Re: [PATCH v6 06/11] x86/traps: Add #VE support for TDX guest

From: Dave Hansen
Date: Tue Sep 28 2021 - 11:27:47 EST

On 9/28/21 8:22 AM, Joerg Roedel wrote:
> On Tue, Sep 28, 2021 at 07:05:40AM -0700, Dave Hansen wrote:
>> "Shared" pages can cause #VE's. The guest must be careful not to touch
>> them in the syscall entry path, for example. But, shared pages are
>> untrusted so they're not use for stacks.
>> "Private" pages can cause #VE's. But, only *some* of them. Before a
>> page is accepted, it is in the SEPT_PENDING and a reference would cause
>> a #VE. But, after acceptance, page references either succeed or a TD
>> Exit and the hypervisor gets to handle the situation.
> Okay, and there is no way for the VMM to replace an already accepted
> page with a page in SEPT_PENDING state?

I hope not.

There would be lots of other problems if that were permitted.