On 5/16/23 11:33, Kirill A. Shutemov wrote: > For context: there's a way configure TDX environment to trigger #VE on > such accesses and it is default. But Linux requires such #VEs to be > disabled as it opens attack vector from the host to the guest: host can > pull any private page from under kernel at any point and trigger such #VE. > If it happens in just a right time in syscall gap or NMI entry code it can > be exploitable. I'm kinda uncomfortable with saying it's exploitable. It really boils down to not wanting to deal with managing a new IST exception. While the NMI IST implementation is about as good as we can get it, I believe there are still holes in it (even if we consider only how it interacts with #MC). The more IST users we add, the more holes there are. You add the fact that an actual adversary can induce the exceptions instead of (rare and mostly random) radiation that causes #MC, and it makes me want to either curl up in a little ball or pursue a new career. So, exploitable? Dunno. Do I want to touch an #VE/IST implementation? No way, not with a 10 foot pole.