On 10/31/2025 4:09 AM, Sean Christopherson wrote:
Add and use a new API for mapping a private pfn from guest_memfd into the TDP MMU from TDX's post-populate hook instead of partially open-coding the functionality into the TDX code. Sharing code with the pre-fault path sounded good on paper, but it's fatally flawed as simulating a fault loses the pfn, and calling back into gmem to re-retrieve the pfn creates locking problems, e.g. kvm_gmem_populate() already holds the gmem invalidation lock. Providing a dedicated API will also removing several MMU exports that ideally would not be exposed outside of the MMU, let alone to vendor code. On that topic, opportunistically drop the kvm_mmu_load() export. Leave kvm_tdp_mmu_gpa_is_mapped() alone for now; the entire commit that added kvm_tdp_mmu_gpa_is_mapped() will be removed in the near future. Gate the API on CONFIG_KVM_GUEST_MEMFD=y as private memory _must_ be backed by guest_memfd. Add a lockdep-only assert to that the incoming pfn is indeed backed by guest_memfd, and that the gmem instance's invalidate lock is held (which, combined with slots_lock being held, obviates the need to check for a stale "fault"). Cc: Michael Roth <[email protected]> Cc: Yan Zhao <[email protected]> Cc: Ira Weiny <[email protected]> Cc: Vishal Annapurve <[email protected]> Cc: Rick Edgecombe <[email protected]> Reviewed-by: Rick Edgecombe <[email protected]> Reviewed-by: Kai Huang <[email protected]> Link: https://lore.kernel.org/all/[email protected] Signed-off-by: Sean Christopherson <[email protected]>
Reviewed-by: Binbin Wu <[email protected]>
