Re: [PATCH 10/11] KVM: Disallow read-only memory for x86 TDX

[Sean Christopherson]

On Fri, Nov 12, 2021, Xiaoyao Li wrote:
> From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
> 
> TDX doesn't expose permission bits to the VMM in the SEPT tables, i.e.,
> doesn't support read-only private memory.
> 
> Introduce kvm_arch_support_readonly_mem(), which returns true except for
> x86. x86 has its own implementation based on vm_type that returns faluse
> for TDX VM.
> 
> Propagate it to KVM_CAP_READONLY_MEM to allow reporting on a per-VM
> basis.

Assuming KVM gains support for private memslots (or memslots that _may_ be mapped
private), this is incorrect, the restriction on read-only memory only applies to
private memory.  Userspace should still be allowed to create read-only shared memory.
Ditto for dirty-logging in the next patch.

When this patch was originally created, it was "correct" because there was no
(proposed) concept of a private memslot or of a memslot that can be mapped private.

So these two patches at least need to wait until KVM has a defind ABI for managing
guest private memory.