On Thu, 2026-01-22 at 14:47 -0800, Ackerley Tng wrote: > > There's no use case I can think of for unmapping TDX private memory > from the host direct map, but Sean's suggestion > https://lore.kernel.org/all/[email protected]/ won't even > let shared guest_memfd memory be unmapped from the direct map for TDX > VMs.
Ah! > > Actually, does TDX's clflush that assumes presence in the direct map > apply only for private pages, or all pages? > > If TDX's clflush only happens for private pages, then we could > restore private pages to the direct map, and then we'd be safe even > for TDX? Yes, just private pages need the special treatment. But it will be much simpler to start with just blocking the option for TDX. A shared pages only mode could come later. In general I think we should try to break things up like this when we can. Kernel code is not set in stone, only ABI. I think it will lead to overall faster upstreaming, because the series' can be simpler.
