On Fri, May 20, 2022, at 11:31 AM, Sean Christopherson wrote:

But a dedicated KVM ioctl() to add/remove shared ranges would be easy 
to implement
and wouldn't necessarily even need to interact with the memslots.  It 
could be a
consumer of memslots, e.g. if we wanted to disallow registering regions 
without an
associated memslot, but I think we'd want to avoid even that because 
things will
get messy during memslot updates, e.g. if dirty logging is toggled or a 
shared
memory region is temporarily removed then we wouldn't want to destroy 
the tracking.

I don't think we'd want to use a bitmap, e.g. for a well-behaved guest, XArray
should be far more efficient.

One benefit to explicitly tracking this in KVM is that it might be 
useful for
software-only protected VMs, e.g. KVM could mark a region in the XArray 
as "pending"
based on guest hypercalls to share/unshare memory, and then complete 
the transaction
when userspace invokes the ioctl() to complete the share/unshare.

That makes sense.

If KVM goes this route, perhaps there the allowed states for a GPA should include private, shared, and also private-and-shared.  Then anyone who wanted to use the same masked GPA for shared and private on TDX could do so if they wanted to.