On Tue, Jul 20, 2021 at 03:01:13PM -0700, Andi Kleen wrote: > On Tue, Jul 20, 2021 at 12:54:16PM -0700, Erdem Aktas wrote: > > I did not see any #VE implementation to handle SEPT violations when a > > page is in PENDING state. I am assuming that this needs to be > > supported at some point (If not then we need to discuss the use cases > > for such support). > > We actually plan to disable those #VEs, to avoid any problems with > the system call gap. Instead the plan is that the kernel will know > in advance what memory has been accepted or not, and accept it before > touching. This confuses me a bit, what happens when the VMM is malicious and re-maps an already accepted page and the TD tries to access it? My thinking was that this causes a #VE, but what happens instead when this #VE can be disabled? Regards, Joerg
