Re: [PATCH v3 00/24] KVM: TDX huge page support for private memory

Next message: Johan Hovold: "[PATCH] most: core: fix leak on early registration failure"
Previous message: Dmitry Baryshkov: "Re: [PATCH 1/5] interconnect: Add devm_of_icc_get_by_index() as exported API for users"
In reply to: Edgecombe, Rick P: "Re: [PATCH v3 00/24] KVM: TDX huge page support for private memory"
Next in thread: Edgecombe, Rick P: "Re: [PATCH v3 00/24] KVM: TDX huge page support for private memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sean Christopherson

Date: Fri Jan 16 2026 - 11:31:48 EST

On Fri, Jan 16, 2026, Rick P Edgecombe wrote:
> On Wed, 2026-01-14 at 16:19 -0800, Sean Christopherson wrote:
> > I've no objection if e.g. tdh_mem_page_aug() wants to sanity check
> > that a PFN is backed by a struct page with a valid refcount, it's
> > code like that above that I don't want.
>
> Dave wants safety for the TDX pages getting handed to the module.

Define "safety". As I stressed earlier, blinding retrieving a "struct page" and
dereferencing that pointer is the exact opposite of safe.

> 2. Invent a new tdx_page_t type.

Still doesn't provide meaningful safety. Regardless of what type gets passed
into the low level tdh_*() helpers, it's going to require KVM to effectively cast
a bare pfn, because I am completely against passing anything other than a SPTE
to tdx_sept_set_private_spte().

> 1. Page is TDX capable memory

That's fine by me, but that's _very_ different than what was proposed here.