On Wed, Sep 25, 2019 at 10:36:43AM +0530, Bharata B Rao wrote: > Manage migration of pages betwen normal and secure memory of secure > guest by implementing H_SVM_PAGE_IN and H_SVM_PAGE_OUT hcalls. > > H_SVM_PAGE_IN: Move the content of a normal page to secure page > H_SVM_PAGE_OUT: Move the content of a secure page to normal page > > Private ZONE_DEVICE memory equal to the amount of secure memory > available in the platform for running secure guests is created. > Whenever a page belonging to the guest becomes secure, a page from > this private device memory is used to represent and track that secure > page on the HV side. The movement of pages between normal and secure > memory is done via migrate_vma_pages() using UV_PAGE_IN and > UV_PAGE_OUT ucalls. As we discussed privately, but mentioning it here so there is a record: I am concerned about this structure > +struct kvmppc_uvmem_page_pvt { > + unsigned long *rmap; > + struct kvm *kvm; > + unsigned long gpa; > +}; which keeps a reference to the rmap. The reference could become stale if the memslot is deleted or moved, and nothing in the patch series ensures that the stale references are cleaned up. If it is possible to do without the long-term rmap reference, and instead find the rmap via the memslots (with the srcu lock held) each time we need the rmap, that would be safer, I think, provided that we can sort out the lock ordering issues. Paul.