Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp2621379rdg;
        Mon, 16 Oct 2023 09:37:06 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IFT55qP/QP55ilzkrf7f456FDoW7+ynuiE+35VJQLAItS921TcXu1CFTNPomx4Lcj9ke8kR
X-Received: by 2002:a05:6e02:1ca6:b0:34f:75eb:f81 with SMTP id x6-20020a056e021ca600b0034f75eb0f81mr45988731ill.5.1697474226077;
        Mon, 16 Oct 2023 09:37:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697474226; cv=none;
        d=google.com; s=arc-20160816;
        b=qFAR1hVZMRC7H4djnQIjYfqPSOQBZ9wKt30j4YjGnxpV23BoTsifd2ycvAidPsWYT7
         EC84/CUGJJ5RCO/FTvTEJXgesoIaEzXPPQf6VwwgRrQciH318oN0YQckqfYs5iZp5Wgu
         B4gIVuVpQI9FqPDc7J+1SCzBWbW2mECBVX7UmXJhfCp7xV9Vmk2BIh+d911i+EL1Osr5
         3Z8Trzct9U/Dr0aE9Sq8rhv0turJ1nK7k7tY9OeYQa2RqXt1V9pg6wrDOqu3Iz2mSXwS
         Ez30EJfsmE3LKdNy8XToM8oOD5qfKWw/bD+W7QmBSq2CFllg5pgKKrikvMoTJ9ySh3fn
         tMsQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=DVbx3/K6STkoUOO4Kzz9czqHC9kX/gu0qiQJAcuB5SA=;
        fh=4OEEkzWp/q+dELKxtVy/jK+pEs8VYY1pIiC6FIGYmPg=;
        b=R01rGnKsyjUuLybgoaHNiE4ZKOZiEaeWFXYCW0/Sp3IPK8MAcIaki6xew4NGta+hyd
         m0YaAE38R64NaowRDoPe9C8t3iBdGQ+eZSSaAV2BdfTU+WwNYPITNMA5QL+kyElEMvWR
         HL8GfiWEgJBnQmVMmjYSyNF+4zCnIbUSrSlnOEG9SeqK0BngU8NA0HfXWyhHqhOLx0q0
         waWBeKIXfaIge8CwFJz8DCBnD2R9neQmYW3WFrpr2xLxebhQ27l7ecC+LrNczfS74tzx
         WlmYR0PCeXxPfEkc96T1stR9hipMhh8fQ8/lgjPUud7uFjJzrelG7Wc+nqtiTPB1c/2W
         eZxA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=CAeDnALe;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from snail.vger.email (snail.vger.email. [23.128.96.37])
        by mx.google.com with ESMTPS id cb16-20020a056a02071000b005af44ed3148si7294403pgb.367.2023.10.16.09.37.05
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 16 Oct 2023 09:37:06 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=CAeDnALe;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by snail.vger.email (Postfix) with ESMTP id C673F80779A8;
	Mon, 16 Oct 2023 09:37:04 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234421AbjJPQgY (ORCPT <rfc822;0xff07.lkml@gmail.com>
        + 99 others); Mon, 16 Oct 2023 12:36:24 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41394 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234349AbjJPQfn (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 16 Oct 2023 12:35:43 -0400
Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.151])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 78BAE7D9F;
        Mon, 16 Oct 2023 09:23:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1697473382; x=1729009382;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=fq9sl/Hvu6AYyJ20Nrfcvuiz9xnZGWqLLJDKXzXZMyU=;
  b=CAeDnALea6ZeKCIIBs1WB0P6VFaZkr7nFvOZAMC+9Cejc37xdkINXzkS
   5aGX7vPPxNuIYqWf6okvAaDT4byA1CZ2HkOpumwnRpX1qP+Y6gp6UuJ7t
   bdMoveuewqYyuM3am27gMfDqH+VDLbhIEyymyBu7KnQvFzmEfMY4/Kx/0
   Mgv7xXgeyZKN+CK7FlL0VrX489tK730zoUyRtW8I2ll490MnCR3ksO91C
   OFhj3Xsh2eVS44EcnuZWraKxN6eaCwX9RrtIGFMDqJOiaMSEure+C088Z
   ObvHCFyvu6ojnmd45R3SmVXW9O6T/vDY9OBK3XjKIje+V53oFfhPEPgO4
   w==;
X-IronPort-AV: E=McAfee;i="6600,9927,10865"; a="365826050"
X-IronPort-AV: E=Sophos;i="6.03,229,1694761200"; 
   d="scan'208";a="365826050"
Received: from fmsmga005.fm.intel.com ([10.253.24.32])
  by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Oct 2023 09:15:39 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10865"; a="1087126110"
X-IronPort-AV: E=Sophos;i="6.03,229,1694761200"; 
   d="scan'208";a="1087126110"
Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31])
  by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Oct 2023 09:15:37 -0700
From:   isaku.yamahata@intel.com
To:     kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Cc:     isaku.yamahata@intel.com, isaku.yamahata@gmail.com,
        Paolo Bonzini <pbonzini@redhat.com>, erdemaktas@google.com,
        Sean Christopherson <seanjc@google.com>,
        Sagi Shahar <sagis@google.com>,
        David Matlack <dmatlack@google.com>,
        Kai Huang <kai.huang@intel.com>,
        Zhi Wang <zhi.wang.linux@gmail.com>, chen.bo@intel.com,
        hang.yuan@intel.com, tina.zhang@intel.com,
        Sean Christopherson <sean.j.christopherson@intel.com>
Subject: [PATCH v16 033/116] KVM: x86/mmu: Allow non-zero value for non-present SPTE and removed SPTE
Date:   Mon, 16 Oct 2023 09:13:45 -0700
Message-Id: <2bf199c4ce0f54302d611b7090213bf43daf0218.1697471314.git.isaku.yamahata@intel.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1697471314.git.isaku.yamahata@intel.com>
References: <cover.1697471314.git.isaku.yamahata@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
        RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Mon, 16 Oct 2023 09:37:05 -0700 (PDT)

From: Sean Christopherson <sean.j.christopherson@intel.com>

For TD guest, the current way to emulate MMIO doesn't work any more, as KVM
is not able to access the private memory of TD guest and do the emulation.
Instead, TD guest expects to receive #VE when it accesses the MMIO and then
it can explicitly make hypercall to KVM to get the expected information.

To achieve this, the TDX module always enables "EPT-violation #VE" in the
VMCS control.  And accordingly, for the MMIO spte for the shared GPA,
1. KVM needs to set "suppress #VE" bit for the non-present SPTE so that EPT
violation happens on TD accessing MMIO range.  2. On EPT violation, KVM
sets the MMIO spte to clear "suppress #VE" bit so the TD guest can receive
the #VE instead of EPT misconfigration unlike VMX case.  For the shared GPA
that is not populated yet, EPT violation need to be triggered when TD guest
accesses such shared GPA.  The non-present SPTE value for shared GPA should
set "suppress #VE" bit.

Add "suppress #VE" bit (bit 63) to SHADOW_NONPRESENT_VALUE and
REMOVED_SPTE.  Unconditionally set the "suppress #VE" bit (which is bit 63)
for both AMD and Intel as: 1) AMD hardware doesn't use this bit when
present bit is off; 2) for normal VMX guest, KVM never enables the
"EPT-violation #VE" in VMCS control and "suppress #VE" bit is ignored by
hardware.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
---
 arch/x86/kvm/mmu/spte.h | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/mmu/spte.h b/arch/x86/kvm/mmu/spte.h
index 4d1799ba2bf8..26bc95bbc962 100644
--- a/arch/x86/kvm/mmu/spte.h
+++ b/arch/x86/kvm/mmu/spte.h
@@ -149,7 +149,20 @@ static_assert(MMIO_SPTE_GEN_LOW_BITS == 8 && MMIO_SPTE_GEN_HIGH_BITS == 11);
 
 #define MMIO_SPTE_GEN_MASK		GENMASK_ULL(MMIO_SPTE_GEN_LOW_BITS + MMIO_SPTE_GEN_HIGH_BITS - 1, 0)
 
+/*
+ * Non-present SPTE value for both VMX and SVM for TDP MMU.
+ * For SVM NPT, for non-present spte (bit 0 = 0), other bits are ignored.
+ * For VMX EPT, bit 63 is ignored if #VE is disabled. (EPT_VIOLATION_VE=0)
+ *              bit 63 is #VE suppress if #VE is enabled. (EPT_VIOLATION_VE=1)
+ * For TDX:
+ *   TDX module sets EPT_VIOLATION_VE for Secure-EPT and conventional EPT
+ */
+#ifdef CONFIG_X86_64
+#define SHADOW_NONPRESENT_VALUE	BIT_ULL(63)
+static_assert(!(SHADOW_NONPRESENT_VALUE & SPTE_MMU_PRESENT_MASK));
+#else
 #define SHADOW_NONPRESENT_VALUE	0ULL
+#endif
 
 extern u64 __read_mostly shadow_host_writable_mask;
 extern u64 __read_mostly shadow_mmu_writable_mask;
@@ -196,7 +209,7 @@ extern u64 __read_mostly shadow_nonpresent_or_rsvd_mask;
  *
  * Only used by the TDP MMU.
  */
-#define REMOVED_SPTE	0x5a0ULL
+#define REMOVED_SPTE	(SHADOW_NONPRESENT_VALUE | 0x5a0ULL)
 
 /* Removed SPTEs must not be misconstrued as shadow present PTEs. */
 static_assert(!(REMOVED_SPTE & SPTE_MMU_PRESENT_MASK));
-- 
2.25.1