> On Feb 12, 2021, at 10:22 AM, Sean Christopherson <seanjc@xxxxxxxxxx> wrote: > > On Fri, Feb 12, 2021, Dave Hansen wrote: >>> On 2/12/21 8:45 AM, Peter Zijlstra wrote: >>> But you're right, if a HV injects #VE in the syscall gap and gets a >>> concurrent CPU to 'fix' the exception frame (which then lives on the >>> user stack) the handler might never know it went ga-ga. >>> >>> Is this something the TDX thread model covers? A malicous HV and a TDX >>> guest co-operating to bring down the guest kernel. >> >> I'll say this: The current TDX guest code that Sathya posted is >> predicated on an assumption that an malicious HV can not inject a #VE in >> the syscall gap, or any of the other sensitive paths. >> >> A #VE in the syscall gap is just as fatal as a #PF or #GP would be >> there. If TDX can't provide guarantees to the guest that a #VE won't >> happen there, then TDX is broken, or the kernel implementation is broken. >> >> If anyone knows of any way for a HV to inject #VE in the syscall gap, >> please speak up. Better to know now. > > Removing and reinserting the SYSCALL page (or any other page touched in the > SYSCALL gap) will result in a #VE, as TDX behavior is to generate a #VE on an > access to an unaccepated. > > Andy L pointed out this conundrum a while back. My hack idea to "solve" this > was to add an API to the TDX-Module that would allow the guest kernel to define > a set of GPAs that must never #VE. > > https://lkml.kernel.org/r/20200825171903.GA20660@sjchrist-ice Is the TDX module involved in #HV delivery? Just how much cleverness is possible without silicon changes?
