Re: [PATCH v8 06/11] x86/traps: Add #VE support for TDX guest

From: Andi Kleen
Date: Mon Oct 11 2021 - 12:49:28 EST

Next message: Joe Perches: "Re: [PATCH v4] checkpatch: get default codespell dictionary path from package location"
Previous message: Dave Hansen: "Re: [PATCH v10 00/11] Add TDX Guest Support (Initial support)"
In reply to: Sean Christopherson: "Re: [PATCH v8 06/11] x86/traps: Add #VE support for TDX guest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Minor clarification: it eliminates the chance of a #VE during the syscall gap
_if the VMM is benign_. If the VMM is malicious, it can unmap and remap the
syscall page to induce an EPT Violation #VE due to the page not being accepted.

This has been addressed. The TDX module will support a mode that forbids unmapping pages permanently, and Linux is going to check/enforce that this mode is enabled. The patch for the check is not included in the posted patches yet though.

This question?

Can the hypervisor cause an already-accepted secure-EPT page to transition to
the unaccepted state?

Yep. I wrote the above before following the link, I should have guessed which
question it was :-)

IIRC, the proposed middle ground was to add a TDCALL and/or TDPARAMS setting that
would allow the guest to opt-out of EPT Violation #VE due to page not accepted,

It's a TDPARAMS setting

-Andi

Next message: Joe Perches: "Re: [PATCH v4] checkpatch: get default codespell dictionary path from package location"
Previous message: Dave Hansen: "Re: [PATCH v10 00/11] Add TDX Guest Support (Initial support)"
In reply to: Sean Christopherson: "Re: [PATCH v8 06/11] x86/traps: Add #VE support for TDX guest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]