Received: by 2002:a05:7412:5112:b0:fa:6e18:a558 with SMTP id fm18csp184643rdb; Mon, 22 Jan 2024 16:51:10 -0800 (PST) X-Google-Smtp-Source: AGHT+IFqDTc4dlf0yKGeyGj2ifCCr9wINwdbPhP7DUL+bALUPlFeRB8rXN/TPE+pqbZ2VdMDCXWd X-Received: by 2002:a05:6830:168b:b0:6e0:e236:525e with SMTP id k11-20020a056830168b00b006e0e236525emr4350514otr.71.1705971070506; Mon, 22 Jan 2024 16:51:10 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705971070; cv=pass; d=google.com; s=arc-20160816; b=yYDw2gAuMr9pfgHnT0X2Egoz4n+5TlNnD2FPYbw9iJM1UO1JJ3I6gvNq1Wwr0fPklK u19BiO3W2dNm9iYQbjOkfaKhPeQaF81vsttIN9szYaWHYongLhfHu6Ksw6JjnKIc4Otu QaBqMgEROwYmc4YDcr67qvajZYGuW3p5H2ELkeHCi5v01P1RRZIU2siq4BpVrerV3B5M 08lkFBx0dTXGA6KVJBlpFyJyDN0CVWf30Iviga7+8mVobREvu6855Y+3Wv1XjDbpDa3q Wwjx9y7vIbQMKHRiiGchl+SvDQsXTSzuA2lJNHhSQhMqcs4v4tdQG+B6aCmfbBPr7PFp 7aPw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=fdys6gAGryO9HFRoiOqqBsq3hrwaw1gr+yg1buCqD5g=; fh=S21YwSGoMw/StZm+ujHq6Np/5nOCSDy/zTTs769zpDE=; b=CYEbMW6KpEXaomkVUzwbvGxFz0nqAVLOWL5K1LNT8h6fflI2Sc2xqY0HG2HTcawmmA vZQTcTb2BSjS33odNZOr6RdB3ZrdZ4adyd9AkFv12NIDvxTSubtvPvitY66P6gLtnyHe ao719KDY3JKfGfQ7BN2ak34AYgZPjcHXFj7R6RAMY7nOibqfNM1M2JJ2oPac9kwTnxwn 9UvTuB7wyrONjLPMYga7Yx6w0th7OXw3X7+aBlKEZdT38DDIOYbpjDFS3tuuEPtl2THV D16OOS4UCOPgqBzcasiOWAyZC2VavIXr1zB+DUFHnnJGAofxMkn+Hgd1t8ccDuHbak68 FHww== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=iVmcjZvS; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-34342-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-34342-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id 32-20020a630f60000000b005cd8b5dfe9csi9002497pgp.491.2024.01.22.16.51.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jan 2024 16:51:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-34342-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=iVmcjZvS; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-34342-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-34342-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 48F8128EFD2 for ; Tue, 23 Jan 2024 00:42:25 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A4C845EE75; Mon, 22 Jan 2024 23:55:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="iVmcjZvS" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5B3AB5D8F5; Mon, 22 Jan 2024 23:55:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.15 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705967723; cv=none; b=TR8aKi7sHqYZQOvW9Tszr2ET5imBRNCSdLq9pfSGzsdbp4gps0zTrrVCmBZBaV1elp8LI+id8LpMYxDCMJ7MS1rrnoqkCItMKcy1nvZ2hNRkCpHn2x5Gi1ffkrD9oQj0Ro8dYeg49I9xUoyVyP1yjlvOiFfLUH9FTRXhj4R9jUo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705967723; c=relaxed/simple; bh=Sfee/X/abCwYtHCyjajD/sS8xPH3XSb8czberT3eqMA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=gXbY+1Td+SPdZJS5WMH9IfKPXM8AxlaPscn66B7vbPhF9UPgISxc1ejMrK5gT1QHwVQbXpK5uhiRFqftDeaeoNqYpeex0HWxnDZ6mTaUmLHGKIYMd20DIQ6I+qlx+OqC82MKAaPq1+OyyeY0VKFjtSs1uHIoNHKnN0CUKhWO5ss= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=iVmcjZvS; arc=none smtp.client-ip=198.175.65.15 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1705967722; x=1737503722; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Sfee/X/abCwYtHCyjajD/sS8xPH3XSb8czberT3eqMA=; b=iVmcjZvSDAxbo3k8klWGf6+T3SC8fs7/geBGSn88BDKB9vaJ7zS9HG/Y 1F6gkQwX6TlrhVo5vYF5gXw4PDYF9Fq/fHLYpzPMeUmZis5uMTPTqVTgt 5aqlL8yIB+GvmhXAPbE/XkDcPRdNzu545ecizXBrlOrK6QFhpuhUmXtl0 6Tiemf8gpY93mdspou+8xV9T2hAOk22m3qxxEKjB9WdYM69vKzhmjT2Yv 5rMOyRTXM9HQ9d3US/GthFVXOSDeSEXc11fXiawrYsdm5vwMdv02/FLMY 6rzSVYX+YPFKVsUIyNvQ+dbFkkMJ0SsEGYgiko3aHY7wG4i+9jVG+DiCx w==; X-IronPort-AV: E=McAfee;i="6600,9927,10961"; a="1243857" X-IronPort-AV: E=Sophos;i="6.05,212,1701158400"; d="scan'208";a="1243857" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orvoesa107.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jan 2024 15:55:22 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10961"; a="819888622" X-IronPort-AV: E=Sophos;i="6.05,212,1701158400"; d="scan'208";a="819888622" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jan 2024 15:55:21 -0800 From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , Kai Huang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com, Rick Edgecombe , Binbin Wu Subject: [PATCH v18 033/121] KVM: x86/mmu: Add address conversion functions for TDX shared bit of GPA Date: Mon, 22 Jan 2024 15:53:09 -0800 Message-Id: <5650dfd21333b4d66a42876468a672bfc6661921.1705965635.git.isaku.yamahata@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Isaku Yamahata TDX repurposes one GPA bit (51 bit or 47 bit based on configuration) to indicate the GPA is private(if cleared) or shared (if set) with VMM. If GPA.shared is set, GPA is covered by the existing conventional EPT pointed by EPTP. If GPA.shared bit is cleared, GPA is covered by TDX module. VMM has to issue SEAMCALLs to operate. Add a member to remember GPA shared bit for each guest TDs, add address conversion functions between private GPA and shared GPA and test if GPA is private. Because struct kvm_arch (or struct kvm which includes struct kvm_arch. See kvm_arch_alloc_vm() that passes __GPF_ZERO) is zero-cleared when allocated, the new member to remember GPA shared bit is guaranteed to be zero with this patch unless it's initialized explicitly. Co-developed-by: Rick Edgecombe Signed-off-by: Rick Edgecombe Signed-off-by: Isaku Yamahata Reviewed-by: Binbin Wu --- v18: - Added Reviewed-by Binbin --- arch/x86/include/asm/kvm_host.h | 4 ++++ arch/x86/kvm/mmu.h | 27 +++++++++++++++++++++++++++ arch/x86/kvm/vmx/tdx.c | 5 +++++ 3 files changed, 36 insertions(+) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index b54e0bdb77eb..96f900386026 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1503,6 +1503,10 @@ struct kvm_arch { */ #define SPLIT_DESC_CACHE_MIN_NR_OBJECTS (SPTE_ENT_PER_PAGE + 1) struct kvm_mmu_memory_cache split_desc_cache; + +#ifdef CONFIG_KVM_MMU_PRIVATE + gfn_t gfn_shared_mask; +#endif }; struct kvm_vm_stat { diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index 60f21bb4c27b..191b820b7c4f 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -319,4 +319,31 @@ static inline gpa_t kvm_translate_gpa(struct kvm_vcpu *vcpu, return gpa; return translate_nested_gpa(vcpu, gpa, access, exception); } + +static inline gfn_t kvm_gfn_shared_mask(const struct kvm *kvm) +{ +#ifdef CONFIG_KVM_MMU_PRIVATE + return kvm->arch.gfn_shared_mask; +#else + return 0; +#endif +} + +static inline gfn_t kvm_gfn_to_shared(const struct kvm *kvm, gfn_t gfn) +{ + return gfn | kvm_gfn_shared_mask(kvm); +} + +static inline gfn_t kvm_gfn_to_private(const struct kvm *kvm, gfn_t gfn) +{ + return gfn & ~kvm_gfn_shared_mask(kvm); +} + +static inline bool kvm_is_private_gpa(const struct kvm *kvm, gpa_t gpa) +{ + gfn_t mask = kvm_gfn_shared_mask(kvm); + + return mask && !(gpa_to_gfn(gpa) & mask); +} + #endif diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 245be29721b4..59d170709f82 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -953,6 +953,11 @@ static int tdx_td_init(struct kvm *kvm, struct kvm_tdx_cmd *cmd) kvm_tdx->attributes = td_params->attributes; kvm_tdx->xfam = td_params->xfam; + if (td_params->exec_controls & TDX_EXEC_CONTROL_MAX_GPAW) + kvm->arch.gfn_shared_mask = gpa_to_gfn(BIT_ULL(51)); + else + kvm->arch.gfn_shared_mask = gpa_to_gfn(BIT_ULL(47)); + out: /* kfree() accepts NULL. */ kfree(init_vm); -- 2.25.1