From: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
To: "bp@alien8.de" <bp@alien8.de>,
"marcandre.lureau@redhat.com" <marcandre.lureau@redhat.com>,
"kas@kernel.org" <kas@kernel.org>,
"hpa@zytor.com" <hpa@zytor.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"x86@kernel.org" <x86@kernel.org>,
"tglx@kernel.org" <tglx@kernel.org>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"Qiang, Chenyi" <chenyi.qiang@intel.com>
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 1/2] x86/tdx: Handle TDG.MEM.PAGE.ACCEPT success-with-warning returns
Date: Tue, 24 Mar 2026 22:02:37 +0000 [thread overview]
Message-ID: <928bb81af66232a7c898758e42ad59dc95edd345.camel@intel.com> (raw)
In-Reply-To: <20260324-tdx-hotplug-fixes-v1-1-8f29f2c17278@redhat.com>
On Tue, 2026-03-24 at 19:21 +0400, Marc-André Lureau wrote:
> try_accept_one() treats any non-zero return from __tdcall() as a
> failure. However, per the TDX Module Base Spec (Table SEPT Walk Cases),
> TDG.MEM.PAGE.ACCEPT returns a non-zero status code with bit 63 clear
> when the target page is already in MAPPED state (i.e., already
> accepted). This is a "success-with-warning" -- the page is usable and no
> action is needed.
>
> Check only bit 63 (TDX_ERROR) to distinguish real errors from
> success-with-warning returns, rather than treating all non-zero values
> as failures.
>
> Assisted-by: Claude:claude-opus-4-6
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Hmm. Accepting private memory is a security sensitive operation, so I think it
is probably bad to silently hide the detection of re-accepting.
For example, if the kernel accepts a page and sets some values in it, the VMM
could reset the data to zero by re-adding the page and letting the second accept
zero it. It allows the VMM to have some limited ability to mess with guest data.
If we detect a re-accept we should probably warn on it actually.
Not sure on if the specific case in this series is problematic, but this patch
changes the behavior generally.
next prev parent reply other threads:[~2026-03-24 22:02 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-24 15:21 [PATCH 0/2] x86/tdx: Fix memory hotplug in TDX guests Marc-André Lureau
2026-03-24 15:21 ` [PATCH 1/2] x86/tdx: Handle TDG.MEM.PAGE.ACCEPT success-with-warning returns Marc-André Lureau
2026-03-24 22:02 ` Edgecombe, Rick P [this message]
2026-03-24 15:21 ` [PATCH 2/2] x86/tdx: Accept hotplugged memory before online Marc-André Lureau
2026-03-24 22:03 ` Edgecombe, Rick P
2026-03-25 10:29 ` Marc-André Lureau
2026-03-25 17:21 ` Edgecombe, Rick P
2026-03-26 18:25 ` Paolo Bonzini
2026-03-26 20:40 ` Edgecombe, Rick P
2026-03-27 3:05 ` Chenyi Qiang
2026-03-27 8:49 ` David Hildenbrand (Arm)
2026-03-27 8:28 ` Yan Zhao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=928bb81af66232a7c898758e42ad59dc95edd345.camel@intel.com \
--to=rick.p.edgecombe@intel.com \
--cc=bp@alien8.de \
--cc=chenyi.qiang@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kas@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=marcandre.lureau@redhat.com \
--cc=mingo@redhat.com \
--cc=tglx@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox