On Thu, 2021-03-18 at 10:19 +0100, Joerg Roedel wrote: > On Tue, Mar 16, 2021 at 12:51:20PM +0200, Maxim Levitsky wrote: > > I agree but what is wrong with that? > > This is a debug feature, and it only can be enabled by the root, > > and so someone might actually want this case to happen > > (e.g to see if a SEV guest can cope with extra #VC exceptions). > > That doesn't make sense, we know that and SEV-ES guest can't cope with > extra #VC exceptions, so there is no point in testing this. It is more a > way to shot oneself into the foot for the user and a potential source of > bug reports for SEV-ES guests. But again this is a debug feature, and it is intended to allow the user to shoot himself in the foot. Bug reports for a debug feature are autoclosed. It is no different from say poking kernel memory with its built-in gdbstub, for example. Best regards, Maxim Levitsky > > > > I have nothing against not allowing this for SEV-ES guests though. > > What do you think? > > I think SEV-ES guests should only have the intercept bits set which > guests acutally support > > Regards, > > Joerg >
