[PATCH resend v6 26/30] virtio_balloon: disable reporting zeroed optimization for confidential guests

Next message: Michael S. Tsirkin: "[PATCH resend v6 27/30] mm: add free_frozen_pages_zeroed"
Previous message: Michael S. Tsirkin: "[PATCH v6 14/30] mm: hugetlb: use __GFP_ZERO and skip zeroing for zeroed pages"
In reply to: Michael S. Tsirkin: "Re: [PATCH resend v6 20/30] mm: page_alloc: clear PG_zeroed on buddy merge if not both zero"
Next in thread: Michael S. Tsirkin: "[PATCH resend v6 27/30] mm: add free_frozen_pages_zeroed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Michael S. Tsirkin

Date: Mon May 11 2026 - 05:24:48 EST

In confidential computing environments (TDX, SEV-SNP), the host
is untrusted and may lie about zeroing reported pages. Clear
DEVICE_INIT_REPORTED in validate() so the guest does not skip
re-zeroing based on hints from an untrusted device.

Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx>
Assisted-by: Claude:claude-opus-4-6
Assisted-by: cursor-agent:GPT-5.4-xhigh
---
drivers/virtio/virtio_balloon.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c
index e5d11782ce41..d1cdb904d60b 100644
--- a/drivers/virtio/virtio_balloon.c
+++ b/drivers/virtio/virtio_balloon.c
@@ -18,6 +18,7 @@
#include <linux/wait.h>
#include <linux/mm.h>
#include <linux/page_reporting.h>
+#include <linux/cc_platform.h>

/*
* Balloon device works in 4K page units. So each page is pointed to by
@@ -1190,6 +1191,8 @@ static int virtballoon_validate(struct virtio_device *vdev)
!want_init_on_free())
__virtio_clear_bit(vdev, VIRTIO_BALLOON_F_DEVICE_INIT_REPORTED);

+ if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
+ __virtio_clear_bit(vdev, VIRTIO_BALLOON_F_DEVICE_INIT_REPORTED);
__virtio_clear_bit(vdev, VIRTIO_F_ACCESS_PLATFORM);
return 0;
}
--
MST