On Fri, Feb 12, 2021 at 05:12:41PM +0100, Peter Zijlstra wrote: > On Fri, Feb 12, 2021 at 04:28:13PM +0100, Joerg Roedel wrote: > > I don't know the details about TDX and #VE, but could a malicious HV not > > trigger a #VE basically everywhere by mapping around pages? So 'fail' > > means panic() in this case, right? > > Right. To fail reliably, doesn't that mean the #VE vector needs to be IST? "Everywhere" could also be in the SYSCALL entry path before there is a trusted stack. Regards, Joerg
