From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx> Require the TDP MMU for guest TDs, the so called "shadow" MMU does not support mapping guest private memory, i.e. does not support Secure-EPT. Signed-off-by: Isaku Yamahata <isaku.yamahata@xxxxxxxxx> --- arch/x86/kvm/mmu/tdp_mmu.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kvm/mmu/tdp_mmu.c b/arch/x86/kvm/mmu/tdp_mmu.c index fdcff390ebc2..6c3ce4121a46 100644 --- a/arch/x86/kvm/mmu/tdp_mmu.c +++ b/arch/x86/kvm/mmu/tdp_mmu.c @@ -27,6 +27,13 @@ int kvm_mmu_init_tdp_mmu(struct kvm *kvm) if (kvm->arch.vm_type == KVM_X86_TDX_VM && !enable_mmio_caching) return -EOPNOTSUPP; + /* + * Because only the TDP MMU supports TDX, require the TDP MMU for guest + * TDs. + */ + if (kvm->arch.vm_type == KVM_X86_TDX_VM && !tdp_enabled) + return -EOPNOTSUPP; + if (!tdp_enabled || !READ_ONCE(tdp_mmu_enabled)) return 0; -- 2.25.1