On Wed, May 29, 2024 at 01:50:05AM +0000, "Edgecombe, Rick P" <rick.p.edgecombe@xxxxxxxxx> wrote: > On Tue, 2024-05-28 at 18:16 -0700, Isaku Yamahata wrote: > > > Looking at how to create some more explainable code here, I'm also wondering > > > about the tdx_track() call in tdx_sept_remove_private_spte(). I didn't > > > realize > > > it will send IPIs to each vcpu for *each* page getting zapped. Another one > > > in > > > the "to optimize later" bucket I guess. And I guess it won't happen very > > > often. > > > > We need it. Without tracking (or TLB shoot down), we'll hit > > TDX_TLB_TRACKING_NOT_DONE. The TDX module has to guarantee that there is no > > remaining TLB entries for pages freed by TDH.MEM.PAGE.REMOVE(). > > It can't be removed without other changes, but the TDX module doesn't enforce > that you have to zap and shootdown a page at at time, right? Like it could be > batched. Right. TDX module doesn't enforce it. If we want to batch zapping, it requires to track the SPTE state, zapped, not TLB shoot down yet, and not removed yet. It's simpler to issue TLB shoot per page for now. It would be future optimization. At runtime, the zapping happens when memory conversion(private -> shared) or memslot deletion. Because it's not often, we don't have to care. For vm destruction, it's simpler to skip tlb shoot down by deleting HKID first than to track SPTE state for batching TLB shoot down. -- Isaku Yamahata <isaku.yamahata@xxxxxxxxx>