Received: by 2002:ab2:69cc:0:b0:1f4:be93:e15a with SMTP id n12csp151545lqp; Fri, 12 Apr 2024 13:17:35 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVk6zywaTAdrlKhw7n3A8ONG//6o58p8D6dUMkeJyqPuSQFR0P8TyXmRnpJmhaZJwDBGs+WfApVPh94XB70D1NmBWGOeKp0mUwIQP3vlA== X-Google-Smtp-Source: AGHT+IFomDh3QRCejjMYQvZ+UPxNAvrYoj0m3N6cqIW3e1+z1VJypdS2/E221SCo6uIuAQILFKqn X-Received: by 2002:a50:d5d4:0:b0:56e:2a7d:827c with SMTP id g20-20020a50d5d4000000b0056e2a7d827cmr2399943edj.18.1712953055353; Fri, 12 Apr 2024 13:17:35 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712953055; cv=pass; d=google.com; s=arc-20160816; b=WcxZBMEaBUkmhe2aJaCT+wqfF7mVIqVz2RmtVhCrd/87QO64uuHSN9mTWuC+X9TK+Y x6wCCIeMt0LPNBB9kkSEAX9w+OitHv50OPtR+dQ6rzi6LcNfF5SwexCU7pyP3C8RK79d eQXnUJNbkPzB3XvIjWMl9hpaCtdm94tJKhehUNxDxhleSK3wWB7RDHDDc2peiMkHfaKQ yB9ydUIZpwIQOY1tRVERiaMICM0XlsfjyI9Hh3jl/PlB9mKE6Ev5rwbNcHXuCYDqCDSf e138SBSBSg0GiVdNWtjH1eBFJx0AjAiYJFMM5HHXuxLbFUEUr098wVtOXiYKkxgpfaF0 ohsQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=Qp1xLKNkhKprru4seXbvquffcmmtXcAj0qPDHdqyhBw=; fh=P/quV/w7uXmndbL78FtEpLTNkJRPx4LJS51PzREvtL8=; b=YywG0QIsi6T7cP9wBTtdTOcEkungVAiv0yBDINq689CjcKHwjNKIawzHzjlAw9JHVn XKI/oLNPeP0OdK90EJy5CwfNk4BezP/C0LXKU19G3xMb2jiX6nO4mUoULn+1krGTFjLY wUZbyj2tXrASZlPrMVoSk0mzEiraEh+mp5SwZzofzVHcvu/tenVd7IaF/TZaezW4xeeR zF0VY8/59bY/LYcOoOKJ1H+n8rILWthLrEH6mkA4sI61vnKpqQ4esxLWkQ4d6KZApoam yGsR7lpSbZc39OeFu9CP6EwwXFhDOVm6UrR1MZXygA6JrNUur7hmcKNU9Bbo3TrTIpXP qbmg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=CjfvI559; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-143293-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-143293-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id r16-20020a50aad0000000b0056c26034b0asi1917570edc.143.2024.04.12.13.17.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 Apr 2024 13:17:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-143293-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=CjfvI559; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-143293-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-143293-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 816561F26035 for ; Fri, 12 Apr 2024 20:17:14 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 14F411514CB; Fri, 12 Apr 2024 20:17:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="CjfvI559" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 558CC1509B9; Fri, 12 Apr 2024 20:17:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.12 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712953026; cv=none; b=B/jPGzDVFRWGY2Jv4rjId4u3NhL0GDFEwcME+UyReaeV5DfNJGgJyqsuYHQ8efswremzHPNOQ+48H1c9nl4C0uRm6F5kKmc5ljN0ifDf4bPBCyXj4aHzuwVUWq6gLTUbMx+fHBwLe+mPNEnCO29oMfQifs00iV9f83gxAoEia9E= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712953026; c=relaxed/simple; bh=gRtk42mEkPYRS2+FeeJPBc/53CUWk0nWuXvrBo/KmZ0=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=rxmGus+ZAjyk0ik0El2BjlWMnR8OP+5dEcgYH6SyOH2Yhh/QZUEid8j3t9v452bqyUhTdco4ZXydQdfcxSiei1oOGNj57uQY9DKtIpOcpG5jcBVSMlVyhbjvKR2roWGewMf8PWfQid6EFior1F1UQGH7l6WlwzmMAqAGKsqi3AY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=CjfvI559; arc=none smtp.client-ip=192.198.163.12 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1712953024; x=1744489024; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=gRtk42mEkPYRS2+FeeJPBc/53CUWk0nWuXvrBo/KmZ0=; b=CjfvI559GqmLFlL9HNOtOsuDFAdbIb7hjRUGa/HIM2yWwwNdX/eCYd0H aionN7ATW5fIRjuNu7vfcfYW1MEqfB/ec3pIKpFmCiv0eUxzoGQNN+SXC b+4FhjimEpYWfd2W6SOEbtwyMV1CJQQu5Yp62zTLaF+uwEVJHWdu4vh7B Km/GME07iALZROEYxPKW/BHvy7lSN9SBPoNalfJgub1r4hkWpuppGNlgY UsQyhaqT+8wQx13dln4SVFJNQgn//AIrLeVDql5hBAnXdUeEXsvDD+RMV /kpAu+Whkp6OTUONstgpUb/co8FmT+lwX4ZNLDEit0uaEzu9dPvJRXjWC A==; X-CSE-ConnectionGUID: S1T4jC7iTsuyCCPRfb6llQ== X-CSE-MsgGUID: b4XPtzCETC65Of/R6bJ2WQ== X-IronPort-AV: E=McAfee;i="6600,9927,11042"; a="12208032" X-IronPort-AV: E=Sophos;i="6.07,197,1708416000"; d="scan'208";a="12208032" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Apr 2024 13:17:03 -0700 X-CSE-ConnectionGUID: gxXJc0U9Rw+Z4cl435oOXw== X-CSE-MsgGUID: p6NoYQyWRMGsXb7kmO5RPw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,197,1708416000"; d="scan'208";a="25982451" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31]) by fmviesa004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Apr 2024 13:17:04 -0700 Date: Fri, 12 Apr 2024 13:17:02 -0700 From: Isaku Yamahata To: Binbin Wu Cc: isaku.yamahata@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , Kai Huang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com, isaku.yamahata@linux.intel.com Subject: Re: [PATCH v19 079/130] KVM: TDX: vcpu_run: save/restore host state(host kernel gs) Message-ID: <20240412201702.GJ3039520@ls.amr.corp.intel.com> References: <4a766983346b2c01e943348af3c5ca6691e272f9.1708933498.git.isaku.yamahata@intel.com> <8132ddff-16f3-482f-b08b-a73aa8eddbbc@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <8132ddff-16f3-482f-b08b-a73aa8eddbbc@linux.intel.com> On Sun, Apr 07, 2024 at 11:02:52AM +0800, Binbin Wu wrote: > > diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c > > index d72651ce99ac..8275a242ce07 100644 > > --- a/arch/x86/kvm/vmx/main.c > > +++ b/arch/x86/kvm/vmx/main.c > > @@ -158,6 +158,32 @@ static void vt_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) > > vmx_vcpu_reset(vcpu, init_event); > > } > > +static void vt_prepare_switch_to_guest(struct kvm_vcpu *vcpu) > > +{ > > + /* > > + * All host state is saved/restored across SEAMCALL/SEAMRET, > > It sounds confusing to me. > If all host states are saved/restored across SEAMCALL/SEAMRET, why this > patch saves/restores MSR_KERNEL_GS_BASE for host? > No. Probably we should update the comment. Something like restored => restored or initialized to reset state. Except conditionally saved/restored MSRs (e.g., perfrmon, debugreg), IA32_START, IA32_LSTART, MSR_SYSCALL_MASK, IA32_TSC_AUX and TA32_KERNEL_GS_BASE are reset to initial state. uret handles the first four. The kernel_gs_base needs to be restored on TDExit. > > and the > > + * guest state of a TD is obviously off limits. Deferring MSRs and DRs > > + * is pointless because the TDX module needs to load *something* so as > > + * not to expose guest state. > > + */ > > + if (is_td_vcpu(vcpu)) { > > + tdx_prepare_switch_to_guest(vcpu); > > + return; > > + } > > + > > + vmx_prepare_switch_to_guest(vcpu); > > +} > > + > > +static void vt_vcpu_put(struct kvm_vcpu *vcpu) > > +{ > > + if (is_td_vcpu(vcpu)) { > > + tdx_vcpu_put(vcpu); > > + return; > > + } > > + > > + vmx_vcpu_put(vcpu); > > +} > > + > > static int vt_vcpu_pre_run(struct kvm_vcpu *vcpu) > > { > > if (is_td_vcpu(vcpu)) > > @@ -326,9 +352,9 @@ struct kvm_x86_ops vt_x86_ops __initdata = { > > .vcpu_free = vt_vcpu_free, > > .vcpu_reset = vt_vcpu_reset, > > - .prepare_switch_to_guest = vmx_prepare_switch_to_guest, > > + .prepare_switch_to_guest = vt_prepare_switch_to_guest, > > .vcpu_load = vmx_vcpu_load, > > - .vcpu_put = vmx_vcpu_put, > > + .vcpu_put = vt_vcpu_put, > > .update_exception_bitmap = vmx_update_exception_bitmap, > > .get_msr_feature = vmx_get_msr_feature, > > diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c > > index fdf9196cb592..9616b1aab6ce 100644 > > --- a/arch/x86/kvm/vmx/tdx.c > > +++ b/arch/x86/kvm/vmx/tdx.c > > @@ -1,5 +1,6 @@ > > // SPDX-License-Identifier: GPL-2.0 > > #include > > +#include > > #include > > @@ -423,6 +424,7 @@ u8 tdx_get_mt_mask(struct kvm_vcpu *vcpu, gfn_t gfn, bool is_mmio) > > int tdx_vcpu_create(struct kvm_vcpu *vcpu) > > { > > struct kvm_tdx *kvm_tdx = to_kvm_tdx(vcpu->kvm); > > + struct vcpu_tdx *tdx = to_tdx(vcpu); > > WARN_ON_ONCE(vcpu->arch.cpuid_entries); > > WARN_ON_ONCE(vcpu->arch.cpuid_nent); > > @@ -446,9 +448,47 @@ int tdx_vcpu_create(struct kvm_vcpu *vcpu) > > if ((kvm_tdx->xfam & XFEATURE_MASK_XTILE) == XFEATURE_MASK_XTILE) > > vcpu->arch.xfd_no_write_intercept = true; > > + tdx->host_state_need_save = true; > > + tdx->host_state_need_restore = false; > > + > > return 0; > > } > > +void tdx_prepare_switch_to_guest(struct kvm_vcpu *vcpu) > > Just like vmx_prepare_switch_to_host(), the input can be "struct vcpu_tdx > *", since vcpu is not used inside the function. > And the callsites just use "to_tdx(vcpu)" > > > +{ > > + struct vcpu_tdx *tdx = to_tdx(vcpu); > Then, this can be dropped. prepare_switch_to_guest() is used for kvm_x86_ops.prepare_switch_to_guest(). kvm_x86_ops consistently takes struct kvm_vcpu. -- Isaku Yamahata