1. Patchew
  2. linux
  3. [PATCH V3 0/2] x86/tdx: Skip clearing reclaimed pages unless X86_BUG_TDX_PW_MCE is present
  4. View patch

[PATCH V3 1/2] x86/tdx: Eliminate duplicate code in tdx_clear_page()

Adrian Hunter posted 2 patches 2 months, 2 weeks ago
There is a newer version of this series
[PATCH V3 1/2] x86/tdx: Eliminate duplicate code in tdx_clear_page()
Posted by Adrian Hunter 2 months, 2 weeks ago 
tdx_clear_page() and reset_tdx_pages() duplicate the TDX page clearing
logic.  Rename reset_tdx_pages() to tdx_quirk_reset_paddr() and use it
in place of tdx_clear_page().

The new name reflects that, in fact, the clearing is necessary only for
hardware with a certain quirk.  That is dealt with in a subsequent patch
but doing the rename here avoids additional churn.

Note reset_tdx_pages() is slightly different from tdx_clear_page() because,
more appropriately, it uses mb() in place of __mb().  Except when extra
debugging is enabled (kcsan at present), mb() just calls __mb().

Reviewed-by: Kirill A. Shutemov <kas@kernel.org>
Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Acked-by: Kai Huang <kai.huang@intel.com>
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
---


Changes in V3:

	Explain "quirk" rename in commit message (Rick)
	Explain mb() change in commit message  (Rick)
	Add Rev'd-by, Ack'd-by tags

Changes in V2:

	Rename reset_tdx_pages() to tdx_quirk_reset_paddr()
	Call tdx_quirk_reset_paddr() directly


 arch/x86/include/asm/tdx.h  |  2 ++
 arch/x86/kvm/vmx/tdx.c      | 25 +++----------------------
 arch/x86/virt/vmx/tdx/tdx.c |  5 +++--
 3 files changed, 8 insertions(+), 24 deletions(-)

diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
index 7ddef3a69866..f66328404724 100644
--- a/arch/x86/include/asm/tdx.h
+++ b/arch/x86/include/asm/tdx.h
@@ -131,6 +131,8 @@ int tdx_guest_keyid_alloc(void);
 u32 tdx_get_nr_guest_keyids(void);
 void tdx_guest_keyid_free(unsigned int keyid);
 
+void tdx_quirk_reset_paddr(unsigned long base, unsigned long size);
+
 struct tdx_td {
 	/* TD root structure: */
 	struct page *tdr_page;
diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index 573d6f7d1694..1b549de6da06 100644
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -283,25 +283,6 @@ static inline void tdx_disassociate_vp(struct kvm_vcpu *vcpu)
 	vcpu->cpu = -1;
 }
 
-static void tdx_clear_page(struct page *page)
-{
-	const void *zero_page = (const void *) page_to_virt(ZERO_PAGE(0));
-	void *dest = page_to_virt(page);
-	unsigned long i;
-
-	/*
-	 * The page could have been poisoned.  MOVDIR64B also clears
-	 * the poison bit so the kernel can safely use the page again.
-	 */
-	for (i = 0; i < PAGE_SIZE; i += 64)
-		movdir64b(dest + i, zero_page);
-	/*
-	 * MOVDIR64B store uses WC buffer.  Prevent following memory reads
-	 * from seeing potentially poisoned cache.
-	 */
-	__mb();
-}
-
 static void tdx_no_vcpus_enter_start(struct kvm *kvm)
 {
 	struct kvm_tdx *kvm_tdx = to_kvm_tdx(kvm);
@@ -347,7 +328,7 @@ static int tdx_reclaim_page(struct page *page)
 
 	r = __tdx_reclaim_page(page);
 	if (!r)
-		tdx_clear_page(page);
+		tdx_quirk_reset_paddr(page_to_phys(page), PAGE_SIZE);
 	return r;
 }
 
@@ -596,7 +577,7 @@ static void tdx_reclaim_td_control_pages(struct kvm *kvm)
 		pr_tdx_error(TDH_PHYMEM_PAGE_WBINVD, err);
 		return;
 	}
-	tdx_clear_page(kvm_tdx->td.tdr_page);
+	tdx_quirk_reset_paddr(page_to_phys(kvm_tdx->td.tdr_page), PAGE_SIZE);
 
 	__free_page(kvm_tdx->td.tdr_page);
 	kvm_tdx->td.tdr_page = NULL;
@@ -1717,7 +1698,7 @@ static int tdx_sept_drop_private_spte(struct kvm *kvm, gfn_t gfn,
 		pr_tdx_error(TDH_PHYMEM_PAGE_WBINVD, err);
 		return -EIO;
 	}
-	tdx_clear_page(page);
+	tdx_quirk_reset_paddr(page_to_phys(page), PAGE_SIZE);
 	tdx_unpin(kvm, page);
 	return 0;
 }
diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
index c7a9a087ccaf..14d93ed05bd2 100644
--- a/arch/x86/virt/vmx/tdx/tdx.c
+++ b/arch/x86/virt/vmx/tdx/tdx.c
@@ -637,7 +637,7 @@ static int tdmrs_set_up_pamt_all(struct tdmr_info_list *tdmr_list,
  * clear these pages.  Note this function doesn't flush cache of
  * these TDX private pages.  The caller should make sure of that.
  */
-static void reset_tdx_pages(unsigned long base, unsigned long size)
+void tdx_quirk_reset_paddr(unsigned long base, unsigned long size)
 {
 	const void *zero_page = (const void *)page_address(ZERO_PAGE(0));
 	unsigned long phys, end;
@@ -653,10 +653,11 @@ static void reset_tdx_pages(unsigned long base, unsigned long size)
 	 */
 	mb();
 }
+EXPORT_SYMBOL_GPL(tdx_quirk_reset_paddr);
 
 static void tdmr_reset_pamt(struct tdmr_info *tdmr)
 {
-	tdmr_do_pamt_func(tdmr, reset_tdx_pages);
+	tdmr_do_pamt_func(tdmr, tdx_quirk_reset_paddr);
 }
 
 static void tdmrs_reset_pamt_all(struct tdmr_info_list *tdmr_list)
-- 
2.48.1
Re: [PATCH V3 1/2] x86/tdx: Eliminate duplicate code in tdx_clear_page()
Posted by Sean Christopherson 2 months, 2 weeks ago 
On Tue, Jul 22, 2025, Adrian Hunter wrote:
> diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
> index 7ddef3a69866..f66328404724 100644
> --- a/arch/x86/include/asm/tdx.h
> +++ b/arch/x86/include/asm/tdx.h
> @@ -131,6 +131,8 @@ int tdx_guest_keyid_alloc(void);
>  u32 tdx_get_nr_guest_keyids(void);
>  void tdx_guest_keyid_free(unsigned int keyid);
>  
> +void tdx_quirk_reset_paddr(unsigned long base, unsigned long size);
> +
>  struct tdx_td {
>  	/* TD root structure: */
>  	struct page *tdr_page;
> diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
> index 573d6f7d1694..1b549de6da06 100644
> --- a/arch/x86/kvm/vmx/tdx.c
> +++ b/arch/x86/kvm/vmx/tdx.c
> @@ -283,25 +283,6 @@ static inline void tdx_disassociate_vp(struct kvm_vcpu *vcpu)
>  	vcpu->cpu = -1;
>  }
>  
> -static void tdx_clear_page(struct page *page)
> -{
> -	const void *zero_page = (const void *) page_to_virt(ZERO_PAGE(0));
> -	void *dest = page_to_virt(page);
> -	unsigned long i;
> -
> -	/*
> -	 * The page could have been poisoned.  MOVDIR64B also clears
> -	 * the poison bit so the kernel can safely use the page again.
> -	 */
> -	for (i = 0; i < PAGE_SIZE; i += 64)
> -		movdir64b(dest + i, zero_page);
> -	/*
> -	 * MOVDIR64B store uses WC buffer.  Prevent following memory reads
> -	 * from seeing potentially poisoned cache.
> -	 */
> -	__mb();
> -}
> -
>  static void tdx_no_vcpus_enter_start(struct kvm *kvm)
>  {
>  	struct kvm_tdx *kvm_tdx = to_kvm_tdx(kvm);
> @@ -347,7 +328,7 @@ static int tdx_reclaim_page(struct page *page)
>  
>  	r = __tdx_reclaim_page(page);
>  	if (!r)
> -		tdx_clear_page(page);
> +		tdx_quirk_reset_paddr(page_to_phys(page), PAGE_SIZE);

This is silly.  Literally every use in KVM is on a struct page.  I agree with
Dave that having a wrapper with a completely unrelated name is confusing, but
that's a naming problem, not a code problem.

And FWIW, I find tdx_quirk_reset_paddr() confusing, because it reads like it's
resetting the address itself.  But if KVM only ever uses tdx_quirk_reset_page(),
I don't care what you call the inner helper.
Re: [PATCH V3 1/2] x86/tdx: Eliminate duplicate code in tdx_clear_page()
Posted by Adrian Hunter 2 months, 2 weeks ago 
On 22/07/2025 17:11, Sean Christopherson wrote:
> On Tue, Jul 22, 2025, Adrian Hunter wrote:
>> diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
>> index 7ddef3a69866..f66328404724 100644
>> --- a/arch/x86/include/asm/tdx.h
>> +++ b/arch/x86/include/asm/tdx.h
>> @@ -131,6 +131,8 @@ int tdx_guest_keyid_alloc(void);
>>  u32 tdx_get_nr_guest_keyids(void);
>>  void tdx_guest_keyid_free(unsigned int keyid);
>>  
>> +void tdx_quirk_reset_paddr(unsigned long base, unsigned long size);
>> +
>>  struct tdx_td {
>>  	/* TD root structure: */
>>  	struct page *tdr_page;
>> diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
>> index 573d6f7d1694..1b549de6da06 100644
>> --- a/arch/x86/kvm/vmx/tdx.c
>> +++ b/arch/x86/kvm/vmx/tdx.c
>> @@ -283,25 +283,6 @@ static inline void tdx_disassociate_vp(struct kvm_vcpu *vcpu)
>>  	vcpu->cpu = -1;
>>  }
>>  
>> -static void tdx_clear_page(struct page *page)
>> -{
>> -	const void *zero_page = (const void *) page_to_virt(ZERO_PAGE(0));
>> -	void *dest = page_to_virt(page);
>> -	unsigned long i;
>> -
>> -	/*
>> -	 * The page could have been poisoned.  MOVDIR64B also clears
>> -	 * the poison bit so the kernel can safely use the page again.
>> -	 */
>> -	for (i = 0; i < PAGE_SIZE; i += 64)
>> -		movdir64b(dest + i, zero_page);
>> -	/*
>> -	 * MOVDIR64B store uses WC buffer.  Prevent following memory reads
>> -	 * from seeing potentially poisoned cache.
>> -	 */
>> -	__mb();
>> -}
>> -
>>  static void tdx_no_vcpus_enter_start(struct kvm *kvm)
>>  {
>>  	struct kvm_tdx *kvm_tdx = to_kvm_tdx(kvm);
>> @@ -347,7 +328,7 @@ static int tdx_reclaim_page(struct page *page)
>>  
>>  	r = __tdx_reclaim_page(page);
>>  	if (!r)
>> -		tdx_clear_page(page);
>> +		tdx_quirk_reset_paddr(page_to_phys(page), PAGE_SIZE);
> 
> This is silly.  Literally every use in KVM is on a struct page.  I agree with
> Dave that having a wrapper with a completely unrelated name is confusing, but
> that's a naming problem, not a code problem.
> 
> And FWIW, I find tdx_quirk_reset_paddr() confusing, because it reads like it's
> resetting the address itself.  But if KVM only ever uses tdx_quirk_reset_page(),
> I don't care what you call the inner helper.

As you say, Dave's second option was:

	"The alternative would be to retain a function that keeps the 'struct
	page' as an argument. Something like:

		tdx_quirk_reset_paddr(unsigned long base, unsigned long size)
	and
		tdx_quirk_reset_page(struct page *page)"

So I will do that for V4 unless there are further comments.

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.