Re: [RFCv2 00/13] TDX and guest memory unmapping

From: Jue Wang
Date: Thu Apr 22 2021 - 10:36:40 EST

Next message: Uwe Kleine-König: "Re: [PATCH] leds: trigger/tty: feature data direction"
Previous message: Yonghong Song: "Re: Help with verifier failure"
In reply to: Matthew Wilcox: "Re: [RFCv2 00/13] TDX and guest memory unmapping"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 16 Apr 2021 18:40:53 +0300, Kirill A. Shutemov wrote:

> TDX integrity check failures may lead to system shutdown host kernel must
> not allow any writes to TD-private memory. This requirment clashes with
> KVM design: KVM expects the guest memory to be mapped into host userspace
> (e.g. QEMU).

> This patchset aims to start discussion on how we can approach the issue.

Hi Kirill,

Some potential food for thought:

Repurpose Linux page hwpoison semantics for TDX-private memory protection is
smart, however, treating PG_hwpoison or hwpoison swap pte differently when
kvm->mem_protected=true implicitly disabled the original capability of page
hwpoison: protecting the whole system from known corrupted physical memory
and giving user space applications an opportunity to recover from physical
memory corruptions.

Have you considered introducing a set of similar but independent
page/pte semantics
for TDX private memory protection purpose?

Best regards,
-Jue

Next message: Uwe Kleine-König: "Re: [PATCH] leds: trigger/tty: feature data direction"
Previous message: Yonghong Song: "Re: Help with verifier failure"
In reply to: Matthew Wilcox: "Re: [RFCv2 00/13] TDX and guest memory unmapping"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]