Received: by 2002:ab2:1347:0:b0:1f4:ac9d:b246 with SMTP id g7csp51007lqg;
        Wed, 10 Apr 2024 15:10:29 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCVX/WzXbKYo0WzobdSLmRk/TRfqbJUAy59Itps6H1GfuNngMBaa053OkhLPKc9HR+Uot9tmLpGtzX3Xirax0wTVxPmva6psrRq/F6FqUw==
X-Google-Smtp-Source: AGHT+IEktqMKW/b1W3/B0sJUoOCpuYrmnnXz/ydBP1p7Kj2oF9oSfuv+mD9qrB8YECGXOHPfcSRu
X-Received: by 2002:a19:e019:0:b0:516:d1ba:ca70 with SMTP id x25-20020a19e019000000b00516d1baca70mr3211871lfg.31.1712787029639;
        Wed, 10 Apr 2024 15:10:29 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1712787029; cv=pass;
        d=google.com; s=arc-20160816;
        b=oS3gf6mSy50ISV2d81g2vUaxAR5Su7gq+YEAkUcuvophl+KPyvV21/Ik7nTM+mCnFS
         eVZZ+H/8V1yNCEhkvmFNaPZvA9BEYjwGvEH0aa5sDt9Jdyp+++SfrPMystWsW/EDoTuS
         o9zs0n1Fr2wHfJ8jxHxIbYWitXSLW5lo8KYmBe4NjvAhUgyCIA3EZe90kTPIAtF5swar
         0j7x3SluaYUNgINlnyjwR+R1lObOsEVQnk9FrTFQSKsXz2VfzjQ8B34DMAGfBX21S76T
         +BbaAwciRQQW1WZSrtDuS4V3FoDS23b037v9hO3Njze/DfVUDFEZ7INN/e9M6aspCJ7K
         mnkw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=9mWXfn3lMYlyuwmCHz9tGsFJeMjw8qi7nx6Z+HKnU1s=;
        fh=6GvjuWek5e/NmuoNTFo6o746VvXwCIN6aC0mGYYr2FM=;
        b=OpDrYYgaKWkH6xzkt9BOBo5HSmKTCjo6QKwGA/tNFp5rkdgp1p4Gdi9lmwloBvIKDR
         JPt8vuGCcOv2kMtswyrv2kOXY9lb46GW/wDrYgk90kzMLCIA9MG9h7BI+xJCmRfw58lI
         tJcyhhupCpwngMTZNcJ9Zsv+Xd/i268zFjFHLL6wJNWR3BLJtwQmyJf1nHW6c+q8KJhW
         YjJSHWVUG8lMVlRKfcioN7N0MdRLg8wWLSOd9HnA/gOTDZDB5gl9aoSMsYdg7aisHj6K
         QGfBdCa4Hl534A69nPWzIbTQpDjR4Sz3oQ5JLgvdvai7gTTVRi0yd4nUW01itYhCw0A8
         HIXw==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=AxjLXnsR;
       arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com);
       spf=pass (google.com: domain of linux-kernel+bounces-139406-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-139406-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel+bounces-139406-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3])
        by mx.google.com with ESMTPS id re23-20020a170906d8d700b00a51c867550fsi72562ejb.16.2024.04.10.15.10.29
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 10 Apr 2024 15:10:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-139406-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=AxjLXnsR;
       arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com);
       spf=pass (google.com: domain of linux-kernel+bounces-139406-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-139406-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 5E2071F21F45
	for <linux.lists.archive@gmail.com>; Wed, 10 Apr 2024 22:10:29 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 90E0A18412B;
	Wed, 10 Apr 2024 22:08:02 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="AxjLXnsR"
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D149B194C90;
	Wed, 10 Apr 2024 22:07:59 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.17
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1712786881; cv=none; b=NRY6yA2F0ELMBNPJyqDyErwyGux3MH5Fmg6JkvsAHdO9MKqWUB89WXBGgeC2pUz/BBF6byqyXcVGFFfo/L6EOKEbK+i7QjUhsmmvDVh005idVTM4XTpi8rc3gm5IRJJb8j0/2ShvdOYJfPt/iBNsntd/zB0+r6vshULdF9g4/os=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1712786881; c=relaxed/simple;
	bh=ETl8+5bXAMNCbp6iq0APgR1yrZku3CsPb2HTapGc37k=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version; b=hTGFDguRK4agX6bNfPuz2XCOLPGyXX2QVgmcQ9ELl52IQFwiM9d5UTihRHxPPopUbj4nVPGrI85al4kO9AYMIZmMejd9R/DPgKNupeEiXxG9n7lM1BGJLvZvnv1CFEYCSdatiyi0JaEuX7pibhkozZB/jzMfvOHq3nBUIHZfsAQ=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=AxjLXnsR; arc=none smtp.client-ip=192.198.163.17
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1712786880; x=1744322880;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=ETl8+5bXAMNCbp6iq0APgR1yrZku3CsPb2HTapGc37k=;
  b=AxjLXnsRzgJvK3p6bV+atyo9KW9rQm0abU8hgP6WOGFZJbuNqZvMT+D3
   1cLLn860RorEcdz27ed25jPlSR/6wYUin3iY94QGjsP960NjAKRk82wyV
   Z6JKZCPWIMlWtDrko45EiV5wNEqYdRa3xJ/tdtVRot+DTlYPspUq44u+y
   iSM4oscE1uICsM3k4341vlHJ1oYkeV2tBCU8nH+ZB8V6ECin2ThdTBqnO
   vBMQuNr/mw5/R3z4norW+xVl94I3hfxzDqB/2n8CylhMLu4zadQlguIYH
   CXQ0v+Jab6mvvLXkPzifAO1SzFlK8LE5mSddWbnlGgWOZV9CLa0RNYgzy
   g==;
X-CSE-ConnectionGUID: Jf5yLRruSPOtkjCBBMqBkA==
X-CSE-MsgGUID: 9yXba4t+SjiNZGmoSkr2BQ==
X-IronPort-AV: E=McAfee;i="6600,9927,11039"; a="8041148"
X-IronPort-AV: E=Sophos;i="6.07,191,1708416000"; 
   d="scan'208";a="8041148"
Received: from orviesa005.jf.intel.com ([10.64.159.145])
  by fmvoesa111.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Apr 2024 15:07:58 -0700
X-CSE-ConnectionGUID: dWoIIdVpTc+cUhlWEUNQkQ==
X-CSE-MsgGUID: fI8/2sUKQRKuXOH0I/dyrg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.07,191,1708416000"; 
   d="scan'208";a="25476323"
Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31])
  by orviesa005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Apr 2024 15:07:57 -0700
From: isaku.yamahata@intel.com
To: kvm@vger.kernel.org
Cc: isaku.yamahata@intel.com,
	isaku.yamahata@gmail.com,
	linux-kernel@vger.kernel.org,
	Sean Christopherson <seanjc@google.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Michael Roth <michael.roth@amd.com>,
	David Matlack <dmatlack@google.com>,
	Federico Parola <federico.parola@polito.it>,
	Kai Huang <kai.huang@intel.com>
Subject: [PATCH v2 08/10] KVM: x86: Add a hook in kvm_arch_vcpu_map_memory()
Date: Wed, 10 Apr 2024 15:07:34 -0700
Message-ID: <7194bb75ac25fa98875b7891d7929655ab245205.1712785629.git.isaku.yamahata@intel.com>
X-Mailer: git-send-email 2.43.2
In-Reply-To: <cover.1712785629.git.isaku.yamahata@intel.com>
References: <cover.1712785629.git.isaku.yamahata@intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

From: Isaku Yamahata <isaku.yamahata@intel.com>

Add a hook in kvm_arch_vcpu_map_memory() for KVM_MAP_MEMORY before calling
kvm_mmu_map_page() to adjust the error code for a page fault.  The hook can
hold vendor-specific logic to make those adjustments and enforce the
restrictions.  SEV and TDX KVM will use the hook.

In the case of SEV and TDX, they need to adjust the KVM page fault error
code or refuse the operation due to their restriction.  TDX requires that
the guest memory population must be before finalizing the VM.

Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
---
v2:
- Make pre_mmu_map_page() to take error_code.
- Drop post_mmu_map_page().
- Drop struct kvm_memory_map.source check.
---
 arch/x86/include/asm/kvm-x86-ops.h |  1 +
 arch/x86/include/asm/kvm_host.h    |  3 +++
 arch/x86/kvm/x86.c                 | 28 ++++++++++++++++++++++++++++
 3 files changed, 32 insertions(+)

diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h
index 5187fcf4b610..a5d4f4d5265d 100644
--- a/arch/x86/include/asm/kvm-x86-ops.h
+++ b/arch/x86/include/asm/kvm-x86-ops.h
@@ -139,6 +139,7 @@ KVM_X86_OP(vcpu_deliver_sipi_vector)
 KVM_X86_OP_OPTIONAL_RET0(vcpu_get_apicv_inhibit_reasons);
 KVM_X86_OP_OPTIONAL(get_untagged_addr)
 KVM_X86_OP_OPTIONAL(alloc_apic_backing_page)
+KVM_X86_OP_OPTIONAL(pre_mmu_map_page);
 
 #undef KVM_X86_OP
 #undef KVM_X86_OP_OPTIONAL
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 3ce244ad44e5..2bf7f97f889b 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -1812,6 +1812,9 @@ struct kvm_x86_ops {
 
 	gva_t (*get_untagged_addr)(struct kvm_vcpu *vcpu, gva_t gva, unsigned int flags);
 	void *(*alloc_apic_backing_page)(struct kvm_vcpu *vcpu);
+	int (*pre_mmu_map_page)(struct kvm_vcpu *vcpu,
+				struct kvm_memory_mapping *mapping,
+				u64 *error_code);
 };
 
 struct kvm_x86_nested_ops {
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 8ba9c1720ac9..b76d854701d5 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -5868,6 +5868,26 @@ static int kvm_vcpu_ioctl_enable_cap(struct kvm_vcpu *vcpu,
 	}
 }
 
+static int kvm_pre_mmu_map_page(struct kvm_vcpu *vcpu,
+				struct kvm_memory_mapping *mapping,
+				u64 *error_code)
+{
+	int r = 0;
+
+	if (vcpu->kvm->arch.vm_type == KVM_X86_DEFAULT_VM) {
+		/* nothing */
+	} else if (vcpu->kvm->arch.vm_type == KVM_X86_SW_PROTECTED_VM) {
+		if (kvm_mem_is_private(vcpu->kvm, gpa_to_gfn(mapping->base_address)))
+			*error_code |= PFERR_PRIVATE_ACCESS;
+	} else if (kvm_x86_ops.pre_mmu_map_page)
+		r = static_call(kvm_x86_pre_mmu_map_page)(vcpu, mapping,
+							  error_code);
+	else
+		r = -EOPNOTSUPP;
+
+	return r;
+}
+
 int kvm_arch_vcpu_map_memory(struct kvm_vcpu *vcpu,
 			     struct kvm_memory_mapping *mapping)
 {
@@ -5900,6 +5920,14 @@ int kvm_arch_vcpu_map_memory(struct kvm_vcpu *vcpu,
 	/* reload is optimized for repeated call. */
 	kvm_mmu_reload(vcpu);
 
+	/*
+	 * Adjust error_code for VM-type. max_level is adjusted by
+	 * gmem_max_level() callback.
+	 */
+	r = kvm_pre_mmu_map_page(vcpu, mapping, &error_code);
+	if (r)
+		goto out;
+
 	r = kvm_tdp_map_page(vcpu, mapping->base_address, error_code, &level);
 	if (r)
 		goto out;
-- 
2.43.2