Re: [PATCH v2 00/21] Runtime TDX Module update support

From: Dave Hansen
Date: Fri Oct 24 2025 - 16:15:35 EST

Next message: Ankit Garg: "Re: [PATCH net-next 2/3] gve: Allow ethtool to configure rx_buf_len"
Previous message: Lorenzo Stoakes: "Re: [RFC PATCH 00/12] remove is_swap_[pte, pmd]() + non-swap confusion"
In reply to: Sean Christopherson: "Re: [PATCH v2 00/21] Runtime TDX Module update support"
Next in thread: Vishal Annapurve: "Re: [PATCH v2 00/21] Runtime TDX Module update support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/24/25 13:00, Sean Christopherson wrote:
> C'mon people (especially the Google folks), this is the ***exact***
> same problem as certificate updates for SNP[1]. Y'all suggested
> holding a lock across a userspace exit back then, and Dan's analysis
> confirms my reaction from back then that "Holding a lock across an
> exit to userspace seems wildly unsafe."[2]
>
> In the end, it took more time to understand the problem then to
> sketch out and test a solution[3].
>
> Unless this somehow puts the host (kernel) at risk, this is a
> userspace problem.

If there's an similar SEV-SNP problem and accepted solution punted to
userspace that TDX can leverage, I'm 100% on board with that. Let's do that.

Next message: Ankit Garg: "Re: [PATCH net-next 2/3] gve: Allow ethtool to configure rx_buf_len"
Previous message: Lorenzo Stoakes: "Re: [RFC PATCH 00/12] remove is_swap_[pte, pmd]() + non-swap confusion"
In reply to: Sean Christopherson: "Re: [PATCH v2 00/21] Runtime TDX Module update support"
Next in thread: Vishal Annapurve: "Re: [PATCH v2 00/21] Runtime TDX Module update support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]