Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp2261402pxm; Fri, 4 Mar 2022 12:34:17 -0800 (PST) X-Google-Smtp-Source: ABdhPJwV6kI3KAIQo+uPOFTP9BWOjJaen3mDiv11y4ZpJyae4sfLolrxqITNXn62+Gw8KHjWyLZo X-Received: by 2002:a17:90a:9206:b0:1bc:30a6:5df4 with SMTP id m6-20020a17090a920600b001bc30a65df4mr12500529pjo.134.1646426057661; Fri, 04 Mar 2022 12:34:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646426057; cv=none; d=google.com; s=arc-20160816; b=Fh+GDZni3iQE1+Xa0xOZpCVy9nMlu4Y4GOZyJSiai/wjMmcFJPn5c7IPoqQI9TCxQS hk368mCtmn2UJb2CehNyGjcgqnUwfHLgokUUBQob3e5scP/9i7aBZXgVRwKaKGJiAgTq Z6vu2ZYrDHFlkvMyfqRM3VngUbq1X/DkCmH25NFPgOZERo13eKfqGTEs7HHRizopPF6R QsTxykWREPiscTVz6fIB9TOp1mhDyow1twVX3ZNF4/M3a+Z7X/3jYqrgtE5ZevrvV48j Zv+y8MEAwKKh0zDMPxLvURgOTSekbZfUagOo3ggnwptycyoljldBAtdo+znvmTiDWNbg L3/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=9ZQVcPWWKCpswR9o7GiFnCyInjNY+Lil7pIveRdgk2c=; b=0nKz1Ax1dQXIUtj6M9LcSdVfj80RLbUorqqi8rFuvzKFYCdsM3GlhXFTk+YPNS5OI8 oxN+132be8T1pqPs3jHaQmg2K8tzu5i7F4SJIaVDYz/kbBwcBnjBVdsIHrUKSWbMIlC3 fEFsOUsdrQHYWwt3X5mZ/+ICitT7TOUNFSLdDE/7mlCfFoiYdRSNnUFj9waGNCwnzgpV dLGTUCXziQla4Judbmyq0dTBKm7T0dAgFLUdZhsWbFK5czGOQ8W+0XWNosbbKqUfCLCc WuQo1nFMDcC3zC+FjFf6QTKY1dznGHUXkfsSBC9IeY4bEY3Lsj18s4dMBj7K6PnUy5dH pzgg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=G8rfl0w8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lb3-20020a17090b4a4300b001bd14e030c1si451716pjb.153.2022.03.04.12.34.02; Fri, 04 Mar 2022 12:34:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=G8rfl0w8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230074AbiCDUeW (ORCPT + 99 others); Fri, 4 Mar 2022 15:34:22 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55104 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229942AbiCDUcU (ORCPT ); Fri, 4 Mar 2022 15:32:20 -0500 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2C03B1EE25F; Fri, 4 Mar 2022 12:31:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1646425888; x=1677961888; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=chnZIe/+x3ImhR435lejLC/UcLc+ct7rVIglvt76Yfo=; b=G8rfl0w84hfIQzNW+0tr0sXs26qRQ7Srunk4d8RXjwgFJVX/wcIrqKlt cpVDvLGCVxck2LnDt9S0nhURztrgWk+uDjlSw0ITHCx5t96DaoVFsKL+6 3bo6E9RmVZCmV3oKZDcwgmWQ0FCyJLG+LU8+sA6vr1uEEAdoxPDjvHGZr 8ccY31AEl0vCrVMA5VNpyH0ADh2qfqbfOUxyOge9/yEJ2tCXK5/dOg37+ hPXKNjzxAvLOqXDeFV+q5dZI032TPyt0AreyHvpt2cB/vmGq+FOBaZt+9 taXdexFxVSd/rCtG8kgf8j6hQ7juzWUnUbyXL9S+ysDHpWZMoRq9oX77D g==; X-IronPort-AV: E=McAfee;i="6200,9189,10276"; a="251624223" X-IronPort-AV: E=Sophos;i="5.90,156,1643702400"; d="scan'208";a="251624223" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Mar 2022 11:50:27 -0800 X-IronPort-AV: E=Sophos;i="5.90,156,1643702400"; d="scan'208";a="552344399" Received: from ls.sc.intel.com (HELO localhost) ([143.183.96.54]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Mar 2022 11:50:27 -0800 From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini , Jim Mattson , erdemaktas@google.com, Connor Kuehl , Sean Christopherson Subject: [RFC PATCH v5 054/104] KVM: x86/tdp_mmu: Keep PRIVATE_PROHIBIT bit when zapping Date: Fri, 4 Mar 2022 11:49:10 -0800 Message-Id: <772b20e270b3451aea9714260f2c40ddcc4afe80.1646422845.git.isaku.yamahata@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Isaku Yamahata SPTE_PRIVATE_PROHIBIT specifies the share or private GPA is allowed or not. It needs to be kept over zapping the EPT entry. Currently the EPT entry is initialized shadow_init_value unconditionally to clear SPTE_PRIVATE_PROHIBIT bit. To carry SPTE_PRIVATE_PROHIBIT bit, introduce a helper function to get initial value for zapped entry with SPTE_PRIVATE_PROHIBIT bit. Replace shadow_init_value with it. Signed-off-by: Isaku Yamahata --- arch/x86/kvm/mmu/tdp_mmu.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c index 1949f81027a0..6d750563824d 100644 --- a/arch/x86/kvm/mmu/tdp_mmu.c +++ b/arch/x86/kvm/mmu/tdp_mmu.c @@ -610,6 +610,12 @@ static inline bool tdp_mmu_set_spte_atomic(struct kvm *kvm, return true; } +static u64 shadow_init_spte(u64 old_spte) +{ + return shadow_init_value | + (is_private_prohibit_spte(old_spte) ? SPTE_PRIVATE_PROHIBIT : 0); +} + static inline bool tdp_mmu_zap_spte_atomic(struct kvm *kvm, struct tdp_iter *iter) { @@ -641,7 +647,8 @@ static inline bool tdp_mmu_zap_spte_atomic(struct kvm *kvm, * shadow_init_value (which sets "suppress #VE" bit) so it * can be set when EPT table entries are zapped. */ - WRITE_ONCE(*rcu_dereference(iter->sptep), shadow_init_value); + WRITE_ONCE(*rcu_dereference(iter->sptep), + shadow_init_spte(iter->old_spte)); return true; } @@ -853,7 +860,8 @@ static bool zap_gfn_range(struct kvm *kvm, struct kvm_mmu_page *root, if (!shared) { /* see comments in tdp_mmu_zap_spte_atomic() */ - tdp_mmu_set_spte(kvm, &iter, shadow_init_value); + tdp_mmu_set_spte(kvm, &iter, + shadow_init_spte(iter.old_spte)); flush = true; } else if (!tdp_mmu_zap_spte_atomic(kvm, &iter)) { /* @@ -1038,11 +1046,14 @@ static int tdp_mmu_map_handle_target_level(struct kvm_vcpu *vcpu, new_spte = make_mmio_spte(vcpu, tdp_iter_gfn_unalias(vcpu->kvm, iter), pte_access); - else + else { wrprot = make_spte(vcpu, sp, fault->slot, pte_access, tdp_iter_gfn_unalias(vcpu->kvm, iter), fault->pfn, iter->old_spte, fault->prefetch, true, fault->map_writable, &new_spte); + if (is_private_prohibit_spte(iter->old_spte)) + new_spte |= SPTE_PRIVATE_PROHIBIT; + } if (new_spte == iter->old_spte) ret = RET_PF_SPURIOUS; @@ -1335,7 +1346,7 @@ static bool set_spte_gfn(struct kvm *kvm, struct tdp_iter *iter, * invariant that the PFN of a present * leaf SPTE can never change. * See __handle_changed_spte(). */ - tdp_mmu_set_spte(kvm, iter, shadow_init_value); + tdp_mmu_set_spte(kvm, iter, shadow_init_spte(iter->old_spte)); if (!pte_write(range->pte)) { new_spte = kvm_mmu_changed_pte_notifier_make_spte(iter->old_spte, -- 2.25.1