Received: by 2002:a05:7412:5112:b0:fa:6e18:a558 with SMTP id fm18csp171388rdb;
        Mon, 22 Jan 2024 16:17:02 -0800 (PST)
X-Google-Smtp-Source: AGHT+IH+2nXn/etEiQf/0xi5sSMOryAUgsBq5U0Reksv0lLpG5sd+7OOQGCXBcLT6Nfk4t/ZACq7
X-Received: by 2002:a05:6830:3114:b0:6d9:d786:b260 with SMTP id b20-20020a056830311400b006d9d786b260mr6889791ots.60.1705969021793;
        Mon, 22 Jan 2024 16:17:01 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1705969021; cv=pass;
        d=google.com; s=arc-20160816;
        b=r2U7O5ZPAJS9gTUW0pzB+8FC3Ode6ZV2mWDZBoPM3moQfIiJnnMzyOP1JQj9b5HwCT
         7+UcPjDiBl48g63T0Lm0vkGKcgK8YWTfoMYbuRZij/kIr+OqHPZgE1xoy9IEdEi/iNLu
         +DgK32JcDrH9lqIdeSeb2tvIgcfZCozRb4I89ySJV+krew41nw5SJLhJLg+dOFuqmIzP
         UtyKt7uvhMMThjYGqSCGTak4nQqB8KNqTbnBr3mLHjz3lyE8Z00kYw+C+8mt/JI5xGz+
         YixznrPpQb8NL6rDYDU5BywkFTgJOUSv5d6wV9mNLfYnBZid5e3bQ7Cb/Q24KvXhTeTq
         NpAQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=0Qzt8dqcUGV2YeaqFMjd504nfVrAvvL39J6xL3//U8I=;
        fh=Itbyk7CEvizIrzGEESCqq3I2tZgG1kc/GkVOa3S7Hsg=;
        b=emtsqCHrYg5EYCo6RKJLje4dVlRKroWROUjfsxVwomS/mMZvincOJUzpA2oE1Epxl9
         6LNhinDRLIIhpC+R4oBlE/GCnPoqajm+zpXd7LIDSvBySacoTeALWXyBYHRS/WaEIlby
         QRTULoKmfb30O3RI+S34Ov7uQZ25tKmCBQusWYLSpaATSEyEgClbqwHSAA0gvvbUmB30
         8IqsqZIUcCc3u1x5KgQKo3xrSUbkB0OX1YD43LroYWnho0lEA8esenmM7MTo4WS4NUuS
         Yj7AfLV7ZlLlAv3hPdlhw/Ud+YVrNbxaxMtl5SfANQsQ3qLxESIsmQegfFmVQNYgQAEH
         g3mg==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=Kt0kVQ1A;
       arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com);
       spf=pass (google.com: domain of linux-kernel+bounces-34412-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-34412-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel+bounces-34412-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id c8-20020a05622a024800b0042a4a2df8d2si1246068qtx.204.2024.01.22.16.17.01
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 22 Jan 2024 16:17:01 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-34412-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=Kt0kVQ1A;
       arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com);
       spf=pass (google.com: domain of linux-kernel+bounces-34412-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-34412-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 8A8A51C250E3
	for <linux.lists.archive@gmail.com>; Tue, 23 Jan 2024 00:17:01 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id AECC07C0BB;
	Mon, 22 Jan 2024 23:56:08 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Kt0kVQ1A"
Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2AF6D74E37;
	Mon, 22 Jan 2024 23:56:05 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.55.52.120
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1705967767; cv=none; b=rfUQ7ww9rVftkaydPIR/G8ksgSSBgOdhZIXILPYlz2o9JhEMAAb9bpGeMwNXQyy6v33dKC/Q+pFh7Ph9q42BFq8T3osu4VVrABE2q4VAkce4lM20hmX25ajJEYUykh+fZjLpv9v86Ce2YavlY2ny1Ql1XCXy8RHLdrzJxJVTcME=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1705967767; c=relaxed/simple;
	bh=tAZhX5hYYxeNuPqmnsVeBXmDWknqCmqZz4xkIwUygHk=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version; b=W50FZAM7Gi55ruHPYw70QSynBFcN2P6Lfb3LBLTP22W0MSJNZZg3A8KUf78+zEP3Z7omCJ+ZoMaxrF0vHCNUnUBZVzrMD4u2s7wTHYgF7AHVI17xeiaYj8otYSPoxBKBzDF6QlJpKyZg8dFeWB3aVPgABt5IjM/CFkMwbGwK2xE=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Kt0kVQ1A; arc=none smtp.client-ip=192.55.52.120
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1705967765; x=1737503765;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=tAZhX5hYYxeNuPqmnsVeBXmDWknqCmqZz4xkIwUygHk=;
  b=Kt0kVQ1AeC36InflJjgxxd9H29YKRtYsuLKjsSf3iK6/56i79Rl4g/Hb
   nplumGwAjX8p/7heetXQSE9+YREG+LbygMRqpvHGKbfYZ2ViAdLpjf9VJ
   HsgIQbkZXwyFn5Jd+urhtWg/+dWO7KigZ9bh4aCjXx8idNsFujOb0/tYI
   1rE8yAFnIZ0AxzRiy9NLdRdzLPl1NJYtUcY6TzK3lMsI0ViFvzgU0KbB7
   +N884vMQxGFeXry5rwE7rohp5shTng1Pc25mPh+mG7BX2lBeooK/3ZEoO
   A2lpr6kD2asHK5FVQT6n7Poe1kZIAqIuw931cBgGgVAITnzNP5uln6PvS
   w==;
X-IronPort-AV: E=McAfee;i="6600,9927,10961"; a="400217888"
X-IronPort-AV: E=Sophos;i="6.05,212,1701158400"; 
   d="scan'208";a="400217888"
Received: from fmviesa001.fm.intel.com ([10.60.135.141])
  by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jan 2024 15:55:53 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.05,212,1701158400"; 
   d="scan'208";a="27817996"
Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31])
  by smtpauth.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jan 2024 15:55:53 -0800
From: isaku.yamahata@intel.com
To: kvm@vger.kernel.org,
	linux-kernel@vger.kernel.org
Cc: isaku.yamahata@intel.com,
	isaku.yamahata@gmail.com,
	Paolo Bonzini <pbonzini@redhat.com>,
	erdemaktas@google.com,
	Sean Christopherson <seanjc@google.com>,
	Sagi Shahar <sagis@google.com>,
	Kai Huang <kai.huang@intel.com>,
	chen.bo@intel.com,
	hang.yuan@intel.com,
	tina.zhang@intel.com
Subject: [PATCH v18 103/121] KVM: TDX: Handle MSR IA32_FEAT_CTL MSR and IA32_MCG_EXT_CTL
Date: Mon, 22 Jan 2024 15:54:19 -0800
Message-Id: <334cc24d982d9cb73fc7b6b8fcb6f2e1f9ea44ff.1705965635.git.isaku.yamahata@intel.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1705965634.git.isaku.yamahata@intel.com>
References: <cover.1705965634.git.isaku.yamahata@intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

From: Isaku Yamahata <isaku.yamahata@intel.com>

MCE and MCA is advertised via cpuid based on the TDX module spec.  Guest
kernel can access IA32_FEAT_CTL for checking if LMCE is enabled by platform
and IA32_MCG_EXT_CTL to enable LMCE.  Make TDX KVM handle them.  Otherwise
guest MSR access to them with TDG.VP.VMCALL<MSR> on VE results in GP in
guest.

Because LMCE is disabled with qemu by default, "-cpu lmce=on" to qemu
command line is needed to reproduce it.

Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
---
 arch/x86/kvm/vmx/tdx.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index a75275f6f161..5a2b211a365c 100644
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -1998,6 +1998,7 @@ bool tdx_has_emulated_msr(u32 index, bool write)
 		default:
 			return true;
 		}
+	case MSR_IA32_FEAT_CTL:
 	case MSR_IA32_APICBASE:
 	case MSR_EFER:
 		return !write;
@@ -2012,6 +2013,20 @@ bool tdx_has_emulated_msr(u32 index, bool write)
 int tdx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
 {
 	switch (msr->index) {
+	case MSR_IA32_FEAT_CTL:
+		/*
+		 * MCE and MCA are advertised via cpuid. guest kernel could
+		 * check if LMCE is enabled or not.
+		 */
+		msr->data = FEAT_CTL_LOCKED;
+		if (vcpu->arch.mcg_cap & MCG_LMCE_P)
+			msr->data |= FEAT_CTL_LMCE_ENABLED;
+		return 0;
+	case MSR_IA32_MCG_EXT_CTL:
+		if (!msr->host_initiated && !(vcpu->arch.mcg_cap & MCG_LMCE_P))
+			return 1;
+		msr->data = vcpu->arch.mcg_ext_ctl;
+		return 0;
 	case MSR_MTRRcap:
 		/*
 		 * Override kvm_mtrr_get_msr() which hardcodes the value.
@@ -2030,6 +2045,11 @@ int tdx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
 int tdx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
 {
 	switch (msr->index) {
+	case MSR_IA32_MCG_EXT_CTL:
+		if (!msr->host_initiated && !(vcpu->arch.mcg_cap & MCG_LMCE_P))
+			return 1;
+		vcpu->arch.mcg_ext_ctl = msr->data;
+		return 0;
 	case MSR_MTRRdefType:
 		/*
 		 * Allow writeback only for all memory.
-- 
2.25.1