Received: by 2002:a05:6358:e9c4:b0:b2:91dc:71ab with SMTP id hc4csp4113180rwb; Sun, 7 Aug 2022 15:24:51 -0700 (PDT) X-Google-Smtp-Source: AA6agR7/RErg4d7y7anAdwNNVjdwTae2Z+iN9IG4Ov0czgJnYXftM9B1/CCQpJ0G1OtwPxWgOjhb X-Received: by 2002:a17:902:e804:b0:16f:4a25:b5be with SMTP id u4-20020a170902e80400b0016f4a25b5bemr16585837plg.171.1659911091317; Sun, 07 Aug 2022 15:24:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659911091; cv=none; d=google.com; s=arc-20160816; b=VZ2jR7mCMiDioNtS7TxWzmMjXw3ueURmYrWVt1v8Lt2ZrtkzigpK0vMxkk9U9F3bIF lT5ilC1dzeLl+Xcm60HnYjwLbgq8XUbISy62hfe+wZoelFGf23Okb3MJ1cJ4KaeBlZYY RaxYfWJPYDAt13uETiZPtVklA6JvXhBxHpnWE3wfT2dtSoUnD7PizL/1szmg1jlp0b8L 42RQmbyPFbvfUVAVhrxphcEC3rO+x9YlM0xIghR4D1zToZYw5XO84kxZ0wqDN+2q2szA CVKJ1yLVdngCeqUHQCvkutg59g07B6JZgVuqVf8sEbbKYvU0QERjV1RKMqXs866WkoWd dEDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=h+Lj0spqNnx9dIScrLZtVLjdEJlgP72evZimsoeWI8c=; b=EdST4n/0uWitVXqmqAwLj6XMVEEFL/cOPAJ/Wqqs2mVWD5mE9sdCpNbIkiBRf3MtB5 7KKi+wrrdy09SIhFCJrMnphTF3PfWKbRHo3g+QZTxC8wUu37oFxD08+8bfCG3KW8xHi7 x+cjmBJh+6DyalerbS4hdGS07+al1QloF7Jhq1G61l/2GaKzbxOTMwB7Il5NdTLFNn4H YHWBJEwIZLmkMrG5aAnyiWoVuL5pjB+2mQzmaffayckxyUKai32RucO/ffh+vNL0OyJT W5fqQuD09hy/7SfZ/9XkndrmFUNcF9ypMrhi6fdPLJywCVoir8pIET8znPUa/8OnxAD2 s2sQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=aViqYR00; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t6-20020a62d146000000b0051b904d9c7csi9693128pfl.251.2022.08.07.15.24.37; Sun, 07 Aug 2022 15:24:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=aViqYR00; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236715AbiHGWII (ORCPT + 99 others); Sun, 7 Aug 2022 18:08:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48534 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235784AbiHGWDX (ORCPT ); Sun, 7 Aug 2022 18:03:23 -0400 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C4B08B1CB; Sun, 7 Aug 2022 15:02:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1659909766; x=1691445766; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=1kOsyWF1rQOz8PwXeYJj3uZcQqMteH19Yq/k6YVjY3U=; b=aViqYR00yisJuTqBTD80U6mQ4gofiIxlNr8rNUXmnjN7FXVuosqkJMyv L4pKzkLOy0UALidUeNC8TYaXes0+n+nSYnxJXgeMH7M1MZh7SxqSPr5oQ fm7AtN3CzMihXOyqIl2t99PBmMOUaFs1oeuXKVFs0eqaoDXQ9mgQ2Bugt PYO/GkGrygXaO8opbR81Q6lHBkVHec4rk+bK8oRkUzoLPYE6/qbRaGSKr /S8lS/rPk/K6pvVKQ7eFsck4eqep6LupZhj0fx+FHSc/V2kvb1wdn6WN9 Gbnem2sC7wyZap0JiEF0S0iq6eU7hNXbM92WzPHllzM3sPCF5y9ZTevSB A==; X-IronPort-AV: E=McAfee;i="6400,9594,10432"; a="289224114" X-IronPort-AV: E=Sophos;i="5.93,220,1654585200"; d="scan'208";a="289224114" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Aug 2022 15:02:34 -0700 X-IronPort-AV: E=Sophos;i="5.93,220,1654585200"; d="scan'208";a="663682544" Received: from ls.sc.intel.com (HELO localhost) ([143.183.96.54]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Aug 2022 15:02:34 -0700 From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar Subject: [PATCH v8 034/103] KVM: x86/mmu: Disallow fast page fault on private GPA Date: Sun, 7 Aug 2022 15:01:19 -0700 Message-Id: <0182c7c97d56d2a1b8a8589cec38bf1691f17fe5.1659854790.git.isaku.yamahata@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Isaku Yamahata TDX requires TDX SEAMCALL to operate Secure EPT instead of direct memory access and TDX SEAMCALL is heavy operation. Fast page fault on private GPA doesn't make sense. Disallow fast page fault on private GPA. Signed-off-by: Isaku Yamahata Reviewed-by: Paolo Bonzini --- arch/x86/kvm/mmu/mmu.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 88fc2218fcc3..1f7f61e04b94 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -3231,8 +3231,16 @@ static int handle_abnormal_pfn(struct kvm_vcpu *vcpu, struct kvm_page_fault *fau return RET_PF_CONTINUE; } -static bool page_fault_can_be_fast(struct kvm_page_fault *fault) +static bool page_fault_can_be_fast(struct kvm *kvm, struct kvm_page_fault *fault) { + /* + * TDX private mapping doesn't support fast page fault because the EPT + * entry is read/written with TDX SEAMCALLs instead of direct memory + * access. + */ + if (kvm_is_private_gpa(kvm, fault->addr)) + return false; + /* * Page faults with reserved bits set, i.e. faults on MMIO SPTEs, only * reach the common page fault handler if the SPTE has an invalid MMIO @@ -3342,7 +3350,7 @@ static int fast_page_fault(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault) u64 *sptep = NULL; uint retry_count = 0; - if (!page_fault_can_be_fast(fault)) + if (!page_fault_can_be_fast(vcpu->kvm, fault)) return ret; walk_shadow_page_lockless_begin(vcpu); -- 2.25.1