From: Dave Hansen <dave.hansen@intel.com>
To: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
pbonzini@redhat.com, seanjc@google.com,
dave.hansen@linux.intel.com
Cc: rick.p.edgecombe@intel.com, isaku.yamahata@intel.com,
kai.huang@intel.com, yan.y.zhao@intel.com, chao.gao@intel.com,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
kvm@vger.kernel.org, x86@kernel.org, linux-coco@lists.linux.dev,
linux-kernel@vger.kernel.org
Subject: Re: [PATCHv2 04/12] x86/virt/tdx: Add tdx_alloc/free_page() helpers
Date: Wed, 25 Jun 2025 13:02:38 -0700 [thread overview]
Message-ID: <fd9ebb1c-8a5a-44c5-869b-810bb5e7436c@intel.com> (raw)
In-Reply-To: <20250609191340.2051741-5-kirill.shutemov@linux.intel.com>
On 6/9/25 12:13, Kirill A. Shutemov wrote:
> arch/x86/include/asm/tdx.h | 3 +
> arch/x86/include/asm/tdx_errno.h | 6 +
> arch/x86/virt/vmx/tdx/tdx.c | 205 +++++++++++++++++++++++++++++++
> arch/x86/virt/vmx/tdx/tdx.h | 2 +
> 4 files changed, 216 insertions(+)
Please go through this whole series and add appropriate comments and
explanations.
There are 4 lines of comments in the 216 lines of new code.
I'll give some examples:
> +static int tdx_nr_pamt_pages(void)
Despite the naming this function does not return the number of TDX
PAMT pages. It returns the number of pages needed for each *dynamic*
PAMT granule.
The naming is not consistent with something used only for dynamic PAMT
support. This kind of comment would help, but is not a replacement for
good naming:
/*
* How many pages are needed for the TDX
* dynamic page metadata for a 2M region?
*/
Oh, and what the heck is with the tdx_supports_dynamic_pamt() check?
Isn't it illegal to call these functions without dynamic PAMT in
place? Wouldn't the TDH_PHYMEM_PAMT_ADD blow up if you hand it 0's
in args.rdx?
> +static int tdx_nr_pamt_pages(void)
> +{
> + if (!tdx_supports_dynamic_pamt(&tdx_sysinfo))
> + return 0;
> +
> + return tdx_sysinfo.tdmr.pamt_4k_entry_size * PTRS_PER_PTE / PAGE_SIZE;
> +}
> +
> +static u64 tdh_phymem_pamt_add(unsigned long hpa,
> + struct list_head *pamt_pages)
> +{
> + struct tdx_module_args args = {
> + .rcx = hpa,
> + };
> + struct page *page;
> + u64 *p;
> +
> + WARN_ON_ONCE(!IS_ALIGNED(hpa & PAGE_MASK, PMD_SIZE));
> +
> + p = &args.rdx;
> + list_for_each_entry(page, pamt_pages, lru) {
> + *p = page_to_phys(page);
> + p++;
> + }
This is sheer voodoo. Voodoo on its own is OK. But uncommented voodoo
is not.
Imagine what would happen if, for instance, someone got confused and did:
tdx_alloc_pamt_pages(&pamd_pages);
tdx_alloc_pamt_pages(&pamd_pages);
tdx_alloc_pamt_pages(&pamd_pages);
It would *work* because the allocation function would just merrily
shove lots of pages on the list. But when it's consumed you'd run off
the end of the data structure in this function far, far away from the
bug site.
The least you can do here is comment what's going on. Because treating
a structure like an array is obtuse at best.
Even better would be to have a check to ensure that the pointer magic
doesn't run off the end of the struct:
if (p - &args.rcx >= sizeof(args)/sizeof(u64)) {
WARN_ON_ONCE(1);
break;
}
or some other pointer voodoo.
> +
> + return seamcall(TDH_PHYMEM_PAMT_ADD, &args);
> +}
next prev parent reply other threads:[~2025-06-25 20:02 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-09 19:13 [PATCHv2 00/12] TDX: Enable Dynamic PAMT Kirill A. Shutemov
2025-06-09 19:13 ` [PATCHv2 01/12] x86/tdx: Consolidate TDX error handling Kirill A. Shutemov
2025-06-25 17:58 ` Dave Hansen
2025-06-25 20:58 ` Edgecombe, Rick P
2025-06-25 21:27 ` Sean Christopherson
2025-06-25 21:46 ` Edgecombe, Rick P
2025-06-26 9:25 ` kirill.shutemov
2025-06-26 14:46 ` Dave Hansen
2025-06-26 15:51 ` Sean Christopherson
2025-06-26 16:59 ` Dave Hansen
2025-06-27 10:42 ` kirill.shutemov
2025-07-30 18:32 ` Edgecombe, Rick P
2025-07-31 23:31 ` Sean Christopherson
2025-07-31 23:46 ` Edgecombe, Rick P
2025-07-31 23:53 ` Sean Christopherson
2025-08-01 15:03 ` Edgecombe, Rick P
2025-08-06 15:19 ` Sean Christopherson
2025-06-26 0:05 ` Huang, Kai
2025-07-30 18:33 ` Edgecombe, Rick P
2025-06-09 19:13 ` [PATCHv2 02/12] x86/virt/tdx: Allocate page bitmap for Dynamic PAMT Kirill A. Shutemov
2025-06-25 18:06 ` Dave Hansen
2025-06-26 9:25 ` Kirill A. Shutemov
2025-07-31 1:06 ` Edgecombe, Rick P
2025-07-31 4:10 ` Huang, Kai
2025-06-26 11:08 ` Huang, Kai
2025-06-27 10:42 ` kirill.shutemov
2025-06-09 19:13 ` [PATCHv2 03/12] x86/virt/tdx: Allocate reference counters for PAMT memory Kirill A. Shutemov
2025-06-25 19:26 ` Dave Hansen
2025-06-27 11:27 ` Kirill A. Shutemov
2025-06-27 14:03 ` Dave Hansen
2025-06-26 0:53 ` Huang, Kai
2025-06-26 4:48 ` Huang, Kai
2025-06-27 11:35 ` kirill.shutemov
2025-06-09 19:13 ` [PATCHv2 04/12] x86/virt/tdx: Add tdx_alloc/free_page() helpers Kirill A. Shutemov
2025-06-10 2:36 ` Chao Gao
2025-06-10 14:51 ` [PATCHv2.1 " Kirill A. Shutemov
2025-06-25 18:01 ` Dave Hansen
2025-06-25 20:09 ` [PATCHv2 " Dave Hansen
2025-06-26 0:46 ` Chao Gao
2025-06-25 20:02 ` Dave Hansen [this message]
2025-06-27 13:00 ` Kirill A. Shutemov
2025-06-27 7:49 ` Adrian Hunter
2025-06-27 13:03 ` Kirill A. Shutemov
2025-06-09 19:13 ` [PATCHv2 05/12] KVM: TDX: Allocate PAMT memory in __tdx_td_init() Kirill A. Shutemov
2025-06-09 19:13 ` [PATCHv2 06/12] KVM: TDX: Allocate PAMT memory in tdx_td_vcpu_init() Kirill A. Shutemov
2025-06-09 19:13 ` [PATCHv2 07/12] KVM: TDX: Preallocate PAMT pages to be used in page fault path Kirill A. Shutemov
2025-06-26 11:21 ` Huang, Kai
2025-07-10 1:34 ` Edgecombe, Rick P
2025-07-10 7:49 ` kirill.shutemov
2025-06-09 19:13 ` [PATCHv2 08/12] KVM: TDX: Handle PAMT allocation in " Kirill A. Shutemov
2025-06-12 12:19 ` Chao Gao
2025-06-12 13:05 ` [PATCHv2.1 " Kirill A. Shutemov
2025-06-25 22:38 ` [PATCHv2 " Edgecombe, Rick P
2025-07-09 14:29 ` kirill.shutemov
2025-07-10 1:33 ` Edgecombe, Rick P
2025-07-10 8:45 ` kirill.shutemov
2025-08-21 19:21 ` Sagi Shahar
2025-08-21 19:35 ` Edgecombe, Rick P
2025-08-21 19:53 ` Sagi Shahar
2025-06-09 19:13 ` [PATCHv2 09/12] KVM: TDX: Reclaim PAMT memory Kirill A. Shutemov
2025-06-09 19:13 ` [PATCHv2 10/12] [NOT-FOR-UPSTREAM] x86/virt/tdx: Account PAMT memory and print it in /proc/meminfo Kirill A. Shutemov
2025-06-09 19:13 ` [PATCHv2 11/12] x86/virt/tdx: Enable Dynamic PAMT Kirill A. Shutemov
2025-06-09 19:13 ` [PATCHv2 12/12] Documentation/x86: Add documentation for TDX's " Kirill A. Shutemov
2025-06-25 13:25 ` [PATCHv2 00/12] TDX: Enable " Kirill A. Shutemov
2025-06-25 22:49 ` Edgecombe, Rick P
2025-06-27 13:05 ` kirill.shutemov
2025-08-08 23:18 ` Edgecombe, Rick P
2025-08-11 6:31 ` kas
2025-08-11 22:30 ` Edgecombe, Rick P
2025-08-12 2:02 ` Sean Christopherson
2025-08-12 2:31 ` Vishal Annapurve
2025-08-12 8:04 ` kas
2025-08-12 15:12 ` Edgecombe, Rick P
2025-08-12 16:15 ` Sean Christopherson
2025-08-12 18:39 ` Edgecombe, Rick P
2025-08-12 22:00 ` Vishal Annapurve
2025-08-12 23:34 ` Edgecombe, Rick P
2025-08-13 0:18 ` Vishal Annapurve
2025-08-13 0:51 ` Edgecombe, Rick P
2025-08-12 18:44 ` Vishal Annapurve
2025-08-13 8:09 ` Kiryl Shutsemau
2025-08-13 7:49 ` Kiryl Shutsemau
2025-08-12 8:03 ` kas
2025-08-13 22:43 ` Edgecombe, Rick P
2025-08-13 23:31 ` Dave Hansen
2025-08-14 0:14 ` Edgecombe, Rick P
2025-08-14 10:55 ` Kiryl Shutsemau
2025-08-15 1:03 ` Edgecombe, Rick P
2025-08-20 15:31 ` Sean Christopherson
2025-08-20 16:35 ` Edgecombe, Rick P
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fd9ebb1c-8a5a-44c5-869b-810bb5e7436c@intel.com \
--to=dave.hansen@intel.com \
--cc=bp@alien8.de \
--cc=chao.gao@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=yan.y.zhao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).