On SW side, my concern is how to deal with mmu_notifier. In theory, if we get pfn from hva we should follow the userspace mapping change. But that makes no sense. Especially for TDX TEE-IO, private MMIO mapping in SEPT cannot be changed or invalidated as long as TDI is running. Another concern may be specific for TDX TEE-IO. Allowing both userspace mapping and SEPT mapping may be safe for private MMIO, but on KVM_SET_USER_MEMORY_REGION2, KVM cannot actually tell if a userspace addr is really for private MMIO. I.e. user could provide shared memory addr to KVM but declare it is for private MMIO. The shared memory then could be mapped in SEPT and cause problem. So personally I prefer no host mapping for private MMIO. Thanks, Yilun > page state tracking. > > The MMIO KVM memory slot is still marked as shared as the guest can > access it as private or shared so marking the MMIO slot as private > is not going to help. > > Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxx> > --- > arch/x86/kvm/mmu/mmu.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c > index 928cf84778b0..e74f5c3d0821 100644 > --- a/arch/x86/kvm/mmu/mmu.c > +++ b/arch/x86/kvm/mmu/mmu.c > @@ -4366,7 +4366,11 @@ static int __kvm_faultin_pfn(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault > { > bool async; > > - if (fault->is_private) > + if (fault->slot && fault->is_private && !kvm_slot_can_be_private(fault->slot) && > + (vcpu->kvm->arch.vm_type == KVM_X86_SNP_VM)) > + pr_warn("%s: private SEV TIO MMIO fault for fault->gfn=%llx\n", > + __func__, fault->gfn); > + else if (fault->is_private) > return kvm_faultin_pfn_private(vcpu, fault); > > async = false; > -- > 2.45.2 > >