Re: [PATCH 03/26] x86/tdx: Add __tdx_module_call() and __tdx_hypercall() helper functions

From: Kirill A. Shutemov
Date: Thu Dec 23 2021 - 12:00:29 EST

Next message: Hans de Goede: "Re: [PATCH v3 0/8] platform/x86: introduce p2sb_bar() helper"
Previous message: José Expósito: "Re: [PATCH v2 1/6] drm/plane: Make format_mod_supported truly optional"
In reply to: Borislav Petkov: "Re: [PATCH 03/26] x86/tdx: Add __tdx_module_call() and __tdx_hypercall() helper functions"
Next in thread: Borislav Petkov: "Re: [PATCH 03/26] x86/tdx: Add __tdx_module_call() and __tdx_hypercall() helper functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Dec 21, 2021 at 08:11:45PM +0100, Borislav Petkov wrote:
> On Tue, Dec 14, 2021 at 06:02:41PM +0300, Kirill A. Shutemov wrote:
> > From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx>
> >
> > Guests communicate with VMMs with hypercalls. Historically, these
> > are implemented using instructions that are known to cause VMEXITs
> > like VMCALL, VMLAUNCH, etc. However, with TDX, VMEXITs no longer
> > expose the guest state to the host. This prevents the old hypercall
> > mechanisms from working. So, to communicate with VMM, TDX
> > specification defines a new instruction called TDCALL.
> >
> > In a TDX based VM, since the VMM is an untrusted entity, an intermediary
> > layer (TDX module) exists in the CPU to facilitate secure communication
>
> in the CPU?!
>
> I think you wanna say, "it is loaded like a firmware into a special CPU
> mode called SEAM..." or so.

What about this?

In a TDX based VM, since the VMM is an untrusted entity, an intermediary
layer -- TDX module -- facilitates secure communication between the host
and the guest. TDX module is loaded like a firmware into a special CPU
mode called SEAM. TDX guests communicate with the TDX module using the
TDCALL instruction.

Does it look fine?

> > (using the TDCALL instruction).
> >
> > __tdx_hypercall() - Used by the guest to request services from the
> > VMM (via TDVMCALL).
> > __tdx_module_call() - Used to communicate with the TDX Module (via
> > TDCALL).
>
> "module". No need to capitalize every word like in CPU manuals.

Okay, I will change it globally over the whole patchset.

> > Originally-by: Sean Christopherson <seanjc@xxxxxxxxxx>
>
> Just state that in free text in the commit message:
>
> "Based on a previous patch by Sean... "

Okay.

> > + /*
> > + * Since this function can be initiated without an output pointer,
> > + * check if caller provided an output struct before storing
> > + * output registers.
> > + */
> > + test %r12, %r12
> > + jz mcall_done
>
> All those local label names need to be prefixed with .L so that they
> don't appear in the vmlinux symbol table unnecessarily:
>
> jz .Lno_output_struct

Ah, okay. I did not know about special treatment for .L labels.
Again, will check whole patchset.

--
Kirill A. Shutemov

Next message: Hans de Goede: "Re: [PATCH v3 0/8] platform/x86: introduce p2sb_bar() helper"
Previous message: José Expósito: "Re: [PATCH v2 1/6] drm/plane: Make format_mod_supported truly optional"
In reply to: Borislav Petkov: "Re: [PATCH 03/26] x86/tdx: Add __tdx_module_call() and __tdx_hypercall() helper functions"
Next in thread: Borislav Petkov: "Re: [PATCH 03/26] x86/tdx: Add __tdx_module_call() and __tdx_hypercall() helper functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]