From: Sean Christopherson <seanjc@google.com>
To: Rick P Edgecombe <rick.p.edgecombe@intel.com>
Cc: Yan Y Zhao <yan.y.zhao@intel.com>,
Kai Huang <kai.huang@intel.com>,
"sagis@google.com" <sagis@google.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Erdem Aktas <erdemaktas@google.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
Isaku Yamahata <isaku.yamahata@intel.com>,
"dmatlack@google.com" <dmatlack@google.com>
Subject: Re: [PATCH 0/5] Introduce a quirk to control memslot zap behavior
Date: Thu, 20 Jun 2024 17:00:50 -0700 [thread overview]
Message-ID: <ZnTCsuShrupzHpAm@google.com> (raw)
In-Reply-To: <21b18171d36a8284987f8cf3f2d02f9d783d1c25.camel@intel.com>
On Thu, Jun 20, 2024, Rick P Edgecombe wrote:
> On Tue, 2024-06-18 at 07:34 -0700, Sean Christopherson wrote:
> > There's also option:
> >
> > c) Init disabled_quirks based on VM type.
> >
> > I.e. let userspace enable the quirk. If the VMM wants to shoot its TDX VM
> > guests, then so be it. That said, I don't like this option because it
> > would create a very bizarre ABI.
>
> I think we actually need to force it on for TDX because kvm_mmu_zap_all_fast()
> only zaps the direct (shared) root. If userspace decides to not enable the
> quirk, mirror/private memory will not be zapped on memslot deletion. Then later
> if there is a hole punch it will skip zapping that range because there is no
> memslot. Then won't it let the pages get freed while they are still mapped in
> the TD?
>
> If I got that right (not 100% sure on the gmem hole punch page freeing), I think
> KVM needs to force the behavior for TDs.
What I was suggesting is that we condition the skipping of the mirror/private
EPT pages tables on the quirk, i.e. zap *everything* for TDX VMs if the quirk is
enabled. Hence the very bizarre ABI.
next prev parent reply other threads:[~2024-06-21 0:00 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-13 6:06 [PATCH 0/5] Introduce a quirk to control memslot zap behavior Yan Zhao
2024-06-13 6:09 ` [PATCH 1/5] KVM: x86/mmu: " Yan Zhao
2024-06-13 6:10 ` [PATCH 2/5] KVM: selftests: Test slot move/delete with slot zap quirk enabled/disabled Yan Zhao
2024-06-13 6:10 ` [PATCH 3/5] KVM: selftests: Allow slot modification stress test with quirk disabled Yan Zhao
2024-06-13 6:10 ` [PATCH 4/5] KVM: selftests: Test memslot move in memslot_perf_test " Yan Zhao
2024-06-13 6:11 ` [PATCH 5/5] KVM: selftests: Test private access to deleted memslot " Yan Zhao
2024-06-13 20:01 ` [PATCH 0/5] Introduce a quirk to control memslot zap behavior Edgecombe, Rick P
2024-06-17 10:15 ` Yan Zhao
2024-06-18 14:34 ` Sean Christopherson
2024-06-20 3:59 ` Yan Zhao
2024-06-20 19:38 ` Edgecombe, Rick P
2024-06-21 0:00 ` Sean Christopherson [this message]
2024-06-21 1:06 ` Edgecombe, Rick P
2024-06-20 19:37 ` [PATCH] KVM: x86/mmu: Implement memslot deletion for TDX Rick Edgecombe
2024-06-20 19:40 ` Edgecombe, Rick P
2024-06-21 0:08 ` Sean Christopherson
2024-06-21 1:17 ` Edgecombe, Rick P
2024-06-21 2:14 ` Yan Zhao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZnTCsuShrupzHpAm@google.com \
--to=seanjc@google.com \
--cc=dmatlack@google.com \
--cc=erdemaktas@google.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=sagis@google.com \
--cc=yan.y.zhao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.