On Mon, Feb 26, 2024, isaku.yamahata@xxxxxxxxx wrote:
> +int tdx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t fastpath)
> +{
> + union tdx_exit_reason exit_reason = to_tdx(vcpu)->exit_reason;
> +
> + /* See the comment of tdh_sept_seamcall(). */
> + if (unlikely(exit_reason.full == (TDX_OPERAND_BUSY | TDX_OPERAND_ID_SEPT)))
> + return 1;
> +
> + /*
> + * TDH.VP.ENTRY checks TD EPOCH which contend with TDH.MEM.TRACK and
> + * vcpu TDH.VP.ENTER.
> + */
> + if (unlikely(exit_reason.full == (TDX_OPERAND_BUSY | TDX_OPERAND_ID_TD_EPOCH)))
> + return 1;
> +
> + if (unlikely(exit_reason.full == TDX_SEAMCALL_UD)) {
> + kvm_spurious_fault();
> + /*
> + * In the case of reboot or kexec, loop with TDH.VP.ENTER and
> + * TDX_SEAMCALL_UD to avoid unnecessarily activity.
> + */
> + return 1;
No. This is unnecessarily risky. KVM_BUG_ON() and exit to userspace. The
response to "SEAMCALL faulted" should never be, "well, let's try again!".
Also, what about #GP on SEAMCALL? In general, the error handling here seems
lacking.
