Re: TDX #VE in SYSCALL gap (was: [RFD] x86: Curing the exception and syscall trainwreck in hardware)

From: Dave Hansen
Date: Tue Aug 25 2020 - 14:39:04 EST

Next message: Abel Vesa: "Re: [PATCH v2 11/17] clk: imx: Add blk_ctrl combo driver"
Previous message: Madhusudanarao Amara: "[PATCH] usb: typec: intel_pmc_mux: Un-register the USB role switch"
In reply to: Andrew Cooper: "Re: TDX #VE in SYSCALL gap (was: [RFD] x86: Curing the exception and syscall trainwreck in hardware)"
Next in thread: Thomas Gleixner: "RE: TDX #VE in SYSCALL gap (was: [RFD] x86: Curing the exception and syscall trainwreck in hardware)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8/25/20 10:59 AM, Andrew Cooper wrote:
> If I've read the TDX spec/whitepaper properly, the main hypervisor can
> write to all the encrypted pages. This will destroy data, break the
> MAC, and yields #PF inside the SEAM hypervisor, or the TD when the cache
> line is next referenced.

I think you're talking about:

> Attempting to access a private KeyID by software outside the SEAM
> mode would cause a page-fault exception (#PF).

I don't think that ever results in a TD guest #PF. "A MAC-verification
failure would be fatal to the TD and lead to its termination." In this
context, I think that means that the TD stops running and can not be
reentered.

Next message: Abel Vesa: "Re: [PATCH v2 11/17] clk: imx: Add blk_ctrl combo driver"
Previous message: Madhusudanarao Amara: "[PATCH] usb: typec: intel_pmc_mux: Un-register the USB role switch"
In reply to: Andrew Cooper: "Re: TDX #VE in SYSCALL gap (was: [RFD] x86: Curing the exception and syscall trainwreck in hardware)"
Next in thread: Thomas Gleixner: "RE: TDX #VE in SYSCALL gap (was: [RFD] x86: Curing the exception and syscall trainwreck in hardware)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]