Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp4938275pxb; Tue, 5 Oct 2021 13:45:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwoEjm0PHC1eRTBigZcazkgcdGsoWopwxHjmIPM49pQWxOxm3F7jgDa74AGZ4oiDYVv/h/C X-Received: by 2002:a17:90b:1c8f:: with SMTP id oo15mr6192915pjb.169.1633466718665; Tue, 05 Oct 2021 13:45:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633466718; cv=none; d=google.com; s=arc-20160816; b=CMgvISj1+N2vDr3L90IWlGH0zrpQ5pLc6pAyj4/tAICgCD7vd0lRaFudZjqi7v8/od wSiWlZgavVxs9zz662JMNjKYNJFHv9mbDllv0T8SDm8LQQyndWdwQFmsUeVZDyoSOQNd bh4TtQQJSGCw3X77oLiEcFZttBR0CLWU5CV6rQcVH6yOwV1lmZHvXGFrogNCevgw6Sn1 E8N5/fTFJTJXF4+vbPNNKrYUSxSjDyEYhTZCBpW4lQsfOe506CNd93GnjsP49DjxnVdr 9Zz08pPqw7LZg7YGLq4Q554qqbuMzsnnHLD44AUZIyeCngspW4lntXKiXb0Q+d6llLNU wEpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=c4bZi3Vv5WqbU38SD+ZgLRp5gVINuA95hCbLSY+tv6Y=; b=Rt+NDwhD5fRxHr5uxPi5oygoyIL8rPuGv9S3mdIoWJaMnQ+yyym5bsZHCwQY336GdN P4P/YoHi6BVAwqFeqLrm7rK2tPDMBxLlMQeSOTewapeeHRnJ+7Pj1gBnONBP5YOlxqFN vqzARxIPOfQihunXcZuSIjrojdLsM7RXF90a9RvCnCiNBtBwhtzymu6sft6/i2jy04Mz dWADvPjjx0f7KaEDZ9GH51E4iJG0y3yhMAGHu/gJaErnn4Ap9zaKU7cn5QGqgQLI/DAc lcZaWxDh+vZvh7N4/1xb6dEUtR6wUjFT1gzFsn1rkjN0PCW5Fl2eYe8UqHdg/O5hgvof bQOw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j13si3714588pjn.81.2021.10.05.13.45.05; Tue, 05 Oct 2021 13:45:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236746AbhJEUoS (ORCPT + 99 others); Tue, 5 Oct 2021 16:44:18 -0400 Received: from mga07.intel.com ([134.134.136.100]:11176 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236188AbhJEUn5 (ORCPT ); Tue, 5 Oct 2021 16:43:57 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10128"; a="289354616" X-IronPort-AV: E=Sophos;i="5.85,349,1624345200"; d="scan'208";a="289354616" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Oct 2021 13:42:04 -0700 X-IronPort-AV: E=Sophos;i="5.85,349,1624345200"; d="scan'208";a="523979726" Received: from alyee-mobl.amr.corp.intel.com (HELO skuppusw-desk1.amr.corp.intel.com) ([10.254.5.222]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Oct 2021 13:42:04 -0700 From: Kuppuswamy Sathyanarayanan To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, Paolo Bonzini , David Hildenbrand , Andrea Arcangeli , Josh Poimboeuf , "H . Peter Anvin" Cc: Dave Hansen , Tony Luck , Dan Williams , Andi Kleen , Kirill Shutemov , Sean Christopherson , Kuppuswamy Sathyanarayanan , linux-kernel@vger.kernel.org Subject: [PATCH v7 10/10] x86/tdx: Handle MWAIT and MONITOR Date: Tue, 5 Oct 2021 13:41:36 -0700 Message-Id: <20211005204136.1812078-11-sathyanarayanan.kuppuswamy@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211005204136.1812078-1-sathyanarayanan.kuppuswamy@linux.intel.com> References: <20211005204136.1812078-1-sathyanarayanan.kuppuswamy@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When running as a TDX guest, there are a number of existing, privileged instructions that do not work. If the guest kernel uses these instructions, the hardware generates a #VE. List of unsupported instructions can be found in Intel Trust Domain Extensions (Intel® TDX) Module specification, sec titled "Instructions that Cause a #VE Unconditionally" and in Guest-Host Communication Interface (GHCI) Specification for Intel TDX, sec titled "#VE Injected due to disallowed instructions". To prevent TD guests from using MWAIT/MONITOR instructions, the CPUID flags for these instructions are already disabled by the TDX module.      After the above mentioned preventive measures, if TD guests still execute these instructions, add appropriate warning message (WARN_ONCE()) in #VE handler. This handling behavior is same as KVM (which also treats MWAIT/MONITOR as nops with warning once in unsupported platforms). Signed-off-by: Kuppuswamy Sathyanarayanan Reviewed-by: Andi Kleen Reviewed-by: Dan Williams --- Changes since v6: * Added section title to spec reference in commit log. Changes since v5: * None Changes since v4: * Removed usage of We/You in commit log and comments. Changes since v3: * None Changes since v2: * None arch/x86/kernel/tdx.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/kernel/tdx.c b/arch/x86/kernel/tdx.c index 851ad143da03..a66520405109 100644 --- a/arch/x86/kernel/tdx.c +++ b/arch/x86/kernel/tdx.c @@ -364,6 +364,14 @@ int tdx_handle_virtualization_exception(struct pt_regs *regs, return -EFAULT; } break; + case EXIT_REASON_MONITOR_INSTRUCTION: + case EXIT_REASON_MWAIT_INSTRUCTION: + /* + * Something in the kernel used MONITOR or MWAIT despite + * X86_FEATURE_MWAIT being cleared for TDX guests. + */ + WARN_ONCE(1, "TD Guest used unsupported MWAIT/MONITOR instruction\n"); + break; default: pr_warn("Unexpected #VE: %lld\n", ve->exit_reason); return -EFAULT; -- 2.25.1