Re: [RFC v1 05/26] x86/traps: Add #VE support for TDX guest
From: Andy Lutomirski
Date: Fri Feb 12 2021 - 14:48:11 EST
On Fri, Feb 5, 2021 at 3:39 PM Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx> wrote:
>
> From: "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>
>
> The TDX module injects #VE exception to the guest TD in cases of
> disallowed instructions, disallowed MSR accesses and subset of CPUID
> leaves. Also, it's theoretically possible for CPU to inject #VE
> exception on EPT violation, but the TDX module makes sure this does
> not happen, as long as all memory used is properly accepted using
> TDCALLs.
By my very cursory reading of the TDX arch specification 9.8.2,
"Secure" EPT violations don't send #VE. But the docs are quite
unclear, or at least the docs I found are. What happens if the guest
attempts to access a secure GPA that is not ACCEPTed? For example,
suppose the VMM does THH.MEM.PAGE.REMOVE on a secure address and the
guest accesses it, via instruction fetch or data access. What
happens?