Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp1176811rbb; Mon, 26 Feb 2024 00:44:54 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVAEsLFQwLG91b4x89tRZvaEsXW752PKvBRThzAy1tz3EBUR8naz8BPQ64g1mW2lkti9CrLY4704E7v4z50HiENSWXU7136wV4kV5vr5Q== X-Google-Smtp-Source: AGHT+IEU9wXJ7m4hZTYRThY3tuld3CMATYKzFY7oYAwJaRtAdJqzE3G/PrcAFYVFM6+54NeUxh42 X-Received: by 2002:a05:6102:f06:b0:471:e02e:c7e6 with SMTP id v6-20020a0561020f0600b00471e02ec7e6mr3217506vss.10.1708937094239; Mon, 26 Feb 2024 00:44:54 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708937094; cv=pass; d=google.com; s=arc-20160816; b=q0OaBT2pMbCauLWAOCJ4YW8x2I1hWgLhI25MoAnmyyOXC3wGFIrBkVPW9tH62pvMYl rzMWhekmrTt2CNtK3pnw8en20HPOMx7ZxjM0Se0EmL1/8wgEAr6Z+0lgtvq2roVg+sPm SNUJ9atwCuRujLQ3ShGkcSfCn11CFjRDZH5iDaqh8v9cUUXoISEN5Z+yx0DgoOi2KXbS RLAbjiU1hM0yuHfMg00HK2fGjeOFDwdJJYrrrcdDuk5ADFC/Gss3GD9F+LoIpuL7LiAn wruAaNEFhouBVd4PKPSZwLT1iB/pIIuc0CF3jqNCxdIJQ2it1Js4Qwipnp57RGJE2XJT g4HQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=/T4QY4bxIPzKnE+qw3wcvJYjAM6SFbqjNgnXTl0dXks=; fh=GU4KR9NKf1qQHjmWlEi4zSAEAxyD6Pa0rUGDupPjr4Q=; b=V6iDVQ2IGLiN7AxLLNZHiHdFjfuRLABDI0XfnNA6z4LhLYnlUTrHidzqh//XOWDxQg jkM1Gh6xljtjaIfRpbTcyA8jNSypNy0E3OMUs6fC/rZ6+oeB1NCAZlKimzbk44MpCBP5 WcfqK4XtoVgw3Xb4zXoPQ+JeKrAsh4WiFPPhxIP4zqC4/yIqSxnzqDQ+/ghsrxlgOn0E 9dsquc8SB00CEZmUhmFVQkmHogEwM4+kdVeLLpvki9zutv+xgKOJd5+kCgUuNMKRQjs6 oa6FcE5XLKjtIfZkWEZ2ojQrYCuNdOxSQSdLDnrTby2rmbZM5Lije2RCuA57Y8rIvVqt tsfA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=ic9reTHp; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-80814-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-80814-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id 22-20020ac85756000000b0042c2d914903si4895686qtx.760.2024.02.26.00.44.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Feb 2024 00:44:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-80814-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=ic9reTHp; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-80814-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-80814-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 034C71C21ECD for ; Mon, 26 Feb 2024 08:44:54 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 40646604C1; Mon, 26 Feb 2024 08:28:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="ic9reTHp" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 737115FDAF; Mon, 26 Feb 2024 08:28:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708936100; cv=none; b=MGDrCyWrqjud1rRcP3nDMjpJKnxQik0eCvRnMsjPEG7J6rXfKKWWgWcn7RVwgek6LiqQ2EFr0w2iR1M3KhNTRmg5lfmQKB+uLgmukTTqgLK2iPrl/FMatH+O/HEAKXnPlK1izs7iT8oW8V3oLrjCD+HA9REkM/5ttnLu+fsbENY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708936100; c=relaxed/simple; bh=F2Aq5/aMdhbNlEsFZSbUWHxeFsIV+hsLMCdd356a0sA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=QAdx+35Sfilj71eBECALqBfp8HpdLqbwr+YkDtg9dpWgInCi/80AYz6k/ByM673FEXm6u+ypptwRXlcTgivNaTtqAZTqSwenihd4EMIaddT7aRPFNfl7uCc2wN6VUL/DiA0pxUL8uX24vRdsj5s92BJHsJnYnOnXHMYlTeLxkZs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=ic9reTHp; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1708936098; x=1740472098; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=F2Aq5/aMdhbNlEsFZSbUWHxeFsIV+hsLMCdd356a0sA=; b=ic9reTHpRInzMtCmwML4COq2IRqv2HnGLk5075regJrHirutjdcYEtpp MCe5FBJVRF4In/47/BX6i4+Xq/uK4RTe28FTjBOa4IQxfYRQp8jRsKHiS MKbnurSw0AfC/MAR46rtO3vqNXKtfw0KgVURkZWGqUK8zcGjpxB7Rw0Kt gkoqCBZwBf+E4/gBv31/ENKAz+JStgLfK21VjiT+bUnyKgk/2UgEsAYwK pCcL2ubYgqvkHbFXH0+77ty0yo5Dw2TWkA/B7rvE61leJ58k96XFtWA15 r5h84fsrq4siR97hHcEzZ4qhhS1St203OerndOUQGHRsQVlRol2UO4zCR w==; X-IronPort-AV: E=McAfee;i="6600,9927,10995"; a="6155396" X-IronPort-AV: E=Sophos;i="6.06,185,1705392000"; d="scan'208";a="6155396" Received: from orviesa009.jf.intel.com ([10.64.159.149]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Feb 2024 00:28:13 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.06,185,1705392000"; d="scan'208";a="6615830" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31]) by orviesa009-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Feb 2024 00:28:13 -0800 From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , Kai Huang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com, Binbin Wu Subject: [PATCH v19 053/130] KVM: x86/mmu: Disallow fast page fault on private GPA Date: Mon, 26 Feb 2024 00:25:55 -0800 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Isaku Yamahata TDX requires TDX SEAMCALL to operate Secure EPT instead of direct memory access and TDX SEAMCALL is heavy operation. Fast page fault on private GPA doesn't make sense. Disallow fast page fault on private GPA. Signed-off-by: Isaku Yamahata Reviewed-by: Paolo Bonzini Reviewed-by: Binbin Wu --- v19: - updated comment to mention VM type other than TDX. --- arch/x86/kvm/mmu/mmu.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 84e7a289ad07..eeebbc67e42b 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -3339,8 +3339,18 @@ static int kvm_handle_noslot_fault(struct kvm_vcpu *vcpu, return RET_PF_CONTINUE; } -static bool page_fault_can_be_fast(struct kvm_page_fault *fault) +static bool page_fault_can_be_fast(struct kvm *kvm, struct kvm_page_fault *fault) { + /* + * TDX private mapping doesn't support fast page fault because the EPT + * entry is read/written with TDX SEAMCALLs instead of direct memory + * access. + * For other VM type, kvm_is_private_gpa() is always false because + * gfn_shared_mask is zero. + */ + if (kvm_is_private_gpa(kvm, fault->addr)) + return false; + /* * Page faults with reserved bits set, i.e. faults on MMIO SPTEs, only * reach the common page fault handler if the SPTE has an invalid MMIO @@ -3450,7 +3460,7 @@ static int fast_page_fault(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault) u64 *sptep; uint retry_count = 0; - if (!page_fault_can_be_fast(fault)) + if (!page_fault_can_be_fast(vcpu->kvm, fault)) return ret; walk_shadow_page_lockless_begin(vcpu); -- 2.25.1