@@ -63,32 +63,39 @@ Instead, TDX SEAMCALL API is used. Several SEAMCALLs correspond to operation on
the EPT entry.
* TDH.MEM.SEPT.ADD():
+
Add a secure EPT page from the secure EPT tree. This corresponds to updating
the non-leaf EPT entry with present bit set
* TDH.MEM.SEPT.REMOVE():
+
Remove the secure page from the secure EPT tree. There is no corresponding
to the EPT operation.
* TDH.MEM.SEPT.RD():
+
Read the secure EPT entry. This corresponds to reading the EPT entry as
memory. Please note that this is much slower than direct memory reading.
* TDH.MEM.PAGE.ADD() and TDH.MEM.PAGE.AUG():
+
Add a private page to the secure EPT tree. This corresponds to updating the
leaf EPT entry with present bit set.
* THD.MEM.PAGE.REMOVE():
+
Remove a private page from the secure EPT tree. There is no corresponding
to the EPT operation.
* TDH.MEM.RANGE.BLOCK():
+
This (mostly) corresponds to clearing the present bit of the leaf EPT entry.
Note that the private page is still linked in the secure EPT. To remove it
from the secure EPT, TDH.MEM.SEPT.REMOVE() and TDH.MEM.PAGE.REMOVE() needs to
be called.
* TDH.MEM.TRACK():
+
Increment the TLB epoch counter. This (mostly) corresponds to EPT TLB flush.
Note that the private page is still linked in the secure EPT. To remove it
from the secure EPT, tdh_mem_page_remove() needs to be called.
@@ -110,25 +117,34 @@ Dropping private page and TLB shootdown
The procedure of dropping the private page looks as follows.
1. TDH.MEM.RANGE.BLOCK(4K level)
+
This mostly corresponds to clear the present bit in the EPT entry. This
prevents (or blocks) TLB entry from creating in the future. Note that the
private page is still linked in the secure EPT tree and the existing cache
entry in the TLB isn't flushed.
+
2. TDH.MEM.TRACK(range) and TLB shootdown
+
This mostly corresponds to the EPT TLB shootdown. Because all vcpus share
the same Secure EPT, all vcpus need to flush TLB.
+
* TDH.MEM.TRACK(range) by one vcpu. It increments the global internal TLB
epoch counter.
* send IPI to remote vcpus
* Other vcpu exits to VMM from guest TD and then re-enter. TDH.VP.ENTER().
* TDH.VP.ENTER() checks the TLB epoch counter and If its TLB is old, flush
TLB.
+
Note that only single vcpu issues tdh_mem_track().
+
Note that the private page is still linked in the secure EPT tree, unlike the
conventional EPT.
+
3. TDH.MEM.PAGE.PROMOTE, TDH.MEM.PAGEDEMOTE(), TDH.MEM.PAGE.RELOCATE(), or
TDH.MEM.PAGE.REMOVE()
+
There is no corresponding operation to the conventional EPT.
+
* When changing page size (e.g. 4K <-> 2M) TDH.MEM.PAGE.PROMOTE() or
TDH.MEM.PAGE.DEMOTE() is used. During those operation, the guest page is
kept referenced in the Secure EPT.
There are many "unexpected indentations"-"block quote"-"bullet list" warnings that are caused by missing blank line padding on bullet lists at tdx-tdp-mmu.rst. Add the padding to fix the warnings. Fixes: 7af4efe3263854 ("KVM: x86: design documentation on TDX support of x86 KVM TDP MMU") Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com> --- Documentation/virt/kvm/tdx-tdp-mmu.rst | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)