Received: by 2002:ab2:2994:0:b0:1ef:ca3e:3cd5 with SMTP id n20csp481976lqb; Thu, 14 Mar 2024 18:09:55 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWMSgIOQPZaxrhlLE5i0o/SQTmmR77yBCpZduk9INBg4H7vWcZDe1tWNg1mLxj7zxrJwUdqeCGgK5onY+436EL7R1zAPW6vTKVuqxQteQ== X-Google-Smtp-Source: AGHT+IGFshRyqIvnhAeJDyzja5Ds5uqz7QwSE9g6Poc+52AIKNPSzXsqTW4s4/oSbQDzGWMqzoTf X-Received: by 2002:a17:906:f8c6:b0:a46:13a0:7db1 with SMTP id lh6-20020a170906f8c600b00a4613a07db1mr1749496ejb.7.1710464995086; Thu, 14 Mar 2024 18:09:55 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710464995; cv=pass; d=google.com; s=arc-20160816; b=yLy8MOOvLheMqjKn4W7pdBsZ37YZMXllS2qGLaAlWxabDS9ZQgX2p+Hiw5CgoLxZi7 jycLA1upJCAJi0IKVEkGdeAn/X0pmSBvnTkIRbE6oUllYTDlmqw8af1EqAwUtZbhAfO5 +0tZZV4Vr7BPdf0ffV1w5/KCk4DR71J3+zBFFP2CvoqL7euL/oikWxvWNhTePvtHUQui FhQEV2Kf/evkB1smdKVbHt8S/S/HQIJAR0gfoWyNH1L1N4Jm8w55kaOiJ+334u9Y9dnR 4V1kZFWk9EOyxCWwfmLc2OAm1FsvfuYgcdchQSYMtm4pVBUomSvhpYXrmGX9ZrlGjvZd qG3g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=yK4UV7xTtMW4iG47FcqjlKUo83G4sZFfXPyyXbIQ9JI=; fh=dv0c3LkRYbk6dLUn18yUmqSj8NUNR9OCxIrEQvikbvM=; b=IFjA3L9XLPMFBDgFWNFjXUHxTtKAewaGJyvkdiaSt3hDGHwZ5trxSolYlgBC/BhrwF mbfljGKI+PJyXmkJRR4roGYpP0wMMVOzxAK3aoEuLzsuNIUXpGV3M96QsYktEPYyZDY3 sOu3Kc0+yUtO1NHkmbgAtwGETnJBTX9GO44Lw5eydHaArdj9+G/1ugmodvrCnjjdnwCA YU6FpxD8v5+fQHKeN+i1agjDE3AFOTlXrToIj1WsLCj/c/iq6fZwLNc901GPV+EdoTEc /cJhiYbjgh9tbMAEQ5f2O4rPfe5Di9c5qeQePL/F4Pfwuvk9sFFujUDrRzpTQRAJ/pXa GCPQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=fGw9Ijn1; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-103952-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-103952-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id z8-20020a170906240800b00a464e1bdd25si1267878eja.615.2024.03.14.18.09.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Mar 2024 18:09:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-103952-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=fGw9Ijn1; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-103952-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-103952-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id A20601F2209A for ; Fri, 15 Mar 2024 01:09:54 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id AFC184C8D; Fri, 15 Mar 2024 01:09:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="fGw9Ijn1" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A43D10E4; Fri, 15 Mar 2024 01:09:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.8 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710464984; cv=none; b=oh7T6t9a1UHyzha1BQgmwGzd5jlKOjYMlX0HBcOwrSNHHe8h3LXO3w1krLBSGtcm0VZeINM6BhKbFwWftRpEUYalbL+KQC5hSGMg1FE63d/YFfJhPdOigyezviySEdJ8DAygxUe8sqfs2jl2g5zJRLFXvo6o7Wd+L9cma3TMazY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710464984; c=relaxed/simple; bh=NGXrtRFb2eCniF9NsNPA6nZlg1KCam4uJIGqlAbZEUw=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=ew6YSE6l0KINFpnY1o6J9sO7x0azs30cczQZJ+fU1H65wRkptf0MCP+aMjlT/Z0UB6kzbTePZrv+C0E03iRWxutAYvmHyXQHQYohFmF1vdU+67YMVhCKnZZUj8ln/5ij915yxUhHoJBk0KI9ipApgdIUw0d2Q4O9u5dnIMeOu/c= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=fGw9Ijn1; arc=none smtp.client-ip=192.198.163.8 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1710464982; x=1742000982; h=date:from:to:cc:subject:message-id:references: mime-version:content-transfer-encoding:in-reply-to; bh=NGXrtRFb2eCniF9NsNPA6nZlg1KCam4uJIGqlAbZEUw=; b=fGw9Ijn1CsVnSQbgaq7JO0kfEdvdGmOURoLwHgkr1uF6Yx9FdABp4ESc G85+Q4ioiFbJNOVV2gMafiYtrvSkRCTe1nX5uxWGzF4Ul2/mBRQ1x4mZ2 4EOyik4KfP1hTMw9ndVDMrsanatb+oVJM6RMza08keju1gpFgLyPBFN5u FMYTGGxBvSeptcn9wp6mNFwZLqYluozxW2qWof0f9W6dQE5X/yBI5m2in 1jpWMNsIEzNnaOVY2xEq95Srz42QTvCh0wE6e0AXz4c97w98hvKBitZGL wFXzxFGFbPL6151k91kU2F7vWQPScvNYSK1q4nGPwDrMtGYixNGyltwnk Q==; X-IronPort-AV: E=McAfee;i="6600,9927,11013"; a="22839256" X-IronPort-AV: E=Sophos;i="6.07,127,1708416000"; d="scan'208";a="22839256" Received: from orviesa008.jf.intel.com ([10.64.159.148]) by fmvoesa102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Mar 2024 18:09:41 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,127,1708416000"; d="scan'208";a="13106051" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31]) by orviesa008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Mar 2024 18:09:40 -0700 Date: Thu, 14 Mar 2024 18:09:40 -0700 From: Isaku Yamahata To: "Edgecombe, Rick P" Cc: "Huang, Kai" , "Yamahata, Isaku" , "Zhang, Tina" , "seanjc@google.com" , "Yuan, Hang" , "binbin.wu@linux.intel.com" , "Chen, Bo2" , "sagis@google.com" , "isaku.yamahata@gmail.com" , "linux-kernel@vger.kernel.org" , "Aktas, Erdem" , "kvm@vger.kernel.org" , "pbonzini@redhat.com" , "isaku.yamahata@linux.intel.com" Subject: Re: [PATCH v19 058/130] KVM: x86/mmu: Add a private pointer to struct kvm_mmu_page Message-ID: <20240315010940.GE1258280@ls.amr.corp.intel.com> References: <9d86b5a2787d20ffb5a58f86e43601a660521f16.1708933498.git.isaku.yamahata@intel.com> <50dc7be78be29bbf412e1d6a330d97b29adadb76.camel@intel.com> <20240314181000.GC1258280@ls.amr.corp.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Thu, Mar 14, 2024 at 09:39:34PM +0000, "Edgecombe, Rick P" wrote: > On Fri, 2024-03-15 at 10:23 +1300, Huang, Kai wrote: > > We have 3 page tables as you mentioned: > > > > PT: page table > > - Shared PT is visible to KVM and it is used by CPU. > > - Private PT is used by CPU but it is invisible to KVM. > > - Dummy PT is visible to KVM but not used by CPU.  It is used to > >    propagate PT change to the actual private PT which is used by CPU. > > > > If I recall correctly, we used to call the last one "mirrored > > (private) > > page table". > > > > I lost the tracking when we changed to use "dummy page table", but it > > seems to me "mirrored" is better than "dummy" because the latter > > means > > it is useless but in fact it is used to propagate changes to the real > > private page table used by hardware. > > Mirrored makes sense to me. So like: > > Private - Table actually mapping private alias, in TDX module > Shared - Shared alias table, visible in KVM > Mirror - Mirroring private, visible in KVM > > > > > Btw, one nit, perhaps: > > > > "Shared PT is visible to KVM and it is used by CPU." -> "Shared PT is > > visible to KVM and it is used by CPU for shared mappings". > > > > To make it more clearer it is used for "shared mappings". > > > > But this may be unnecessary to others, so up to you. > > Yep, this seems clearer. Here is the updated one. Renamed dummy -> mirroed. When KVM resolves the KVM page fault, it walks the page tables. To reuse the existing KVM MMU code and mitigate the heavy cost of directly walking the private page table, allocate one more page to copy the mirrored page table for the KVM MMU code to directly walk. Resolve the KVM page fault with the existing code, and do additional operations necessary for the private page table. To distinguish such cases, the existing KVM page table is called a shared page table (i.e., not associated with a private page table), and the page table with a private page table is called a mirrored page table. The relationship is depicted below. KVM page fault | | | V | -------------+---------- | | | | V V | shared GPA private GPA | | | | V V | shared PT root mirrored PT root | private PT root | | | | V V | V shared PT mirrored PT ----propagate----> private PT | | | | | \-----------------+------\ | | | | | V | V V shared guest page | private guest page | non-encrypted memory | encrypted memory | PT: Page table Shared PT: visible to KVM, and the CPU uses it for shared mappings. Private PT: the CPU uses it, but it is invisible to KVM. TDX module updates this table to map private guest pages. Mirrored PT: It is visible to KVM, but the CPU doesn't use it. KVM uses it to propagate PT change to the actual private PT. -- Isaku Yamahata