Re: [PATCH v12 20/22] x86/virt/tdx: Allow SEAMCALL to handle #UD and #GP

"Huang, Kai" <kai.huang@xxxxxxxxx> · Thu, 29 Jun 2023 10:00:11 +0000

On Wed, 2023-06-28 at 17:29 +0200, Peter Zijlstra wrote:
> On Tue, Jun 27, 2023 at 02:12:50AM +1200, Kai Huang wrote:
> > diff --git a/arch/x86/virt/vmx/tdx/tdxcall.S b/arch/x86/virt/vmx/tdx/tdxcall.S
> > index 49a54356ae99..757b0c34be10 100644
> > --- a/arch/x86/virt/vmx/tdx/tdxcall.S
> > +++ b/arch/x86/virt/vmx/tdx/tdxcall.S
> > @@ -1,6 +1,7 @@
> >  /* SPDX-License-Identifier: GPL-2.0 */
> >  #include <asm/asm-offsets.h>
> >  #include <asm/tdx.h>
> > +#include <asm/asm.h>
> >  
> >  /*
> >   * TDCALL and SEAMCALL are supported in Binutils >= 2.36.
> > @@ -45,6 +46,7 @@
> >  	/* Leave input param 2 in RDX */
> >  
> >  	.if \host
> > +1:
> >  	seamcall
> 
> So what registers are actually clobbered by SEAMCALL ? There's a
> distinct lack of it in SDM Vol.2 instruction list :-(
> 
> >  	/*
> >  	 * SEAMCALL instruction is essentially a VMExit from VMX root
> > @@ -57,10 +59,23 @@
> >  	 * This value will never be used as actual SEAMCALL error code as
> >  	 * it is from the Reserved status code class.
> >  	 */
> > -	jnc .Lno_vmfailinvalid
> > +	jnc .Lseamcall_out
> >  	mov $TDX_SEAMCALL_VMFAILINVALID, %rax
> > -.Lno_vmfailinvalid:
> > +	jmp .Lseamcall_out
> > +2:
> > +	/*
> > +	 * SEAMCALL caused #GP or #UD.  By reaching here %eax contains
> > +	 * the trap number.  Convert the trap number to the TDX error
> > +	 * code by setting TDX_SW_ERROR to the high 32-bits of %rax.
> > +	 *
> > +	 * Note cannot OR TDX_SW_ERROR directly to %rax as OR instruction
> > +	 * only accepts 32-bit immediate at most.
> > +	 */
> > +	mov $TDX_SW_ERROR, %r12
> > +	orq %r12, %rax
> >  
> > +	_ASM_EXTABLE_FAULT(1b, 2b)
> > +.Lseamcall_out:
> 
> This is all pretty atrocious code flow... would it at all be possible to
> write it like:
> 
> SYM_FUNC_START(...)
> 
> .if \host
> 1:	seamcall
> 	cmovc	%spare, %rax

Looks using cmovc can remove the using of one additional label.

I guess it can be done in a separate patch.

> 2:
> .else
> 	tdcall
> .endif
> 
> 	.....
> 	RET
> 
> 
> 3:
> 	mov $TDX_SW_ERROR, %r12
> 	orq %r12, %rax
> 	jmp 2b
> 
> 	_ASM_EXTABLE_FAULT(1b, 3b)
> 
> SYM_FUNC_END()
> 
> That is, having all that inline in the hotpath is quite horrific.
> 

The __tdx_module_call() and __seamcall() both has a "RET" at the end of this
macro:

SYM_FUNC_START(__tdx_module_call)       
        FRAME_BEGIN
        TDX_MODULE_CALL host=0
        FRAME_END
        RET                                                       
SYM_FUNC_END(__tdx_module_call)       

In this case, I think we need to remove the "RET" there.

I didn't think I would modify __tdx_module_call() and __seamcall() in this
patch.