Received: by 2002:a05:7412:98c1:b0:fa:551:50a7 with SMTP id kc1csp425694rdb;
        Fri, 5 Jan 2024 15:05:30 -0800 (PST)
X-Google-Smtp-Source: AGHT+IEwfV/9ttjgsZJQpx6Y68D8bkHPn32+CkQ1n28YgdB4H1WtfbELMLWd6kHcOT77b+AQAszd
X-Received: by 2002:a50:8a93:0:b0:557:1d4a:ea64 with SMTP id j19-20020a508a93000000b005571d4aea64mr70126edj.8.1704495930818;
        Fri, 05 Jan 2024 15:05:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1704495930; cv=none;
        d=google.com; s=arc-20160816;
        b=mHYsq1vMpqnfS2ALc+nMVLyDpTVylb578GsORXyHxXJqC9Wsdqf42DQbLxWIIhQtQa
         FUc2Jp3iyNZwT54rp7t+6eA5S7kmUodqc6uuM+AHDZjqGxCL7g6Rt+rEMDNFlE3eJEoA
         E556/wGZJfXXO0R+1Gew7efEVIYn0OmRIs5h8qVDK697MTY8SU63MrUKAI1FDoR0ghIp
         JkPmDQEJ1ffdJiLXolLqDSZV2z5MOCiTxhkpAKRa0IwHFELp3tF1Yi1tWhOwxyCOfKCF
         6ZdMFnGo1GBBykArQNsz/4FERXU/VVxoDZU2vEooHrugxQWdVt3cPMAJ6cG24jaiimBX
         fpVQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=cc:to:from:subject:message-id:references:mime-version
         :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date
         :dkim-signature;
        bh=eRvWPDCG4JAZwBNK/6G5GN/cR0tx6Hok+T3LJaZP40Y=;
        fh=cGGTlUWKorIhiv6DCSk/jtnf4Mo+TZOBpZFvHvVYhUY=;
        b=KbMVSAJm8WZq6l1df1WNiBhZWTKhbUwtDataz2ZK+uQtkxtC1/zG1i70dmiCmb4bkN
         gGKzCgUh/iVnbOQ0mDIp21wuQDwEBjf1HKnxOFmrK7p5zJas2bkN43myhlSQz7E8LuLg
         qVe0iiD809Tyu5QKOZCJtY4tq1ZzuRe3vSLE/oq3oZw980iJ+g+XYJURnqLHG2ii40vn
         UiNI4yxwDuJmAxjjl95CWVgiAmhsM4gSPAKsvEXM44GYhU01bSNBHOrYByWVF4h/NbT0
         bWWQ8au0WMtYVInvhERj1AxSvvfcQVx5h9UboZ68ypv2jTdE4i8zQlqam57wcWMpTQsi
         MKHQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=jLKmdtD1;
       spf=pass (google.com: domain of linux-kernel+bounces-18409-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-18409-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel+bounces-18409-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3])
        by mx.google.com with ESMTPS id m2-20020a509982000000b005573c137986si607719edb.179.2024.01.05.15.05.30
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 05 Jan 2024 15:05:30 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-18409-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=jLKmdtD1;
       spf=pass (google.com: domain of linux-kernel+bounces-18409-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-18409-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 577B41F24678
	for <linux.lists.archive@gmail.com>; Fri,  5 Jan 2024 23:05:30 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 54117360BE;
	Fri,  5 Jan 2024 23:05:17 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="jLKmdtD1"
X-Original-To: linux-kernel@vger.kernel.org
Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6D6E43609F
	for <linux-kernel@vger.kernel.org>; Fri,  5 Jan 2024 23:05:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-28cbd4aaf29so61498a91.2
        for <linux-kernel@vger.kernel.org>; Fri, 05 Jan 2024 15:05:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1704495913; x=1705100713; darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=eRvWPDCG4JAZwBNK/6G5GN/cR0tx6Hok+T3LJaZP40Y=;
        b=jLKmdtD1DWEJ7zx+5s/mqcVjjGALm71JKNNaPtFjcYGqKwSom8TpecdesFklLFmqO7
         QqOjsnBIqGzJK1uqKp6uJUBxjG8vI/T0WjCw+KuC4/qPYsglFCuXgaMqqWSq/+m8TBOS
         v+9hYUnrVKs0ZkWtRGLeOE1IUqn2JdP4NHOQRJW4WHEleWi9G3v08A2M38vHX7cfr6Oj
         rOZYwEgzWGjBLyluRTGiLjGbjt/fdifbJ9k89WdVAXNf2Svb7qD36q4+O2EqOwOaCYzF
         UtPQwwmbE9I12t3AzDjYXxtq6gC4y+QRR2l6v/hlyC1afR020sZ3k6VOeqHrfrmtcWrQ
         WPyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1704495913; x=1705100713;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=eRvWPDCG4JAZwBNK/6G5GN/cR0tx6Hok+T3LJaZP40Y=;
        b=vZBIfucMJiL74KBfWU3bpzrmJAbDJ0piqQbHwpv94POWvQR8huZ9SMXM48aMH+gqRQ
         OJnWMtgvqqDUYSTDvHlNPlm+jXZi7ZIBbpJtCHDAu27o7MMxHGeeBYfLiUZUItNbFMQF
         OvKPztynaMo+h3Dnju3VqRt5dQYLpnhQnTv9Q0XwrpO1X8+Y8JGIGBNsiD8DPiOs8mZo
         j+FI++KguApmxV5/91Tf6q1vF5MlVu5BytyAUeg2xrySL0heFkygYNDFnGViDvOHRzjV
         TALxtscrEVuJ0eicEPt6SZWPCzF0lRw4yamtSW1WiReH9D5H1cpDhrwy5OSFWBCVfweM
         pPog==
X-Gm-Message-State: AOJu0YydfZc2WlMdJTfibLMHchBP3yTb6wJ5hRvZtYrPVFtHjMa+sV4H
	+/ntBPnTywG6uxjFP4X3RMv0k4qoHuC7OAJ4ZQ==
X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a17:90b:3b82:b0:28b:7cfa:a8c with SMTP id
 pc2-20020a17090b3b8200b0028b7cfa0a8cmr1255pjb.2.1704495913633; Fri, 05 Jan
 2024 15:05:13 -0800 (PST)
Date: Fri, 5 Jan 2024 15:05:12 -0800
In-Reply-To: <7ca4b7af33646e3f5693472b4394ba0179b550e1.1699368322.git.isaku.yamahata@intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <cover.1699368322.git.isaku.yamahata@intel.com> <7ca4b7af33646e3f5693472b4394ba0179b550e1.1699368322.git.isaku.yamahata@intel.com>
Message-ID: <ZZiLKKobVcmvrPmb@google.com>
Subject: Re: [PATCH v17 092/116] KVM: TDX: Handle TDX PV HLT hypercall
From: Sean Christopherson <seanjc@google.com>
To: isaku.yamahata@intel.com
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, 
	isaku.yamahata@gmail.com, Paolo Bonzini <pbonzini@redhat.com>, erdemaktas@google.com, 
	Sagi Shahar <sagis@google.com>, David Matlack <dmatlack@google.com>, Kai Huang <kai.huang@intel.com>, 
	Zhi Wang <zhi.wang.linux@gmail.com>, chen.bo@intel.com, hang.yuan@intel.com, 
	tina.zhang@intel.com
Content-Type: text/plain; charset="us-ascii"

On Tue, Nov 07, 2023, isaku.yamahata@intel.com wrote:
> From: Isaku Yamahata <isaku.yamahata@intel.com>
> 
> Wire up TDX PV HLT hypercall to the KVM backend function.
> 
> Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
> ---
>  arch/x86/kvm/vmx/tdx.c | 42 +++++++++++++++++++++++++++++++++++++++++-
>  arch/x86/kvm/vmx/tdx.h |  3 +++
>  2 files changed, 44 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
> index 3a1fe74b95c3..4e48989d364f 100644
> --- a/arch/x86/kvm/vmx/tdx.c
> +++ b/arch/x86/kvm/vmx/tdx.c
> @@ -662,7 +662,32 @@ void tdx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
>  
>  bool tdx_protected_apic_has_interrupt(struct kvm_vcpu *vcpu)
>  {
> -	return pi_has_pending_interrupt(vcpu);
> +	bool ret = pi_has_pending_interrupt(vcpu);
> +	struct vcpu_tdx *tdx = to_tdx(vcpu);
> +
> +	if (ret || vcpu->arch.mp_state != KVM_MP_STATE_HALTED)
> +		return true;
> +
> +	if (tdx->interrupt_disabled_hlt)
> +		return false;
> +
> +	/*
> +	 * This is for the case where the virtual interrupt is recognized,
> +	 * i.e. set in vmcs.RVI, between the STI and "HLT".  KVM doesn't have
> +	 * access to RVI and the interrupt is no longer in the PID (because it
> +	 * was "recognized".  It doesn't get delivered in the guest because the
> +	 * TDCALL completes before interrupts are enabled.
> +	 *
> +	 * TDX modules sets RVI while in an STI interrupt shadow.
> +	 * - TDExit(typically TDG.VP.VMCALL<HLT>) from the guest to TDX module.
> +	 *   The interrupt shadow at this point is gone.
> +	 * - It knows that there is an interrupt that can be delivered
> +	 *   (RVI > PPR && EFLAGS.IF=1, the other conditions of 29.2.2 don't
> +	 *    matter)
> +	 * - It forwards the TDExit nevertheless, to a clueless hypervisor that
> +	 *   has no way to glean either RVI or PPR.

WTF.  Seriously, what in the absolute hell is going on.  I reported this internally
four ***YEARS*** ago.  This is not some obscure theoretical edge case, this is core
functionality and it's completely broken garbage.

NAK.  Hard NAK.  Fix the TDX module, full stop.

Even worse, TDX 1.5 apparently _already_ has the necessary logic for dealing with
interrupts that are pending in RVI when handling NESTED VM-Enter.  Really!?!?!
Y'all went and added nested virtualization support of some kind, but can't find
the time to get the basics right?