From nobody Fri Oct 3 18:10:11 2025 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AC1138821 for ; Wed, 27 Aug 2025 00:05:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253128; cv=none; b=HCLJHBqp9XpuxvqipjHEjtY29qBys5B+d5PEOhs0J30ktL9AF/8o7sii/FMQnJHo3s4f5zaxo77tC1q+oSuWXwmsjGGNbC/qt2zurQaXDJoO1EXTOI2NGLGfUst/KJehUvBvxuO4GAtMySW8B+THyvZB8tuHdrVjXl5K4WYJKCU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253128; c=relaxed/simple; bh=BYrpGObWdcKQBFBTHXHA+hrFfJH7FFHHmouCdbQhKuI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Z98TWtn8LW2Qs/O6helb53B40hoWTXrHtemuliVPsRlyGMu+DL8UkuJwgAygDWPyeJGNkgK7HaNMvSCRB81rf3FIFeXazdYl8izR82knyM97BXG4DIEUZd0CQb6uG5U/9Vo44ndPjEjz06vjU/HXC3RqaxSiBlSdOo0DA6SIb9U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=jGyojEsT; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="jGyojEsT" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-3274f7e6c1fso988156a91.0 for ; Tue, 26 Aug 2025 17:05:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756253126; x=1756857926; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=s1TG4lPviW9zkkUbrVAE+VToTbwmtvD/jmWrMLbsJcE=; b=jGyojEsT4ct+XdN2AQet9P+2+mGXhZRRCRdydxtZwyXB60FKS+0hlk4KUtiiA62Y41 814sSBNWgLob50pQ4IfEfo/OCQy+UCcTZnIXNwA895PUTMbKECTIEJ6flQXvXok1OLCI RioIjZ6vGtEv32GbiZ8ZIwzwFePa5rhcGFLFfvF/pybMpSkEjVaZxs/JYg7UiEyJDN5F zs2Ed/2GoNnV2VkgvM5iooKOcOGNwKaIEDp4wD1KCMVx0yXgHSqmX/DQ70V05oVHV59M n4iz0a2n0glh0BU34QNeRja9f5Phy7kCDganOGrRWJBpWVPBXWwsu7nqF81YMgfkdwcr uNrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756253126; x=1756857926; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=s1TG4lPviW9zkkUbrVAE+VToTbwmtvD/jmWrMLbsJcE=; b=HfJvSNRPkU8X6d1ZQx8DNfZPoxaMmB5YEoqnVHT70camhWB5w7baNl/G4GJ7J72nmQ nW0M0mYXtl2DOTk9HaCDBH5Zuqie+Q2ROIzQ18sEmOwCMLaenxhy7hZbXcXae9Gkm2ux PzQugZ1RHhoDCPZnrr96fm+lKQ18eGVjokU3IPekasoT1ToOEyDoWHgBxB/JRJJ0Gecc tbhlB/iTKD5gw88XPWOO4BDhVKS1s0B4iCj6C+8qR4lRVBZOdMDfubKEr0dZ/U2w1XEJ OnJtS+z45cidThx56krgO8bn1p9hZD67aeHi+fN0MqLFcvnA2DwHxSVS0o5F6uSm+ymX Rtlw== X-Forwarded-Encrypted: i=1; AJvYcCUaOk3tzECVLx11ZKx24E4uhJ21Sys0oOviOibJdJL2rCxV3ADy9ZL4A1ADs/FNI80p1ygw8cQWnZydpJM=@vger.kernel.org X-Gm-Message-State: AOJu0YxImaotHKRuA6u+CkAb1ldhXDMu/RLr662ivrnT2xlUfM9MFLVL l9S6tVu2ZXMrB1q+OZFoH5LYTuXa3YYlSPqkMUv2+p+/4rbPU4BXJYnt2S7bWit2LgR6m1d6Zof B/B968Q== X-Google-Smtp-Source: AGHT+IHMYfnsineRSbdna+fy5FAeFnMFw6K03y0LLQ596CpMf66ldbok0nFnHZEXgnhOL9BnTiJGl1S20gs= X-Received: from pjae9.prod.google.com ([2002:a17:90a:1189:b0:327:5941:b2fd]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4c85:b0:323:28ac:4594 with SMTP id 98e67ed59e1d1-32515e2e438mr18787121a91.5.1756253125797; Tue, 26 Aug 2025 17:05:25 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 26 Aug 2025 17:05:11 -0700 In-Reply-To: <20250827000522.4022426-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250827000522.4022426-1-seanjc@google.com> X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250827000522.4022426-2-seanjc@google.com> Subject: [RFC PATCH 01/12] KVM: TDX: Drop PROVE_MMU=y sanity check on to-be-populated mappings From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Michael Roth , Yan Zhao , Ira Weiny , Vishal Annapurve , Rick Edgecombe Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Drop TDX's sanity check that an S-EPT mapping isn't zapped between creating said mapping and doing TDH.MEM.PAGE.ADD, as the check is simultaneously superfluous and incomplete. Per commit 2608f1057601 ("KVM: x86/tdp_mmu: Add a helper function to walk down the TDP MMU"), the justification for introducing kvm_tdp_mmu_gpa_is_mapped() was to check that the target gfn was pre-populated, with a link that points to this snippet: : > One small question: : > : > What if the memory region passed to KVM_TDX_INIT_MEM_REGION hasn't bee= n pre- : > populated? If we want to make KVM_TDX_INIT_MEM_REGION work with these= regions, : > then we still need to do the real map. Or we can make KVM_TDX_INIT_ME= M_REGION : > return error when it finds the region hasn't been pre-populated? : : Return an error. I don't love the idea of bleeding so many TDX details = into : userspace, but I'm pretty sure that ship sailed a long, long time ago. But that justification makes little sense for the final code, as simply doing TDH.MEM.PAGE.ADD without a paranoid sanity check will return an error if the S-EPT mapping is invalid (as evidenced by the code being guarded with CONFIG_KVM_PROVE_MMU=3Dy). The sanity check is also incomplete in the sense that mmu_lock is dropped between the check and TDH.MEM.PAGE.ADD, i.e. will only detect KVM bugs that zap SPTEs in a very specific window. Removing the sanity check will allow removing kvm_tdp_mmu_gpa_is_mapped(), which has no business being exposed to vendor code. Signed-off-by: Sean Christopherson Reviewed-by: Ira Weiny Reviewed-by: Kai Huang --- arch/x86/kvm/vmx/tdx.c | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 66744f5768c8..a6155f76cc6a 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -3175,20 +3175,6 @@ static int tdx_gmem_post_populate(struct kvm *kvm, g= fn_t gfn, kvm_pfn_t pfn, if (ret < 0) goto out; =20 - /* - * The private mem cannot be zapped after kvm_tdp_map_page() - * because all paths are covered by slots_lock and the - * filemap invalidate lock. Check that they are indeed enough. - */ - if (IS_ENABLED(CONFIG_KVM_PROVE_MMU)) { - scoped_guard(read_lock, &kvm->mmu_lock) { - if (KVM_BUG_ON(!kvm_tdp_mmu_gpa_is_mapped(vcpu, gpa), kvm)) { - ret =3D -EIO; - goto out; - } - } - } - ret =3D 0; err =3D tdh_mem_page_add(&kvm_tdx->td, gpa, pfn_to_page(pfn), src_page, &entry, &level_state); --=20 2.51.0.268.g9569e192d0-goog From nobody Fri Oct 3 18:10:11 2025 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 53175147C9B for ; Wed, 27 Aug 2025 00:05:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253132; cv=none; b=Hjm8l9hqirewdXj3EM/wnbwoa5ShD/aScz6lwo0cU4uYyZJuikTZughk9zN0LAr8iXhs4e6zzL0k0k5uqbaHW1lAh05engQ9aGGuIrQFHw/NLyb220hzNKfwJo04o1oeHNd6yP6/Qn0uF674lYGVvoGiCT1Tae+gRtA6UeZ3ENE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253132; c=relaxed/simple; bh=RbqmG58uhBhjrLT78S9J9lpdJ5PH/vbaqH0T6Bch28M=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=MacC8boGoOWpG5coAoJq3F8OuCoJMgVjz+il865T4Gi+v0Ls1p/EWBC3H5d8tAgacOfaxlVbHDU2E10Ci69dykz2N1fKI4LusMxviE/Nu806ncxw+6a4ofICkn1xdp+N/UnRHpfKfPfGlEXu+KOq3pMz89zTlE96nkE6GJQhg7E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=4d9xCaaR; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="4d9xCaaR" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-77053dd5eecso6055510b3a.3 for ; Tue, 26 Aug 2025 17:05:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756253128; x=1756857928; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=2nP5VgV7dQdp6ICPvqC1VWWnjFhF5zNCGEmNjA5VkF4=; b=4d9xCaaRmeU1h4hQkBhGurPgTcoIbr4k7xnSGlo0eWeuKfdK2y61jvv7PSSJK8osKx 86PpV2576RdkXndMRZRCRpigVRR140wKttp0jJtWDrN0RlADkGzQo6YYouM3COLK4mWR cezAQATqGWg7o2BS400OTDvrZpyYemU6OUa7yIvQmkOrCq4T0O6LnkpsIuEQbtGQc324 D1Fs+wTmRAeB5FY/svmyIOzYacGYbXMqRzSGwdvmzmGnFixfFvMefmQd/DZQVI25acEq 5V0xeYY+G0XCqzA8dZMD+grMv6JQCUJEKjiLPzHcWaR1OB62kFpcFmL4NVI2e8A4vZz+ BpOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756253128; x=1756857928; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=2nP5VgV7dQdp6ICPvqC1VWWnjFhF5zNCGEmNjA5VkF4=; b=ZxlVRYrQvNSeWW0HOFpyP/JbNq6PtNNRJMLO1+SaqDd/vz67xMSvu6FrUC/mOxLTnk 1PXnEae8wPhHLm0x3my8ByaJ3UOO2/Gpom0fIX5Vht/refVOBwGQHZ19wbYoXphjjX1f aWyRgh8HhfaeU2w8hgCFnw1drOUhYCzlFysMhvRWesPLzCzb66D9RszVDdU1HnvYs81g idyBnxa/guZ7y48NhXi2A6qlJ7VWedu/AKVZ3zKREmEZ8vFibm5Vj1IZgNXGX7T8ys06 vsWyfWFKtW9AWSuaQft4b/m298pcYHubE6VSZaDIkycBP1rqmg3SSgAykFH9SzHX4wYx b3rQ== X-Forwarded-Encrypted: i=1; AJvYcCU04bSqoZBwpF405nnl9uUvY8ARSMLKtIzCibsoyWmyHMAeeDTypd12K1DI254LidalUELxAFPw34kvUf0=@vger.kernel.org X-Gm-Message-State: AOJu0YxNvZ3aq1jRlHXvzNrlYtF7Du2iJkcuQfpe5mcpL6abxJek2Xbq mUsueZt5Poe+6pcOZGCyrTiL/QYQSCQqtyKZOQ52rHesQ4egnixt0P6TDKqGK87/e/tAPldca+B fbDyOYA== X-Google-Smtp-Source: AGHT+IH4TtfixO/LkRqrqjGe0+WgYZdthXCwbo+C5IyNGWTfUVUR8IHRsMWYV78QScDxcstww+dDYkTkTno= X-Received: from pjbof15.prod.google.com ([2002:a17:90b:39cf:b0:325:8cfb:6444]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:6d99:b0:240:75c:6f40 with SMTP id adf61e73a8af0-24340ca36a1mr28404494637.14.1756253127998; Tue, 26 Aug 2025 17:05:27 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 26 Aug 2025 17:05:12 -0700 In-Reply-To: <20250827000522.4022426-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250827000522.4022426-1-seanjc@google.com> X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250827000522.4022426-3-seanjc@google.com> Subject: [RFC PATCH 02/12] KVM: x86/mmu: Add dedicated API to map guest_memfd pfn into TDP MMU From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Michael Roth , Yan Zhao , Ira Weiny , Vishal Annapurve , Rick Edgecombe Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add and use a new API for mapping a private pfn from guest_memfd into the TDP MMU from TDX's post-populate hook instead of partially open-coding the functionality into the TDX code. Sharing code with the pre-fault path sounded good on paper, but it's fatally flawed as simulating a fault loses the pfn, and calling back into gmem to re-retrieve the pfn creates locking problems, e.g. kvm_gmem_populate() already holds the gmem invalidation lock. Providing a dedicated API will also removing several MMU exports that ideally would not be exposed outside of the MMU, let alone to vendor code. On that topic, opportunistically drop the kvm_mmu_load() export. Leave kvm_tdp_mmu_gpa_is_mapped() alone for now; the entire commit that added kvm_tdp_mmu_gpa_is_mapped() will be removed in the near future. Cc: Michael Roth Cc: Yan Zhao Cc: Ira Weiny Cc: Vishal Annapurve Cc: Rick Edgecombe Link: https://lore.kernel.org/all/20250709232103.zwmufocd3l7sqk7y@amd.com Signed-off-by: Sean Christopherson --- arch/x86/kvm/mmu.h | 1 + arch/x86/kvm/mmu/mmu.c | 60 +++++++++++++++++++++++++++++++++++++++++- arch/x86/kvm/vmx/tdx.c | 10 +++---- 3 files changed, 63 insertions(+), 8 deletions(-) diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index b4b6860ab971..697b90a97f43 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -259,6 +259,7 @@ extern bool tdp_mmu_enabled; =20 bool kvm_tdp_mmu_gpa_is_mapped(struct kvm_vcpu *vcpu, u64 gpa); int kvm_tdp_map_page(struct kvm_vcpu *vcpu, gpa_t gpa, u64 error_code, u8 = *level); +int kvm_tdp_mmu_map_private_pfn(struct kvm_vcpu *vcpu, gfn_t gfn, kvm_pfn_= t pfn); =20 static inline bool kvm_memslots_have_rmaps(struct kvm *kvm) { diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 6e838cb6c9e1..d3625e00baf9 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -4990,6 +4990,65 @@ long kvm_arch_vcpu_pre_fault_memory(struct kvm_vcpu = *vcpu, return min(range->size, end - range->gpa); } =20 +int kvm_tdp_mmu_map_private_pfn(struct kvm_vcpu *vcpu, gfn_t gfn, kvm_pfn_= t pfn) +{ + struct kvm_page_fault fault =3D { + .addr =3D gfn_to_gpa(gfn), + .error_code =3D PFERR_GUEST_FINAL_MASK | PFERR_PRIVATE_ACCESS, + .prefetch =3D true, + .is_tdp =3D true, + .nx_huge_page_workaround_enabled =3D is_nx_huge_page_enabled(vcpu->kvm), + + .max_level =3D KVM_MAX_HUGEPAGE_LEVEL, + .req_level =3D PG_LEVEL_4K, + .goal_level =3D PG_LEVEL_4K, + .is_private =3D true, + + .gfn =3D gfn, + .slot =3D kvm_vcpu_gfn_to_memslot(vcpu, gfn), + .pfn =3D pfn, + .map_writable =3D true, + }; + struct kvm *kvm =3D vcpu->kvm; + int r; + + lockdep_assert_held(&kvm->slots_lock); + + if (KVM_BUG_ON(!tdp_mmu_enabled, kvm)) + return -EIO; + + if (kvm_gfn_is_write_tracked(kvm, fault.slot, fault.gfn)) + return -EPERM; + + r =3D kvm_mmu_reload(vcpu); + if (r) + return r; + + r =3D mmu_topup_memory_caches(vcpu, false); + if (r) + return r; + + do { + if (signal_pending(current)) + return -EINTR; + + if (kvm_test_request(KVM_REQ_VM_DEAD, vcpu)) + return -EIO; + + cond_resched(); + + guard(read_lock)(&kvm->mmu_lock); + + r =3D kvm_tdp_mmu_map(vcpu, &fault); + } while (r =3D=3D RET_PF_RETRY); + + if (r !=3D RET_PF_FIXED) + return -EIO; + + return 0; +} +EXPORT_SYMBOL_GPL(kvm_tdp_mmu_map_private_pfn); + static void nonpaging_init_context(struct kvm_mmu *context) { context->page_fault =3D nonpaging_page_fault; @@ -5973,7 +6032,6 @@ int kvm_mmu_load(struct kvm_vcpu *vcpu) out: return r; } -EXPORT_SYMBOL_GPL(kvm_mmu_load); =20 void kvm_mmu_unload(struct kvm_vcpu *vcpu) { diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index a6155f76cc6a..1724d82c8512 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -3151,15 +3151,12 @@ struct tdx_gmem_post_populate_arg { static int tdx_gmem_post_populate(struct kvm *kvm, gfn_t gfn, kvm_pfn_t pf= n, void __user *src, int order, void *_arg) { - u64 error_code =3D PFERR_GUEST_FINAL_MASK | PFERR_PRIVATE_ACCESS; - struct kvm_tdx *kvm_tdx =3D to_kvm_tdx(kvm); struct tdx_gmem_post_populate_arg *arg =3D _arg; - struct kvm_vcpu *vcpu =3D arg->vcpu; + struct kvm_tdx *kvm_tdx =3D to_kvm_tdx(kvm); + u64 err, entry, level_state; gpa_t gpa =3D gfn_to_gpa(gfn); - u8 level =3D PG_LEVEL_4K; struct page *src_page; int ret, i; - u64 err, entry, level_state; =20 /* * Get the source page if it has been faulted in. Return failure if the @@ -3171,7 +3168,7 @@ static int tdx_gmem_post_populate(struct kvm *kvm, gf= n_t gfn, kvm_pfn_t pfn, if (ret !=3D 1) return -ENOMEM; =20 - ret =3D kvm_tdp_map_page(vcpu, gpa, error_code, &level); + ret =3D kvm_tdp_mmu_map_private_pfn(arg->vcpu, gfn, pfn); if (ret < 0) goto out; =20 @@ -3234,7 +3231,6 @@ static int tdx_vcpu_init_mem_region(struct kvm_vcpu *= vcpu, struct kvm_tdx_cmd *c !vt_is_tdx_private_gpa(kvm, region.gpa + (region.nr_pages << PAGE_SHI= FT) - 1)) return -EINVAL; =20 - kvm_mmu_reload(vcpu); ret =3D 0; while (region.nr_pages) { if (signal_pending(current)) { --=20 2.51.0.268.g9569e192d0-goog From nobody Fri Oct 3 18:10:11 2025 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5312F145A1F for ; Wed, 27 Aug 2025 00:05:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253131; cv=none; b=HGxg3P+vuzwOPXFuUUBMT4xzJu4rlfXekx+H7jrv+trhdlQTA2DdGxX1XtXJ/1FSM3lOPu6q5SKu9uFm3ny6EpIEaLJdJFstiKPP2ljAez/+vOs2zvnJzE0finfgcSJ8wRDulyLmVqnaAAfqbanXpionDqYzjss7GszpT9eaitQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253131; c=relaxed/simple; bh=vW84dOFfUkjEHn44SZ0Zsvc92V4JoabZ6ttehFhlzKs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Dwe42rtDFLY+A+zt9+/YzpKxf3CIRfpyIC75BaHxrWddq/KcgppjfGZhPv14g2ASfgMLCZ1xh1xHqbyVCYEYGirJIORAnYX0VqkP6m8YnH13pFrySzEMIP4NixdEXBjhm+o92O9vFBQkH0noQtlWZC/RWbG4ks/eGWCQ91yLiCE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=oT5qhpGY; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="oT5qhpGY" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-76e55665b05so5240444b3a.2 for ; Tue, 26 Aug 2025 17:05:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756253130; x=1756857930; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=x3mPFKRukU7NkaqqKkWEa4ZeQRYoB8uqLaKYEwqn56o=; b=oT5qhpGYKHDQGvTmVV5sf5dfMg3Vo+9Y9jI7EeC/yl8glgsGX0qf21tGaysEjoOd02 OcoRXgWVTeNH8V08lnDgKuriXCXYWdTJEq55XgxN+aZ9QcMHebc0ahyh/xtK5wDslWiI ujY3XTrRLzDXUYCodR/5/1lP6Btc7pdVPcevOvYtf5YoRU34jwZQbmr1P+n6A/DPF/Ha kJY1bOzBb2D8dB0VA50nzWJvYWUTPInrqAZ9osmj1OTWf2wMXi6MMQvnL0OMvy2bWfWH nAD8HeY2Q8dNMij/+hTkim72NbUQJLSns2t5wQvOyZ3zX+koJUSms0EI7epGYw2E8hj7 c4xQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756253130; x=1756857930; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=x3mPFKRukU7NkaqqKkWEa4ZeQRYoB8uqLaKYEwqn56o=; b=GZZmMB00SPL9jn86fDJHUSA6UzsN/5SnsvUDmUT/cHWOymSjKPb0tTul9DQSrjLnPw hITTxl9qOzhzLnC2UI2vHdptHdleuhZ7aE4jVenOk/N/GK2rkSAeoU+CbR0ZZ5Y+iqxi zC0MzI0YuIyWivBfybSxOg/vRKBpHOQAHgdsHcE9pbJlmYIZIvoKYt3i5Q7w61sB6y/L gMywt67orPDHhtExMlQi0aCWJ8YiX0AEkUPx0tyCgqos3jPts7d9SST2u2Y6SVHE3YPR FTDy6iy22J/36m71Ds9yJfGaobXQhv9/YGkkgeG3+y98Pa+QOXGyZKO35WC5Zr2D6WXt 3z1A== X-Forwarded-Encrypted: i=1; AJvYcCU4CLK7Ip/hiWvDaGDb5+nVdUHK0H8e0ugjc2Y6JvzmK8ik+1WEDEGlfXGz3sqwwTU8sDgFngbKLSMGjDU=@vger.kernel.org X-Gm-Message-State: AOJu0Yz+ZfNYOvJQ0DKiTnnxtKOksafazEyTK8ryJcX2vNSp6MzRJf1q quYown1HDxFaOd5GXhhvinb7BlVvFLj98U+4t8BDJlcJapsNlP2yHE+y9jfKwzXWOA8haqJjqux 1M5iW5Q== X-Google-Smtp-Source: AGHT+IHEnG3r0INUCs08n2KPXNY2BR+GnyTW8KVIP4RVEtBYEh4Xbo/b2ZM7vY3lAv7QzfEs08AdgYGVyfc= X-Received: from pfx26.prod.google.com ([2002:a05:6a00:a45a:b0:771:fbc3:2406]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:4b4e:b0:771:ed83:557c with SMTP id d2e1a72fcca58-771ed835a5dmr8443892b3a.2.1756253129565; Tue, 26 Aug 2025 17:05:29 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 26 Aug 2025 17:05:13 -0700 In-Reply-To: <20250827000522.4022426-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250827000522.4022426-1-seanjc@google.com> X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250827000522.4022426-4-seanjc@google.com> Subject: [RFC PATCH 03/12] Revert "KVM: x86/tdp_mmu: Add a helper function to walk down the TDP MMU" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Michael Roth , Yan Zhao , Ira Weiny , Vishal Annapurve , Rick Edgecombe Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Remove the helper and exports that were added to allow TDX code to reuse kvm_tdp_map_page() for its gmem post-populated flow now that a dedicated TDP MMU API is provided to install a mapping given a gfn+pfn pair. This reverts commit 2608f105760115e94a03efd9f12f8fbfd1f9af4b. Signed-off-by: Sean Christopherson --- arch/x86/kvm/mmu.h | 2 -- arch/x86/kvm/mmu/mmu.c | 4 ++-- arch/x86/kvm/mmu/tdp_mmu.c | 37 +++++-------------------------------- 3 files changed, 7 insertions(+), 36 deletions(-) diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h index 697b90a97f43..dc6b965cea4f 100644 --- a/arch/x86/kvm/mmu.h +++ b/arch/x86/kvm/mmu.h @@ -257,8 +257,6 @@ extern bool tdp_mmu_enabled; #define tdp_mmu_enabled false #endif =20 -bool kvm_tdp_mmu_gpa_is_mapped(struct kvm_vcpu *vcpu, u64 gpa); -int kvm_tdp_map_page(struct kvm_vcpu *vcpu, gpa_t gpa, u64 error_code, u8 = *level); int kvm_tdp_mmu_map_private_pfn(struct kvm_vcpu *vcpu, gfn_t gfn, kvm_pfn_= t pfn); =20 static inline bool kvm_memslots_have_rmaps(struct kvm *kvm) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index d3625e00baf9..f532beed9029 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -4900,7 +4900,8 @@ int kvm_tdp_page_fault(struct kvm_vcpu *vcpu, struct = kvm_page_fault *fault) return direct_page_fault(vcpu, fault); } =20 -int kvm_tdp_map_page(struct kvm_vcpu *vcpu, gpa_t gpa, u64 error_code, u8 = *level) +static int kvm_tdp_map_page(struct kvm_vcpu *vcpu, gpa_t gpa, u64 error_co= de, + u8 *level) { int r; =20 @@ -4942,7 +4943,6 @@ int kvm_tdp_map_page(struct kvm_vcpu *vcpu, gpa_t gpa= , u64 error_code, u8 *level return -EIO; } } -EXPORT_SYMBOL_GPL(kvm_tdp_map_page); =20 long kvm_arch_vcpu_pre_fault_memory(struct kvm_vcpu *vcpu, struct kvm_pre_fault_memory *range) diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c index 7f3d7229b2c1..1b559a50db51 100644 --- a/arch/x86/kvm/mmu/tdp_mmu.c +++ b/arch/x86/kvm/mmu/tdp_mmu.c @@ -1910,13 +1910,16 @@ bool kvm_tdp_mmu_write_protect_gfn(struct kvm *kvm, * * Must be called between kvm_tdp_mmu_walk_lockless_{begin,end}. */ -static int __kvm_tdp_mmu_get_walk(struct kvm_vcpu *vcpu, u64 addr, u64 *sp= tes, - struct kvm_mmu_page *root) +int kvm_tdp_mmu_get_walk(struct kvm_vcpu *vcpu, u64 addr, u64 *sptes, + int *root_level) { + struct kvm_mmu_page *root =3D root_to_sp(vcpu->arch.mmu->root.hpa); struct tdp_iter iter; gfn_t gfn =3D addr >> PAGE_SHIFT; int leaf =3D -1; =20 + *root_level =3D vcpu->arch.mmu->root_role.level; + for_each_tdp_pte(iter, vcpu->kvm, root, gfn, gfn + 1) { leaf =3D iter.level; sptes[leaf] =3D iter.old_spte; @@ -1925,36 +1928,6 @@ static int __kvm_tdp_mmu_get_walk(struct kvm_vcpu *v= cpu, u64 addr, u64 *sptes, return leaf; } =20 -int kvm_tdp_mmu_get_walk(struct kvm_vcpu *vcpu, u64 addr, u64 *sptes, - int *root_level) -{ - struct kvm_mmu_page *root =3D root_to_sp(vcpu->arch.mmu->root.hpa); - *root_level =3D vcpu->arch.mmu->root_role.level; - - return __kvm_tdp_mmu_get_walk(vcpu, addr, sptes, root); -} - -bool kvm_tdp_mmu_gpa_is_mapped(struct kvm_vcpu *vcpu, u64 gpa) -{ - struct kvm *kvm =3D vcpu->kvm; - bool is_direct =3D kvm_is_addr_direct(kvm, gpa); - hpa_t root =3D is_direct ? vcpu->arch.mmu->root.hpa : - vcpu->arch.mmu->mirror_root_hpa; - u64 sptes[PT64_ROOT_MAX_LEVEL + 1], spte; - int leaf; - - lockdep_assert_held(&kvm->mmu_lock); - rcu_read_lock(); - leaf =3D __kvm_tdp_mmu_get_walk(vcpu, gpa, sptes, root_to_sp(root)); - rcu_read_unlock(); - if (leaf < 0) - return false; - - spte =3D sptes[leaf]; - return is_shadow_present_pte(spte) && is_last_spte(spte, leaf); -} -EXPORT_SYMBOL_GPL(kvm_tdp_mmu_gpa_is_mapped); - /* * Returns the last level spte pointer of the shadow page walk for the giv= en * gpa, and sets *spte to the spte value. This spte may be non-preset. If = no --=20 2.51.0.268.g9569e192d0-goog From nobody Fri Oct 3 18:10:11 2025 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1ADA0191F91 for ; Wed, 27 Aug 2025 00:05:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253133; cv=none; b=YBIRg1NPQRBuoTfGAGrRkVUGrslYznZvoyqY9+SkjQk5+27T/xIBpW+czSyOQpdVvaJNtyrNMcwEvVv1n8RfJ2wu5JnHh3dZojdauaAHMwc6MX5V+dOGu4+P63AmFKMq764lGHxc6XuIb6pDMGpFP7GFJ2Xi/RSuKpAXMGCV4SM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253133; c=relaxed/simple; bh=FGy4L3v0KtbV9YN3vnt/aQL+JAZTHJYLOBd60TOt0zU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=PR2qOrWYFUa3QkLeEvrThFfFrihN3ml1zgjt22C57zec5Y9M3TUgvclIr43HpV2oHEgV9Lort9dzaDM61QdSjA4ItgqLGe8uPuAtuAAHnAJhB8FIGnUHrfmmEctRCAhxF0gpSELRmZqfR3giBWR+n0iMaRQoTQJsgVQ05d62JL8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=nWiW2FVT; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="nWiW2FVT" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-327704c12c2so126603a91.1 for ; Tue, 26 Aug 2025 17:05:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756253131; x=1756857931; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=vjPTpt85fE4g1CG7pF94hdcCHChaMHe3lO1UHe6fhuU=; b=nWiW2FVTO3R723r7l2OkGz3fLhtbIDIyDsazX720GXQ84GVhEjyO4rGnPkXcmAED8J M4xyw3rQ7J4MydL8MrrzMEZLg/PDEPyXI9QxRe/EdLz5X1PCzcSreoQmF6hZ9NLeuuCp m1S8WE9PppN71uTVHoca7Wbxb4HDMkBWib2pc5Yyytb/jSqoqs1+Bv9C2YSeOEhJAqLU 4m5zbnytyCC3Kj4bMxDXJKVZHObVBzerfC6eBMny4x0RnospcOSjDAXubNxmzMOSo4A4 aLXM4XCVJRjg0iy2IMXOEGO7fonEtOjE8czXdR28FgJe8pAQKHTSP61UGUd9lf+gTt2w 9Gcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756253131; x=1756857931; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vjPTpt85fE4g1CG7pF94hdcCHChaMHe3lO1UHe6fhuU=; b=SETzalomE11PNDrriFuS0+gz6tPPKjmaZkgKESx3SEtiGFBIh/8iG94BcZPF8pVdmc LXM3BDnt+XKRM1WB4lM4Iz9FnCu1WhsCGYrcByJgSVNCe7Ny6vzR7FDGiUq1eVpf3JDS cjhkEE1Oj91CwEogMVlz/bOl55N00K6F6FwJwav2Iy9UsCBUVVzSrjE41I5utGgLE/Ns jtfBpyO0yXGYw2JMHyVwNOVKSURKQROyo3NCGoHV07tDwwfBxwDF5AKBal9GntWV6AEh 6CljpSl/5ltkfcaW8r4/ukWjEEnLfB0OG0n//LeToqS1nsSlMD/Rx8oA5OWFKNMENEui /+Qw== X-Forwarded-Encrypted: i=1; AJvYcCVRJ+hA0QFSBt1lVh9p3k4iHDkXDOXuLPSTjViwEVDnV2rfIhMMUCy13XwwKVOM5v8gimUWsI2qlS/sJJo=@vger.kernel.org X-Gm-Message-State: AOJu0YxwbbnX4S68eu65Wgu00zJx75RnpCxETdrdm7A3pj4JWCn14QvI avlZoUYm/2lucoPGEX/1k3s4F8XOVCGcfRhaytXCgalRrIZJGeANBkiAdDtK4M/Itd82gLI6iON tKZiaIg== X-Google-Smtp-Source: AGHT+IGLkMUWbX4PKUWtDmrQW/m5uF2FUQJTdZQVW6EUfFTc+RCCET4ypzRI00ALI5rO63jIy/dfa6gX95M= X-Received: from pjbse15.prod.google.com ([2002:a17:90b:518f:b0:325:9cb3:419e]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:38d2:b0:325:ce00:fcb4 with SMTP id 98e67ed59e1d1-325ce00fe37mr7595526a91.31.1756253131527; Tue, 26 Aug 2025 17:05:31 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 26 Aug 2025 17:05:14 -0700 In-Reply-To: <20250827000522.4022426-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250827000522.4022426-1-seanjc@google.com> X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250827000522.4022426-5-seanjc@google.com> Subject: [RFC PATCH 04/12] KVM: x86/mmu: Rename kvm_tdp_map_page() to kvm_tdp_prefault_page() From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Michael Roth , Yan Zhao , Ira Weiny , Vishal Annapurve , Rick Edgecombe Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Rename kvm_tdp_map_page() to kvm_tdp_prefault_page() now that it's used only by kvm_arch_vcpu_pre_fault_memory(). No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/mmu/mmu.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index f532beed9029..cb08785ce29b 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -4900,8 +4900,8 @@ int kvm_tdp_page_fault(struct kvm_vcpu *vcpu, struct = kvm_page_fault *fault) return direct_page_fault(vcpu, fault); } =20 -static int kvm_tdp_map_page(struct kvm_vcpu *vcpu, gpa_t gpa, u64 error_co= de, - u8 *level) +static int kvm_tdp_prefault_page(struct kvm_vcpu *vcpu, gpa_t gpa, + u64 error_code, u8 *level) { int r; =20 @@ -4978,7 +4978,7 @@ long kvm_arch_vcpu_pre_fault_memory(struct kvm_vcpu *= vcpu, * Shadow paging uses GVA for kvm page fault, so restrict to * two-dimensional paging. */ - r =3D kvm_tdp_map_page(vcpu, range->gpa | direct_bits, error_code, &level= ); + r =3D kvm_tdp_prefault_page(vcpu, range->gpa | direct_bits, error_code, &= level); if (r < 0) return r; =20 --=20 2.51.0.268.g9569e192d0-goog From nobody Fri Oct 3 18:10:11 2025 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CB48D18DF9D for ; Wed, 27 Aug 2025 00:05:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253137; cv=none; b=azq+rS0idfVYWGryeXsO+WPvZ4bQr7Q3IcRrqn+tREnIi5a33YxHbkqTL9e3yU6TXCbu1/8Zj58BcWSrFMgY96107c3FgzSsUXAhx3eNKxnGs5FIVCBgR7fCW5TM2ozPNj4aaitncf+9zf9zRxn3Bmzdw5sWA0Kh36zOZXyZZlk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253137; c=relaxed/simple; bh=I+EU4QhA5nIsOiRwCkJlZRTgDkQkuqLiyShRzJ28eU8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=JxXKi7TaBHQuZNTQM+3OuhWaV6fBFaXRz12kkMbr7tVDX+mEF+95O0uVPNfZjvwLwZaxSGKOYAIIV2f6J0pRAodC3fr48oOoJSdYHJdIJDobrkiJmIbjsrceXflOC+bAzdwjXUCXunG5KkNY56gx0goyHyzlZHV3n69jTxFrsIY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Xr/c0kwy; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Xr/c0kwy" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-32326e72dfbso9045010a91.3 for ; Tue, 26 Aug 2025 17:05:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756253133; x=1756857933; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=aoRBu2fbhQAp9J0WDcFWzITHzuyqeUhe62P9ND1eteE=; b=Xr/c0kwy9RzpNh/pIQ89xOgeIUo0Mphha3vzH6N62GT/z2JBioxPs8iuqGWU2TaAxc a1UgoyVJ0ESAVvNSINXvn+x+gsMMRwHkS1jU3nK4Y0YH4bxBFurzgs0R32Cjwlfe+Iny 6RO6omzSnyNVaAYdLaBC2s4qMWa4pplWo2dDFCNlq0CwEkWQEO2s8O4SoTNfphyifo8K StgCftN5jSjS3szA444Puh16R8l+iKzIo+1WOhXA/lxHP+tltHeAH5rVm017bmiVBQKE TYX/7HUPxnNCc+zAwti6f8lAHArPVYbi5sUyJpvT/0r6e5EeJi9xeDKBPjhPmdMbBLd9 0rxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756253133; x=1756857933; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=aoRBu2fbhQAp9J0WDcFWzITHzuyqeUhe62P9ND1eteE=; b=kfv9M3s0Hj7YrGJ1sNJJkOP2UtNCRszvuEY4pXpWP5MPKdvpsJOYNjqfRRRNxaCtTz cUaqaFkEYzL7/NzjE+r0pn/55G9EtMJPA8JJeanzQaOmhUCTVu2cCh/1gtr/bvzDfVY7 ptxyxYFNd2P8GLOzD75z2qS9KtFliNTH4p2IvUyXTUHVM1UgAW/jsGp9r9Av2wZ77c60 tG7lT2sJIYYXnkD5qw0eIsbAHx8LUhnCzFD6PJW5fSB30DZk3qTXr4JHP2kYxDLrXgK8 1wjNn7DQq9hQXRW1EAITQN/WKEoWQqi2MIe3gChzoEBX7fC2EMLJOZsdSEn5Zvp/alJg RVHg== X-Forwarded-Encrypted: i=1; AJvYcCXOOXHi/bCwoh2hkS+3zpaDHg1Gge/+2IXJCOIiSnucDftx+pz4vSVI2T808To9EsFaXJYI3uKXBfCG4uQ=@vger.kernel.org X-Gm-Message-State: AOJu0YzQyPUuHEAw8+bF6PPGz+fQXdyebPvqtDxHq+wyxsAy7VjNzg5f ldwnhVj5fdTDA7GUdWPGeZlz/1RgPEgYdVFoLXjEDez/lzIAV2cJ2gz+Hyrb9tNKSapuMyW2ikT L2iZ6SQ== X-Google-Smtp-Source: AGHT+IHqGAWofh3cMmtYDoc0/YkBsAddd/V2EhhMJBSlpua+zE04DRKyx6kTbjr+RaWkz4HT9l2FGYKmhJE= X-Received: from pjbqb1.prod.google.com ([2002:a17:90b:2801:b0:321:abeb:1d8a]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:5445:b0:327:5360:5b1a with SMTP id 98e67ed59e1d1-3275360623bmr3748060a91.37.1756253133098; Tue, 26 Aug 2025 17:05:33 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 26 Aug 2025 17:05:15 -0700 In-Reply-To: <20250827000522.4022426-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250827000522.4022426-1-seanjc@google.com> X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250827000522.4022426-6-seanjc@google.com> Subject: [RFC PATCH 05/12] KVM: TDX: Drop superfluous page pinning in S-EPT management From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Michael Roth , Yan Zhao , Ira Weiny , Vishal Annapurve , Rick Edgecombe Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Don't explicitly pin pages when mapping pages into the S-EPT, guest_memfd doesn't support page migration in any capacity, i.e. there are no migrate callbacks because guest_memfd pages *can't* be migrated. See the WARN in kvm_gmem_migrate_folio(). Signed-off-by: Sean Christopherson Reviewed-by: Ira Weiny Reviewed-by: Kai Huang --- arch/x86/kvm/vmx/tdx.c | 28 ++++------------------------ 1 file changed, 4 insertions(+), 24 deletions(-) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 1724d82c8512..9fb6e5f02cc9 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -1586,29 +1586,22 @@ void tdx_load_mmu_pgd(struct kvm_vcpu *vcpu, hpa_t = root_hpa, int pgd_level) td_vmcs_write64(to_tdx(vcpu), SHARED_EPT_POINTER, root_hpa); } =20 -static void tdx_unpin(struct kvm *kvm, struct page *page) -{ - put_page(page); -} - static int tdx_mem_page_aug(struct kvm *kvm, gfn_t gfn, - enum pg_level level, struct page *page) + enum pg_level level, kvm_pfn_t pfn) { int tdx_level =3D pg_level_to_tdx_sept_level(level); struct kvm_tdx *kvm_tdx =3D to_kvm_tdx(kvm); + struct page *page =3D pfn_to_page(pfn); gpa_t gpa =3D gfn_to_gpa(gfn); u64 entry, level_state; u64 err; =20 err =3D tdh_mem_page_aug(&kvm_tdx->td, gpa, tdx_level, page, &entry, &lev= el_state); - if (unlikely(tdx_operand_busy(err))) { - tdx_unpin(kvm, page); + if (unlikely(tdx_operand_busy(err))) return -EBUSY; - } =20 if (KVM_BUG_ON(err, kvm)) { pr_tdx_error_2(TDH_MEM_PAGE_AUG, err, entry, level_state); - tdx_unpin(kvm, page); return -EIO; } =20 @@ -1642,29 +1635,18 @@ static int tdx_sept_set_private_spte(struct kvm *kv= m, gfn_t gfn, enum pg_level level, kvm_pfn_t pfn) { struct kvm_tdx *kvm_tdx =3D to_kvm_tdx(kvm); - struct page *page =3D pfn_to_page(pfn); =20 /* TODO: handle large pages. */ if (KVM_BUG_ON(level !=3D PG_LEVEL_4K, kvm)) return -EINVAL; =20 - /* - * Because guest_memfd doesn't support page migration with - * a_ops->migrate_folio (yet), no callback is triggered for KVM on page - * migration. Until guest_memfd supports page migration, prevent page - * migration. - * TODO: Once guest_memfd introduces callback on page migration, - * implement it and remove get_page/put_page(). - */ - get_page(page); - /* * Read 'pre_fault_allowed' before 'kvm_tdx->state'; see matching * barrier in tdx_td_finalize(). */ smp_rmb(); if (likely(kvm_tdx->state =3D=3D TD_STATE_RUNNABLE)) - return tdx_mem_page_aug(kvm, gfn, level, page); + return tdx_mem_page_aug(kvm, gfn, level, pfn); =20 return tdx_mem_page_record_premap_cnt(kvm, gfn, level, pfn); } @@ -1715,7 +1697,6 @@ static int tdx_sept_drop_private_spte(struct kvm *kvm= , gfn_t gfn, return -EIO; } tdx_clear_page(page); - tdx_unpin(kvm, page); return 0; } =20 @@ -1795,7 +1776,6 @@ static int tdx_sept_zap_private_spte(struct kvm *kvm,= gfn_t gfn, if (tdx_is_sept_zap_err_due_to_premap(kvm_tdx, err, entry, level) && !KVM_BUG_ON(!atomic64_read(&kvm_tdx->nr_premapped), kvm)) { atomic64_dec(&kvm_tdx->nr_premapped); - tdx_unpin(kvm, page); return 0; } =20 --=20 2.51.0.268.g9569e192d0-goog From nobody Fri Oct 3 18:10:11 2025 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5A7A91DFD9A for ; Wed, 27 Aug 2025 00:05:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253136; cv=none; b=kkS0xhah+zG/huAyXdeQkwp522Nf4XlaIzxIj0OwNy2qRGPzKOIDiOiNb3qjfP1iUYUw9aiAXTwyf/tphVvU7OkyruEZCwE8nRlw8mwCfPRgoR2n403xkFiCnNmCGb6n9YEscjdR2yD3p9Kv/5nLfsXSWPW8lDtMemAahbHLNnU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253136; c=relaxed/simple; bh=cqqucMYtivTxgJ2yWtjMcM5NpaFOO1MES3223ug0X4E=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=khBteVXUS/2GyYo8MlYp7DLcveURfCT/j9ODQS1wlXSxCy5MoBeSOSbaba84wF28Qw2BveSB+Fbu6mfVXJQQxxTp3Q4Vp2uiX8fAzkfSUQ0jxxF1aly+jUsLS2bTeZBCN1PdUAQRv4izDLe8vg/smjTS257YiqjrhItARY7G8+4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Cnehlumx; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Cnehlumx" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-32771335ce6so68259a91.1 for ; Tue, 26 Aug 2025 17:05:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756253135; x=1756857935; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=oGCmox8NCxkTSpPUlLKTfWHUVoiysl+0iyU32s+8vBE=; b=Cnehlumx5usGz9bDM7tH+A9BsThIbDUwO9/e6cwD6Sd48sx1Sv8jqgKm0aSrTlfVPF TS1T7PcgcInnBxA1EKivFEdk4+nUXBUuQq2xzvKr+XcKpZ1rcUxpm5GA+ks96mOj1ky0 SlmnBke0dt2bqy+2vLPd+5V0EF1TmeH8ZYFAzKxgddP4+I1ybNnYaNDKZdx8qKLAYbRJ 6rzidg/0wvS2Txyzv9P9yfxbLKJobKv82pfANzJS34vvDSt+mVp2gqDbyTvltjGq76Pz 2/gbhzUkP7Kz7I/HizUZ9pOPZ99B4l/70uoOvSVcBqvHPDuKuSTykzOdkufU5DVyhw+H ms7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756253135; x=1756857935; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=oGCmox8NCxkTSpPUlLKTfWHUVoiysl+0iyU32s+8vBE=; b=W0M4cO7oexujzkp6p2i1RQ8gvdYilnMYH6HDKG9kwD2IqgaCLbElWJUQpufrEcqPqD hPoDHFQMNnPgBO9eX4Y7h7hSSYgQXHpIlKMN4eEeeFQM6s0bCB2IdteXLS40WHyTiEyR 93TVlajhbcHM7ccX8NLVxjs2wYH6xs7oRRre0S0v0KvD4suKmc6kVK34phalsy3cJ7hy cYg7/FvXdfYYOU8pFa99bG37bbyx117aN8Gp75RFQs426gD1TE6Y+Kn+fmlO/YctKJa7 0gLynvARm4cPjF2YWfIeigNpEwmluKj7BK65Ef6y2vq2foT9i3FxK+phiXgCQvqfXD5I /a4w== X-Forwarded-Encrypted: i=1; AJvYcCVn4Ly9Lr6O/AKyBwIzVQPXtxhMqaW1Nr+d8ciaJX8C9F81Tn1868Hp4iBveI7aOBk0SB8S4AL94gA9PWQ=@vger.kernel.org X-Gm-Message-State: AOJu0Ywplb5bxSWFCfjxxvxIo7ERPX/yLNSphceh5UQQGRE6TR0iG6Z2 tptDWMuRmgfWguXGpcZj2HOq/CXAnEbkkutkE2t/JSNlFviFwZtHEw7U8mvOnTQjoszsJTK1FAy Jx1K4tg== X-Google-Smtp-Source: AGHT+IEYma5Tgh82jGLGfJfLfmhoqHyeRAhaK0BUFIBNQaa0nt6VPuBWzXcFJlUAx1BFZPkgbXKo0snHV+0= X-Received: from pjd5.prod.google.com ([2002:a17:90b:54c5:b0:325:8ff:2ad]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:5787:b0:30a:4874:5397 with SMTP id 98e67ed59e1d1-32515ef215amr21922120a91.9.1756253134805; Tue, 26 Aug 2025 17:05:34 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 26 Aug 2025 17:05:16 -0700 In-Reply-To: <20250827000522.4022426-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250827000522.4022426-1-seanjc@google.com> X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250827000522.4022426-7-seanjc@google.com> Subject: [RFC PATCH 06/12] KVM: TDX: Return -EIO, not -EINVAL, on a KVM_BUG_ON() condition From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Michael Roth , Yan Zhao , Ira Weiny , Vishal Annapurve , Rick Edgecombe Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Return -EIO when a KVM_BUG_ON() is tripped, as KVM's ABI is to return -EIO when a VM has been killed due to a KVM bug, not -EINVAL. Signed-off-by: Sean Christopherson Reviewed-by: Ira Weiny --- arch/x86/kvm/vmx/tdx.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 9fb6e5f02cc9..ef4ffcad131f 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -1624,7 +1624,7 @@ static int tdx_mem_page_record_premap_cnt(struct kvm = *kvm, gfn_t gfn, struct kvm_tdx *kvm_tdx =3D to_kvm_tdx(kvm); =20 if (KVM_BUG_ON(kvm->arch.pre_fault_allowed, kvm)) - return -EINVAL; + return -EIO; =20 /* nr_premapped will be decreased when tdh_mem_page_add() is called. */ atomic64_inc(&kvm_tdx->nr_premapped); @@ -1638,7 +1638,7 @@ static int tdx_sept_set_private_spte(struct kvm *kvm,= gfn_t gfn, =20 /* TODO: handle large pages. */ if (KVM_BUG_ON(level !=3D PG_LEVEL_4K, kvm)) - return -EINVAL; + return -EIO; =20 /* * Read 'pre_fault_allowed' before 'kvm_tdx->state'; see matching @@ -1849,7 +1849,7 @@ static int tdx_sept_free_private_spt(struct kvm *kvm,= gfn_t gfn, * and slot move/deletion. */ if (KVM_BUG_ON(is_hkid_assigned(kvm_tdx), kvm)) - return -EINVAL; + return -EIO; =20 /* * The HKID assigned to this TD was already freed and cache was @@ -1870,7 +1870,7 @@ static int tdx_sept_remove_private_spte(struct kvm *k= vm, gfn_t gfn, * there can't be anything populated in the private EPT. */ if (KVM_BUG_ON(!is_hkid_assigned(to_kvm_tdx(kvm)), kvm)) - return -EINVAL; + return -EIO; =20 ret =3D tdx_sept_zap_private_spte(kvm, gfn, level, page); if (ret <=3D 0) --=20 2.51.0.268.g9569e192d0-goog From nobody Fri Oct 3 18:10:11 2025 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 65D0F1F1513 for ; Wed, 27 Aug 2025 00:05:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253138; cv=none; b=SbF/3sPnh1kzJZC2fS0pRp/qVCO/vP/khOJyR8HdvR/XYM/E5fQ6r4KR6Uvltt6thxOMD5b2563HilHUwKmpq3SfuxMn/sv8mKCaGaXm+bT6+3usZM2FDBxkoFFZDFYUcuq47/CuilAK6KFeI7leAAXWl6hleQCwVK0WWK3F98Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253138; c=relaxed/simple; bh=cgh6/e79pQdff589nly0B6miSmkxJA//Fc6O2nZJY1g=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=CxAq178wNkaImybWLZEGT+EAQpBuzDwUpps/fjbkGPMYSC9VDzdz/V073Nmzq6Sv/c9ZZjedS8QtoyuYK6vWEvJcUWZGdygbJS6tPMlXbU9VOW3C/BdRUZi3hDa9EH/SSaQ6DVf2oQDoi73nKgtzxY9c1J8afqbK/zEuoVMMPBE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=dh2rTJU1; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="dh2rTJU1" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-77057266d0bso4990896b3a.1 for ; Tue, 26 Aug 2025 17:05:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756253137; x=1756857937; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=kxivBTbX+1L8x6FgLUJwK+IMOnrahcSlQkCprtoKV5A=; b=dh2rTJU1rwnFbKX7vu6fffcPBs7E1CGLjiI5TLdtsgVzLP7OHif98Qr7Qv0CZHjn0S Omcbr0JAk7HCEFud1j4Q0qQWH+U1kYplCTerRP0zt83ksEy6cnQB1OcCgs5OA+INbDwL tFuzvSXfxTm17iTxamH/bGijEcQptJVxAF9dEmzqPK5bZAVVRBzkk3H95uixjnhBD0zS aAI/7XrrFZIzKL5n6M2hM6baWyWrs9v52NaYIY29hOhO3PSCz8xl0+r/rubKttNYpf5/ lAUgSitVIOzGkOgZiMncPjLd0TwFt9Qpb21qvu/1RhvHVI7e/vNN2btzPLq6m1cvjZAf uz9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756253137; x=1756857937; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=kxivBTbX+1L8x6FgLUJwK+IMOnrahcSlQkCprtoKV5A=; b=l14B/WSARJUKDE9KGjWogeYwgudwZY5ejCzUsppjURof3zyybZgyktLu3qdrr+D01D GPJlxr2uIrnKLur9+eK+l3KekEiNDFI7fsACKL/oNY0vxgFIJt6opnpFHl0CqCn5yFgY rC2m8lcYyiUEIXoxtZFmm1AqZhaGSkqWaaxHygnbHBVdYT1uYkNnSmfE4ck98XyTVPlw xfKZVxS0et9L2vMWFE+D+oR7GfTIUXiyQ5SLx31cXh2QWJopqNNBJoFLh6hcNGRW6TdQ uPJbxfv18wF4KbNifO8GAyQEfb3E6ouugOZIWMjKPo9D+D5H/NKjlEeb5FYfFMSs0abj nxyA== X-Forwarded-Encrypted: i=1; AJvYcCWJv3lBOugdCgsN7T5GaBiE7JPI5ieQdXSPs+nKYdK4JqEzgp02HGDbF63R+Iz5rIrjar8xrunGxeD/xPk=@vger.kernel.org X-Gm-Message-State: AOJu0Yz3Cz4PbvOGFRUPAKXFNQSEF4ukL++An6QRktJo8r7MWlOcxcdK wABG4Nr+wUg0YoDfboAIxugnV3Nj3zymwtj+ZkS95DybHP3DvTlLkqyzD8cmJStJu+akLb2r0e8 Ti1qczg== X-Google-Smtp-Source: AGHT+IElpbbj7l6TR7thNKCOV4cKqhiJ6QBqeV2KiinUHBKeSxeiHU6PvhisiF8I8bOv3pG+ItNWx/S7ZiY= X-Received: from pfbci15.prod.google.com ([2002:a05:6a00:28cf:b0:771:e903:279d]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:4c81:b0:770:57c0:1fd5 with SMTP id d2e1a72fcca58-77057c02170mr11433268b3a.11.1756253136555; Tue, 26 Aug 2025 17:05:36 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 26 Aug 2025 17:05:17 -0700 In-Reply-To: <20250827000522.4022426-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250827000522.4022426-1-seanjc@google.com> X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250827000522.4022426-8-seanjc@google.com> Subject: [RFC PATCH 07/12] KVM: TDX: Avoid a double-KVM_BUG_ON() in tdx_sept_zap_private_spte() From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Michael Roth , Yan Zhao , Ira Weiny , Vishal Annapurve , Rick Edgecombe Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Return -EIO immediately from tdx_sept_zap_private_spte() if the number of to-be-added pages underflows, so that the following "KVM_BUG_ON(err, kvm)" isn't also triggered. Isolating the check from the "is premap error" if-statement will also allow adding a lockdep assertion that premap errors are encountered if and only if slots_lock is held. Signed-off-by: Sean Christopherson Reviewed-by: Rick Edgecombe --- arch/x86/kvm/vmx/tdx.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index ef4ffcad131f..88079e2d45fb 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -1773,8 +1773,10 @@ static int tdx_sept_zap_private_spte(struct kvm *kvm= , gfn_t gfn, err =3D tdh_mem_range_block(&kvm_tdx->td, gpa, tdx_level, &entry, &level= _state); tdx_no_vcpus_enter_stop(kvm); } - if (tdx_is_sept_zap_err_due_to_premap(kvm_tdx, err, entry, level) && - !KVM_BUG_ON(!atomic64_read(&kvm_tdx->nr_premapped), kvm)) { + if (tdx_is_sept_zap_err_due_to_premap(kvm_tdx, err, entry, level)) { + if (KVM_BUG_ON(!atomic64_read(&kvm_tdx->nr_premapped), kvm)) + return -EIO; + atomic64_dec(&kvm_tdx->nr_premapped); return 0; } --=20 2.51.0.268.g9569e192d0-goog From nobody Fri Oct 3 18:10:11 2025 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F3394201113 for ; Wed, 27 Aug 2025 00:05:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253140; cv=none; b=mSD9v/DgdQ6xbEA3wvTwDQyzURqTsJQr17bmSRk1u/E3xtx0pD40xDAbx60CWR+WH/Qz7J2UYKAIkzRVyYVGBiWEy6IHeEmBNk2fV625jyaoWs4hwVmGJTppU3YhfI/XNFCEUw70D9Zrq/x1R1aaUTz+T3YoAHZ9kUiSzE4gR0Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253140; c=relaxed/simple; bh=p5u10Bzkcywp/4GKkqpJgCa4qZjbXShDD0LksyC8ZDw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Mh/RqWKh7KADbuywe9rKxfs4ZYPVbKny6lXC+krblDvgHpSZQFAGnBfzwIra5M9XAAAoroZ/eBNUJKPOi8PhZ3L6nbjPMkJi+MxOpGw9ASvsrlGlTQdWbkgWkN7S3k3HQbxU2yqm+g+1pps59S+N8sMnPc43GWuHm/mlSEPcHWE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=cucoU5+S; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="cucoU5+S" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-3276575ae5bso551088a91.2 for ; Tue, 26 Aug 2025 17:05:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756253138; x=1756857938; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=7ErZgDOXv/jSDGCKcnbfir/yGG7t/FklW7bhCH57Uhk=; b=cucoU5+SFu/ZdcVSHz68vba8Z38GgiaIFjDjahNnLpXJ9nmDJt9cKDzv32/QtwJrqu gXyhd+lHgdUL3PDkYhrWEd8OiaRRFGwulUivuyolW79DO+nqNI59kumtm4TkLI3atfBj o+xdPVAoIZXubfGltnjgRV8qnLZnXCZXM7OFvhgYOTrNeKhdJGgNZdbrgck/29oKLcg2 4RHG9d6tt4qAUHgWYXuYHwmKZYYw3/3AjWCsh+D/YdKdzat1ODznoEZSbNRiXxWeTQRB ONs7IqvBLH2DrEtXulni3TdrL810cVGj2T7uJjTlisle3J+iL45608TkkQxU67bVQ9Im KzFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756253138; x=1756857938; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=7ErZgDOXv/jSDGCKcnbfir/yGG7t/FklW7bhCH57Uhk=; b=LaLTHHUTjxhsSIL7HZWzh8DtWBRStclYDPW6aHFUPZHGhYX6zRh36H4fmfcMSNqYJd 2cypS/OtcPSJdkTj5cgQXkEtbluoaQiJUo7blgpdkQcD0yo3vEnwUxNGo6ZU8Smp7x7J f3iuKDPh2alGeWtn8117N7ah15nKtqVCsKJur5AyZ+9VUKSPKE4Zgjfh5V3kh4scJhjQ ykEosF/VFXXXXJ2x28G7sMBTY/ULM8/tevleq+4H0FlDQi2y65UcgE+5qfcCp9gOioum oqmkcj9VrCeArFgspuTY78hfNVplXi8QbtJos/Bsk5equPXJNsGUkWbp4MGpZpoaIBEK QTTw== X-Forwarded-Encrypted: i=1; AJvYcCWYrX+G89/sODesi9dfuNaZAPeLHBDI9dAZmkANRaZCFRttrUFwylf9TInxF+Gqvmao5O1nzJ/WUiZxWEU=@vger.kernel.org X-Gm-Message-State: AOJu0Yyl5hnVwZDudCCalTW9gIoELE4Qh/36JmCXzFONjDugzsCYaEj6 61PPchHeIofte0pNUHFqyncv+sStXpF2J32moRbNTDGdhwdK4Tc6cU/9ikCvZudhzq8xxWeRRs0 +o1NdIw== X-Google-Smtp-Source: AGHT+IHOit1CgdGOtEwyoWNstM/rY5EyZOJUqw3pif7druLduvP2SLwxlmjzkU+xmrbDuQykH2FtGTD0ZlE= X-Received: from pjbsp3.prod.google.com ([2002:a17:90b:52c3:b0:31f:61fc:b283]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4b8f:b0:327:41c8:8840 with SMTP id 98e67ed59e1d1-32741c8899emr6039622a91.37.1756253138478; Tue, 26 Aug 2025 17:05:38 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 26 Aug 2025 17:05:18 -0700 In-Reply-To: <20250827000522.4022426-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250827000522.4022426-1-seanjc@google.com> X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250827000522.4022426-9-seanjc@google.com> Subject: [RFC PATCH 08/12] KVM: TDX: Use atomic64_dec_return() instead of a poor equivalent From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Michael Roth , Yan Zhao , Ira Weiny , Vishal Annapurve , Rick Edgecombe Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Use atomic64_dec_return() when decrementing the number of "pre-mapped" S-EPT pages to ensure that the count can't go negative without KVM noticing. In theory, checking for '0' and then decrementing in a separate operation could miss a 0=3D>-1 transition. In practice, such a condition is impossible because nr_premapped is protected by slots_lock, i.e. doesn't actually need to be an atomic (that wart will be addressed shortly). Don't bother trying to keep the count non-negative, as the KVM_BUG_ON() ensures the VM is dead, i.e. there's no point in trying to limp along. Signed-off-by: Sean Christopherson Reviewed-by: Ira Weiny Reviewed-by: Rick Edgecombe --- arch/x86/kvm/vmx/tdx.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 88079e2d45fb..b7559ea1e353 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -1774,10 +1774,9 @@ static int tdx_sept_zap_private_spte(struct kvm *kvm= , gfn_t gfn, tdx_no_vcpus_enter_stop(kvm); } if (tdx_is_sept_zap_err_due_to_premap(kvm_tdx, err, entry, level)) { - if (KVM_BUG_ON(!atomic64_read(&kvm_tdx->nr_premapped), kvm)) + if (KVM_BUG_ON(atomic64_dec_return(&kvm_tdx->nr_premapped) < 0, kvm)) return -EIO; =20 - atomic64_dec(&kvm_tdx->nr_premapped); return 0; } =20 @@ -3162,8 +3161,7 @@ static int tdx_gmem_post_populate(struct kvm *kvm, gf= n_t gfn, kvm_pfn_t pfn, goto out; } =20 - if (!KVM_BUG_ON(!atomic64_read(&kvm_tdx->nr_premapped), kvm)) - atomic64_dec(&kvm_tdx->nr_premapped); + KVM_BUG_ON(atomic64_dec_return(&kvm_tdx->nr_premapped) < 0, kvm); =20 if (arg->flags & KVM_TDX_MEASURE_MEMORY_REGION) { for (i =3D 0; i < PAGE_SIZE; i +=3D TDX_EXTENDMR_CHUNKSIZE) { --=20 2.51.0.268.g9569e192d0-goog From nobody Fri Oct 3 18:10:11 2025 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A3BB72144D7 for ; Wed, 27 Aug 2025 00:05:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253142; cv=none; b=IuBqd4a5F80wzvlZPPr6XJR5gJUhBGjGewG8onsTqfsd3hLs+ZVQVjTz0/t39LcwB/p5ZbYiPv7MzE1sNAbkaJzULL5FtORTIrS4JtsJh7xFl+zxbOr/IO2eJzANEIQW6NZ9w5rLH1lrMZdRyjbExw6lI/wXLD5xZF7eRd6h8Jo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253142; c=relaxed/simple; bh=inYnERU1cZUpLoPVwwGG1cPzJ315J3ScXyEuAIhLuzY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=e3kU4yv57ocdOj9Ez3x6SfPrSYGrNVuOetqJRQciPF59lXw82EQsVseq3dcaNxaKnbsJxlvImkVTwm4JVTvn0ZWA56EL5H4/fU8E1w/+tuinEKaNrg20U5wzWdPuAceYGHgMZWfSgoAF6iDSdT7Hq982tGi2IUizw0suFzTZaOY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=0WRTvK+H; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="0WRTvK+H" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-325228e9c12so370369a91.1 for ; Tue, 26 Aug 2025 17:05:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756253140; x=1756857940; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=EzIV4kw208Crs8PBdWAhCsmfi9lScWdvkVxAX4LkGs0=; b=0WRTvK+HDahOWdoNdla4xBbcaCWJOBo/DcTyFmtPvlNjM1k4xgva1ES7Dp6JUaOiaI BRC8JllV9tFMez4aSvZTVPVTdPnmjCsoWd92idSX2FOL/ZrNMjZJu3M80k5uCKHz03cA zS3mx9jKzXR2FI3UM5F7XHfFiCde5N5YMKtjzfd8w9BWfZZS2L2CqIOvfJ1UXXTHnZ26 8ZxmEP0aEvvzjmkPbxRvUWCzOv3CPiqIpJztxO9/7O4YLSQFc6qIPKDF3EN8GyunJcwh 1dx3ikV3iE9yExorLbqN0uPQx0iePs4bZGS8SIaY4ghEqtrPl4otz/J8hdhSGgMokylO h0TA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756253140; x=1756857940; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=EzIV4kw208Crs8PBdWAhCsmfi9lScWdvkVxAX4LkGs0=; b=pHwYNy2vQYp5cAzCIkqg8a1+6AL3baSWM6D/ItxlwLF0t+7iXBVT/EHjyr0sFZI7iw bKvO18fqOdDfKMs3MQzOgKtCRqUHZUN5Nz/EQ23LwDJMJ/+6y+JHEueP+ls1KzQHexe4 XHiANQ4PDAjPFVNfkXwcIpgDaLa9H4LQDTtZqMKcWzXwyiP7g0bJndMCeeGRbXUXzvty on1SheClaq70Z21OGanAMei9U+glWm8wvtBv9eVsEkW5C8GIP7S8ETEjJIeo0Fd2r0G5 bhzTeswAZwzanKLcpIjTSSBj6YzYB0gCRghQCrasuX0rE3gYZdKXpDAalbtYxgStChrW lgjA== X-Forwarded-Encrypted: i=1; AJvYcCUNvbcvm0s1g4nhjOe//PR8gDPmSwAVLRZXvQuiqCyAJkF3AEHEjqfiPY2Rxhu9Avc/ojo3ZYO+KCjAVkY=@vger.kernel.org X-Gm-Message-State: AOJu0YxjrlzoMXjw/JUe8/PCl/6BNrtnwo/9ueElVsJlE6B1wEyQMtux xfei147un8+0KQxv9Ez64I8XFhGL11GD1TksyGiKgl8d61EFG6JGmA3gMEhdqc/2CvdYsokQ75M aOaPYRw== X-Google-Smtp-Source: AGHT+IFsjkLo5saaZ5ATkRw7E1vx5cE/AELT09M9Pwwd8rhFQR3pIhA4BadJFV/SzGBGB3WS8W5BgnMdyvQ= X-Received: from pjbpl7.prod.google.com ([2002:a17:90b:2687:b0:321:6924:af9a]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:5647:b0:324:e74a:117c with SMTP id 98e67ed59e1d1-3275085dceamr4812944a91.13.1756253140034; Tue, 26 Aug 2025 17:05:40 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 26 Aug 2025 17:05:19 -0700 In-Reply-To: <20250827000522.4022426-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250827000522.4022426-1-seanjc@google.com> X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250827000522.4022426-10-seanjc@google.com> Subject: [RFC PATCH 09/12] KVM: TDX: Fold tdx_mem_page_record_premap_cnt() into its sole caller From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Michael Roth , Yan Zhao , Ira Weiny , Vishal Annapurve , Rick Edgecombe Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Fold tdx_mem_page_record_premap_cnt() into tdx_sept_set_private_spte() as providing a one-off helper for effectively three lines of code is at best a wash, and splitting the code makes the comment for smp_rmb() _extremely_ confusing as the comment talks about reading kvm->arch.pre_fault_allowed before kvm_tdx->state, but the immediately visible code does the exact opposite. Opportunistically rewrite the comments to more explicitly explain who is checking what, as well as _why_ the ordering matters. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/tdx.c | 49 ++++++++++++++++++------------------------ 1 file changed, 21 insertions(+), 28 deletions(-) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index b7559ea1e353..e4b70c0dbda3 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -1608,29 +1608,6 @@ static int tdx_mem_page_aug(struct kvm *kvm, gfn_t g= fn, return 0; } =20 -/* - * KVM_TDX_INIT_MEM_REGION calls kvm_gmem_populate() to map guest pages; t= he - * callback tdx_gmem_post_populate() then maps pages into private memory. - * through the a seamcall TDH.MEM.PAGE.ADD(). The SEAMCALL also requires = the - * private EPT structures for the page to have been built before, which is - * done via kvm_tdp_map_page(). nr_premapped counts the number of pages th= at - * were added to the EPT structures but not added with TDH.MEM.PAGE.ADD(). - * The counter has to be zero on KVM_TDX_FINALIZE_VM, to ensure that there - * are no half-initialized shared EPT pages. - */ -static int tdx_mem_page_record_premap_cnt(struct kvm *kvm, gfn_t gfn, - enum pg_level level, kvm_pfn_t pfn) -{ - struct kvm_tdx *kvm_tdx =3D to_kvm_tdx(kvm); - - if (KVM_BUG_ON(kvm->arch.pre_fault_allowed, kvm)) - return -EIO; - - /* nr_premapped will be decreased when tdh_mem_page_add() is called. */ - atomic64_inc(&kvm_tdx->nr_premapped); - return 0; -} - static int tdx_sept_set_private_spte(struct kvm *kvm, gfn_t gfn, enum pg_level level, kvm_pfn_t pfn) { @@ -1641,14 +1618,30 @@ static int tdx_sept_set_private_spte(struct kvm *kv= m, gfn_t gfn, return -EIO; =20 /* - * Read 'pre_fault_allowed' before 'kvm_tdx->state'; see matching - * barrier in tdx_td_finalize(). + * Ensure pre_fault_allowed is read by kvm_arch_vcpu_pre_fault_memory() + * before kvm_tdx->state. Userspace must not be allowed to pre-fault + * arbitrary memory until the initial memory image is finalized. Pairs + * with the smp_wmb() in tdx_td_finalize(). */ smp_rmb(); - if (likely(kvm_tdx->state =3D=3D TD_STATE_RUNNABLE)) - return tdx_mem_page_aug(kvm, gfn, level, pfn); =20 - return tdx_mem_page_record_premap_cnt(kvm, gfn, level, pfn); + /* + * If the TD isn't finalized/runnable, then userspace is initializing + * the VM image via KVM_TDX_INIT_MEM_REGION. Increment the number of + * pages that need to be initialized via TDH.MEM.PAGE.ADD (PAGE.ADD + * requires a pre-existing S-EPT mapping). KVM_TDX_FINALIZE_VM checks + * the counter to ensure all mapped pages have been added to the image, + * to prevent running the TD with uninitialized memory. + */ + if (unlikely(kvm_tdx->state !=3D TD_STATE_RUNNABLE)) { + if (KVM_BUG_ON(kvm->arch.pre_fault_allowed, kvm)) + return -EIO; + + atomic64_inc(&kvm_tdx->nr_premapped); + return 0; + } + + return tdx_mem_page_aug(kvm, gfn, level, pfn); } =20 static int tdx_sept_drop_private_spte(struct kvm *kvm, gfn_t gfn, --=20 2.51.0.268.g9569e192d0-goog From nobody Fri Oct 3 18:10:11 2025 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9B88D18B0F for ; Wed, 27 Aug 2025 00:05:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253144; cv=none; b=UcdIVjPYTvw/cA8fLcsIFUQU2zg+CAjo+f5GQqm1S5M+zaMyCNMjnSZvUVpMWYz8JjuPkV8yP0aoc9m2qyEYjWETHmpVcZI4HHlqBTRXCHu9lBEmP42akIpLwsUDecN4Kt8gohRvim4BWBx7FhMggHj4OSabRsmggTddbySUGuA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253144; c=relaxed/simple; bh=CT8ymioLuOlBWrXD3r8YANXKr/P7e/x1kpJZ/SO1Ra4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ZDirT08SAlT58SXjsrHS5WfgGMXVlGB0Kjo02n6Lq7/aZW5rWPvGEsQYeZQaz8OtFXizr3bYKn3Zhc/cAQVL3S8/be2w/JYEFZAO37f0X3FYG/uVE3rI7FGxFchWCKnD1MsR1kqSfwlED4z+V0ERTMG4lmea5LhMOExMElgJVl4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=aaxzXCw3; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="aaxzXCw3" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-771e1451631so5314804b3a.1 for ; Tue, 26 Aug 2025 17:05:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756253142; x=1756857942; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=LCGUcAyKwwCwfLwULs9m93YuDYGiD02JqCj6uYcQICM=; b=aaxzXCw32QhFLdtbWOYvV+yweY0S/cEi6k6yJxMhDzNRQuo4XjsVxh06lwQw1Uherc qPe1ChNJeT7d+S5CIOUkyrC3s/JEqvVDWGQMFJpfcFNaHO61KCG8xaDwc1av0i9dTQd5 VhiJ6gaKebH+o8gd+1LidTgLIgQHeD00joyKjacxLimLpEzIwl86gVKYvO1VmQPObm2M GZfccTQT+wLTv9D7ahBTJqW/W3FVdUtVeYLXs7QtV6uE2SGHKa4v9TzXEx6u3DjDwiun TaZDY90iAHvWqf9LSY67yAsjTg6xKM4my3MJmexn70WiJwY94a0aNXdMvKcZg2TaEBYd k3PQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756253142; x=1756857942; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=LCGUcAyKwwCwfLwULs9m93YuDYGiD02JqCj6uYcQICM=; b=GENWV47hqaycGIDkssOLFGTf5m4HWXw+D9WXgzpZQHkkJPIcQaRvnEdumKOCV/FSoU sV5R2ZIL+j5njLz9Os3T/d4FEwTfxFfQ5uFIiyKmdi68iUrxU5YcXJHBxpE6Q4yk9Zny uZI80uwer9JPlv/Ct1MDIaKL1woIpcNXacJGK0xDgaVgc0dt58iKhbG+R+8QekpBXttA mQpNdK/e9pE9b+L2BnyESghY48rS/RqYVc5JpQGALN8mWqmjVBytNT4LaO1BkLVWcjBZ JYflBeMPW7aZxp1NwRcP0A4l9LSsSXK22yqGxov/NzlKEp0Tq4FUzr3jPkuM/mWjuljw Pbxw== X-Forwarded-Encrypted: i=1; AJvYcCXgM0Sgm7M+/JR6FaR3OF9y+aQP+htovMTq/e4g3b5LwWSD6zMxy/h5To4FuGa2OF2w0XHswdVft2xLzok=@vger.kernel.org X-Gm-Message-State: AOJu0YxiN0D3FbD1JmAJ0mCV49lGm8aPsfczS+UVf7wnJUNHyXgadhoE cOeSm4V8Ii2cdoeBa9e2Db87dbIb7h6PFhcFtDk4ysfE/4gLiHR15Jmv3dkoVS1Qj0VYlk4DGAt qcFZu0A== X-Google-Smtp-Source: AGHT+IFkv1lpUrhzXX2+Y6v4Rm2dch6Njn/s0k/vZd6wkTZ7k/2PRiGbLK0dgoXhRwsaZtJNVwl1odVbERM= X-Received: from pfwy21.prod.google.com ([2002:a05:6a00:1c95:b0:771:f6ec:3577]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:4f83:b0:76e:885a:c1cc with SMTP id d2e1a72fcca58-7702fc32896mr18670355b3a.30.1756253141821; Tue, 26 Aug 2025 17:05:41 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 26 Aug 2025 17:05:20 -0700 In-Reply-To: <20250827000522.4022426-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250827000522.4022426-1-seanjc@google.com> X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250827000522.4022426-11-seanjc@google.com> Subject: [RFC PATCH 10/12] KVM: TDX: Assert that slots_lock is held when nr_premapped is accessed From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Michael Roth , Yan Zhao , Ira Weiny , Vishal Annapurve , Rick Edgecombe Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Assert that slots_lock is held when the TDX codes accesses the number of premapped pfns, as KVM relies on calls to tdx_vcpu_init_mem_region() being serialized to prevent double-population of gmem and false negatives on the consumption of a "premapped" pfn. In addition to helping document how the TDX code works, this will allow converting "nr_premapped" to a non-atomic variable, as all usage asserts that slots_lock is held. Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/tdx.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index e4b70c0dbda3..27941defb62e 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -1634,6 +1634,8 @@ static int tdx_sept_set_private_spte(struct kvm *kvm,= gfn_t gfn, * to prevent running the TD with uninitialized memory. */ if (unlikely(kvm_tdx->state !=3D TD_STATE_RUNNABLE)) { + lockdep_assert_held(&kvm->slots_lock); + if (KVM_BUG_ON(kvm->arch.pre_fault_allowed, kvm)) return -EIO; =20 @@ -1767,6 +1769,8 @@ static int tdx_sept_zap_private_spte(struct kvm *kvm,= gfn_t gfn, tdx_no_vcpus_enter_stop(kvm); } if (tdx_is_sept_zap_err_due_to_premap(kvm_tdx, err, entry, level)) { + lockdep_assert_held(&kvm->slots_lock); + if (KVM_BUG_ON(atomic64_dec_return(&kvm_tdx->nr_premapped) < 0, kvm)) return -EIO; =20 @@ -3132,6 +3136,8 @@ static int tdx_gmem_post_populate(struct kvm *kvm, gf= n_t gfn, kvm_pfn_t pfn, struct page *src_page; int ret, i; =20 + lockdep_assert_held(&kvm->slots_lock); + /* * Get the source page if it has been faulted in. Return failure if the * source page has been swapped out or unmapped in primary memory. --=20 2.51.0.268.g9569e192d0-goog From nobody Fri Oct 3 18:10:11 2025 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4EE9E21FF3F for ; Wed, 27 Aug 2025 00:05:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253145; cv=none; b=E9iRowNhfMxKlQWIXRD9hx0hrkAyyVCeghTphbJptxIenifURgLuE9s5QeWblcWlV/nvaqnvRHIj5KXzbEgSvs+w7mr3gW5ciUniDmIWXano6YkHbWu+dvRsUxsiza0VAs8mEKUJ/MAUQ1OUKiH9Pu6IuCVn/vStXUcUb5vbExc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253145; c=relaxed/simple; bh=LPaxkW9YyCXUJeIK8cRJGK+UjtY30XS0fpBptMGlvUg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ReJBExVuirPq+ER2rUpZ8BZNreCnvhmx7stTkDUlYI+QNCNzmFkRSpW7qi/rtU1HTV1CmI3Up0RtvL2nhYFHsbKwXyS166ocpfJzr01EcmRlxDZe6Ce8TP2eCltIczZu+yzdvdJGqq3geAf+PoKH3tzELAsovq70Fc0Pp663pro= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=TxEF2nTJ; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TxEF2nTJ" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-76e2eb6d2baso11635006b3a.3 for ; Tue, 26 Aug 2025 17:05:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756253143; x=1756857943; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=FsJkpNgJKrVlrQ0kYYDnZ364wlXe53Et8BwiZ80i0+M=; b=TxEF2nTJSm7I/lUichMiss/0dvcKnEKDsf82vrVDpgCCQjNJm0HP0v6S2+6VYI6S89 calCE3XGypg6kPehwicAXodOrXQXCZ9deEDjA3XEiJ/7/rng4LKDFZ6DO9Z5GbSUHKsF TpNfLMWj+ZVNMDslsamUf8xUSjm51BxWOKbpffAdV7ZyMOFiwNSNmoqcggWqWbFpaGL2 jns5LFUzHCFEBKvbi8j25BZwm9EUfEUMF2dxxEH2eMKCRIVwdwcffum1QKNPymcOug0M m2NTuqt3YxcTLWrVdQB2r8OeB86JqdltJviAfRzBVF/NQzuBOupGtyCc/es8jZ9NzsE0 umRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756253143; x=1756857943; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=FsJkpNgJKrVlrQ0kYYDnZ364wlXe53Et8BwiZ80i0+M=; b=fy4pPTUZKQ7W7Z398kLRCl9y9XpC8ZihL2z3xIEUG/MT2IRP+w1MgSd/I4xobnhxp6 TL+khkaFCamhZ/swr92+hdM884AtHHnxvS4Ltd3dE0a212ZoQABcO7DTDosUqe5geuP+ 788jYp89sI0ETmFA13XeICmm+W3zaTcqDJmOIroySCS96pyXdbxs+AaFplRP7nNIL9Hw 3E2SHETv/7UdI1WmnxuxMXO8EIWOW82giEmPTUBj9tsp2LaAEpev+8AkNRm2rmM69rQV 1yOQgRLpk3VKotqTFMwGFpMN8VOvJv3nFUAJDEg9eWQFWdAx1Y7uROyuv3ywx9KbAnvG 7MsQ== X-Forwarded-Encrypted: i=1; AJvYcCVUv66CPzQIwWAYJl4WI9qRZoXTD08j5HpVe6StPxM92qm690IW9DENkxKoMlbtqiPKCJMhpCQFPQkH1vs=@vger.kernel.org X-Gm-Message-State: AOJu0Yz+9LzZF4YQLUZ+qUfX1xJv5m/81km2dzunaZdm32nSs/Si+RLO Zvl85aFcVAKnQNjT82GBBuc1Fx0s7FMTJSaZP2EmGX7lrtN0HyifUUhVxUdThmiIZjIFikgO5a3 rk4TWmg== X-Google-Smtp-Source: AGHT+IEpi55G8voNDVUumr/uaCI0zU1p73RuojkrRDx6WiI41KFFc3w7odsA7AW9Ablcl98PDu4S12vgqWw= X-Received: from pjvb15.prod.google.com ([2002:a17:90a:d88f:b0:311:c197:70a4]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:5493:b0:243:15b9:7661 with SMTP id adf61e73a8af0-24340d71cfcmr26934393637.59.1756253143613; Tue, 26 Aug 2025 17:05:43 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 26 Aug 2025 17:05:21 -0700 In-Reply-To: <20250827000522.4022426-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250827000522.4022426-1-seanjc@google.com> X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250827000522.4022426-12-seanjc@google.com> Subject: [RFC PATCH 11/12] KVM: TDX: Track nr_premapped as an "unsigned long", not an "atomic64_t" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Michael Roth , Yan Zhao , Ira Weiny , Vishal Annapurve , Rick Edgecombe Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Track the number of premapped pfns as a non-atomic variable as all usage is guarded by slots_lock, and KVM now asserts as much. Note, slots_lock has always effectively guarded nr_premapped since TDX support landed, the use of an atomic64_t was likely a leftover from development that was never cleaned up. Signed-off-by: Sean Christopherson --- arch/x86/kvm/vmx/tdx.c | 8 ++++---- arch/x86/kvm/vmx/tdx.h | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 27941defb62e..5d2bb27f22da 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -1639,7 +1639,7 @@ static int tdx_sept_set_private_spte(struct kvm *kvm,= gfn_t gfn, if (KVM_BUG_ON(kvm->arch.pre_fault_allowed, kvm)) return -EIO; =20 - atomic64_inc(&kvm_tdx->nr_premapped); + kvm_tdx->nr_premapped++; return 0; } =20 @@ -1771,7 +1771,7 @@ static int tdx_sept_zap_private_spte(struct kvm *kvm,= gfn_t gfn, if (tdx_is_sept_zap_err_due_to_premap(kvm_tdx, err, entry, level)) { lockdep_assert_held(&kvm->slots_lock); =20 - if (KVM_BUG_ON(atomic64_dec_return(&kvm_tdx->nr_premapped) < 0, kvm)) + if (KVM_BUG_ON(--kvm_tdx->nr_premapped < 0, kvm)) return -EIO; =20 return 0; @@ -2846,7 +2846,7 @@ static int tdx_td_finalize(struct kvm *kvm, struct kv= m_tdx_cmd *cmd) * Pages are pending for KVM_TDX_INIT_MEM_REGION to issue * TDH.MEM.PAGE.ADD(). */ - if (atomic64_read(&kvm_tdx->nr_premapped)) + if (kvm_tdx->nr_premapped) return -EINVAL; =20 cmd->hw_error =3D tdh_mr_finalize(&kvm_tdx->td); @@ -3160,7 +3160,7 @@ static int tdx_gmem_post_populate(struct kvm *kvm, gf= n_t gfn, kvm_pfn_t pfn, goto out; } =20 - KVM_BUG_ON(atomic64_dec_return(&kvm_tdx->nr_premapped) < 0, kvm); + KVM_BUG_ON(--kvm_tdx->nr_premapped < 0, kvm); =20 if (arg->flags & KVM_TDX_MEASURE_MEMORY_REGION) { for (i =3D 0; i < PAGE_SIZE; i +=3D TDX_EXTENDMR_CHUNKSIZE) { diff --git a/arch/x86/kvm/vmx/tdx.h b/arch/x86/kvm/vmx/tdx.h index ca39a9391db1..04ba9ea3e0ba 100644 --- a/arch/x86/kvm/vmx/tdx.h +++ b/arch/x86/kvm/vmx/tdx.h @@ -37,7 +37,7 @@ struct kvm_tdx { struct tdx_td td; =20 /* For KVM_TDX_INIT_MEM_REGION. */ - atomic64_t nr_premapped; + unsigned long nr_premapped; =20 /* * Prevent vCPUs from TD entry to ensure SEPT zap related SEAMCALLs do --=20 2.51.0.268.g9569e192d0-goog From nobody Fri Oct 3 18:10:11 2025 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 247112236F2 for ; Wed, 27 Aug 2025 00:05:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253147; cv=none; b=I4S4qucPqAH/eDegiLJ4AGDs1YE8dWhQodlqnJgVPMdJ40ZLZtbj1wthtc+x9TNMWKW4DB/zz72GfrLQC+tf5t8SLewOzhmISG2VZBYdljF3fwXREi8q8O9FX/+6QcclOYUspTEuhqL5d93NQSZ4RNDKSxi7FyJqqzYc91dMvFc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756253147; c=relaxed/simple; bh=+ptPO8wiWLdE67ovmdHqqqNTkWuU8Wbd/ifeWjv87No=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=O0s43up4NhMOBL+XwxoI+b6VG+eIVd6DvWZE0YnuQa5Rex+Zzfpu+zYm9rQBlapSnnFR2Tl0ldXVmN+iu20zfu3CnjFyhtFaX7rme/FcxACcaxQcZFIJrFbJ/sAjNLsaWsrAmhA5uTBD/8uK/t2f+INcKM8ms2HDZlGPg+j32G8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=UyDKvtjz; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="UyDKvtjz" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-3274f7e6c1fso988480a91.0 for ; Tue, 26 Aug 2025 17:05:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756253145; x=1756857945; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=kJ6rATzspI5eGA3xG6HKuRZsUtSaW3a6n8TI9IFDChs=; b=UyDKvtjzswpXJX9jy2hmIk8acSjaNvnee4L8cF2Xd2jtvcT9EMX8UOlY0CxOTedEwo kFhi6ptMoz+K7uFbbBJaND1mNXhmfpoFq8y4yFsd0xL5ocDKoymfLtqRxQOFvjbQ7MYQ M+/c/bA2xI1tDFtWKbZ15RE83XU3/gP5e/ur0HG22HOrcLsc6N7CrHTU0qX1b0XDKlmF KdJobPW6xCCFoMO1aOH/k8D+1xewU3zDopQz9osRapmEkX5F2rp4H67ptXBtn8vZFCq8 0LvVUme/6QPbnvgpyUmVOJQWnaa8BaTM9ngIjbqK3P9/px/LlUk+3iQ2hkFkdK+JUOTf YD2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756253145; x=1756857945; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=kJ6rATzspI5eGA3xG6HKuRZsUtSaW3a6n8TI9IFDChs=; b=k3SWVvHunp/QSLF4wBshbKu6V11tcC7HXgp2OT79BBS9EcJF5rS/kWQJxmM9NSWCll JVAKeD0EREDHQZS2VsewqFcl6iszS3Iw617C87g9n7liVnWsIlWEZ/SQ1qERc7Y1VnQn kjBPwbE01SjvrjEOwwlh1ABNv0L4SROnio/9cnSC7YafI9EVF9+dLphBvMc/mUnTpakY A4KVo7V28lg7HWR4WTd1Aievr8r6kwttBqjRjEwuwBYDmddny1TMFH6ThVIyggJab1LU CFrFD1fceULBpnqACeAtv9mFHbB51pkcK/NsvH2pA666xaPn8/gZCTAhVj1t3Xbj3VVa cVQg== X-Forwarded-Encrypted: i=1; AJvYcCU+dYhb+iCzW286uM5tn0LntyHGv9rPfu4ibDWq4iqeTtP/0bSDDLinXWYTzDhXMxGvdb8ztjR6eK9gJus=@vger.kernel.org X-Gm-Message-State: AOJu0YwsLiW+eLpnRdnSIAIrIv7aI4F2L1lrUBI4asJgGZASZndCvsfd mhGuTF0attM5EokUgvIhmpmt1zQE4gymFN2sAEovPzXimw7rFPoZYexogNQt3oLfQLm5tVSepB8 3NRy04Q== X-Google-Smtp-Source: AGHT+IF+jEprkjlej8Prs6xu/gBvPow2HKyDXuqwzy8PeYZGXGFMT3K+Rg3QiclX8uRbzKpIye1R6CZL/V0= X-Received: from pjbqb16.prod.google.com ([2002:a17:90b:2810:b0:321:c441:a0a]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3b87:b0:327:41c8:882a with SMTP id 98e67ed59e1d1-32741c8893dmr5208970a91.20.1756253145402; Tue, 26 Aug 2025 17:05:45 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 26 Aug 2025 17:05:22 -0700 In-Reply-To: <20250827000522.4022426-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250827000522.4022426-1-seanjc@google.com> X-Mailer: git-send-email 2.51.0.268.g9569e192d0-goog Message-ID: <20250827000522.4022426-13-seanjc@google.com> Subject: [RFC PATCH 12/12] KVM: TDX: Rename nr_premapped to nr_pending_tdh_mem_page_adds From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Michael Roth , Yan Zhao , Ira Weiny , Vishal Annapurve , Rick Edgecombe Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Rename "nr_premapped" to an asurdly verbose "nr_pending_tdh_mem_page_adds" to make it explicitly clear what the counter tracks. "pre-map" is far too similar to "pre-fault", especially since tdx_sept_set_private_spte() deals with both "pre_fault_allowed" and the counter. No functional change intended. Signed-off-by: Sean Christopherson Reviewed-by: Ira Weiny --- arch/x86/kvm/vmx/tdx.c | 8 ++++---- arch/x86/kvm/vmx/tdx.h | 9 +++++++-- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 5d2bb27f22da..f9ac590e8ff0 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -1639,7 +1639,7 @@ static int tdx_sept_set_private_spte(struct kvm *kvm,= gfn_t gfn, if (KVM_BUG_ON(kvm->arch.pre_fault_allowed, kvm)) return -EIO; =20 - kvm_tdx->nr_premapped++; + kvm_tdx->nr_pending_tdh_mem_page_adds++; return 0; } =20 @@ -1771,7 +1771,7 @@ static int tdx_sept_zap_private_spte(struct kvm *kvm,= gfn_t gfn, if (tdx_is_sept_zap_err_due_to_premap(kvm_tdx, err, entry, level)) { lockdep_assert_held(&kvm->slots_lock); =20 - if (KVM_BUG_ON(--kvm_tdx->nr_premapped < 0, kvm)) + if (KVM_BUG_ON(--kvm_tdx->nr_pending_tdh_mem_page_adds < 0, kvm)) return -EIO; =20 return 0; @@ -2846,7 +2846,7 @@ static int tdx_td_finalize(struct kvm *kvm, struct kv= m_tdx_cmd *cmd) * Pages are pending for KVM_TDX_INIT_MEM_REGION to issue * TDH.MEM.PAGE.ADD(). */ - if (kvm_tdx->nr_premapped) + if (kvm_tdx->nr_pending_tdh_mem_page_adds) return -EINVAL; =20 cmd->hw_error =3D tdh_mr_finalize(&kvm_tdx->td); @@ -3160,7 +3160,7 @@ static int tdx_gmem_post_populate(struct kvm *kvm, gf= n_t gfn, kvm_pfn_t pfn, goto out; } =20 - KVM_BUG_ON(--kvm_tdx->nr_premapped < 0, kvm); + KVM_BUG_ON(--kvm_tdx->nr_pending_tdh_mem_page_adds < 0, kvm); =20 if (arg->flags & KVM_TDX_MEASURE_MEMORY_REGION) { for (i =3D 0; i < PAGE_SIZE; i +=3D TDX_EXTENDMR_CHUNKSIZE) { diff --git a/arch/x86/kvm/vmx/tdx.h b/arch/x86/kvm/vmx/tdx.h index 04ba9ea3e0ba..45d86f9fa41c 100644 --- a/arch/x86/kvm/vmx/tdx.h +++ b/arch/x86/kvm/vmx/tdx.h @@ -36,8 +36,13 @@ struct kvm_tdx { =20 struct tdx_td td; =20 - /* For KVM_TDX_INIT_MEM_REGION. */ - unsigned long nr_premapped; + /* + * The number of pages that KVM_TDX_INIT_MEM_REGION has mapped into the + * S-EPT, but not yet initialized via TDH.MEM.PAGE_ADD. Used to sanity + * check adding pages to the image, and to ensure that all pages have + * been initialized before finalizing the TD. + */ + unsigned long nr_pending_tdh_mem_page_adds; =20 /* * Prevent vCPUs from TD entry to ensure SEPT zap related SEAMCALLs do --=20 2.51.0.268.g9569e192d0-goog