[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6903d890-c591-4986-8c88-a4b069309033@intel.com>
Date: Fri, 22 Nov 2024 16:08:34 -0800
From: Dave Hansen <dave.hansen@...el.com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: Rick Edgecombe <rick.p.edgecombe@...el.com>, kvm@...r.kernel.org,
pbonzini@...hat.com, isaku.yamahata@...il.com, kai.huang@...el.com,
linux-kernel@...r.kernel.org, tony.lindgren@...ux.intel.com,
xiaoyao.li@...el.com, yan.y.zhao@...el.com, x86@...nel.org,
adrian.hunter@...el.com, Isaku Yamahata <isaku.yamahata@...el.com>,
Binbin Wu <binbin.wu@...ux.intel.com>, Yuan Yao <yuan.yao@...el.com>
Subject: Re: [RFC PATCH 1/6] x86/virt/tdx: Add SEAMCALL wrappers for TDX KeyID
management
On 11/22/24 15:55, Sean Christopherson wrote:
> On Fri, Nov 22, 2024, Dave Hansen wrote:
> I don't know the full context, but working with "struct page" is a pain when every
> user just wants the physical address. KVM SVM had a few cases where pointers were
> tracked as "struct page", and it was generally unpleasant to read and work with.
I'm not super convinced. page_to_phys(foo) is all it takes
> I also don't like conflating the kernel's "struct page" with the architecture's
> definition of a 4KiB page.
That's fair, although it's pervasively conflated across our entire
codebase. But 'struct page' is substantially better than a hpa_t,
phys_addr_t or u64 that can store a full 64-bits of address. Those
conflate a physical address with a physical page, which is *FAR* worse.
>> You know that 'tdr' is not just some random physical address. It's a
>> whole physical page. It's page-aligned. It was allocated, from the
>> allocator. It doesn't point to special memory.
>
> Oh, but it does point to special memory. If it *didn't* point at special memory
> that is completely opaque and untouchable, then KVM could use a struct overlay,
> which would give contextual information and some amount of type safety. E.g.
> an equivalent without TDX is "struct vmcs *".
>
> Rather than "struct page", what if we add an address_space (in the Sparse sense),
> and a typedef for a TDX pages? Maybe __firmware? E.g.
>
> # define __firmware __attribute__((noderef, address_space(__firmware)))
>
> typedef u64 __firmware *tdx_page_t;
>
> That doesn't give as much compile-time safety, but in some ways it provides more
> type safety since KVM (or whatever else cares) would need to make an explicit and
> ugly cast to misuse the pointer.
It's better than nothing. But I still vastly prefer to have a type that
tells you that something is physically-allocated out of the buddy, RAM,
and page-aligned.
I'd be better to have:
struct tdx_page {
u64 page_phys_addr;
};
than depend on sparse, IMNHO.
Do you run sparse every time you compile the kernel, btw? ;)
Powered by blists - more mailing lists