[v10,046/108] KVM: Add flags to struct kvm_gfn_range

Message ID	880c1016c29624964baee580985b6a736fc7d656.1667110240.git.isaku.yamahata@intel.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <kvm-owner@kernel.org> From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini <pbonzini@redhat.com>, erdemaktas@google.com, Sean Christopherson <seanjc@google.com>, Sagi Shahar <sagis@google.com>, David Matlack <dmatlack@google.com> Subject: [PATCH v10 046/108] KVM: Add flags to struct kvm_gfn_range Date: Sat, 29 Oct 2022 23:22:47 -0700 Message-Id: <880c1016c29624964baee580985b6a736fc7d656.1667110240.git.isaku.yamahata@intel.com> In-Reply-To: <cover.1667110240.git.isaku.yamahata@intel.com> References: <cover.1667110240.git.isaku.yamahata@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	KVM TDX basic feature support \| expand [v10,000/108] KVM TDX basic feature support [v10,001/108] KVM: VMX: Move out vmx_x86_ops to 'main.c' to wrap VMX and TDX [v10,002/108] KVM: x86: Refactor KVM VMX module init/exit functions [v10,003/108] KVM: TDX: Add placeholders for TDX VM/vcpu structure [v10,004/108] x86/virt/tdx: Add a helper function to return system wide info about TDX module [v10,005/108] KVM: TDX: Initialize the TDX module when loading the KVM intel kernel module [v10,006/108] KVM: x86: Introduce vm_type to differentiate default VMs from confidential VMs [v10,007/108] KVM: TDX: Make TDX VM type supported [v10,008/108,MARKER] The start of TDX KVM patch series: TDX architectural definitions [v10,009/108] KVM: TDX: Define TDX architectural definitions [v10,010/108] KVM: TDX: Add TDX "architectural" error codes [v10,011/108] KVM: TDX: Add C wrapper functions for SEAMCALLs to the TDX module [v10,012/108] KVM: TDX: Add helper functions to print TDX SEAMCALL error [v10,013/108,MARKER] The start of TDX KVM patch series: TD VM creation/destruction [v10,014/108] KVM: TDX: Stub in tdx.h with structs, accessors, and VMCS helpers [v10,015/108] x86/cpu: Add helper functions to allocate/free TDX private host key id [v10,016/108] KVM: TDX: create/destroy VM structure [v10,017/108] KVM: TDX: Refuse to unplug the last cpu on the package [v10,018/108] KVM: TDX: x86: Add ioctl to get TDX systemwide parameters [v10,019/108] KVM: TDX: Add place holder for TDX VM specific mem_enc_op ioctl [v10,020/108] KVM: Support KVM_CAP_MAX_VCPUS for KVM_ENABLE_CAP [v10,021/108] KVM: TDX: initialize VM with TDX specific parameters [v10,022/108] KVM: TDX: Make pmu_intel.c ignore guest TD case [v10,023/108,MARKER] The start of TDX KVM patch series: TD vcpu creation/destruction [v10,024/108] KVM: TDX: allocate/free TDX vcpu structure [v10,025/108] KVM: TDX: Do TDX specific vcpu initialization [v10,026/108] KVM: TDX: Use private memory for TDX [v10,027/108,MARKER] The start of TDX KVM patch series: KVM MMU GPA shared bits [v10,028/108] KVM: x86/mmu: introduce config for PRIVATE KVM MMU [v10,029/108] KVM: x86/mmu: Add address conversion functions for TDX shared bit of GPA [v10,030/108,MARKER] The start of TDX KVM patch series: KVM TDP refactoring for TDX [v10,031/108] KVM: x86/mmu: Replace hardcoded value 0 for the initial value for SPTE [v10,032/108] KVM: x86/mmu: Make sync_page not use hard-coded 0 as the initial SPTE value [v10,033/108] KVM: x86/mmu: Allow non-zero value for non-present SPTE and removed SPTE [v10,034/108] KVM: x86/mmu: Add Suppress VE bit to shadow_mmio_{value, mask} [v10,035/108] KVM: x86/mmu: Track shadow MMIO value on a per-VM basis [v10,036/108] KVM: TDX: Enable mmio spte caching always for TDX [v10,037/108] KVM: x86/mmu: Disallow fast page fault on private GPA [v10,038/108] KVM: x86/mmu: Allow per-VM override of the TDP max page level [v10,039/108] KVM: VMX: Introduce test mode related to EPT violation VE [v10,040/108,MARKER] The start of TDX KVM patch series: KVM TDP MMU hooks [v10,041/108] KVM: x86/tdp_mmu: refactor kvm_tdp_mmu_map() [v10,042/108] KVM: x86/tdp_mmu: Init role member of struct kvm_mmu_page at allocation [v10,043/108] KVM: x86/mmu: Require TDP MMU for TDX [v10,044/108] KVM: x86/mmu: Add a new is_private member for union kvm_mmu_page_role [v10,045/108] KVM: x86/mmu: Add a private pointer to struct kvm_mmu_page [v10,046/108] KVM: Add flags to struct kvm_gfn_range [v10,047/108] KVM: x86/tdp_mmu: Don't zap private pages for unsupported cases [v10,048/108] KVM: x86/tdp_mmu: Make handle_changed_spte() return value [v10,049/108] KVM: x86/tdp_mmu: Support TDX private mapping for TDP MMU [v10,050/108,MARKER] The start of TDX KVM patch series: TDX EPT violation [v10,051/108] KVM: x86/mmu: Disallow dirty logging for x86 TDX [v10,052/108] KVM: x86/tdp_mmu: Ignore unsupported mmu operation on private GFNs [v10,053/108] KVM: VMX: Split out guts of EPT violation to common/exposed function [v10,054/108] KVM: VMX: Move setting of EPT MMU masks to common VT-x code [v10,055/108] KVM: TDX: Add load_mmu_pgd method for TDX [v10,056/108] KVM: TDX: don't request KVM_REQ_APIC_PAGE_RELOAD [v10,057/108] KVM: x86/VMX: introduce vmx tlb_remote_flush and tlb_remote_flush_with_range [v10,058/108] KVM: TDX: TDP MMU TDX support [v10,059/108,MARKER] The start of TDX KVM patch series: KVM TDP MMU MapGPA [v10,060/108] KVM: Add functions to set GFN to private or shared [v10,061/108] KVM: x86/mmu: Introduce kvm_mmu_map_tdp_page() for use by TDX [v10,062/108] KVM: x86/tdp_mmu: implement MapGPA hypercall for TDX [v10,063/108,MARKER] The start of TDX KVM patch series: TD finalization [v10,064/108] KVM: TDX: Create initial guest memory [v10,065/108] KVM: TDX: Finalize VM initialization [v10,066/108,MARKER] The start of TDX KVM patch series: TD vcpu enter/exit [v10,067/108] KVM: TDX: Add helper assembly function to TDX vcpu [v10,068/108] KVM: TDX: Implement TDX vcpu enter/exit path [v10,069/108] KVM: TDX: vcpu_run: save/restore host state(host kernel gs) [v10,070/108] KVM: TDX: restore host xsave state when exit from the guest TD [v10,071/108] KVM: x86: Allow to update cached values in kvm_user_return_msrs w/o wrmsr [v10,072/108] KVM: TDX: restore user ret MSRs [v10,073/108,MARKER] The start of TDX KVM patch series: TD vcpu exits/interrupts/hypercalls [v10,074/108] KVM: TDX: complete interrupts after tdexit [v10,075/108] KVM: TDX: restore debug store when TD exit [v10,076/108] KVM: TDX: handle vcpu migration over logical processor [v10,077/108] KVM: x86: Add a switch_db_regs flag to handle TDX's auto-switched behavior [v10,078/108] KVM: TDX: Add support for find pending IRQ in a protected local APIC [v10,079/108] KVM: x86: Assume timer IRQ was injected if APIC state is proteced [v10,080/108] KVM: TDX: remove use of struct vcpu_vmx from posted_interrupt.c [v10,081/108] KVM: TDX: Implement interrupt injection [v10,082/108] KVM: TDX: Implements vcpu request_immediate_exit [v10,083/108] KVM: TDX: Implement methods to inject NMI [v10,084/108] KVM: VMX: Modify NMI and INTR handlers to take intr_info as function argument [v10,085/108] KVM: VMX: Move NMI/exception handler to common helper [v10,086/108] KVM: x86: Split core of hypercall emulation to helper function [v10,087/108] KVM: TDX: Add a place holder to handle TDX VM exit [v10,088/108] KVM: TDX: Retry seamcall when TDX_OPERAND_BUSY with operand SEPT [v10,089/108] KVM: TDX: handle EXIT_REASON_OTHER_SMI [v10,090/108] KVM: TDX: handle ept violation/misconfig exit [v10,091/108] KVM: TDX: handle EXCEPTION_NMI and EXTERNAL_INTERRUPT [v10,092/108] KVM: TDX: Add a place holder for handler of TDX hypercalls (TDG.VP.VMCALL) [v10,093/108] KVM: TDX: handle KVM hypercall with TDG.VP.VMCALL [v10,094/108] KVM: TDX: Handle TDX PV CPUID hypercall [v10,095/108] KVM: TDX: Handle TDX PV HLT hypercall [v10,096/108] KVM: TDX: Handle TDX PV port io hypercall [v10,097/108] KVM: TDX: Handle TDX PV MMIO hypercall [v10,098/108] KVM: TDX: Implement callbacks for MSR operations for TDX [v10,099/108] KVM: TDX: Handle TDX PV rdmsr/wrmsr hypercall [v10,100/108] KVM: TDX: Handle TDX PV report fatal error hypercall [v10,101/108] KVM: TDX: Handle TDX PV map_gpa hypercall [v10,102/108] KVM: TDX: Handle TDG.VP.VMCALL<GetTdVmCallInfo> hypercall [v10,103/108] KVM: TDX: Silently discard SMI request [v10,104/108] KVM: TDX: Silently ignore INIT/SIPI [v10,105/108] KVM: TDX: Add methods to ignore accesses to CPU state [v10,106/108] Documentation/virt/kvm: Document on Trust Domain Extensions(TDX) [v10,107/108] KVM: x86: design documentation on TDX support of x86 KVM TDP MMU [v10,108/108,MARKER] the end of (the first phase of) TDX KVM patch series

Message ID

880c1016c29624964baee580985b6a736fc7d656.1667110240.git.isaku.yamahata@intel.com (mailing list archive)

State

New, archived

Headers

From: isaku.yamahata@intel.com
To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com,
        Paolo Bonzini <pbonzini@redhat.com>, erdemaktas@google.com,
        Sean Christopherson <seanjc@google.com>,
        Sagi Shahar <sagis@google.com>,
        David Matlack <dmatlack@google.com>
Subject: [PATCH v10 046/108] KVM: Add flags to struct kvm_gfn_range
Date: Sat, 29 Oct 2022 23:22:47 -0700
Message-Id: 
 <880c1016c29624964baee580985b6a736fc7d656.1667110240.git.isaku.yamahata@intel.com>
In-Reply-To: <cover.1667110240.git.isaku.yamahata@intel.com>
References: <cover.1667110240.git.isaku.yamahata@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

KVM TDX basic feature support | expand

Commit Message

Isaku Yamahata Oct. 30, 2022, 6:22 a.m. UTC

From: Isaku Yamahata <isaku.yamahata@intel.com>

kvm_unmap_gfn_range() needs to know the reason of the callback for TDX.
mmu notifier, set memattr ioctl or restrictedmem notifier.  Based on the
reason, TDX changes the behavior.  For mmu notifier, it's the operation on
shared memory slot to zap shared PTE.  For set memattr, private<->shared
conversion, zap the original PTE.  For restrictedmem, it's a hint that TDX
can ignore.

Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
---
 include/linux/kvm_host.h | 8 +++++++-
 virt/kvm/kvm_main.c      | 5 ++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

Comments

Huang, Kai Dec. 14, 2022, 10:51 a.m. UTC | #1

On Sat, 2022-10-29 at 23:22 -0700, isaku.yamahata@intel.com wrote:
> From: Isaku Yamahata <isaku.yamahata@intel.com>
> 
> kvm_unmap_gfn_range() needs to know the reason of the callback for TDX.
> mmu notifier, set memattr ioctl or restrictedmem notifier.  Based on the
> reason, TDX changes the behavior.  For mmu notifier, it's the operation on
> shared memory slot to zap shared PTE.  For set memattr, private<->shared
> conversion, zap the original PTE.  For restrictedmem, it's a hint that TDX
> can ignore.

Could you elaborate why restricted memfd notifier can be ignored? IIUC if
userspace punch a hole, the pages within the hole will be de-allocated.  So why
can such notifier be ignored?

Btw, I think this patch should be just merged to the patch which consumes those
flags (checked it is next patch).  It's easier to review when putting them
together.

> 
> Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
> ---
>  include/linux/kvm_host.h | 8 +++++++-
>  virt/kvm/kvm_main.c      | 5 ++++-
>  2 files changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
> index 839d98d56632..b658803ea2c7 100644
> --- a/include/linux/kvm_host.h
> +++ b/include/linux/kvm_host.h
> @@ -247,12 +247,18 @@ int kvm_async_pf_wakeup_all(struct kvm_vcpu *vcpu);
>  
>  
>  #if defined(KVM_ARCH_WANT_MMU_NOTIFIER) || defined(CONFIG_HAVE_KVM_RESTRICTED_MEM)
> +#define KVM_GFN_RANGE_FLAGS_RESTRICTED_MEM	BIT(0)
> +#define KVM_GFN_RANGE_FLAGS_SET_MEM_ATTR	BIT(1)
>  struct kvm_gfn_range {
>  	struct kvm_memory_slot *slot;
>  	gfn_t start;
>  	gfn_t end;
> -	pte_t pte;
> +	union {
> +		pte_t pte;
> +		int attr;
> +	};

attribute is u64 in Chao's series.

>  	bool may_block;
> +	unsigned int flags;
>  };

Isaku Yamahata Dec. 15, 2022, 10:10 p.m. UTC | #2

On Wed, Dec 14, 2022 at 10:51:31AM +0000,
"Huang, Kai" <kai.huang@intel.com> wrote:

> On Sat, 2022-10-29 at 23:22 -0700, isaku.yamahata@intel.com wrote:
> > From: Isaku Yamahata <isaku.yamahata@intel.com>
> > 
> > kvm_unmap_gfn_range() needs to know the reason of the callback for TDX.
> > mmu notifier, set memattr ioctl or restrictedmem notifier.  Based on the
> > reason, TDX changes the behavior.  For mmu notifier, it's the operation on
> > shared memory slot to zap shared PTE.  For set memattr, private<->shared
> > conversion, zap the original PTE.  For restrictedmem, it's a hint that TDX
> > can ignore.
> 
> Could you elaborate why restricted memfd notifier can be ignored? IIUC if
> userspace punch a hole, the pages within the hole will be de-allocated.  So why
> can such notifier be ignored?

Because set-memory-attribute ioctl is expected to follow the callback from
restrictedmem.  So set memory attributes can do de-allocation. I wanted to avoid
zapping twice.

With v9 UPM, the restrictedmem callback was triggered for both allocation and
punch-hole.
With v10 UPM, the callback is triggered only for punch-hole. With v10 callback
semantics, probably this can be cleaned up slightly.

Huang, Kai Dec. 15, 2022, 10:41 p.m. UTC | #3

On Thu, 2022-12-15 at 14:10 -0800, Isaku Yamahata wrote:
> On Wed, Dec 14, 2022 at 10:51:31AM +0000,
> "Huang, Kai" <kai.huang@intel.com> wrote:
> 
> > On Sat, 2022-10-29 at 23:22 -0700, isaku.yamahata@intel.com wrote:
> > > From: Isaku Yamahata <isaku.yamahata@intel.com>
> > > 
> > > kvm_unmap_gfn_range() needs to know the reason of the callback for TDX.
> > > mmu notifier, set memattr ioctl or restrictedmem notifier.  Based on the
> > > reason, TDX changes the behavior.  For mmu notifier, it's the operation on
> > > shared memory slot to zap shared PTE.  For set memattr, private<->shared
> > > conversion, zap the original PTE.  For restrictedmem, it's a hint that TDX
> > > can ignore.
> > 
> > Could you elaborate why restricted memfd notifier can be ignored? IIUC if
> > userspace punch a hole, the pages within the hole will be de-allocated.  So why
> > can such notifier be ignored?
> 
> Because set-memory-attribute ioctl is expected to follow the callback from
> restrictedmem.  So set memory attributes can do de-allocation. I wanted to avoid
> zapping twice.

Even this is true, the punch hole can be done alone w/o being followed by
set_memory_attribute(), correct?  Your explanation doesn't seem to be
reasonable?

At least, you need to explain the semantics of how to use "punch hole" and
set_memory_attributes() clearly in the changelog.  Otherwise it's hard for
people to review.

diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 839d98d56632..b658803ea2c7 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -247,12 +247,18 @@  int kvm_async_pf_wakeup_all(struct kvm_vcpu *vcpu);
 
 
 #if defined(KVM_ARCH_WANT_MMU_NOTIFIER) || defined(CONFIG_HAVE_KVM_RESTRICTED_MEM)
+#define KVM_GFN_RANGE_FLAGS_RESTRICTED_MEM	BIT(0)
+#define KVM_GFN_RANGE_FLAGS_SET_MEM_ATTR	BIT(1)
 struct kvm_gfn_range {
 	struct kvm_memory_slot *slot;
 	gfn_t start;
 	gfn_t end;
-	pte_t pte;
+	union {
+		pte_t pte;
+		int attr;
+	};
 	bool may_block;
+	unsigned int flags;
 };
 bool kvm_unmap_gfn_range(struct kvm *kvm, struct kvm_gfn_range *range);
 #endif
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 3b05a3396f89..dda2f2ec4faa 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -676,6 +676,7 @@  static __always_inline int __kvm_handle_hva_range(struct kvm *kvm,
 			gfn_range.start = hva_to_gfn_memslot(hva_start, slot);
 			gfn_range.end = hva_to_gfn_memslot(hva_end + PAGE_SIZE - 1, slot);
 			gfn_range.slot = slot;
+			gfn_range.flags = 0;
 
 			if (!locked) {
 				locked = true;
@@ -947,8 +948,9 @@  static void kvm_unmap_mem_range(struct kvm *kvm, gfn_t start, gfn_t end,
 	int i;
 	int r = 0;
 
-	gfn_range.pte = __pte(0);
+	gfn_range.attr = attr;
 	gfn_range.may_block = true;
+	gfn_range.flags = KVM_GFN_RANGE_FLAGS_SET_MEM_ATTR;
 
 	for (i = 0; i < KVM_ADDRESS_SPACE_NUM; i++) {
 		slots = __kvm_memslots(kvm, i);
@@ -1074,6 +1076,7 @@  static void kvm_restrictedmem_invalidate_begin(struct restrictedmem_notifier *no
 	gfn_range.slot = slot;
 	gfn_range.pte = __pte(0);
 	gfn_range.may_block = true;
+	gfn_range.flags = KVM_GFN_RANGE_FLAGS_RESTRICTED_MEM;
 
 	if (kvm_unmap_gfn_range(kvm, &gfn_range))
 		kvm_flush_remote_tlbs(kvm);

[v10,046/108] KVM: Add flags to struct kvm_gfn_range

Commit Message

Comments

Patch