On 28/02/2024 12:20 pm, Paolo Bonzini wrote:
From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx> To support TDX, KVM is enhanced to operate with #VE. For TDX, KVM uses the suppress #VE bit in EPT entries selectively, in order to be able to trap non-present conditions. However, #VE isn't used for VMX and it's a bug if it happens. To be defensive and test that VMX case isn't broken introduce an option ept_violation_ve_test and when it's set, BUG the vm.
I am wondering from HW's point of view, is it OK for the kernel to explicitly send #VE IPI, in which case, IIUC, the guest can legally get the #VE w/o being a TDX guest?
