Received: by 2002:a05:7412:5112:b0:fa:6e18:a558 with SMTP id fm18csp173336rdb; Mon, 22 Jan 2024 16:21:59 -0800 (PST) X-Google-Smtp-Source: AGHT+IEpbA2PvwxLbmgXADoayejJ2M7/QJppX6MwWaeJOgWkQWFZbOfJcJYrafZ9jMRngonDp7rj X-Received: by 2002:a17:906:1796:b0:a30:3aaf:3a5a with SMTP id t22-20020a170906179600b00a303aaf3a5amr864966eje.108.1705969319011; Mon, 22 Jan 2024 16:21:59 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705969319; cv=pass; d=google.com; s=arc-20160816; b=wMBVqVSspe6u0Zv6QRXmTXme5gdV818PmVf8Ugd91aNkAQRn7UezOerNJWKxOGimAa L97a/l0aCTm/w4TQntzY9MizT4FXePa5tvtmAE29TmBqXvhu7q7QJAfGupXy7ZnjhMOq zPGaVhrg976i+XJoONKqTWgmcdFLE+4jq0F79N1LOGiF5MGlH542pPhxj2rBqWnQs74E ae3YMIswoqolw/4wBYkI6WnV+jVusI3XVWeVdzPbq0cHRFPZVZfAurQEXjz5mwC5igq5 TsNCn+3siwCS1NWrvoqxU3Pn7SSaobpss5ijLETUueB4wm+zcAoaEoSqfLGGhx9Czk7m pNhw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=YUketYrQAQ8X6zStVBQhR06qzTxeZTwYocn4miIloPs=; fh=Itbyk7CEvizIrzGEESCqq3I2tZgG1kc/GkVOa3S7Hsg=; b=TfJQc9tPNIvjErcqqw7nej7LXX29PoSSj3JFOQlodlSDk1JWhEBWznKGa3x/9Wle2/ ZJSDZHNKrfitQHtRiWFBEqSLcclPs0pPcnRhUit/E++3Xn21g8uFeUxM9D73mHneTfcN mADuItGhMtrhk8P83RbrWVz3uOmc2tRY3lqKjggQdfH6Dg/URmHLsWfdF8A4XODlDhdE M49ZGx++0JjUR6ryTVqHx1S5dYY/O2p62DYeM3T901DvbZpn7Zy+7Z5vXZIRAEuctWFV /9IkxnEuStPD1cKyszsg6SQTPKWgHEaYls1Wt58gCBYav0Fj1yac33+3M0f3zypBZ/IL KuLw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="f2X9zfh/"; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-34428-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-34428-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id k19-20020a1709067ad300b00a2d920284absi8223638ejo.1024.2024.01.22.16.21.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jan 2024 16:21:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-34428-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="f2X9zfh/"; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-34428-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-34428-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 925991F2397F for ; Tue, 23 Jan 2024 00:21:58 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E5A1285C53; Mon, 22 Jan 2024 23:56:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="f2X9zfh/" Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BF57182D7A; Mon, 22 Jan 2024 23:56:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.55.52.120 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705967782; cv=none; b=JuAOfD7+LpqRamQncumlKdVzEwHLWVSyVqhmMRyL/JvPqRclblGJD9vNIMLvCeqp/d4sl+CP6l2O7pAZtj4bqtIwoOxMmmS2ehv/aXiTDpfQsylC/AN0eG9kAsXwMoOPn23z2zS3CiW4hE8i1AKxC3VLS2Zo2fi6GkqvHs8UifM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705967782; c=relaxed/simple; bh=ZbZ7+A5EibZigj2mCZXMFbRBym1A234FgreO8NpIgF4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=MERZo/1WNvyV5IUSyFwgd87A3bJz4vTDaO4P/o5YJLsO++m78+a2kdcZB6KwK/g6lBUKnVh3OU1qtBYehkzhg//zpRFb4bZGVGzRzqnzO4M2MbWxiXtNfx1R6jQAlQsFzGdiXO1GN5i279lXmpl4TJF/vj4SZQWhXmVgR9p3IyY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=f2X9zfh/; arc=none smtp.client-ip=192.55.52.120 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1705967779; x=1737503779; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ZbZ7+A5EibZigj2mCZXMFbRBym1A234FgreO8NpIgF4=; b=f2X9zfh/vD36Q30uRY7QF2pWNTc6PrKZWt16Rw+5B23Y02RAa5heCZq9 WZ7FWMipm3/jsKQYJKIvGmDJH3S/O/DbyJrrwUGleZBvgq8ZFu4LIH5yA jQMuWrAa3E73HPnJNp4dXfOIwBKBbL30i4foDzuhM6U/7a4gEmuS+aoCl OD2OZdtgG55ailxFkrE8Rd84iETB41bFuRfRYnShUljYT1EsjfY8NO5rB xsei8fTg3A4H3U+U/tZeUwiJpuoY4zOXs8TEfslMfjn/Ezo6w/Dl/89mi Yb1+38un9vQt7KIlKARWc+InbRFgqE25yOFiVh1PV5fgVZz0VGKCcEDuZ A==; X-IronPort-AV: E=McAfee;i="6600,9927,10961"; a="400217961" X-IronPort-AV: E=Sophos;i="6.05,212,1701158400"; d="scan'208";a="400217961" Received: from fmviesa001.fm.intel.com ([10.60.135.141]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jan 2024 15:55:59 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,212,1701158400"; d="scan'208";a="27818046" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31]) by smtpauth.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jan 2024 15:55:59 -0800 From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , Kai Huang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com Subject: [PATCH v18 118/121] KVM: TDX: Add hint TDX ioctl to release Secure-EPT Date: Mon, 22 Jan 2024 15:54:34 -0800 Message-Id: <06f9971cdd9523c14f963c4ea9081644cecb9c48.1705965635.git.isaku.yamahata@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Isaku Yamahata Add a new hint KVM TDX ioctl to release Secure-EPT as an optimization to reduce the time of the destruction of the guest. It takes tens of minutes to destroy a guest with tens or hundreds of GB of guest memory. There are two cases to release pages used for the Secure-EPT and guest private memory. One case is runtime while the guest is still running. Another case is static when the TD won't run anymore. In Runtime: Use this when the KVM memory slot is deleted or closes KVM file descriptors while the user process is live. Because the guest can still run, a TLB shoot-down is needed. The sequence is TLB shoot down, cache flush each page, releasing the page from the Secure-EPT tree, and zero-clear them. It requires four SEAMCALLs per page. TDH.MEM.RANGE.BLOCK() and TDH.MEM.TRACK() for TLB shoot down, TDH.PHYMEM.PAGE.WBINVD() for cache flush, and TDH.MEM.PAGE.REMOVE() to release a page. In process existing: When we know the vcpu won't run further, KVM can free the host key ID (HKID) for memory encryption with cache flush. The vcpu can't run after that. It simplifies the sequence to release private pages by reclaiming and zeroing them to reduce the number of SEAMCALLs to one per private page, TDH.PHYMEM.PAGE.RECLAIM(). However, this is applicable only when the user process exits with the MMU notifier release callback. Add a way for the user space to tell KVM a hint when it starts to destruct the guest for the efficient way in addition to the MMU notifier. Signed-off-by: Isaku Yamahata --- v16 - Newly added --- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/mmu/mmu.c | 1 + arch/x86/kvm/vmx/tdx.c | 9 +++++++++ 3 files changed, 11 insertions(+) diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h index f2a37b479f26..f811f433feef 100644 --- a/arch/x86/include/uapi/asm/kvm.h +++ b/arch/x86/include/uapi/asm/kvm.h @@ -574,6 +574,7 @@ enum kvm_tdx_cmd_id { KVM_TDX_INIT_VCPU, KVM_TDX_INIT_MEM_REGION, KVM_TDX_FINALIZE_VM, + KVM_TDX_RELEASE_VM, KVM_TDX_CMD_NR_MAX, }; diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index fc258f112e73..53eb9508cde2 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -6908,6 +6908,7 @@ void kvm_arch_flush_shadow_all(struct kvm *kvm) static_call_cond(kvm_x86_flush_shadow_all_private)(kvm); kvm_mmu_zap_all(kvm); } +EXPORT_SYMBOL_GPL(kvm_arch_flush_shadow_all); static void kvm_mmu_zap_memslot(struct kvm *kvm, struct kvm_memory_slot *slot) { diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index be1cc08dd74a..475a913ef25e 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -2818,6 +2818,15 @@ int tdx_vm_ioctl(struct kvm *kvm, void __user *argp) case KVM_TDX_FINALIZE_VM: r = tdx_td_finalizemr(kvm); break; + case KVM_TDX_RELEASE_VM: { + int idx; + + idx = srcu_read_lock(&kvm->srcu); + kvm_arch_flush_shadow_all(kvm); + srcu_read_unlock(&kvm->srcu, idx); + r = 0; + break; + } default: r = -EINVAL; goto out; -- 2.25.1