On Fri, Jul 18, 2025 at 11:15:59AM -0300, Jason Gunthorpe wrote: > On Fri, Jul 18, 2025 at 10:48:55AM +0800, Xu Yilun wrote: > > > If by the time KVM gets the conversion request, the page is unpinned, > > > then we're all good, right? > > > > Yes, unless guest doesn't unpin the page first by mistake. Guest would > > invoke a fw call tdg.mem.page.release to unpin the page before > > KVM_HC_MAP_GPA_RANGE. > > What does guest pinning mean? TDX firmware provides a mode, that host can't block the S-EPT mapping after TD accepts the mapping. Guest 'pins' the private mapping (KVM & IOMMU). TD should explicitly unaccept the page by tdg.mem.page.release, then host could successfully block/unmap the S-EPT. This is necessary when shared <-> private conversion. When TDX Connect is enabled, this mode is enforced. Thanks, Yilun > > Jason >
