On Tue, 2024-05-28 at 19:20 -0700, Isaku Yamahata wrote: > Right. TDX module doesn't enforce it. If we want to batch zapping, it > requires > to track the SPTE state, zapped, not TLB shoot down yet, and not removed yet. > It's simpler to issue TLB shoot per page for now. It would be future > optimization. Totally agree we should not change it now. It's just in the list of not optimized things. > > At runtime, the zapping happens when memory conversion(private -> shared) or > memslot deletion. Because it's not often, we don't have to care. Not sure I agree on this part. But in any case we can discuss it when we are in the happy situation of upstream TDX users existing and complaining about things. A great thing about it though - it's obviously correct. > For vm destruction, it's simpler to skip tlb shoot down by deleting HKID first > than to track SPTE state for batching TLB shoot down.
