ff76bab..768df1b98487 100644 >> --- a/arch/x86/Kconfig >> +++ b/arch/x86/Kconfig >> @@ -886,6 +886,12 @@ config INTEL_TDX_GUEST >> run in a CPU mode that protects the confidentiality of TD memory >> contents and the TD’s CPU state from other software, including VMM. >> >> +config INTEL_TDX_GUEST_KVM >> + def_bool y >> + depends on KVM_GUEST && INTEL_TDX_GUEST >> + help >> + This option enables KVM specific hypercalls in TDX guest. > > For something that's not user-visible, I'd probably just add a Kconfig > comment rather than help text. If it is the preferred approach, I can remove it. > > ... >> diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile >> index 7966c10ea8d1..a90fec004844 100644 >> --- a/arch/x86/kernel/Makefile >> +++ b/arch/x86/kernel/Makefile >> @@ -128,6 +128,7 @@ obj-$(CONFIG_X86_PMEM_LEGACY_DEVICE) += pmem.o >> >> obj-$(CONFIG_JAILHOUSE_GUEST) += jailhouse.o >> obj-$(CONFIG_INTEL_TDX_GUEST) += tdcall.o tdx.o >> +obj-$(CONFIG_INTEL_TDX_GUEST_KVM) += tdx-kvm.o > > Is the indentation consistent with the other items near "tdx-kvm.o" in > the Makefile? Yes. For longer config names, common indentation is not maintained. Please check the PMEM example. 126 obj-$(CONFIG_PARAVIRT_CLOCK) += pvclock.o 127 obj-$(CONFIG_X86_PMEM_LEGACY_DEVICE) += pmem.o 128 129 obj-$(CONFIG_JAILHOUSE_GUEST) += jailhouse.o 130 obj-$(CONFIG_INTEL_TDX_GUEST) += tdcall.o tdx.o 131 obj-$(CONFIG_INTEL_TDX_GUEST_KVM) += tdx-kvm.o > > ... >> +/* Used by kvm_hypercall4() to trigger hypercall in TDX guest */ >> +long tdx_kvm_hypercall4(unsigned int nr, unsigned long p1, unsigned long p2, >> + unsigned long p3, unsigned long p4) >> +{ >> + return tdx_kvm_hypercall(nr, p1, p2, p3, p4); >> +} >> +EXPORT_SYMBOL_GPL(tdx_kvm_hypercall4); > > I always forget that KVM code is goofy and needs to have things in C > files so you can export the symbols. Could you add a sentence to the > changelog to this effect? > > Code-wise, this is fine. Just a few tweaks and I'll be happy to ack > this one. Will add it. Since KVM hypercall functions can be included and called from kernel modules, export tdx_kvm_hypercall*() functions to avoid symbol errors > -- Sathyanarayanan Kuppuswamy Linux Kernel Developer