Re: [RFC PATCH v5 015/104] KVM: TDX: add a helper function for KVM to issue SEAMCALL

Paolo Bonzini <pbonzini@xxxxxxxxxx> · Sun, 13 Mar 2022 15:11:44 +0100

On 3/4/22 20:48, isaku.yamahata@xxxxxxxxx wrote:
From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>

TODO: Consolidate seamcall helper function with TDX host/guest patch series.
For now, this is kept to make this patch series compile/work.

A VMM interacts with the TDX module using a new instruction (SEAMCALL).  A
TDX VMM uses SEAMCALLs where a VMX VMM would have directly interacted with
VMX instructions.  For instance, a TDX VMM does not have full access to the
VM control structure corresponding to VMX VMCS.  Instead, a VMM induces the
TDX module to act on behalf via SEAMCALLs.

Add a helper function for KVM C code to execute SEAMCALL instruction to
hide its SEAMCALL ABI details.  Although the x86 TDX host patch series
defines a similar wrapper, the KVM TDX patch series defines its own because
KVM TDX case is performance-critical, unlike the x86 TDX one that does
one-time initialization.  The difference is that the KVM TDX one is defined
as a static inline function without an error check that is known to not
happen so that compiler can optimize it better.  The wrapper fiction in the
x86 TDX host patch is defined as a function written in assembly code with
error check so that it can detect errors that can occur only during the
initialization.

I assume whatever survives of this patch will be merged in the previous one.

Paolo

Co-developed-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
Signed-off-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
Signed-off-by: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
---
  arch/x86/kvm/vmx/seamcall.h | 23 +++++++++++++++++++++++
  1 file changed, 23 insertions(+)
  create mode 100644 arch/x86/kvm/vmx/seamcall.h

diff --git a/arch/x86/kvm/vmx/seamcall.h b/arch/x86/kvm/vmx/seamcall.h
new file mode 100644
index 000000000000..604792e9a59f
--- /dev/null
+++ b/arch/x86/kvm/vmx/seamcall.h
@@ -0,0 +1,23 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __KVM_VMX_SEAMCALL_H
+#define __KVM_VMX_SEAMCALL_H
+
+#ifdef CONFIG_INTEL_TDX_HOST
+
+#ifdef __ASSEMBLY__
+
+.macro seamcall
+	.byte 0x66, 0x0f, 0x01, 0xcf
+.endm
+
+#else
+
+struct tdx_module_output;
+u64 kvm_seamcall(u64 op, u64 rcx, u64 rdx, u64 r8, u64 r9, u64 r10,
+		struct tdx_module_output *out);
+
+#endif /* !__ASSEMBLY__ */
+
+#endif	/* CONFIG_INTEL_TDX_HOST */
+
+#endif /* __KVM_VMX_SEAMCALL_H */







