On Tue, Feb 16, 2021 at 06:27:41AM -0800, Andi Kleen wrote: > I think the IST solution should at least be explored before > dismissing it. It might be simpler than anything else (like > using new APIs) Have you seen the trainwreck bonzini proposed? The very simplest thing is saying no to TDX. That 'solution' also hard relies on #VE not nesting more than once, so lovely things like: #VE -> #DB -> #VE -> #NMI -> #VE, or #VE -> NMI -> #VE -> #MC -> #VE or any number of other possible 'fun' combinations _must_ not happen. And yes, I know #MC isn't supported just now, but the above would mandate it never be supported _ever_, because otherwise the IST hack crumbles. Again, repeat after me: ISTs are a part of the problem. So how about fixing TDX instead of forcing us to do horrible fragile things we all know will end up in tears?
