On 11/13/2021 12:52 AM, Sean Christopherson wrote:
On Fri, Nov 12, 2021, Xiaoyao Li wrote:
From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
TDX doesn't expose permission bits to the VMM in the SEPT tables, i.e.,
doesn't support read-only private memory.
Introduce kvm_arch_support_readonly_mem(), which returns true except for
x86. x86 has its own implementation based on vm_type that returns faluse
for TDX VM.
Propagate it to KVM_CAP_READONLY_MEM to allow reporting on a per-VM
basis.
Assuming KVM gains support for private memslots (or memslots that _may_ be mapped
private), this is incorrect, the restriction on read-only memory only applies to
private memory. Userspace should still be allowed to create read-only shared memory.
Ditto for dirty-logging in the next patch.
Yes. I had the same concern before sending it out. :)
But I forgot to mention it.
When this patch was originally created, it was "correct" because there was no
(proposed) concept of a private memslot or of a memslot that can be mapped private.
So these two patches at least need to wait until KVM has a defind ABI for managing
guest private memory.
I'll drop the two patches for next submission.
