Re: [RFC v1 05/26] x86/traps: Add #VE support for TDX guest

[Dave Hansen]

On 2/12/21 12:54 PM, Sean Christopherson wrote:
> Ah, I see what you're thinking.
> 
> Treating an EPT #VE as fatal was also considered as an option.  IIUC it was
> thought that finding every nook and cranny that could access a page, without
> forcing the kernel to pre-accept huge swaths of memory, would be very difficult.
> It'd be wonderful if that's not the case.

We have to manually set up the page table entries for every physical
page of memory (except for the hard-coded early stuff below 8MB or
whatever).  We *KNOW*, 100% before physical memory is accessed.

There aren't nooks and crannies where memory is accessed.  There are a
few, very well-defined choke points which must be crossed before memory
is accessed.  Page table creation, bootmem and the core page allocator
come to mind.

If Linux doesn't have a really good handle on which physical pages are
accessed when, we've got bigger problems on our hands.  Remember, we
even have debugging mechanisms that unmap pages from the kernel when
they're in the allocator.  We know so well that nobody is accessing
those physical addresses that we even tell hypervisors they can toss the
page contents and remove the physical backing (guest free page hinting).