1/* SPDX-License-Identifier: GPL-2.0 */ 2#include <asm/asm-offsets.h> 3#include <asm/frame.h> 4#include <asm/asm.h> 5#include <asm/tdx.h> 6 7/* 8 * TDCALL and SEAMCALL are supported in Binutils >= 2.36. 9 */ 10#define tdcall .byte 0x66,0x0f,0x01,0xcc 11#define seamcall .byte 0x66,0x0f,0x01,0xcf 12 13/* 14 * TDX_MODULE_CALL - common helper macro for both 15 * TDCALL and SEAMCALL instructions. 16 * 17 * TDCALL - used by TDX guests to make requests to the 18 * TDX module and hypercalls to the VMM. 19 * SEAMCALL - used by TDX hosts to make requests to the 20 * TDX module. 21 * 22 *------------------------------------------------------------------------- 23 * TDCALL/SEAMCALL ABI: 24 *------------------------------------------------------------------------- 25 * Input Registers: 26 * 27 * RAX - TDCALL/SEAMCALL Leaf number. 28 * RCX,RDX,RDI,RSI,RBX,R8-R15 - TDCALL/SEAMCALL Leaf specific input registers. 29 * 30 * Output Registers: 31 * 32 * RAX - TDCALL/SEAMCALL instruction error code. 33 * RCX,RDX,RDI,RSI,RBX,R8-R15 - TDCALL/SEAMCALL Leaf specific output registers. 34 * 35 *------------------------------------------------------------------------- 36 * 37 * So while the common core (RAX,RCX,RDX,R8-R11) fits nicely in the 38 * callee-clobbered registers and even leaves RDI,RSI free to act as a 39 * base pointer, some leafs (e.g., VP.ENTER) make a giant mess of things. 40 * 41 * For simplicity, assume that anything that needs the callee-saved regs 42 * also tramples on RDI,RSI. This isn't strictly true, see for example 43 * TDH.EXPORT.MEM. 44 */ 45.macro TDX_MODULE_CALL host:req ret=0 saved=0 46 FRAME_BEGIN 47 48 /* Move Leaf ID to RAX */ 49 mov %rdi, %rax 50 51 /* Move other input regs from 'struct tdx_module_args' */ 52 movq TDX_MODULE_rcx(%rsi), %rcx 53 movq TDX_MODULE_rdx(%rsi), %rdx 54 movq TDX_MODULE_r8(%rsi), %r8 55 movq TDX_MODULE_r9(%rsi), %r9 56 movq TDX_MODULE_r10(%rsi), %r10 57 movq TDX_MODULE_r11(%rsi), %r11 58 59.if \saved 60 /* 61 * Move additional input regs from the structure. For simplicity 62 * assume that anything needs the callee-saved regs also tramples 63 * on RDI/RSI (see VP.ENTER). 64 */ 65 /* Save those callee-saved GPRs as mandated by the x86_64 ABI */ 66 pushq %rbx 67 pushq %r12 68 pushq %r13 69 pushq %r14 70 pushq %r15 71 72 movq TDX_MODULE_r12(%rsi), %r12 73 movq TDX_MODULE_r13(%rsi), %r13 74 movq TDX_MODULE_r14(%rsi), %r14 75 movq TDX_MODULE_r15(%rsi), %r15 76 movq TDX_MODULE_rbx(%rsi), %rbx 77 78.if \ret 79 /* Save the structure pointer as RSI is about to be clobbered */ 80 pushq %rsi 81.endif 82 83 movq TDX_MODULE_rdi(%rsi), %rdi 84 /* RSI needs to be done at last */ 85 movq TDX_MODULE_rsi(%rsi), %rsi 86.endif /* \saved */ 87 88.if \host 89.Lseamcall\@: 90 seamcall 91 /* 92 * SEAMCALL instruction is essentially a VMExit from VMX root 93 * mode to SEAM VMX root mode. VMfailInvalid (CF=1) indicates 94 * that the targeted SEAM firmware is not loaded or disabled, 95 * or P-SEAMLDR is busy with another SEAMCALL. %rax is not 96 * changed in this case. 97 * 98 * Set %rax to TDX_SEAMCALL_VMFAILINVALID for VMfailInvalid. 99 * This value will never be used as actual SEAMCALL error code as 100 * it is from the Reserved status code class. 101 */ 102 jc .Lseamcall_vmfailinvalid\@ 103.else 104 tdcall 105.endif 106 107.if \ret 108.if \saved 109 /* 110 * Restore the structure from stack to save the output registers 111 * 112 * In case of VP.ENTER returns due to TDVMCALL, all registers are 113 * valid thus no register can be used as spare to restore the 114 * structure from the stack (see "TDH.VP.ENTER Output Operands 115 * Definition on TDCALL(TDG.VP.VMCALL) Following a TD Entry"). 116 * For this case, need to make one register as spare by saving it 117 * to the stack and then manually load the structure pointer to 118 * the spare register. 119 * 120 * Note for other TDCALLs/SEAMCALLs there are spare registers 121 * thus no need for such hack but just use this for all. 122 */ 123 pushq %rax /* save the TDCALL/SEAMCALL return code */ 124 movq 8(%rsp), %rax /* restore the structure pointer */ 125 movq %rsi, TDX_MODULE_rsi(%rax) /* save RSI */ 126 popq %rax /* restore the return code */ 127 popq %rsi /* pop the structure pointer */ 128 129 /* Copy additional output regs to the structure */ 130 movq %r12, TDX_MODULE_r12(%rsi) 131 movq %r13, TDX_MODULE_r13(%rsi) 132 movq %r14, TDX_MODULE_r14(%rsi) 133 movq %r15, TDX_MODULE_r15(%rsi) 134 movq %rbx, TDX_MODULE_rbx(%rsi) 135 movq %rdi, TDX_MODULE_rdi(%rsi) 136.endif /* \saved */ 137 138 /* Copy output registers to the structure */ 139 movq %rcx, TDX_MODULE_rcx(%rsi) 140 movq %rdx, TDX_MODULE_rdx(%rsi) 141 movq %r8, TDX_MODULE_r8(%rsi) 142 movq %r9, TDX_MODULE_r9(%rsi) 143 movq %r10, TDX_MODULE_r10(%rsi) 144 movq %r11, TDX_MODULE_r11(%rsi) 145.endif /* \ret */ 146 147.if \saved && \ret 148 /* 149 * Clear registers shared by guest for VP.VMCALL/VP.ENTER to prevent 150 * speculative use of guest's/VMM's values, including those are 151 * restored from the stack. 152 * 153 * See arch/x86/kvm/vmx/vmenter.S: 154 * 155 * In theory, a L1 cache miss when restoring register from stack 156 * could lead to speculative execution with guest's values. 157 * 158 * Note: RBP/RSP are not used as shared register. RSI has been 159 * restored already. 160 * 161 * XOR is cheap, thus unconditionally do for all leafs. 162 */ 163 xorl %ecx, %ecx 164 xorl %edx, %edx 165 xorl %r8d, %r8d 166 xorl %r9d, %r9d 167 xorl %r10d, %r10d 168 xorl %r11d, %r11d 169 xorl %r12d, %r12d 170 xorl %r13d, %r13d 171 xorl %r14d, %r14d 172 xorl %r15d, %r15d 173 xorl %ebx, %ebx 174 xorl %edi, %edi 175.endif /* \ret && \host */ 176 177.if \host 178.Lout\@: 179.endif 180 181.if \saved 182 /* Restore callee-saved GPRs as mandated by the x86_64 ABI */ 183 popq %r15 184 popq %r14 185 popq %r13 186 popq %r12 187 popq %rbx 188.endif /* \saved */ 189 190 FRAME_END 191 RET 192 193.if \host 194.Lseamcall_vmfailinvalid\@: 195 mov $TDX_SEAMCALL_VMFAILINVALID, %rax 196 jmp .Lseamcall_fail\@ 197 198.Lseamcall_trap\@: 199 /* 200 * SEAMCALL caused #GP or #UD. By reaching here RAX contains 201 * the trap number. Convert the trap number to the TDX error 202 * code by setting TDX_SW_ERROR to the high 32-bits of RAX. 203 * 204 * Note cannot OR TDX_SW_ERROR directly to RAX as OR instruction 205 * only accepts 32-bit immediate at most. 206 */ 207 movq $TDX_SW_ERROR, %rdi 208 orq %rdi, %rax 209 210.Lseamcall_fail\@: 211.if \ret && \saved 212 /* pop the unused structure pointer back to RSI */ 213 popq %rsi 214.endif 215 jmp .Lout\@ 216 217 _ASM_EXTABLE_FAULT(.Lseamcall\@, .Lseamcall_trap\@) 218.endif /* \host */ 219 220.endm 221