On Tue, 16 May 2023 at 20:27, Dave Hansen <dave.hansen@xxxxxxxxx> wrote: > > On 5/16/23 11:08, Ard Biesheuvel wrote: > >> But, this approach does not work for unaccepted memory. For TDX, a load > >> from unaccepted memory will not lead to a recoverable exception within > >> the guest. The guest will exit to the VMM where the only recourse is to > >> terminate the guest. > >> > > Does this mean that the kernel maps memory before accepting it? As > > otherwise, I would assume that such an access would page fault inside > > the guest before triggering an exception related to the unaccepted > > state. > > Yes, the kernel maps memory before accepting it (modulo things like > DEBUG_PAGEALLOC). > OK, and so the architecture stipulates that prefetching or other speculative accesses must never deliver exceptions to the host regarding such ranges? If this all works as it should, then I'm ok with leaving this here, but I imagine we may want to factor out some arch specific policy here in the future, as I don't think this would work the same on ARM.