On Sat, Aug 13, 2022 at 09:11:52AM -0700, Andy Lutomirski wrote: > Now if the TD module could deliver an unrecoverable #MC instead of an > impossible-to-handle #VE, maybe we could at least get a nice debug trace > out? Of course it’s not so easy to do anything with a debug trace that > doesn’t break confidentiality. It is not impossible-to-handle #VE, it is no #VE for the guest and exit to the host that cannot be recovered. Yes, it is not friednly for debugging. Our plan was to allow SEPT_VE_DISABLE=0 for debug TD. It helps with debugging stepping on unaccepted memory as allows #VE in the guest which leads to panic() and nice traceback. Would it be enough? -- Kiryl Shutsemau / Kirill A. Shutemov
