Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp10219524rwp; Thu, 20 Jul 2023 17:05:17 -0700 (PDT) X-Google-Smtp-Source: APBJJlElo4soXP4A4vVGZFK35BxwIVYUZkGT0DA9tE2yCgTTi7s0wB+FKQGKLL2/nAa+WUh9uPDb X-Received: by 2002:aa7:d5cb:0:b0:521:a99b:a233 with SMTP id d11-20020aa7d5cb000000b00521a99ba233mr250885eds.10.1689897916797; Thu, 20 Jul 2023 17:05:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689897916; cv=none; d=google.com; s=arc-20160816; b=W9NQUXa3LunyauwFENynhOj3J9v/0fVbvOh0hY36SpnC43c1IiStfCMscHyrNgwNRE v+EaTrWmIxe+PNa+HzhJoEUTaQz/qsbJbqNN86TIU5ZU5it2h+Vv4PeUKU3LD+iE6sEp pm9o/TPRsFY7ckZQIPXr8xDDoR8ZsI8+dj+kSvhK9Wdttco5wms7N5jUb9IZqfNF8pCT cSsviSJzHWvSyUai37GqphmAAJUk5VbDA2Fl7G37w5yjcpDsZgeG6zcsD7nOuyAr3xkr HpJRU49frapHFd2+l/rYLI86/1LyS0OMxb4MUg5B1+lpf+pg+JDehNvXTwwuWKizOX7y 3fHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=UoqwfMum9aDajE0BQOgWTZg0ubnGLH/+xAiKwTecu2U=; fh=rYmKEJt0ZlcHi+IxuHRr3qSzgk6Fcw/+tEUtlevgHBo=; b=Dwn2UmgeqCiOPipAKG/XhpEqmxfv2R0ulWEV6VNGJWY0m3i274eqqFDUg2bp67If77 B7YSMAsK0TyKuHhE5nRdJNx/sBcnKpe5ygm0OdKZ22H682v2mbfdXz7cWincKAfN5p7e 0eB/SKlZ2YOT5k4oIh43Kv6sYF/JP81MeHRG1w+Hn0HUM4NnU1xPg8IyVmmtPv5gaEBL +lPkv/MkQwhOavCKRLADdRiTCECsoVrJYbM4uBPUmXzrg7/evBEFCahWfMIUnRgJfvel 6lxc1ix/oUY/NIAxv8fB4DfliaojDfP6DPdcHvGsugOcq3cWR285FOmnEk/naJr0B/jn t2mg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=S0JZ1Tab; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s9-20020aa7c549000000b0051de1341e01si1458979edr.228.2023.07.20.17.04.51; Thu, 20 Jul 2023 17:05:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=S0JZ1Tab; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230022AbjGTXd1 (ORCPT + 99 others); Thu, 20 Jul 2023 19:33:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41998 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229862AbjGTXdP (ORCPT ); Thu, 20 Jul 2023 19:33:15 -0400 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0E8B12727; Thu, 20 Jul 2023 16:33:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1689895994; x=1721431994; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=rvpwGTo756PNEl2wWmMC9MHOKfm+GNxe+wwXhyK+d9U=; b=S0JZ1TabYQeEafQWRORBX639g3kz84njEPF4qo9f/w8SBpSFdIe12Anq X0jxde/oncS/Ajp+piq/119+l3v3uJwOtfmZzaHpJ46xb8rnLoqBUy51U e7nW5kJCqvdtYrTUJcuHsT61o+KuZo9CeiSIDD4FE1tX7emZebExxTvcL Q2W6A+KqYWZfxMkO496pehB0ygpeze84vuh8a2bwIx1OTP2kGFWXYLt7g N5myOEfqDFoKXiOfByOOcmCl8rtcNs4+kbqZ+orzVtE2KF8Q62IrkETij G9WHwGR9bhcRpF6rKSJB60vZTuy3QKwvk+SgCZUFhZxMIphk5GoHS4LRm Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="364355935" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="364355935" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 16:33:12 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10777"; a="727891793" X-IronPort-AV: E=Sophos;i="6.01,220,1684825200"; d="scan'208";a="727891793" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2023 16:33:11 -0700 From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Michael Roth , Paolo Bonzini , Sean Christopherson , erdemaktas@google.com, Sagi Shahar , David Matlack , Kai Huang , Zhi Wang , chen.bo@intel.com, linux-coco@lists.linux.dev, Chao Peng , Ackerley Tng , Vishal Annapurve , Yuan Yao Subject: [RFC PATCH v4 05/10] KVM: Add new members to struct kvm_gfn_range to operate on Date: Thu, 20 Jul 2023 16:32:51 -0700 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Isaku Yamahata TDX needs to know which mapping to operate on. Shared-EPT vs. Secure-EPT. The following sequence to convert the GPA to private doesn't work for TDX because the page can already be private. 1) Update memory attributes to private in memory attributes xarray 2) Zap the GPA range irrespective of private-or-shared. Even if the page is already private, zap the entry. 3) EPT violation on the GPA 4) Populate the GPA as private The page is zeroed, and the guest has to accept the page again. In step 2, TDX wants to zap only shared pages and skip private ones. Add new members to strut kvm_gfn_range to indicate which mapping (private-vs-shared) to operate on. only_private and only_shared. Update mmu notifier, set memory attributes ioctl or KVM gmem callback to initialize them. - If operating on a file to back shared pages, zap shared pages only. It's the mmu notifier. (only_private, only_shared) = (false, true) - If operating a file to back private pages, zap private pages only. It's the KVM gmem. (only_private, only_shared) = (true, false) - If setting memory attributes, vendor callback checks new attributes and make decisions. SNP would do nothing and handle it later with gmem callback TDX callback would do as follows. When it converts pages to shared, zap private pages only. When it converts pages to private, zap shared pages only. (only_private, only_shared) = (false, false) - If operating on both backing files, zap both private and shared pages. This is when destructing guest. (only_private, only_shared) = (true, true) Suggested-by: Sean Christopherson Signed-off-by: Isaku Yamahata --- Changes v3 -> v4: - rebased v11 kvm gmem. Changes v2 -> v3: - Drop the KVM_GFN_RANGE flags - Updated struct kvm_gfn_range - Change kvm_arch_set_memory_attributes() to return bool for flush - Added set_memory_attributes x86 op for vendor backends - Refined commit message to describe TDX care concretely Changes v1 -> v2: - consolidate KVM_GFN_RANGE_FLAGS_GMEM_{PUNCH_HOLE, RELEASE} into KVM_GFN_RANGE_FLAGS_GMEM. - Update the commit message to describe TDX more. Drop SEV_SNP. --- include/linux/kvm_host.h | 2 ++ virt/kvm/guest_mem.c | 2 ++ virt/kvm/kvm_main.c | 4 ++++ 3 files changed, 8 insertions(+) diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 091bc89ae805..ce4d91585368 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -268,6 +268,8 @@ struct kvm_gfn_range { u64 raw; } arg; bool may_block; + bool only_private; + bool only_shared; }; bool kvm_unmap_gfn_range(struct kvm *kvm, struct kvm_gfn_range *range); bool kvm_age_gfn(struct kvm *kvm, struct kvm_gfn_range *range); diff --git a/virt/kvm/guest_mem.c b/virt/kvm/guest_mem.c index 384671a55b41..ac185c776cda 100644 --- a/virt/kvm/guest_mem.c +++ b/virt/kvm/guest_mem.c @@ -105,6 +105,8 @@ static void kvm_gmem_invalidate_begin(struct kvm_gmem *gmem, pgoff_t start, .end = slot->base_gfn + min(pgoff + slot->npages, end) - pgoff, .slot = slot, .may_block = true, + .only_private = true, + .only_shared = false, }; flush |= kvm_mmu_unmap_gfn_range(kvm, &gfn_range); diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index ee331cf8ba54..4e2a2463ab19 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -603,6 +603,8 @@ static __always_inline int __kvm_handle_hva_range(struct kvm *kvm, */ gfn_range.arg.raw = range->arg.raw; gfn_range.may_block = range->may_block; + gfn_range.only_private = false; + gfn_range.only_shared = true; /* * {gfn(page) | page intersects with [hva_start, hva_end)} = @@ -2405,6 +2407,8 @@ static __always_inline void kvm_handle_gfn_range(struct kvm *kvm, gfn_range.arg.raw = range->arg.raw; gfn_range.may_block = range->may_block; + gfn_range.only_private = false; + gfn_range.only_shared = false; for (i = 0; i < kvm_arch_nr_memslot_as_ids(kvm); i++) { slots = __kvm_memslots(kvm, i); -- 2.25.1