On Mon, Jul 11, 2022, Yuan Yao wrote: > On Fri, Jul 08, 2022 at 03:30:23PM +0000, Sean Christopherson wrote: > > Please trim replies. > > > I'm not sure why skip this for TDX, arch.mmu_shadow_page_cache is > > > still used for allocating sp->spt which used to track the S-EPT in kvm > > > for tdx guest. Anything I missed for this ? > > > > Shared EPTEs need to be initialized with SUPPRESS_VE=1, otherwise not-present > > EPT violations would be reflected into the guest by hardware as #VE exceptions. > > This is handled by initializing page allocations via kvm_init_shadow_page() during > > cache topup if shadow_nonpresent_value is non-zero. In that case, telling the > > page allocation to zero-initialize the page would be wasted effort. > > > > The initialization is harmless for S-EPT entries because KVM's copy of the S-EPT > > isn't consumed by hardware, and because under the hood S-EPT entries should never > > #VE (I forget if this is enforced by hardware or if the TDX module sets SUPPRESS_VE). > > Ah I see, you're right, thanks for the explanation! I think with > changes you suggested above the __GFP_ZERO can be removed from > mmu_shadow_page_cache for VMs which is_tdp_mmu_enabled() is true: Yep. > diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c > index 8de26cbde295..0b412f3eb0c5 100644 > --- a/arch/x86/kvm/mmu/mmu.c > +++ b/arch/x86/kvm/mmu/mmu.c > @@ -6483,8 +6483,8 @@ int kvm_mmu_create(struct kvm_vcpu *vcpu) > vcpu->arch.mmu_page_header_cache.kmem_cache = mmu_page_header_cache; > vcpu->arch.mmu_page_header_cache.gfp_zero = __GFP_ZERO; > > - if (!(tdp_enabled && shadow_nonpresent_value)) > - vcpu->arch.mmu_shadow_page_cache.gfp_zero = __GFP_ZERO; > + if (!(is_tdp_mmu_enabled(vcpu->kvm)) > + vcpu->arch.mmu_shadow_page_cache.gfp_zero = __GFP_ZERO; > > vcpu->arch.mmu = &vcpu->arch.root_mmu; > vcpu->arch.walk_mmu = &vcpu->arch.root_mmu;
