openhcl/tdx: debug register query on HW_INTERRUPT exit is expensive

[chris-oo]

Querying these debug registers via hypercall is expensive on this exit. We should not do the hypercall if not required. I think they're shared registers between L1 and L2, but need to confirm via spec / only do this if gdb-stub is enabled?

Specifically this call:

fn debug_regs(&mut self) -> Result<vp::DebugRegisters, Self::Error> {
        let mut values = [0u64.into(); 5];
        self.vp
            .runner
            .get_vp_registers(
                self.vtl,
&[
                    HvX64RegisterName::Dr0,
                    HvX64RegisterName::Dr1,
                    HvX64RegisterName::Dr2,
                    HvX64RegisterName::Dr3,
                    HvX64RegisterName::Dr6,
                ],
&mut values,
            )
            .map_err(vp_state::Error::GetRegisters)?;

[smalis-msft]

Dr0-3 should be marked as vtl-shared already, and so should be going to the kernel. Dr6 wasn't marked shared until just the other day, but it should be going through the kernel on tdx now too. See is_kernel_managed and is_vtl_shared_reg

[chris-oo]

Interesting, it must have been dr6 that was causing the hypercall. I've asked Niranjan to retest to confirm with latest main.

[jstarks]

Structurally, do we need to fix the kernel to never use a hypercall for CVMs? This seems like a possible security issue.

[chris-oo]

I'm not even sure the hypervisor can set anything unless the hardware debug flag is set for the TD, right? Otherwise the hypervisor shouldn't be able to mess with any state?

[jstarks]

My concern is that we have paths that will call into the hypervisor to access random registers. Whether the hypervisor can actually do anything on writes, it can return arbitrary data for reads.

We should never be querying lower VTL registers from the hypervisor with CVM. That code should be blocked.

[chris-oo]

That's true. We should probably make that change, i'll file it as a separate issue.