Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp1185184rbb; Mon, 26 Feb 2024 01:06:22 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVvnczE7Bjs8F2Ki/t2DF3SWMb3bQZM4g6TPyfRs1D+zn0kgyzvYooxFdM8oFuMQ2BcEamhteS0twB7WDrjnF5gAWbFZXVdz4zwiPpH3g== X-Google-Smtp-Source: AGHT+IGw1UtlGkbvpdJJJTXP8m2i04R95BBvWxudBX9PT7PXwqGzTYBdJXbUbp5c/OL7MOJbNqtx X-Received: by 2002:a17:907:209a:b0:a3f:8ee6:29b9 with SMTP id pv26-20020a170907209a00b00a3f8ee629b9mr3920843ejb.77.1708938382200; Mon, 26 Feb 2024 01:06:22 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708938382; cv=pass; d=google.com; s=arc-20160816; b=0bzm8Av0a+6fKFgu3OM/JBt/oYLuX8T/wP/ktUBBlPCWHtBR6i9C66gDOlk7/zQux9 hYtlf3e/d1gkpVLCxf5yN4mk97Sau9RvqsKPecXKCMGJPgyTl8vuL1Y9g3xpDjAobXzr 0cjwjH9LRsQU0Lm4i7R74qH82k0x7QVqtPyXT82YQQm5YmFb5UPUS9dQV1/DSIVk2vk6 1UODaqI/1XhvdNNRrDwA/YkZzC4Lhcd7iP7UXB1oRRQfajK3zAPnZcsNRKLCnOG48YWc 1jMEf91XJD3Sjhe05DGqPmFr3wp+oBWvllb3lEueZBfR9PXL4q3hfVnqRDw2QLr9UPmF 4GRA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=2khCIu5Zufj81KfllJuEgx/ulX28Wl7OEiAAHEZMxsE=; fh=Itbyk7CEvizIrzGEESCqq3I2tZgG1kc/GkVOa3S7Hsg=; b=OppXxMCusuCzxqTKs/WjuwsQgtRFfil1M2a3+fOrorTgD3cDHAz29a7FOhbTmoji4q fyK5F/uFcbG5i0nOSNqNpglovJhCoqZn7gQRGh5IgJ5x/eln1dT6Ux16IjlxT90t3rfU VqpLmcw+n1ZEaGM+fKBkTe11vjTOXhIBKEal4XQc4T80zSm92TMxxHwjAUYGAgM7eGTG FUUwxtit/Lx454zC9wNa/EONjsyXf/csf8UOwkixiqWnc4Bz1zzo4b24Sxi3VUdEVthJ ojz6i/HDrH0I92xdf9uBi0dacocCzBmfY/yahZoApZWfbXFxeU3I0vXklpMbj0wwzZ1R EIiw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=ECTrG1hH; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-80878-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-80878-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id l24-20020a056402345800b005645ee8e9f5si1951049edc.639.2024.02.26.01.06.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Feb 2024 01:06:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-80878-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=ECTrG1hH; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-80878-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-80878-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id EDF1C1F24FC8 for ; Mon, 26 Feb 2024 09:06:21 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 90F9412C815; Mon, 26 Feb 2024 08:29:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="ECTrG1hH" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3FF0F12BEAB; Mon, 26 Feb 2024 08:29:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.8 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708936152; cv=none; b=qS4LzccXx67XqJds192r6MYkhU04eLE7FANV6CbSClIo22vrg5Ank5QOiB4XGOmaQ2HGXv935AZNsleIlTgehaxqVzmJPlqB8fNbi1F8yKfXtqIXavV6Wo90rDuoN5NogG6V4QPkz/9+SS1abgLuENIvjgclBy37HBBmT3jfWZw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708936152; c=relaxed/simple; bh=MzeWQckTmtJUMXlbAxLBuko2QU4/xgbu5cjp+acvzuc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=JeN0InB/riy1DMbVoVqmvDcW0Jm0yGjZhSNwtmL1MbPMKF1uhMNv9Lp31rdpAdbfi7Kd0KXEyjMMA421oTBLsxlnDZCPOfGwEWkYsaUsRqeNSfFnjlNsWU4CPGM39SLNni8F2ERbDfpmB6wwQ0pOZ+UtHeWkm2GJpZCYWJUDNvw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=ECTrG1hH; arc=none smtp.client-ip=192.198.163.8 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1708936150; x=1740472150; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=MzeWQckTmtJUMXlbAxLBuko2QU4/xgbu5cjp+acvzuc=; b=ECTrG1hH65XwTxYmuPJ0R6vzP74EA4asV6C/ZX7YBXHYVaPug4CtCib+ R71oUMOuxrc6XT+4XBmRViLTeH2d51v8S8djiMg8X0aGmz4G2LVU2MoAP jUYL5v2U42axq/L7NfjxbZ+IRImUvpNgyXA1J5CsiW2U1EFUjiNqQ0NVR PCrhYMpsQBFgSkl6LfdwYxvr9V74sr+7yKm24AMC0kWoQYp66Fjj+9Zgp /kNRx7EALaq4PDLSJIOR8SYU2yHDsYNbdQLUwYLwy0nAGNQGNvN6vIyy0 YSV38uxPoafrb93arsT+eMf6byezpv/um3DPrSzSWiwAXwYfLya9tWom8 w==; X-IronPort-AV: E=McAfee;i="6600,9927,10995"; a="20751361" X-IronPort-AV: E=Sophos;i="6.06,185,1705392000"; d="scan'208";a="20751361" Received: from fmviesa008.fm.intel.com ([10.60.135.148]) by fmvoesa102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Feb 2024 00:29:07 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.06,185,1705392000"; d="scan'208";a="6735087" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31]) by fmviesa008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Feb 2024 00:29:06 -0800 From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , Kai Huang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com Subject: [PATCH v19 114/130] KVM: TDX: Handle MSR IA32_FEAT_CTL MSR and IA32_MCG_EXT_CTL Date: Mon, 26 Feb 2024 00:26:56 -0800 Message-Id: <747b9360695a54e096cdb929139dc930da81b8c8.1708933498.git.isaku.yamahata@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Isaku Yamahata MCE and MCA is advertised via cpuid based on the TDX module spec. Guest kernel can access IA32_FEAT_CTL for checking if LMCE is enabled by platform and IA32_MCG_EXT_CTL to enable LMCE. Make TDX KVM handle them. Otherwise guest MSR access to them with TDG.VP.VMCALL on VE results in GP in guest. Because LMCE is disabled with qemu by default, "-cpu lmce=on" to qemu command line is needed to reproduce it. Signed-off-by: Isaku Yamahata --- arch/x86/kvm/vmx/tdx.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 2bddaef495d1..3481c0b6ef2c 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -1952,6 +1952,7 @@ bool tdx_has_emulated_msr(u32 index, bool write) default: return true; } + case MSR_IA32_FEAT_CTL: case MSR_IA32_APICBASE: case MSR_EFER: return !write; @@ -1966,6 +1967,20 @@ bool tdx_has_emulated_msr(u32 index, bool write) int tdx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) { switch (msr->index) { + case MSR_IA32_FEAT_CTL: + /* + * MCE and MCA are advertised via cpuid. guest kernel could + * check if LMCE is enabled or not. + */ + msr->data = FEAT_CTL_LOCKED; + if (vcpu->arch.mcg_cap & MCG_LMCE_P) + msr->data |= FEAT_CTL_LMCE_ENABLED; + return 0; + case MSR_IA32_MCG_EXT_CTL: + if (!msr->host_initiated && !(vcpu->arch.mcg_cap & MCG_LMCE_P)) + return 1; + msr->data = vcpu->arch.mcg_ext_ctl; + return 0; case MSR_MTRRcap: /* * Override kvm_mtrr_get_msr() which hardcodes the value. @@ -1984,6 +1999,11 @@ int tdx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) int tdx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) { switch (msr->index) { + case MSR_IA32_MCG_EXT_CTL: + if (!msr->host_initiated && !(vcpu->arch.mcg_cap & MCG_LMCE_P)) + return 1; + vcpu->arch.mcg_ext_ctl = msr->data; + return 0; case MSR_MTRRdefType: /* * Allow writeback only for all memory. -- 2.25.1