Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp4423646imw;
        Thu, 7 Jul 2022 19:19:21 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1voydvZ/UvQdGXxww6cqv1YlMC+i8ZhQKaFywuV3cvVkLvXPjRGo6z/E6zQJlz7OCNV2R/M
X-Received: by 2002:a05:6a00:339a:b0:528:c5ed:7f98 with SMTP id cm26-20020a056a00339a00b00528c5ed7f98mr1143340pfb.9.1657246761493;
        Thu, 07 Jul 2022 19:19:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1657246761; cv=none;
        d=google.com; s=arc-20160816;
        b=ZfW2KQEYp9qQIKPnNSQud8G4v2hheYnrK3vuOfIaC0TNPnQcBX7BxbxHYrD3pUaT53
         gs9neaV77oC9etlvo+JtkTJ6yxRrH1G2Ia4tC17Pgp0fLa3E9RIYckFXDJOnLodh0ZZH
         FanOdPu4R9PhwSrXIKyMzIoc1zfy6hGtk/YSeqT3ksrkOilM73vCDtZesUyLhBt4skwZ
         ZLI2Sm/aFZQjvKrIsbCDMB9ELdnUevP7aAfSLfzEeAeDV7YZrziTEVQAjEApi2OXHajh
         sqzyYKqyxj0B4iXXW2SWORgkVuJGU6mg5jZj03odGQ2d/lvYa3DA3YzBSN/l3W+uPh0b
         LODQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:user-agent
         :content-transfer-encoding:references:in-reply-to:date:cc:to:from
         :subject:message-id:dkim-signature;
        bh=j/ReX2WYGPDFBC5g02XvjwbtpaIFQF/uD+zphFLmbPg=;
        b=UQdD8NOylOXyRzrvFHIr5xN7G6feIJ2jezFiUhEr43heBsF5NTxXDdvdWxMv+99Dqs
         y0JqzWt8kaR+VFERz1uvRwS7lVaMBXH4GbB3csTXyfTggXvutQmEIoGrU9xVPDhBa/uz
         tPIBzhpecsMazHkIqiNGPstbqxqJsUmwDutV2t7mXQ7Dq9kGU70zvPN6M9FsuS/a5DNb
         wpwADq+dgqkoXqkNapF1HAalPYZQpHtTFg2Yw3fS1YZwkFVsg948NvPFGJ/nEMnWMj5g
         oq+gnL+h8ec4nr1aLgMhEeuwGmTKgipHhfUPLVSfON2gM+WTcJLssT5HeOWjLBTndLqI
         Eovg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=NZskP09G;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id h12-20020a65468c000000b003fcaefeeec8si55110792pgr.115.2022.07.07.19.19.09;
        Thu, 07 Jul 2022 19:19:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=NZskP09G;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236881AbiGHCP0 (ORCPT <rfc822;alex.slater.dev@gmail.com>
        + 99 others); Thu, 7 Jul 2022 22:15:26 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47620 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229882AbiGHCPZ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 7 Jul 2022 22:15:25 -0400
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6E16671BF0;
        Thu,  7 Jul 2022 19:15:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1657246524; x=1688782524;
  h=message-id:subject:from:to:cc:date:in-reply-to:
   references:content-transfer-encoding:mime-version;
  bh=xw1SIqIwzFrSgi8+b3nUio7hEWEDpdkeZIzua3urlUE=;
  b=NZskP09Grwb3LfS+V3/pZejFcBKLyhr3LzkQrIguzrjvuRttTAurIO5b
   03qjDKj+a0CO0SLm6E+kFLXOkZZuRWDY/nYZww+jb2R8zovGdar4AY2GU
   ZAg05vLP7DOi7ZMln5W0AtI6SIATdkDOHCOICZSqqeBsgBzP5Sat28jAv
   ANuN+p/H2pcjFS9sTxBkX/JR8Xvgfh52xUrJMVKas9agO0GTKvFIbk8Uh
   UYIveO0+IujToH2Ii9HDWsBUvYy4byVmxY4iWwdZFriv7YhZpW56t/5vL
   WT6pEsd/L98JLkI6MsF4Kt4BevYPxWSTfFvibXRQA4Q288CNi0ABUrfrA
   A==;
X-IronPort-AV: E=McAfee;i="6400,9594,10401"; a="285295785"
X-IronPort-AV: E=Sophos;i="5.92,254,1650956400"; 
   d="scan'208";a="285295785"
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Jul 2022 19:15:23 -0700
X-IronPort-AV: E=Sophos;i="5.92,254,1650956400"; 
   d="scan'208";a="598226327"
Received: from pantones-mobl1.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.212.54.208])
  by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Jul 2022 19:15:22 -0700
Message-ID: <6cc36b662dffaf0aa2a2f389f073daa2d63a530b.camel@intel.com>
Subject: Re: [PATCH v7 033/102] KVM: x86/mmu: Add address conversion
 functions for TDX shared bits
From:   Kai Huang <kai.huang@intel.com>
To:     isaku.yamahata@intel.com, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org
Cc:     isaku.yamahata@gmail.com, Paolo Bonzini <pbonzini@redhat.com>,
        Rick Edgecombe <rick.p.edgecombe@intel.com>
Date:   Fri, 08 Jul 2022 14:15:20 +1200
In-Reply-To: <69f4b4942d5f17fad40a8d08556488b8e4b7954d.1656366338.git.isaku.yamahata@intel.com>
References: <cover.1656366337.git.isaku.yamahata@intel.com>
         <69f4b4942d5f17fad40a8d08556488b8e4b7954d.1656366338.git.isaku.yamahata@intel.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.44.2 (3.44.2-1.fc36) 
MIME-Version: 1.0
X-Spam-Status: No, score=-5.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 2022-06-27 at 14:53 -0700, isaku.yamahata@intel.com wrote:
> From: Rick Edgecombe <rick.p.edgecombe@intel.com>

I don't think this is appropriate any more.  You can add Co-developed-by I
guess.

>=20
> TDX repurposes one GPA bits (51 bit or 47 bit based on configuration) to
> indicate the GPA is private(if cleared) or shared (if set) with VMM.  If
> GPA.shared is set, GPA is converted existing conventional EPT pointed by
> EPTP.  If GPA.shared bit is cleared, GPA is converted by Secure-EPT(S-EPT=
)

Not sure whether Secure EPT has even been mentioned before in this series. =
 If
not, perhaps better to explain it here.  Or not sure whether you need to me=
ntion
S-EPT at all.

> TDX module manages.  VMM has to issue SEAM call to TDX module to operate =
on

SEAM call -> SEAMCALL

> S-EPT.  e.g. populating/zapping guest page or shadow page by TDH.PAGE.{AD=
D,
> REMOVE} for guest page, TDH.PAGE.SEPT.{ADD, REMOVE} S-EPT etc.

Not sure why you want to mention those particular SEAMCALLs.

>=20
> Several hooks needs to be added to KVM MMU to support TDX.  Add a functio=
n

needs -> need.

Not sure why you need first sentence at all.

But I do think you should mention adding per-VM scope 'gfn_shared_mask' thi=
ng.

> to check if KVM MMU is running for TDX and several functions for address
> conversation between private-GPA and shared-GPA.
>=20
> Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
> ---
>  arch/x86/include/asm/kvm_host.h |  2 ++
>  arch/x86/kvm/mmu.h              | 32 ++++++++++++++++++++++++++++++++
>  2 files changed, 34 insertions(+)
>=20
> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_h=
ost.h
> index e5d4e5b60fdc..2c47aab72a1b 100644
> --- a/arch/x86/include/asm/kvm_host.h
> +++ b/arch/x86/include/asm/kvm_host.h
> @@ -1339,7 +1339,9 @@ struct kvm_arch {
>  	 */
>  	u32 max_vcpu_ids;
> =20
> +#ifdef CONFIG_KVM_MMU_PRIVATE
>  	gfn_t gfn_shared_mask;
> +#endif

As Xiaoyao said, please introduce gfn_shared_mask in this patch.

And by applying this patch, nothing will prevent you to turn on INTEL_TDX_H=
OST
and KVM_INTEL, which also turns on KVM_MMU_PRIVATE.

So 'kvm_arch::gfn_shared_mask' is guaranteed to be 0?  If not, can legal
(shared) GFN for normal VM be potentially treated as private?

If yes, perhaps explicitly call out in changelog so people don't need to wo=
rry
about?

>  };
> =20
>  struct kvm_vm_stat {
> diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h
> index f8192864b496..ccf0ba7a6387 100644
> --- a/arch/x86/kvm/mmu.h
> +++ b/arch/x86/kvm/mmu.h
> @@ -286,4 +286,36 @@ static inline gpa_t kvm_translate_gpa(struct kvm_vcp=
u *vcpu,
>  		return gpa;
>  	return translate_nested_gpa(vcpu, gpa, access, exception);
>  }
> +
> +static inline gfn_t kvm_gfn_shared_mask(const struct kvm *kvm)
> +{
> +#ifdef CONFIG_KVM_MMU_PRIVATE
> +	return kvm->arch.gfn_shared_mask;
> +#else
> +	return 0;
> +#endif
> +}
> +
> +static inline gfn_t kvm_gfn_shared(const struct kvm *kvm, gfn_t gfn)
> +{
> +	return gfn | kvm_gfn_shared_mask(kvm);
> +}
> +
> +static inline gfn_t kvm_gfn_private(const struct kvm *kvm, gfn_t gfn)
> +{
> +	return gfn & ~kvm_gfn_shared_mask(kvm);
> +}
> +
> +static inline gpa_t kvm_gpa_private(const struct kvm *kvm, gpa_t gpa)
> +{
> +	return gpa & ~gfn_to_gpa(kvm_gfn_shared_mask(kvm));
> +}
> +
> +static inline bool kvm_is_private_gpa(const struct kvm *kvm, gpa_t gpa)
> +{
> +	gfn_t mask =3D kvm_gfn_shared_mask(kvm);
> +
> +	return mask && !(gpa_to_gfn(gpa) & mask);
> +}
> +
>  #endif