Add support for TDG.PAGE.RELEASE when TDXConnect is in use. by Raz-Aloni · Pull Request #3748 · microsoft/openvmm

Raz-Aloni · 2026-06-15T20:55:03Z

In TDX, on TDs where TDX Connect is enabled, private pages must be explicitly released via TDG.MEM.PAGE.RELEASE before they can be made shared/host-visible, otherwise VMM calls to TDH.MEM.RANGE.BLOCK will fail.

This change modifies both openhcl and openhcl_boot to add a query for TDX Connect enablement on the current TD, and if enabled, TDG.MEM.PAGE.RELEASE calls will be made. TDs without TDXConnect have unchanged behavior.

Per Intel guidance, TDG.VM.RD on the TD-scope CONFIG_FLAGS field is sufficient to detect TDX Connect / page-release support, so the TDG.SYS.RD path (and the global-scope TDX_FEATURES0 metadata) is no longer needed. Remove the SYS.RD leaf, the tdcall_sys_rd helper, TdFeatures0, TdgSysRdResult, TDX_FIELD_CODE_TDX_FEATURES0, and all associated callers in openhcl_boot, hcl, and underhill_mem. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

github-actions · 2026-06-15T20:55:27Z

⚠️ Unsafe Code Detected

This PR modifies files containing unsafe Rust code. Extra scrutiny is required during review.

For more on why we check whole files, instead of just diffs, check out the Rustonomicon

microsoft-github-policy-service · 2026-06-15T20:55:39Z

@Raz-Aloni please read the following Contributor License Agreement(CLA). If you agree with the CLA, please reply with the following information.

@microsoft-github-policy-service agree [company="{your company}"]

Options:

(default - no company specified) I have sole ownership of intellectual property rights to my Submissions and I am not making Submissions in the course of work for my employer.
@microsoft-github-policy-service agree
(when company given) I am making Submissions in the course of work for my employer (or my employer has intellectual property rights in my Submissions by contract or applicable law). I have permission from my employer to make Submissions and enter into this Agreement on behalf of my employer. By signing below, the defined term “You” includes me and my employer.
@microsoft-github-policy-service agree company="Microsoft"

Contributor License Agreement

Contribution License Agreement

This Contribution License Agreement (“Agreement”) is agreed to by the party signing below (“You”),
and conveys certain license rights to Microsoft Corporation and its affiliates (“Microsoft”) for Your
contributions to Microsoft open source projects. This Agreement is effective as of the latest signature
date below.

Definitions.
“Code” means the computer software code, whether in human-readable or machine-executable form,
that is delivered by You to Microsoft under this Agreement.
“Project” means any of the projects owned or managed by Microsoft and offered under a license
approved by the Open Source Initiative (www.opensource.org).
“Submit” is the act of uploading, submitting, transmitting, or distributing code or other content to any
Project, including but not limited to communication on electronic mailing lists, source code control
systems, and issue tracking systems that are managed by, or on behalf of, the Project for the purpose of
discussing and improving that Project, but excluding communication that is conspicuously marked or
otherwise designated in writing by You as “Not a Submission.”
“Submission” means the Code and any other copyrightable material Submitted by You, including any
associated comments and documentation.
Your Submission. You must agree to the terms of this Agreement before making a Submission to any
Project. This Agreement covers any and all Submissions that You, now or in the future (except as
described in Section 4 below), Submit to any Project.
Originality of Work. You represent that each of Your Submissions is entirely Your original work.
Should You wish to Submit materials that are not Your original work, You may Submit them separately
to the Project if You (a) retain all copyright and license information that was in the materials as You
received them, (b) in the description accompanying Your Submission, include the phrase “Submission
containing materials of a third party:” followed by the names of the third party and any licenses or other
restrictions of which You are aware, and (c) follow any other instructions in the Project’s written
guidelines concerning Submissions.
Your Employer. References to “employer” in this Agreement include Your employer or anyone else
for whom You are acting in making Your Submission, e.g. as a contractor, vendor, or agent. If Your
Submission is made in the course of Your work for an employer or Your employer has intellectual
property rights in Your Submission by contract or applicable law, You must secure permission from Your
employer to make the Submission before signing this Agreement. In that case, the term “You” in this
Agreement will refer to You and the employer collectively. If You change employers in the future and
desire to Submit additional Submissions for the new employer, then You agree to sign a new Agreement
and secure permission from the new employer before Submitting those Submissions.
Licenses.

Copyright License. You grant Microsoft, and those who receive the Submission directly or
indirectly from Microsoft, a perpetual, worldwide, non-exclusive, royalty-free, irrevocable license in the
Submission to reproduce, prepare derivative works of, publicly display, publicly perform, and distribute
the Submission and such derivative works, and to sublicense any or all of the foregoing rights to third
parties.
Patent License. You grant Microsoft, and those who receive the Submission directly or
indirectly from Microsoft, a perpetual, worldwide, non-exclusive, royalty-free, irrevocable license under
Your patent claims that are necessarily infringed by the Submission or the combination of the
Submission with the Project to which it was Submitted to make, have made, use, offer to sell, sell and
import or otherwise dispose of the Submission alone or with the Project.
Other Rights Reserved. Each party reserves all rights not expressly granted in this Agreement.
No additional licenses or rights whatsoever (including, without limitation, any implied licenses) are
granted by implication, exhaustion, estoppel or otherwise.

Representations and Warranties. You represent that You are legally entitled to grant the above
licenses. You represent that each of Your Submissions is entirely Your original work (except as You may
have disclosed under Section 3). You represent that You have secured permission from Your employer to
make the Submission in cases where Your Submission is made in the course of Your work for Your
employer or Your employer has intellectual property rights in Your Submission by contract or applicable
law. If You are signing this Agreement on behalf of Your employer, You represent and warrant that You
have the necessary authority to bind the listed employer to the obligations contained in this Agreement.
You are not expected to provide support for Your Submission, unless You choose to do so. UNLESS
REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING, AND EXCEPT FOR THE WARRANTIES
EXPRESSLY STATED IN SECTIONS 3, 4, AND 6, THE SUBMISSION PROVIDED UNDER THIS AGREEMENT IS
PROVIDED WITHOUT WARRANTY OF ANY KIND, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY OF
NONINFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE.
Notice to Microsoft. You agree to notify Microsoft in writing of any facts or circumstances of which
You later become aware that would make Your representations in this Agreement inaccurate in any
respect.
Information about Submissions. You agree that contributions to Projects and information about
contributions may be maintained indefinitely and disclosed publicly, including Your name and other
information that You submit with Your Submission.
Governing Law/Jurisdiction. This Agreement is governed by the laws of the State of Washington, and
the parties consent to exclusive jurisdiction and venue in the federal courts sitting in King County,
Washington, unless no federal subject matter jurisdiction exists, in which case the parties consent to
exclusive jurisdiction and venue in the Superior Court of King County, Washington. The parties waive all
defenses of lack of personal jurisdiction and forum non-conveniens.
Entire Agreement/Assignment. This Agreement is the entire agreement between the parties, and
supersedes any and all prior agreements, understandings or communications, written or oral, between
the parties relating to the subject matter hereof. This Agreement may be assigned by Microsoft.

Copilot

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds support for TDX Connect–related behavior by introducing TD configuration flag retrieval (TDG.VM.RD) and implementing page release (TDG.MEM.PAGE.RELEASE) plumbing, then wiring page release into TDX page-visibility transitions.

Changes:

Add new TDX definitions for CONFIG_FLAGS metadata and TDG.MEM.PAGE.RELEASE inputs/outputs.
Implement TDG.MEM.PAGE.RELEASE + range helper and TDG.VM.RD (CONFIG_FLAGS parsing) in tdcall.
Use CONFIG_FLAGS to conditionally require page release before making pages host-visible.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
vm/x86/x86defs/src/tdx.rs	Adds leaf/metadata constants and bitfield structs for config flags + page release.
vm/x86/tdcall/src/lib.rs	Implements TDG.MEM.PAGE.RELEASE, range release helper, and TDG.VM.RD for CONFIG_FLAGS.
openhcl/underhill_mem/src/lib.rs	Conditionally calls TDX page release when unaccepting pages under TDX Connect.
openhcl/openhcl_boot/src/arch/x86_64/tdx.rs	Calls page release before host-visible mapping when TDX Connect is enabled and caches CONFIG_FLAGS.
openhcl/hcl/src/ioctl/tdx.rs	Exposes VTL helpers for config flag read and page release TDCalls.

+    pub level: TdgMemPageLevel,
+    #[bits(9)]
+    pub reserved: u64,
+    /// The page number for this accept call.


+    pub level: TdgMemPageLevel,
+    #[bits(9)]
+    pub reserved: u64,
+    /// The page number for this accept call.


+    #[bits(1)]
+    pub reserved3: u8,


+    #[error("page size mismatch. Expected size {1:?}: {0:?}")]
+    PageSizeMismatch(TdCallResultCode, TdgMemPageLevel),


+            let config_flags = mshv_vtl.tdx_get_config_flags();
+            if config_flags.tdx_connect() {
+                assert!(config_flags.page_release());
+
+                flags.tdx_page_release_required = true;
+            }


chris-oo · 2026-06-18T10:48:59Z

+                if self.flags.tdx_page_release_required {
+                    self.mshv_vtl
+                        .tdx_release_pages(range)
+                        .expect("Failed to release pages");
+                }


no this should be expect. but you should put the range of the page that failed to release (or what page it was) as part of the expect failure

+    // If TDX Connect is present, then TDG.MEM.PAGE.RELEASE must be called before making pages host-visible.
+    if host_visible && get_td_config_flags().tdx_connect() {
+        assert!(get_td_config_flags().page_release());


smalis-msft · 2026-06-15T21:05:31Z

+            && range.len() >= x86defs::X64_LARGE_PAGE_SIZE
+        {
+            if let Err(e) = tdcall_release_page(call, range.start_4k_gpn(), true) {
+                match e {


Since we're only checking for one variant I feel like this would read cleaner as an if let instead of a match.

smalis-msft · 2026-06-15T21:08:40Z

+pub fn tdcall_vm_rd(
+    call: &mut impl Tdcall,
+    field_id: TdxExtendedFieldCode,
+) -> Result<TdgVmRdResult, TdCallResult> {


Would it be cleaner to just return r8 and let the caller construct the enum? That way all callers of this method wouldn't have to worry about the case of getting the wrong output type somehow. Maybe we could even have each caller pass in their expected field_id, and this method could turn a mismatch into an error/panic.

some kind of enum or generic function? I do agree that the fact that callers have to do this unreachable! dance means this API is wrong.

github-actions · 2026-06-15T23:57:57Z

1 Petri tests failed (0 unstable)

chris-oo

see feedback. what is the timeline for us to have this path tested in ci?

chris-oo · 2026-06-18T10:46:07Z

 }

+#[bitfield(u64)]
+pub struct TdConfigFlags {


can we link to all the defns here to the corresponding defn in intel's specifications?

chris-oo · 2026-06-18T10:47:14Z

+pub fn tdcall_vm_rd(
+    call: &mut impl Tdcall,
+    field_id: TdxExtendedFieldCode,
+) -> Result<TdgVmRdResult, TdCallResult> {


some kind of enum or generic function? I do agree that the fact that callers have to do this unreachable! dance means this API is wrong.

chris-oo · 2026-06-18T10:47:50Z

+
+    let mut range = range;
+    while !range.is_empty() {
+        // Attempt to release in large page chunks, if possible.


don't we do this pattern somewhere else in the file? should we have a common fn op for this?

chris-oo · 2026-06-18T10:48:59Z

+                if self.flags.tdx_page_release_required {
+                    self.mshv_vtl
+                        .tdx_release_pages(range)
+                        .expect("Failed to release pages");
+                }


no this should be expect. but you should put the range of the page that failed to release (or what page it was) as part of the expect failure

chris-oo · 2026-06-18T10:49:46Z

+        let mut flags = MemoryAcceptorFlags::default();
+
+        if isolation == IsolationType::Tdx {
+            // Check if TDX Connect is enabled on this TD. If so, page release is required when


why do we do this, instead of just checking for page release?

Raz-Aloni and others added 15 commits June 10, 2026 14:59

Add MEM_PAGE_RELEASE Leaf

316a099

define rcx regs for mempage release

04decb8

fixup

e08212c

implement tdcall_release_page

265de31

release by range

6f46405

SYS.RD consts

0a93f3c

TDG.sys.rd

7e8bba1

boot impl

e390022

also check tdxconnect

0b762f1

vmrd

ef18a26

use TDG.VM.RD

f028ba0

add todo

d36e88c

todo

09b9482

usermode runtime

7093de6

Copilot AI review requested due to automatic review settings June 15, 2026 20:55

Raz-Aloni requested a review from a team as a code owner June 15, 2026 20:55

github-actions Bot added the unsafe Related to unsafe code label Jun 15, 2026

Copilot AI reviewed Jun 15, 2026

View reviewed changes

smalis-msft reviewed Jun 15, 2026

View reviewed changes

Merge branch 'main' into page_release

dc8e8cc

chris-oo reviewed Jun 18, 2026

View reviewed changes

		#[error("page size mismatch. Expected size {1:?}: {0:?}")]
		PageSizeMismatch(TdCallResultCode, TdgMemPageLevel),

Conversation

Raz-Aloni commented Jun 15, 2026

Uh oh!

github-actions Bot commented Jun 15, 2026

Uh oh!

microsoft-github-policy-service Bot commented Jun 15, 2026

Contribution License Agreement

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

github-actions Bot commented Jun 15, 2026

Uh oh!

chris-oo left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants