From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx> Require the TDP MMU for guest TDs, the so called "shadow" MMU does not support mapping guest private memory, i.e. does not support Secure-EPT. Signed-off-by: Isaku Yamahata <isaku.yamahata@xxxxxxxxx> --- arch/x86/kvm/mmu/tdp_mmu.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c index ce69535754ff..823c1ef807eb 100644 --- a/arch/x86/kvm/mmu/tdp_mmu.c +++ b/arch/x86/kvm/mmu/tdp_mmu.c @@ -18,8 +18,12 @@ int kvm_mmu_init_tdp_mmu(struct kvm *kvm) { struct workqueue_struct *wq; + /* + * Because only the TDP MMU supports TDX, require the TDP MMU for guest + * TDs. + */ if (!tdp_enabled || !READ_ONCE(tdp_mmu_enabled)) - return 0; + return kvm->arch.vm_type == KVM_X86_TDX_VM ? -EOPNOTSUPP : 0; wq = alloc_workqueue("kvm", WQ_UNBOUND|WQ_MEM_RECLAIM|WQ_CPU_INTENSIVE, 0); if (!wq) -- 2.25.1