On Tue, Apr 05, 2022 at 05:56:36PM +0200, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > On 3/4/22 20:49, isaku.yamahata@xxxxxxxxx wrote: > > From: Sean Christopherson <sean.j.christopherson@xxxxxxxxx> > > > > TDX protects TDX guest state from VMM. Implements to access methods for > > TDX guest state to ignore them or return zero. > > > > Signed-off-by: Sean Christopherson <sean.j.christopherson@xxxxxxxxx> > > Signed-off-by: Isaku Yamahata <isaku.yamahata@xxxxxxxxx> > > For most of these, it would be interesting to see which paths actually can > be hit. For SEV, it's all cut out by > > if (vcpu->arch.guest_state_protected) > return 0; > > in functions such as __set_sregs_common. Together with the fact that TDX > does not get to e.g. handle_set_cr0, this should prevent most such calls > from happening. So most of these should be KVM_BUG_ON or WARN_ON, not just > returns. If debug mode is enabled, guest state isn't protected. memory/cpu state can be read/written via SEAMCALLs. So guest_state_protected isn't set to true. Anyway for now with this patch series, debug mode isn't supported well, I will go with adding KVM_BUG_ON/WARN_ON. -- Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
