Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp961852imw;
        Fri, 15 Jul 2022 16:57:02 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1sVA/2iTvQxy1TpaV+meHhDiIsuqR4kh5W/r2UjnKBw2IcJvJewZvPKVhGRgwB4BrZytkdZ
X-Received: by 2002:a05:6a00:170f:b0:525:467c:3516 with SMTP id h15-20020a056a00170f00b00525467c3516mr16278354pfc.22.1657929421823;
        Fri, 15 Jul 2022 16:57:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1657929421; cv=none;
        d=google.com; s=arc-20160816;
        b=QYX9CR50TeeaDDs3HoZd6JQQo+8EexyUxi6yVFPnD104Zx1naduMUivELYRqNr/wfS
         410Vnf26g+sJ2yK8qr/799Oq3sjLiscq761WUiseDPjSM+AX3z/bV01qkcLhCE2FfLcc
         e51ZiUd4cr8nslzdi/V7CGsGU0o6zCN3wro6NScdtlc3pVEnzLCuGnFWjq4UfnY5X/iV
         lKRWCSjQ+ahM/ppYVnkw82YdfCmO/awq1/pvNLBFAwMG99eDfJaOPP1uT6TVgMEo+unH
         Htqr2Abkk8f5oDR7dg5W7jpYzzrTNnKbslvimqHgZDZJa+CDkvied7G801tiGadGHF+S
         +JJA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:from:subject:references:mime-version
         :message-id:in-reply-to:date:reply-to:dkim-signature;
        bh=yUjqGaXxNRIkWFGwl+2pUdgstDXS94lxvTblB9yzYuE=;
        b=R0IhGoPLRbUZC4xwOkikFN+CLynqVMOYTXkIM96Ei5iRIkss272diNdiRg/60orn49
         r5cvF3Z6xePxf8P6NNipZXDGlzJTTT8HzU6UwyMJrXCcwfUDvjm9v2yBXSVnV0okQXtS
         sI6tONPdm+9lTO3H5mUrT2Go3HwVOuYw1fY2iQcumoGG/dMMXOD5kt564J129o++5klI
         LwcdhPCGgryC39wjPlRxDVlIKJbrVwxATs6j4WquCJjI0JwvZ2kcmaiTCnrHai0MWUaN
         fzM1tnmZ+yp2rbvjZ0tj8VeCFnWlk/eA0jDJgXl+i1XGJYsysZ3fXmQ6n0cXVE+vGCFW
         QXwg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=d0Htqcng;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id j12-20020a170903024c00b00164db3d3ae3si8360560plh.321.2022.07.15.16.56.46;
        Fri, 15 Jul 2022 16:57:01 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=d0Htqcng;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230350AbiGOXA5 (ORCPT <rfc822;algowarbles@gmail.com>
        + 99 others); Fri, 15 Jul 2022 19:00:57 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59746 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230241AbiGOXA1 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 15 Jul 2022 19:00:27 -0400
Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 296844D4EB
        for <linux-kernel@vger.kernel.org>; Fri, 15 Jul 2022 16:00:25 -0700 (PDT)
Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-31cbcba2f28so49521767b3.19
        for <linux-kernel@vger.kernel.org>; Fri, 15 Jul 2022 16:00:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=reply-to:date:in-reply-to:message-id:mime-version:references
         :subject:from:to:cc;
        bh=yUjqGaXxNRIkWFGwl+2pUdgstDXS94lxvTblB9yzYuE=;
        b=d0HtqcngCGEWckrmfolh8CY2i0XJnzrFb5U6PGDeVR1h0nBWTx0oQovQksQedcqaw5
         rNIEvehYP/e2WByw7UXCle8v5tnX9eUF2ixPX/LeaN32FU0RS43PhyHsktjm7mRl9kCx
         doOlYb7OJsbiz3CvdzNyLZJfaxmHMCvjtfJF3wTxPbYjHHoz9N2QJslDF/oOxCp1ysxU
         sEAKUl41bbj251CIbRBdBNFCB3nPXrHNA1IXyyN8rh9ycMtnsuGKxk9kPqTN/nUgyl6t
         ibjUEGvETaptRy5VB8ovSHwrKh1+6LxooBefTD6Tv8D2FL9GLC7UBbdFtd3ghJwAqq47
         0eAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:reply-to:date:in-reply-to:message-id
         :mime-version:references:subject:from:to:cc;
        bh=yUjqGaXxNRIkWFGwl+2pUdgstDXS94lxvTblB9yzYuE=;
        b=kGoGXYoOafQctrzz39rP9nQLHSMN1ivxnV6uWoHADEtov+v3UmM/Kkp70Un+V1tngp
         6YpCEXaWtlyVJGN/SH8dlJZxYPZfOsKPLsZlZm3XgphPvILzUHldm/0H3W75AQLe9D56
         1axY2sl/lnJLda1Cvl/Ag+Prkcxpy+RhYAmUJdBGQTDyWgi1KhWtsQCCZ4TuJY+cV95f
         EYEdF3B7solZcLIY/gbQHAeL0I5n7bKJs/gUd1wlI2s97SNeN/RykoF6fC6aCVx3pQ6C
         ZkZZN0pIFJtpeH1ABE2Zw09zj8+u99a/VphippelM6X9WbuXharAHF6Tgfm8mtj2A/Yj
         W+xQ==
X-Gm-Message-State: AJIora8smm1/a8QMEms4TTGTEEUd5LFAd/mMqWrxXTEvcGfJmyHLTeT0
        +qU8op7bdq8EeaiBh8XcI0LLP/W4/Og=
X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a81:13d7:0:b0:31c:c22b:4727 with SMTP id
 206-20020a8113d7000000b0031cc22b4727mr19236561ywt.38.1657926024502; Fri, 15
 Jul 2022 16:00:24 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date:   Fri, 15 Jul 2022 23:00:15 +0000
In-Reply-To: <20220715230016.3762909-1-seanjc@google.com>
Message-Id: <20220715230016.3762909-4-seanjc@google.com>
Mime-Version: 1.0
References: <20220715230016.3762909-1-seanjc@google.com>
X-Mailer: git-send-email 2.37.0.170.g444d1eabd0-goog
Subject: [PATCH 3/4] KVM: x86/mmu: Add shadow mask for effective host MTRR memtype
From:   Sean Christopherson <seanjc@google.com>
To:     Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>
Cc:     kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Add shadow_memtype_mask to capture that EPT needs a non-zero memtype mask
instead of relying on TDP being enabled, as NPT doesn't need a non-zero
mask.  This is a glorified nop as kvm_x86_ops.get_mt_mask() returns zero
for NPT anyways.

No functional change intended.

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/mmu/spte.c | 21 ++++++++++++++++++---
 arch/x86/kvm/mmu/spte.h |  1 +
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kvm/mmu/spte.c b/arch/x86/kvm/mmu/spte.c
index fb1f17504138..7314d27d57a4 100644
--- a/arch/x86/kvm/mmu/spte.c
+++ b/arch/x86/kvm/mmu/spte.c
@@ -33,6 +33,7 @@ u64 __read_mostly shadow_mmio_value;
 u64 __read_mostly shadow_mmio_mask;
 u64 __read_mostly shadow_mmio_access_mask;
 u64 __read_mostly shadow_present_mask;
+u64 __read_mostly shadow_memtype_mask;
 u64 __read_mostly shadow_me_value;
 u64 __read_mostly shadow_me_mask;
 u64 __read_mostly shadow_acc_track_mask;
@@ -161,10 +162,10 @@ bool make_spte(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp,
 
 	if (level > PG_LEVEL_4K)
 		spte |= PT_PAGE_SIZE_MASK;
-	if (tdp_enabled)
+
+	if (shadow_memtype_mask)
 		spte |= static_call(kvm_x86_get_mt_mask)(vcpu, gfn,
-			kvm_is_mmio_pfn(pfn));
-
+							 kvm_is_mmio_pfn(pfn));
 	if (host_writable)
 		spte |= shadow_host_writable_mask;
 	else
@@ -391,6 +392,13 @@ void kvm_mmu_set_ept_masks(bool has_ad_bits, bool has_exec_only)
 	shadow_nx_mask		= 0ull;
 	shadow_x_mask		= VMX_EPT_EXECUTABLE_MASK;
 	shadow_present_mask	= has_exec_only ? 0ull : VMX_EPT_READABLE_MASK;
+	/*
+	 * EPT overrides the host MTRRs, and so KVM must program the desired
+	 * memtype directly into the SPTEs.  Note, this mask is just the mask
+	 * of all bits that factor into the memtype, the actual memtype must be
+	 * dynamically calculated, e.g. to ensure host MMIO is mapped UC.
+	 */
+	shadow_memtype_mask	= VMX_EPT_MT_MASK | VMX_EPT_IPAT_BIT;
 	shadow_acc_track_mask	= VMX_EPT_RWX_MASK;
 	shadow_host_writable_mask = EPT_SPTE_HOST_WRITABLE;
 	shadow_mmu_writable_mask  = EPT_SPTE_MMU_WRITABLE;
@@ -441,6 +449,13 @@ void kvm_mmu_reset_all_pte_masks(void)
 	shadow_nx_mask		= PT64_NX_MASK;
 	shadow_x_mask		= 0;
 	shadow_present_mask	= PT_PRESENT_MASK;
+
+	/*
+	 * For shadow paging and NPT, KVM uses PAT entry '0' to encode WB
+	 * memtype in the SPTEs, i.e. relies on host MTRRs to provide the
+	 * correct memtype (WB is the "weakest" memtype).
+	 */
+	shadow_memtype_mask	= 0;
 	shadow_acc_track_mask	= 0;
 	shadow_me_mask		= 0;
 	shadow_me_value		= 0;
diff --git a/arch/x86/kvm/mmu/spte.h b/arch/x86/kvm/mmu/spte.h
index ba3dccb202bc..cabe3fbb4f39 100644
--- a/arch/x86/kvm/mmu/spte.h
+++ b/arch/x86/kvm/mmu/spte.h
@@ -147,6 +147,7 @@ extern u64 __read_mostly shadow_mmio_value;
 extern u64 __read_mostly shadow_mmio_mask;
 extern u64 __read_mostly shadow_mmio_access_mask;
 extern u64 __read_mostly shadow_present_mask;
+extern u64 __read_mostly shadow_memtype_mask;
 extern u64 __read_mostly shadow_me_value;
 extern u64 __read_mostly shadow_me_mask;
 
-- 
2.37.0.170.g444d1eabd0-goog