Re: [RFC v1 05/26] x86/traps: Add #VE support for TDX guest
From: Dave Hansen
Date: Fri Feb 12 2021 - 15:18:19 EST
On 2/12/21 12:06 PM, Sean Christopherson wrote:
>> What happens if the guest attempts to access a secure GPA that is not
>> ACCEPTed? For example, suppose the VMM does THH.MEM.PAGE.REMOVE on a secure
>> address and the guest accesses it, via instruction fetch or data access.
>> What happens?
> Well, as currently written in the spec, it will generate an EPT violation and
> the host will have no choice but to kill the guest.
That's actually perfect behavior from my perspective. Host does
something stupid. Host gets left holding the pieces. No enabling to do
in the guest.
This doesn't *preclude* the possibility that the VMM and guest could
establish a protocol to remove guest pages. It just means that the host
can't go it alone and that if they guest and host get out of sync, the
guest dies.
In other words, I think I'm rooting for the docs, as written. :)