From dcba56c81a5bafb2b9c83ae1c96deebdd5faa1ea Mon Sep 17 00:00:00 2001
From: "Gudaram, Meghana" <meghana.gudaram@intel.com>
Date: Wed, 11 Feb 2026 12:33:44 -0800
Subject: [PATCH] Fix to TDG.VM.WR tdcall write mask

---
 src/migtd/src/migration/rebinding.rs  | 9 +++++++--
 src/migtd/src/migration/servtd_ext.rs | 3 ++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/migtd/src/migration/rebinding.rs b/src/migtd/src/migration/rebinding.rs
index 73b000ab..b8d7c47e 100644
--- a/src/migtd/src/migration/rebinding.rs
+++ b/src/migtd/src/migration/rebinding.rs
@@ -42,6 +42,7 @@ pub use tdx_tdcall::tdx::TargetTdUuid;
 pub const TDCS_FIELD_SERVTD_REBIND_ACCEPT_TOKEN: u64 = 0x191000030000021E;
 /// The intended SERVTD_ATTR for the Service TD about to be bound to the TD.
 pub const TDCS_FIELD_SERVTD_REBIND_ATTR: u64 = 0x1910000300000222;
+const TDCS_FIELD_WRITE_MASK: u64 = u64::MAX;
 
 const TLS_TIMEOUT: Duration = Duration::from_secs(60); // 60 seconds
                                                        // FIXME: Need VMM provide socket information
@@ -698,7 +699,11 @@ pub fn write_rebinding_session_token(rebind_token: &[u8]) -> Result<(), Migratio
 
     for (idx, chunk) in rebind_token.chunks_exact(size_of::<u64>()).enumerate() {
         let elem = u64::from_le_bytes(chunk.try_into().unwrap());
-        tdcall_vm_write(TDCS_FIELD_SERVTD_REBIND_ACCEPT_TOKEN + idx as u64, elem, 0)?;
+        tdcall_vm_write(
+            TDCS_FIELD_SERVTD_REBIND_ACCEPT_TOKEN + idx as u64,
+            elem,
+            TDCS_FIELD_WRITE_MASK,
+        )?;
     }
 
     Ok(())
@@ -710,7 +715,7 @@ pub fn write_servtd_rebind_attr(servtd_attr: &[u8]) -> Result<(), MigrationResul
     }
 
     let elem = u64::from_le_bytes(servtd_attr.try_into().unwrap());
-    tdcall_vm_write(TDCS_FIELD_SERVTD_REBIND_ATTR, elem, 0)?;
+    tdcall_vm_write(TDCS_FIELD_SERVTD_REBIND_ATTR, elem, TDCS_FIELD_WRITE_MASK)?;
 
     Ok(())
 }
diff --git a/src/migtd/src/migration/servtd_ext.rs b/src/migtd/src/migration/servtd_ext.rs
index 9e0833ae..c8325163 100644
--- a/src/migtd/src/migration/servtd_ext.rs
+++ b/src/migtd/src/migration/servtd_ext.rs
@@ -22,6 +22,7 @@ pub const TDCS_FIELD_SERVTD_ATTR: u64 = 0x1910000300000202;
 /// Hash of SERVTD_EXT that the new Service TD 0 (i.e., rebound Service TD or MigTD on the
 /// destination platform) believes is the SERVTD_EXT for this TD.
 pub const TDCS_FIELD_SERVTD_ACCEPT_SERVTD_EXT_HASH: u64 = 0x1910000300000214;
+const TDCS_FIELD_WRITE_MASK: u64 = u64::MAX;
 
 #[repr(C)]
 #[derive(Clone, Copy)]
@@ -133,7 +134,7 @@ pub fn write_approved_servtd_ext_hash(servtd_ext_hash: &[u8]) -> Result<(), Migr
         tdcall_vm_write(
             TDCS_FIELD_SERVTD_ACCEPT_SERVTD_EXT_HASH + idx as u64,
             elem,
-            0,
+            TDCS_FIELD_WRITE_MASK,
         )?;
     }