From nobody Thu Apr  2 20:14:49 2026
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 214BB3A3E67
	for <linux-kernel@vger.kernel.org>; Thu, 26 Mar 2026 18:17:40 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=170.10.129.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1774549063; cv=none;
 b=pnlSYbUamSav/AbkI4FMwxydkGiNBY+Qh8xM5ffPIa9+467OBZx/soIOVrsUmxIFblF/vVDUy/kLwE/Ds3bTCMfNIrApjU8wR/Xog3LneZceSynZMj34Tp3kXBk7RkkQsD7wbHQV9BwL0KS4AyT6Xz/mnHGc7BbDQntAa6ihL9U=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1774549063; c=relaxed/simple;
	bh=EHbcGD+CliNxFdwTD/e44sSeACaNU52lZoDEYih1YMU=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=G4z9UatBXtEg5wFXCRdJXtUAG215XNKy4thJV9ylECYg6MG7brRTKOQBEE/n/Py5jxWV59M5BgkZw8a1OiL+SyN38CtgvVp47HBcV3BLQ8K6ulU36xWdUQmVkOrG9DZsDftxlEAHplN8OVyLVtWseCwm+jLZSxoqhW5fzGk8cVc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=redhat.com;
 spf=pass smtp.mailfrom=redhat.com;
 dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b=Yx7ZQZQq;
 dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com
 header.b=O9fl+JBc; arc=none smtp.client-ip=170.10.129.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=redhat.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="Yx7ZQZQq";
	dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com
 header.b="O9fl+JBc"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1774549060;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=K+PRAD6ImQakVlkZ0yBf7cjYkcmyWuSTP98TeOw2OH0=;
	b=Yx7ZQZQqVPErckvtwe6od/09xd9qJaXr8WS+1v6+/tQGvMvXu7QDMo7rW1vv/nMATDzBfA
	33a+rzUIf4ugs2xzvzyt483p1fnoZIZGJWt8Vk0L8QQ6SbGIV0CcVdQdM56T7DZFBGB0G2
	hzhs0pTT/BHzRUvQIs7/2qlyeZv+y3I=
Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com
 [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-275-I-FVj7MbMyaS72TNGianGA-1; Thu, 26 Mar 2026 14:17:38 -0400
X-MC-Unique: I-FVj7MbMyaS72TNGianGA-1
X-Mimecast-MFC-AGG-ID: I-FVj7MbMyaS72TNGianGA_1774549058
Received: by mail-wm1-f72.google.com with SMTP id
 5b1f17b1804b1-486fa35b005so15652615e9.2
        for <linux-kernel@vger.kernel.org>;
 Thu, 26 Mar 2026 11:17:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=redhat.com; s=google; t=1774549057; x=1775153857;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=K+PRAD6ImQakVlkZ0yBf7cjYkcmyWuSTP98TeOw2OH0=;
        b=O9fl+JBc8qaGRVAb/5g0o2E/lEeNCJOVXQS9nDxaKPuTiDL5+lKLOcd7DYH6MroT/9
         obiZg+jpq0a1HzGzw8ffu9pP5FuCBUh/XQWhQC1RC1UceABRZFhwLc/n+RqRXee2ckzA
         bF4yUK+2TAMzyj8MQeaWXxnk61e9XSdBSHbgV6oP8vWrClgvYg0+HNNQPANzB0ChDMDt
         ZPVvIc46C/Kav/T8o2eNGKW5QiZiiwyMPEfCZIBOxLQiSA7gQoPJSbSOlWkTdZ8YBDgH
         eLJEjDguxD4qacYcT+xPfSJXjnuTXBsP6GTN1HR8CAXOh30MGNAtPLKcM+vDSzQOB9Wg
         b7SQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774549057; x=1775153857;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=K+PRAD6ImQakVlkZ0yBf7cjYkcmyWuSTP98TeOw2OH0=;
        b=UD7ilXSKnj50E1D7JI6jG8suRtw2p9qqWvXKECN3rjZvfJUPsqIoiL6Ib6mqZc//3y
         5cvIeOv8XNrPlmjFd9mXINxhqPjv/9w/PiOBYH9Zqk7iNhUxr8VVX8wvOFe8n262wT7c
         NHfak1T3aYR02lSl21O6bOHWwVjqNVhUkDRZFE5GyCsG4cuNbafxh4ljjiPMQBBfdJ+G
         jxhMdCdqO5O8HcjpqZ+RhTl2ljKPqJtAIk5c4m4VQlFY83jcaK2JpuPHDgFuL2oSZQOo
         KpwWE0ISsbqx2yqbHduMwAx34id1f04qarNDmXrrA1qzODV2LkgNhjS6l5dx/6sLYC4y
         Ah9Q==
X-Gm-Message-State: AOJu0Yx4tnxXZ948173qoYQeIIvm40BpHnhr8GrFX/+Vw9/HC/XZw72X
	Fe3sYqr8CuaHypWyunmV8n9hvfsmwibi4p+69MroUdQtSpFj2Qo0xl/khfpBH42aNkNWNV0fF6F
	xZLIsav0+Z4m2lm7R9Tp8XGe70mx7ZFKu22taiYtCCjY5UWifI0r2sb5a7l4Tjxc2DmKKqLf25u
	aGF44x1T5ioAY+DQHA4XlqToQM6oW2wYkvUMEopDukfC9HYL2wEw==
X-Gm-Gg: ATEYQzy+jJ7r6hEH5cz2KS+D3dzuPUPMHN6FCyfCrxr0FunSp28NK5+ZuH9j67Lz/mi
	gepHle3aruZUvNKjORC0hs95VxbouHuN1twx+WmiXhmUGSSSZPr1maF9IkCdr2RNhHTtJDTFpfW
	ry2ghUeBtxuF6sAv7/6Rq0pjHzfUqSCVzqRUon1I5ug1QBpljFqNqXSHWBliPlH+dQH5nYyde0x
	p20x5ClXGoqaiPX9dhSNtFv9MdLtiA9xW7tEjJuSszVoceNEm5X2sOH3mRM1kGjUAp2vaRILr75
	e7yn58cmv5uD+dkBfjZfZycUZyEj2t0N9imY8GkO+gaQMWXPIoWxfAYfckBsZQEl2IyFLzUHtW3
	x5U32T1d9FHRwlpO1mC17gUzTdax6WJSgH/QxSROefLtZsWDYPWC0K/1WRM1essLxuluwxw+t8e
	3dIulOS4G+gXB6ySpeZZiQgC/N
X-Received: by 2002:a05:600c:a15:b0:486:fc46:be9e with SMTP id
 5b1f17b1804b1-4871606c911mr152137535e9.24.1774549056579;
        Thu, 26 Mar 2026 11:17:36 -0700 (PDT)
X-Received: by 2002:a05:600c:a15:b0:486:fc46:be9e with SMTP id
 5b1f17b1804b1-4871606c911mr152136755e9.24.1774549056026;
        Thu, 26 Mar 2026 11:17:36 -0700 (PDT)
Received: from [192.168.10.48] ([151.49.85.67])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-48722d2366dsm42436215e9.10.2026.03.26.11.17.34
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 26 Mar 2026 11:17:35 -0700 (PDT)
From: Paolo Bonzini <pbonzini@redhat.com>
To: linux-kernel@vger.kernel.org,
	kvm@vger.kernel.org
Cc: Jon Kohler <jon@nutanix.com>,
	Nikunj A Dadhania <nikunj@amd.com>,
	Amit Shah <amit.shah@amd.com>,
	Sean Christopherson <seanjc@google.com>,
	Marcelo Tosatti <mtosatti@redhat.com>
Subject: [PATCH 04/24] KVM: x86/mmu: shuffle high bits of SPTEs in preparation
 for MBEC
Date: Thu, 26 Mar 2026 19:17:02 +0100
Message-ID: <20260326181723.218115-5-pbonzini@redhat.com>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <20260326181723.218115-1-pbonzini@redhat.com>
References: <20260326181723.218115-1-pbonzini@redhat.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Access tracking will need to save bit 10 when MBEC is enabled.
Right now it is simply shifting the R and X bits into bits 54 and 56,
but bit 10 would not fit with the same scheme.  Reorganize the
high bits so that access tracking will use bits 52, 54 and 62.
As a side effect, the free bits are compacted slightly, with
56-59 still unused.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 arch/x86/kvm/mmu/spte.h | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kvm/mmu/spte.h b/arch/x86/kvm/mmu/spte.h
index 4283cea3e66c..317b9cd1537c 100644
--- a/arch/x86/kvm/mmu/spte.h
+++ b/arch/x86/kvm/mmu/spte.h
@@ -17,10 +17,20 @@
  */
 #define SPTE_MMU_PRESENT_MASK		BIT_ULL(11)
=20
+/*
+ * The ignored high bits are allocated as follows:
+ * - bits 52, 54: saved X-R bits for access tracking when EPT does not hav=
e A/D
+ * - bits 53 (EPT only): host writable
+ * - bits 55 (EPT only): MMU-writable
+ * - bits 56-59: unused
+ * - bits 60-61: type of A/D tracking
+ * - bits 62: unused
+ */
+
 /*
  * TDP SPTES (more specifically, EPT SPTEs) may not have A/D bits, and may=
 also
  * be restricted to using write-protection (for L2 when CPU dirty logging,=
 i.e.
- * PML, is enabled).  Use bits 52 and 53 to hold the type of A/D tracking =
that
+ * PML, is enabled).  Use bits 60 and 61 to hold the type of A/D tracking =
that
  * is must be employed for a given TDP SPTE.
  *
  * Note, the "enabled" mask must be '0', as bits 62:52 are _reserved_ for =
PAE
@@ -29,7 +39,7 @@
  * TDP with CPU dirty logging (PML).  If NPT ever gains PML-like support, =
it
  * must be restricted to 64-bit KVM.
  */
-#define SPTE_TDP_AD_SHIFT		52
+#define SPTE_TDP_AD_SHIFT		60
 #define SPTE_TDP_AD_MASK		(3ULL << SPTE_TDP_AD_SHIFT)
 #define SPTE_TDP_AD_ENABLED		(0ULL << SPTE_TDP_AD_SHIFT)
 #define SPTE_TDP_AD_DISABLED		(1ULL << SPTE_TDP_AD_SHIFT)
@@ -65,7 +75,7 @@ static_assert(SPTE_TDP_AD_ENABLED =3D=3D 0);
  */
 #define SHADOW_ACC_TRACK_SAVED_BITS_MASK (SPTE_EPT_READABLE_MASK | \
 					  SPTE_EPT_EXECUTABLE_MASK)
-#define SHADOW_ACC_TRACK_SAVED_BITS_SHIFT 54
+#define SHADOW_ACC_TRACK_SAVED_BITS_SHIFT 52
 #define SHADOW_ACC_TRACK_SAVED_MASK	(SHADOW_ACC_TRACK_SAVED_BITS_MASK << \
 					 SHADOW_ACC_TRACK_SAVED_BITS_SHIFT)
 static_assert(!(SPTE_TDP_AD_MASK & SHADOW_ACC_TRACK_SAVED_MASK));
@@ -84,8 +94,8 @@ static_assert(!(SPTE_TDP_AD_MASK & SHADOW_ACC_TRACK_SAVED=
_MASK));
  * to not overlap the A/D type mask or the saved access bits of access-tra=
cked
  * SPTEs when A/D bits are disabled.
  */
-#define EPT_SPTE_HOST_WRITABLE		BIT_ULL(57)
-#define EPT_SPTE_MMU_WRITABLE		BIT_ULL(58)
+#define EPT_SPTE_HOST_WRITABLE		BIT_ULL(53)
+#define EPT_SPTE_MMU_WRITABLE		BIT_ULL(55)
=20
 static_assert(!(EPT_SPTE_HOST_WRITABLE & SPTE_TDP_AD_MASK));
 static_assert(!(EPT_SPTE_MMU_WRITABLE & SPTE_TDP_AD_MASK));
--=20
2.53.0