From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 161DFC25B77 for ; Mon, 20 May 2024 19:14:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 809716B0088; Mon, 20 May 2024 15:14:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7B9D66B008A; Mon, 20 May 2024 15:14:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6AA206B008C; Mon, 20 May 2024 15:14:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 4F6956B0088 for ; Mon, 20 May 2024 15:14:54 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 084B2A24C9 for ; Mon, 20 May 2024 19:14:54 +0000 (UTC) X-FDA: 82139726508.05.14E6297 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.18]) by imf25.hostedemail.com (Postfix) with ESMTP id 23442A0008 for ; Mon, 20 May 2024 19:14:49 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=Lc+b0LXf; spf=pass (imf25.hostedemail.com: domain of isaku.yamahata@intel.com designates 192.198.163.18 as permitted sender) smtp.mailfrom=isaku.yamahata@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1716232491; a=rsa-sha256; cv=none; b=7oJZNFkR3pR2PSwYTqaxd5zxgY5G8fmlUKG3WYN1EC5O4ly7T/LsdwNRO6JUadQrtlfz8V yIGbImXFWeH7sae99TY0i85qIPgJmjTD240Db3yOPnxpDsG8EIKmpTemzUQsdx7vmqNlLl cfV3wJCzmog5qhNU/u+O0Uu3q13PsCE= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=Lc+b0LXf; spf=pass (imf25.hostedemail.com: domain of isaku.yamahata@intel.com designates 192.198.163.18 as permitted sender) smtp.mailfrom=isaku.yamahata@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1716232491; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=0swp4Lq9cViBlKIjIK4F6LJIh7f3AU/hq8+kamnRz74=; b=k5XzAd4imqNcNj9fpWZS79fQjgYhu+q6QOxMFPCL6QLY0fm9ysIkM07kEIjLxvX/TD/ODf SjNkTwG7046+o6vvfMn9++vjhXJD6rOWvfuannlwcnUn3o9h7JzsjXE5Zkx/oBiEj/uP9h i1lo+KOZJP5Ns8yH92Sk8Ae+zkxV73c= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1716232490; x=1747768490; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=JMmxMc4KxFDgWYo64T8S+XbqNNYGK47LMWQHk3hYL4g=; b=Lc+b0LXfZrM6x1qThRfREKxYG/bZEtD1FEAaypkrj3ULxXsOByst3tPM +fGtsl48Z17QLH9HrjmhoNidGo/v+vH/wMnz7tdIW+uvb+kzBA98yrgFp NoSDNvd15LQSgU6PNercr5zymmc2Wx/RQEpbQWFTKx0KUnuj6QJ6sl0Fj /lUVFy404u84XRRnPKBpd6szLqLzNiDVIPGCDGtejYqw/VTrutsRRc3HE Xgmvs0K5myAsv74Jn5zahm3at8UaajgikKlBB4jMK8S/0R183qi4zqhWQ cabnB3yPWGaqjsfEq9RmiBx53Sb2qyGWi5PYZg880LzRvtjOgrFkvFbU7 A==; X-CSE-ConnectionGUID: BjFEtKbcRiGZcipXSy+sFA== X-CSE-MsgGUID: YhZ60SmqQTeqR3VWaT9Ijg== X-IronPort-AV: E=McAfee;i="6600,9927,11078"; a="12178317" X-IronPort-AV: E=Sophos;i="6.08,175,1712646000"; d="scan'208";a="12178317" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa112.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 May 2024 12:14:48 -0700 X-CSE-ConnectionGUID: hcN/iEklQZy2RiPWZ3fsxw== X-CSE-MsgGUID: UFs0ZNCiQ8OklrWpLsAV+Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,175,1712646000"; d="scan'208";a="63470070" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.54]) by orviesa002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 May 2024 12:14:47 -0700 Date: Mon, 20 May 2024 12:14:47 -0700 From: Isaku Yamahata To: "Huang, Kai" Cc: "isaku.yamahata@gmail.com" , "kvm@vger.kernel.org" , "Edgecombe, Rick P" , "michael.roth@amd.com" , "pankaj.gupta@amd.com" , "tglx@linutronix.de" , "tobin@ibm.com" , "liam.merwick@oracle.com" , "alpergun@google.com" , "Luck, Tony" , "jmattson@google.com" , "luto@kernel.org" , "ak@linux.intel.com" , "pbonzini@redhat.com" , "pgonda@google.com" , "srinivas.pandruvada@linux.intel.com" , "slp@redhat.com" , "rientjes@google.com" , "peterz@infradead.org" , "linux-kernel@vger.kernel.org" , "dovmurik@linux.ibm.com" , "thomas.lendacky@amd.com" , "x86@kernel.org" , "bp@alien8.de" , "seanjc@google.com" , "vkuznets@redhat.com" , "vbabka@suse.cz" , "ashish.kalra@amd.com" , "linux-coco@lists.linux.dev" , "nikunj.dadhania@amd.com" , "Rodel, Jorg" , "mingo@redhat.com" , "sathyanarayanan.kuppuswamy@linux.intel.com" , "hpa@zytor.com" , "kirill@shutemov.name" , "jarkko@kernel.org" , "ardb@kernel.org" , "linux-crypto@vger.kernel.org" , "linux-mm@kvack.org" , "dave.hansen@linux.intel.com" , isaku.yamahata@intel.com, isaku.yamahata@linux.intel.com Subject: Re: [PATCH v15 13/20] KVM: SEV: Implement gmem hook for initializing private pages Message-ID: <20240520191447.GB22775@ls.amr.corp.intel.com> References: <20240501085210.2213060-1-michael.roth@amd.com> <20240501085210.2213060-14-michael.roth@amd.com> <41d8ba3a48d33de82baa67ef5ee88e5f8995aea8.camel@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <41d8ba3a48d33de82baa67ef5ee88e5f8995aea8.camel@intel.com> X-Rspamd-Queue-Id: 23442A0008 X-Rspam-User: X-Rspamd-Server: rspam12 X-Stat-Signature: fk17ibomwa1593za9m5aij61rfcxs4it X-HE-Tag: 1716232489-997188 X-HE-Meta: U2FsdGVkX1/Ja/IMkQEG7HrAKRii66k3yT7W9H2X5lIujl0MXwSESOClzRCNky+TjMEbogtv8Mp/HOxqou3Bkn8YpttWpDK/+t3DbWAYyb1HmDEHPcnPlAxNgQTnuzEb6OWBoaJqHMUExmmGC5RVnuItp9rdsbFf2P39jG4KJ+yDQoQJOV6YllSy7gcRW8+w3YRR2QVyqPhfKdNo+5MoTbDJRl2HaIu+x4tOsRqyiXRK4d/tW6C6TvFNTwjvN964i7oUnQPcJnk7n8xPSohY/me9EsVALOELj9gMMyE0HT6Ymz+T4sKGwJ5HwrxGf51kLgLhKEuZqHOhRib9y1TF4PzaQ0VLNsbnLqAWZHE22XO426iqBxXqtt5e+y0QmERqhTDD7stKun5+0Ca/tqFQWCEBCJ7ozhSKhqYrcMvOTengglCypb/osX6xRq8PoLmTC0JDxlhHzhae9DlIZBzZzh2qxOjugs3QaWcuxeBSiLJmthllYlVQHcOdCRbOv7GL0MSXApSCO811z3/C0dZjOviacpsCmYQSwe/Jwr+/HaIxSzp1nb7XN1wW9nMF4iq09ZlLdi7x2rmGTqnCaKeisL+2B3fePm/ygcDYVOi2woLdaAlfyeFuvU1hWVui+ROl/9oY5DmdyrSs0V68dRP+NGKn6jkqzH9dp20EUo/GysEP32BBY8n5d5ZYyobgCCegnSeBg/D4n52VudeiodLRsikAwTf0AjpdWy9sNwd4PCAa7kFfPRxi0zuhf2h7kECqiDu84vHlW6q3Rw9G02l95WNqFcIWVmjN7pg1F4JRAm8z8ch7yWa7Y92EglaF0nI2u3joFFBUiCoFoKMT6+8fZJlfs4gzcPz8TU4xcfVmy94YYa+J0Ko7Gk9Psicn5EX9LcGqhKI8u3oGB11Y2R1dGDmnTT+YAw62zC9YgsIEpBiDeGzOu4Eum+FSgsLSRjUB7RzKpP+spp6ulVGgc1K t5C24QBy SaNff6mWJ4J1vENY9hKRnwNwSo6+NbVT90FLFh8AYGVd6QapiTpA60KWKOkeU5vGDNEnC6z+ysSxfwBjsV1+sNobuDE1cJno4kwEebnW/IbF+CKaUordETnOcHcn5SE1toWDZqazmuCY/DlwHjvrVTKObRlw6q7KTlNizYoT8fSYw5C/FQg3snajq5vsDsIvzJL4TwykdqJlYQrEy1SSJ0KOkW0xHPmoc29ZW67neX6cFkFxbBjbERE5itR/u2ONi44UdFdShlvSGG8z83kj1bDtESsL218C83ESU X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, May 20, 2024 at 10:16:54AM +0000, "Huang, Kai" wrote: > On Wed, 2024-05-01 at 03:52 -0500, Michael Roth wrote: > > This will handle the RMP table updates needed to put a page into a > > private state before mapping it into an SEV-SNP guest. > > > > > > [...] > > > +int sev_gmem_prepare(struct kvm *kvm, kvm_pfn_t pfn, gfn_t gfn, int max_order) > > +{ > > + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; > > + kvm_pfn_t pfn_aligned; > > + gfn_t gfn_aligned; > > + int level, rc; > > + bool assigned; > > + > > + if (!sev_snp_guest(kvm)) > > + return 0; > > + > > + rc = snp_lookup_rmpentry(pfn, &assigned, &level); > > + if (rc) { > > + pr_err_ratelimited("SEV: Failed to look up RMP entry: GFN %llx PFN %llx error %d\n", > > + gfn, pfn, rc); > > + return -ENOENT; > > + } > > + > > + if (assigned) { > > + pr_debug("%s: already assigned: gfn %llx pfn %llx max_order %d level %d\n", > > + __func__, gfn, pfn, max_order, level); > > + return 0; > > + } > > + > > + if (is_large_rmp_possible(kvm, pfn, max_order)) { > > + level = PG_LEVEL_2M; > > + pfn_aligned = ALIGN_DOWN(pfn, PTRS_PER_PMD); > > + gfn_aligned = ALIGN_DOWN(gfn, PTRS_PER_PMD); > > + } else { > > + level = PG_LEVEL_4K; > > + pfn_aligned = pfn; > > + gfn_aligned = gfn; > > + } > > + > > + rc = rmp_make_private(pfn_aligned, gfn_to_gpa(gfn_aligned), level, sev->asid, false); > > + if (rc) { > > + pr_err_ratelimited("SEV: Failed to update RMP entry: GFN %llx PFN %llx level %d error %d\n", > > + gfn, pfn, level, rc); > > + return -EINVAL; > > + } > > + > > + pr_debug("%s: updated: gfn %llx pfn %llx pfn_aligned %llx max_order %d level %d\n", > > + __func__, gfn, pfn, pfn_aligned, max_order, level); > > + > > + return 0; > > +} > > diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c > > index b70556608e8d..60783e9f2ae8 100644 > > --- a/arch/x86/kvm/svm/svm.c > > +++ b/arch/x86/kvm/svm/svm.c > > @@ -5085,6 +5085,8 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { > > .vcpu_deliver_sipi_vector = svm_vcpu_deliver_sipi_vector, > > .vcpu_get_apicv_inhibit_reasons = avic_vcpu_get_apicv_inhibit_reasons, > > .alloc_apic_backing_page = svm_alloc_apic_backing_page, > > + > > + .gmem_prepare = sev_gmem_prepare, > > }; > > > > > > +Rick, Isaku, > > I am wondering whether this can be done in the KVM page fault handler? > > The reason that I am asking is KVM will introduce several new > kvm_x86_ops::xx_private_spte() ops for TDX to handle setting up the > private mapping, and I am wondering whether SNP can just reuse some of > them so we can avoid having this .gmem_prepare(): Although I can't speak for SNP folks, I guess those hooks doesn't make sense for them. I guess they want to stay away from directly modifying the TDP MMU to add hooks to the TDP MMU. Instead, They intentionally chose to add hooks to guest_memfd. Maybe it's possible for SNP to use those hooks, what's the benefit for SNP? If you're looking for the benefit to allow the hooks of the TDP MMU for shared page table, what about other vm type? SW_PROTECTED or future one? -- Isaku Yamahata