Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp4549191imw;
        Tue, 19 Jul 2022 08:37:50 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1tbx3hDY5Rp9KeHNxw9yU2FApQbfbCJDBDaxzvWVkEHSEtCjKSHuvYZTJrLB7ZeDIaqR/dp
X-Received: by 2002:a17:90a:7e84:b0:1f0:f3de:ffb3 with SMTP id j4-20020a17090a7e8400b001f0f3deffb3mr30133997pjl.75.1658245070145;
        Tue, 19 Jul 2022 08:37:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1658245070; cv=none;
        d=google.com; s=arc-20160816;
        b=nTgOR1PyhkTqi1+47KqnK310svnPb+KBFe5Ammoeh+znb7utPIHMmN7janc0624d7b
         16Zad1KRX8Kg7EPcRnq9FYLqGR/8kEVJ2qbfbUE32s9UoVMBvYBBQXbU4356tx53QcJo
         mggrAWkQzabZU1M+HFi2+pOA54B18hBxNRtnbAfAwxs8ZPaKKZ7xISsGihNC9z2AnFrn
         8lpyyMLKpN6DDmT4ZSoiybaJOXbOm+EUadhFrAjWgqMOZWCYC4VhcBcMk9svQLAQj4Uc
         QRWLzO+z3+ZSJjLWYh1LNXysNJXmKVYIPfQ+yLQA24OkVILoPb0CYeSIpSUKTRhOob64
         0lUw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-transfer-encoding
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=UclPjRtdOz+JB3MGmSCiWOP3Nyp1MqXa2Tu7St3ZYEw=;
        b=AgmEclCteGPkJacgujyAAb0gTlaJw+Fl6XUcanrUQRWdDvYWWZs8vWPXWZapYfd6RH
         nR6jKl6C5nGyzpjMtey4f+NDgV6XvrT6dJlQoQmGjecMMXq9rR/1PsDu+GJNiAkd5u+r
         Q4Z/9h+ll8910ERiFAFa9WPuB5f9g3nw1isBXa9k+o8UNPCTZdGLnyVGiz52zNC0eW5+
         qsN8o9aryCIzTF9qwaKmG6r+4wHATqa7DqCQOdoUS5D/qZ5oKKhAiZiLYPbnwLJriMeF
         gb1vD/6t1ojn499ZHftKsU8E9NBKL0gzHBbwZkJTizePwpwKSeJIJSKL6+RK7EjuuHS6
         50tw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=VeaHRLR2;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id q18-20020a170902dad200b0016cd47ea0f0si15585605plx.613.2022.07.19.08.37.33;
        Tue, 19 Jul 2022 08:37:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=VeaHRLR2;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237498AbiGSPfm (ORCPT <rfc822;alexzyp@gmail.com> + 99 others);
        Tue, 19 Jul 2022 11:35:42 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40168 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S237501AbiGSPfh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 19 Jul 2022 11:35:37 -0400
Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 63EF0481C9;
        Tue, 19 Jul 2022 08:35:33 -0700 (PDT)
Received: by mail-pj1-x1036.google.com with SMTP id n4-20020a17090a73c400b001f1e87432c2so3379145pjk.3;
        Tue, 19 Jul 2022 08:35:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:content-transfer-encoding:in-reply-to;
        bh=UclPjRtdOz+JB3MGmSCiWOP3Nyp1MqXa2Tu7St3ZYEw=;
        b=VeaHRLR2ohg/rX6Q4nsJA+xJIpAiBUUJeYNVVO+FgIqY1Xm/6TgNhoiML5wnIS4qjn
         T68WGFcGA+E74i5mqeISw+Tkm0aAnjrux4m+xzObZc5jF7Ca+ziAGUiiJQ+EJLEUK5Rk
         9tcB/Vdcn1cltA+gV50KColR/yl4ulYgra2lLIz/kwn9p7PIQjUwr+ZbnVH7tboW5Lnc
         Got7mO75VXD/r1ks0i/7V1XwQOOds1tRov8rPaDl8GfijJyx5/a30lpPc4wJzU6tx5gB
         yUmJHk7P3+lNZGH12hBYPCZdS3QD4vjuR4oCP8OgUTG2JkOgJwdso+P8I0losgs8KP/l
         nLRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:content-transfer-encoding
         :in-reply-to;
        bh=UclPjRtdOz+JB3MGmSCiWOP3Nyp1MqXa2Tu7St3ZYEw=;
        b=wMu6nEmYDdhPBzyyXdvrSoc3oWQbgR0kznwj7STmta+mphJKW82meK54HHp7/X5DeI
         /d4Ozn8xqtDYRYiulJRTyiVpHzm2ytUriAgGocuF9k8RK7b0RKJKzDoHqAW7NlYMELbM
         fNRFGG7wm+T+iEhGXxdjovDhcTCv0JpV3JYIOOtt3oQyB9PAOYVCJnv/L+axypK9QpKk
         Xm+IU6kFtxGTEYj420ACb/1Sn7rMn+hTJhJotF7nBEzHwjTrZlSomewpMC8OONDBonH5
         iU6gJZvVHg1lEgR6v+iGGQETYa98Hg3Sqn6bDDipkZ1pJfwGaavtsi1/ko8bJV7Htzkl
         0WWg==
X-Gm-Message-State: AJIora9ljunzRk0FuX3QRmVkKNZgYean4GelpTv4dcThok5haOXZXJNz
        lOGbcKM/LDsSvZtsAPnD2KE=
X-Received: by 2002:a17:902:f606:b0:168:ecca:44e with SMTP id n6-20020a170902f60600b00168ecca044emr33389241plg.144.1658244932750;
        Tue, 19 Jul 2022 08:35:32 -0700 (PDT)
Received: from localhost (fmdmzpr02-ext.fm.intel.com. [192.55.54.37])
        by smtp.gmail.com with ESMTPSA id e15-20020a056a0000cf00b005255489187fsm11606247pfj.135.2022.07.19.08.35.31
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 19 Jul 2022 08:35:31 -0700 (PDT)
Date:   Tue, 19 Jul 2022 08:35:30 -0700
From:   Isaku Yamahata <isaku.yamahata@gmail.com>
To:     Kai Huang <kai.huang@intel.com>
Cc:     isaku.yamahata@intel.com, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org, isaku.yamahata@gmail.com,
        Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH v7 044/102] KVM: x86/mmu: Add a private pointer to struct
 kvm_mmu_page
Message-ID: <20220719153530.GZ1379820@ls.amr.corp.intel.com>
References: <cover.1656366337.git.isaku.yamahata@intel.com>
 <392839e09c48ff4e14a598ff6ed8bd56429bf17b.1656366338.git.isaku.yamahata@intel.com>
 <41fb3e95a9635757a79e73e38ecc3c7b3a37fd8d.camel@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <41fb3e95a9635757a79e73e38ecc3c7b3a37fd8d.camel@intel.com>
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
        RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Jul 01, 2022 at 11:12:44PM +1200,
Kai Huang <kai.huang@intel.com> wrote:

> On Mon, 2022-06-27 at 14:53 -0700, isaku.yamahata@intel.com wrote:
> > From: Isaku Yamahata <isaku.yamahata@intel.com>
> > 
> > For private GPA, CPU refers a private page table whose contents are
> > encrypted.  The dedicated APIs to operate on it (e.g. updating/reading its
> > PTE entry) are used and their cost is expensive.
> > 
> > When KVM resolves KVM page fault, it walks the page tables.  To reuse the
> > existing KVM MMU code and mitigate the heavy cost to directly walk
> > encrypted private page table, allocate a more page to mirror the existing
> > KVM page table.  Resolve KVM page fault with the existing code, and do
> > additional operations necessary for the mirrored private page table.  To
> > distinguish such cases, the existing KVM page table is called a shared page
> > table (i.e. no mirrored private page table), and the KVM page table with
> > mirrored private page table is called a private page table.  The
> > relationship is depicted below.
> > 
> > Add private pointer to struct kvm_mmu_page for mirrored private page table
> > and add helper functions to allocate/initialize/free a mirrored private
> > page table page.  Also, add helper functions to check if a given
> > kvm_mmu_page is private.  The later patch introduces hooks to operate on
> > the mirrored private page table.
> > 
> >               KVM page fault                     |
> >                      |                           |
> >                      V                           |
> >         -------------+----------                 |
> >         |                      |                 |
> >         V                      V                 |
> >      shared GPA           private GPA            |
> >         |                      |                 |
> >         V                      V                 |
> >  CPU/KVM shared PT root  KVM private PT root     |  CPU private PT root
> >         |                      |                 |           |
> >         V                      V                 |           V
> >      shared PT            private PT <----mirror----> mirrored private PT
> >         |                      |                 |           |
> >         |                      \-----------------+------\    |
> >         |                                        |      |    |
> >         V                                        |      V    V
> >   shared guest page                              |    private guest page
> >                                                  |
> >                            non-encrypted memory  |    encrypted memory
> >                                                  |
> > PT: page table
> > 
> > Both CPU and KVM refer to CPU/KVM shared page table.  Private page table
> > is used only by KVM.  CPU refers to mirrored private page table.
> 
> Shouldn't the private page table maintained by KVM be "mirrored private PT"?
> 
> To me "mirrored" normally implies it is fake, or backup which isn't actually
> used.  But here "mirrored private PT" is actually used by hardware.
> 
> And to me, "CPU and KVM" above are confusing.  For instance, "Both CPU and KVM
> refer to CPU/KVM shared page table" took me at least one minute to understand,
> with the help from the diagram -- otherwise I won't be able to understand.
> 
> I guess you can just say somewhere:
> 
> 1) Shared PT is visible to KVM and it is used by CPU;
> 1) Private PT is used by CPU but it is invisible to KVM;
> 2) Mirrored private PT is visible to KVM but not used by CPU.  It is used to
> mirror the actual private PT which is used by CPU.

I removed "mirror" word and use protected for encrypted page table.


    KVM: x86/mmu: Add a private pointer to struct kvm_mmu_page
    
    For private GPA, CPU refers a private page table whose contents are
    encrypted.  The dedicated APIs to operate on it (e.g. updating/reading its
    PTE entry) are used and their cost is expensive.
    
    When KVM resolves KVM page fault, it walks the page tables.  To reuse the
    existing KVM MMU code and mitigate the heavy cost to directly walk
    protected (encrypted) page table, allocate one more page to copy the
    protected page table for KVM MMU code to directly walk.  Resolve KVM page
    fault with the existing code, and do additional operations necessary for
    the protected page table.  To distinguish such cases, the existing KVM page
    table is called a shared page table (i.e. not associated with protected
    page table), and the page table with protected page table is called a
    private page table.  The relationship is depicted below.
    
    Add a private pointer to struct kvm_mmu_page for protected page table and
    add helper functions to allocate/initialize/free a protected page table
    page.  Also, add helper functions to check if a given kvm_mmu_page is
    private.  The later patch introduces hooks to operate on the protected page
    table.
    
                  KVM page fault                     |
                         |                           |
                         V                           |
            -------------+----------                 |
            |                      |                 |
            V                      V                 |
         shared GPA           private GPA            |
            |                      |                 |
            V                      V                 |
        shared PT root      private PT root          |    protected PT root
            |                      |                 |           |
            V                      V                 |           V
         shared PT            private PT ----propagate----> protected PT
            |                      |                 |           |
            |                      \-----------------+------\    |
            |                                        |      |    |
            V                                        |      V    V
      shared guest page                              |    private guest page
                                                     |
                               non-encrypted memory  |    encrypted memory
                                                     |
    PT: page table
    - Shared PT is visible to KVM and it is used by CPU.
    - Protected PT is used by CPU but it is invisible to KVM.
    - Private PT is visible to KVM but not used by CPU.  It is used to
      propagate PT change to the actual protected PT which is used by CPU.
    
    Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>

-- 
Isaku Yamahata <isaku.yamahata@gmail.com>