On Sat, 2022-10-29 at 23:22 -0700, isaku.yamahata@xxxxxxxxx wrote:
> From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
>
> Because TDX will need shadow_mmio_mask to be VMX_SUPPRESS_VE | RWX
> shadow_mmio_value to be 0, make VMX EPT case use same value for TDX
> shadow_mmio_mask.
>
TDX need to use different mmio_mask/value doesn't mean they need to be changed
for VMX guest. I think the true purpose here is to still be able to use a
global shadow_mmio_mask for both TDX and VMX guests. So please explicitly call
out.
> For VMX, VMX_SUPPRESS_VE doesn't matter, it doesn't
> affect VMX logic to add the bit to shadow_mmio_{value, mask}. Note that
> shadow_mmio_value will be per-VM value.
Not sure why the last sentence matters.
>
> Signed-off-by: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
> ---
> arch/x86/kvm/mmu/spte.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kvm/mmu/spte.c b/arch/x86/kvm/mmu/spte.c
> index 0b97a045c5f0..5d5c06d4fd89 100644
> --- a/arch/x86/kvm/mmu/spte.c
> +++ b/arch/x86/kvm/mmu/spte.c
> @@ -437,8 +437,8 @@ void kvm_mmu_set_ept_masks(bool has_ad_bits, bool has_exec_only)
> * EPT Misconfigurations are generated if the value of bits 2:0
> * of an EPT paging-structure entry is 110b (write/execute).
> */
> - kvm_mmu_set_mmio_spte_mask(VMX_EPT_MISCONFIG_WX_VALUE,
> - VMX_EPT_RWX_MASK, 0);
> + kvm_mmu_set_mmio_spte_mask(VMX_EPT_MISCONFIG_WX_VALUE | VMX_EPT_SUPPRESS_VE_BIT,
Is "suppress #VE" bit required for mmio_value for VMX guest? Why adding it?
> + VMX_EPT_RWX_MASK | VMX_EPT_SUPPRESS_VE_BIT, 0);
> }
> EXPORT_SYMBOL_GPL(kvm_mmu_set_ept_masks);
>
