From: Sean Christopherson <seanjc@google.com>
To: Rick P Edgecombe <rick.p.edgecombe@intel.com>
Cc: Yan Y Zhao <yan.y.zhao@intel.com>,
Kai Huang <kai.huang@intel.com>,
"sagis@google.com" <sagis@google.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Erdem Aktas <erdemaktas@google.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
Isaku Yamahata <isaku.yamahata@intel.com>,
"dmatlack@google.com" <dmatlack@google.com>
Subject: Re: [PATCH 0/5] Introduce a quirk to control memslot zap behavior
Date: Thu, 20 Jun 2024 17:00:50 -0700 [thread overview]
Message-ID: <ZnTCsuShrupzHpAm@google.com> (raw)
In-Reply-To: <21b18171d36a8284987f8cf3f2d02f9d783d1c25.camel@intel.com>
On Thu, Jun 20, 2024, Rick P Edgecombe wrote:
> On Tue, 2024-06-18 at 07:34 -0700, Sean Christopherson wrote:
> > There's also option:
> >
> > c) Init disabled_quirks based on VM type.
> >
> > I.e. let userspace enable the quirk. If the VMM wants to shoot its TDX VM
> > guests, then so be it. That said, I don't like this option because it
> > would create a very bizarre ABI.
>
> I think we actually need to force it on for TDX because kvm_mmu_zap_all_fast()
> only zaps the direct (shared) root. If userspace decides to not enable the
> quirk, mirror/private memory will not be zapped on memslot deletion. Then later
> if there is a hole punch it will skip zapping that range because there is no
> memslot. Then won't it let the pages get freed while they are still mapped in
> the TD?
>
> If I got that right (not 100% sure on the gmem hole punch page freeing), I think
> KVM needs to force the behavior for TDs.
What I was suggesting is that we condition the skipping of the mirror/private
EPT pages tables on the quirk, i.e. zap *everything* for TDX VMs if the quirk is
enabled. Hence the very bizarre ABI.
next prev parent reply other threads:[~2024-06-21 0:00 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-13 6:06 [PATCH 0/5] Introduce a quirk to control memslot zap behavior Yan Zhao
2024-06-13 6:09 ` [PATCH 1/5] KVM: x86/mmu: " Yan Zhao
2024-06-13 6:10 ` [PATCH 2/5] KVM: selftests: Test slot move/delete with slot zap quirk enabled/disabled Yan Zhao
2024-06-13 6:10 ` [PATCH 3/5] KVM: selftests: Allow slot modification stress test with quirk disabled Yan Zhao
2024-06-13 6:10 ` [PATCH 4/5] KVM: selftests: Test memslot move in memslot_perf_test " Yan Zhao
2024-06-13 6:11 ` [PATCH 5/5] KVM: selftests: Test private access to deleted memslot " Yan Zhao
2024-06-13 20:01 ` [PATCH 0/5] Introduce a quirk to control memslot zap behavior Edgecombe, Rick P
2024-06-17 10:15 ` Yan Zhao
2024-06-18 14:34 ` Sean Christopherson
2024-06-20 3:59 ` Yan Zhao
2024-06-20 19:38 ` Edgecombe, Rick P
2024-06-21 0:00 ` Sean Christopherson [this message]
2024-06-21 1:06 ` Edgecombe, Rick P
2024-06-20 19:37 ` [PATCH] KVM: x86/mmu: Implement memslot deletion for TDX Rick Edgecombe
2024-06-20 19:40 ` Edgecombe, Rick P
2024-06-21 0:08 ` Sean Christopherson
2024-06-21 1:17 ` Edgecombe, Rick P
2024-06-21 2:14 ` Yan Zhao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZnTCsuShrupzHpAm@google.com \
--to=seanjc@google.com \
--cc=dmatlack@google.com \
--cc=erdemaktas@google.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=sagis@google.com \
--cc=yan.y.zhao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox