On Fri, 16 Apr 2021 18:40:53 +0300, Kirill A. Shutemov wrote: > TDX integrity check failures may lead to system shutdown host kernel must > not allow any writes to TD-private memory. This requirment clashes with > KVM design: KVM expects the guest memory to be mapped into host userspace > (e.g. QEMU). > This patchset aims to start discussion on how we can approach the issue. Hi Kirill, Some potential food for thought: Repurpose Linux page hwpoison semantics for TDX-private memory protection is smart, however, treating PG_hwpoison or hwpoison swap pte differently when kvm->mem_protected=true implicitly disabled the original capability of page hwpoison: protecting the whole system from known corrupted physical memory and giving user space applications an opportunity to recover from physical memory corruptions. Have you considered introducing a set of similar but independent page/pte semantics for TDX private memory protection purpose? Best regards, -Jue
