Received: by 2002:a05:6a10:c604:0:0:0:0 with SMTP id y4csp381774pxt; Wed, 4 Aug 2021 13:46:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxWW2qUjtfzfN7Pxu+Nb7AOmziFRk3jTFrsu24mf1BvMPVPyZFUeeJsJaLh9+CTiCRo7k0c X-Received: by 2002:a6b:5c18:: with SMTP id z24mr1021964ioh.88.1628110000285; Wed, 04 Aug 2021 13:46:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628110000; cv=none; d=google.com; s=arc-20160816; b=ENjoOoczcEWCkqI7QAdHCOv0krgVL9veaFIEzConN/yZ7W3P90VQMJeXM9V/LViMh+ +fF5RWeXj6pIY1A36Gk6FjOW7iYtYG/bC6IX9+2flYhFwiJQlqaRGD4KhRKehvIXGrDi +svpQlrEjFtzl9RutO1f1UAqRgsKFX496SItWqlPYjckFs67xCnhu84cyoH3JzeL8p9M 3AjWQ88W5O2r3qbWu3EHKHLEdGd0trhHFQkYX0JSjrsaccv3kUByKy3VsoNO1vzH2dJC zxiP73UTYHRymSSiPN539M9/NfmNmdcoDmqwmIT6jXd23RhhEZVyQa1mpNFYKqBJ2SxD ESQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=Vvs9O2zv92912uvPHDU3JjzBODrCdgLSAP+t0DBOgqM=; b=LmZD5xrb8Nm/YS8Lnj693upub6w0mqcxEivw/9Vsyh925xEMrj0OJNxIHrK5ZWDWuD XxJJRd1e8ehgP+olKmWUBsv2naOBbTLfewW6RxNQVwtIsDG7FEL6+wUivClrtc+58COC AET3FOtsJKktTXqdxzIiQwAWhI4TU2NClfIFfkEcNHb1+biVhf6n/wsyMPLHc6NI3b08 gONcNEfGsa9oWBJN+bq6iT4U5U3W97kMadMUc7Bg6gUDbtDZ410YdNkKpS2rinhDU4p0 pfXUsUdgVYTD+LuX8LfinPf9d2EsbucIXo+r5Q0fe+tXoMTybr77vgyC3bryAAudwaNT WEtQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u13si3405664jak.109.2021.08.04.13.46.24; Wed, 04 Aug 2021 13:46:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240215AbhHDSPR (ORCPT + 99 others); Wed, 4 Aug 2021 14:15:17 -0400 Received: from mga02.intel.com ([134.134.136.20]:49819 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240121AbhHDSPE (ORCPT ); Wed, 4 Aug 2021 14:15:04 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10066"; a="201151112" X-IronPort-AV: E=Sophos;i="5.84,295,1620716400"; d="scan'208";a="201151112" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Aug 2021 11:14:51 -0700 X-IronPort-AV: E=Sophos;i="5.84,295,1620716400"; d="scan'208";a="503075877" Received: from mjkendri-mobl.amr.corp.intel.com (HELO skuppusw-desk1.amr.corp.intel.com) ([10.254.17.117]) by fmsmga004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Aug 2021 11:14:50 -0700 From: Kuppuswamy Sathyanarayanan To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Peter Zijlstra , Andy Lutomirski Cc: Peter H Anvin , Dave Hansen , Tony Luck , Dan Williams , Andi Kleen , Kirill Shutemov , Sean Christopherson , Kuppuswamy Sathyanarayanan , x86@kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v5 09/12] x86/tdx: Wire up KVM hypercalls Date: Wed, 4 Aug 2021 11:13:26 -0700 Message-Id: <20210804181329.2899708-10-sathyanarayanan.kuppuswamy@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210804181329.2899708-1-sathyanarayanan.kuppuswamy@linux.intel.com> References: <20210804181329.2899708-1-sathyanarayanan.kuppuswamy@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "Kirill A. Shutemov" KVM hypercalls use the "vmcall" or "vmmcall" instructions. Although the ABI is similar, those instructions no longer function for TDX guests. Make vendor-specific TDVMCALLs instead of VMCALL. This enables TDX guests to run with KVM acting as the hypervisor. TDX guests running under other hypervisors will continue to use those hypervisors' hypercalls. Since KVM driver can be built as a kernel module, export tdx_kvm_hypercall*() to make the symbols visible to kvm.ko. [Isaku Yamahata: proposed KVM VENDOR string] Signed-off-by: Kirill A. Shutemov Signed-off-by: Kuppuswamy Sathyanarayanan --- Changes since v4: * No functional changes. Changes since v3: * Fixed ASM sysmbol generation issue in tdcall.S by including tdx.h in asm-prototypes.h Changes since v1: * Replaced is_tdx_guest() with prot_guest_has(PR_GUEST_TDX). * Replaced tdx_kvm_hypercall{1-4} with single generic function tdx_kvm_hypercall(). * Removed __tdx_hypercall_vendor_kvm() and re-used __tdx_hypercall(). arch/x86/Kconfig | 5 +++++ arch/x86/include/asm/asm-prototypes.h | 4 ++++ arch/x86/include/asm/kvm_para.h | 22 ++++++++++++++++++++ arch/x86/include/asm/tdx.h | 30 +++++++++++++++++++++++++-- arch/x86/kernel/tdcall.S | 2 ++ 5 files changed, 61 insertions(+), 2 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 10f2cb51a39d..b500f2afacce 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -880,6 +880,11 @@ config INTEL_TDX_GUEST run in a CPU mode that protects the confidentiality of TD memory contents and the TD’s CPU state from other software, including VMM. +# This option enables KVM specific hypercalls in TDX guest. +config INTEL_TDX_GUEST_KVM + def_bool y + depends on KVM_GUEST && INTEL_TDX_GUEST + endif #HYPERVISOR_GUEST source "arch/x86/Kconfig.cpu" diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h index 4cb726c71ed8..9855a9ff2924 100644 --- a/arch/x86/include/asm/asm-prototypes.h +++ b/arch/x86/include/asm/asm-prototypes.h @@ -17,6 +17,10 @@ extern void cmpxchg8b_emu(void); #endif +#ifdef CONFIG_INTEL_TDX_GUEST +#include +#endif + #ifdef CONFIG_RETPOLINE #undef GEN diff --git a/arch/x86/include/asm/kvm_para.h b/arch/x86/include/asm/kvm_para.h index 69299878b200..bd0ab7c3ae25 100644 --- a/arch/x86/include/asm/kvm_para.h +++ b/arch/x86/include/asm/kvm_para.h @@ -4,7 +4,9 @@ #include #include +#include #include +#include #include #ifdef CONFIG_KVM_GUEST @@ -32,6 +34,10 @@ static inline bool kvm_check_and_clear_guest_paused(void) static inline long kvm_hypercall0(unsigned int nr) { long ret; + + if (prot_guest_has(PATTR_GUEST_TDX)) + return tdx_kvm_hypercall(nr, 0, 0, 0, 0); + asm volatile(KVM_HYPERCALL : "=a"(ret) : "a"(nr) @@ -42,6 +48,10 @@ static inline long kvm_hypercall0(unsigned int nr) static inline long kvm_hypercall1(unsigned int nr, unsigned long p1) { long ret; + + if (prot_guest_has(PATTR_GUEST_TDX)) + return tdx_kvm_hypercall(nr, p1, 0, 0, 0); + asm volatile(KVM_HYPERCALL : "=a"(ret) : "a"(nr), "b"(p1) @@ -53,6 +63,10 @@ static inline long kvm_hypercall2(unsigned int nr, unsigned long p1, unsigned long p2) { long ret; + + if (prot_guest_has(PATTR_GUEST_TDX)) + return tdx_kvm_hypercall(nr, p1, p2, 0, 0); + asm volatile(KVM_HYPERCALL : "=a"(ret) : "a"(nr), "b"(p1), "c"(p2) @@ -64,6 +78,10 @@ static inline long kvm_hypercall3(unsigned int nr, unsigned long p1, unsigned long p2, unsigned long p3) { long ret; + + if (prot_guest_has(PATTR_GUEST_TDX)) + return tdx_kvm_hypercall(nr, p1, p2, p3, 0); + asm volatile(KVM_HYPERCALL : "=a"(ret) : "a"(nr), "b"(p1), "c"(p2), "d"(p3) @@ -76,6 +94,10 @@ static inline long kvm_hypercall4(unsigned int nr, unsigned long p1, unsigned long p4) { long ret; + + if (prot_guest_has(PATTR_GUEST_TDX)) + return tdx_kvm_hypercall(nr, p1, p2, p3, p4); + asm volatile(KVM_HYPERCALL : "=a"(ret) : "a"(nr), "b"(p1), "c"(p2), "d"(p3), "S"(p4) diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index 846fe58f0426..8fa33e2c98db 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -6,8 +6,9 @@ #include #include -#define TDX_CPUID_LEAF_ID 0x21 -#define TDX_HYPERCALL_STANDARD 0 +#define TDX_CPUID_LEAF_ID 0x21 +#define TDX_HYPERCALL_STANDARD 0 +#define TDX_HYPERCALL_VENDOR_KVM 0x4d564b2e584454 /* * Used in __tdx_module_call() helper function to gather the @@ -80,4 +81,29 @@ static inline bool tdx_prot_guest_has(unsigned long flag) { return false; } #endif /* CONFIG_INTEL_TDX_GUEST */ +#ifdef CONFIG_INTEL_TDX_GUEST_KVM + +static inline long tdx_kvm_hypercall(unsigned int nr, unsigned long p1, + unsigned long p2, unsigned long p3, + unsigned long p4) +{ + struct tdx_hypercall_output out; + u64 err; + + err = __tdx_hypercall(TDX_HYPERCALL_VENDOR_KVM, nr, p1, p2, + p3, p4, &out); + + BUG_ON(err); + + return out.r10; +} +#else +static inline long tdx_kvm_hypercall(unsigned int nr, unsigned long p1, + unsigned long p2, unsigned long p3, + unsigned long p4) +{ + return -ENODEV; +} +#endif /* CONFIG_INTEL_TDX_GUEST_KVM */ + #endif /* _ASM_X86_TDX_H */ diff --git a/arch/x86/kernel/tdcall.S b/arch/x86/kernel/tdcall.S index 9df94f87465d..1823bac4542d 100644 --- a/arch/x86/kernel/tdcall.S +++ b/arch/x86/kernel/tdcall.S @@ -3,6 +3,7 @@ #include #include #include +#include #include #include @@ -309,3 +310,4 @@ skip_sti: retq SYM_FUNC_END(__tdx_hypercall) +EXPORT_SYMBOL(__tdx_hypercall); -- 2.25.1