On Tue, 2024-03-19 at 17:56 -0700, Rick Edgecombe wrote: > > Because TDX supports only WB, we > > ignore the request for MTRR and lapic page change to not zap > > private > > pages on unmapping for those two cases > > Hmm. I need to go back and look at this again. It's not clear from > the > description why it is safe for the host to not zap pages if requested > to. I see why the guest wouldn't want them to be zapped. Ok, I see now how this works. MTRRs and APIC zapping happen to use the same function: kvm_zap_gfn_range(). So restricting that function from zapping private pages has the desired affect. I think it's not ideal that kvm_zap_gfn_range() silently skips zapping some ranges. I wonder if we could pass something in, so it's more clear to the caller. But can these code paths even get reaches in TDX? It sounded like MTRRs basically weren't supported.