On Thu, 2025-10-30 at 13:09 -0700, Sean Christopherson wrote: > Pass in the mirror_spte to kvm_x86_ops.set_external_spte() to provide > symmetry with .remove_external_spte(), and assert in TDX that the mirror > SPTE is shadow-present with full RWX permissions (the TDX-Module doesn't > allow the hypervisor to control protections). > > Signed-off-by: Sean Christopherson <[email protected]>
Reviewed-by: Kai Huang <[email protected]> [...] > static int tdx_sept_set_private_spte(struct kvm *kvm, gfn_t gfn, > - enum pg_level level, kvm_pfn_t pfn) > + enum pg_level level, u64 mirror_spte) > { > struct kvm_tdx *kvm_tdx = to_kvm_tdx(kvm); > + kvm_pfn_t pfn = spte_to_pfn(mirror_spte); > > /* TODO: handle large pages. */ > if (KVM_BUG_ON(level != PG_LEVEL_4K, kvm)) > return -EIO; > > + WARN_ON_ONCE(!is_shadow_present_pte(mirror_spte) || > + (mirror_spte & VMX_EPT_RWX_MASK) != VMX_EPT_RWX_MASK); > + Nit: I am a little bit confused about when to use WARN_ON_ONCE() and KVM_BUG_ON(). :-)
