On 2/12/21 10:22 AM, Sean Christopherson wrote: >> If anyone knows of any way for a HV to inject #VE in the syscall gap, >> please speak up. Better to know now. > Removing and reinserting the SYSCALL page (or any other page touched in the > SYSCALL gap) will result in a #VE, as TDX behavior is to generate a #VE on an > access to an unaccepated. > > Andy L pointed out this conundrum a while back. My hack idea to "solve" this > was to add an API to the TDX-Module that would allow the guest kernel to define > a set of GPAs that must never #VE. > > https://lkml.kernel.org/r/20200825171903.GA20660@sjchrist-ice Reminds me of the "what has to be mapped into userspace?" exercise for PTI. That was fun. Really, the hypervisor shouldn't be able to cause #VE's. This should be fatal to the guest, period. Or, worst case scenario, Linux should be able to set a bit that says, I will only run under sane hypervisors. If I somehow lose a bet and get a crappy, insane hypervisor, I want take my ball and go home: don't even bother running me any more. No way do we want another fragile list of magic pages that we have to maintain.
