Re: [PATCH 08/16] KVM: x86/mmu: Bug the VM if kvm_zap_gfn_range() is called for TDX

[Huang, Kai]

On 17/05/2024 10:38 am, Edgecombe, Rick P wrote:
> On Fri, 2024-05-17 at 10:23 +1200, Huang, Kai wrote:
> > On 17/05/2024 9:46 am, Edgecombe, Rick P wrote:
> > > On Tue, 2024-05-14 at 17:59 -0700, Rick Edgecombe wrote:
> > > > For lack of a better method currently, use kvm_gfn_shared_mask() to
> > > > determine if private memory cannot be zapped (as in TDX, the only VM type
> > > > that sets it).
> > >
> > > Trying to replace kvm_gfn_shared_mask() with something appropriate, I saw
> > > that
> > > SNP actually uses this function:
> > > https://lore.kernel.org/kvm/20240501085210.2213060-12-michael.roth@xxxxxxx/
> > >
> > > So trying to have a helper that says "The VM can't zap and refault in memory
> > > at
> > > will" won't cut it. I guess there would have to be some more specific. I'm
> > > thinking to just drop this patch instead.
> >
> > Or KVM_BUG_ON() in the callers by explicitly checking VM type being TDX
> > as I mentioned before.
> >
> > Having such checking in a generic function like this is just dangerous
> > and not flexible.
> >
> > Just my 2 cents, though.
>
> As I said before, the point is to catch new callers. I see how it's a little
> wrong to assume the intentions of the callers, but I don't see how it's
> dangerous. Can you explain?

Dangerous means when "a little wrong to assume the intentions of the 
callers" actually goes wrong.  In other words, a general intention to 
"catch new callers" doesn't make a lot sense to me.

Anyway as said before, it's just my 2 cents, and it's totally up to you.