> > Is this something the TDX thread model covers? A malicous HV and a TDX > > guest co-operating to bring down the guest kernel. > > If the guest is not malicous, and you have a valid user-stack in the > SYSCALL gap, then it depends on whether SMAP is active. I guess it > usually is, in which case the #VE would be promoted to a #DF to kill the > machine. An malicious user process in the guest could set user RSP to a kernel address. But yes without that it's probably not a problem due to SMAP. It really boils down if we consider this combination of "malicious hypervisor and malicious user process together" to be a threat. At least in the classical TDX model malicious guest process was out of scope. So considering it would be a new requirement. For the kernel exit we could handle it by checking if the RSP address is in the kernel, and killing the process before switching the stack. It's just a problem for the entry, which probably would really need an IST. For the IST we would need to handle two level nesting, but I presume that would be possible. It should be much simpler than the NMI nesting with just a single stack switch. I think the IST solution should at least be explored before dismissing it. It might be simpler than anything else (like using new APIs) -Andi
