From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by mx.groups.io with SMTP id smtpd.web10.10153.1635243907429266884
 for <devel@edk2.groups.io>;
 Tue, 26 Oct 2021 03:25:07 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=GjDNfBhs;
 spf=pass (domain: redhat.com, ip: 170.10.133.124, mailfrom: kraxel@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1635243906;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=dhyOu3HPnZ9cfS3YMJ2HFvyugL7+VFFpAGvDGX7N1L0=;
	b=GjDNfBhsBZCZzN94DqufBxdS1yGeet+oSBOagxK+nTIKnLWQtP3nzAct2+gD6Tl6g9CjXo
	RtAZn2GdmLJ8BO0FfxWoVGkYaTOwm6Sd8a1rS7YgyhSA8at3+L74+M3iGOETvFw++38UXs
	Eo7uMeanYqcqErIJ8yo8poDo0w+bSz8=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-198-S8kH-A29OMKCOSdOd3BhVg-1; Tue, 26 Oct 2021 06:25:02 -0400
X-MC-Unique: S8kH-A29OMKCOSdOd3BhVg-1
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id CF57A5074B;
	Tue, 26 Oct 2021 10:25:00 +0000 (UTC)
Received: from sirius.home.kraxel.org (unknown [10.39.192.23])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 81711100E809;
	Tue, 26 Oct 2021 10:25:00 +0000 (UTC)
Received: by sirius.home.kraxel.org (Postfix, from userid 1000)
	id DCD6D18007A4; Tue, 26 Oct 2021 12:24:58 +0200 (CEST)
Date: Tue, 26 Oct 2021 12:24:58 +0200
From: "Gerd Hoffmann" <kraxel@redhat.com>
To: "Xu, Min M" <min.m.xu@intel.com>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	"Yao, Jiewen" <jiewen.yao@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	"Dong, Eric" <eric.dong@intel.com>, "Ni, Ray" <ray.ni@intel.com>,
	"Kumar, Rahul1" <rahul1.kumar@intel.com>
Subject: Re: [edk2-devel] [PATCH V2 12/28] UefiCpuPkg/CpuExceptionHandler: Add base support for the #VE exception
Message-ID: <20211026102458.pvzp5nxyegq7ftuu@sirius.home.kraxel.org>
References: <cover.1633401643.git.min.m.xu@intel.com>
 <24d3a351f21bff1a4b20490313d039e403b1453c.1633401643.git.min.m.xu@intel.com>
 <20211012102716.wr6bao42f5hviz5z@sirius.home.kraxel.org>
 <PH0PR11MB50649BC1303B39C3054F7054C5849@PH0PR11MB5064.namprd11.prod.outlook.com>
 <20211026061148.omqerrswnpgs3jin@sirius.home.kraxel.org>
 <PH0PR11MB5064DBBEDB455EF8B1C2D81FC5849@PH0PR11MB5064.namprd11.prod.outlook.com>
MIME-Version: 1.0
In-Reply-To: <PH0PR11MB5064DBBEDB455EF8B1C2D81FC5849@PH0PR11MB5064.namprd11.prod.outlook.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=kraxel@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

  Hi,

> > > So it has to be implemented inside the exception lib.
> > 
> > Well, no, you can also change the code to avoid triggering an exception.
> > 
> > Adding a new lib for the exception means the lib must be added into each
> > and every *.dsc file (either the tdx impl or the null variant), not only in the
> > tianocore core itself but also all projects depending on tianocore.
> > 
> > So IMHO it is worth checking out how much effort it would be to avoid early
> > (before component registration) exceptions.
> > 
> > Which early exception do actually happen?
> > 
> RegisterCpuInterfaceHandler() is not supported in SEC/PEI phase. But there are still some scenarios in SEC/PEI which will trigger #VE.
>  CPUID is the sample. See below call chain in CpuMpPei.
> InitializeCpuMpWorker --> CollectBitsDataFromPpi --> MpInitLibGetProcessorInfo --> GetProcessorLocationByApicId()

Bad example ;)

TDX needs its own Mp implementations anyway, so that
one specifically should be quite easy to avoid.

> Actually #VE handler follows the same way as #VC handler (by SEV). See discussions in below link.
> https://edk2.groups.io/g/devel/topic/73201885

I guess the list of instructions which trap on tdx is quite simliar
to sev?  cpuid, msr access, io instructions?

I suspect there isn't an easy way around that then (as discussed at
length in the email thread linked, thanks for that).

How about adding the tdx exception handler to the existing library, so
we don't have the churn of adding a new library everywhere *again*?

take care,
  Gerd