On 11/22/24 15:55, Sean Christopherson wrote:
> On Fri, Nov 22, 2024, Dave Hansen wrote:
> I don't know the full context, but working with "struct page" is a pain when every
> user just wants the physical address. KVM SVM had a few cases where pointers were
> tracked as "struct page", and it was generally unpleasant to read and work with.
I'm not super convinced. page_to_phys(foo) is all it takes
> I also don't like conflating the kernel's "struct page" with the architecture's
> definition of a 4KiB page.
That's fair, although it's pervasively conflated across our entire
codebase. But 'struct page' is substantially better than a hpa_t,
phys_addr_t or u64 that can store a full 64-bits of address. Those
conflate a physical address with a physical page, which is *FAR* worse.
>> You know that 'tdr' is not just some random physical address. It's a
>> whole physical page. It's page-aligned. It was allocated, from the
>> allocator. It doesn't point to special memory.
>
> Oh, but it does point to special memory. If it *didn't* point at special memory
> that is completely opaque and untouchable, then KVM could use a struct overlay,
> which would give contextual information and some amount of type safety. E.g.
> an equivalent without TDX is "struct vmcs *".
>
> Rather than "struct page", what if we add an address_space (in the Sparse sense),
> and a typedef for a TDX pages? Maybe __firmware? E.g.
>
> # define __firmware __attribute__((noderef, address_space(__firmware)))
>
> typedef u64 __firmware *tdx_page_t;
>
> That doesn't give as much compile-time safety, but in some ways it provides more
> type safety since KVM (or whatever else cares) would need to make an explicit and
> ugly cast to misuse the pointer.
It's better than nothing. But I still vastly prefer to have a type that
tells you that something is physically-allocated out of the buddy, RAM,
and page-aligned.
I'd be better to have:
struct tdx_page {
u64 page_phys_addr;
};
than depend on sparse, IMNHO.
Do you run sparse every time you compile the kernel, btw? ;)
