From: Sean Christopherson <seanjc@google.com>
To: Ashish Kalra <Ashish.Kalra@amd.com>
Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
pbonzini@redhat.com, thomas.lendacky@amd.com,
herbert@gondor.apana.org.au, nikunj@amd.com,
davem@davemloft.net, aik@amd.com, ardb@kernel.org,
michael.roth@amd.com, Neeraj.Upadhyay@amd.com,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
linux-crypto@vger.kernel.org
Subject: Re: [RESEND PATCH v2 1/3] x86/sev: Add new quiet parameter to snp_leak_pages() API
Date: Mon, 18 Aug 2025 14:14:02 -0700 [thread overview]
Message-ID: <aKOXmlCkk900zyVY@google.com> (raw)
In-Reply-To: <7f7cdb3268e95b7dfa924c3da16a201da0b095f3.1755548015.git.ashish.kalra@amd.com>
On Mon, Aug 18, 2025, Ashish Kalra wrote:
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 2fbdebf79fbb..a7db96a5f56d 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -271,7 +271,7 @@ static void sev_decommission(unsigned int handle)
> static int kvm_rmp_make_shared(struct kvm *kvm, u64 pfn, enum pg_level level)
> {
> if (KVM_BUG_ON(rmp_make_shared(pfn, level), kvm)) {
> - snp_leak_pages(pfn, page_level_size(level) >> PAGE_SHIFT);
> + snp_leak_pages(pfn, page_level_size(level) >> PAGE_SHIFT, false);
> return -EIO;
> }
>
> @@ -300,7 +300,7 @@ static int snp_page_reclaim(struct kvm *kvm, u64 pfn)
> data.paddr = __sme_set(pfn << PAGE_SHIFT);
> rc = sev_do_cmd(SEV_CMD_SNP_PAGE_RECLAIM, &data, &fw_err);
> if (KVM_BUG(rc, kvm, "Failed to reclaim PFN %llx, rc %d fw_err %d", pfn, rc, fw_err)) {
> - snp_leak_pages(pfn, 1);
> + snp_leak_pages(pfn, 1, false);
Open coded true/false literals are ugly, e.g. now I have to go look at the
declaration (or even definition) of snp_leak_pages() to understand what %false
controls.
Assuming "don't dump the RMP entry" is the rare case, then craft the APIs to
reflect that, i.e. make snp_leak_pages() a wrapper for the common case. As a
bonus, you don't need to churn any extra code either.
void __snp_leak_pages(u64 pfn, unsigned int npages, bool dump_rmp);
static inline void snp_leak_pages(u64 pfn, unsigned int npages)
{
__snp_leak_pages(pfn, npages, true);
}
> return -EIO;
> }
>
> diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c
> index 942372e69b4d..d75659859a07 100644
> --- a/arch/x86/virt/svm/sev.c
> +++ b/arch/x86/virt/svm/sev.c
> @@ -1029,7 +1029,7 @@ int rmp_make_shared(u64 pfn, enum pg_level level)
> }
> EXPORT_SYMBOL_GPL(rmp_make_shared);
>
> -void snp_leak_pages(u64 pfn, unsigned int npages)
> +void snp_leak_pages(u64 pfn, unsigned int npages, bool quiet)
> {
> struct page *page = pfn_to_page(pfn);
>
> @@ -1052,7 +1052,8 @@ void snp_leak_pages(u64 pfn, unsigned int npages)
> (PageHead(page) && compound_nr(page) <= npages))
> list_add_tail(&page->buddy_list, &snp_leaked_pages_list);
>
> - dump_rmpentry(pfn);
> + if (!quiet)
The polarity is arbitrarily odd, and "quiet" is annoyingly ambiguous and arguably
misleading, e.g. one could expect "quiet=true" to suppress the pr_warn() too, but
it does not.
pr_warn("Leaking PFN range 0x%llx-0x%llx\n", pfn, pfn + npages)
If you call it "bool dump_rmp" then it's more precise, self-explanatory, and
doesn't need to be inverted.
> + dump_rmpentry(pfn);
> snp_nr_leaked_pages++;
> pfn++;
> page++;
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index 4f000dc2e639..203a43a2df63 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -408,7 +408,7 @@ static int snp_reclaim_pages(unsigned long paddr, unsigned int npages, bool lock
> * If there was a failure reclaiming the page then it is no longer safe
> * to release it back to the system; leak it instead.
> */
> - snp_leak_pages(__phys_to_pfn(paddr), npages - i);
> + snp_leak_pages(__phys_to_pfn(paddr), npages - i, false);
> return ret;
> }
>
> --
> 2.34.1
>
next prev parent reply other threads:[~2025-08-18 21:14 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-18 20:18 [RESEND PATCH v2 0/3] crypto: ccp - Add AMD Seamless Firmware Servicing (SFS) driver Ashish Kalra
2025-08-18 20:18 ` [RESEND PATCH v2 1/3] x86/sev: Add new quiet parameter to snp_leak_pages() API Ashish Kalra
2025-08-18 21:14 ` Sean Christopherson [this message]
2025-08-19 20:34 ` Kalra, Ashish
2025-08-18 20:18 ` [RESEND PATCH v2 2/3] crypto: ccp - Add new HV-Fixed page allocation/free API Ashish Kalra
2025-08-18 20:18 ` [RESEND PATCH v2 3/3] crypto: ccp - Add AMD Seamless Firmware Servicing (SFS) driver Ashish Kalra
2025-08-19 12:22 ` kernel test robot
2025-08-18 20:26 ` [RESEND PATCH v2 0/3] " Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aKOXmlCkk900zyVY@google.com \
--to=seanjc@google.com \
--cc=Ashish.Kalra@amd.com \
--cc=Neeraj.Upadhyay@amd.com \
--cc=aik@amd.com \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=kvm@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.