Re: [RFC PATCH 1/6] x86/virt/tdx: Add SEAMCALL wrappers for TDX KeyID management

From: Dave Hansen
Date: Fri Nov 22 2024 - 19:08:45 EST

Next message: Alexei Starovoitov: "Re: [PATCH bpf-next 2/4] bpf: Make bpf inode storage available to tracing program"
Previous message: Dmitry Baryshkov: "Re: [PATCH 1/2] clk: qcom: videocc: Use HW_CTRL_TRIGGER flag for video GDSC's"
In reply to: Dave Hansen: "Re: [RFC PATCH 1/6] x86/virt/tdx: Add SEAMCALL wrappers for TDX KeyID management"
Next in thread: Edgecombe, Rick P: "Re: [RFC PATCH 1/6] x86/virt/tdx: Add SEAMCALL wrappers for TDX KeyID management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/22/24 15:55, Sean Christopherson wrote:
> On Fri, Nov 22, 2024, Dave Hansen wrote:
> I don't know the full context, but working with "struct page" is a pain when every
> user just wants the physical address. KVM SVM had a few cases where pointers were
> tracked as "struct page", and it was generally unpleasant to read and work with.

I'm not super convinced. page_to_phys(foo) is all it takes

> I also don't like conflating the kernel's "struct page" with the architecture's
> definition of a 4KiB page.

That's fair, although it's pervasively conflated across our entire
codebase. But 'struct page' is substantially better than a hpa_t,
phys_addr_t or u64 that can store a full 64-bits of address. Those
conflate a physical address with a physical page, which is *FAR* worse.

>> You know that 'tdr' is not just some random physical address. It's a
>> whole physical page. It's page-aligned. It was allocated, from the
>> allocator. It doesn't point to special memory.
>
> Oh, but it does point to special memory. If it *didn't* point at special memory
> that is completely opaque and untouchable, then KVM could use a struct overlay,
> which would give contextual information and some amount of type safety. E.g.
> an equivalent without TDX is "struct vmcs *".
>
> Rather than "struct page", what if we add an address_space (in the Sparse sense),
> and a typedef for a TDX pages? Maybe __firmware? E.g.
>
> # define __firmware __attribute__((noderef, address_space(__firmware)))
>
> typedef u64 __firmware *tdx_page_t;
>
> That doesn't give as much compile-time safety, but in some ways it provides more
> type safety since KVM (or whatever else cares) would need to make an explicit and
> ugly cast to misuse the pointer.

It's better than nothing. But I still vastly prefer to have a type that
tells you that something is physically-allocated out of the buddy, RAM,
and page-aligned.

I'd be better to have:

struct tdx_page {
u64 page_phys_addr;
};

than depend on sparse, IMNHO.

Do you run sparse every time you compile the kernel, btw? ;)

Next message: Alexei Starovoitov: "Re: [PATCH bpf-next 2/4] bpf: Make bpf inode storage available to tracing program"
Previous message: Dmitry Baryshkov: "Re: [PATCH 1/2] clk: qcom: videocc: Use HW_CTRL_TRIGGER flag for video GDSC's"
In reply to: Dave Hansen: "Re: [RFC PATCH 1/6] x86/virt/tdx: Add SEAMCALL wrappers for TDX KeyID management"
Next in thread: Edgecombe, Rick P: "Re: [RFC PATCH 1/6] x86/virt/tdx: Add SEAMCALL wrappers for TDX KeyID management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]