Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp2609474rdg; Mon, 16 Oct 2023 09:17:37 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEjSTL0XN/iwf7M5zVsM/6apX8fdtd+VC1AbxjXZsAMTWfKbzWAwe1S1icJd0vNSVqqyTRU X-Received: by 2002:a17:902:be03:b0:1c4:c5d:d7fa with SMTP id r3-20020a170902be0300b001c40c5dd7famr27667227pls.45.1697473056724; Mon, 16 Oct 2023 09:17:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697473056; cv=none; d=google.com; s=arc-20160816; b=hggsjlHvydZuNE+GVq+v+sTAWrLvbelMAZ6m4k8KcuUxutzE/TmQ1nw2+Spk4usBQd ks9uU2IVDFZKI9PIV8UzKekiowp2i93N/EVG9NVylSaNF0qYyh8XKZEawd4ZlZnw7gvu U9fJ5LHY/9hCKekQ198QAlxwdyS9R6bI3VMU0TUsql64SBqTAva7oaX8hP2VUO7fCmOP odE3Z6uMdIP5yGihxDmseMjETKibYCqRiduxIqtdfX/25URL84kek73XiR6HNjJ3pnrS fxok/c8pAQd/77ZOyxqrBzlhgjuEs1CKtyChXjzt0Wg8fHG/ncYEtpXk6t+817Ieedya Qx3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=xe/TlP28DWJuE6MFQ41nAdLiSadCR62NX01BpF4UoLI=; fh=4OEEkzWp/q+dELKxtVy/jK+pEs8VYY1pIiC6FIGYmPg=; b=0iAK87pI1ng+A5FjYkF9SfUpJ6HT5oh/io0/lkb/X7ZN9Z+ofCtZZZAtjN+8bUqyet apKd0wKRoBDegsuPA3LiUTQ97XlaDXY6jQ/TNT9e0GbxMuWl85mu6GJwSuFF5K9jAdlq JwNqgGhAX53LgpJXuTaOK1AEIXXF3kBbiL5XPjaac4xn/AHT7SBaoViKnAOv/fJ6gieN VlY24Db5+Yz/dCHtksPJtZJFnhemCCPecligdCuJbbjJn5A/RcL9I4j7wNgkPCIfwzAY x2miOaoI3aJZbuxKJjSOyx9X2/Uk4F1FgCHgKsx4GH+c6KHwYIg3gcgzlkGtta/qOAhH iLAg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=EMukjmBw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id q14-20020a170902a3ce00b001b89bab468esi10552673plb.107.2023.10.16.09.17.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Oct 2023 09:17:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=EMukjmBw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 61AF5802DA8C; Mon, 16 Oct 2023 09:17:35 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234001AbjJPQRb (ORCPT + 99 others); Mon, 16 Oct 2023 12:17:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60146 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233990AbjJPQRI (ORCPT ); Mon, 16 Oct 2023 12:17:08 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BF7191AC; Mon, 16 Oct 2023 09:16:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1697473016; x=1729009016; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=70DIAkp5H9Twm+1DpLwjBl0Q+s4DGDKiXxLUxtSLxFI=; b=EMukjmBwDlS1d/b8eWRx7J4dtKXgx8hWjlmr+Aza9iiaFaYNExgi1LSd R58YfqgdqZWWyOgglrVZHCcbeMdQAyJQdSFo4Aqqj72uTlpE3J6NanFMi iF2RPUoKQtnSCWoRb/HYzWLOhGTGml2PweuWkF69gtka9eS4+axBLQfgO v6B941f12orJQEi2Pn+weayZQ61sJO6LHTakTvHx1nguRy7Gc8g8yScqK Fa+Hm8tdK9QTPxUBNoAUIUZOatg8rGBSD7gQHi+GVxF+TVg0t6JF3pO8D rtdamULwajQO3x2WE3WWjojf37mOs8+dFZCJ20usSHPnrFum+DaCiwTUl w==; X-IronPort-AV: E=McAfee;i="6600,9927,10865"; a="364921804" X-IronPort-AV: E=Sophos;i="6.03,229,1694761200"; d="scan'208";a="364921804" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Oct 2023 09:15:46 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10865"; a="846448138" X-IronPort-AV: E=Sophos;i="6.03,229,1694761200"; d="scan'208";a="846448138" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Oct 2023 09:15:45 -0700 From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , David Matlack , Kai Huang , Zhi Wang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com, Sean Christopherson Subject: [PATCH v16 052/116] KVM: TDX: Add load_mmu_pgd method for TDX Date: Mon, 16 Oct 2023 09:14:04 -0700 Message-Id: <232ab65437c856c6217fd7ef9f6d473fb5ed1091.1697471314.git.isaku.yamahata@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Mon, 16 Oct 2023 09:17:35 -0700 (PDT) From: Sean Christopherson For virtual IO, the guest TD shares guest pages with VMM without encryption. Shared EPT is used to map guest pages in unprotected way. Add the VMCS field encoding for the shared EPTP, which will be used by TDX to have separate EPT walks for private GPAs (existing EPTP) versus shared GPAs (new shared EPTP). Set shared EPT pointer value for the TDX guest to initialize TDX MMU. Signed-off-by: Sean Christopherson Signed-off-by: Isaku Yamahata Reviewed-by: Paolo Bonzini --- arch/x86/include/asm/vmx.h | 1 + arch/x86/kvm/vmx/main.c | 13 ++++++++++++- arch/x86/kvm/vmx/tdx.c | 5 +++++ arch/x86/kvm/vmx/x86_ops.h | 4 ++++ 4 files changed, 22 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index f703bae0c4ac..9deb663a42e3 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -236,6 +236,7 @@ enum vmcs_field { TSC_MULTIPLIER_HIGH = 0x00002033, TERTIARY_VM_EXEC_CONTROL = 0x00002034, TERTIARY_VM_EXEC_CONTROL_HIGH = 0x00002035, + SHARED_EPT_POINTER = 0x0000203C, PID_POINTER_TABLE = 0x00002042, PID_POINTER_TABLE_HIGH = 0x00002043, GUEST_PHYSICAL_ADDRESS = 0x00002400, diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index eab31d389916..17d119f3c4a8 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -143,6 +143,17 @@ static void vt_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) vmx_vcpu_reset(vcpu, init_event); } +static void vt_load_mmu_pgd(struct kvm_vcpu *vcpu, hpa_t root_hpa, + int pgd_level) +{ + if (is_td_vcpu(vcpu)) { + tdx_load_mmu_pgd(vcpu, root_hpa, pgd_level); + return; + } + + vmx_load_mmu_pgd(vcpu, root_hpa, pgd_level); +} + static int vt_mem_enc_ioctl(struct kvm *kvm, void __user *argp) { if (!is_td(kvm)) @@ -275,7 +286,7 @@ struct kvm_x86_ops vt_x86_ops __initdata = { .write_tsc_offset = vmx_write_tsc_offset, .write_tsc_multiplier = vmx_write_tsc_multiplier, - .load_mmu_pgd = vmx_load_mmu_pgd, + .load_mmu_pgd = vt_load_mmu_pgd, .check_intercept = vmx_check_intercept, .handle_exit_irqoff = vmx_handle_exit_irqoff, diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index fe793425d393..d26b96cf94f9 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -425,6 +425,11 @@ void tdx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) */ } +void tdx_load_mmu_pgd(struct kvm_vcpu *vcpu, hpa_t root_hpa, int pgd_level) +{ + td_vmcs_write64(to_tdx(vcpu), SHARED_EPT_POINTER, root_hpa & PAGE_MASK); +} + static int tdx_get_capabilities(struct kvm_tdx_cmd *cmd) { struct kvm_tdx_capabilities __user *user_caps; diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h index 88e117db748c..36dfdf3f17e7 100644 --- a/arch/x86/kvm/vmx/x86_ops.h +++ b/arch/x86/kvm/vmx/x86_ops.h @@ -152,6 +152,8 @@ void tdx_vcpu_free(struct kvm_vcpu *vcpu); void tdx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event); int tdx_vcpu_ioctl(struct kvm_vcpu *vcpu, void __user *argp); + +void tdx_load_mmu_pgd(struct kvm_vcpu *vcpu, hpa_t root_hpa, int root_level); #else static inline int tdx_hardware_setup(struct kvm_x86_ops *x86_ops) { return -EOPNOTSUPP; } static inline void tdx_hardware_unsetup(void) {} @@ -173,6 +175,8 @@ static inline void tdx_vcpu_free(struct kvm_vcpu *vcpu) {} static inline void tdx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) {} static inline int tdx_vcpu_ioctl(struct kvm_vcpu *vcpu, void __user *argp) { return -EOPNOTSUPP; } + +static inline void tdx_load_mmu_pgd(struct kvm_vcpu *vcpu, hpa_t root_hpa, int root_level) {} #endif #endif /* __KVM_X86_VMX_X86_OPS_H */ -- 2.25.1