In confidential computing environments (TDX, SEV-SNP), the host is untrusted and may lie about zeroing reported pages. Disable host_zeroes_pages so the guest does not skip re-zeroing based on the used_len hint from an untrusted device.
Signed-off-by: Michael S. Tsirkin <[email protected]> Assisted-by: Claude:claude-opus-4-6 --- drivers/virtio/virtio_balloon.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c index 708b0c344ae9..1eb9a6376038 100644 --- a/drivers/virtio/virtio_balloon.c +++ b/drivers/virtio/virtio_balloon.c @@ -18,6 +18,7 @@ #include <linux/wait.h> #include <linux/mm.h> #include <linux/page_reporting.h> +#include <linux/cc_platform.h> /* * Balloon device works in 4K page units. So each page is pointed to by @@ -1117,6 +1118,8 @@ static int virtballoon_probe(struct virtio_device *vdev) #endif vb->pr_dev_info.capacity = capacity; + vb->pr_dev_info.host_zeroes_pages = + !cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT); err = page_reporting_register(&vb->pr_dev_info); if (err) goto out_unregister_oom; -- MST
