Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp2618413rdg; Mon, 16 Oct 2023 09:32:08 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGGX9Ix8TkfC/IGJPzsCjcIuFOlVXZ3k/EFnqNbSrEVPT1xYY+xaegE1Blk/tJpqVO6dfo7 X-Received: by 2002:a05:6870:d3c3:b0:1ea:29a:861d with SMTP id l3-20020a056870d3c300b001ea029a861dmr6270509oag.27.1697473928508; Mon, 16 Oct 2023 09:32:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697473928; cv=none; d=google.com; s=arc-20160816; b=Zbg3RtE2NgMBnOS9qN+rCAyeWfHRDVpvKFH8j1SG4u6EfA7uOzCJ25Mjp8mcZnaH4I CIa1C6d0uV+Un6JZzNB4MY/v4Cqqhp8rA9QYYQICVJGxaSSCP/+Su3jSVNelJ4kKVzc+ AqcRTyp0n+ZJZ0C8TNgkjP/QAl4F9g/oHsADWD0MVqxSB9b66yq7oe8Qt1LGgyIhalX3 LElVUk4EbUaI9EBm191HRcd9ugugKIjFcVf6ds+yUqIHRLd4fMyxlsG+R5jj+0TpiRnh hNs6e7b+OX6QoPB/MaBttLcez6Fx3WhnnSX6de0V5uIBQVijuso1t5WuwecTCM/imYNo baNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=yGyFLi5uPLsjZA+lkAJSBAdFsI51YkwKNM8uuv0woXk=; fh=lRdU2Q/1zx5DcPdZuWBjshA5VT5Oc9cEhB1tCFiV0Nw=; b=CrXvveA2j/xeA5m/0vUHnCEljwvYMLfS1WI5w0PR6jSK05C9yGf2vcNPPr2AlxbGop DpO900R9Q2RG7lj5CbHOhV4vXZe5v/jiTk3mLVZdfHSpkDA1uWAhx7hNGkyJc450Nz4X YGHAPOdyKpZXe+Gv8diBEduv4RTZZG8iB+/et+16DcCXvEqbbhmpDrqp14RzoJpG1fzy nwNcH00JDSduHeBDq6VuqCQW9es1biHMwuB+rSK3HE6nbiJdYaPRpQJyych4HsE+Q4Nw XXnNdTKmxeAObTzpHw/eafArl71a8gfNoC6TQQAWSkt8KbzUXxIgsCJLPTCUKlybU0V4 rYlA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=KL+mBNmY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id p17-20020a637f51000000b005b5df8bf69csi3869655pgn.98.2023.10.16.09.32.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Oct 2023 09:32:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=KL+mBNmY; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 3A20D8049D6D; Mon, 16 Oct 2023 09:31:56 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234133AbjJPQbR (ORCPT + 99 others); Mon, 16 Oct 2023 12:31:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45968 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234006AbjJPQa7 (ORCPT ); Mon, 16 Oct 2023 12:30:59 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 04BFE6FA0; Mon, 16 Oct 2023 09:22:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1697473347; x=1729009347; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=J1xAk2C46i6NBPbFLk16aUmdSLB7AICkCifvUxpMYUc=; b=KL+mBNmY96SVnLg6VfrizYQi4iY1kCE54pDrtZYWX9FJ1QF9gGvguD4i f0HEonuCx3mn2SIGn5Rb75eo0rr1Ke77Nal/5mztMF6XEHhYqkw0rBEZa lscKwUpNi6WKT+g6XeEhGp/DPMY7ePHWItrVB9hY7tG3d3dX7mQ7m8FaM vpIbNwUHggUGCCVbq36PeldxN9AB7gtnwuZCzQ6ed6eH94D1ppZ9cVyKf YqohjsSVoXy40Q5HNrdEAqNYxxFZuihxAovLniDoYRhQjJoxvvSpeMIGk kln/uw7t8YwPr+WkLlSkTg3qE4rkgHY4pyK8J1EP+cw/g6IyV4mqbddM1 g==; X-IronPort-AV: E=McAfee;i="6600,9927,10865"; a="364922117" X-IronPort-AV: E=Sophos;i="6.03,229,1694761200"; d="scan'208";a="364922117" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Oct 2023 09:16:09 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10865"; a="1003006462" X-IronPort-AV: E=Sophos;i="6.03,229,1694761200"; d="scan'208";a="1003006462" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Oct 2023 09:16:09 -0700 From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , David Matlack , Kai Huang , Zhi Wang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com Subject: [PATCH v16 103/116] KVM: TDX: Add methods to ignore guest instruction emulation Date: Mon, 16 Oct 2023 09:14:55 -0700 Message-Id: <9a64faeebf36ed6d83af3650f63bd0be2f99b3eb.1697471314.git.isaku.yamahata@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Mon, 16 Oct 2023 09:31:56 -0700 (PDT) From: Isaku Yamahata Because TDX protects TDX guest state from VMM, instructions in guest memory cannot be emulated. Implement methods to ignore guest instruction emulator. Signed-off-by: Isaku Yamahata --- arch/x86/kvm/vmx/main.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index 582fea1b60b6..5e4091dbf1e8 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -331,6 +331,30 @@ static void vt_enable_smi_window(struct kvm_vcpu *vcpu) } #endif +static bool vt_can_emulate_instruction(struct kvm_vcpu *vcpu, int emul_type, + void *insn, int insn_len) +{ + if (is_td_vcpu(vcpu)) + return false; + + return vmx_can_emulate_instruction(vcpu, emul_type, insn, insn_len); +} + +static int vt_check_intercept(struct kvm_vcpu *vcpu, + struct x86_instruction_info *info, + enum x86_intercept_stage stage, + struct x86_exception *exception) +{ + /* + * This call back is triggered by the x86 instruction emulator. TDX + * doesn't allow guest memory inspection. + */ + if (KVM_BUG_ON(is_td_vcpu(vcpu), vcpu->kvm)) + return X86EMUL_UNHANDLEABLE; + + return vmx_check_intercept(vcpu, info, stage, exception); +} + static bool vt_apic_init_signal_blocked(struct kvm_vcpu *vcpu) { if (is_td_vcpu(vcpu)) @@ -954,7 +978,7 @@ struct kvm_x86_ops vt_x86_ops __initdata = { .load_mmu_pgd = vt_load_mmu_pgd, - .check_intercept = vmx_check_intercept, + .check_intercept = vt_check_intercept, .handle_exit_irqoff = vt_handle_exit_irqoff, .request_immediate_exit = vt_request_immediate_exit, @@ -983,7 +1007,7 @@ struct kvm_x86_ops vt_x86_ops __initdata = { .enable_smi_window = vt_enable_smi_window, #endif - .can_emulate_instruction = vmx_can_emulate_instruction, + .can_emulate_instruction = vt_can_emulate_instruction, .apic_init_signal_blocked = vt_apic_init_signal_blocked, .migrate_timers = vmx_migrate_timers, -- 2.25.1