From: Yan Zhao <yan.y.zhao@intel.com>
To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org,
rick.p.edgecombe@intel.com, kas@kernel.org
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
dave.hansen@intel.com, kai.huang@intel.com,
binbin.wu@linux.intel.com, xiaoyao.li@intel.com,
yan.y.zhao@intel.com
Subject: [PATCH v2 00/15] TDX MMU refactors
Date: Sat, 9 May 2026 15:52:01 +0800 [thread overview]
Message-ID: <20260509075201.4077-1-yan.y.zhao@intel.com> (raw)
Hi,
This is v2 of the TDX MMU refactor series, based on Rick's v1 [1], which
was extracted from the discussion on Sean's DPAMT/Huge page combined series
[0].
v2 is rebased onto v7.1.0-rc2 and the v2 struct page to PFN conversion
series. v1's first 4 cleanup patches are dropped from v2 and kept in the
base (see "Base" section for details). The full stack is available at [6].
I feel v2 is in good shape at this point, so I'm posting it now, hoping it
can get merged after Dave acks the struct page to PFN conversion series.
v2 addressed all comments from v1, with below key changes:
- Addressed the comment of how atomic zaps are handled before all changes
(except for reclaiming non-leaf pages) are propagated via the
set_external_spte() op (Issue #2 in [5]):
Move patches 1-4 to the beginning of the series, so after patch 5, TDP
MMU also allows propagation of changes for atomic zaps to TDX (via the
set_external_spte() op), while having TDX code warn on the atomic zapping
scenario.
In patch 9, __handle_changed_spte() centralizes propagation of both
atomic zap changes and to-present changes via the set_external_spte() op
before patch 12 centralizes propagation of all changes (except for
reclaiming non-leaf pages).
- Explained why kvm_tdp_mmu_age_spte() does not warn about installing
FROZEN_SPTE as a long-term value (in patch 9's log) after patch 7 adds
the warning for this scenario, and explained why kvm_tdp_mmu_age_spte()
warns on mirror roots in the code comment.
- Extracted patch 8 from patch 9 to plumb "sp" pointer to
handle_changed_spte(). (patch 8 was originally in [0], and was somehow
merged into patch 9 in v1).
- Renamed tdx_sept_link_private_spt() to tdx_sept_map_nonleaf_spte(), and
tdx_sept_remove_private_spte() to tdx_sept_remove_leaf_spte() for
symmetry with tdx_sept_map_leaf_spte().
- Added expected lock and valid scenarios in function comments of
tdx_sept_set_private_spte() and tdx_sept_free_private_spt().
Note: Patches 9 and 15 still have the "Not-yet-Signed-off-by" tag.
Patches layout
--------------
Part 1: Patches 1-9 (for to-present and atomic-zap-leaf-SPTE changes).
Patches 1-4 are preparation for patch 5. So when patch 5 drops
KVM_BUG_ON()s on zappings in __tdp_mmu_set_spte_atomic(), both
to-present changes and atomic-zap-leaf-SPTE changes are propagated
via the set_external_spte() op and TDX code can trigger
KVM_BUG_ON()s on the atomic zap scenario.
Patches 5-6 move asserts and KVM_BUG_ON()s from TDP MMU to TDX
code.
Patches 7-9: centralize external PTE propagation triggered by
tdp_mmu_set_spte_atomic() (for to-present and atomic-zap-leaf-SPTE
changes) to __handle_changed_spte().
Part 2: Patches 10-13 (for zapping of leaf SPTEs).
Drop remove_external_spte() op and have __handle_changed_spte()
centralize propagation of leaf SPTE zapping in all scenarios.
Part 3: Patches 14-15 (for zapping of non-leaf SPTEs).
Cleanup of the free_external_spt() op.
Base
----
v2 is based on v7.1.0-rc2 (kvm/next, commit 6d35786de281) +
the first 4 patches from Sean's DPAMT/Huge page combined series [0] +
v2 of the struct page to PFN conversion series [2].
Note: due to the instability of v7.1.0-rc2, I also applied series [3] and
[4] to pass CI.
Changelogs
----------
v1 [1] --> v2:
- Dropped 4 cleanup patches that will be pulled separately into the base.
- Fixed typos, code comments, updated commit messages, and removed unused
parameters.
- Patch reordering and added back patch 8.
- Renamed TDX functions to indicate map/remove leaf/non-leaf status.
- Addressed the comment on how atomic zaps are handled before all changes
(except for reclaiming non-leaf pages) are propagated via the
set_external_spte() op in __handle_changed_spte().
- Added expected lock and valid scenarios in function comments of
tdx_sept_set_private_spte() and tdx_sept_free_private_spt().
- Explained why kvm_tdp_mmu_age_spte() does not warn about installing
FROZEN_SPTE as a long-term value and explained why it warns on mirror
roots.
Sean's DPAMT/Huge page combined series [0] --> v1:
- Went back to free_external_spt() name. Since free_external_sp() was
dropped from the changes, there was no similarly named function to
confuse.
- Suggestions around dropping or moving KVM_BUG_ON/WARNs were turned into
patches.
Thanks
Yan
[0] https://lore.kernel.org/kvm/20260129011517.3545883-1-seanjc@google.com
[1] https://lore.kernel.org/all/20260327201421.2824383-1-rick.p.edgecombe@intel.com
[2] https://lore.kernel.org/all/20260430014852.24183-1-yan.y.zhao@intel.com
[3] https://lore.kernel.org/all/20260423155611.216805954@infradead.org
[4] https://lore.kernel.org/all/20260428024746.1040531-1-binbin.wu@linux.intel.com
[5] https://lore.kernel.org/lkml/aczYjEVkva3zOpwz@yzhao56-desk.sh.intel.com
[6] https://github.com/intel-staging/tdx/tree/tdx_mmu_refactors_v2
Rick Edgecombe (4):
KVM: TDX: Move KVM_BUG_ON()s in __tdp_mmu_set_spte_atomic() to TDX
code
KVM: TDX: Move lockdep assert in __tdp_mmu_set_spte_atomic() to TDX
code
KVM: x86/tdp_mmu: Morph !is_frozen_spte() check into a
KVM_MMU_WARN_ON()
KVM: x86/mmu: Drop KVM_BUG_ON() on shared lock to zap child external
PTEs
Sean Christopherson (10):
KVM: TDX: Drop kvm_x86_ops.link_external_spt()
KVM: TDX: Wrap mapping of leaf and non-leaf S-EPT entries into helpers
KVM: x86/mmu: Fold set_external_spte_present() into its sole caller
KVM: x86/mmu: Plumb param "old_spte" into
kvm_x86_ops.set_external_spte()
KVM: x86/mmu: Plumb "sp" _pointer_ into the TDP MMU's
handle_changed_spte()
KVM: x86/tdp_mmu: Centrally propagate to-present/atomic zap updates to
external PTEs
KVM: TDX: Hoist tdx_sept_remove_private_spte() above
set_private_spte()
KVM: TDX: Drop kvm_x86_ops.remove_external_spte()
KVM: x86: Move error handling inside free_external_spt()
KVM: TDX: Move external page table freeing to TDX code
Yan Zhao (1):
KVM: TDX: Rename tdx_sept_remove_private_spte() to show it's for leaf
SPTEs
arch/x86/include/asm/kvm-x86-ops.h | 4 +-
arch/x86/include/asm/kvm_host.h | 13 +-
arch/x86/kvm/mmu/tdp_mmu.c | 273 ++++++++++++-----------------
arch/x86/kvm/vmx/tdx.c | 172 ++++++++++++------
4 files changed, 233 insertions(+), 229 deletions(-)
--
2.43.2
next reply other threads:[~2026-05-09 8:32 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-09 7:52 Yan Zhao [this message]
2026-05-09 7:53 ` [PATCH v2 01/15] KVM: TDX: Drop kvm_x86_ops.link_external_spt() Yan Zhao
2026-05-09 7:55 ` [PATCH v2 02/15] KVM: TDX: Wrap mapping of leaf and non-leaf S-EPT entries into helpers Yan Zhao
2026-05-09 7:55 ` [PATCH v2 03/15] KVM: x86/mmu: Fold set_external_spte_present() into its sole caller Yan Zhao
2026-05-09 7:55 ` [PATCH v2 04/15] KVM: x86/mmu: Plumb param "old_spte" into kvm_x86_ops.set_external_spte() Yan Zhao
2026-05-09 7:55 ` [PATCH v2 05/15] KVM: TDX: Move KVM_BUG_ON()s in __tdp_mmu_set_spte_atomic() to TDX code Yan Zhao
2026-05-09 7:55 ` [PATCH v2 06/15] KVM: TDX: Move lockdep assert " Yan Zhao
2026-05-09 7:56 ` [PATCH v2 07/15] KVM: x86/tdp_mmu: Morph !is_frozen_spte() check into a KVM_MMU_WARN_ON() Yan Zhao
2026-05-09 7:56 ` [PATCH v2 08/15] KVM: x86/mmu: Plumb "sp" _pointer_ into the TDP MMU's handle_changed_spte() Yan Zhao
2026-05-09 7:56 ` [PATCH v2 09/15] KVM: x86/tdp_mmu: Centrally propagate to-present/atomic zap updates to external PTEs Yan Zhao
2026-05-09 7:56 ` [PATCH v2 10/15] KVM: x86/mmu: Drop KVM_BUG_ON() on shared lock to zap child " Yan Zhao
2026-05-09 7:56 ` [PATCH v2 11/15] KVM: TDX: Hoist tdx_sept_remove_private_spte() above set_private_spte() Yan Zhao
2026-05-09 7:57 ` [PATCH v2 12/15] KVM: TDX: Drop kvm_x86_ops.remove_external_spte() Yan Zhao
2026-05-09 7:57 ` [PATCH v2 13/15] KVM: TDX: Rename tdx_sept_remove_private_spte() to show it's for leaf SPTEs Yan Zhao
2026-05-09 7:57 ` [PATCH v2 14/15] KVM: x86: Move error handling inside free_external_spt() Yan Zhao
2026-05-09 7:57 ` [PATCH v2 15/15] KVM: TDX: Move external page table freeing to TDX code Yan Zhao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260509075201.4077-1-yan.y.zhao@intel.com \
--to=yan.y.zhao@intel.com \
--cc=binbin.wu@linux.intel.com \
--cc=dave.hansen@intel.com \
--cc=kai.huang@intel.com \
--cc=kas@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox