On 3/24/2022 3:57 PM, Gerd Hoffmann wrote:
On Thu, Mar 24, 2022 at 02:52:10PM +0800, Xiaoyao Li wrote:
On 3/22/2022 5:02 PM, Gerd Hoffmann wrote:
On Thu, Mar 17, 2022 at 09:58:49PM +0800, Xiaoyao Li wrote:
Add sept-ve-disable property for tdx-guest object. It's used to
configure bit 28 of TD attributes.
What is this?
It seems this bit doesn't show up in the public spec yet.
Bit 28 (SEPT_VE_DISABLE): Disable EPT violation conversion to #VE ON guest
TD ACCESS of PENDING pages.
The TDX architecture requires a private page to be accepted before using. If
guest accesses a not-accepted (pending) page it will get #VE.
For some OS, e.g., Linux TD guest, it doesn't want the #VE on pending page
so it will set this bit.
Hmm. That looks rather pointless to me. The TDX patches for OVMF add a
#VE handler, so I suspect every guest wants #VE exceptions if even the
firmware cares to install a handler ...
#VE can be triggered in various situations. e.g., CPUID on some leaves,
and RD/WRMSR on some MSRs. #VE on pending page is just one of the
sources, Linux just wants to disable this kind of #VE since it wants to
prevent unexpected #VE during SYSCALL gap.
Also: What will happen instead? EPT fault delivered to the host?
Yes.
take care,
Gerd