From nobody Sun Feb 8 04:28:11 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 961D81E9B07 for ; Thu, 20 Feb 2025 21:16:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740086196; cv=none; b=P84L+SbY+9IH++b7Xp96SBNkN0jTJnccR+lTWsij3qXdZ1/CmTrNP3439DGoEsGOJNKmfHpN45dJbUtBY4TDgF55UVfEsx9563ASbQLw3yeAkPZu0+fuqds020qaefZN+43vErXj/l/IfVrfjx3Q1WEgSCPhyGcrNGJxc4dx48U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740086196; c=relaxed/simple; bh=j64/0D+IOGaTxz7ldob5ClxxcvWyfLbFUvwD5VjZvRI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=VUq3Z3XiuqkH3rIY2TJ+o83L86WrFCIKXCD4NhRH0/PIlc35CZt/WJAU5wBec9pXZMQNPZVeam2LPlWo/lu4JcHRaNePWkJNKsCtlmlotqff5jXo8lCaQVRC+uC0pVCputTZvrhNjfqeyNsuSX6yEA7zRTt9fHE7Q0YB4RR/5oQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--vannapurve.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=jnloCafY; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--vannapurve.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="jnloCafY" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2fc5888c192so2763830a91.0 for ; Thu, 20 Feb 2025 13:16:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1740086194; x=1740690994; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=jucUA/JQ/T9NlUFyZCz7f9ZdCRPjESGeAo7rjRd6P8s=; b=jnloCafYDdCfLDWC14/SDI25wsK91VnpZebj+NBtONJHDfm6HTZiNcNvxT465AZ+Qr h4rPUHxgIwFU+96PI11DQK+OJl2lucUaXCgAV/DmHGCY+yXR5xaxEcSVxBKPISv8eu8B NQDcdvEq/Q47TnNXkwl8/zgxzv46Xv5tjaw1lnmgsn4HbkUXtToH+J3RxzyGw9XSbOSj vshFkSEKvC5ccC3lrEc2YL/rPbSyAJhCjl2ygUr9cpz2tJJBX3dVagzUm088v8TWjKqB YuHJu4eWK2k1QOly3MkBDisKVlgLkf7iQXanOTFk7sUZjl3tsu7weK5HzlvqQQClO5ML G7AA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740086194; x=1740690994; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=jucUA/JQ/T9NlUFyZCz7f9ZdCRPjESGeAo7rjRd6P8s=; b=uhjlpELKrYZwS1Kid8HHuL5GtnKRu9FACl7RixpuQDbcEu+vCSiumWSDIZod9jC8FR XghQMV2XPEaaRjVlh5D6mpKh3Rw2r/6z5fhmLUqlt6iwG8cc2vmgh+8tlSqO+Pf1o4Qg l5ToybExUXoAfyMtcULTfBU0AmVj0pj17ohsq2mLQL2koGHqJAs0nIdPZoazJtsUTZpW RVjweqrdtsVCPtwix07m6+deYXIsxebj0i8taWeVVM9vGZCbFuReA3ndCxtY8shlHCNp A8SPTimwFW5mfz7hKyqIEGtRJCvUlvhVNNPnZ8eWDxHEvLhITopMYxumvEh7cZAhsRcU JlKA== X-Forwarded-Encrypted: i=1; AJvYcCXn/FQqgLAck/4LTIQQK+stRPAkZlrWU45hQLfHrDnyMRESoh1o6j/g+trsjFgBQCJNSjPKJ/hGQ9QxcQ4=@vger.kernel.org X-Gm-Message-State: AOJu0YzGKyrujviR+tPvN8HvPB/x5weuUUFkSWBXL+Y1uw51b+YcvrW1 eCnnGe4nHWiGBkqGQ9D4feS7EAjWnmNGzQtcPFPRyLkQo0ovKwL/xz8BFLUMNgDBUxGNTJSfUv7 xWsflH9ITmIPQLOlwAQ== X-Google-Smtp-Source: AGHT+IHh3x3EGS74NK++hfT4v9NtijBoByW8UYHF5iGLBomtROq0LcUnyfxIslhZqBj2B6aLVfi3E50UL6QRSyPs X-Received: from pjz8.prod.google.com ([2002:a17:90b:56c8:b0:2fc:c98:ea47]) (user=vannapurve job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3904:b0:2ee:c918:cd60 with SMTP id 98e67ed59e1d1-2fce78cda3fmr1090173a91.20.1740086194135; Thu, 20 Feb 2025 13:16:34 -0800 (PST) Date: Thu, 20 Feb 2025 21:16:25 +0000 In-Reply-To: <20250220211628.1832258-1-vannapurve@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250220211628.1832258-1-vannapurve@google.com> X-Mailer: git-send-email 2.48.1.601.g30ceb7b040-goog Message-ID: <20250220211628.1832258-2-vannapurve@google.com> Subject: [PATCH V5 1/4] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT From: Vishal Annapurve To: x86@kernel.org, linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, virtualization@lists.linux.dev Cc: pbonzini@redhat.com, seanjc@google.com, erdemaktas@google.com, ackerleytng@google.com, jxgao@google.com, sagis@google.com, oupton@google.com, pgonda@google.com, kirill@shutemov.name, dave.hansen@linux.intel.com, chao.p.peng@linux.intel.com, isaku.yamahata@gmail.com, sathyanarayanan.kuppuswamy@linux.intel.com, jgross@suse.com, ajay.kaher@broadcom.com, alexey.amakhalov@broadcom.com, "Kirill A. Shutemov" , stable@vger.kernel.org, Andi Kleen , Tony Luck , Vishal Annapurve Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Kirill A. Shutemov" CONFIG_PARAVIRT_XXL is mainly defined/used by XEN PV guests. For other VM guest types, features supported under CONFIG_PARAVIRT are self sufficient. CONFIG_PARAVIRT mainly provides support for TLB flush operations and time related operations. For TDX guest as well, paravirt calls under CONFIG_PARVIRT meets most of its requirement except the need of HLT and SAFE_HLT paravirt calls, which is currently defined under CONFIG_PARAVIRT_XXL. Since enabling CONFIG_PARAVIRT_XXL is too bloated for TDX guest like platforms, move HLT and SAFE_HLT paravirt calls under CONFIG_PARAVIRT. Moving HLT and SAFE_HLT paravirt calls are not fatal and should not break any functionality for current users of CONFIG_PARAVIRT. Cc: stable@vger.kernel.org Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") Co-developed-by: Kuppuswamy Sathyanarayanan Signed-off-by: Kuppuswamy Sathyanarayanan Signed-off-by: Kirill A. Shutemov Reviewed-by: Andi Kleen Reviewed-by: Tony Luck Signed-off-by: Vishal Annapurve --- arch/x86/include/asm/irqflags.h | 40 +++++++++++++++------------ arch/x86/include/asm/paravirt.h | 20 +++++++------- arch/x86/include/asm/paravirt_types.h | 3 +- arch/x86/kernel/paravirt.c | 14 ++++++---- 4 files changed, 41 insertions(+), 36 deletions(-) diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflag= s.h index cf7fc2b8e3ce..1c2db11a2c3c 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -76,6 +76,28 @@ static __always_inline void native_local_irq_restore(uns= igned long flags) =20 #endif =20 +#ifndef CONFIG_PARAVIRT +#ifndef __ASSEMBLY__ +/* + * Used in the idle loop; sti takes one instruction cycle + * to complete: + */ +static __always_inline void arch_safe_halt(void) +{ + native_safe_halt(); +} + +/* + * Used when interrupts are already enabled or to + * shutdown the processor: + */ +static __always_inline void halt(void) +{ + native_halt(); +} +#endif /* __ASSEMBLY__ */ +#endif /* CONFIG_PARAVIRT */ + #ifdef CONFIG_PARAVIRT_XXL #include #else @@ -97,24 +119,6 @@ static __always_inline void arch_local_irq_enable(void) native_irq_enable(); } =20 -/* - * Used in the idle loop; sti takes one instruction cycle - * to complete: - */ -static __always_inline void arch_safe_halt(void) -{ - native_safe_halt(); -} - -/* - * Used when interrupts are already enabled or to - * shutdown the processor: - */ -static __always_inline void halt(void) -{ - native_halt(); -} - /* * For spinlocks, etc: */ diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravir= t.h index 041aff51eb50..29e7331a0c98 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -107,6 +107,16 @@ static inline void notify_page_enc_status_changed(unsi= gned long pfn, PVOP_VCALL3(mmu.notify_page_enc_status_changed, pfn, npages, enc); } =20 +static __always_inline void arch_safe_halt(void) +{ + PVOP_VCALL0(irq.safe_halt); +} + +static inline void halt(void) +{ + PVOP_VCALL0(irq.halt); +} + #ifdef CONFIG_PARAVIRT_XXL static inline void load_sp0(unsigned long sp0) { @@ -170,16 +180,6 @@ static inline void __write_cr4(unsigned long x) PVOP_VCALL1(cpu.write_cr4, x); } =20 -static __always_inline void arch_safe_halt(void) -{ - PVOP_VCALL0(irq.safe_halt); -} - -static inline void halt(void) -{ - PVOP_VCALL0(irq.halt); -} - static inline u64 paravirt_read_msr(unsigned msr) { return PVOP_CALL1(u64, cpu.read_msr, msr); diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/p= aravirt_types.h index fea56b04f436..abccfccc2e3f 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -120,10 +120,9 @@ struct pv_irq_ops { struct paravirt_callee_save save_fl; struct paravirt_callee_save irq_disable; struct paravirt_callee_save irq_enable; - +#endif void (*safe_halt)(void); void (*halt)(void); -#endif } __no_randomize_layout; =20 struct pv_mmu_ops { diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index 1ccaa3397a67..c5bb980b8a67 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -110,6 +110,11 @@ int paravirt_disable_iospace(void) return request_resource(&ioport_resource, &reserve_ioports); } =20 +static noinstr void pv_native_safe_halt(void) +{ + native_safe_halt(); +} + #ifdef CONFIG_PARAVIRT_XXL static noinstr void pv_native_write_cr2(unsigned long val) { @@ -125,11 +130,6 @@ static noinstr void pv_native_set_debugreg(int regno, = unsigned long val) { native_set_debugreg(regno, val); } - -static noinstr void pv_native_safe_halt(void) -{ - native_safe_halt(); -} #endif =20 struct pv_info pv_info =3D { @@ -186,9 +186,11 @@ struct paravirt_patch_template pv_ops =3D { .irq.save_fl =3D __PV_IS_CALLEE_SAVE(pv_native_save_fl), .irq.irq_disable =3D __PV_IS_CALLEE_SAVE(pv_native_irq_disable), .irq.irq_enable =3D __PV_IS_CALLEE_SAVE(pv_native_irq_enable), +#endif /* CONFIG_PARAVIRT_XXL */ + + /* Irq HLT ops. */ .irq.safe_halt =3D pv_native_safe_halt, .irq.halt =3D native_halt, -#endif /* CONFIG_PARAVIRT_XXL */ =20 /* Mmu ops. */ .mmu.flush_tlb_user =3D native_flush_tlb_local, --=20 2.48.1.601.g30ceb7b040-goog From nobody Sun Feb 8 04:28:11 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B675D264F88 for ; Thu, 20 Feb 2025 21:16:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740086198; cv=none; b=SMN/Ja7o7LNCOuiQHQJZcD+NYMoi4BFstrZmMyVNSqtf7xzegJrbzwjItQ6gPWTvdRLVS+zLiADyGS7xKCEkpuoLPBsTeDZLNKzP6XX7FqN3mLNaYxQhEtj4eR7CuabN3jHmojiVhT5utlZk0KaVOWUqo1xB0SIlaoeEwPMaZ2M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740086198; c=relaxed/simple; bh=jR3mLIaiTeoa+eMLo/cxTYfU6MgHYfLBM6TtUFuwv2U=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=KKVH3b+j1nFVRwP6QLp2LneD01wJSBWIJEtJKO2reBZGuBEdSL0CwiuyrN6b3QQ7OKiaftsQ9t+zCFIy3taFxDr5RgMaaK2Y2Il1eztjg8DXgSqysoMBSB4sf2VAeYfh9Dnueu3diYiq6EOonfXXjm15HpMbCJBH/QpxF47bWHA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--vannapurve.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=A0pKbMoJ; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--vannapurve.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="A0pKbMoJ" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2fc1eabf4f7so3094085a91.1 for ; Thu, 20 Feb 2025 13:16:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1740086196; x=1740690996; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=qwgJNMEdiT1vhkG5lo7+qzuUnmeEBfj5pFKSBW8oyKM=; b=A0pKbMoJcAVxOzyy7J0he2qXatydDIEXS3i/uqCtCr6QoM6AUY0Sq77Xj2MxHgE7lh C4C7hHGr/ozv/bJcJMPiKIzJPCORI3nFSH+9P06OvOaZQb1+ajhrGCJ4FCygaAxwb/wo 2K8jJsCv4ZIwHE+pDr0TETgTXNo305ov8/X5tNRhh9p5GXe+aTh0oRkXs94GuIW17G7F VwJs9f2y2/uXzBssB5EuYJF57DEq0xagde+tdmrJBhHjXIht09HI36qkgppmCT0wr8Zi w900oz+kEw8L+Bi+jsihOG+x/YreR7jws9AIF8Aln24cLbXmRyWeLGCgwby8mMQB+qLf OCPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740086196; x=1740690996; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=qwgJNMEdiT1vhkG5lo7+qzuUnmeEBfj5pFKSBW8oyKM=; b=Cbah3VZiJ/SfxHAml0E2m/uXeB08PGHE+h8k1HtKTx9YAXyUMjjxDJtaukvPRKkXmI B8hWtBPPMgxtMKD+v1OxY7LRdctrdWqF2VY2cpJdK0QhI2/fHS0355Hb6fugez1wrmAj S3areaVoKQmiS4e/WXnlMNv7JsDXA1ZBym78YVd/ssVGf7Ok2cKEZOWGIjBOfT7LMkR2 k1ULPn5hBswVicg91JO/OT6rdWgfzm4xXiOWqiPA7fIj0qICMB17KDbMats/Y8e09f1J dbT+s9FdGEk+CSi3tvRxGdGATEY8MEK+CPUEyEwyk+W0Sm2khJ1VDISIDb8C5QOCzAYT wfEQ== X-Forwarded-Encrypted: i=1; AJvYcCX9TyXZ6eiH9R2qsONj4pDA2JpnoSAwyeCX9feHRf/gUKZQrhiWtg84q3yWSseHVDx0qDHZIWCCy89FVxQ=@vger.kernel.org X-Gm-Message-State: AOJu0Yz0jmusceLfQuJQqpDvu7gXOhoil+kPrLKFPRJY1rQW6UhOshVZ d7/BOvBbNVwF6dQTQiRR82zne+1v4/BPPUEBEv2GbwUWCMdPt0GSyUCoRK6wp9TiSZPZ15adxF4 jEoicRhhNmGato9/WEw== X-Google-Smtp-Source: AGHT+IEUy6fUyPlY/43Esb54TIEMhhhxJkccpoUI9fpWZbCJIo3NCSM5KuRkfyBLlkcAsmHOkWWxQmMvctwYKaNK X-Received: from pjbsx14.prod.google.com ([2002:a17:90b:2cce:b0:2f2:ea3f:34c3]) (user=vannapurve job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3806:b0:2f7:4cce:ae37 with SMTP id 98e67ed59e1d1-2fce78cb5afmr1247829a91.18.1740086196337; Thu, 20 Feb 2025 13:16:36 -0800 (PST) Date: Thu, 20 Feb 2025 21:16:26 +0000 In-Reply-To: <20250220211628.1832258-1-vannapurve@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250220211628.1832258-1-vannapurve@google.com> X-Mailer: git-send-email 2.48.1.601.g30ceb7b040-goog Message-ID: <20250220211628.1832258-3-vannapurve@google.com> Subject: [PATCH V5 2/4] x86/tdx: Route safe halt execution via tdx_safe_halt() From: Vishal Annapurve To: x86@kernel.org, linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, virtualization@lists.linux.dev Cc: pbonzini@redhat.com, seanjc@google.com, erdemaktas@google.com, ackerleytng@google.com, jxgao@google.com, sagis@google.com, oupton@google.com, pgonda@google.com, kirill@shutemov.name, dave.hansen@linux.intel.com, chao.p.peng@linux.intel.com, isaku.yamahata@gmail.com, sathyanarayanan.kuppuswamy@linux.intel.com, jgross@suse.com, ajay.kaher@broadcom.com, alexey.amakhalov@broadcom.com, Vishal Annapurve , stable@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Direct HLT instruction execution causes #VEs for TDX VMs which is routed to hypervisor via TDCALL. safe_halt() routines execute HLT in STI-shadow so IRQs need to remain disabled until the TDCALL to ensure that pending IRQs are correctly treated as wake events. So "sti;hlt" sequence needs to be replaced for TDX VMs with "TDCALL; *_irq_enable()" to keep interrupts disabled during TDCALL execution. Commit bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") prevented the idle routines from using "sti;hlt". But it missed the paravirt routine which can be reached like this as an example: acpi_safe_halt() =3D> raw_safe_halt() =3D> arch_safe_halt() =3D> irq.safe_halt() =3D> pv_native_safe_halt() Modify tdx_safe_halt() to implement the sequence "TDCALL; raw_local_irq_enable()" and invoke tdx_halt() from idle routine which just executes TDCALL without toggling interrupt state. Introduce dependency on CONFIG_PARAVIRT and override paravirt halt()/safe_halt() routines for TDX VMs. Cc: stable@vger.kernel.org Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") Signed-off-by: Vishal Annapurve --- arch/x86/Kconfig | 1 + arch/x86/coco/tdx/tdx.c | 22 +++++++++++++++++++++- arch/x86/include/asm/tdx.h | 2 +- arch/x86/kernel/process.c | 2 +- 4 files changed, 24 insertions(+), 3 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 87198d957e2f..afcdbc9693dc 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -902,6 +902,7 @@ config INTEL_TDX_GUEST depends on X86_64 && CPU_SUP_INTEL depends on X86_X2APIC depends on EFI_STUB + depends on PARAVIRT select ARCH_HAS_CC_PLATFORM select X86_MEM_ENCRYPT select X86_MCE diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 32809a06dab4..7ab427e85bd3 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include @@ -398,7 +399,7 @@ static int handle_halt(struct ve_info *ve) return ve_instr_len(ve); } =20 -void __cpuidle tdx_safe_halt(void) +void __cpuidle tdx_halt(void) { const bool irq_disabled =3D false; =20 @@ -409,6 +410,16 @@ void __cpuidle tdx_safe_halt(void) WARN_ONCE(1, "HLT instruction emulation failed\n"); } =20 +static void __cpuidle tdx_safe_halt(void) +{ + tdx_halt(); + /* + * "__cpuidle" section doesn't support instrumentation, so stick + * with raw_* variant that avoids tracing hooks. + */ + raw_local_irq_enable(); +} + static int read_msr(struct pt_regs *regs, struct ve_info *ve) { struct tdx_module_args args =3D { @@ -1109,6 +1120,15 @@ void __init tdx_early_init(void) x86_platform.guest.enc_kexec_begin =3D tdx_kexec_begin; x86_platform.guest.enc_kexec_finish =3D tdx_kexec_finish; =20 + /* + * "sti;hlt" execution in TDX guests will induce a #VE in the STI-shadow + * which will enable interrupts before HLT TDCALL inocation possibly + * resulting in missed wakeup events. Modify all possible HLT + * execution paths to use TDCALL for performance/reliability reasons. + */ + pv_ops.irq.safe_halt =3D tdx_safe_halt; + pv_ops.irq.halt =3D tdx_halt; + /* * TDX intercepts the RDMSR to read the X2APIC ID in the parallel * bringup low level code. That raises #VE which cannot be handled diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index b4b16dafd55e..393ee2dfaab1 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -58,7 +58,7 @@ void tdx_get_ve_info(struct ve_info *ve); =20 bool tdx_handle_virt_exception(struct pt_regs *regs, struct ve_info *ve); =20 -void tdx_safe_halt(void); +void tdx_halt(void); =20 bool tdx_early_handle_ve(struct pt_regs *regs); =20 diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index 6da6769d7254..d11956a178df 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -934,7 +934,7 @@ void __init select_idle_routine(void) static_call_update(x86_idle, mwait_idle); } else if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) { pr_info("using TDX aware idle routine\n"); - static_call_update(x86_idle, tdx_safe_halt); + static_call_update(x86_idle, tdx_halt); } else { static_call_update(x86_idle, default_idle); } --=20 2.48.1.601.g30ceb7b040-goog From nobody Sun Feb 8 04:28:11 2026 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0BBAF263F54 for ; Thu, 20 Feb 2025 21:16:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740086200; cv=none; b=btTtvG3YcjU1ZAmoC6ugHv5AWzkzie80VCUDVVKR09WcwgdqCPPm+M0LW79Myq8RI7ahWoh35wQNhHmT/cG2EKfd0kThYPQyWgd3928AafpFeR02DmFa2a3fk/TpHyrjVl49SfZc3SujjrwCGxIlsUAkYbMCzRFc4uTICLOgk40= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740086200; c=relaxed/simple; bh=+PPj/zrzjSYqXXCy96C5yaPEmwdaRWz6IyB/osiEhO8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=sxEO8a028SmmhT57DRHQ0LOFljxrE0hKMVXiU9Q2wnnXdG5CRVz9KOYuFTDRnAFl/WeExmpu0cw3xHbSuHWEuSZbO9jj1CMpBfHNtoylgymZHc0+Y2lTjpjzKdh2oX41abAxZwD+90UbL/f+PFTUliRtpP4H0nS5XF6Dvn3IKHU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--vannapurve.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=XFih8IMd; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--vannapurve.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="XFih8IMd" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-220c86e46ebso24940635ad.0 for ; Thu, 20 Feb 2025 13:16:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1740086198; x=1740690998; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=M+TBBWdBjfmJP6Y5X3+NqIMZIzXEuRVkUfogK9DAPAw=; b=XFih8IMdkLaBonSUGeQ8vy8KL9murhxyhMMBuwiHqyiwsrj9wkgV1GB+w6R8iO3BGI Gxwj5GM7nF6BTGyHHsQq3MVTnhaK5OOKJ0xm8YsxTd0Ot1yjSZz7fLkQEVoU/SZ1hjCb QM8Gwejg2P4wB2I4CtHEfvIOSX8++lgBoO/n+xYnb4cSw5QzcMYi8WVMDN6fEg3tkgXE K3v5Ga+9fqJLM7mnzE/afQq9euA/JkZC4z+bI3Q6uSIXAaEmRvqfGA3F1WXMCGia5Hdv WfwI4HyyC9ohO2h+Ewfu8bxGwI1sjhIjLe8wD7uQVAbAznirDO761QXIr249RMHUM6wU gICg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740086198; x=1740690998; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=M+TBBWdBjfmJP6Y5X3+NqIMZIzXEuRVkUfogK9DAPAw=; b=V9wREAF9L6uCln1ByS4/wanv8Uoa9/0CEe9pX6K2mbZnjFZ0lUTaBtBB/T3kgKEVYG h0x9MFh0/yYm8Mb19fHZZVXkkTVEuNY8O7EHWj0zPmi8hzNLr2Drws7aWGnMtCnUOZMC +JWytih/xsI+0xx0qj0D8VIMDkDOnSS8qifizE7AIqkftpQXJEowVl9A/mjlFk2joavO hLfNUoaJSraFvVYaFb6gy2JApaClyfYbxnoZnwQLqTwU8+EiW1FySS6TDJaThUF3csa9 F/JWWiC0aXb2iFVDg+lnN0FgAx79Ggy6RHFik9KX7/ytuwnUrA2pw5/536ugGaLfBbMZ bznA== X-Forwarded-Encrypted: i=1; AJvYcCXfJEp5F1FWmv8bMLKTzTjxsk3AguIHYE8v09aD2CLXGGiuHUNpt9gtCbc881blE5QFzKjMR2FBD4IfqcI=@vger.kernel.org X-Gm-Message-State: AOJu0YxL2l9JShIwVSa83aXhUySemI1JEw1K2uM3rbwjhHhEAA6P6G5w f4sfhtvFjDKC8OhJaAYB8KVHIJ7FrBM5SOyQQmqZTStotnCn1yNIelDgr0t8EysNxGqVBEwIGcU +jukR8/DtJ68X1QxDFg== X-Google-Smtp-Source: AGHT+IFBNlC2O2lCqWhKeQbyAtagcsPixzHArx3alpasUksoCuLOtkF4bpyxaKtp+sZkIRPUeSQUbnmVmkWHtYVc X-Received: from pgbfe4.prod.google.com ([2002:a05:6a02:2884:b0:ad5:4620:b05d]) (user=vannapurve job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:3989:b0:1ee:dee8:5a21 with SMTP id adf61e73a8af0-1eef52c9126mr489345637.6.1740086198423; Thu, 20 Feb 2025 13:16:38 -0800 (PST) Date: Thu, 20 Feb 2025 21:16:27 +0000 In-Reply-To: <20250220211628.1832258-1-vannapurve@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250220211628.1832258-1-vannapurve@google.com> X-Mailer: git-send-email 2.48.1.601.g30ceb7b040-goog Message-ID: <20250220211628.1832258-4-vannapurve@google.com> Subject: [PATCH V5 3/4] x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling From: Vishal Annapurve To: x86@kernel.org, linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, virtualization@lists.linux.dev Cc: pbonzini@redhat.com, seanjc@google.com, erdemaktas@google.com, ackerleytng@google.com, jxgao@google.com, sagis@google.com, oupton@google.com, pgonda@google.com, kirill@shutemov.name, dave.hansen@linux.intel.com, chao.p.peng@linux.intel.com, isaku.yamahata@gmail.com, sathyanarayanan.kuppuswamy@linux.intel.com, jgross@suse.com, ajay.kaher@broadcom.com, alexey.amakhalov@broadcom.com, Vishal Annapurve , "Kirill A. Shutemov" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Direct HLT instruction execution causes #VEs for TDX VMs which is routed to hypervisor via TDCALL. safe_halt() routines execute HLT in STI-shadow so IRQs need to remain disabled until the TDCALL to ensure that pending IRQs are correctly treated as wake events. Emit warning and fail emulation if IRQs are enabled during HLT #VE handling to avoid running into scenarios where IRQ wake events are lost resulting in indefinite HLT execution times. Reviewed-by: Kirill A. Shutemov Signed-off-by: Vishal Annapurve --- arch/x86/coco/tdx/tdx.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 7ab427e85bd3..16ac337df9fa 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -393,6 +393,14 @@ static int handle_halt(struct ve_info *ve) { const bool irq_disabled =3D irqs_disabled(); =20 + /* + * HLT with IRQs enabled is unsafe, as an IRQ that is intended to be a + * wake event may be consumed before requesting HLT emulation, leaving + * the vCPU blocking indefinitely. + */ + if (WARN_ONCE(!irq_disabled, "HLT emulation with IRQs enabled")) + return -EIO; + if (__halt(irq_disabled)) return -EIO; =20 --=20 2.48.1.601.g30ceb7b040-goog From nobody Sun Feb 8 04:28:11 2026 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 45516265624 for ; Thu, 20 Feb 2025 21:16:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740086202; cv=none; b=VgKaBy0rZ5I2SZKX0NAKzsZ7Onz+uSeg+wi50dx1RHficC3V1wFuUj866E3xL+Nu6nsVn7kC3ddC4zo1npnoHHKXq6z/BG6KIvGvnyfsEVVnRwrlYZAhq/3o1aejV/3H/nvpGAuo7REyw7HEMe44ASDH/L5fiL5/c4M+hplGR/M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740086202; c=relaxed/simple; bh=hk5AWDB4W5UZ+6Tp1jtEm33iRhnz3QVE85inx63D63Q=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=mr0pBAm0A10nzlQU9A/NICHzLBBoDiMbQDm8ymXV6Ge7jjresg31dj/lbPzKhRfUYlNQVHdO+gvk7BzVpHtMb37hmOjYKgPjIsDPTDQeaal8jJr+PDu2HAsIgw/a1bkJJ0FW8LtuZjjbK+FIbfoEUy+3MhlUuOrxso+Ma0uetZI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--vannapurve.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=IpdwEOo1; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--vannapurve.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="IpdwEOo1" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-220ec5c16e9so30750975ad.1 for ; Thu, 20 Feb 2025 13:16:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1740086200; x=1740691000; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=quyobmO4eU+KkdFfJQBwLa4/b8ryJDbeKM+f3W5YJ/A=; b=IpdwEOo1FPqx2K2x0acG7aVXrLgLVsU0cT1g2GvM/SPPr/mRNnjphip37lHMwf9hdl qdD/YEioDhEbjGB1PuCp6C3pAjC/kXLZ/+ARXJPivc7+SeE3Qk6HVeqB6kzxijN9aGPE ekQl1FvOVLoXpbar1UXdBmwr221wr4hvljWTb1dk1kAW5DZLeCzvmA+MwQZG2vtPjqkn BmaSHGxK3wza23TmjKpRUPKxLERyRWfBVmJy464rJvh66+uSkythyfuzcEdO99luBRwZ /kP1cGOGDiSEiefiROL4bG+CQy0oa6ozKi+PJIcv0G3WaQSNi66ZdSFtXyKPks/C8ysQ OyRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740086200; x=1740691000; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=quyobmO4eU+KkdFfJQBwLa4/b8ryJDbeKM+f3W5YJ/A=; b=NW5fy8wfjtSEgHPQjgsRHhXtsFfzVjxoWikRrt0M7gwRU3Ve1BwWccJamPUk6xag8Y ImO9a0cTrNFisg9uEz3p9GaRI64s+ERrGfwdltatKYERy9OUZfBH5NHjQzrfG09A4LPM Yc9+ffjuAfgN4Ojs02Y+BEFZbX00DrAK92QPCNyq8GYI2gyPgwIOwcdYun/RVIPU5iad Dj5LsnPRmTDm996Hr52EEzPt9RBk437Jmia6yFhgI5GhwfTt7ieWZOZkpOSVJPVsxdz8 F6/HcEpevn97T8mWK2MPMhEtALLRlaOZKahjuN3X6OcITivJpvpLj7jlpeNVpIPX1rd5 njHA== X-Forwarded-Encrypted: i=1; AJvYcCUnoujBYDb8u4MDpTIWT7GO4A7IS9UQ17ODg5d6qh0uOMYLWRjImOK9kU1Pn73kVlRt2dtnGjIeeMIknlQ=@vger.kernel.org X-Gm-Message-State: AOJu0Yz7JDFKxrjdoZxjeMz0Ye1Qq1rer/Ga+I+HMixtq4itg1YVGX5t Ejc+HXxIyIiSEZhNxx9EommB98yDoyDbQxK7gHg7qH5S3Qgn9o0Y+FJK0cnRsd37FlcOsPkG7cg i1YK8Qn3ejekQDLOCpg== X-Google-Smtp-Source: AGHT+IFH/02hpcYpkuLearHBpYEc1K/JoFIFji35ux8Zqev6Sl2eJQqFAy9n3707vNd7DLLP/QXifjbDResJq7SG X-Received: from pgbcw14.prod.google.com ([2002:a05:6a02:428e:b0:ad5:444f:7093]) (user=vannapurve job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:164e:b0:1ee:aa06:1a48 with SMTP id adf61e73a8af0-1eef52f7e0dmr496913637.22.1740086200687; Thu, 20 Feb 2025 13:16:40 -0800 (PST) Date: Thu, 20 Feb 2025 21:16:28 +0000 In-Reply-To: <20250220211628.1832258-1-vannapurve@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250220211628.1832258-1-vannapurve@google.com> X-Mailer: git-send-email 2.48.1.601.g30ceb7b040-goog Message-ID: <20250220211628.1832258-5-vannapurve@google.com> Subject: [PATCH V5 4/4] x86/tdx: Remove TDX specific idle routine From: Vishal Annapurve To: x86@kernel.org, linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, virtualization@lists.linux.dev Cc: pbonzini@redhat.com, seanjc@google.com, erdemaktas@google.com, ackerleytng@google.com, jxgao@google.com, sagis@google.com, oupton@google.com, pgonda@google.com, kirill@shutemov.name, dave.hansen@linux.intel.com, chao.p.peng@linux.intel.com, isaku.yamahata@gmail.com, sathyanarayanan.kuppuswamy@linux.intel.com, jgross@suse.com, ajay.kaher@broadcom.com, alexey.amakhalov@broadcom.com, Vishal Annapurve Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" With explicit dependency on CONFIG_PARAVIRT and TDX specific halt()/safe_halt() routines in place, default_idle() is safe to execute for TDX VMs. Remove TDX specific idle routine override which is now redundant. Signed-off-by: Vishal Annapurve --- arch/x86/coco/tdx/tdx.c | 2 +- arch/x86/include/asm/tdx.h | 2 -- arch/x86/kernel/process.c | 3 --- 3 files changed, 1 insertion(+), 6 deletions(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 16ac337df9fa..46f7bb82c8b7 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -407,7 +407,7 @@ static int handle_halt(struct ve_info *ve) return ve_instr_len(ve); } =20 -void __cpuidle tdx_halt(void) +static void __cpuidle tdx_halt(void) { const bool irq_disabled =3D false; =20 diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index 393ee2dfaab1..6769d1da4c80 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -58,8 +58,6 @@ void tdx_get_ve_info(struct ve_info *ve); =20 bool tdx_handle_virt_exception(struct pt_regs *regs, struct ve_info *ve); =20 -void tdx_halt(void); - bool tdx_early_handle_ve(struct pt_regs *regs); =20 int tdx_mcall_get_report0(u8 *reportdata, u8 *tdreport); diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index d11956a178df..9b21989c283b 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -932,9 +932,6 @@ void __init select_idle_routine(void) if (prefer_mwait_c1_over_halt()) { pr_info("using mwait in idle threads\n"); static_call_update(x86_idle, mwait_idle); - } else if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) { - pr_info("using TDX aware idle routine\n"); - static_call_update(x86_idle, tdx_halt); } else { static_call_update(x86_idle, default_idle); } --=20 2.48.1.601.g30ceb7b040-goog