Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp3192242lqo; Tue, 21 May 2024 09:15:42 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXDQooBQegm2Q8MyAdVIH63xgT3lBZd4Lh4zL34+DTxaiXEG6KlClmWUFdORo8s5wChJIT/TsHrJK9JYLyYjTIV2LjTLjFORI75SFCazg== X-Google-Smtp-Source: AGHT+IG1G2XYKEDem+CX8oNAyFjp0WzrEJYHRIObxeyK1pN53ETF3LzpyLaI3+38u7GiN5gOZMQH X-Received: by 2002:a05:6a20:5a95:b0:1af:dc83:75bc with SMTP id adf61e73a8af0-1afde0a9c75mr29757431637.3.1716308142644; Tue, 21 May 2024 09:15:42 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716308142; cv=pass; d=google.com; s=arc-20160816; b=oxC4NjZtdNk7j1iLEquxnZ6ynkhP20n1U2D30BddnsLUP98Obi5L5IRWIDoT0qmKYn xTNwXzeGhW75LeGVuqIDz/oIaItiweG2MowrtZ6UvLduaZ/sxhGeLVISAAQhPLlNHv/V pFceAFdheXYNvB1YrLNks6CPYA07bJBAKmc4U06YT7r141nqtfpvmIY7pDSjpVFurD9D piddKmF6Ko7nySD0xLDFCkUJ+sxM1bxZp5lQFgkhGk/ucEsnrdDYYoLQ9XBat94B1hh3 qBJ/aKeftbojhAB4H5kP1DMffIh3s4BhsM5PJrc0qNwLK5Ye/Wzs5Pc6bMP8hIC5Ok5l VHIw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=iRCYZmoeJ+OeT4sGogpgSXsMoK14dwM897pF46MXGSQ=; fh=anN/lAStKWiYK1RkOI4Y/yaWVIuimEVQkPpNZt6jRAs=; b=itUM1CmbScJd7zU9jfp4mBMDdTTijyHbHiTD8Kzc2Zxr3toL2FD+7JcnPG1bMZ0pZI uxiLYezQN//EO/Ai9REezqNBrnsMP3+wN6bfqg+k+By2WaQIBo0mllnQRok58KZfhaK9 WJdBXFULUUb4KeprirKZSvuYjQxh7gOam/Rmnxh2GXfmzYTGJDCKhlB++IKrISkwEsAt NkEd2/emUDYd/fVZUqenS9sKaDRhjJklVVHq3eXzTPbG61Ta/dR65di4lNScc7HztgSl AB20rXCvQqSbWNzLRwfi1960dYEUlnKKOu7dR6s4gR6brzRpqSKNZX2xrQsVSvbC4ZPl GCgQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=J0wUSv4a; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-185205-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185205-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id d2e1a72fcca58-6f4d2aef130si907684b3a.149.2024.05.21.09.15.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 May 2024 09:15:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-185205-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=J0wUSv4a; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-185205-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185205-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id ECA01B22138 for ; Tue, 21 May 2024 16:15:32 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2303128E17; Tue, 21 May 2024 16:15:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="J0wUSv4a" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C92BD4C66; Tue, 21 May 2024 16:15:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.14 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716308123; cv=none; b=TJDBDELqsvqiDMP/zUSunqCNMyPr2uo6+BGMUJI+iqqyw6rdRYd+xSu1NxUh36n9Wb6FVRUqzx3zmxvVduHUdqUvvxqcM0EWnkVyxVkvFAvY+VhJy7uhklJSA2EOeDjJ39G6zTbRMZ4fEsM9Rnpta4Yxm/la7v5128yMD33HpH8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716308123; c=relaxed/simple; bh=LMTJBP0t0ESm9FrLK7OUQoeH4Ms0acboPhO+Hcj38eU=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=OlAQklu/BWPmBw8RDlpJjXziIADHDHBgDEhaYqf4/lxty153zxxeT2eDDY94hsWAIj3Y4fJ/4nbPz4Fpa+7Y82SDa8zKXrCIzs0wQmQ78Xv2MW1VN1ynklMYX6EKkbXruva73ryyP2fJd+D3Ntx0j2eB+8ek+iykRSocpZNkmvE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=J0wUSv4a; arc=none smtp.client-ip=198.175.65.14 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1716308122; x=1747844122; h=date:from:to:cc:subject:message-id:references: mime-version:content-transfer-encoding:in-reply-to; bh=LMTJBP0t0ESm9FrLK7OUQoeH4Ms0acboPhO+Hcj38eU=; b=J0wUSv4abrDMTPipz4LoqQuNk2KpKGPym0PmNOTehpiOXs/I8Hw0weo9 a6ynMWKi1gMcrAzSwDV9EWI7zaV5hAzq3USmzcbozS2LwWRw6oMEdKf9A /EDMPH8eIOgly+Xt/xacV7xkS+s67wHz210p6BUJY6Kyp1KZsHF51gB56 onhezH5DrW12P0Iv3/FK+HA6BgmPMK54n7l/q/AOAf4Pbkn4go3ISw+xq ly+IUFmC2PVd6tScJwZaZoFFaV1fWQSExN0TXFQQP5tJZszgPSQ3g2Ghh 8egsHfMptpX1oSe/JyeagIUVjYMyZhRrKOZFBb1aqm46kD9CP8hLyezwh Q==; X-CSE-ConnectionGUID: hamYn3yoTLWNdjsdLRqoxA== X-CSE-MsgGUID: +znx0h/hQueU/9NoblSODw== X-IronPort-AV: E=McAfee;i="6600,9927,11078"; a="16344613" X-IronPort-AV: E=Sophos;i="6.08,178,1712646000"; d="scan'208";a="16344613" Received: from orviesa008.jf.intel.com ([10.64.159.148]) by orvoesa106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2024 09:15:21 -0700 X-CSE-ConnectionGUID: qhRlPD4BSVCM1g1xdeaXgw== X-CSE-MsgGUID: e9MmXWLCRsysomyOQGmlXw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,178,1712646000"; d="scan'208";a="33520410" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.54]) by orviesa008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2024 09:15:21 -0700 Date: Tue, 21 May 2024 09:15:20 -0700 From: Isaku Yamahata To: "Edgecombe, Rick P" Cc: "Yamahata, Isaku" , "dmatlack@google.com" , "linux-kernel@vger.kernel.org" , "seanjc@google.com" , "Huang, Kai" , "sagis@google.com" , "isaku.yamahata@linux.intel.com" , "Aktas, Erdem" , "Zhao, Yan Y" , "kvm@vger.kernel.org" , "pbonzini@redhat.com" , "isaku.yamahata@gmail.com" Subject: Re: [PATCH 10/16] KVM: x86/tdp_mmu: Support TDX private mapping for TDP MMU Message-ID: <20240521161520.GB212599@ls.amr.corp.intel.com> References: <588d801796415df61136ce457156d9ff3f2a2661.camel@intel.com> <021e8ee11c87bfac90e886e78795d825ddab32ee.camel@intel.com> <20240516194209.GL168153@ls.amr.corp.intel.com> <55c24448fdf42d383d45601ff6c0b07f44f61787.camel@intel.com> <20240517090348.GN168153@ls.amr.corp.intel.com> <20240517191630.GC412700@ls.amr.corp.intel.com> <20240520233227.GA29916@ls.amr.corp.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Tue, May 21, 2024 at 03:07:50PM +0000, "Edgecombe, Rick P" wrote: > > 1.4.2 Guest Physical Address Translation > >   Transition to SEAM VMX non-root operation is formatted to require Extended > >   Page Tables (EPT) to be enabled. In SEAM VMX non-root operation, there > > should > >   be two EPTs active: the private EPT specified using the EPTP field of the > > VMCS > >   and a shared EPT specified using the Shared-EPTP field of the VMCS. > >   When translating a GPA using the shared EPT, an EPT misconfiguration can > > occur > >   if the entry is present and the physical address bits in the range > >   (MAXPHYADDR-1) to (MAXPHYADDR-TDX_RESERVED_KEYID_BITS) are set, i.e., if > >   configured with a TDX private KeyID. > >   If the CPU's maximum physical-address width (MAXPA) is 52 and the guest > >   physical address width is configured to be 48, accesses with GPA bits 51:48 > >   not all being 0 can cause an EPT-violation, where such EPT-violations are > > not > >   mutated to #VE, even if the “EPT-violations #VE” execution control is 1. > >   If the CPU's physical-address width (MAXPA) is less than 48 and the SHARED > > bit > >   is configured to be in bit position 47, GPA bit 47 would be reserved, and > > GPA > >   bits 46:MAXPA would be reserved. On such CPUs, setting bits 51:48 or bits > >   46:MAXPA in any paging structure can cause a reserved bit page fault on > >   access. > > In "if the entry is present and the physical address bits in the range > (MAXPHYADDR-1) to (MAXPHYADDR-TDX_RESERVED_KEYID_BITS) are set", it's not clear > to be if "physical address bits" is referring to the GPA or the "entry" (meaning > the host pfn). The "entry" would be my guess. > > It is also confusing when it talks about "guest physical address". It must mean > 4 vs 5 level paging? How else is the shared EPT walker supposed to know the > guest maxpa. In which case it would be consistent with normal EPT behavior. But > the assertions around reserved bit page faults are surprising. > > Based on those guesses, I'm not sure the below code is correct. We wouldn't need > to remove keyid bits from the GFN. > > Maybe we should clarify the spec? Or are you confident reading it the other way? I'll read them more closely. At least the following patch is broken. -- Isaku Yamahata