Hi,
This is v4 of the TDX MMU prep series, split out of the giant 130 patch
TDX base enabling series [0]. It is focusing on the changes to the x86 MMU
to support TDX’s separation of private/shared EPT into separate roots. A
future breakout series will include the changes to actually interact with
the TDX module to actually map private memory.
There is a larger team working on TDX KVM base enabling. The patches were
originally authored by Sean Christopherson and Isaku Yamahata, but
otherwise it especially represents the work of Isaku and Yan Y Zhao and
myself.
The series has been tested as part of a development branch for the TDX base
series [1]. The testing of this series consists TDX kvm-unit-tests [2],
regular KVM and TDX selftests, and booting a Linux TD.
Updates from v3
===============
For v4, we have a smattering of cosmetic changes and two issues worth
elaborated on found by Yan.
1. Private memory was zapped as part of the MMU notifier release callback
during VM destruction. This was previously rejected as a solution for a
this cleanup for a couple of reasons. While the actual S-EPT cleanup is
implemented in later latches, part of it is setup in "KVM: x86/tdp_mmu:
Take root types for kvm_tdp_mmu_invalidate_all_roots()". So the MMU
notifier release patch is updated to not touch the valid mirror roots in
this path.
2. A case was found where the memslot generation number could roll around
and end up zapping the mirrored EPT. There actually was protection for
this in v19 and it was thought to be not needed. So we added it back in
mmu_alloc_direct_roots().
Also, some changes following the conversation in this max GFN thread [3]
1. Zap whole EPT GFN range in __tdp_mmu_zap_root()
2. Add patch for preventing memslots and fault with alias bits
This series is on top of the commit in kvm-coco-queue commit where it was
previously applied (9a6ddc3e2e1e selftests: KVM: SEV-SNP test for
KVM_SEV_INIT2).
Here is v3:
https://lore.kernel.org/kvm/20240619223614.290657-1-rick.p.edgecombe@intel.com/
[0] https://lore.kernel.org/kvm/cover.1708933498.git.isaku.yamahata@intel.com/
[1] https://github.com/intel/tdx/tree/tdx_kvm_dev-2024-07-18
[2] https://lore.kernel.org/kvm/20231218072247.2573516-1-qian.wen@intel.com/
[3] https://lore.kernel.org/kvm/ZpbKqG_ZhCWxl-Fc@google.com/
Isaku Yamahata (13):
KVM: Add member to struct kvm_gfn_range for target alias
KVM: x86/mmu: Add an external pointer to struct kvm_mmu_page
KVM: x86/mmu: Add an is_mirror member for union kvm_mmu_page_role
KVM: x86/tdp_mmu: Take struct kvm in iter loops
KVM: x86/mmu: Support GFN direct bits
KVM: x86/tdp_mmu: Extract root invalid check from tdx_mmu_next_root()
KVM: x86/tdp_mmu: Introduce KVM MMU root types to specify page table
type
KVM: x86/tdp_mmu: Take root in tdp_mmu_for_each_pte()
KVM: x86/tdp_mmu: Support mirror root for TDP MMU
KVM: x86/tdp_mmu: Propagate attr_filter to MMU notifier callbacks
KVM: x86/tdp_mmu: Propagate building mirror page tables
KVM: x86/tdp_mmu: Propagate tearing down mirror page tables
KVM: x86/tdp_mmu: Take root types for
kvm_tdp_mmu_invalidate_all_roots()
Rick Edgecombe (5):
KVM: x86/mmu: Zap invalid roots with mmu_lock holding for write at
uninit
KVM: x86: Add a VM type define for TDX
KVM: x86/mmu: Make kvm_tdp_mmu_alloc_root() return void
KVM: x86/tdp_mmu: Don't zap valid mirror roots in
kvm_tdp_mmu_zap_all()
KVM: x86/mmu: Prevent aliased memslot GFNs
arch/x86/include/asm/kvm-x86-ops.h | 4 +
arch/x86/include/asm/kvm_host.h | 26 ++-
arch/x86/include/uapi/asm/kvm.h | 1 +
arch/x86/kvm/mmu.h | 31 +++
arch/x86/kvm/mmu/mmu.c | 50 ++++-
arch/x86/kvm/mmu/mmu_internal.h | 64 +++++-
arch/x86/kvm/mmu/spte.h | 5 +
arch/x86/kvm/mmu/tdp_iter.c | 10 +-
arch/x86/kvm/mmu/tdp_iter.h | 21 +-
arch/x86/kvm/mmu/tdp_mmu.c | 323 ++++++++++++++++++++++-------
arch/x86/kvm/mmu/tdp_mmu.h | 51 ++++-
arch/x86/kvm/x86.c | 3 +
include/linux/kvm_host.h | 6 +
virt/kvm/guest_memfd.c | 2 +
virt/kvm/kvm_main.c | 14 ++
15 files changed, 506 insertions(+), 105 deletions(-)
base-commit: 9a6ddc3e2e1ebe37181c5fe9714d3a3590e3a792
--
2.34.1