Received: by 2002:a05:7412:5112:b0:fa:6e18:a558 with SMTP id fm18csp193847rdb; Mon, 22 Jan 2024 17:13:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IFtiVdrQZzNKLEjxaYeMXKQVGf5+baiBXlxegfvLN0xbqb4bQc//pLF2IVBEecjApwvmCyw X-Received: by 2002:a05:6358:c84:b0:176:5c75:b34d with SMTP id o4-20020a0563580c8400b001765c75b34dmr2037627rwj.2.1705972432673; Mon, 22 Jan 2024 17:13:52 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705972432; cv=pass; d=google.com; s=arc-20160816; b=a/sPfPFv5KwjXh2aQtsCY3KkNkhV0Xzsl6h0G9k1cSG6omE956FWKky4ow47N8QPVH kri0H/N+zZPQQTqglzugdhidDkawGhYzVX6OF2e7AvlB1XaP+oq85rxU46HqRB8rVB+e vBFW0G1ZPiRwWli6dsmBMk4fogpJDRI5FM6oFu5Vp7XMBvSGxKGrXUuU6vTSdxJEYDB7 BNgyVUavVIyhSWlCd6ted06ZkA0WmV7gKvOpeRsTjkiaDcPRSDHRe0A7hc0TUo/15d1j ARxhXdvS/jA/DZjbTrXKMJWw8qRpPw0+ikwO1Cydy5Y0j37/JZDcVOyCNG53GaXNbZTg NWWw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=y7v7ZDPbin4lPgALln9/UaLAmY3UOnp8YRb2R8Oc/qU=; fh=Itbyk7CEvizIrzGEESCqq3I2tZgG1kc/GkVOa3S7Hsg=; b=C38g4/WWBrlR/5ZSQ4wNQ+jhjjf8o9zoERvsvIH5aMuwl0noIK+2mRggi3Z1Ivlu8S eWpmZBa9QNYr0JU4d8YtlTF0R4Wn1Qfz8/nvK340lIIAmSEkv/IB2743ehgRUYPjUeX/ m2su9QSFP32nhy0lyi92y/5Zf/PPF0PIqyuytrhjZAbHGK2nfkxxfkv8wVpRgKx9OQw5 DLKGxGXTcVtyXxBluLoZBA1W0wOuuR9lTNnnGU1N/M1emwPmFHNv+khNUprTXe90+VMi jptATq1p6WMcdsbRz0zt9h53+ORPWXSl1JHAl41xaliRjrlleREz8Sz38jXDBSBrYG/6 Wn1A== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=EJX9jA7p; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-34349-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-34349-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id j13-20020a17090a318d00b0029092ac17e1si3084361pjb.145.2024.01.22.17.13.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jan 2024 17:13:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-34349-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=EJX9jA7p; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-34349-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-34349-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 3AD5AB2AB86 for ; Tue, 23 Jan 2024 00:43:44 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 710085FDDC; Mon, 22 Jan 2024 23:55:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="EJX9jA7p" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 237645FB80; Mon, 22 Jan 2024 23:55:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.11 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705967730; cv=none; b=FG0HU89jIggva14jOWFZrRCNqnI3M5nKNuoaTgh5XvXS+9novdTm+P4Dk3avyRYgQ2Ew9ycTXo2hbk+FXJagL3yERWsROg0Y807h5nRGqWENWJRI0dg5Ntiw4JxrFJtukYb3zN86qJH/UrM0lkFeXv166I/lJV0sdl7k73rnPr0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705967730; c=relaxed/simple; bh=oQj7us7q3FR7iciI/KFvHntTbSJoyyyxGgw23IGrLK0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=o30SH0StbybvIxeTdV6V3YU+bZgIapB9kDNcRnrlLnNX4cvnAV239bTdgCoDhxaOks/M1xYhR6Y1bARMUC/PT48W7ozeACWFgcHElDXrqp7guxX9Z4au1KCPPcq7kR1F7U2Gi0crSMBzhw82LvvDtMyncdFENNo/o883Nzvrlq4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=EJX9jA7p; arc=none smtp.client-ip=198.175.65.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1705967729; x=1737503729; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=oQj7us7q3FR7iciI/KFvHntTbSJoyyyxGgw23IGrLK0=; b=EJX9jA7pilfR2k75tkRwl5lijOgfB2S44bPsrzhJ/HlKgtFzNZdsyEqq Xom13F9K7yNjWvArfNXNYsXD29tYMSwdWdnja5VFHILoPYYakQn7e1utN CE5KCn2/kvk54sUsV4q5W0NX8FAKnyfOQ/RIU0qvjIHuzy2qc6FQ+mBg2 EC4vn4vjgfmJ3pRX8CrJTJLocb9S3hka8600c/EUA+SNUFWFI4PISPlmp cnxsAZBGYIQhyjWrlVZsRf3kLdNbF9XBpegOe30iiGSxNkaeuwqw/c15+ N54agYYv//NxkwQs+mbsyiF+5y+bdsPG7IE0qJ+s/PokbTVhZ5TPo6p/h A==; X-IronPort-AV: E=McAfee;i="6600,9927,10961"; a="8016352" X-IronPort-AV: E=Sophos;i="6.05,212,1701158400"; d="scan'208";a="8016352" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jan 2024 15:55:29 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,212,1701158400"; d="scan'208";a="1468076" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31]) by fmviesa004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jan 2024 15:55:28 -0800 From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , Kai Huang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com Subject: [PATCH v18 040/121] KVM: x86/mmu: Disallow fast page fault on private GPA Date: Mon, 22 Jan 2024 15:53:16 -0800 Message-Id: <91c797997b57056224571e22362321a23947172f.1705965635.git.isaku.yamahata@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Isaku Yamahata TDX requires TDX SEAMCALL to operate Secure EPT instead of direct memory access and TDX SEAMCALL is heavy operation. Fast page fault on private GPA doesn't make sense. Disallow fast page fault on private GPA. Signed-off-by: Isaku Yamahata Reviewed-by: Paolo Bonzini --- arch/x86/kvm/mmu/mmu.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index b2924bd9b668..54d4c8f1ba68 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -3339,8 +3339,16 @@ static int kvm_handle_noslot_fault(struct kvm_vcpu *vcpu, return RET_PF_CONTINUE; } -static bool page_fault_can_be_fast(struct kvm_page_fault *fault) +static bool page_fault_can_be_fast(struct kvm *kvm, struct kvm_page_fault *fault) { + /* + * TDX private mapping doesn't support fast page fault because the EPT + * entry is read/written with TDX SEAMCALLs instead of direct memory + * access. + */ + if (kvm_is_private_gpa(kvm, fault->addr)) + return false; + /* * Page faults with reserved bits set, i.e. faults on MMIO SPTEs, only * reach the common page fault handler if the SPTE has an invalid MMIO @@ -3450,7 +3458,7 @@ static int fast_page_fault(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault) u64 *sptep; uint retry_count = 0; - if (!page_fault_can_be_fast(fault)) + if (!page_fault_can_be_fast(vcpu->kvm, fault)) return ret; walk_shadow_page_lockless_begin(vcpu); -- 2.25.1