Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp1176117rbb;
        Mon, 26 Feb 2024 00:42:38 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCUa3/bAYNz/On0LaFcJGKQAsdOZgGvmQgyUbj+FZIb5mFECHkLMCfxMKAuIE8tf4fptV/QNeTCml//5sJdpCJZZ065PkQyWnxCDsW9tRg==
X-Google-Smtp-Source: AGHT+IGwOFQOt7fk1tU6UDz3qSWUX/vpPGlYF5Fg6qaghcx/0PRbG/kB94tzYcNlHm6I/fz0i9Qn
X-Received: by 2002:a17:906:79d7:b0:a43:1862:d7b with SMTP id m23-20020a17090679d700b00a4318620d7bmr2158328ejo.15.1708936958545;
        Mon, 26 Feb 2024 00:42:38 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1708936958; cv=pass;
        d=google.com; s=arc-20160816;
        b=aGyiy4+c3gbL8W/8mMANAG1uwdf2sMpKoxeuF5CxIx1DiqjdihQNUx4Iltij7ul3+U
         9Bm6zzZonVzlFfsQti0WYSA3Mx+QNPSpVU3xEVCeZ83Fg9w3wjj8kLU085I8JmXcUkGb
         kifgKoweO0sdKLtCSShsGpJcxvxS2aJEvHtNQOjVB8Xb1dhDOp1V/szBm4c4xLMTJiW1
         tS6FjNIbnXqcSilKP9vh1dm+3A3znCG3wiJpYjHmXjvEgSTCRoKbfmuMyoI4mK5j7Sae
         BlgZcNPpFRc9EO0W2oEz7SgwyNrPYcoTY+EHXKJ3z11Mz+Vd5J8abZrj/GCEkEkACEz/
         JZ+g==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=TYUxC9iLgbuktXcYkhwCj4peISsSaLE84T9TjJpc9bE=;
        fh=S21YwSGoMw/StZm+ujHq6Np/5nOCSDy/zTTs769zpDE=;
        b=vHgVtn8wXf9DJS/fAwFg6E+4gT6qGpQaexXdhxQTA/QO4eM+bb3m9RbKZryJ47ZwC+
         jB5g2WLATfnLvYYShmMJV2oTIy0rfyJZdhdB5dPZDLTp1/fXobTR/B1G4NdCy5rdwYmN
         9cTUNcdGyKX2b8Si3sYPpguzFhQJRu4s/1FD9rmebJqdZL9jsV0tSDCpf7FMa89Sw0H+
         ZIstlZfblnUjeMVUvJ09VGy/fYv59nUb/L7x3yq0Hd+RwCa3gKEDzXeeOhgL8hqFlQ9s
         GvvPkEIZh85xNocPh9VPRzq6Zz0IJWvfxXNcaLxBG+BHp0R65a0BV9Fg8kn5KqeAIm8q
         UYcA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=Q8kaec9r;
       arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com);
       spf=pass (google.com: domain of linux-kernel+bounces-80807-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-80807-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel+bounces-80807-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id ne9-20020a1709077b8900b00a3efe50f1fcsi2020360ejc.319.2024.02.26.00.42.38
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 26 Feb 2024 00:42:38 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-80807-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=Q8kaec9r;
       arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com);
       spf=pass (google.com: domain of linux-kernel+bounces-80807-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-80807-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 1CF171F242F0
	for <linux.lists.archive@gmail.com>; Mon, 26 Feb 2024 08:42:24 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id ADC0E5D72B;
	Mon, 26 Feb 2024 08:28:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Q8kaec9r"
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 464A05EE9B;
	Mon, 26 Feb 2024 08:28:11 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1708936093; cv=none; b=imq5Q2hk34yP/2sZK6zbs4DIU86UxVILaokfD7EHOB+QfAkcPJ9MUxJ6XgDwwBd1BU7MQjx6E8IqsDK7iJfpEhamJWl9KcrrR57FhQ7UxWLw50PWE7G3danC2VlUv3Xx0FqkwjqMis+PNF3NMyakZy+1rIH1Mu/DCY0ViYKom2o=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1708936093; c=relaxed/simple;
	bh=D+jzGkz5XMS9nEYBnMXKeOkISdExJrH5pF6akuAEA/U=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version; b=bhnAuHlEzae/UL1eKrBYkyjlb3cb9oEw+loF+UZjkttps6900meAsobiaQFiNGZK9DpSwBu1uWWKKoKQLIo9cvYZs0yqFNJNsYz4Zv4zJybS/+7HcHJmjMPVHix6vlFSDQdLzC3K6vTsfSi+pBZFnVj+lQnEz6SRqcG/8yxQ2Nw=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Q8kaec9r; arc=none smtp.client-ip=192.198.163.13
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1708936091; x=1740472091;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=D+jzGkz5XMS9nEYBnMXKeOkISdExJrH5pF6akuAEA/U=;
  b=Q8kaec9rLQ2VmGOomF57fDYoi/0oTOS092v9sT1crly2kPLxmDh/09PP
   7ZsopVvnuT0x9WUtprx/mS+ocvsTcRObSfyIqT41rA8AIHkEkSnBId40X
   JoA1v9kANu9gnQIvULmgJy3HZMSJrriU5SQNSRBiogi4carzkDzBK2V+7
   2/0jrz42x6cWCnLJP5x2OWxM0z8+pnlrluVMZh5X/bz8ohgM1VSHhCly2
   BO2RNc8bvHT7VslF+88hBSQ0O6WKN/jJ4VinmuW865FptqN1/joMZkr99
   tUrGDxxaMSt0xpSdOdOOBeEhLGY2v8a+GUwTyZ1T1YYON70uHscCiZre0
   w==;
X-IronPort-AV: E=McAfee;i="6600,9927,10995"; a="6155357"
X-IronPort-AV: E=Sophos;i="6.06,185,1705392000"; 
   d="scan'208";a="6155357"
Received: from orviesa009.jf.intel.com ([10.64.159.149])
  by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Feb 2024 00:28:07 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.06,185,1705392000"; 
   d="scan'208";a="6615766"
Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31])
  by orviesa009-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Feb 2024 00:28:07 -0800
From: isaku.yamahata@intel.com
To: kvm@vger.kernel.org,
	linux-kernel@vger.kernel.org
Cc: isaku.yamahata@intel.com,
	isaku.yamahata@gmail.com,
	Paolo Bonzini <pbonzini@redhat.com>,
	erdemaktas@google.com,
	Sean Christopherson <seanjc@google.com>,
	Sagi Shahar <sagis@google.com>,
	Kai Huang <kai.huang@intel.com>,
	chen.bo@intel.com,
	hang.yuan@intel.com,
	tina.zhang@intel.com,
	Rick Edgecombe <rick.p.edgecombe@intel.com>,
	Binbin Wu <binbin.wu@linux.intel.com>
Subject: [PATCH v19 046/130] KVM: x86/mmu: Add address conversion functions for TDX shared bit of GPA
Date: Mon, 26 Feb 2024 00:25:48 -0800
Message-Id: <973a3e06111fe84f2b1e971636cbaa3facf7b120.1708933498.git.isaku.yamahata@intel.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1708933498.git.isaku.yamahata@intel.com>
References: <cover.1708933498.git.isaku.yamahata@intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

From: Isaku Yamahata <isaku.yamahata@intel.com>

TDX repurposes one GPA bit (51 bit or 47 bit based on configuration) to
indicate the GPA is private(if cleared) or shared (if set) with VMM.  If
GPA.shared is set, GPA is covered by the existing conventional EPT pointed
by EPTP.  If GPA.shared bit is cleared, GPA is covered by TDX module.
VMM has to issue SEAMCALLs to operate.

Add a member to remember GPA shared bit for each guest TDs, add address
conversion functions between private GPA and shared GPA and test if GPA
is private.

Because struct kvm_arch (or struct kvm which includes struct kvm_arch. See
kvm_arch_alloc_vm() that passes __GPF_ZERO) is zero-cleared when allocated,
the new member to remember GPA shared bit is guaranteed to be zero with
this patch unless it's initialized explicitly.

			default or SEV-SNP	TDX: S = (47 or 51) - 12
gfn_shared_mask		0			S bit
kvm_is_private_gpa()	always false		true if GFN has S bit set
kvm_gfn_to_shared()	nop			set S bit
kvm_gfn_to_private()	nop			clear S bit

fault.is_private means that host page should be gotten from guest_memfd
is_private_gpa() means that KVM MMU should invoke private MMU hooks.

Co-developed-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>
---
v19:
- Add comment on default vm case.
- Added behavior table in the commit message
- drop CONFIG_KVM_MMU_PRIVATE

v18:
- Added Reviewed-by Binbin

Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
---
 arch/x86/include/asm/kvm_host.h |  2 ++
 arch/x86/kvm/mmu.h              | 33 +++++++++++++++++++++++++++++++++
 arch/x86/kvm/vmx/tdx.c          |  5 +++++
 3 files changed, 40 insertions(+)

diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 5da3c211955d..de6dd42d226f 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1505,6 +1505,8 @@ struct kvm_arch {
 	 */
 #define SPLIT_DESC_CACHE_MIN_NR_OBJECTS (SPTE_ENT_PER_PAGE + 1)
 	struct kvm_mmu_memory_cache split_desc_cache;
+
+	gfn_t gfn_shared_mask;
 };
 
 struct kvm_vm_stat {
diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h
index d96c93a25b3b..395b55684cb9 100644
--- a/arch/x86/kvm/mmu.h
+++ b/arch/x86/kvm/mmu.h
@@ -322,4 +322,37 @@ static inline gpa_t kvm_translate_gpa(struct kvm_vcpu *vcpu,
 		return gpa;
 	return translate_nested_gpa(vcpu, gpa, access, exception);
 }
+
+/*
+ *			default or SEV-SNP	TDX: where S = (47 or 51) - 12
+ * gfn_shared_mask	0			S bit
+ * is_private_gpa()	always false		if GPA has S bit set
+ * gfn_to_shared()	nop			set S bit
+ * gfn_to_private()	nop			clear S bit
+ *
+ * fault.is_private means that host page should be gotten from guest_memfd
+ * is_private_gpa() means that KVM MMU should invoke private MMU hooks.
+ */
+static inline gfn_t kvm_gfn_shared_mask(const struct kvm *kvm)
+{
+	return kvm->arch.gfn_shared_mask;
+}
+
+static inline gfn_t kvm_gfn_to_shared(const struct kvm *kvm, gfn_t gfn)
+{
+	return gfn | kvm_gfn_shared_mask(kvm);
+}
+
+static inline gfn_t kvm_gfn_to_private(const struct kvm *kvm, gfn_t gfn)
+{
+	return gfn & ~kvm_gfn_shared_mask(kvm);
+}
+
+static inline bool kvm_is_private_gpa(const struct kvm *kvm, gpa_t gpa)
+{
+	gfn_t mask = kvm_gfn_shared_mask(kvm);
+
+	return mask && !(gpa_to_gfn(gpa) & mask);
+}
+
 #endif
diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index aa1da51b8af7..54e0d4efa2bd 100644
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -906,6 +906,11 @@ static int tdx_td_init(struct kvm *kvm, struct kvm_tdx_cmd *cmd)
 	kvm_tdx->attributes = td_params->attributes;
 	kvm_tdx->xfam = td_params->xfam;
 
+	if (td_params->exec_controls & TDX_EXEC_CONTROL_MAX_GPAW)
+		kvm->arch.gfn_shared_mask = gpa_to_gfn(BIT_ULL(51));
+	else
+		kvm->arch.gfn_shared_mask = gpa_to_gfn(BIT_ULL(47));
+
 out:
 	/* kfree() accepts NULL. */
 	kfree(init_vm);
-- 
2.25.1