Re: [PATCH v4 11/12] x86/virt/tdx: Make TDX_MODULE_CALL handle SEAMCALL #UD and #GP

[kirill . shutemov]

On Tue, Aug 15, 2023 at 11:02:05PM +1200, Kai Huang wrote:
> SEAMCALL instruction causes #UD if the CPU isn't in VMX operation.
> Currently the TDX_MODULE_CALL assembly doesn't handle #UD, thus making
> SEAMCALL when VMX is disabled would cause Oops.
> 
> Unfortunately, there are legal cases that SEAMCALL can be made when VMX
> is disabled.  For instance, VMX can be disabled due to emergency reboot
> while there are still TDX guests running.
> 
> Extend the TDX_MODULE_CALL assembly to return an error code for #UD to
> handle this case gracefully, e.g., KVM can then quietly eat all SEAMCALL
> errors caused by emergency reboot.
> 
> SEAMCALL instruction also causes #GP when TDX isn't enabled by the BIOS.
> Use _ASM_EXTABLE_FAULT() to catch both exceptions with the trap number
> recorded, and define two new error codes by XORing the trap number to
> the TDX_SW_ERROR.  This opportunistically handles #GP too while using
> the same simple assembly code.
> 
> A bonus is when kernel mistakenly calls SEAMCALL when CPU isn't in VMX
> operation, or when TDX isn't enabled by the BIOS, or when the BIOS is
> buggy, the kernel can get a nicer error code rather than a less
> understandable Oops.
> 
> This is basically based on Peter's code.
> 
> Cc: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
> Cc: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
> Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
> Suggested-by: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
> Signed-off-by: Kai Huang <kai.huang@xxxxxxxxx>

Reviewed-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>

-- 
  Kiryl Shutsemau / Kirill A. Shutemov