Received: by 2002:a05:6358:e9c4:b0:b2:91dc:71ab with SMTP id hc4csp4118831rwb; Sun, 7 Aug 2022 15:35:17 -0700 (PDT) X-Google-Smtp-Source: AA6agR5SJVBiQWlZEWo1bA0SJBxrsB1JOM8B12ns67WJOkIWVkftZ31PAijJrevN9J2Mf06/ti46 X-Received: by 2002:a17:90b:3ec1:b0:1f5:15a6:aaf5 with SMTP id rm1-20020a17090b3ec100b001f515a6aaf5mr17964581pjb.123.1659911717334; Sun, 07 Aug 2022 15:35:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659911717; cv=none; d=google.com; s=arc-20160816; b=sQ2sZguNXYzFnJQmEVNg+y3PQqmRnUNnBR6dSvBA51GRWnpuJi8N8R8xr6+wGWz0JY iu/5iQA7yZ8P7bdjBV/EeGnZMSnTS0kxAd/gqMzeCmaXh1QPYUR7yns0g3fDul8AldVS 0r/O0+0vCjw5sAa5+JKHpWVQ78KPGl8oIZbaIPi5oO1k2WvIsaF9aCdwpbtEYs1aVCGi 8IccheW+UCRamsHo+aNN++cw0xrdRHTIEX9tVDqzRwGdu0QgvMukGEQq5PVS6olXWz/I +Ub1qXcLnGerJUywJ0GjraAAnpzva0LM524usNgaVltYUlqjaQrzZ8xHjQ9wT2YGvBS5 uP8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=n6I36YwgUrPIFunnnJNco5RqGS/SVjK6viUXVW/PyOY=; b=BNX1m5QyzcIzpkSgbrnv8/8/8naRzvBV/dXM2fn4ucGLbjktKdR/qaGzOwUzYjq/eh SJZhnaP8Mn5MeDycSA8zKDwJ6fBJ4Q35ctqv/L5N+vn73GFkb5ZErRAsbhWPxR3sRFfC 4GMh1FLGXnm/CNfMMbaOpIhtg6w01xS/5vqUDK48SyC24yjfcM7fvonGrVRI3t9m1co6 rrNV/Y3ohWilSdLDWjc4wMpgc7yD55Hvc5TFpxcoArQ7HhwIDK41vEYYCETQEQk2iqoI y8dPF23MV+DHNPdofhMBcsbVt2VqGs9awC2RMog8wE+LhLGKXIq9CMn00warJaad5G6E IBfA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="jh/nndgi"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h17-20020a170902f71100b0016dd44dbe61si7178807plo.505.2022.08.07.15.35.03; Sun, 07 Aug 2022 15:35:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="jh/nndgi"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241820AbiHGWHF (ORCPT + 99 others); Sun, 7 Aug 2022 18:07:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48392 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233811AbiHGWDH (ORCPT ); Sun, 7 Aug 2022 18:03:07 -0400 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 167F19FEB; Sun, 7 Aug 2022 15:02:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1659909763; x=1691445763; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=8rMS/jes3ulTGlS+lCBjKfl2qZrmtV++3vHYTl2xsko=; b=jh/nndgi3wIO/cA9NQfRGyD3rR8aBjucevaKents9bagCNanfDEyaWMM RktCxPNObIfr3AwilT23E/xM4lkVhpWJJNWKDGY9Vi70XR1qV2UJpXx0O m67Iqc+yPgmi6jJ3YOK+QksoKYzuqGUDLPDmF9mrNFU9NE9M8KgFOWmhK ql6CkvOu7QycTb7flUUM0PCMeOfbsCx6mTsBTvEDMFKvabGdf8xCk3QYM 75EoymEYb+x+j2TsS+ARVY3WIZeAfUc9H/vYKu0cHZthAliq4aPUYwQNT iunQFRXggHWwQ/jABTqJEQjO3HWzlHjJwcyDkJDQr5OQsvmC4+FhsSdhG g==; X-IronPort-AV: E=McAfee;i="6400,9594,10432"; a="289224105" X-IronPort-AV: E=Sophos;i="5.93,220,1654585200"; d="scan'208";a="289224105" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Aug 2022 15:02:33 -0700 X-IronPort-AV: E=Sophos;i="5.93,220,1654585200"; d="scan'208";a="663682532" Received: from ls.sc.intel.com (HELO localhost) ([143.183.96.54]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Aug 2022 15:02:33 -0700 From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar Subject: [PATCH v8 030/103] KVM: x86/mmu: Add address conversion functions for TDX shared bit of GPA Date: Sun, 7 Aug 2022 15:01:15 -0700 Message-Id: <97e6f89f0460ac0b29392528e848cca2458b54c9.1659854790.git.isaku.yamahata@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Isaku Yamahata TDX repurposes one GPA bit (51 bit or 47 bit based on configuration) to indicate the GPA is private(if cleared) or shared (if set) with VMM. If GPA.shared is set, GPA is covered by the existing conventional EPT pointed by EPTP. If GPA.shared bit is cleared, GPA is covered by TDX module. VMM has to issue SEAMCALLs to operate. Add a member to remember GPA shared bit for each guest TDs, add address conversion functions between private GPA and shared GPA and test if GPA is private. Because struct kvm_arch (or struct kvm which includes struct kvm_arch. See kvm_arch_alloc_vm() that passes __GPF_ZERO) is zero-cleared when allocated, the new member to remember GPA shared bit is guaranteed to be zero with this patch unless it's initialized explicitly. Co-developed-by: Rick Edgecombe Signed-off-by: Rick Edgecombe Signed-off-by: Isaku Yamahata --- arch/x86/include/asm/kvm_host.h | 4 ++++ arch/x86/kvm/mmu.h | 32 ++++++++++++++++++++++++++++++++ arch/x86/kvm/vmx/tdx.c | 5 +++++ 3 files changed, 41 insertions(+) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index e856abbe80ab..6787d5214fd8 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1358,6 +1358,10 @@ struct kvm_arch { */ #define SPLIT_DESC_CACHE_MIN_NR_OBJECTS (SPTE_ENT_PER_PAGE + 1) struct kvm_mmu_memory_cache split_desc_cache; + +#ifdef CONFIG_KVM_MMU_PRIVATE + gfn_t gfn_shared_mask; +#endif }; struct kvm_vm_stat { diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index a99acec925eb..df9f79ee07d4 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -276,4 +276,36 @@ static inline gpa_t kvm_translate_gpa(struct kvm_vcpu *vcpu, return gpa; return translate_nested_gpa(vcpu, gpa, access, exception); } + +static inline gfn_t kvm_gfn_shared_mask(const struct kvm *kvm) +{ +#ifdef CONFIG_KVM_MMU_PRIVATE + return kvm->arch.gfn_shared_mask; +#else + return 0; +#endif +} + +static inline gfn_t kvm_gfn_shared(const struct kvm *kvm, gfn_t gfn) +{ + return gfn | kvm_gfn_shared_mask(kvm); +} + +static inline gfn_t kvm_gfn_private(const struct kvm *kvm, gfn_t gfn) +{ + return gfn & ~kvm_gfn_shared_mask(kvm); +} + +static inline gpa_t kvm_gpa_private(const struct kvm *kvm, gpa_t gpa) +{ + return gpa & ~gfn_to_gpa(kvm_gfn_shared_mask(kvm)); +} + +static inline bool kvm_is_private_gpa(const struct kvm *kvm, gpa_t gpa) +{ + gfn_t mask = kvm_gfn_shared_mask(kvm); + + return mask && !(gpa_to_gfn(gpa) & mask); +} + #endif diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 37272fe1e69f..36d2127cb7b7 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -753,6 +753,11 @@ static int tdx_td_init(struct kvm *kvm, struct kvm_tdx_cmd *cmd) kvm_tdx->xfam = td_params->xfam; kvm->max_vcpus = td_params->max_vcpus; + if (td_params->exec_controls & TDX_EXEC_CONTROL_MAX_GPAW) + kvm->arch.gfn_shared_mask = gpa_to_gfn(BIT_ULL(51)); + else + kvm->arch.gfn_shared_mask = gpa_to_gfn(BIT_ULL(47)); + out: /* kfree() accepts NULL. */ kfree(init_vm); -- 2.25.1