Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp5221760rwb; Mon, 14 Nov 2022 00:50:11 -0800 (PST) X-Google-Smtp-Source: AA0mqf6XXNL0PAVnXrjy+VIZ+7RPPLyTkvvLMZVZ37hATG6eNmHjkXIfVs7fuzNMVL4QR+VC8yyV X-Received: by 2002:a63:3117:0:b0:462:644c:87ff with SMTP id x23-20020a633117000000b00462644c87ffmr10929514pgx.552.1668415811666; Mon, 14 Nov 2022 00:50:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668415811; cv=none; d=google.com; s=arc-20160816; b=bwrdCz6c7wvlyw8hmKZFkM2SkKN+VxehIbwihj7y+D5vIyY/ooBLPMvEV4UyBDurya bi6aXX37TURLLa+nL/v8erVPDF6FRjsab+6PzPS9gejqhiNkV8uoDdK9h5gGa7XCcml7 p+4E4bsGou3jzD8mIsOHxej7OWqMlXPzbsRjsMLmMI20Umu0wmBo2beBef2fxSG82S4O IVcpVQsBJt8wTuwTNGiirrW9gM0EbOBlZBV9KGU7uWM7IH84gdMUKFfahMdwZdseSfN6 lq4n12pivi/4xyoxI8ZDiFBBoro6H9LxlfbYCwQsWaiOvkyiKmtKq/E1+MczXI4pm21K Q+6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:subject:user-agent:mime-version:date:message-id :dkim-signature; bh=FMqVDtLRdTicc98NFRWTQdClXpyELfM5UXbATdeHgQ8=; b=vOvMtNhO3caDVfCbGticCNAw3kmsmvfpPTfmNC9iji/syMBKujy0xv87aTY0Kezaz0 3eqSvO+5/RPg+W3Nfawm1+Ppeyk+Uz3K30v1rpwUiMMsMwA1XKh8po59OeP+M3z/Qpp6 Hc6kdqgGPLNKin8dzK7f0BturOS/ezkvH7RYP5hkUyo7QBUbrX4RAHUNI06sBZIlUA9m bhjDID4rC22F9ySthMVAuiloIinPgSxxNDxjAkYpMTS7YRVt/D1NoVAK6zaHR9CkOX5U o+tYBSdbYzRv7foP0vc3zAS16/I2MovncS84/B/XOnRUfIaTAvkO9zb6twgSZMfQSctD qHAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=g4nGvvP0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q18-20020a170902dad200b0017c2a42fc8csi9279486plx.270.2022.11.14.00.50.01; Mon, 14 Nov 2022 00:50:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=g4nGvvP0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236020AbiKNHti (ORCPT + 88 others); Mon, 14 Nov 2022 02:49:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42990 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235733AbiKNHth (ORCPT ); Mon, 14 Nov 2022 02:49:37 -0500 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 12685C2F; Sun, 13 Nov 2022 23:49:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1668412177; x=1699948177; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=OAma0AQcRYfh/Iefxk+hEiI+He8Dtgk0YGypPF8trQs=; b=g4nGvvP0r0Z0mxdWPNW/uwHCNmbrCkDp/eWx4+JXdFgu8aDqgKadcJdD iFOzyi4SRLzoJADAmNQK/nbjl+rRmfLuyGLPnHbaICVuXDasuomuIZqxA plVXCjVbpre2hBb5phb1QBVGV1m24/ylkiwRAdXdRrkE5lBu6epZ78e75 pMC7UmuxS7CucgPuVpSDbyB2Z4skoy1d9RARH4o2qBITLw2r6OV8OzJKN MrO1bcBR58iCzWbROm8muNQWoa/ywdIMqicHHuKXi1M2xoXMmn/VgCfrO y7RmfT2l2gyr3WJc71UlfDNVpackVucpOz2DoW0Zw5zJAe+N3nnO5sM3F w==; X-IronPort-AV: E=McAfee;i="6500,9779,10530"; a="299424995" X-IronPort-AV: E=Sophos;i="5.96,161,1665471600"; d="scan'208";a="299424995" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Nov 2022 23:49:36 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10530"; a="967467391" X-IronPort-AV: E=Sophos;i="5.96,161,1665471600"; d="scan'208";a="967467391" Received: from binbinwu-mobl.ccr.corp.intel.com (HELO [10.249.173.21]) ([10.249.173.21]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Nov 2022 23:49:34 -0800 Message-ID: Date: Mon, 14 Nov 2022 15:49:32 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 Subject: Re: [PATCH v10 072/108] KVM: TDX: restore user ret MSRs To: isaku.yamahata@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , David Matlack References: <3260994f3d9a036795c81bf06842558afabeeef7.1667110240.git.isaku.yamahata@intel.com> From: Binbin Wu In-Reply-To: <3260994f3d9a036795c81bf06842558afabeeef7.1667110240.git.isaku.yamahata@intel.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/30/2022 2:23 PM, isaku.yamahata@intel.com wrote: > From: Isaku Yamahata > > Several user ret MSRs are clobbered on TD exit. Restore those values on > TD exit and before returning to ring 3. > > Signed-off-by: Isaku Yamahata > Reviewed-by: Paolo Bonzini > --- > arch/x86/kvm/vmx/tdx.c | 43 ++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 43 insertions(+) > > diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c > index 3ec465cbaeef..f35ccf2b502d 100644 > --- a/arch/x86/kvm/vmx/tdx.c > +++ b/arch/x86/kvm/vmx/tdx.c > @@ -456,6 +456,28 @@ void tdx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) > vcpu->kvm->vm_bugged = true; > } > > +struct tdx_uret_msr { > + u32 msr; > + unsigned int slot; > + u64 defval; > +}; > + > +static struct tdx_uret_msr tdx_uret_msrs[] = { > + {.msr = MSR_SYSCALL_MASK,}, > + {.msr = MSR_STAR,}, > + {.msr = MSR_LSTAR,}, > + {.msr = MSR_TSC_AUX,}, > +}; > + > +static void tdx_user_return_update_cache(void) > +{ > + int i; > + > + for (i = 0; i < ARRAY_SIZE(tdx_uret_msrs); i++) > + kvm_user_return_update_cache(tdx_uret_msrs[i].slot, > + tdx_uret_msrs[i].defval); > +} > + > static void tdx_restore_host_xsave_state(struct kvm_vcpu *vcpu) > { > struct kvm_tdx *kvm_tdx = to_kvm_tdx(vcpu->kvm); > @@ -495,6 +517,7 @@ fastpath_t tdx_vcpu_run(struct kvm_vcpu *vcpu) > > tdx_vcpu_enter_exit(vcpu, tdx); > > + tdx_user_return_update_cache(); > tdx_restore_host_xsave_state(vcpu); > tdx->host_state_need_restore = true; > > @@ -1558,6 +1581,26 @@ int __init tdx_hardware_setup(struct kvm_x86_ops *x86_ops) > return -ENODEV; > } > > + for (i = 0; i < ARRAY_SIZE(tdx_uret_msrs); i++) { > + /* > + * Here it checks if MSRs (tdx_uret_msrs) can be saved/restored > + * before returning to user space. > + * > + * this_cpu_ptr(user_return_msrs)->registered isn't checked > + * because the registration is done at vcpu runtime by > + * kvm_set_user_return_msr(). > + * Here is setting up cpu feature before running vcpu, > + * registered is alreays typo, already or always? > false. > + */ > + tdx_uret_msrs[i].slot = kvm_find_user_return_msr(tdx_uret_msrs[i].msr); > + if (tdx_uret_msrs[i].slot == -1) { > + /* If any MSR isn't supported, it is a KVM bug */ > + pr_err("MSR %x isn't included by kvm_find_user_return_msr\n", > + tdx_uret_msrs[i].msr); > + return -EIO; > + } > + } > + > max_pkgs = topology_max_packages(); > tdx_mng_key_config_lock = kcalloc(max_pkgs, sizeof(*tdx_mng_key_config_lock), > GFP_KERNEL);