On Wed, Jun 05, 2024 at 06:24:19PM +0200, Borislav Petkov wrote:
> On Wed, Jun 05, 2024 at 03:21:42PM +0300, Kirill A. Shutemov wrote:
> > If a page can be accessed via private mapping is determined by the
> > presence in Secure EPT. This state persist across kexec.
>
> I just love it how I tickle
On Wed, Jun 05, 2024 at 03:21:42PM +0300, Kirill A. Shutemov wrote:
> If a page can be accessed via private mapping is determined by the
> presence in Secure EPT. This state persist across kexec.
I just love it how I tickle out details each time I touch this comment
because we three can't write a
On Tue, Jun 04, 2024 at 08:05:54PM +0200, Borislav Petkov wrote:
> On Tue, Jun 04, 2024 at 07:14:00PM +0300, Kirill A. Shutemov wrote:
> > /*
> > * If tdx_enc_status_changed() fails, it leaves memory
> > * in an unknown state. If the mem
On Tue, Jun 04, 2024 at 07:14:00PM +0300, Kirill A. Shutemov wrote:
> /*
>* If tdx_enc_status_changed() fails, it leaves memory
>* in an unknown state. If the memory remains shared,
>* it can result in an
On Tue, Jun 04, 2024 at 08:47:22AM -0700, Dave Hansen wrote:
> On 6/4/24 08:32, Kirill A. Shutemov wrote:
> > What about the comment below?
> >
> > /*
> > * One possible reason for the failure is if kexec raced
> > * with memory convers
On 6/4/24 08:32, Kirill A. Shutemov wrote:
> What about the comment below?
>
> /*
>* One possible reason for the failure is if kexec raced
>* with memory conversion. In this case shared bit in
>* page tab
On Mon, Jun 03, 2024 at 10:37:54AM +0200, Borislav Petkov wrote:
> On Sun, Jun 02, 2024 at 05:23:03PM +0300, Kirill A. Shutemov wrote:
> > + /*
> > +* The only thing one can do at this point on failure
> > +* is panic. It is reasonable to pr
On Sun, Jun 02, 2024 at 05:23:03PM +0300, Kirill A. Shutemov wrote:
> + /*
> + * The only thing one can do at this point on failure
> + * is panic. It is reasonable to proceed.
It makes even less sense now: panic() means "all stops and
TDX guests allocate shared buffers to perform I/O. It is done by
allocating pages normally from the buddy allocator and converting them
to shared with set_memory_decrypted().
The second, kexec-ed kernel has no idea what memory is converted this
way. It only sees E820_TYPE_RAM.
Accessing shared me