> > So cloud providers should have an interest to prevent such random stray > > accesses if they wanna have guests. :) > > Yes, but IMO inducing a fault in the guest because of _host_ bug is wrong. I want to push back on "inducing a fault in the guest because of _host_ bug is wrong.". The guest is _required_ to be robust against the host maliciously (or accidentally) writing its memory. SNP security depends on the guest detecting such writes. Therefore, why is leveraging this system property that the guest will detect when its private memory has been written wrong? Especially when its orders or magnitudes simpler than the alternative to have everything in the system -- kernel, user-space, and guest -- all coordinate to agree what's private and what's shared. Such a complex approach is likely to bring a lot of bugs, vulnerabilities, and limitations on future design into the picture.
