Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp2818870lqo; Mon, 20 May 2024 19:25:19 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVOHh1a8X6XGU+vTJWGOx7uG97ul/wHGQ0DwCNP98BkuKrYN1pBxAbGnQlBsAWWFRSj1vX5MVI3GWULH+fVoQrGVjGkUjPw6uQWQjniSQ== X-Google-Smtp-Source: AGHT+IHNV9u3HbvHSmSi1giAmUcCtHM9s9iPmDc6xwwYJ3KYny6c9LQjkblORhXOkvNC75C42TxQ X-Received: by 2002:a17:906:1293:b0:a59:bde5:398 with SMTP id a640c23a62f3a-a5a2d536c98mr2009941366b.14.1716258319368; Mon, 20 May 2024 19:25:19 -0700 (PDT) Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id a640c23a62f3a-a5a17945e9csi1304211766b.85.2024.05.20.19.25.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 May 2024 19:25:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-184364-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel.com header.s=Intel header.b=UxpVGf3P; arc=fail (body hash mismatch); spf=pass (google.com: domain of linux-kernel+bounces-184364-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-184364-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 140361F21F43 for ; Tue, 21 May 2024 02:25:19 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5230214AAD; Tue, 21 May 2024 02:25:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=intel.com header.i=@intel.com header.b="UxpVGf3P" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AC079C2E9; Tue, 21 May 2024 02:25:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716258308; cv=none; b=Kr4Ga6ddOl8iG0NkmOLt4S94S3Egnp+NUMw0Qxnca+YfIV95qRGgWJnmgsSS5xaUZEUsT1dwbnqg5A9hX/o1fXiCdoW3V/LSWc2tUeJLXUo7gZoKgoItemBJTo4hWXXK8Kahvo1qSGnCWP6vtEy1ac2Q6uuubIloUpkM0Kx5NFI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716258308; c=relaxed/simple; bh=2JQdNkN8Va5J2PBw3j2euQZnhUifo/T3OFWx1yC23Lg=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=r5y3TbFOtsdQOjPavDKCZR/wIwgA2y7Kp7Z8+tu7FnnqAexrciVQmYdCF3yUyqa5sN9GxsQpR0+UmjxeeYrGCCFO8x8CH+BzJxkFiGjY/G1ZESFiQhorNXctJPrDrv695fddUE6s+3FZYscLUEn6EC+d/r22IhHonk9CjR+X2kQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=UxpVGf3P; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1716258307; x=1747794307; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=2JQdNkN8Va5J2PBw3j2euQZnhUifo/T3OFWx1yC23Lg=; b=UxpVGf3PTSJVK29zOfryRhxuDGvC1xLCKHEHz6VnqcYarTf5eiMgJvg5 ZUkIXm0Uo0yPt/6v9LjFu1u3BVrXjqsiPex/CT3FhSi6BOEIVLpIKgUdn 7h1QE82Y16HIXDuUQVzSn2GFE7m4g3bjnKKSsf7zDO0R0WlAnuBSzpls7 /1P72UuY7qXAR/N60G3hSdbeDp4Uj/4dREFlRND7WbFp5YfYfHGeju0CT uAXRu1v8aealBMHOh1tefaqgMEeZ1H+FkRokFqVgLztv4tNOHBZoc7fl1 u0CpLCrprHgRIJKKOtNETz0zizQIGfT7Y8rW0MZS/OkVODURtZVVRYelE w==; X-CSE-ConnectionGUID: a2dR5rnNRnmjhbwLZVoTCg== X-CSE-MsgGUID: bga4bYxbQqOStw/XlJv8eQ== X-IronPort-AV: E=McAfee;i="6600,9927,11078"; a="23563707" X-IronPort-AV: E=Sophos;i="6.08,176,1712646000"; d="scan'208";a="23563707" Received: from orviesa010.jf.intel.com ([10.64.159.150]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 May 2024 19:25:06 -0700 X-CSE-ConnectionGUID: HSKawQjaTIWB1uxViNhqyA== X-CSE-MsgGUID: /9AsGmROS4iOnBCH+sDvYw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,176,1712646000"; d="scan'208";a="32613622" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.54]) by orviesa010-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 May 2024 19:25:05 -0700 Date: Mon, 20 May 2024 19:25:05 -0700 From: Isaku Yamahata To: "Edgecombe, Rick P" Cc: "Huang, Kai" , "Yamahata, Isaku" , "linux-kernel@vger.kernel.org" , "seanjc@google.com" , "sagis@google.com" , "isaku.yamahata@linux.intel.com" , "isaku.yamahata@gmail.com" , "Zhao, Yan Y" , "kvm@vger.kernel.org" , "dmatlack@google.com" , "pbonzini@redhat.com" , "Aktas, Erdem" Subject: Re: [PATCH 10/16] KVM: x86/tdp_mmu: Support TDX private mapping for TDP MMU Message-ID: <20240521022505.GB29916@ls.amr.corp.intel.com> References: <20240516194209.GL168153@ls.amr.corp.intel.com> <20240517081440.GM168153@ls.amr.corp.intel.com> <0d48522f37d75d63f09d2a5091e3fa91913531ee.camel@intel.com> <791ab3de8170d90909f3e053bf91485784d36c61.camel@intel.com> <20240520185817.GA22775@ls.amr.corp.intel.com> <91444be8576ac220fb66cd8546697912988c4a87.camel@intel.com> <2ee12c152c8db9f5e4acd131b95411bac0abb22c.camel@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <2ee12c152c8db9f5e4acd131b95411bac0abb22c.camel@intel.com> On Mon, May 20, 2024 at 11:39:06PM +0000, "Edgecombe, Rick P" wrote: > On Mon, 2024-05-20 at 12:02 -0700, Rick Edgecombe wrote: > > > > reflect is a nice name. I'm trying this path right now. I'll share a branch. > > Here is the branch: > https://github.com/rpedgeco/linux/commit/674cd68b6ba626e48fe2446797d067e38dca80e3 Thank you for sharing it. It makes it easy to create further patches on top of it. .. > In this solution, the tdp_mmu.c doesn't have a concept of private vs shared EPT > or GPA aliases. It just knows KVM_PROCESS_PRIVATE/SHARED, and fault->is_private. > > Based on the PROCESS enums or fault->is_private, helpers in mmu.h encapsulate > whether to operate on the normal "direct" roots or the mirrored roots. When > !TDX, it always operates on direct. > > The code that does PTE setting/zapping etc, calls out the mirrored "reflect" > helper and does the extra atomicity stuff when it sees the mirrored role bit. > > In Isaku's code to make gfn's never have shared bits, there was still the > concept of "shared" in the TDP MMU. But now since the TDP MMU focuses on > mirrored vs direct instead, an abstraction is introduced to just ask for the > mask for the root. For TDX the direct root is for shared memory, so instead the > kvm_gfn_direct_mask() gets applied when operating on the direct root. "direct" is better than "shared". It might be confusing with the existing role.direct, but I don't think of better other name. I resorted to pass around kvm for gfn_direct_mask to the iterator. Alternative way is to stash it in struct kvm_mmu_page of root somehow. Then, we can strip kvm from the iterator and the related macros. > I think there are still some things to be polished in the branch, but overall it > does a good job of cleaning up the confusion about the connection between > private and mirrored. And also between this and the previous changes, improves > littering the generic MMU code with private/shared alias concepts. > > At the same time, I think the abstractions have a small cost in clarity if you > are looking at the code from TDX's perspective. It probably wont raise any > eyebrows for people used to tracing nested EPT violations through paging_tmpl.h. > But compared to naming everything mirrored_private, there is more obfuscation of > the bits twiddled. The rename makes the code much less confusing. I noticed that mirror and mirrored are mixed. I'm not sure whether it's intentional or accidental. -- Isaku Yamahata