On Wed, Jun 05, 2024 at 06:24:19PM +0200, Borislav Petkov wrote: > On Wed, Jun 05, 2024 at 03:21:42PM +0300, Kirill A. Shutemov wrote: > > If a page can be accessed via private mapping is determined by the > > presence in Secure EPT. This state persist across kexec. > > I just love it how I tickle out details each time I touch this comment > because we three can't write a single concise and self-contained > explanation. :-( > > Ok, next version: > > "Private mappings persist across kexec. If tdx_enc_status_changed() fails s/Private mappings persist /Memory encryption state persists / > in the first kernel, it leaves memory in an unknown state. > > If that memory remains shared, accessing it in the *next* kernel through > a private mapping will result in an unrecoverable guest shutdown. > > The kdump kernel boot is not impacted as it uses a pre-reserved memory > range that is always private. However, gathering crash information > could lead to a crash if it accesses unconverted memory through > a private mapping which is possible when accessing that memory through > /proc/vmcore, for example. > > In all cases, print error info in order to leave enough bread crumbs for > debugging." > > I think this is getting in the right direction as it actually makes > sense now. Otherwise looks good to me. -- Kiryl Shutsemau / Kirill A. Shutemov