| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1b236a64-d511-49a2-9962-55f4b1eb08e3@intel.com> Date: Fri, 16 Jan 2026 09:45:16 -0800 From: Dave Hansen <dave.hansen@...el.com> To: Sean Christopherson <seanjc@...gle.com> Cc: Yan Zhao <yan.y.zhao@...el.com>, Ackerley Tng <ackerleytng@...gle.com>, Vishal Annapurve <vannapurve@...gle.com>, pbonzini@...hat.com, linux-kernel@...r.kernel.org, kvm@...r.kernel.org, x86@...nel.org, rick.p.edgecombe@...el.com, kas@...nel.org, tabba@...gle.com, michael.roth@....com, david@...nel.org, sagis@...gle.com, vbabka@...e.cz, thomas.lendacky@....com, nik.borisov@...e.com, pgonda@...gle.com, fan.du@...el.com, jun.miao@...el.com, francescolavra.fl@...il.com, jgross@...e.com, ira.weiny@...el.com, isaku.yamahata@...el.com, xiaoyao.li@...el.com, kai.huang@...el.com, binbin.wu@...ux.intel.com, chao.p.peng@...el.com, chao.gao@...el.com Subject: Re: [PATCH v3 00/24] KVM: TDX huge page support for private memory On 1/16/26 09:14, Sean Christopherson wrote: ... >> *EVEN* if the pfn_to_page() itself is unsafe, and even if the WARN()s >> are compiled out, this explicitly lays out the assumptions and it means >> someone reading TDX code has an easier idea comprehending it. > I object to the existence of those assumptions. Why the blazes does TDX care > how KVM and guest_memfd manages memory? For me, it's because TDX can't take arbitrary kvm_pfn_t's for private memory. It's got to be able to be converted in the hardware, and also have allocated TDX metadata (PAMT) that the TDX module was handed at module init time. I thought kvm_pfn_t might, for instance be pointing over to a shared page or MMIO. Those can't be used for TD private memory. I think it's a pretty useful convention to know that the generic, flexible kvm_pfn_t has been winnowed down to a more restrictive type that is what TDX needs. But, honestly, my big aversion was to u64's everywhere. I can certainly live with a few kvm_pfn_t's in the TDX code. It doesn't have to be 'struct page'. > If you want to assert that the pfn is compatible with TDX, then by > all means. But I am NOT accepting any more KVM code that assumes > TDX memory is backed by refcounted struct page. If I had been > paying more attention when the initial TDX series landed, I would > have NAK'd that too. I'm kinda surprised by that. The only memory we support handing into TDs for private memory is refcounted struct page. I can imagine us being able to do this with DAX pages in the near future, but those have 'struct page' too, and I think they're refcounted pretty normally now as well. The TDX module initialization is pretty tied to NUMA nodes, too. If it's in a NUMA node, the TDX module is told about it and it also universally gets a 'struct page'. Is there some kind of memory that I'm missing? What else *is* there? :) > tdh_mem_page_aug() is just an absurdly slow way of writing a PTE. It doesn't > _need_ the pfn to be backed a struct page, at all. IMO, what you're asking for > is akin to adding a pile of unnecessary assumptions to e.g. __set_spte() and > __kvm_tdp_mmu_write_spte(). No thanks. Which part is absurdly slow? page_to_phys()? Isn't that just a shift by an immediate and a subtraction of an immediate? Yeah, the subtraction immediate is chonky so the instruction is big. But at a quick glance I'm not seeing anything absurd.
Powered by blists - more mailing lists