Re: [PATCH v19 029/130] KVM: TDX: Add C wrapper functions for SEAMCALLs to the TDX module

From: Huang, Kai
Date: Fri Mar 22 2024 - 00:33:41 EST


> >
> > So how about we have some macros:
> >
> > static inline bool is_seamcall_err_kernel_defined(u64 err)
> > {
> > return err & TDX_SW_ERROR;
> > }
> >
> > #define TDX_KVM_SEAMCALL(_kvm, _seamcall_func, _fn, _args) \
> > ({ \
> > u64 _ret = _seamcall_func(_fn, _args);
> > KVM_BUG_ON(_kvm, is_seamcall_err_kernel_defined(_ret));
> > _ret;
> > })
>
> As we can move out KVM_BUG_ON() to the call site, we can simply have
> seamcall() or seamcall_ret().
> The call site has to check error. whether it is TDX_SW_ERROR or not.
> And if it hit the unexpected error, it will mark the guest bugged.

How many call sites are we talking about?

I think handling KVM_BUG_ON() in macro should be able to eliminate bunch of
individual KVM_BUG_ON()s in these call sites?

>
>
> > #define tdx_kvm_seamcall(_kvm, _fn, _args) \
> > TDX_KVM_SEAMCALL(_kvm, seamcall, _fn, _args)
> >
> > #define tdx_kvm_seamcall_ret(_kvm, _fn, _args) \
> > TDX_KVM_SEAMCALL(_kvm, seamcall_ret, _fn, _args)
> >
> > #define tdx_kvm_seamcall_saved_ret(_kvm, _fn, _args) \
> > TDX_KVM_SEAMCALL(_kvm, seamcall_saved_ret, _fn, _args)
> >
> > This is consistent with what we have in TDX host code, and this handles
> > NO_ENTROPY error internally.
> >
> >

[...]

> >
> > > Because only TDH.MNG.CREATE() and TDH.MNG.ADDCX() can return TDX_RND_NO_ENTROPY, > we can use __seamcall(). The TDX spec doesn't guarantee such error code
> > > convention. It's very unlikely, though.
> >
> > I don't quite follow the "convention" part. Can you elaborate?
> >
> > NO_ENTROPY is already handled in seamcall() variants. Can we just use them
> > directly?
>
> I intended for bad code generation. If the loop on NO_ENTRY error harms the
> code generation, we might be able to use __seamcall() or __seamcall_ret()
> instead of seamcall(), seamcall_ret().

This doesn't make sense to me.

Firstly, you have to *prove* the loop generates worse code.

Secondly, if it does generate worse code, and we care about it, we should fix it
in the host seamcall() code. No?