On Tue, 2025-07-01 at 07:02 -0700, Vishal Annapurve wrote: > > guest_memfd will have to ensure that pages are unmapped from secure > > IOMMU pagetables before allowing them to be used by the host. > > > > If secure IOMMU pagetables unmapping fails, I would assume it fails in > > the similar category of rare "KVM/TDX module/IOMMUFD" bug and I think > > it makes sense to do the same tdx_buggy_shutdown() with such failures > > as well. > > In addition we will need a way to fail all further Secure IOMMU table > walks or some way to stop the active secure DMA by unbinding all the > TDIs. Maybe such scenarios warrant a BUG_ON() if recovery is not > possible as possibly any or all of the KVM/IOMMUFD/TDX module can't be > trusted for reliable functionality anymore. I mentioned this on another thread. Normal kernel BUG_ON()'s need extreme justification. As long as the system might survive, they shouldn't be used.
