On 5/16/23 11:35, Ard Biesheuvel wrote: >>> Does this mean that the kernel maps memory before accepting it? As >>> otherwise, I would assume that such an access would page fault inside >>> the guest before triggering an exception related to the unaccepted >>> state. >> Yes, the kernel maps memory before accepting it (modulo things like >> DEBUG_PAGEALLOC). >> > OK, and so the architecture stipulates that prefetching or other > speculative accesses must never deliver exceptions to the host > regarding such ranges? I don't know of anywhere that this is explicitly written. It's probably implicit _somewhere_ in the reams of VMX/TDX and base SDM docs, but heck if I know where it is. :) If this is something anyone wants to see added to the SEPT_VE_DISABLE documentation, please speak up. I don't think it would be hard to get it added and provide an explicit guarantee.
