On Fri, Feb 12, 2021 at 04:19:22PM +0100, Peter Zijlstra wrote: > That's the thing, we don't want #VE to happen in noinstr code *ever*. > > noinstr covers the whole entry code, things like the syscall gap and nmi > recursion setup. Getting a #VE there is fail. I don't know the details about TDX and #VE, but could a malicious HV not trigger a #VE basically everywhere by mapping around pages? So 'fail' means panic() in this case, right? > So most per-cpu data can be on-demand, but some of it must absolutely > not be. The kernel can validate those itself in the early setup code, the decompressor shouldn't care about those details. Regards, Joerg
