Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp554277rwb;
        Thu, 12 Jan 2023 09:15:19 -0800 (PST)
X-Google-Smtp-Source: AMrXdXvWQFjE2eQY0vPIBphds6B9tKgTY82xC0kWjgLKOecV5olIBBt7aNul5tvhRsz3LO99QaIe
X-Received: by 2002:a17:906:c18f:b0:7f7:a4ed:f2d4 with SMTP id g15-20020a170906c18f00b007f7a4edf2d4mr123913ejz.77.1673543719442;
        Thu, 12 Jan 2023 09:15:19 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673543719; cv=none;
        d=google.com; s=arc-20160816;
        b=XzFzpWEGD8ZdYvXYYav1AFqUjU8iQ5ey6+M0xyqs/hez8dK4Hmw14Yh6+aqkXBbOp2
         NLrw79yypke1ECxoiAwba3eg5RuHVdGTsQrYRneJv3PfdYjDFdL1FZwyWmF9IqJ8Qd/D
         c26zHdodDY7+HPbLnXF6i/17RgAkmQkc1n+Ztfd0DJQvgkswwOUCXBkEQ78u/Z8UedXJ
         z66G1V4sTMA7U4l2TuXMLwM/HudgYVxvGBzXc3W/QKuAaXKz/sHht/HeUx+9LMkZAkaU
         E/mDN/LM04u1Pj5lFEa+vJ80RGmxVvGGjg7FQV7K3ry3X5qdgbk0ALNZYLuup87+n6j6
         b99Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=MdTlvM+6L3wtdiLPi/Wb+EvdbzyYa1noKqjRr54VnwM=;
        b=aUsRwPBIwT/6lgfiVVuY3zLjOjske8CbM+ET+ARanffIuj2S7d1ISUL62p6PGBQZkl
         lyvH/mitTaBdTL33OtHn0CNNm7g5i5wRTnGtKYRMOe0rYGJ9pUIH6fDulTbJtiZfOu9q
         C7oRIWEJpGHFPxog/ixXPISIGf7MbkGvQLHAVdaMTuCnGs6oJgHrkSvuIagQMSnOXzZS
         YzwFqtOVoy3JHbwgqmItTLOg14YZLXDdA+1O0N+h1knjtTWlonsdyQKYhLcqSFO0v7EW
         c1X35VwTCosJ5CINRmzkaSthcWtuZDl/3ESAh+j1S8EuQOQHZ5gOFOWUu/BJS75q+vLe
         8Jwg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=TwhnAo3x;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id a18-20020a1709062b1200b007c1b8be3723si13752526ejg.197.2023.01.12.09.15.07;
        Thu, 12 Jan 2023 09:15:19 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=TwhnAo3x;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241306AbjALQoo (ORCPT <rfc822;a839024@gmail.com> + 50 others);
        Thu, 12 Jan 2023 11:44:44 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42036 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S239998AbjALQht (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 12 Jan 2023 11:37:49 -0500
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2483118396;
        Thu, 12 Jan 2023 08:33:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1673541239; x=1705077239;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=wlUqvjl7lmCsRVxjYwDxCeLaDvBxV/8y59RWEJKUld8=;
  b=TwhnAo3x0t/zjy4UAtW8Q6UY0OCAZti+u0shPwl1rEWdnsMTbszGOul2
   mdAQR30NIhjxvKMTdQi7mYwd1LSC8H1qOTGZiDgw11i6JN8aMwF2830A1
   s8Ukj3pLEofIaRvtguoMJ6Hsh1r//INwj3GlIrjEjHy7Lgjape00RP/Qv
   z6bkD8JzNOSRMrRHlcB8gXNVksghzsoh5CvKadwl+taLaCuDQrwd+GCJA
   JmIDfIpYCzWjkx6ZgEwYtny1myhiVVnmmHyVL84cSpqfalL4WovEc35LS
   vO4cPKiKlqHYvdRyJRzTY+WTdK1T51WFqNFDBdcAXuoSXjoMpUC5xIKst
   g==;
X-IronPort-AV: E=McAfee;i="6500,9779,10588"; a="323811784"
X-IronPort-AV: E=Sophos;i="5.97,211,1669104000"; 
   d="scan'208";a="323811784"
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jan 2023 08:33:24 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10588"; a="721151719"
X-IronPort-AV: E=Sophos;i="5.97,211,1669104000"; 
   d="scan'208";a="721151719"
Received: from ls.sc.intel.com (HELO localhost) ([143.183.96.54])
  by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jan 2023 08:33:24 -0800
From:   isaku.yamahata@intel.com
To:     kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Cc:     isaku.yamahata@intel.com, isaku.yamahata@gmail.com,
        Paolo Bonzini <pbonzini@redhat.com>, erdemaktas@google.com,
        Sean Christopherson <seanjc@google.com>,
        Sagi Shahar <sagis@google.com>,
        David Matlack <dmatlack@google.com>,
        Rick Edgecombe <rick.p.edgecombe@intel.com>
Subject: [PATCH v11 028/113] KVM: x86/mmu: Add address conversion functions for TDX shared bit of GPA
Date:   Thu, 12 Jan 2023 08:31:36 -0800
Message-Id: <54be4e46ff972359b87fa3fc4952ac2f32415f8f.1673539699.git.isaku.yamahata@intel.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1673539699.git.isaku.yamahata@intel.com>
References: <cover.1673539699.git.isaku.yamahata@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Isaku Yamahata <isaku.yamahata@intel.com>

TDX repurposes one GPA bit (51 bit or 47 bit based on configuration) to
indicate the GPA is private(if cleared) or shared (if set) with VMM.  If
GPA.shared is set, GPA is covered by the existing conventional EPT pointed
by EPTP.  If GPA.shared bit is cleared, GPA is covered by TDX module.
VMM has to issue SEAMCALLs to operate.

Add a member to remember GPA shared bit for each guest TDs, add address
conversion functions between private GPA and shared GPA and test if GPA
is private.

Because struct kvm_arch (or struct kvm which includes struct kvm_arch. See
kvm_arch_alloc_vm() that passes __GPF_ZERO) is zero-cleared when allocated,
the new member to remember GPA shared bit is guaranteed to be zero with
this patch unless it's initialized explicitly.

Co-developed-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
---
 arch/x86/include/asm/kvm_host.h |  4 ++++
 arch/x86/kvm/mmu.h              | 32 ++++++++++++++++++++++++++++++++
 arch/x86/kvm/vmx/tdx.c          |  5 +++++
 3 files changed, 41 insertions(+)

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 35773f925cc5..73c987b3d2b6 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1439,6 +1439,10 @@ struct kvm_arch {
 	 */
 #define SPLIT_DESC_CACHE_MIN_NR_OBJECTS (SPTE_ENT_PER_PAGE + 1)
 	struct kvm_mmu_memory_cache split_desc_cache;
+
+#ifdef CONFIG_KVM_MMU_PRIVATE
+	gfn_t gfn_shared_mask;
+#endif
 };
 
 struct kvm_vm_stat {
diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h
index 6bdaacb6faa0..a45f7a96b821 100644
--- a/arch/x86/kvm/mmu.h
+++ b/arch/x86/kvm/mmu.h
@@ -278,4 +278,36 @@ static inline gpa_t kvm_translate_gpa(struct kvm_vcpu *vcpu,
 		return gpa;
 	return translate_nested_gpa(vcpu, gpa, access, exception);
 }
+
+static inline gfn_t kvm_gfn_shared_mask(const struct kvm *kvm)
+{
+#ifdef CONFIG_KVM_MMU_PRIVATE
+	return kvm->arch.gfn_shared_mask;
+#else
+	return 0;
+#endif
+}
+
+static inline gfn_t kvm_gfn_shared(const struct kvm *kvm, gfn_t gfn)
+{
+	return gfn | kvm_gfn_shared_mask(kvm);
+}
+
+static inline gfn_t kvm_gfn_private(const struct kvm *kvm, gfn_t gfn)
+{
+	return gfn & ~kvm_gfn_shared_mask(kvm);
+}
+
+static inline gpa_t kvm_gpa_private(const struct kvm *kvm, gpa_t gpa)
+{
+	return gpa & ~gfn_to_gpa(kvm_gfn_shared_mask(kvm));
+}
+
+static inline bool kvm_is_private_gpa(const struct kvm *kvm, gpa_t gpa)
+{
+	gfn_t mask = kvm_gfn_shared_mask(kvm);
+
+	return mask && !(gpa_to_gfn(gpa) & mask);
+}
+
 #endif
diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index e2f5a07ad4e5..a7d42c05a758 100644
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -781,6 +781,11 @@ static int tdx_td_init(struct kvm *kvm, struct kvm_tdx_cmd *cmd)
 	kvm_tdx->attributes = td_params->attributes;
 	kvm_tdx->xfam = td_params->xfam;
 
+	if (td_params->exec_controls & TDX_EXEC_CONTROL_MAX_GPAW)
+		kvm->arch.gfn_shared_mask = gpa_to_gfn(BIT_ULL(51));
+	else
+		kvm->arch.gfn_shared_mask = gpa_to_gfn(BIT_ULL(47));
+
 out:
 	/* kfree() accepts NULL. */
 	kfree(init_vm);
-- 
2.25.1