From nobody Sat Apr  4 04:54:48 2026
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A5BAB1E22E9
	for <linux-kernel@vger.kernel.org>; Sat, 21 Mar 2026 00:09:47 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=170.10.133.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1774051791; cv=none;
 b=ZAZYzhxcmKI1sXhdzMvuvoRNDNb24GrInL648ppYWsEFu5iILWk2Thab9OUImUEnBP8MAH12GWQ5y1N+29Z8YAFk0Ozs+poJzqaMQ5EBMvThvtrAcbBgu5F6Yz6F2mrJXlzKypOOTwcrMv7atsPjYtUCwzEPzmi1eQy4nkm1Iic=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1774051791; c=relaxed/simple;
	bh=iVcE9RrZcl26REv9KZcwEG1itIHBEVAGnJ7liWzs2n8=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=Lbz8HgSMsv+BCEDCnE+hPxfVLM/5sV65yGwU2xSL5wMUEJtyyLx3Nl5T8hA7VxL6vqGb5kUKgjdKOz9DwMtR8smH7dMpsJQF2fzq5GvZF853jE4dTJI7nSYaJBBdgEsGZh5NVI/EIPlj8hf0iyU2FIC/NyhRBfi5jRRIUZZTqaM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=redhat.com;
 spf=pass smtp.mailfrom=redhat.com;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b=aVG38zvG;
 dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com
 header.b=KmfU2ocm; arc=none smtp.client-ip=170.10.133.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="aVG38zvG";
	dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="KmfU2ocm"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1774051786;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=cwAnQNfaCoyR40gaeMt6QITdHXPQjNKk5ABGyzLqLus=;
	b=aVG38zvGxwRdJbFVNu7MKCdmutLYsHoHsd2Gsct7es9lIr03PVRwmVP1pYWUn/aG9hm3tJ
	DzPyLgFIJKkSisgEfgGWV7TIvwVe33muJOckxjbICXBVUVAs6WgzmHNIvTXfQjcsjvypfM
	GYzZExWFh79RYeDBSv+rjleLm/zhhv0=
Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com
 [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-690-OeKcb4_NPG6JwPewe_LD9Q-1; Fri, 20 Mar 2026 20:09:45 -0400
X-MC-Unique: OeKcb4_NPG6JwPewe_LD9Q-1
X-Mimecast-MFC-AGG-ID: OeKcb4_NPG6JwPewe_LD9Q_1774051784
Received: by mail-wm1-f70.google.com with SMTP id
 5b1f17b1804b1-4837b6f6b93so7821085e9.3
        for <linux-kernel@vger.kernel.org>;
 Fri, 20 Mar 2026 17:09:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=redhat.com; s=google; t=1774051784; x=1774656584;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=cwAnQNfaCoyR40gaeMt6QITdHXPQjNKk5ABGyzLqLus=;
        b=KmfU2ocmu1pAowzJA7gFf7lk8WmyVOsNdJDdA3fRnupCk0HkkfKTC5KSkxRiUZZwU5
         VgFt1JPUFHRptqjUR3J4MBaflu64Lhwf3SQBnUZrneIYKsS8eLs3MvEA6oxVvLLVF9DG
         ZiL/dPaU0eYHtpa7sKp0yx+THWayfLICE8fe607FG650+Covx5IgpHsMyGNa6PE2LHn3
         zRMB85cQ0F9bnDavqrBuhIBPVfiiZxezUN4YBqBKF1tcSqcGz8X/YnIOILqMAxz2zR9Z
         Bp5qElmCpMthEBeKN6DbjWPNp/b24bLKwrWJKHz8yMrNWthnpN8Np4NtsPWOUt1Htq8Q
         u6mA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774051784; x=1774656584;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=cwAnQNfaCoyR40gaeMt6QITdHXPQjNKk5ABGyzLqLus=;
        b=j24SYEfzd+72Wn6Qi8tolE7asPCPDedY3mqfq6+h6MzHD8xEVCmb8Yiu976cF0HJBt
         dGuxIQBb/VkXm6VG8iHRKCBd30cfTTsfZpMJsLIFSodSj2HWwV+Pyp9u6Qk607foh/sr
         pJcAv8xWkhxtdCkvqF/Q9cxCoSGeDy28aYIw29pANO5AoD+uhai65CU5CsqfCN5ZSjwE
         JPEys8akd+4Ge9ryAb2mHHuVq8hbOQjJhSoniA5w1TovYtPS2DyMhqXfO7+rpZ/YMOvM
         03yGfcmDCmlnWGw32AON3sZ/VxwZixpHOAeNA+zRJyVX33SQJ+e6ZL8WL5iEIJi79HVI
         2fkA==
X-Gm-Message-State: AOJu0YxAW42tC8lRhsT9HexaZzIti0PLmcq8M8oxQsJozNJmqoKa0u9s
	Rhr34KA+QW88dfurtkMmW9qRJ+7AaWr58IlNj1MnFFjtPc6nc/xW6kr5/fhu8BdhGVowb8IwdnY
	qq0dXOR78WPTsah8YU+wjTI294yciLlpONA1xKf/xL7yAz7sgQKngox7gYKI9lmCZ1UQQUgwAqI
	lGgOw0PmbgqxHWw1+WlEZAwXolS9BULq1KqrrBxRuPAOePYCRyTg==
X-Gm-Gg: ATEYQzw1z/04Mn5qmKKEgIlPyMku0yRo5XGj3ZmA60t3hwb3CkraaawvDDRe2y8n5g6
	xgCi9/jX59Wv78nQiLelb6SCvUEviRDae6oxMgQWHkYtifSpGfTYkLXavzf0nuyprA9DdhdzyRg
	MCZRIMV1yO4jnqZGgpgJvSVaUjY2BeMbRpKRcvmG4k1u7M8AX5E+Y1xJPN44QA3NHcUkoUYPUvI
	rlH+VEgfF+3jNg1iUp/XprEr6NhyzMi0RwSxRcqNQPP+wn7GWSOkB8/zQ4wm3IFTUKbNczONeI1
	BeZdggD/6y6qr66l2G2cjMKzlthit7OqRa+IAGkuqUjan+YCq9nbfYzWda5Pqyhj/+n2VTiBbEy
	IGSqNhJsPkYl9ZWFCBpgsq6uPMzrL0Lrrck/5dokyI9Utp1Nqo6DLoyqHS1QhX7KR3wIWmpK6eU
	mubWsNzGkX1Y/lSNqxBTSlsKYY
X-Received: by 2002:a05:600c:45c5:b0:485:3b34:2f51 with SMTP id
 5b1f17b1804b1-486febbc66bmr74063125e9.4.1774051783744;
        Fri, 20 Mar 2026 17:09:43 -0700 (PDT)
X-Received: by 2002:a05:600c:45c5:b0:485:3b34:2f51 with SMTP id
 5b1f17b1804b1-486febbc66bmr74062885e9.4.1774051783287;
        Fri, 20 Mar 2026 17:09:43 -0700 (PDT)
Received: from [192.168.10.48] ([151.49.85.67])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-487004e7bc4sm34110035e9.2.2026.03.20.17.09.41
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 20 Mar 2026 17:09:42 -0700 (PDT)
From: Paolo Bonzini <pbonzini@redhat.com>
To: linux-kernel@vger.kernel.org,
	kvm@vger.kernel.org
Cc: Jon Kohler <jon@nutanix.com>,
	Marcelo Tosatti <mtosatti@redhat.com>,
	Nikunj A Dadhania <nikunj@amd.com>,
	Amit Shah <amit.shah@amd.com>,
	Sean Christopherson <seanjc@google.com>
Subject: [PATCH 04/22] KVM: x86/mmu: shuffle high bits of SPTEs in preparation
 for MBEC
Date: Sat, 21 Mar 2026 01:09:13 +0100
Message-ID: <20260321000931.1947084-5-pbonzini@redhat.com>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <20260321000931.1947084-1-pbonzini@redhat.com>
References: <20260321000931.1947084-1-pbonzini@redhat.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Access tracking will need to save bit 10 when MBEC is enabled.
Right now it is simply shifting the R and X bits into bits 54 and 56,
but bit 10 would not fit with the same scheme.  Reorganize the
high bits so that access tracking will use bits 52, 54 and 62.
As a side effect, the free bits are compacted slightly, with
56-59 still unused.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Kai Huang <kai.huang@intel.com>
---
 arch/x86/kvm/mmu/spte.h | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kvm/mmu/spte.h b/arch/x86/kvm/mmu/spte.h
index b60666778f61..7223a61b1260 100644
--- a/arch/x86/kvm/mmu/spte.h
+++ b/arch/x86/kvm/mmu/spte.h
@@ -17,10 +17,20 @@
  */
 #define SPTE_MMU_PRESENT_MASK		BIT_ULL(11)
=20
+/*
+ * The ignored high bits are allocated as follows:
+ * - bits 52, 54: saved X-R bits for access tracking when EPT does not hav=
e A/D
+ * - bits 53 (EPT only): host writable
+ * - bits 55 (EPT only): MMU-writable
+ * - bits 56-59: unused
+ * - bits 60-61: type of A/D tracking
+ * - bits 62: unused
+ */
+
 /*
  * TDP SPTES (more specifically, EPT SPTEs) may not have A/D bits, and may=
 also
  * be restricted to using write-protection (for L2 when CPU dirty logging,=
 i.e.
- * PML, is enabled).  Use bits 52 and 53 to hold the type of A/D tracking =
that
+ * PML, is enabled).  Use bits 60 and 61 to hold the type of A/D tracking =
that
  * is must be employed for a given TDP SPTE.
  *
  * Note, the "enabled" mask must be '0', as bits 62:52 are _reserved_ for =
PAE
@@ -29,7 +39,7 @@
  * TDP with CPU dirty logging (PML).  If NPT ever gains PML-like support, =
it
  * must be restricted to 64-bit KVM.
  */
-#define SPTE_TDP_AD_SHIFT		52
+#define SPTE_TDP_AD_SHIFT		60
 #define SPTE_TDP_AD_MASK		(3ULL << SPTE_TDP_AD_SHIFT)
 #define SPTE_TDP_AD_ENABLED		(0ULL << SPTE_TDP_AD_SHIFT)
 #define SPTE_TDP_AD_DISABLED		(1ULL << SPTE_TDP_AD_SHIFT)
@@ -65,7 +75,7 @@ static_assert(SPTE_TDP_AD_ENABLED =3D=3D 0);
  */
 #define SHADOW_ACC_TRACK_SAVED_BITS_MASK (SPTE_EPT_READABLE_MASK | \
 					  SPTE_EPT_EXECUTABLE_MASK)
-#define SHADOW_ACC_TRACK_SAVED_BITS_SHIFT 54
+#define SHADOW_ACC_TRACK_SAVED_BITS_SHIFT 52
 #define SHADOW_ACC_TRACK_SAVED_MASK	(SHADOW_ACC_TRACK_SAVED_BITS_MASK << \
 					 SHADOW_ACC_TRACK_SAVED_BITS_SHIFT)
 static_assert(!(SPTE_TDP_AD_MASK & SHADOW_ACC_TRACK_SAVED_MASK));
@@ -84,8 +94,8 @@ static_assert(!(SPTE_TDP_AD_MASK & SHADOW_ACC_TRACK_SAVED=
_MASK));
  * to not overlap the A/D type mask or the saved access bits of access-tra=
cked
  * SPTEs when A/D bits are disabled.
  */
-#define EPT_SPTE_HOST_WRITABLE		BIT_ULL(57)
-#define EPT_SPTE_MMU_WRITABLE		BIT_ULL(58)
+#define EPT_SPTE_HOST_WRITABLE		BIT_ULL(53)
+#define EPT_SPTE_MMU_WRITABLE		BIT_ULL(55)
=20
 static_assert(!(EPT_SPTE_HOST_WRITABLE & SPTE_TDP_AD_MASK));
 static_assert(!(EPT_SPTE_MMU_WRITABLE & SPTE_TDP_AD_MASK));
--=20
2.52.0