Always honor guest PAT in KVM-managed EPTs on TDX enabled platforms by
making self-snoop feature a hard dependency for TDX and making quirk
KVM_X86_QUIRK_EPT_IGNORE_GUEST_PAT not a valid quirk once TDX is enabled.
The quirk KVM_X86_QUIRK_EPT_IGNORE_GUEST_PAT only affects memory type of
KVM-managed EPTs. For the TDX-module-managed private EPT, memory type is
always forced to WB now.
Honoring guest PAT in KVM-managed EPTs ensures KVM does not invoke
kvm_zap_gfn_range() when attaching/detaching non-coherent DMA devices,
which would cause mirrored EPTs for TDs to be zapped, leading to the
TDX-module-managed private EPT being incorrectly zapped.
As a new platform, TDX is always with self-snoop feature supported and has
no worry to break old not-well-written yet unmodifiable guests. So, simply
make the quirk KVM_X86_QUIRK_EPT_IGNORE_GUEST_PAT invalid on TDX enabled
platforms.
Suggested-by: Sean Christopherson <seanjc@xxxxxxxxxx>
Signed-off-by: Yan Zhao <yan.y.zhao@xxxxxxxxx>
---
Documentation/virt/kvm/api.rst | 20 +++++++++++---------
arch/x86/kvm/vmx/main.c | 1 +
arch/x86/kvm/vmx/tdx.c | 5 +++++
3 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
index c22211c2f54c..5954c5cde33d 100644
--- a/Documentation/virt/kvm/api.rst
+++ b/Documentation/virt/kvm/api.rst
@@ -8165,9 +8165,11 @@ KVM_X86_QUIRK_STUFF_FEATURE_MSRS By default, at vCPU creation, KVM sets the
be set by userspace (KVM sets them based on
guest CPUID, for safety purposes).
-KVM_X86_QUIRK_EPT_IGNORE_GUEST_PAT By default, on Intel platforms, KVM ignores
- guest PAT and forces the effective memory
- type to WB in EPT. The quirk has no effect
+KVM_X86_QUIRK_EPT_IGNORE_GUEST_PAT By default, on Intel platforms except TDX,
+ KVM ignores guest PAT and forces the
+ effective memory type to WB in EPT. The
+ quirk only affects the memory type of
+ KVM-managed EPTs. The quirk has no effect
when KVM runs on Intel platforms which are
incapable of safely honoring guest PAT
(i.e., without CPU feature self-snoop, KVM
@@ -8184,14 +8186,14 @@ KVM_X86_QUIRK_EPT_IGNORE_GUEST_PAT By default, on Intel platforms, KVM ignores
map the video RAM, causing wayland desktop
to fail to start correctly). To prevent
breaking older guest software, KVM enables
- the quirk by default on Intel platforms.
- Userspace can disable the quirk to honor
- guest PAT when there is no older
+ the quirk by default on Intel platforms
+ except TDX. Userspace can disable the quirk
+ to honor guest PAT when there is no older
unmodifiable guest software that relies on
KVM to force memory type to WB. Note, the
- quirk is not visible on AMD's platforms,
- i.e., KVM always honors guest PAT when
- running on AMD.
+ quirk is not visible on Intel TDX or AMD's
+ platforms, i.e., KVM always honors guest PAT
+ when running on Intel TDX or AMD.
=================================== ============================================
7.32 KVM_CAP_MAX_VCPU_ID
diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c
index f586e09b5acf..1fa0364faa60 100644
--- a/arch/x86/kvm/vmx/main.c
+++ b/arch/x86/kvm/vmx/main.c
@@ -1092,6 +1092,7 @@ static int __init vt_init(void)
vcpu_align = max_t(unsigned, vcpu_align,
__alignof__(struct vcpu_tdx));
kvm_caps.supported_vm_types |= BIT(KVM_X86_TDX_VM);
+ kvm_caps.supported_quirks &= ~KVM_X86_QUIRK_EPT_IGNORE_GUEST_PAT;
}
/*
diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index e73c9fcf213c..7d063cacc9c9 100644
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -3483,6 +3483,11 @@ int __init tdx_bringup(void)
goto success_disable_tdx;
}
+ if (!cpu_feature_enabled(X86_FEATURE_SELFSNOOP)) {
+ pr_err("Self-snoop is reqiured for TDX\n");
+ goto success_disable_tdx;
+ }
+
if (!kvm_can_support_tdx()) {
pr_err("tdx: no TDX private KeyIDs available\n");
goto success_disable_tdx;
--
2.43.2
