Commit 4a530993 authored by Paolo Bonzini's avatar Paolo Bonzini
Browse files

Merge tag 'kvm-x86-vmxon-7.1' of https://github.com/kvm-x86/linux into HEAD 

KVM x86 VMXON and EFER.SVME extraction for 7.1

Move _only_ VMXON+VMXOFF and EFER.SVME toggling out of KVM (versus all of VMX
and SVM enabling) out of KVM and into the core kernel so that non-KVM TDX
enabling, e.g. for trusted I/O, can make SEAMCALLs without needing to ensure
KVM is fully loaded.

TIO isn't a hypervisor, and isn't trying to be a hypervisor. Specifically, TIO
should _never_ have it's own VMCSes (that are visible to the host; the
TDX-Module has it's own VMCSes to do SEAMCALL/SEAMRET), and so there is simply
no reason to move that functionality out of KVM.

With that out of the way, dealing with VMXON/VMXOFF and EFER.SVME is a fairly
simple refcounting game.
parents ea8bc95f e30aa03d

Documentation/arch/x86/tdx.rst

+5 −31
Original line number Diff line number Diff line
@@ -60,44 +60,18 @@ Besides initializing the TDX module, a per-cpu initialization SEAMCALL 
must be done on one cpu before any other SEAMCALLs can be made on that

cpu.



The kernel provides two functions, tdx_enable() and tdx_cpu_enable() to

allow the user of TDX to enable the TDX module and enable TDX on local

cpu respectively.



Making SEAMCALL requires VMXON has been done on that CPU.  Currently only

KVM implements VMXON.  For now both tdx_enable() and tdx_cpu_enable()

don't do VMXON internally (not trivial), but depends on the caller to

guarantee that.



To enable TDX, the caller of TDX should: 1) temporarily disable CPU

hotplug; 2) do VMXON and tdx_enable_cpu() on all online cpus; 3) call

tdx_enable().  For example::



        cpus_read_lock();

        on_each_cpu(vmxon_and_tdx_cpu_enable());

        ret = tdx_enable();

        cpus_read_unlock();

        if (ret)

                goto no_tdx;

        // TDX is ready to use



And the caller of TDX must guarantee the tdx_cpu_enable() has been

successfully done on any cpu before it wants to run any other SEAMCALL.

A typical usage is do both VMXON and tdx_cpu_enable() in CPU hotplug

online callback, and refuse to online if tdx_cpu_enable() fails.



User can consult dmesg to see whether the TDX module has been initialized.



If the TDX module is initialized successfully, dmesg shows something

like below::



  [..] virt/tdx: 262668 KBs allocated for PAMT

  [..] virt/tdx: module initialized

  [..] virt/tdx: TDX-Module initialized



If the TDX module failed to initialize, dmesg also shows it failed to

initialize::



  [..] virt/tdx: module initialization failed ...

  [..] virt/tdx: TDX-Module initialization failed ...



TDX Interaction to Other Kernel Components

------------------------------------------
@@ -129,9 +103,9 @@ CPU Hotplug 
~~~~~~~~~~~



TDX module requires the per-cpu initialization SEAMCALL must be done on

one cpu before any other SEAMCALLs can be made on that cpu.  The kernel

provides tdx_cpu_enable() to let the user of TDX to do it when the user

wants to use a new cpu for TDX task.

one cpu before any other SEAMCALLs can be made on that cpu.  The kernel,

via the CPU hotplug framework, performs the necessary initialization when

a CPU is first brought online.



TDX doesn't support physical (ACPI) CPU hotplug.  During machine boot,

TDX verifies all boot-time present logical CPUs are TDX compatible before

arch/x86/events/intel/pt.c

+0 −1
Original line number Diff line number Diff line
@@ -1591,7 +1591,6 @@ void intel_pt_handle_vmx(int on) 


	local_irq_restore(flags);

}

EXPORT_SYMBOL_FOR_KVM(intel_pt_handle_vmx);



/*

 * PMU callbacks

arch/x86/include/asm/kvm_host.h

+2 −1
Original line number Diff line number Diff line
@@ -40,7 +40,8 @@ 
#include <asm/irq_remapping.h>

#include <asm/kvm_page_track.h>

#include <asm/kvm_vcpu_regs.h>

#include <asm/reboot.h>

#include <asm/virt.h>



#include <hyperv/hvhdk.h>



#define __KVM_HAVE_ARCH_VCPU_DEBUGFS

arch/x86/include/asm/reboot.h

+0 −11
Original line number Diff line number Diff line
@@ -25,17 +25,6 @@ void __noreturn machine_real_restart(unsigned int type); 
#define MRR_BIOS	0

#define MRR_APM		1



typedef void (cpu_emergency_virt_cb)(void);

#if IS_ENABLED(CONFIG_KVM_X86)

void cpu_emergency_register_virt_callback(cpu_emergency_virt_cb *callback);

void cpu_emergency_unregister_virt_callback(cpu_emergency_virt_cb *callback);

void cpu_emergency_disable_virtualization(void);

#else

static inline void cpu_emergency_register_virt_callback(cpu_emergency_virt_cb *callback) {}

static inline void cpu_emergency_unregister_virt_callback(cpu_emergency_virt_cb *callback) {}

static inline void cpu_emergency_disable_virtualization(void) {}

#endif /* CONFIG_KVM_X86 */



typedef void (*nmi_shootdown_cb)(int, struct pt_regs*);

void nmi_shootdown_cpus(nmi_shootdown_cb callback);

void run_crash_ipi_callback(struct pt_regs *regs);

arch/x86/include/asm/tdx.h

+0 −4
Original line number Diff line number Diff line
@@ -145,8 +145,6 @@ static __always_inline u64 sc_retry(sc_func_t func, u64 fn, 
#define seamcall(_fn, _args)		sc_retry(__seamcall, (_fn), (_args))

#define seamcall_ret(_fn, _args)	sc_retry(__seamcall_ret, (_fn), (_args))

#define seamcall_saved_ret(_fn, _args)	sc_retry(__seamcall_saved_ret, (_fn), (_args))

int tdx_cpu_enable(void);

int tdx_enable(void);

const char *tdx_dump_mce_info(struct mce *m);

const struct tdx_sys_info *tdx_get_sysinfo(void);
@@ -223,8 +221,6 @@ u64 tdh_phymem_page_wbinvd_tdr(struct tdx_td *td); 
u64 tdh_phymem_page_wbinvd_hkid(u64 hkid, struct page *page);

#else

static inline void tdx_init(void) { }

static inline int tdx_cpu_enable(void) { return -ENODEV; }

static inline int tdx_enable(void)  { return -ENODEV; }

static inline u32 tdx_get_nr_guest_keyids(void) { return 0; }

static inline const char *tdx_dump_mce_info(struct mce *m) { return NULL; }

static inline const struct tdx_sys_info *tdx_get_sysinfo(void) { return NULL; }