Received: by 2002:ab2:3350:0:b0:1f4:6588:b3a7 with SMTP id o16csp2174705lqe; Tue, 9 Apr 2024 11:34:17 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWcmMn8D6G6hZ61Bt9ZCT6bFGfU+T5lQJBzDKSJthU6Q0i98nvdjeSScdgiu6oDN266Du//OFerHAXG3cMZAid/CKl/DpZ9dIfxUjL4ew== X-Google-Smtp-Source: AGHT+IGDKTu2GSs5tibPhIM4Yi5Mc/BVCKNUpYRFu9nE/+z8BTODMu8sGIQOKMVpFoyngvBR24i+ X-Received: by 2002:a05:6358:5bc3:b0:17b:f464:e14b with SMTP id i3-20020a0563585bc300b0017bf464e14bmr749139rwf.13.1712687656948; Tue, 09 Apr 2024 11:34:16 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712687656; cv=pass; d=google.com; s=arc-20160816; b=kvrP9rO9AZeGbHJzl5AHK/KEY/3INfMADLVfi86EUgSk1H6d02KgrtmIewv/zOZRER ncLpVe1A6LesUDTvz0qqTq5V39nq0+zYYpUbSw1zcX+hITG3UHzg9z93bz21ojmrsdUv Xx0Zn3SuGI7EYdYR3qfCpX0dpH9YGsSg9ERkAox8ovn7qDWHLx+PpjmiJVnFcJoCc2fj FRyzXBgJW4vYb5jLsKH2vK+jCvBRASShfYCDJJweRbdUOj71gZ7hcw3HFU/fsr78xTf6 N2eM53mL5m/HqdIpYgka4j2aSiK7xzszdYKJn6hUvC+6JO5V1KFhvjU5v9HBFb1MPTLU pXsw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=MwCAr5oERgCAygzh4PsTFITQ5LY0EdUm9q+Bg4A6LBc=; fh=SV4k4E7VHWDBSPrJ3W8ne67pWOrttRqCemGZTXYl9bE=; b=gOZu1McCckulbRsST26Mh96m9vojUenOPq+xia+0zz5XDb5aNJUb1+4AXuBihKFBbo F1xDitdtuTO54paTrfZY36KfqL2LoVDeQJ1EuLMqjLwj44PR/n8hmXJGySUDvriBN6FC EI6N9MSS2UwHRfEu8WYQi6M8l8IEhRpsBSoOjkbPh4Bzc+DBvox7rnJeqHxcY3ZIdiN/ wPrP7HkloprcOmktk+Et+AqzR4RR3ciXCVXio/bCha1n59AsXq19TnN9SF7KdPNZUJw+ bsnZBQQ3V0O3QtQUQhaYRJ8Fiz4axuBS88Qx1draE+2wb/CqWYj8gXJ+nG4adFnq2XuQ zJYg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=OtaEz9bN; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-137220-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-137220-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id m197-20020a633fce000000b005dba8009eb2si8917145pga.724.2024.04.09.11.34.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 11:34:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-137220-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=OtaEz9bN; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-137220-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-137220-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id E718C28C433 for ; Tue, 9 Apr 2024 15:29:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id EC1C81304BD; Tue, 9 Apr 2024 15:26:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="OtaEz9bN" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3656813D608 for ; Tue, 9 Apr 2024 15:26:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712676377; cv=none; b=q8iEJR0hBlwjrNIpNwSPStb6wPY/nB7KECGhnScvY5bGOjJ6C4gib/3AmYp8Y9LSbxwT+TNdYyLgYNjuDP8kVDFDPaST/M8OWr8aWn+oJmwVczrjuLnCNjP0HLAluGK7raSMng9wxAbU9IXMZRFy7xNnoI0cryBulwcI1RBSRPM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712676377; c=relaxed/simple; bh=jzHlRPxbj4n++6c1Y7jC5HhgzBvQwRs0eWR4xEuQY1c=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=dGsyKcdRawNs1XUMRjVSbzsXQ6IbEwtA3noVuHs4SAXY4iTZ71sxgebeynswqbBd/tjVXDJjC+inmkMSP/eejjJSTm/yLZ5U431OSwMuMjEjzdf7xK3K8vansJ0LEmK4PAIBAV3yjh7d4pyeKWhyr1ZHvKPoyswCxd0T4ztFEhY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=OtaEz9bN; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1712676375; x=1744212375; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=jzHlRPxbj4n++6c1Y7jC5HhgzBvQwRs0eWR4xEuQY1c=; b=OtaEz9bNUAdHKC5UQLFN/gpBB9Rz83X4wbn6ooLvSz0Nfi2o62xkOjjK yuCUcq6k7cDBikWbXtRnmc3NyG9ObxqQsnPqW3p8V+xa7vUpqaLkHIIXq 0eT1CUeQHuZqUopWHZVwyw6A996W21WJFDcNVNg3FLcOlsopebJkAUieC lpFIItakFE3kYPjV+97lyuvr06nsmJPgJfC0bxmIYSnuEmV1OdiiMFmE7 KL+5iYmCvIgOFgc2MevPJRy6uUlNBIMDc/jpsF7yeDJWPjEP5kwfx1xhB Ox04Fhko+KT9v02j4yWRE1YOeWUCnpYkTzItje+oP/9OtewQInB+wvT4b g==; X-CSE-ConnectionGUID: 2fo4+wKvQYSPaw19WkR9Rw== X-CSE-MsgGUID: 6Vp2/dwtTleKiwyVM8+96A== X-IronPort-AV: E=McAfee;i="6600,9927,11039"; a="8119654" X-IronPort-AV: E=Sophos;i="6.07,189,1708416000"; d="scan'208";a="8119654" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Apr 2024 08:26:11 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,11039"; a="937093549" X-IronPort-AV: E=Sophos;i="6.07,189,1708416000"; d="scan'208";a="937093549" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga001.fm.intel.com with ESMTP; 09 Apr 2024 08:26:06 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id BBE70279; Tue, 9 Apr 2024 18:26:05 +0300 (EEST) Date: Tue, 9 Apr 2024 18:26:05 +0300 From: "Kirill A. Shutemov" To: Sean Christopherson Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "Rafael J. Wysocki" , Peter Zijlstra , Adrian Hunter , Kuppuswamy Sathyanarayanan , Elena Reshetova , Jun Nakajima , Rick Edgecombe , Tom Lendacky , Ashish Kalra , Kai Huang , Baoquan He , kexec@lists.infradead.org, linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [PATCHv10 05/18] x86/kexec: Keep CR4.MCE set during kexec for TDX guest Message-ID: <3q6jv3g4tezybmd667mqxio7ty22akxv7okrznmzx3tju2u4qo@2alzjkbgm2lh> References: <20240409113010.465412-1-kirill.shutemov@linux.intel.com> <20240409113010.465412-6-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Tue, Apr 09, 2024 at 07:22:24AM -0700, Sean Christopherson wrote: > On Tue, Apr 09, 2024, Kirill A. Shutemov wrote: > > Depending on setup, TDX guests might be allowed to clear CR4.MCE. > > Attempt to clear it leads to #VE. > > > > Use alternatives to keep the flag during kexec for TDX guests. > > > > The change doesn't affect non-TDX-guest environments. > > > > Signed-off-by: Kirill A. Shutemov > > --- > > arch/x86/kernel/relocate_kernel_64.S | 8 ++++++++ > > 1 file changed, 8 insertions(+) > > > > diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S > > index 56cab1bb25f5..8e2037d78a1f 100644 > > --- a/arch/x86/kernel/relocate_kernel_64.S > > +++ b/arch/x86/kernel/relocate_kernel_64.S > > @@ -5,6 +5,8 @@ > > */ > > > > #include > > +#include > > +#include > > #include > > #include > > #include > > @@ -145,11 +147,17 @@ SYM_CODE_START_LOCAL_NOALIGN(identity_mapped) > > * Set cr4 to a known state: > > * - physical address extension enabled > > * - 5-level paging, if it was enabled before > > + * - Machine check exception on TDX guest, if it was enabled before. > > + * Clearing MCE might not allowed in TDX guests, depending on setup. > > */ > > movl $X86_CR4_PAE, %eax > > testq $X86_CR4_LA57, %r13 > > jz 1f > > orl $X86_CR4_LA57, %eax > > +1: > > + testq $X86_CR4_MCE, %r13 > > + jz 1f > > + ALTERNATIVE "", __stringify(orl $X86_CR4_MCE, %eax), X86_FEATURE_TDX_GUEST > > The TEST+Jcc+OR sequences are rather odd, and require way more instructions and > thus way more copy+paste than is necessary. > > movl $X86_CR4_LA57, %eax > ALTERNATIVE "", __stringify(orl $X86_CR4_MCE, %eax), X86_FEATURE_TDX_GUEST > andl %r13d, %eax > orl $X86_CR4_PAE, %eax > movq %rax, %cr4 > > Then preserving new bits unconditionally only requires adding the flag to the > initial move, and feature-dependent bits only need a single ALTERNATIVE line. Thanks! It is much better. > And there's no branches, blazing fast kexec! ;-) kexec/sec STONKS! :D Updated patch is below. From 6be428e3b1c6fb494b2c48ba6a7c133514a0b2b4 Mon Sep 17 00:00:00 2001 From: "Kirill A. Shutemov" Date: Fri, 10 Feb 2023 12:53:11 +0300 Subject: [PATCHv10.1 05/18] x86/kexec: Keep CR4.MCE set during kexec for TDX guest Depending on setup, TDX guests might be allowed to clear CR4.MCE. Attempt to clear it leads to #VE. Use alternatives to keep the flag during kexec for TDX guests. The change doesn't affect non-TDX-guest environments. Signed-off-by: Kirill A. Shutemov --- arch/x86/kernel/relocate_kernel_64.S | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S index 56cab1bb25f5..90246d544eb1 100644 --- a/arch/x86/kernel/relocate_kernel_64.S +++ b/arch/x86/kernel/relocate_kernel_64.S @@ -5,6 +5,8 @@ */ #include +#include +#include #include #include #include @@ -143,14 +145,15 @@ SYM_CODE_START_LOCAL_NOALIGN(identity_mapped) /* * Set cr4 to a known state: - * - physical address extension enabled * - 5-level paging, if it was enabled before + * - Machine check exception on TDX guest, if it was enabled before. + * Clearing MCE might not allowed in TDX guests, depending on setup. + * - physical address extension enabled */ - movl $X86_CR4_PAE, %eax - testq $X86_CR4_LA57, %r13 - jz 1f - orl $X86_CR4_LA57, %eax -1: + movl $X86_CR4_LA57, %eax + ALTERNATIVE "", __stringify(orl $X86_CR4_MCE, %eax), X86_FEATURE_TDX_GUEST + andl %r13d, %eax + orl $X86_CR4_PAE, %eax movq %rax, %cr4 jmp 1f -- Kiryl Shutsemau / Kirill A. Shutemov