On Mon, 2022-08-01 at 14:15 +0000, Sean Christopherson wrote: > On Mon, Aug 01, 2022, Kai Huang wrote: > > On Fri, 2022-07-29 at 15:07 +0000, Sean Christopherson wrote: > > > Lastly, in prepration for TDX, enable_mmio_caching should be changed to key off > > > of the _mask_, not the value. E.g. for TDX, the value will be '0', but the mask > > > should be SUPPRESS_VE | RWX. > > > > Agreed. But perhaps in another patch. We need to re-define what does > > mask/value mean to enable_mmio_caching. > > There's no need to redefine what they mean, the only change that needs to be made > is handle the scenario where desire value is '0'. Maybe that's all you mean by > "redefine"? My thinking is only when mask and value both are 0, enable_mmio_caching is considered disabled. vlaue=0 is valid when enable_mmio_caching is true as you said. > > Another thing to note is that only the value needs to be per-VM, the mask can be > KVM-wide, i.e. "mask = SUPPRESS_VE | RWX" will work for TDX and non-TDX VMs when > EPT is enabled. Yeah, but is more like VMX and TDX both *happen* to have the same mask? Theoretically, VMX only need RWX to trigger EPT misconfiguration but doesn't need SUPPRESS_VE. I don't see making mask/value both per-vm is a big issue? -- Thanks, -Kai
