On Fri, Nov 12, 2021, Xiaoyao Li wrote: > From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx> > > TDX doesn't expose permission bits to the VMM in the SEPT tables, i.e., > doesn't support read-only private memory. > > Introduce kvm_arch_support_readonly_mem(), which returns true except for > x86. x86 has its own implementation based on vm_type that returns faluse > for TDX VM. > > Propagate it to KVM_CAP_READONLY_MEM to allow reporting on a per-VM > basis. Assuming KVM gains support for private memslots (or memslots that _may_ be mapped private), this is incorrect, the restriction on read-only memory only applies to private memory. Userspace should still be allowed to create read-only shared memory. Ditto for dirty-logging in the next patch. When this patch was originally created, it was "correct" because there was no (proposed) concept of a private memslot or of a memslot that can be mapped private. So these two patches at least need to wait until KVM has a defind ABI for managing guest private memory.
