From nobody Tue Dec 16 19:46:24 2025 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A3A0C82D91 for ; Fri, 28 Feb 2025 01:44:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740707066; cv=none; b=Tw/iGnqQF5AddNmpRn9WI7efoGceyARgky8T5DcvXfXlWL9XnrYxI+Y/kX0m1WDmqV84+CvesXySxKN4WKd77AOCXvoSSr5Nro84bgkysMYkodDuj4UpMLzQ5uprj0d5RSdUrAHJjXgrLW0hQxg7GYF/quoFUNaqop0jlEXp+hM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740707066; c=relaxed/simple; bh=SF/I9f89+NInfP0I1/V1gnMqErGHupNTd82F7aq8pZQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=GDg8vg/AU0lj0edNwgF0+zxp5L9hOlypgfC03K4+eiahgmxUtcL4aU9paaOaSyC9DmaLggGPdVeS7kgun6oBDDAJWfM6yS6hZTnieu+cVK+0gIu5JI93S4R51X7bD+ZHPF9lRBFf9MH+7ctBvWu/o05D2fFJPy042x5bdmq+ULQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--vannapurve.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=uDjTWwgj; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--vannapurve.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="uDjTWwgj" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2feb4648d4dso3099239a91.1 for ; Thu, 27 Feb 2025 17:44:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1740707064; x=1741311864; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=bPdyjIM3ZKqdo1hreqkAvh1ndzn/WZ8X4nW+LYOFom8=; b=uDjTWwgjJVPnPLAzmoD+MmHGt8Azgc499LrXPXKsidBOn7a6Y+/+2/tiVTAMOZXhuq avGW9VMMC5oZy2ZArQfpgczE1fbQ1Px/6rtfdWwEBSgN2Hs/8DlmZd80nYDy9mH7ZAUt c5p/Fk099eKQG5rEGwkdgUQRIBbxjxZoSjDqG54sC4UwbZ40peTBqDJAQ0Sh926Z9cuJ 2WH50zDM3pnKQ6zs/Qrfzb1GN2ga7pnKP2RjL2PCGll5gUcN0EUpbyKtZcId82cHJhdC HqZWp5N8DyEjS4q2gd7xLhlIk8X4k/Dueh3FMPL5+Y4xJ1KM1IqfGsu+7znYWagu9qbM ac9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740707064; x=1741311864; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=bPdyjIM3ZKqdo1hreqkAvh1ndzn/WZ8X4nW+LYOFom8=; b=F8pF4/lVk2e78AWAngHyNYV6GmDCYlB4lzOYyDkDM65eh9wnPrXKelGEg7LFvhBwRo p/TbqQK0k+E3DoYgPKfAeJ/noaj5Nh1ea3h9cyqyMN81Ktn9twNaRgYU0t3i6lE6n3gi BRX8ndOfDi74tZ4XjqWZ/ViUONOfdQRw9Vas2yUcVZmWYswv82j1m5vddxkne3No3USD doeWuGUtknoCHIuG4Sy94hLP2aZ6rQVaBFwKDa4X7uoyv76QWbAHFYa8nDQzVg6Zo/4w QQZFJfYLIvHmNRiW8px69W6jrUAJt5sZrTj20A9COqxy7ZU6qgQGSc47iDMYOaE86mM9 Ma0g== X-Forwarded-Encrypted: i=1; AJvYcCVZ9PfGEHSgWsLNwa8oCpu/j1mBaSR8zEbKyyDBV+tTX2pwp3yyod9xtnwpUTv7320YsSU4xjBkheKEdaM=@vger.kernel.org X-Gm-Message-State: AOJu0YwYx30Boypr8v+xEDkN0J9CDsFKwMDDMpfzvN5CpTp/LUDwo5UP ZLCH5XvdrSvUcHgecWZ0zoE/d6pgtpIk7I506aZYR7/fob3bHG81+mOTcZkiflgwCwSpEPOLJJd +1cY1px9T87yFjzGZcw== X-Google-Smtp-Source: AGHT+IFL146WGwGxH8rcUARvhRczpknZZ9/9ZUf4ofMEkzBKaSyFtK1tsge5rPIqyDZqSBw/D8YZZ4pQkXMOQJUs X-Received: from pgct22.prod.google.com ([2002:a05:6a02:5296:b0:add:b1a5:fc76]) (user=vannapurve job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:2d12:b0:1f1:432:5396 with SMTP id adf61e73a8af0-1f2f4d2253emr2225554637.22.1740707063939; Thu, 27 Feb 2025 17:44:23 -0800 (PST) Date: Fri, 28 Feb 2025 01:44:14 +0000 In-Reply-To: <20250228014416.3925664-1-vannapurve@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250228014416.3925664-1-vannapurve@google.com> X-Mailer: git-send-email 2.48.1.711.g2feabab25a-goog Message-ID: <20250228014416.3925664-2-vannapurve@google.com> Subject: [PATCH v7 1/3] x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT From: Vishal Annapurve To: dave.hansen@linux.intel.com, kirill.shutemov@linux.intel.com, jgross@suse.com, ajay.kaher@broadcom.com, ak@linux.intel.com, tony.luck@intel.com, thomas.lendacky@amd.com Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, pbonzini@redhat.com, seanjc@google.com, kai.huang@intel.com, chao.p.peng@linux.intel.com, isaku.yamahata@gmail.com, sathyanarayanan.kuppuswamy@linux.intel.com, erdemaktas@google.com, ackerleytng@google.com, jxgao@google.com, sagis@google.com, afranji@google.com, kees@kernel.org, jikos@kernel.org, peterz@infradead.org, x86@kernel.org, linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, virtualization@lists.linux.dev, bcm-kernel-feedback-list@broadcom.com, stable@vger.kernel.org, Vishal Annapurve Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Kirill A. Shutemov" CONFIG_PARAVIRT_XXL is mainly defined/used by XEN PV guests. For other VM guest types, features supported under CONFIG_PARAVIRT are self sufficient. CONFIG_PARAVIRT mainly provides support for TLB flush operations and time related operations. For TDX guest as well, paravirt calls under CONFIG_PARVIRT meets most of its requirement except the need of HLT and SAFE_HLT paravirt calls, which is currently defined under CONFIG_PARAVIRT_XXL. Since enabling CONFIG_PARAVIRT_XXL is too bloated for TDX guest like platforms, move HLT and SAFE_HLT paravirt calls under CONFIG_PARAVIRT. Moving HLT and SAFE_HLT paravirt calls are not fatal and should not break any functionality for current users of CONFIG_PARAVIRT. Cc: stable@vger.kernel.org Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") Co-developed-by: Kuppuswamy Sathyanarayanan Signed-off-by: Kuppuswamy Sathyanarayanan Signed-off-by: Kirill A. Shutemov Reviewed-by: Andi Kleen Reviewed-by: Tony Luck Reviewed-by: Juergen Gross Signed-off-by: Vishal Annapurve Tested-by: Ryan Afranji --- arch/x86/include/asm/irqflags.h | 40 +++++++++++++++------------ arch/x86/include/asm/paravirt.h | 20 +++++++------- arch/x86/include/asm/paravirt_types.h | 3 +- arch/x86/kernel/paravirt.c | 14 ++++++---- 4 files changed, 41 insertions(+), 36 deletions(-) diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflag= s.h index cf7fc2b8e3ce..1c2db11a2c3c 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -76,6 +76,28 @@ static __always_inline void native_local_irq_restore(uns= igned long flags) =20 #endif =20 +#ifndef CONFIG_PARAVIRT +#ifndef __ASSEMBLY__ +/* + * Used in the idle loop; sti takes one instruction cycle + * to complete: + */ +static __always_inline void arch_safe_halt(void) +{ + native_safe_halt(); +} + +/* + * Used when interrupts are already enabled or to + * shutdown the processor: + */ +static __always_inline void halt(void) +{ + native_halt(); +} +#endif /* __ASSEMBLY__ */ +#endif /* CONFIG_PARAVIRT */ + #ifdef CONFIG_PARAVIRT_XXL #include #else @@ -97,24 +119,6 @@ static __always_inline void arch_local_irq_enable(void) native_irq_enable(); } =20 -/* - * Used in the idle loop; sti takes one instruction cycle - * to complete: - */ -static __always_inline void arch_safe_halt(void) -{ - native_safe_halt(); -} - -/* - * Used when interrupts are already enabled or to - * shutdown the processor: - */ -static __always_inline void halt(void) -{ - native_halt(); -} - /* * For spinlocks, etc: */ diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravir= t.h index 041aff51eb50..29e7331a0c98 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h @@ -107,6 +107,16 @@ static inline void notify_page_enc_status_changed(unsi= gned long pfn, PVOP_VCALL3(mmu.notify_page_enc_status_changed, pfn, npages, enc); } =20 +static __always_inline void arch_safe_halt(void) +{ + PVOP_VCALL0(irq.safe_halt); +} + +static inline void halt(void) +{ + PVOP_VCALL0(irq.halt); +} + #ifdef CONFIG_PARAVIRT_XXL static inline void load_sp0(unsigned long sp0) { @@ -170,16 +180,6 @@ static inline void __write_cr4(unsigned long x) PVOP_VCALL1(cpu.write_cr4, x); } =20 -static __always_inline void arch_safe_halt(void) -{ - PVOP_VCALL0(irq.safe_halt); -} - -static inline void halt(void) -{ - PVOP_VCALL0(irq.halt); -} - static inline u64 paravirt_read_msr(unsigned msr) { return PVOP_CALL1(u64, cpu.read_msr, msr); diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/p= aravirt_types.h index fea56b04f436..abccfccc2e3f 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -120,10 +120,9 @@ struct pv_irq_ops { struct paravirt_callee_save save_fl; struct paravirt_callee_save irq_disable; struct paravirt_callee_save irq_enable; - +#endif void (*safe_halt)(void); void (*halt)(void); -#endif } __no_randomize_layout; =20 struct pv_mmu_ops { diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index 1ccaa3397a67..c5bb980b8a67 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -110,6 +110,11 @@ int paravirt_disable_iospace(void) return request_resource(&ioport_resource, &reserve_ioports); } =20 +static noinstr void pv_native_safe_halt(void) +{ + native_safe_halt(); +} + #ifdef CONFIG_PARAVIRT_XXL static noinstr void pv_native_write_cr2(unsigned long val) { @@ -125,11 +130,6 @@ static noinstr void pv_native_set_debugreg(int regno, = unsigned long val) { native_set_debugreg(regno, val); } - -static noinstr void pv_native_safe_halt(void) -{ - native_safe_halt(); -} #endif =20 struct pv_info pv_info =3D { @@ -186,9 +186,11 @@ struct paravirt_patch_template pv_ops =3D { .irq.save_fl =3D __PV_IS_CALLEE_SAVE(pv_native_save_fl), .irq.irq_disable =3D __PV_IS_CALLEE_SAVE(pv_native_irq_disable), .irq.irq_enable =3D __PV_IS_CALLEE_SAVE(pv_native_irq_enable), +#endif /* CONFIG_PARAVIRT_XXL */ + + /* Irq HLT ops. */ .irq.safe_halt =3D pv_native_safe_halt, .irq.halt =3D native_halt, -#endif /* CONFIG_PARAVIRT_XXL */ =20 /* Mmu ops. */ .mmu.flush_tlb_user =3D native_flush_tlb_local, --=20 2.48.1.711.g2feabab25a-goog From nobody Tue Dec 16 19:46:24 2025 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 554E2276D11 for ; Fri, 28 Feb 2025 01:44:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740707069; cv=none; b=ry8sRsb9wPdyDhf6JVTGFohale2O7GFyfjosl0wkf88KyT4civdySXhv+FUspl6gc6pAR0/+YvTL7azTeF2GnxzSBxFNa+g8CPmmhAaE1kQjW8FqxppbN75mDWWVNzY/LQwGkyxresqZ/LWvgmbJI9NtvRD3IvYmvbZoIGMSHAc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740707069; c=relaxed/simple; bh=i9ENWjo/o96Aa8fPKMPX7NLngVCt8HtPrHWOTzQE0Fk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=tiP/GaFv5iPiJQn/TOsugrx2S8uO5UBIVe8q5GVbDrclx95T2lYpfSeypboGKmk9V64Tdw8QHarIRFnh5CwpbrPY1tdczY3K2nlR4yrN0Xv2oTsdckGvqsKz8+B166jiS0w+T4374bJ8RRqvYAWuxuuW2GXI1tY77uZ3TV7xZqc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--vannapurve.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=mRIJm+wE; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--vannapurve.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="mRIJm+wE" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-220d8599659so30904025ad.0 for ; Thu, 27 Feb 2025 17:44:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1740707067; x=1741311867; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=i0wFOSqRndidkNXiBiYSW4ce7lxfSxMD1v4SsnHkoVc=; b=mRIJm+wE0sUbmDRhVgWPZyVfDXfiWoubqasnmSNHG9CSUq25UTWLoEVmFiU0bSR4ZL 8UKCv0QwxAMLupgiUdsrwSZPKpV8+58Ka6dfQ0/qSiv+q/bg19MTpI1Y9MZX0Wk5bnmS FpwzYQaWO6XTxqHcfit6mw7JBXFxZ0Sk5FFNdcOWkgh4tJXbi0GUr4k5euGhULcFM9SM C1ffsboqtz2Kne2VVuGF3iPECVASPVVdDnzvsqamM1l+7FDIwOGDh5E5wR4Lv4YtnlO0 3KLC9t6HhAkAIjVLKTyiRNa3IWpfYJeOGkmo/y0jn+NZ7KUN7yOwXAfmHaj/YqmCggaf tuJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740707067; x=1741311867; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=i0wFOSqRndidkNXiBiYSW4ce7lxfSxMD1v4SsnHkoVc=; b=F0wKs7xvfBpc537RIs1GreCUHNTp4AJTV4ztp8ZbDW/U3/m+xNyS5omq25wEbvCCfR cvMdrOi1w/GkSLbN/u6rCS/hoSkFjxsuNWxVowaf6jxm1l78QXWpImFIdLCrvwnCsgdy 8gtihbPSV9td9ALeOzSvpMGGiPu1QQ/CcUR7c5dlY1ZMI9s98tRElFo1vcoXxbRkCC9s mroR36SrFR22VmGr/zqu73HuhQ+zlOrEKhx1qJ/X9bsz5Q3kYiQMYq4aOpLBBneGxiC1 Ppmu2908mEEvlBPolRwOlahm66Cp5/Nh3q03MX7pxc4PT0isUxABCHGemWxrgm/8FrhH L4+A== X-Forwarded-Encrypted: i=1; AJvYcCVEMdKFYGbSvBtBqYcRA5GuK/mBJCavyGVQP70WbayGedVdPAw+z4VmanmaaapdWYFYXnn3xZmGW0wlX1c=@vger.kernel.org X-Gm-Message-State: AOJu0YwzCRRr1XArs6X3m7I1yYK4u+rPnBt0uhe50oFDjQzkRWqe3Bby Mn6HRjj7dBAHIeSEqHzq1YTEQRbJN8Z0n9zuWbvngaKtnlv0vIDWY1NY0yVjzK945ECRchLg5LE rGQaJ6oauX3UdUKHiZA== X-Google-Smtp-Source: AGHT+IHcdEevikITtyeaqM8Mz1NP3XkKvs0CtF/JDlO8or0UrfQF1zHQplot1E2vAsgNiVwgy8W10dEeyX49rVAZ X-Received: from pfbhu34.prod.google.com ([2002:a05:6a00:69a2:b0:730:876e:7b1c]) (user=vannapurve job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:3d4a:b0:730:8768:76d7 with SMTP id d2e1a72fcca58-734ac41c74cmr2179681b3a.17.1740707067419; Thu, 27 Feb 2025 17:44:27 -0800 (PST) Date: Fri, 28 Feb 2025 01:44:15 +0000 In-Reply-To: <20250228014416.3925664-1-vannapurve@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250228014416.3925664-1-vannapurve@google.com> X-Mailer: git-send-email 2.48.1.711.g2feabab25a-goog Message-ID: <20250228014416.3925664-3-vannapurve@google.com> Subject: [PATCH v7 2/3] x86/tdx: Fix arch_safe_halt() execution for TDX VMs From: Vishal Annapurve To: dave.hansen@linux.intel.com, kirill.shutemov@linux.intel.com, jgross@suse.com, ajay.kaher@broadcom.com, ak@linux.intel.com, tony.luck@intel.com, thomas.lendacky@amd.com Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, pbonzini@redhat.com, seanjc@google.com, kai.huang@intel.com, chao.p.peng@linux.intel.com, isaku.yamahata@gmail.com, sathyanarayanan.kuppuswamy@linux.intel.com, erdemaktas@google.com, ackerleytng@google.com, jxgao@google.com, sagis@google.com, afranji@google.com, kees@kernel.org, jikos@kernel.org, peterz@infradead.org, x86@kernel.org, linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, virtualization@lists.linux.dev, bcm-kernel-feedback-list@broadcom.com, Vishal Annapurve , stable@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Direct HLT instruction execution causes #VEs for TDX VMs which is routed to hypervisor via TDCALL. If HLT is executed in STI-shadow, resulting #VE handler will enable interrupts before TDCALL is routed to hypervisor leading to missed wakeup events, as current TDX spec doesn't expose interruptibility state information to allow #VE handler to selectively enable interrupts. Commit bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") prevented the idle routines from executing HLT instruction in STI-shadow. But it missed the paravirt routine which can be reached via this path as an example: kvm_wait() =3D> safe_halt() =3D> raw_safe_halt() =3D> arch_safe_halt() =3D> irq.safe_halt() =3D> pv_native_safe_halt() To reliably handle arch_safe_halt() for TDX VMs, introduce explicit dependency on CONFIG_PARAVIRT and override paravirt halt()/safe_halt() routines with TDX-safe versions that execute direct TDCALL and needed interrupt flag updates. Executing direct TDCALL brings in additional benefit of avoiding HLT related #VEs altogether. Cc: stable@vger.kernel.org Fixes: bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests") Reviewed-by: Kirill A. Shutemov Signed-off-by: Vishal Annapurve Tested-by: Ryan Afranji --- arch/x86/Kconfig | 1 + arch/x86/coco/tdx/tdx.c | 26 +++++++++++++++++++++++++- arch/x86/include/asm/tdx.h | 4 ++-- arch/x86/kernel/process.c | 2 +- 4 files changed, 29 insertions(+), 4 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index be2c311f5118..933c046e8966 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -902,6 +902,7 @@ config INTEL_TDX_GUEST depends on X86_64 && CPU_SUP_INTEL depends on X86_X2APIC depends on EFI_STUB + depends on PARAVIRT select ARCH_HAS_CC_PLATFORM select X86_MEM_ENCRYPT select X86_MCE diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 32809a06dab4..6aad910d119d 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include @@ -398,7 +399,7 @@ static int handle_halt(struct ve_info *ve) return ve_instr_len(ve); } =20 -void __cpuidle tdx_safe_halt(void) +void __cpuidle tdx_halt(void) { const bool irq_disabled =3D false; =20 @@ -409,6 +410,16 @@ void __cpuidle tdx_safe_halt(void) WARN_ONCE(1, "HLT instruction emulation failed\n"); } =20 +static void __cpuidle tdx_safe_halt(void) +{ + tdx_halt(); + /* + * "__cpuidle" section doesn't support instrumentation, so stick + * with raw_* variant that avoids tracing hooks. + */ + raw_local_irq_enable(); +} + static int read_msr(struct pt_regs *regs, struct ve_info *ve) { struct tdx_module_args args =3D { @@ -1109,6 +1120,19 @@ void __init tdx_early_init(void) x86_platform.guest.enc_kexec_begin =3D tdx_kexec_begin; x86_platform.guest.enc_kexec_finish =3D tdx_kexec_finish; =20 + /* + * Avoid "sti;hlt" execution in TDX guests as HLT induces a #VE that + * will enable interrupts before HLT TDCALL invocation if executed + * in STI-shadow, possibly resulting in missed wakeup events. + * + * Modify all possible HLT execution paths to use TDX specific routines + * that directly execute TDCALL and toggle the interrupt state as + * needed after TDCALL completion. This also reduces HLT related #VEs + * in addition to having a reliable halt logic execution. + */ + pv_ops.irq.safe_halt =3D tdx_safe_halt; + pv_ops.irq.halt =3D tdx_halt; + /* * TDX intercepts the RDMSR to read the X2APIC ID in the parallel * bringup low level code. That raises #VE which cannot be handled diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index b4b16dafd55e..40f9a97371a9 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -58,7 +58,7 @@ void tdx_get_ve_info(struct ve_info *ve); =20 bool tdx_handle_virt_exception(struct pt_regs *regs, struct ve_info *ve); =20 -void tdx_safe_halt(void); +void tdx_halt(void); =20 bool tdx_early_handle_ve(struct pt_regs *regs); =20 @@ -72,7 +72,7 @@ void __init tdx_dump_td_ctls(u64 td_ctls); #else =20 static inline void tdx_early_init(void) { }; -static inline void tdx_safe_halt(void) { }; +static inline void tdx_halt(void) { }; =20 static inline bool tdx_early_handle_ve(struct pt_regs *regs) { return fals= e; } =20 diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index 6da6769d7254..d11956a178df 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -934,7 +934,7 @@ void __init select_idle_routine(void) static_call_update(x86_idle, mwait_idle); } else if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) { pr_info("using TDX aware idle routine\n"); - static_call_update(x86_idle, tdx_safe_halt); + static_call_update(x86_idle, tdx_halt); } else { static_call_update(x86_idle, default_idle); } --=20 2.48.1.711.g2feabab25a-goog From nobody Tue Dec 16 19:46:24 2025 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 628ED154C17 for ; Fri, 28 Feb 2025 01:44:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740707071; cv=none; b=B/kdlbukQ8ljn7r9dOSqLa6SQuVlNHl4DdjYSmLh/ZtEZV88XATZKs4BZ+xtKinSu9POM13SVk+OOP2Uc2D25PLr6zPKAFXqeat9flI073hLBI+IGeBCvX/y3ZiLw+NQFJdIGeZIze8jcpy+Je5RXnvpq3WD2Z8dDNGlUnS59zU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740707071; c=relaxed/simple; bh=FrAg2JyorIe0/fbtZ6H1UBDcm6ZSzN4dgaVrSF/c0jI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=slvBF+Fxh7Wh4PPWAOI7ar9y80gEleHk6DU2eQk8JwfaY2biGLd57++bL54PzAlyOphaIxkElcmr1IFD4++EY5MTz4hC1iKkj5D3SWcUXpAar+JHhYFRA5JWkDd/GcfuIa66g3yH/DKi4UeljYBGDBVe6rcl33U4nslUH4hzINo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--vannapurve.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Cp0XXAD1; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--vannapurve.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Cp0XXAD1" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2fe86c01f5cso3514319a91.1 for ; Thu, 27 Feb 2025 17:44:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1740707070; x=1741311870; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=rgg6TdslREem8G9twRIimDeFP8lrtGahRwRwSo3/dXc=; b=Cp0XXAD111GhApFku5uG2YgpOAvGEK24Gx6m6JEKW9+s3wNAVHAjBts/5R5rjUgB30 W4/TfIsHzxdV/oOC0ZbcEyPXeF/uax0l+2jDfsFpgViYLwGiXsVBYqEAKcoqCN9sP9FP X/9rTwBMSl3uu3C4kFMtpkweQdhe7NGtwX/ff7lHfF9DozU6wY6sMsIiJuP2ukY+DP6c t5mmC9gbWINWO1k7aamLvgkaRGOrwZiMsFYpmOvFTR/95sOLmIwaP1g9BzgEDFBipVvF 7ZYrk4p37koyP0cvjXT9R3QuY0oPXxEBs8fNHcNrlnfYfxBYB2Z0+7wlcjjnO6JqrzHY V1tA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740707070; x=1741311870; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=rgg6TdslREem8G9twRIimDeFP8lrtGahRwRwSo3/dXc=; b=vUNRnX8dPx29oISEstIU+wqyz5e0a+z+QvOXCVvdC7VPrzXPOjdcWrzDFFKeFtk420 edxrLg2qcdH+oZjwKjchr0gbMScBKSj+yZTgEMXQIssnwP/nqyqX9vgEyR9NjTqKxm5Y lrTkgEkTfQjUAABOGm/jsVOda3ovn9bvNlLFtvOztNyxUoj3CztfMIlOCLDW+d6T/Jqn AxhlBtJTsTT2e4zTN4KKGF/xO6EPINnFVHU4wKMqa6hGoXY4EZ7EGb0FQnJaJiLbfIzh PwRq3vaNK/NLGYgn+ysMV355h3ELEeDRoheCysqqR3VTXN88M2GttnzxrbLxHx7psfKe RNeg== X-Forwarded-Encrypted: i=1; AJvYcCV9n4Vo2PH873wv6ysaWz9JB6y5+AlZ2Ji+OrnxDyXER37xrWe4meqGLnv+7qqOyFqkqegsyik+0/B+bYg=@vger.kernel.org X-Gm-Message-State: AOJu0YwY+26jC9OjN49Hh2ITdk60Anhf8leIFngj7eZkbwXhYctTq37M 8stXpssJratSxVwWEbrONp5/PgFO3TpLf15l+mYf1jTG83uGuHc6sr/8VggNI75QzG9EsVm4ZQa 2VTLUjzPMmX7S4zUFsw== X-Google-Smtp-Source: AGHT+IEKbeYwPp3VufcnDG3oxb1HHJhquHFRS3WK6izEh4VhCj6uAX2NGWoxcV/iyT0wqgmgDGn12hkLp0j/InU1 X-Received: from pjn11.prod.google.com ([2002:a17:90b:570b:b0:2f5:4762:e778]) (user=vannapurve job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90a:d40e:b0:2ee:c9b6:c26a with SMTP id 98e67ed59e1d1-2febab50df6mr2614956a91.11.1740707069702; Thu, 27 Feb 2025 17:44:29 -0800 (PST) Date: Fri, 28 Feb 2025 01:44:16 +0000 In-Reply-To: <20250228014416.3925664-1-vannapurve@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250228014416.3925664-1-vannapurve@google.com> X-Mailer: git-send-email 2.48.1.711.g2feabab25a-goog Message-ID: <20250228014416.3925664-4-vannapurve@google.com> Subject: [PATCH v7 3/3] x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling From: Vishal Annapurve To: dave.hansen@linux.intel.com, kirill.shutemov@linux.intel.com, jgross@suse.com, ajay.kaher@broadcom.com, ak@linux.intel.com, tony.luck@intel.com, thomas.lendacky@amd.com Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, pbonzini@redhat.com, seanjc@google.com, kai.huang@intel.com, chao.p.peng@linux.intel.com, isaku.yamahata@gmail.com, sathyanarayanan.kuppuswamy@linux.intel.com, erdemaktas@google.com, ackerleytng@google.com, jxgao@google.com, sagis@google.com, afranji@google.com, kees@kernel.org, jikos@kernel.org, peterz@infradead.org, x86@kernel.org, linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev, virtualization@lists.linux.dev, bcm-kernel-feedback-list@broadcom.com, Vishal Annapurve Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Direct HLT instruction execution causes #VEs for TDX VMs which is routed to hypervisor via TDCALL. safe_halt() routines execute HLT in STI-shadow so IRQs need to remain disabled until the TDCALL to ensure that pending IRQs are correctly treated as wake events. Emit warning and fail emulation if IRQs are enabled during HLT #VE handling to avoid running into scenarios where IRQ wake events are lost resulting in indefinite HLT execution times. Reviewed-by: Kirill A. Shutemov Signed-off-by: Vishal Annapurve Tested-by: Ryan Afranji --- arch/x86/coco/tdx/tdx.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 6aad910d119d..a97ddc6a52c3 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -393,6 +393,14 @@ static int handle_halt(struct ve_info *ve) { const bool irq_disabled =3D irqs_disabled(); =20 + /* + * HLT with IRQs enabled is unsafe, as an IRQ that is intended to be a + * wake event may be consumed before requesting HLT emulation, leaving + * the vCPU blocking indefinitely. + */ + if (WARN_ONCE(!irq_disabled, "HLT emulation with IRQs enabled")) + return -EIO; + if (__halt(irq_disabled)) return -EIO; =20 --=20 2.48.1.711.g2feabab25a-goog