Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1405582pxj; Fri, 21 May 2021 13:28:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzoXpNmM9++v5kafq559dgWRByxwknulBVfnJ9VooSuIXvNDswuQ/L4j8ettGCwza4R+jNp X-Received: by 2002:a17:906:2bd3:: with SMTP id n19mr11854755ejg.210.1621628897637; Fri, 21 May 2021 13:28:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621628897; cv=none; d=google.com; s=arc-20160816; b=wUtMtx522vl4RESPTRCp1f2fbPHIUok9ped6l2YwlU6asUQf1stmjlsDNGEtqU7XTl f4ywYbGdjyLCDUeiOjXjhVM4QDnXyvL1KILX2kx5L5AB9Y0uM1kBi4o2lhdj7s3exH9n UEDgmk9yn/r2kOCkrGw+IJSGbBE59/TZYN0u2sw3lDdBibqg5ZgnSoLWbrnGEMofy5wO AqUiXoIDCTy4poAwtMAPQ/iokJo3njG3gGPJcByGBipV2Z0ifNTqpk+Bv7pMJdNgx3ry 4esVzcVu7CUN4A1nhAW7hOxPKZz75TQmLYuyqF4TNQBePgimB2qH6CzWMEfjb4Kj/EH5 GP+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=Mxz28tumSCxIfUahasyNJuQOydDg4xyWfoBw7FHZ6Lc=; b=sCPFalwJ84pjLoiXfpDQOMvHppHY7TIgpyzYAOLgRVPpv8UR7264Z5RzBLunrbuej4 e8zlTywIFtK4AI7q5JyGTRm3ldDae/JmT26qbCDX9FAutYIFbSzSJ4ox+uQPymED1/op ibMKLmdKNYd4ILRLuSyjcBp2fYrB3U1f6E02Q/SMdm24ms9GVdDoK0T/G98p8k8LA8A6 xIC4QZRmzEYXB393mgX0D9trYIAYGKkb8C1GuZC+AsmpvFQoP4bKQYd2q7jyc1G5g67q QITLEh2ZgvGPRb3jUwNtVBEAwwVMtN8F4wfYjo5XqUyL4zkiZyM8VWKQrWMD/DbhKkuW FLtw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Zhwn1v0I; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id rs6si6385762ejb.266.2021.05.21.13.27.54; Fri, 21 May 2021 13:28:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Zhwn1v0I; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236541AbhEUSUO (ORCPT + 99 others); Fri, 21 May 2021 14:20:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37302 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231330AbhEUSUN (ORCPT ); Fri, 21 May 2021 14:20:13 -0400 Received: from mail-pg1-x52e.google.com (mail-pg1-x52e.google.com [IPv6:2607:f8b0:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 957FBC061574 for ; Fri, 21 May 2021 11:18:49 -0700 (PDT) Received: by mail-pg1-x52e.google.com with SMTP id k15so14864538pgb.10 for ; Fri, 21 May 2021 11:18:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=Mxz28tumSCxIfUahasyNJuQOydDg4xyWfoBw7FHZ6Lc=; b=Zhwn1v0ICiXQCdrk6A9VGt4glyF1kzhx8IbzfULP6qgESCoOsiyK1+su80F4hI2pwJ QX2Z2x7gWRn2pUVXe3P/ztKxLyG2dV4OGuYOVSU3SUBIYbdTaRZnPjqzBVYy8D2JLcB8 Ika45iMHt7On9G9otj5Kh88DO9Jw+Va/mSqUQyl/NG4oE+c3KQgQHX/zlqy+qPQLFBE4 EN4IHKokUaigMql4aFLwbHpmvnjx1Uh2aHGwvmE6oVDDeAvUngG/g2jKrOpXO78/oOJM GFYwOTNmkDExNxTg1omNvqUhKvRZfOTI8tPuaQhFJ2Dkvro+jOQfIZqdcFQ7izENBK3m epkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=Mxz28tumSCxIfUahasyNJuQOydDg4xyWfoBw7FHZ6Lc=; b=LPxFaXpTZiDghvcKLs+wC+Clcb825bk7cFDifj6mofO+DUmtaI0MLxIl3fGXo8IXWT KJ6e0YShlRtF86ZIdEkOqkUDsWtTEG7iSSULogBnvt6C/Mqu2LfM4+SjMM6D5gpLpSXk cSZuHmnBHGhLYgzBsAGU4H8ODgxoQQIPDi/wyIz+aBXOUz1I5Y7mvxJKrDHtGI819UhE D6vedkqx9XgWnmT71Fxs6j0d+KBwDnYiUH2Ayo4Whoknih+AilqK5ji+vuQ/oDQ1jENG pXg/NNYo/K/17jcgTRJDFp8RPcXcBdDLdP1FqAq8pbeUIYEQt5plnxIAVij7z0sixyTI ibGg== X-Gm-Message-State: AOAM530bzD5L5cpu8bb+CIiuyYlcJDz7ZZmprGanxOTnE0zdUP2Y84wc QAMqHTwLevO0lIAzRvcm054dsw== X-Received: by 2002:a62:5a46:0:b029:2d5:a67:1460 with SMTP id o67-20020a625a460000b02902d50a671460mr11295811pfb.75.1621621128921; Fri, 21 May 2021 11:18:48 -0700 (PDT) Received: from google.com (240.111.247.35.bc.googleusercontent.com. [35.247.111.240]) by smtp.gmail.com with ESMTPSA id jz7sm9332261pjb.32.2021.05.21.11.18.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 May 2021 11:18:48 -0700 (PDT) Date: Fri, 21 May 2021 18:18:44 +0000 From: Sean Christopherson To: Dave Hansen Cc: Kuppuswamy Sathyanarayanan , Peter Zijlstra , Andy Lutomirski , Tony Luck , Andi Kleen , Kirill Shutemov , Kuppuswamy Sathyanarayanan , Dan Williams , Raj Ashok , linux-kernel@vger.kernel.org, Sean Christopherson Subject: Re: [RFC v2-fix-v2 1/1] x86/boot: Avoid #VE during boot for TDX platforms Message-ID: References: <20210521143524.2527690-1-sathyanarayanan.kuppuswamy@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 21, 2021, Dave Hansen wrote: > > + /* > > + * Preserve current value of EFER for comparison and to skip > > + * EFER writes if no change was made (for TDX guest) > > + */ > > + movl %eax, %edx > > btsl $_EFER_SCE, %eax /* Enable System Call */ > > btl $20,%edi /* No Execute supported? */ > > jnc 1f > > btsl $_EFER_NX, %eax > > btsq $_PAGE_BIT_NX,early_pmd_flags(%rip) > > -1: wrmsr /* Make changes effective */ > > > > + /* Avoid writing EFER if no change was made (for TDX guest) */ > > +1: cmpl %edx, %eax > > + je 1f > > + xor %edx, %edx > > + wrmsr /* Make changes effective */ > > +1: > > Just curious, but what if this goes wrong? Say the TDX firmware didn't > set up EFER correctly and this code does the WRMSR. By firmware, do you mean TDX-module, or guest firmware? EFER is read-only in a TDX guest, i.e. the guest firmware can't change it either. > What ends up happening? Do we get anything out on the console, or is it > essentially undebuggable? Assuming "firmware" means TDX-module, if TDX-Module botches EFER (and only EFER) then odds are very, very good that the guest will never get to the kernel as it will have died long before in guest BIOS. If the bug is such that EFER is correct in hardware, but RDMSR returns the wrong value (due to MSR interception), IIRC this will triple fault and so nothing will get logged. But, the odds of that type of bug being hit in production are practically zero because the EFER setup is very static, i.e. any such bug should be hit during qualification of the VMM+TDX-Module. In any case, even if a bug escapes, the shutdown is relatively easy to debug even without logs because the failure will cleary point at the WRMSR (that info can be had by running a debug TD or a debug TDX-Module). By TDX standards, debugging shutdowns on a specific instruction is downright trivial :-).