[Xen-devel,08/15] xen/x86: p2m: Use typesafe gfn for the P2M callbacks get_entry and set_entry

Message ID 20170913175953.16942-9-julien.grall@arm.com
State Superseded
Headers show
Series
  • xen/x86: Clean-up the PoD code
Related show

Commit Message

Julien Grall Sept. 13, 2017, 5:59 p.m.
Signed-off-by: Julien Grall <julien.grall@arm.com>

Cc: Jan Beulich <jbeulich@suse.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Razvan Cojocaru <rcojocaru@bitdefender.com>
Cc: Tamas K Lengyel <tamas@tklengyel.com>
Cc: George Dunlap <george.dunlap@eu.citrix.com>
Cc: Jun Nakajima <jun.nakajima@intel.com>
Cc: Kevin Tian <kevin.tian@intel.com>
---
 xen/arch/x86/hvm/hvm.c        |  2 +-
 xen/arch/x86/mm/mem_access.c  | 19 +++++------
 xen/arch/x86/mm/mem_sharing.c |  4 +--
 xen/arch/x86/mm/p2m-ept.c     |  6 ++--
 xen/arch/x86/mm/p2m-pod.c     | 15 +++++----
 xen/arch/x86/mm/p2m-pt.c      |  6 ++--
 xen/arch/x86/mm/p2m.c         | 77 +++++++++++++++++++++++--------------------
 xen/include/asm-x86/p2m.h     |  4 +--
 8 files changed, 73 insertions(+), 60 deletions(-)

Comments

Andrew Cooper Sept. 13, 2017, 6:22 p.m. | #1
On 13/09/2017 18:59, Julien Grall wrote:
> diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c
> index 0e63d6ed11..57878b1886 100644
> --- a/xen/arch/x86/mm/p2m-pt.c
> +++ b/xen/arch/x86/mm/p2m-pt.c
> @@ -479,12 +479,13 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa)
>  
>  /* Returns: 0 for success, -errno for failure */
>  static int
> -p2m_pt_set_entry(struct p2m_domain *p2m, unsigned long gfn, mfn_t mfn,
> +p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_t, mfn_t mfn,
>                   unsigned int page_order, p2m_type_t p2mt, p2m_access_t p2ma,
>                   int sve)
>  {
>      /* XXX -- this might be able to be faster iff current->domain == d */
>      void *table;
> +    unsigned long gfn = gfn_x(gfn_t);
>      unsigned long i, gfn_remainder = gfn;
>      l1_pgentry_t *p2m_entry, entry_content;
>      /* Intermediate table to free if we're replacing it with a superpage. */
> @@ -731,11 +732,12 @@ p2m_pt_set_entry(struct p2m_domain *p2m, unsigned long gfn, mfn_t mfn,
>  }
>  
>  static mfn_t
> -p2m_pt_get_entry(struct p2m_domain *p2m, unsigned long gfn,
> +p2m_pt_get_entry(struct p2m_domain *p2m, gfn_t gfn_t,
>                   p2m_type_t *t, p2m_access_t *a, p2m_query_t q,
>                   unsigned int *page_order, bool_t *sve)
>  {
>      mfn_t mfn;
> +    unsigned long gfn = gfn_x(gfn_t);

These two are rather risky, because you shadow the gfn_t type with a
variable named gfn_t.  I know its ugly, but how about just gfn_ ?

~Andrew

>      paddr_t addr = ((paddr_t)gfn) << PAGE_SHIFT;
>      l2_pgentry_t *l2e;
>      l1_pgentry_t *l1e;
>
Julien Grall Sept. 13, 2017, 6:27 p.m. | #2
Hi Andrew,

On 09/13/2017 07:22 PM, Andrew Cooper wrote:
> On 13/09/2017 18:59, Julien Grall wrote:
>> diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c
>> index 0e63d6ed11..57878b1886 100644
>> --- a/xen/arch/x86/mm/p2m-pt.c
>> +++ b/xen/arch/x86/mm/p2m-pt.c
>> @@ -479,12 +479,13 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa)
>>   
>>   /* Returns: 0 for success, -errno for failure */
>>   static int
>> -p2m_pt_set_entry(struct p2m_domain *p2m, unsigned long gfn, mfn_t mfn,
>> +p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_t, mfn_t mfn,
>>                    unsigned int page_order, p2m_type_t p2mt, p2m_access_t p2ma,
>>                    int sve)
>>   {
>>       /* XXX -- this might be able to be faster iff current->domain == d */
>>       void *table;
>> +    unsigned long gfn = gfn_x(gfn_t);
>>       unsigned long i, gfn_remainder = gfn;
>>       l1_pgentry_t *p2m_entry, entry_content;
>>       /* Intermediate table to free if we're replacing it with a superpage. */
>> @@ -731,11 +732,12 @@ p2m_pt_set_entry(struct p2m_domain *p2m, unsigned long gfn, mfn_t mfn,
>>   }
>>   
>>   static mfn_t
>> -p2m_pt_get_entry(struct p2m_domain *p2m, unsigned long gfn,
>> +p2m_pt_get_entry(struct p2m_domain *p2m, gfn_t gfn_t,
>>                    p2m_type_t *t, p2m_access_t *a, p2m_query_t q,
>>                    unsigned int *page_order, bool_t *sve)
>>   {
>>       mfn_t mfn;
>> +    unsigned long gfn = gfn_x(gfn_t);
> 
> These two are rather risky, because you shadow the gfn_t type with a
> variable named gfn_t.  I know its ugly, but how about just gfn_ ?

I can do that. Hopefully in the future both functions will be fully 
typesafe, so gfn_ will completely disappear.

Cheers,
Razvan Cojocaru Sept. 13, 2017, 7:08 p.m. | #3
On 09/13/2017 08:59 PM, Julien Grall wrote:
> Signed-off-by: Julien Grall <julien.grall@arm.com>
> 
> Cc: Jan Beulich <jbeulich@suse.com>
> Cc: Andrew Cooper <andrew.cooper3@citrix.com>
> Cc: Razvan Cojocaru <rcojocaru@bitdefender.com>
> Cc: Tamas K Lengyel <tamas@tklengyel.com>
> Cc: George Dunlap <george.dunlap@eu.citrix.com>
> Cc: Jun Nakajima <jun.nakajima@intel.com>
> Cc: Kevin Tian <kevin.tian@intel.com>
> ---
>  xen/arch/x86/hvm/hvm.c        |  2 +-
>  xen/arch/x86/mm/mem_access.c  | 19 +++++------
>  xen/arch/x86/mm/mem_sharing.c |  4 +--
>  xen/arch/x86/mm/p2m-ept.c     |  6 ++--
>  xen/arch/x86/mm/p2m-pod.c     | 15 +++++----
>  xen/arch/x86/mm/p2m-pt.c      |  6 ++--
>  xen/arch/x86/mm/p2m.c         | 77 +++++++++++++++++++++++--------------------
>  xen/include/asm-x86/p2m.h     |  4 +--
>  8 files changed, 73 insertions(+), 60 deletions(-)
> 
> diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
> index 6cb903def5..53be8c093c 100644
> --- a/xen/arch/x86/hvm/hvm.c
> +++ b/xen/arch/x86/hvm/hvm.c
> @@ -1787,7 +1787,7 @@ int hvm_hap_nested_page_fault(paddr_t gpa, unsigned long gla,
>              {
>                  bool_t sve;
>  
> -                p2m->get_entry(p2m, gfn, &p2mt, &p2ma, 0, NULL, &sve);
> +                p2m->get_entry(p2m, _gfn(gfn), &p2mt, &p2ma, 0, NULL, &sve);
>  
>                  if ( !sve && altp2m_vcpu_emulate_ve(curr) )
>                  {
> diff --git a/xen/arch/x86/mm/mem_access.c b/xen/arch/x86/mm/mem_access.c
> index 9211fc0abe..948e377e69 100644
> --- a/xen/arch/x86/mm/mem_access.c
> +++ b/xen/arch/x86/mm/mem_access.c
> @@ -66,7 +66,7 @@ static int _p2m_get_mem_access(struct p2m_domain *p2m, gfn_t gfn,
>      }
>  
>      gfn_lock(p2m, gfn, 0);
> -    mfn = p2m->get_entry(p2m, gfn_x(gfn), &t, &a, 0, NULL, NULL);
> +    mfn = p2m->get_entry(p2m, gfn, &t, &a, 0, NULL, NULL);
>      gfn_unlock(p2m, gfn, 0);
>  
>      if ( mfn_eq(mfn, INVALID_MFN) )
> @@ -142,7 +142,7 @@ bool p2m_mem_access_check(paddr_t gpa, unsigned long gla,
>                            vm_event_request_t **req_ptr)
>  {
>      struct vcpu *v = current;
> -    unsigned long gfn = gpa >> PAGE_SHIFT;
> +    gfn_t gfn = gaddr_to_gfn(gpa);
>      struct domain *d = v->domain;
>      struct p2m_domain *p2m = NULL;
>      mfn_t mfn;
> @@ -215,7 +215,7 @@ bool p2m_mem_access_check(paddr_t gpa, unsigned long gla,
>          *req_ptr = req;
>  
>          req->reason = VM_EVENT_REASON_MEM_ACCESS;
> -        req->u.mem_access.gfn = gfn;
> +        req->u.mem_access.gfn = gfn_x(gfn);
>          req->u.mem_access.offset = gpa & ((1 << PAGE_SHIFT) - 1);
>          if ( npfec.gla_valid )
>          {
> @@ -247,7 +247,7 @@ int p2m_set_altp2m_mem_access(struct domain *d, struct p2m_domain *hp2m,
>      unsigned long gfn_l = gfn_x(gfn);

I'd drop gfn_l completely here and just use gfn_x(gfn) in the two places
below where it's used. It would get rid of a line of code in this
function. But I wouldn't hold the patch over this, so if nobody else has
comments it's fine as is.

>      int rc;
>  
> -    mfn = ap2m->get_entry(ap2m, gfn_l, &t, &old_a, 0, NULL, NULL);
> +    mfn = ap2m->get_entry(ap2m, gfn, &t, &old_a, 0, NULL, NULL);
>  
>      /* Check host p2m if no valid entry in alternate */
>      if ( !mfn_valid(mfn) )
> @@ -264,16 +264,16 @@ int p2m_set_altp2m_mem_access(struct domain *d, struct p2m_domain *hp2m,
>          if ( page_order != PAGE_ORDER_4K )
>          {
>              unsigned long mask = ~((1UL << page_order) - 1);
> -            unsigned long gfn2_l = gfn_l & mask;
> +            gfn_t gfn2 = _gfn(gfn_l & mask);
>              mfn_t mfn2 = _mfn(mfn_x(mfn) & mask);
>  
> -            rc = ap2m->set_entry(ap2m, gfn2_l, mfn2, page_order, t, old_a, 1);
> +            rc = ap2m->set_entry(ap2m, gfn2, mfn2, page_order, t, old_a, 1);
>              if ( rc )
>                  return rc;
>          }
>      }
>  
> -    return ap2m->set_entry(ap2m, gfn_l, mfn, PAGE_ORDER_4K, t, a,
> +    return ap2m->set_entry(ap2m, gfn, mfn, PAGE_ORDER_4K, t, a,
>                           (current->domain != d));

If you need to send V2, could you please also indent the last line so
that '(' is under the 'a' in 'ap2m'? You don't have to, but it'd be a
coding style fix coming in on top of this patch.

>  }
>  
> @@ -295,10 +295,9 @@ static int set_mem_access(struct domain *d, struct p2m_domain *p2m,
>          mfn_t mfn;
>          p2m_access_t _a;
>          p2m_type_t t;
> -        unsigned long gfn_l = gfn_x(gfn);
>  
> -        mfn = p2m->get_entry(p2m, gfn_l, &t, &_a, 0, NULL, NULL);
> -        rc = p2m->set_entry(p2m, gfn_l, mfn, PAGE_ORDER_4K, t, a, -1);
> +        mfn = p2m->get_entry(p2m, gfn, &t, &_a, 0, NULL, NULL);
> +        rc = p2m->set_entry(p2m, gfn, mfn, PAGE_ORDER_4K, t, a, -1);
>      }
>  
>      return rc;
> diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c
> index 12fb9cc51f..4c1ace9b21 100644
> --- a/xen/arch/x86/mm/mem_sharing.c
> +++ b/xen/arch/x86/mm/mem_sharing.c
> @@ -1234,7 +1234,7 @@ int relinquish_shared_pages(struct domain *d)
>  
>          if ( atomic_read(&d->shr_pages) == 0 )
>              break;
> -        mfn = p2m->get_entry(p2m, gfn, &t, &a, 0, NULL, NULL);
> +        mfn = p2m->get_entry(p2m, _gfn(gfn), &t, &a, 0, NULL, NULL);
>          if ( mfn_valid(mfn) && (t == p2m_ram_shared) )
>          {
>              /* Does not fail with ENOMEM given the DESTROY flag */
> @@ -1243,7 +1243,7 @@ int relinquish_shared_pages(struct domain *d)
>              /* Clear out the p2m entry so no one else may try to
>               * unshare.  Must succeed: we just read the old entry and
>               * we hold the p2m lock. */
> -            set_rc = p2m->set_entry(p2m, gfn, _mfn(0), PAGE_ORDER_4K,
> +            set_rc = p2m->set_entry(p2m, _gfn(gfn), _mfn(0), PAGE_ORDER_4K,
>                                      p2m_invalid, p2m_access_rwx, -1);
>              ASSERT(set_rc == 0);
>              count += 0x10;
> diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c
> index 23c0518733..dff214cf7b 100644
> --- a/xen/arch/x86/mm/p2m-ept.c
> +++ b/xen/arch/x86/mm/p2m-ept.c
> @@ -674,11 +674,12 @@ bool_t ept_handle_misconfig(uint64_t gpa)
>   * Returns: 0 for success, -errno for failure
>   */
>  static int
> -ept_set_entry(struct p2m_domain *p2m, unsigned long gfn, mfn_t mfn, 
> +ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_t, mfn_t mfn,
>                unsigned int order, p2m_type_t p2mt, p2m_access_t p2ma,
>                int sve)
>  {
>      ept_entry_t *table, *ept_entry = NULL;
> +    unsigned long gfn = gfn_x(gfn_t);

Should we call this gfn_l, as done above?

>      unsigned long gfn_remainder = gfn;
>      unsigned int i, target = order / EPT_TABLE_ORDER;
>      unsigned long fn_mask = !mfn_eq(mfn, INVALID_MFN) ? (gfn | mfn_x(mfn)) : gfn;
> @@ -910,11 +911,12 @@ out:
>  
>  /* Read ept p2m entries */
>  static mfn_t ept_get_entry(struct p2m_domain *p2m,
> -                           unsigned long gfn, p2m_type_t *t, p2m_access_t* a,
> +                           gfn_t gfn_t, p2m_type_t *t, p2m_access_t* a,
>                             p2m_query_t q, unsigned int *page_order,
>                             bool_t *sve)
>  {
>      ept_entry_t *table = map_domain_page(_mfn(pagetable_get_pfn(p2m_get_pagetable(p2m))));
> +    unsigned long gfn = gfn_x(gfn_t);

gfn_l here too?

>      unsigned long gfn_remainder = gfn;
>      ept_entry_t *ept_entry;
>      u32 index;
> diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c
> index eb74e5c01f..c8c8cff014 100644
> --- a/xen/arch/x86/mm/p2m-pod.c
> +++ b/xen/arch/x86/mm/p2m-pod.c
> @@ -543,7 +543,7 @@ p2m_pod_decrease_reservation(struct domain *d, gfn_t gfn, unsigned int order)
>          p2m_type_t t;
>          unsigned int cur_order;
>  
> -        p2m->get_entry(p2m, gfn_x(gfn) + i, &t, &a, 0, &cur_order, NULL);
> +        p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, &cur_order, NULL);
>          n = 1UL << min(order, cur_order);
>          if ( t == p2m_populate_on_demand )
>              pod += n;
> @@ -603,7 +603,7 @@ p2m_pod_decrease_reservation(struct domain *d, gfn_t gfn, unsigned int order)
>          p2m_access_t a;
>          unsigned int cur_order;
>  
> -        mfn = p2m->get_entry(p2m, gfn_x(gfn) + i, &t, &a, 0, &cur_order, NULL);
> +        mfn = p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, &cur_order, NULL);
>          if ( order < cur_order )
>              cur_order = order;
>          n = 1UL << cur_order;
> @@ -717,7 +717,8 @@ p2m_pod_zero_check_superpage(struct p2m_domain *p2m, unsigned long gfn)
>          unsigned long k;
>          const struct page_info *page;
>  
> -        mfn = p2m->get_entry(p2m, gfn + i, &type, &a, 0, &cur_order, NULL);
> +        mfn = p2m->get_entry(p2m, _gfn(gfn +  i), &type, &a, 0,
> +                             &cur_order, NULL);
>  
>          /*
>           * Conditions that must be met for superpage-superpage:
> @@ -859,7 +860,9 @@ p2m_pod_zero_check(struct p2m_domain *p2m, unsigned long *gfns, int count)
>      for ( i = 0; i < count; i++ )
>      {
>          p2m_access_t a;
> -        mfns[i] = p2m->get_entry(p2m, gfns[i], types + i, &a, 0, NULL, NULL);
> +
> +        mfns[i] = p2m->get_entry(p2m, _gfn(gfns[i]), types + i, &a,
> +                                 0, NULL, NULL);
>          /*
>           * If this is ram, and not a pagetable or from the xen heap, and
>           * probably not mapped elsewhere, map it; otherwise, skip.
> @@ -988,7 +991,7 @@ p2m_pod_emergency_sweep(struct p2m_domain *p2m)
>      for ( i = p2m->pod.reclaim_single; i > 0 ; i-- )
>      {
>          p2m_access_t a;
> -        (void)p2m->get_entry(p2m, i, &t, &a, 0, NULL, NULL);
> +        (void)p2m->get_entry(p2m, _gfn(i), &t, &a, 0, NULL, NULL);
>          if ( p2m_is_ram(t) )
>          {
>              gfns[j] = i;
> @@ -1237,7 +1240,7 @@ guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn,
>          p2m_access_t a;
>          unsigned int cur_order;
>  
> -        p2m->get_entry(p2m, gfn + i, &ot, &a, 0, &cur_order, NULL);
> +        p2m->get_entry(p2m, _gfn(gfn + i), &ot, &a, 0, &cur_order, NULL);
>          n = 1UL << min(order, cur_order);
>          if ( p2m_is_ram(ot) )
>          {
> diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c
> index 0e63d6ed11..57878b1886 100644
> --- a/xen/arch/x86/mm/p2m-pt.c
> +++ b/xen/arch/x86/mm/p2m-pt.c
> @@ -479,12 +479,13 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa)
>  
>  /* Returns: 0 for success, -errno for failure */
>  static int
> -p2m_pt_set_entry(struct p2m_domain *p2m, unsigned long gfn, mfn_t mfn,
> +p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_t, mfn_t mfn,
>                   unsigned int page_order, p2m_type_t p2mt, p2m_access_t p2ma,
>                   int sve)
>  {
>      /* XXX -- this might be able to be faster iff current->domain == d */
>      void *table;
> +    unsigned long gfn = gfn_x(gfn_t);

gfn_l?

>      unsigned long i, gfn_remainder = gfn;
>      l1_pgentry_t *p2m_entry, entry_content;
>      /* Intermediate table to free if we're replacing it with a superpage. */
> @@ -731,11 +732,12 @@ p2m_pt_set_entry(struct p2m_domain *p2m, unsigned long gfn, mfn_t mfn,
>  }
>  
>  static mfn_t
> -p2m_pt_get_entry(struct p2m_domain *p2m, unsigned long gfn,
> +p2m_pt_get_entry(struct p2m_domain *p2m, gfn_t gfn_t,
>                   p2m_type_t *t, p2m_access_t *a, p2m_query_t q,
>                   unsigned int *page_order, bool_t *sve)
>  {
>      mfn_t mfn;
> +    unsigned long gfn = gfn_x(gfn_t);

gfn_l?

Other than that, the changes look completely mechanical, so with those
(optional) changes:

Acked-by: Razvan Cojocaru <rcojocaru@bitdefender.com>


Thanks,
Razvan
Razvan Cojocaru Sept. 13, 2017, 7:10 p.m. | #4
On 09/13/2017 09:27 PM, Julien Grall wrote:
> Hi Andrew,
> 
> On 09/13/2017 07:22 PM, Andrew Cooper wrote:
>> On 13/09/2017 18:59, Julien Grall wrote:
>>> diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c
>>> index 0e63d6ed11..57878b1886 100644
>>> --- a/xen/arch/x86/mm/p2m-pt.c
>>> +++ b/xen/arch/x86/mm/p2m-pt.c
>>> @@ -479,12 +479,13 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa)
>>>     /* Returns: 0 for success, -errno for failure */
>>>   static int
>>> -p2m_pt_set_entry(struct p2m_domain *p2m, unsigned long gfn, mfn_t mfn,
>>> +p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_t, mfn_t mfn,
>>>                    unsigned int page_order, p2m_type_t p2mt,
>>> p2m_access_t p2ma,
>>>                    int sve)
>>>   {
>>>       /* XXX -- this might be able to be faster iff current->domain
>>> == d */
>>>       void *table;
>>> +    unsigned long gfn = gfn_x(gfn_t);
>>>       unsigned long i, gfn_remainder = gfn;
>>>       l1_pgentry_t *p2m_entry, entry_content;
>>>       /* Intermediate table to free if we're replacing it with a
>>> superpage. */
>>> @@ -731,11 +732,12 @@ p2m_pt_set_entry(struct p2m_domain *p2m,
>>> unsigned long gfn, mfn_t mfn,
>>>   }
>>>     static mfn_t
>>> -p2m_pt_get_entry(struct p2m_domain *p2m, unsigned long gfn,
>>> +p2m_pt_get_entry(struct p2m_domain *p2m, gfn_t gfn_t,
>>>                    p2m_type_t *t, p2m_access_t *a, p2m_query_t q,
>>>                    unsigned int *page_order, bool_t *sve)
>>>   {
>>>       mfn_t mfn;
>>> +    unsigned long gfn = gfn_x(gfn_t);
>>
>> These two are rather risky, because you shadow the gfn_t type with a
>> variable named gfn_t.  I know its ugly, but how about just gfn_ ?
> 
> I can do that. Hopefully in the future both functions will be fully
> typesafe, so gfn_ will completely disappear.

Ah, I had proposed gfn_l for unsigned long gfns - it seems to be the
unspoken convention in the rest of the code, so I think it fits nicely.


Thanks,
Razvan
Julien Grall Sept. 13, 2017, 7:32 p.m. | #5
Hi,

On 13/09/2017 20:08, Razvan Cojocaru wrote:
>> @@ -142,7 +142,7 @@ bool p2m_mem_access_check(paddr_t gpa, unsigned long gla,
>>                            vm_event_request_t **req_ptr)
>>  {
>>      struct vcpu *v = current;
>> -    unsigned long gfn = gpa >> PAGE_SHIFT;
>> +    gfn_t gfn = gaddr_to_gfn(gpa);
>>      struct domain *d = v->domain;
>>      struct p2m_domain *p2m = NULL;
>>      mfn_t mfn;
>> @@ -215,7 +215,7 @@ bool p2m_mem_access_check(paddr_t gpa, unsigned long gla,
>>          *req_ptr = req;
>>
>>          req->reason = VM_EVENT_REASON_MEM_ACCESS;
>> -        req->u.mem_access.gfn = gfn;
>> +        req->u.mem_access.gfn = gfn_x(gfn);
>>          req->u.mem_access.offset = gpa & ((1 << PAGE_SHIFT) - 1);
>>          if ( npfec.gla_valid )
>>          {
>> @@ -247,7 +247,7 @@ int p2m_set_altp2m_mem_access(struct domain *d, struct p2m_domain *hp2m,
>>      unsigned long gfn_l = gfn_x(gfn);
>
> I'd drop gfn_l completely here and just use gfn_x(gfn) in the two places
> below where it's used. It would get rid of a line of code in this
> function. But I wouldn't hold the patch over this, so if nobody else has
> comments it's fine as is.

Technically more clean-up could be done in every functions. If you 
noticed it, I kept the changes minimal because this is already a boring 
but necessary job and I really don't want to explore all the possible 
clean-up in each single function... Feel free to do more clean-up.

>>      int rc;
>>
>> -    mfn = ap2m->get_entry(ap2m, gfn_l, &t, &old_a, 0, NULL, NULL);
>> +    mfn = ap2m->get_entry(ap2m, gfn, &t, &old_a, 0, NULL, NULL);
>>
>>      /* Check host p2m if no valid entry in alternate */
>>      if ( !mfn_valid(mfn) )
>> @@ -264,16 +264,16 @@ int p2m_set_altp2m_mem_access(struct domain *d, struct p2m_domain *hp2m,
>>          if ( page_order != PAGE_ORDER_4K )
>>          {
>>              unsigned long mask = ~((1UL << page_order) - 1);
>> -            unsigned long gfn2_l = gfn_l & mask;
>> +            gfn_t gfn2 = _gfn(gfn_l & mask);
>>              mfn_t mfn2 = _mfn(mfn_x(mfn) & mask);
>>
>> -            rc = ap2m->set_entry(ap2m, gfn2_l, mfn2, page_order, t, old_a, 1);
>> +            rc = ap2m->set_entry(ap2m, gfn2, mfn2, page_order, t, old_a, 1);
>>              if ( rc )
>>                  return rc;
>>          }
>>      }
>>
>> -    return ap2m->set_entry(ap2m, gfn_l, mfn, PAGE_ORDER_4K, t, a,
>> +    return ap2m->set_entry(ap2m, gfn, mfn, PAGE_ORDER_4K, t, a,
>>                           (current->domain != d));
>
> If you need to send V2, could you please also indent the last line so
> that '(' is under the 'a' in 'ap2m'? You don't have to, but it'd be a
> coding style fix coming in on top of this patch.

Will do.

>> diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c
>> index 23c0518733..dff214cf7b 100644
>> --- a/xen/arch/x86/mm/p2m-ept.c
>> +++ b/xen/arch/x86/mm/p2m-ept.c
>> @@ -674,11 +674,12 @@ bool_t ept_handle_misconfig(uint64_t gpa)
>>   * Returns: 0 for success, -errno for failure
>>   */
>>  static int
>> -ept_set_entry(struct p2m_domain *p2m, unsigned long gfn, mfn_t mfn,
>> +ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_t, mfn_t mfn,
>>                unsigned int order, p2m_type_t p2mt, p2m_access_t p2ma,
>>                int sve)
>>  {
>>      ept_entry_t *table, *ept_entry = NULL;
>> +    unsigned long gfn = gfn_x(gfn_t);
>
> Should we call this gfn_l, as done above?
>
>>      unsigned long gfn_remainder = gfn;
>>      unsigned int i, target = order / EPT_TABLE_ORDER;
>>      unsigned long fn_mask = !mfn_eq(mfn, INVALID_MFN) ? (gfn | mfn_x(mfn)) : gfn;
>> @@ -910,11 +911,12 @@ out:
>>
>>  /* Read ept p2m entries */
>>  static mfn_t ept_get_entry(struct p2m_domain *p2m,
>> -                           unsigned long gfn, p2m_type_t *t, p2m_access_t* a,
>> +                           gfn_t gfn_t, p2m_type_t *t, p2m_access_t* a,
>>                             p2m_query_t q, unsigned int *page_order,
>>                             bool_t *sve)
>>  {
>>      ept_entry_t *table = map_domain_page(_mfn(pagetable_get_pfn(p2m_get_pagetable(p2m))));
>> +    unsigned long gfn = gfn_x(gfn_t);
>
> gfn_l here too?

[...]

>> diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c
>> index 0e63d6ed11..57878b1886 100644
>> --- a/xen/arch/x86/mm/p2m-pt.c
>> +++ b/xen/arch/x86/mm/p2m-pt.c
>> @@ -479,12 +479,13 @@ int p2m_pt_handle_deferred_changes(uint64_t gpa)
>>
>>  /* Returns: 0 for success, -errno for failure */
>>  static int
>> -p2m_pt_set_entry(struct p2m_domain *p2m, unsigned long gfn, mfn_t mfn,
>> +p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_t, mfn_t mfn,
>>                   unsigned int page_order, p2m_type_t p2mt, p2m_access_t p2ma,
>>                   int sve)
>>  {
>>      /* XXX -- this might be able to be faster iff current->domain == d */
>>      void *table;
>> +    unsigned long gfn = gfn_x(gfn_t);
>
> gfn_l?
>
>>      unsigned long i, gfn_remainder = gfn;
>>      l1_pgentry_t *p2m_entry, entry_content;
>>      /* Intermediate table to free if we're replacing it with a superpage. */
>> @@ -731,11 +732,12 @@ p2m_pt_set_entry(struct p2m_domain *p2m, unsigned long gfn, mfn_t mfn,
>>  }
>>
>>  static mfn_t
>> -p2m_pt_get_entry(struct p2m_domain *p2m, unsigned long gfn,
>> +p2m_pt_get_entry(struct p2m_domain *p2m, gfn_t gfn_t,
>>                   p2m_type_t *t, p2m_access_t *a, p2m_query_t q,
>>                   unsigned int *page_order, bool_t *sve)
>>  {
>>      mfn_t mfn;
>> +    unsigned long gfn = gfn_x(gfn_t);
>
> gfn_l?

If you do that you would have to rename all gfn to gfn_l in the function 
increase a bit more the size of this boring patch. The right solution 
would be to make the rest of the code typesafe, but that's not my plan. 
I have done enough typesafe clean-up myself, so I will leave it with

unsigned long gfn = gfn_x(gfn_);

Until someone step up and decide to do further clean-up.

Cheers,
Tian, Kevin Sept. 20, 2017, 6:57 a.m. | #6
> From: Julien Grall [mailto:julien.grall@arm.com]
> Sent: Thursday, September 14, 2017 2:00 AM
> 
> Signed-off-by: Julien Grall <julien.grall@arm.com>
> 
> Cc: Jan Beulich <jbeulich@suse.com>
> Cc: Andrew Cooper <andrew.cooper3@citrix.com>
> Cc: Razvan Cojocaru <rcojocaru@bitdefender.com>
> Cc: Tamas K Lengyel <tamas@tklengyel.com>
> Cc: George Dunlap <george.dunlap@eu.citrix.com>
> Cc: Jun Nakajima <jun.nakajima@intel.com>
> Cc: Kevin Tian <kevin.tian@intel.com>

Reviewed-by: Kevin Tian <kevin.tian@intel.com> for EPT part.

Patch

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 6cb903def5..53be8c093c 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -1787,7 +1787,7 @@  int hvm_hap_nested_page_fault(paddr_t gpa, unsigned long gla,
             {
                 bool_t sve;
 
-                p2m->get_entry(p2m, gfn, &p2mt, &p2ma, 0, NULL, &sve);
+                p2m->get_entry(p2m, _gfn(gfn), &p2mt, &p2ma, 0, NULL, &sve);
 
                 if ( !sve && altp2m_vcpu_emulate_ve(curr) )
                 {
diff --git a/xen/arch/x86/mm/mem_access.c b/xen/arch/x86/mm/mem_access.c
index 9211fc0abe..948e377e69 100644
--- a/xen/arch/x86/mm/mem_access.c
+++ b/xen/arch/x86/mm/mem_access.c
@@ -66,7 +66,7 @@  static int _p2m_get_mem_access(struct p2m_domain *p2m, gfn_t gfn,
     }
 
     gfn_lock(p2m, gfn, 0);
-    mfn = p2m->get_entry(p2m, gfn_x(gfn), &t, &a, 0, NULL, NULL);
+    mfn = p2m->get_entry(p2m, gfn, &t, &a, 0, NULL, NULL);
     gfn_unlock(p2m, gfn, 0);
 
     if ( mfn_eq(mfn, INVALID_MFN) )
@@ -142,7 +142,7 @@  bool p2m_mem_access_check(paddr_t gpa, unsigned long gla,
                           vm_event_request_t **req_ptr)
 {
     struct vcpu *v = current;
-    unsigned long gfn = gpa >> PAGE_SHIFT;
+    gfn_t gfn = gaddr_to_gfn(gpa);
     struct domain *d = v->domain;
     struct p2m_domain *p2m = NULL;
     mfn_t mfn;
@@ -215,7 +215,7 @@  bool p2m_mem_access_check(paddr_t gpa, unsigned long gla,
         *req_ptr = req;
 
         req->reason = VM_EVENT_REASON_MEM_ACCESS;
-        req->u.mem_access.gfn = gfn;
+        req->u.mem_access.gfn = gfn_x(gfn);
         req->u.mem_access.offset = gpa & ((1 << PAGE_SHIFT) - 1);
         if ( npfec.gla_valid )
         {
@@ -247,7 +247,7 @@  int p2m_set_altp2m_mem_access(struct domain *d, struct p2m_domain *hp2m,
     unsigned long gfn_l = gfn_x(gfn);
     int rc;
 
-    mfn = ap2m->get_entry(ap2m, gfn_l, &t, &old_a, 0, NULL, NULL);
+    mfn = ap2m->get_entry(ap2m, gfn, &t, &old_a, 0, NULL, NULL);
 
     /* Check host p2m if no valid entry in alternate */
     if ( !mfn_valid(mfn) )
@@ -264,16 +264,16 @@  int p2m_set_altp2m_mem_access(struct domain *d, struct p2m_domain *hp2m,
         if ( page_order != PAGE_ORDER_4K )
         {
             unsigned long mask = ~((1UL << page_order) - 1);
-            unsigned long gfn2_l = gfn_l & mask;
+            gfn_t gfn2 = _gfn(gfn_l & mask);
             mfn_t mfn2 = _mfn(mfn_x(mfn) & mask);
 
-            rc = ap2m->set_entry(ap2m, gfn2_l, mfn2, page_order, t, old_a, 1);
+            rc = ap2m->set_entry(ap2m, gfn2, mfn2, page_order, t, old_a, 1);
             if ( rc )
                 return rc;
         }
     }
 
-    return ap2m->set_entry(ap2m, gfn_l, mfn, PAGE_ORDER_4K, t, a,
+    return ap2m->set_entry(ap2m, gfn, mfn, PAGE_ORDER_4K, t, a,
                          (current->domain != d));
 }
 
@@ -295,10 +295,9 @@  static int set_mem_access(struct domain *d, struct p2m_domain *p2m,
         mfn_t mfn;
         p2m_access_t _a;
         p2m_type_t t;
-        unsigned long gfn_l = gfn_x(gfn);
 
-        mfn = p2m->get_entry(p2m, gfn_l, &t, &_a, 0, NULL, NULL);
-        rc = p2m->set_entry(p2m, gfn_l, mfn, PAGE_ORDER_4K, t, a, -1);
+        mfn = p2m->get_entry(p2m, gfn, &t, &_a, 0, NULL, NULL);
+        rc = p2m->set_entry(p2m, gfn, mfn, PAGE_ORDER_4K, t, a, -1);
     }
 
     return rc;
diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c
index 12fb9cc51f..4c1ace9b21 100644
--- a/xen/arch/x86/mm/mem_sharing.c
+++ b/xen/arch/x86/mm/mem_sharing.c
@@ -1234,7 +1234,7 @@  int relinquish_shared_pages(struct domain *d)
 
         if ( atomic_read(&d->shr_pages) == 0 )
             break;
-        mfn = p2m->get_entry(p2m, gfn, &t, &a, 0, NULL, NULL);
+        mfn = p2m->get_entry(p2m, _gfn(gfn), &t, &a, 0, NULL, NULL);
         if ( mfn_valid(mfn) && (t == p2m_ram_shared) )
         {
             /* Does not fail with ENOMEM given the DESTROY flag */
@@ -1243,7 +1243,7 @@  int relinquish_shared_pages(struct domain *d)
             /* Clear out the p2m entry so no one else may try to
              * unshare.  Must succeed: we just read the old entry and
              * we hold the p2m lock. */
-            set_rc = p2m->set_entry(p2m, gfn, _mfn(0), PAGE_ORDER_4K,
+            set_rc = p2m->set_entry(p2m, _gfn(gfn), _mfn(0), PAGE_ORDER_4K,
                                     p2m_invalid, p2m_access_rwx, -1);
             ASSERT(set_rc == 0);
             count += 0x10;
diff --git a/xen/arch/x86/mm/p2m-ept.c b/xen/arch/x86/mm/p2m-ept.c
index 23c0518733..dff214cf7b 100644
--- a/xen/arch/x86/mm/p2m-ept.c
+++ b/xen/arch/x86/mm/p2m-ept.c
@@ -674,11 +674,12 @@  bool_t ept_handle_misconfig(uint64_t gpa)
  * Returns: 0 for success, -errno for failure
  */
 static int
-ept_set_entry(struct p2m_domain *p2m, unsigned long gfn, mfn_t mfn, 
+ept_set_entry(struct p2m_domain *p2m, gfn_t gfn_t, mfn_t mfn,
               unsigned int order, p2m_type_t p2mt, p2m_access_t p2ma,
               int sve)
 {
     ept_entry_t *table, *ept_entry = NULL;
+    unsigned long gfn = gfn_x(gfn_t);
     unsigned long gfn_remainder = gfn;
     unsigned int i, target = order / EPT_TABLE_ORDER;
     unsigned long fn_mask = !mfn_eq(mfn, INVALID_MFN) ? (gfn | mfn_x(mfn)) : gfn;
@@ -910,11 +911,12 @@  out:
 
 /* Read ept p2m entries */
 static mfn_t ept_get_entry(struct p2m_domain *p2m,
-                           unsigned long gfn, p2m_type_t *t, p2m_access_t* a,
+                           gfn_t gfn_t, p2m_type_t *t, p2m_access_t* a,
                            p2m_query_t q, unsigned int *page_order,
                            bool_t *sve)
 {
     ept_entry_t *table = map_domain_page(_mfn(pagetable_get_pfn(p2m_get_pagetable(p2m))));
+    unsigned long gfn = gfn_x(gfn_t);
     unsigned long gfn_remainder = gfn;
     ept_entry_t *ept_entry;
     u32 index;
diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c
index eb74e5c01f..c8c8cff014 100644
--- a/xen/arch/x86/mm/p2m-pod.c
+++ b/xen/arch/x86/mm/p2m-pod.c
@@ -543,7 +543,7 @@  p2m_pod_decrease_reservation(struct domain *d, gfn_t gfn, unsigned int order)
         p2m_type_t t;
         unsigned int cur_order;
 
-        p2m->get_entry(p2m, gfn_x(gfn) + i, &t, &a, 0, &cur_order, NULL);
+        p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, &cur_order, NULL);
         n = 1UL << min(order, cur_order);
         if ( t == p2m_populate_on_demand )
             pod += n;
@@ -603,7 +603,7 @@  p2m_pod_decrease_reservation(struct domain *d, gfn_t gfn, unsigned int order)
         p2m_access_t a;
         unsigned int cur_order;
 
-        mfn = p2m->get_entry(p2m, gfn_x(gfn) + i, &t, &a, 0, &cur_order, NULL);
+        mfn = p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, &cur_order, NULL);
         if ( order < cur_order )
             cur_order = order;
         n = 1UL << cur_order;
@@ -717,7 +717,8 @@  p2m_pod_zero_check_superpage(struct p2m_domain *p2m, unsigned long gfn)
         unsigned long k;
         const struct page_info *page;
 
-        mfn = p2m->get_entry(p2m, gfn + i, &type, &a, 0, &cur_order, NULL);
+        mfn = p2m->get_entry(p2m, _gfn(gfn +  i), &type, &a, 0,
+                             &cur_order, NULL);
 
         /*
          * Conditions that must be met for superpage-superpage:
@@ -859,7 +860,9 @@  p2m_pod_zero_check(struct p2m_domain *p2m, unsigned long *gfns, int count)
     for ( i = 0; i < count; i++ )
     {
         p2m_access_t a;
-        mfns[i] = p2m->get_entry(p2m, gfns[i], types + i, &a, 0, NULL, NULL);
+
+        mfns[i] = p2m->get_entry(p2m, _gfn(gfns[i]), types + i, &a,
+                                 0, NULL, NULL);
         /*
          * If this is ram, and not a pagetable or from the xen heap, and
          * probably not mapped elsewhere, map it; otherwise, skip.
@@ -988,7 +991,7 @@  p2m_pod_emergency_sweep(struct p2m_domain *p2m)
     for ( i = p2m->pod.reclaim_single; i > 0 ; i-- )
     {
         p2m_access_t a;
-        (void)p2m->get_entry(p2m, i, &t, &a, 0, NULL, NULL);
+        (void)p2m->get_entry(p2m, _gfn(i), &t, &a, 0, NULL, NULL);
         if ( p2m_is_ram(t) )
         {
             gfns[j] = i;
@@ -1237,7 +1240,7 @@  guest_physmap_mark_populate_on_demand(struct domain *d, unsigned long gfn,
         p2m_access_t a;
         unsigned int cur_order;
 
-        p2m->get_entry(p2m, gfn + i, &ot, &a, 0, &cur_order, NULL);
+        p2m->get_entry(p2m, _gfn(gfn + i), &ot, &a, 0, &cur_order, NULL);
         n = 1UL << min(order, cur_order);
         if ( p2m_is_ram(ot) )
         {
diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c
index 0e63d6ed11..57878b1886 100644
--- a/xen/arch/x86/mm/p2m-pt.c
+++ b/xen/arch/x86/mm/p2m-pt.c
@@ -479,12 +479,13 @@  int p2m_pt_handle_deferred_changes(uint64_t gpa)
 
 /* Returns: 0 for success, -errno for failure */
 static int
-p2m_pt_set_entry(struct p2m_domain *p2m, unsigned long gfn, mfn_t mfn,
+p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_t, mfn_t mfn,
                  unsigned int page_order, p2m_type_t p2mt, p2m_access_t p2ma,
                  int sve)
 {
     /* XXX -- this might be able to be faster iff current->domain == d */
     void *table;
+    unsigned long gfn = gfn_x(gfn_t);
     unsigned long i, gfn_remainder = gfn;
     l1_pgentry_t *p2m_entry, entry_content;
     /* Intermediate table to free if we're replacing it with a superpage. */
@@ -731,11 +732,12 @@  p2m_pt_set_entry(struct p2m_domain *p2m, unsigned long gfn, mfn_t mfn,
 }
 
 static mfn_t
-p2m_pt_get_entry(struct p2m_domain *p2m, unsigned long gfn,
+p2m_pt_get_entry(struct p2m_domain *p2m, gfn_t gfn_t,
                  p2m_type_t *t, p2m_access_t *a, p2m_query_t q,
                  unsigned int *page_order, bool_t *sve)
 {
     mfn_t mfn;
+    unsigned long gfn = gfn_x(gfn_t);
     paddr_t addr = ((paddr_t)gfn) << PAGE_SHIFT;
     l2_pgentry_t *l2e;
     l1_pgentry_t *l1e;
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index 0b479105b9..35d4a15391 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -415,11 +415,12 @@  void p2m_unlock_and_tlb_flush(struct p2m_domain *p2m)
         mm_write_unlock(&p2m->lock);
 }
 
-mfn_t __get_gfn_type_access(struct p2m_domain *p2m, unsigned long gfn,
+mfn_t __get_gfn_type_access(struct p2m_domain *p2m, unsigned long gfn_l,
                     p2m_type_t *t, p2m_access_t *a, p2m_query_t q,
                     unsigned int *page_order, bool_t locked)
 {
     mfn_t mfn;
+    gfn_t gfn = _gfn(gfn_l);
 
     /* Unshare makes no sense withuot populate. */
     if ( q & P2M_UNSHARE )
@@ -430,7 +431,7 @@  mfn_t __get_gfn_type_access(struct p2m_domain *p2m, unsigned long gfn,
         /* Not necessarily true, but for non-translated guests, we claim
          * it's the most generic kind of memory */
         *t = p2m_ram_rw;
-        return _mfn(gfn);
+        return _mfn(gfn_l);
     }
 
     if ( locked )
@@ -444,8 +445,8 @@  mfn_t __get_gfn_type_access(struct p2m_domain *p2m, unsigned long gfn,
         ASSERT(p2m_is_hostp2m(p2m));
         /* Try to unshare. If we fail, communicate ENOMEM without
          * sleeping. */
-        if ( mem_sharing_unshare_page(p2m->domain, gfn, 0) < 0 )
-            (void)mem_sharing_notify_enomem(p2m->domain, gfn, 0);
+        if ( mem_sharing_unshare_page(p2m->domain, gfn_l, 0) < 0 )
+            (void)mem_sharing_notify_enomem(p2m->domain, gfn_l, 0);
         mfn = p2m->get_entry(p2m, gfn, t, a, q, page_order, NULL);
     }
 
@@ -556,7 +557,7 @@  int p2m_set_entry(struct p2m_domain *p2m, unsigned long gfn, mfn_t mfn,
         else
             order = 0;
 
-        set_rc = p2m->set_entry(p2m, gfn, mfn, order, p2mt, p2ma, -1);
+        set_rc = p2m->set_entry(p2m, _gfn(gfn), mfn, order, p2mt, p2ma, -1);
         if ( set_rc )
             rc = set_rc;
 
@@ -735,7 +736,8 @@  p2m_remove_page(struct p2m_domain *p2m, unsigned long gfn, unsigned long mfn,
     {
         for ( i = 0; i < (1UL << page_order); i++ )
         {
-            mfn_return = p2m->get_entry(p2m, gfn + i, &t, &a, 0, NULL, NULL);
+            mfn_return = p2m->get_entry(p2m, _gfn(gfn + i), &t, &a, 0,
+                                        NULL, NULL);
             if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) )
                 set_gpfn_from_mfn(mfn+i, INVALID_M2P_ENTRY);
             ASSERT( !p2m_is_valid(t) || mfn + i == mfn_x(mfn_return) );
@@ -762,7 +764,8 @@  guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn,
                         unsigned int page_order, p2m_type_t t)
 {
     struct p2m_domain *p2m = p2m_get_hostp2m(d);
-    unsigned long i, ogfn;
+    unsigned long i;
+    gfn_t ogfn;
     p2m_type_t ot;
     p2m_access_t a;
     mfn_t omfn;
@@ -803,7 +806,7 @@  guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn,
     /* First, remove m->p mappings for existing p->m mappings */
     for ( i = 0; i < (1UL << page_order); i++ )
     {
-        omfn = p2m->get_entry(p2m, gfn_x(gfn_add(gfn, i)), &ot,
+        omfn = p2m->get_entry(p2m, gfn_add(gfn, i), &ot,
                               &a, 0, NULL, NULL);
         if ( p2m_is_shared(ot) )
         {
@@ -831,7 +834,7 @@  guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn,
                                                 0);
                 return rc;
             }
-            omfn = p2m->get_entry(p2m, gfn_x(gfn_add(gfn, i)),
+            omfn = p2m->get_entry(p2m, gfn_add(gfn, i),
                                   &ot, &a, 0, NULL, NULL);
             ASSERT(!p2m_is_shared(ot));
         }
@@ -873,21 +876,24 @@  guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t mfn,
         }
         if ( page_get_owner(mfn_to_page(mfn_add(mfn, i))) != d )
             continue;
-        ogfn = mfn_to_gfn(d, mfn_add(mfn, i));
-        if ( (ogfn != INVALID_M2P_ENTRY) && (ogfn != gfn_x(gfn_add(gfn, i))) )
+        ogfn = _gfn(mfn_to_gfn(d, mfn_add(mfn, i)));
+        if ( !gfn_eq(ogfn, _gfn(INVALID_M2P_ENTRY)) &&
+             !gfn_eq(ogfn, gfn_add(gfn, i)) )
         {
             /* This machine frame is already mapped at another physical
              * address */
             P2M_DEBUG("aliased! mfn=%#lx, old gfn=%#lx, new gfn=%#lx\n",
-                      mfn_x(mfn_add(mfn, i)), ogfn, gfn_x(gfn_add(gfn, i)));
+                      mfn_x(mfn_add(mfn, i)), gfn_x(ogfn),
+                      gfn_x(gfn_add(gfn, i)));
             omfn = p2m->get_entry(p2m, ogfn, &ot, &a, 0, NULL, NULL);
             if ( p2m_is_ram(ot) && !p2m_is_paged(ot) )
             {
                 ASSERT(mfn_valid(omfn));
                 P2M_DEBUG("old gfn=%#lx -> mfn %#lx\n",
-                          ogfn , mfn_x(omfn));
+                          gfn_x(ogfn) , mfn_x(omfn));
                 if ( mfn_eq(omfn, mfn_add(mfn, i)) )
-                    p2m_remove_page(p2m, ogfn, mfn_x(mfn_add(mfn, i)), 0);
+                    p2m_remove_page(p2m, gfn_x(ogfn), mfn_x(mfn_add(mfn, i)),
+                                    0);
             }
         }
     }
@@ -948,7 +954,7 @@  int p2m_change_type_one(struct domain *d, unsigned long gfn,
 
     gfn_lock(p2m, gfn, 0);
 
-    mfn = p2m->get_entry(p2m, gfn, &pt, &a, 0, NULL, NULL);
+    mfn = p2m->get_entry(p2m, _gfn(gfn), &pt, &a, 0, NULL, NULL);
     rc = likely(pt == ot)
          ? p2m_set_entry(p2m, gfn, mfn, PAGE_ORDER_4K, nt,
                          p2m->default_access)
@@ -1065,14 +1071,15 @@  int p2m_finish_type_change(struct domain *d,
  *    1 + new order  for caller to retry with smaller order (guaranteed
  *                   to be smaller than order passed in)
  */
-static int set_typed_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn,
-                               unsigned int order, p2m_type_t gfn_p2mt,
-                               p2m_access_t access)
+static int set_typed_p2m_entry(struct domain *d, unsigned long gfn_l,
+                               mfn_t mfn, unsigned int order,
+                               p2m_type_t gfn_p2mt, p2m_access_t access)
 {
     int rc = 0;
     p2m_access_t a;
     p2m_type_t ot;
     mfn_t omfn;
+    gfn_t gfn = _gfn(gfn_l);
     unsigned int cur_order = 0;
     struct p2m_domain *p2m = p2m_get_hostp2m(d);
 
@@ -1103,11 +1110,11 @@  static int set_typed_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn,
         }
     }
 
-    P2M_DEBUG("set %d %lx %lx\n", gfn_p2mt, gfn, mfn_x(mfn));
-    rc = p2m_set_entry(p2m, gfn, mfn, order, gfn_p2mt, access);
+    P2M_DEBUG("set %d %lx %lx\n", gfn_p2mt, gfn_l, mfn_x(mfn));
+    rc = p2m_set_entry(p2m, gfn_l, mfn, order, gfn_p2mt, access);
     if ( rc )
         gdprintk(XENLOG_ERR, "p2m_set_entry: %#lx:%u -> %d (0x%"PRI_mfn")\n",
-                 gfn, order, rc, mfn_x(mfn));
+                 gfn_l, order, rc, mfn_x(mfn));
     else if ( p2m_is_pod(ot) )
     {
         pod_lock(p2m);
@@ -1157,7 +1164,7 @@  int set_identity_p2m_entry(struct domain *d, unsigned long gfn,
 
     gfn_lock(p2m, gfn, 0);
 
-    mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, 0, NULL, NULL);
+    mfn = p2m->get_entry(p2m, _gfn(gfn), &p2mt, &a, 0, NULL, NULL);
 
     if ( p2mt == p2m_invalid || p2mt == p2m_mmio_dm )
         ret = p2m_set_entry(p2m, gfn, _mfn(gfn), PAGE_ORDER_4K,
@@ -1201,7 +1208,7 @@  int clear_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn,
         return -EIO;
 
     gfn_lock(p2m, gfn, order);
-    actual_mfn = p2m->get_entry(p2m, gfn, &t, &a, 0, &cur_order, NULL);
+    actual_mfn = p2m->get_entry(p2m, _gfn(gfn), &t, &a, 0, &cur_order, NULL);
     if ( cur_order < order )
     {
         rc = cur_order + 1;
@@ -1245,7 +1252,7 @@  int clear_identity_p2m_entry(struct domain *d, unsigned long gfn)
 
     gfn_lock(p2m, gfn, 0);
 
-    mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, 0, NULL, NULL);
+    mfn = p2m->get_entry(p2m, _gfn(gfn), &p2mt, &a, 0, NULL, NULL);
     if ( p2mt == p2m_mmio_direct && mfn_x(mfn) == gfn )
     {
         ret = p2m_set_entry(p2m, gfn, INVALID_MFN, PAGE_ORDER_4K,
@@ -1278,7 +1285,7 @@  int set_shared_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn)
         return -EIO;
 
     gfn_lock(p2m, gfn, 0);
-    omfn = p2m->get_entry(p2m, gfn, &ot, &a, 0, NULL, NULL);
+    omfn = p2m->get_entry(p2m, _gfn(gfn), &ot, &a, 0, NULL, NULL);
     /* At the moment we only allow p2m change if gfn has already been made
      * sharable first */
     ASSERT(p2m_is_shared(ot));
@@ -1330,7 +1337,7 @@  int p2m_mem_paging_nominate(struct domain *d, unsigned long gfn)
 
     gfn_lock(p2m, gfn, 0);
 
-    mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, 0, NULL, NULL);
+    mfn = p2m->get_entry(p2m, _gfn(gfn), &p2mt, &a, 0, NULL, NULL);
 
     /* Check if mfn is valid */
     if ( !mfn_valid(mfn) )
@@ -1392,7 +1399,7 @@  int p2m_mem_paging_evict(struct domain *d, unsigned long gfn)
     gfn_lock(p2m, gfn, 0);
 
     /* Get mfn */
-    mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, 0, NULL, NULL);
+    mfn = p2m->get_entry(p2m, _gfn(gfn), &p2mt, &a, 0, NULL, NULL);
     if ( unlikely(!mfn_valid(mfn)) )
         goto out;
 
@@ -1524,7 +1531,7 @@  void p2m_mem_paging_populate(struct domain *d, unsigned long gfn)
 
     /* Fix p2m mapping */
     gfn_lock(p2m, gfn, 0);
-    mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, 0, NULL, NULL);
+    mfn = p2m->get_entry(p2m, _gfn(gfn), &p2mt, &a, 0, NULL, NULL);
     /* Allow only nominated or evicted pages to enter page-in path */
     if ( p2mt == p2m_ram_paging_out || p2mt == p2m_ram_paged )
     {
@@ -1586,7 +1593,7 @@  int p2m_mem_paging_prep(struct domain *d, unsigned long gfn, uint64_t buffer)
 
     gfn_lock(p2m, gfn, 0);
 
-    mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, 0, NULL, NULL);
+    mfn = p2m->get_entry(p2m, _gfn(gfn), &p2mt, &a, 0, NULL, NULL);
 
     ret = -ENOENT;
     /* Allow missing pages */
@@ -1674,7 +1681,7 @@  void p2m_mem_paging_resume(struct domain *d, vm_event_response_t *rsp)
         unsigned long gfn = rsp->u.mem_access.gfn;
 
         gfn_lock(p2m, gfn, 0);
-        mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, 0, NULL, NULL);
+        mfn = p2m->get_entry(p2m, _gfn(gfn), &p2mt, &a, 0, NULL, NULL);
         /*
          * Allow only pages which were prepared properly, or pages which
          * were nominated but not evicted.
@@ -2263,7 +2270,7 @@  int p2m_change_altp2m_gfn(struct domain *d, unsigned int idx,
     p2m_lock(hp2m);
     p2m_lock(ap2m);
 
-    mfn = ap2m->get_entry(ap2m, gfn_x(old_gfn), &t, &a, 0, NULL, NULL);
+    mfn = ap2m->get_entry(ap2m, old_gfn, &t, &a, 0, NULL, NULL);
 
     if ( gfn_eq(new_gfn, INVALID_GFN) )
     {
@@ -2292,21 +2299,21 @@  int p2m_change_altp2m_gfn(struct domain *d, unsigned int idx,
             gfn = _gfn(gfn_x(old_gfn) & mask);
             mfn = _mfn(mfn_x(mfn) & mask);
 
-            if ( ap2m->set_entry(ap2m, gfn_x(gfn), mfn, page_order, t, a, 1) )
+            if ( ap2m->set_entry(ap2m, gfn, mfn, page_order, t, a, 1) )
                 goto out;
         }
     }
 
-    mfn = ap2m->get_entry(ap2m, gfn_x(new_gfn), &t, &a, 0, NULL, NULL);
+    mfn = ap2m->get_entry(ap2m, new_gfn, &t, &a, 0, NULL, NULL);
 
     if ( !mfn_valid(mfn) )
-        mfn = hp2m->get_entry(hp2m, gfn_x(new_gfn), &t, &a, 0, NULL, NULL);
+        mfn = hp2m->get_entry(hp2m, new_gfn, &t, &a, 0, NULL, NULL);
 
     /* Note: currently it is not safe to remap to a shared entry */
     if ( !mfn_valid(mfn) || (t != p2m_ram_rw) )
         goto out;
 
-    if ( !ap2m->set_entry(ap2m, gfn_x(old_gfn), mfn, PAGE_ORDER_4K, t, a,
+    if ( !ap2m->set_entry(ap2m, old_gfn, mfn, PAGE_ORDER_4K, t, a,
                           (current->domain != d)) )
     {
         rc = 0;
diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h
index 8f3409b400..1c9a51e9ad 100644
--- a/xen/include/asm-x86/p2m.h
+++ b/xen/include/asm-x86/p2m.h
@@ -234,13 +234,13 @@  struct p2m_domain {
     struct page_list_head pages;
 
     int                (*set_entry)(struct p2m_domain *p2m,
-                                    unsigned long gfn,
+                                    gfn_t gfn,
                                     mfn_t mfn, unsigned int page_order,
                                     p2m_type_t p2mt,
                                     p2m_access_t p2ma,
                                     int sve);
     mfn_t              (*get_entry)(struct p2m_domain *p2m,
-                                    unsigned long gfn,
+                                    gfn_t gfn,
                                     p2m_type_t *p2mt,
                                     p2m_access_t *p2ma,
                                     p2m_query_t q,