On Wed, Jun 05, 2024 at 03:21:42PM +0300, Kirill A. Shutemov wrote: > If a page can be accessed via private mapping is determined by the > presence in Secure EPT. This state persist across kexec. I just love it how I tickle out details each time I touch this comment because we three can't write a single concise and self-contained explanation. :-( Ok, next version: "Private mappings persist across kexec. If tdx_enc_status_changed() fails in the first kernel, it leaves memory in an unknown state. If that memory remains shared, accessing it in the *next* kernel through a private mapping will result in an unrecoverable guest shutdown. The kdump kernel boot is not impacted as it uses a pre-reserved memory range that is always private. However, gathering crash information could lead to a crash if it accesses unconverted memory through a private mapping which is possible when accessing that memory through /proc/vmcore, for example. In all cases, print error info in order to leave enough bread crumbs for debugging." I think this is getting in the right direction as it actually makes sense now. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette