From nobody Mon May 11 04:11:53 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1B52AC433EF
	for <linux-kernel@archiver.kernel.org>; Fri, 15 Apr 2022 00:49:15 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1348196AbiDOAvj (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Thu, 14 Apr 2022 20:51:39 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41870 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234201AbiDOAvi (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 14 Apr 2022 20:51:38 -0400
Received: from mail-pf1-x44a.google.com (mail-pf1-x44a.google.com
 [IPv6:2607:f8b0:4864:20::44a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C0B32B8989
        for <linux-kernel@vger.kernel.org>;
 Thu, 14 Apr 2022 17:49:11 -0700 (PDT)
Received: by mail-pf1-x44a.google.com with SMTP id
 p1-20020a62d001000000b00506396c21eeso230750pfg.5
        for <linux-kernel@vger.kernel.org>;
 Thu, 14 Apr 2022 17:49:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=reply-to:date:message-id:mime-version:subject:from:to:cc;
        bh=0dT7byw4Ro9Y3AnqDhqx7IwQWEEiDivwbCP/tbYK/Cs=;
        b=I7fG4skyJXElZ7VIi/kGDZJx+zejyRo6g0nY+7jJcOSv6ui8JajVENIOxSYfRPw5Es
         Jas14t09MvWbv6nBrY6obIugF5xf0hsBljfC2X+HhYEIhChQP8YvSEuOqk+iQr+8LYDp
         QaBoECQYwoM5zceYl0K417pRAhui3ymO1Q10mb8/Ycj4Okv6qp4QBtPpsNwt3PSWVaID
         CLKiXwXSU/mpTI5obYMWvrmkhvQmSlA61ljxJz9D4GYhWTFu5LqJXjbSd5P3OAWSSkTn
         9d3KKQQHFWrbcO2Ujkm9CPp/vB/Bqu5TIz+bKCf6hhAcEngeMKZIN2OsUJ+BYv2kA7gq
         sa9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:reply-to:date:message-id:mime-version:subject
         :from:to:cc;
        bh=0dT7byw4Ro9Y3AnqDhqx7IwQWEEiDivwbCP/tbYK/Cs=;
        b=Wj8CDsnYHyN1w45Xj7XP0iG3yiHPO/PauFdwMW6ZX8MqJZ12AXWpdZoWlw1sFMpTr9
         y3i3rG4cXhxWZtEBNq9684raFLaAEwxvi8d40VSZ/5PDvfiWgQYFTwpqkUV0Q3USoFEx
         ApfwnzlSpEB/foGTlX+IOK5Gw2FOQdMtpLon5M7sp3NOySllPP7pkpUhqqJQMEN5Igj3
         2KePueBNC2rO2VhJ2yt2ltHoba1rQuidyOGk6jTmjchEFV7wVVLa6gbe6NhAnoGU4cZo
         4QQTzz0MYZ3BGakES60PNVsbJW8dDPReObpoYI1M+/RuHsokMkZbZuKWHQsIXS2dbH7D
         DKsg==
X-Gm-Message-State: AOAM532FnYcxbyAkIEPqW4TEqUI5UZwjztE/VBRgr6CpnTpXwVR0mfOG
        TY7iQgBDFbkSGdGsE3p4+mPy5GbXM5A=
X-Google-Smtp-Source: 
 ABdhPJzlaUPVv+prZih6WUMXjdNNxlkNzroQEHeTtQbdmxjAOndq9+fAjCRz41yvJ2cXA2HyZ+ilzskLW+A=
X-Received: from seanjc.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:3e5])
 (user=seanjc job=sendgmr) by 2002:a17:903:18a:b0:158:c459:ab48 with SMTP id
 z10-20020a170903018a00b00158c459ab48mr3383516plg.52.1649983751271; Thu, 14
 Apr 2022 17:49:11 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Fri, 15 Apr 2022 00:49:09 +0000
Message-Id: <20220415004909.2216670-1-seanjc@google.com>
Mime-Version: 1.0
X-Mailer: git-send-email 2.36.0.rc0.470.gd361397f0d-goog
Subject: [PATCH] KVM: x86/mmu: Check for host MMIO exclusion from mem encrypt
 iff necessary
From: Sean Christopherson <seanjc@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Sean Christopherson <seanjc@google.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Jim Mattson <jmattson@google.com>,
        Joerg Roedel <joro@8bytes.org>, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

When determining whether or not a SPTE needs to have SME/SEV's memory
encryption flag set, do the moderately expension host MMIO pfn check if
and only if the memory encryption mask is non-zero.

Note, KVM could further optimize the host MMIO checks by making a single
call to kvm_is_mmio_pfn(), but the tdp_enabled path (for EPT's memtype
handling) will likely be split out to a separate flow[*].  At that point,
a better approach would be to shove the call to kvm_is_mmio_pfn() into
VMX code so that AMD+NPT without SME doesn't get hit with an unnecessary
lookup.

[*] https://lkml.kernel.org/r/20220321224358.1305530-3-bgardon@google.com

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/mmu/spte.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kvm/mmu/spte.c b/arch/x86/kvm/mmu/spte.c
index 4739b53c9734..aab78574e03d 100644
--- a/arch/x86/kvm/mmu/spte.c
+++ b/arch/x86/kvm/mmu/spte.c
@@ -139,7 +139,7 @@ bool make_spte(struct kvm_vcpu *vcpu, struct kvm_mmu_pa=
ge *sp,
 	else
 		pte_access &=3D ~ACC_WRITE_MASK;
=20
-	if (!kvm_is_mmio_pfn(pfn))
+	if (shadow_me_mask && !kvm_is_mmio_pfn(pfn))
 		spte |=3D shadow_me_mask;
=20
 	spte |=3D (u64)pfn << PAGE_SHIFT;

base-commit: 150866cd0ec871c765181d145aa0912628289c8a
--=20
2.36.0.rc0.470.gd361397f0d-goog