Hi Kees, thanks for your reviews! On Tue, Jul 14, 2020 at 06:40:30PM -0700, Kees Cook wrote: > Eek, no. MSR_IA32_MISC_ENABLE_XD_DISABLE needs to be cleared very early > during CPU startup; this can't just be skipped. That MSR is Intel-only, right? The boot-path installed here is only used for SEV-ES guests, running on AMD systems, so this MSR is not even accessed during boot on those VMs. The alternative is to set up exception handling prior to calling verify_cpu, including segments, stack and IDT. Given that verify_cpu() does not add much value to SEV-ES guests, I'd like to avoid adding this complexity. > Also, is UNWIND_HINT_EMPTY needed for the new target? Yes, I think it is, will add it in the next version. Regards, Joerg _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
