BTW, the role bit is the thing I'm wondering if we really need, because we have shared_mask. While the shared_mask is used for lots of things today, we need still need it for masking GPAs. Where as the role bit is only needed to know if a SP is for private (which we can tell from the GPA).
Yeah we can have a second thought on whether sp.role.private is necessary. It is useful in shadow MMU (which we originally used to support at the first place), but may not be necessary for TDP MMU.