Hi, This is v4 of the TDX MMU prep series, split out of the giant 130 patch TDX base enabling series [0]. It is focusing on the changes to the x86 MMU to support TDX’s separation of private/shared EPT into separate roots. A future breakout series will include the changes to actually interact with the TDX module to actually map private memory. There is a larger team working on TDX KVM base enabling. The patches were originally authored by Sean Christopherson and Isaku Yamahata, but otherwise it especially represents the work of Isaku and Yan Y Zhao and myself. The series has been tested as part of a development branch for the TDX base series [1]. The testing of this series consists TDX kvm-unit-tests [2], regular KVM and TDX selftests, and booting a Linux TD. Updates from v3 =============== For v4, we have a smattering of cosmetic changes and two issues worth elaborated on found by Yan. 1. Private memory was zapped as part of the MMU notifier release callback during VM destruction. This was previously rejected as a solution for a this cleanup for a couple of reasons. While the actual S-EPT cleanup is implemented in later latches, part of it is setup in "KVM: x86/tdp_mmu: Take root types for kvm_tdp_mmu_invalidate_all_roots()". So the MMU notifier release patch is updated to not touch the valid mirror roots in this path. 2. A case was found where the memslot generation number could roll around and end up zapping the mirrored EPT. There actually was protection for this in v19 and it was thought to be not needed. So we added it back in mmu_alloc_direct_roots(). Also, some changes following the conversation in this max GFN thread [3] 1. Zap whole EPT GFN range in __tdp_mmu_zap_root() 2. Add patch for preventing memslots and fault with alias bits This series is on top of the commit in kvm-coco-queue commit where it was previously applied (9a6ddc3e2e1e selftests: KVM: SEV-SNP test for KVM_SEV_INIT2). Here is v3: https://lore.kernel.org/kvm/20240619223614.290657-1-rick.p.edgecombe@xxxxxxxxx/ [0] https://lore.kernel.org/kvm/cover.1708933498.git.isaku.yamahata@xxxxxxxxx/ [1] https://github.com/intel/tdx/tree/tdx_kvm_dev-2024-07-18 [2] https://lore.kernel.org/kvm/20231218072247.2573516-1-qian.wen@xxxxxxxxx/ [3] https://lore.kernel.org/kvm/ZpbKqG_ZhCWxl-Fc@xxxxxxxxxx/ Isaku Yamahata (13): KVM: Add member to struct kvm_gfn_range for target alias KVM: x86/mmu: Add an external pointer to struct kvm_mmu_page KVM: x86/mmu: Add an is_mirror member for union kvm_mmu_page_role KVM: x86/tdp_mmu: Take struct kvm in iter loops KVM: x86/mmu: Support GFN direct bits KVM: x86/tdp_mmu: Extract root invalid check from tdx_mmu_next_root() KVM: x86/tdp_mmu: Introduce KVM MMU root types to specify page table type KVM: x86/tdp_mmu: Take root in tdp_mmu_for_each_pte() KVM: x86/tdp_mmu: Support mirror root for TDP MMU KVM: x86/tdp_mmu: Propagate attr_filter to MMU notifier callbacks KVM: x86/tdp_mmu: Propagate building mirror page tables KVM: x86/tdp_mmu: Propagate tearing down mirror page tables KVM: x86/tdp_mmu: Take root types for kvm_tdp_mmu_invalidate_all_roots() Rick Edgecombe (5): KVM: x86/mmu: Zap invalid roots with mmu_lock holding for write at uninit KVM: x86: Add a VM type define for TDX KVM: x86/mmu: Make kvm_tdp_mmu_alloc_root() return void KVM: x86/tdp_mmu: Don't zap valid mirror roots in kvm_tdp_mmu_zap_all() KVM: x86/mmu: Prevent aliased memslot GFNs arch/x86/include/asm/kvm-x86-ops.h | 4 + arch/x86/include/asm/kvm_host.h | 26 ++- arch/x86/include/uapi/asm/kvm.h | 1 + arch/x86/kvm/mmu.h | 31 +++ arch/x86/kvm/mmu/mmu.c | 50 ++++- arch/x86/kvm/mmu/mmu_internal.h | 64 +++++- arch/x86/kvm/mmu/spte.h | 5 + arch/x86/kvm/mmu/tdp_iter.c | 10 +- arch/x86/kvm/mmu/tdp_iter.h | 21 +- arch/x86/kvm/mmu/tdp_mmu.c | 323 ++++++++++++++++++++++------- arch/x86/kvm/mmu/tdp_mmu.h | 51 ++++- arch/x86/kvm/x86.c | 3 + include/linux/kvm_host.h | 6 + virt/kvm/guest_memfd.c | 2 + virt/kvm/kvm_main.c | 14 ++ 15 files changed, 506 insertions(+), 105 deletions(-) base-commit: 9a6ddc3e2e1ebe37181c5fe9714d3a3590e3a792 -- 2.34.1
