Commit Message
Isaku Yamahata
Oct. 30, 2022, 6:22 a.m. UTC
From: Isaku Yamahata <isaku.yamahata@intel.com> Because TDX will need shadow_mmio_mask to be VMX_SUPPRESS_VE | RWX and shadow_mmio_value to be 0, make VMX EPT case use same value for TDX shadow_mmio_mask. For VMX, VMX_SUPPRESS_VE doesn't matter, it doesn't affect VMX logic to add the bit to shadow_mmio_{value, mask}. Note that shadow_mmio_value will be per-VM value. Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com> --- arch/x86/kvm/mmu/spte.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
Comments
On Sat, 2022-10-29 at 23:22 -0700, isaku.yamahata@intel.com wrote: > From: Isaku Yamahata <isaku.yamahata@intel.com> > > Because TDX will need shadow_mmio_mask to be VMX_SUPPRESS_VE | RWX > shadow_mmio_value to be 0, make VMX EPT case use same value for TDX > shadow_mmio_mask. > TDX need to use different mmio_mask/value doesn't mean they need to be changed for VMX guest. I think the true purpose here is to still be able to use a global shadow_mmio_mask for both TDX and VMX guests. So please explicitly call out. > For VMX, VMX_SUPPRESS_VE doesn't matter, it doesn't > affect VMX logic to add the bit to shadow_mmio_{value, mask}. Note that > shadow_mmio_value will be per-VM value. Not sure why the last sentence matters. > > Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com> > --- > arch/x86/kvm/mmu/spte.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/kvm/mmu/spte.c b/arch/x86/kvm/mmu/spte.c > index 0b97a045c5f0..5d5c06d4fd89 100644 > --- a/arch/x86/kvm/mmu/spte.c > +++ b/arch/x86/kvm/mmu/spte.c > @@ -437,8 +437,8 @@ void kvm_mmu_set_ept_masks(bool has_ad_bits, bool has_exec_only) > * EPT Misconfigurations are generated if the value of bits 2:0 > * of an EPT paging-structure entry is 110b (write/execute). > */ > - kvm_mmu_set_mmio_spte_mask(VMX_EPT_MISCONFIG_WX_VALUE, > - VMX_EPT_RWX_MASK, 0); > + kvm_mmu_set_mmio_spte_mask(VMX_EPT_MISCONFIG_WX_VALUE | VMX_EPT_SUPPRESS_VE_BIT, Is "suppress #VE" bit required for mmio_value for VMX guest? Why adding it? > + VMX_EPT_RWX_MASK | VMX_EPT_SUPPRESS_VE_BIT, 0); > } > EXPORT_SYMBOL_GPL(kvm_mmu_set_ept_masks); >
On Wed, Nov 09, 2022 at 11:48:30AM +0000, "Huang, Kai" <kai.huang@intel.com> wrote: > On Sat, 2022-10-29 at 23:22 -0700, isaku.yamahata@intel.com wrote: > > From: Isaku Yamahata <isaku.yamahata@intel.com> > > > > Because TDX will need shadow_mmio_mask to be VMX_SUPPRESS_VE | RWX > > shadow_mmio_value to be 0, make VMX EPT case use same value for TDX > > shadow_mmio_mask. > > > > TDX need to use different mmio_mask/value doesn't mean they need to be changed > for VMX guest. I think the true purpose here is to still be able to use a > global shadow_mmio_mask for both TDX and VMX guests. So please explicitly call > out. That's right. With this change, per-VM shadow_mmio_{value, mask} can be avoided. The common value can be used for both VMX and TDX.
On Thu, Nov 17, 2022, Isaku Yamahata wrote: > On Wed, Nov 09, 2022 at 11:48:30AM +0000, > "Huang, Kai" <kai.huang@intel.com> wrote: > > > On Sat, 2022-10-29 at 23:22 -0700, isaku.yamahata@intel.com wrote: > > > From: Isaku Yamahata <isaku.yamahata@intel.com> > > > > > > Because TDX will need shadow_mmio_mask to be VMX_SUPPRESS_VE | RWX > > > shadow_mmio_value to be 0, make VMX EPT case use same value for TDX > > > shadow_mmio_mask. > > > > > > > TDX need to use different mmio_mask/value doesn't mean they need to be changed > > for VMX guest. I think the true purpose here is to still be able to use a > > global shadow_mmio_mask for both TDX and VMX guests. So please explicitly call > > out. > > That's right. With this change, per-VM shadow_mmio_{value, mask} can be avoided. > The common value can be used for both VMX and TDX. No, the mask can be global, but the value needs to be per-VM. VMX needs to generate an EPT misconfig, but TDX needs to generate an EPT violation to get the automagic #VE reflection.
diff --git a/arch/x86/kvm/mmu/spte.c b/arch/x86/kvm/mmu/spte.c index 0b97a045c5f0..5d5c06d4fd89 100644 --- a/arch/x86/kvm/mmu/spte.c +++ b/arch/x86/kvm/mmu/spte.c @@ -437,8 +437,8 @@ void kvm_mmu_set_ept_masks(bool has_ad_bits, bool has_exec_only) * EPT Misconfigurations are generated if the value of bits 2:0 * of an EPT paging-structure entry is 110b (write/execute). */ - kvm_mmu_set_mmio_spte_mask(VMX_EPT_MISCONFIG_WX_VALUE, - VMX_EPT_RWX_MASK, 0); + kvm_mmu_set_mmio_spte_mask(VMX_EPT_MISCONFIG_WX_VALUE | VMX_EPT_SUPPRESS_VE_BIT, + VMX_EPT_RWX_MASK | VMX_EPT_SUPPRESS_VE_BIT, 0); } EXPORT_SYMBOL_GPL(kvm_mmu_set_ept_masks);