On Fri, 2024-09-06 at 13:41 +1200, Huang, Kai wrote: > 3) That means the _ONLY_ reason to retry in the common code for > TDH_MEM_xx()s is to mitigate zero-step attack by reducing the times of > letting guest to fault on the same instruction. My read of the zero-step mitigation is that it is implemented in the TDX module. (which makes sense since it is defending against VMMs). There is some optional ability for the guest to request notification, but the host defense is always in place. Is that your understanding? > > I don't think we need to handle zero-step attack mitigation in the first > TDX support submission. So I think we can just remove this patch. Thanks for highlighting the weirdness here. I think it needs more investigation.
