Re: [PATCH] x86/tdx: Preserve shared bit on mprotect()
From: Edgecombe, Rick P
Date: Fri Apr 12 2024 - 16:49:12 EST
On Fri, 2024-04-12 at 22:12 +0300, Kirill A. Shutemov wrote:
> The TDX guest platform takes one bit from the physical address to
> indicate if the page is shared (accessible by VMM). This bit is not part
> of the physical_mask and is not preserved during mprotect(). As a
> result, the 'shared' bit is lost during mprotect() on shared mappings.
>
> _COMMON_PAGE_CHG_MASK specifies which PTE bits need to be preserved
> during modification. AMD includes 'sme_me_mask' in the define to
> preserve the 'encrypt' bit.
>
> To cover both Intel and AMD cases, include 'cc_mask' in
> _COMMON_PAGE_CHG_MASK instead of 'sme_me_mask'.
>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
> Fixes: 41394e33f3a0 ("x86/tdx: Extend the confidential computing API to
> support TDX guests")
> Cc: Tom Lendacky <thomas.lendacky@xxxxxxx>
> Cc: Chris Oo <cho@xxxxxxxxxxxxx>
> Cc: Dexuan Cui <decui@xxxxxxxxxxxxx>
Reviewed-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
So does this mean there is shared memory mapped to userspace? Or is this a
theoretical correctness thing?