Re: [PATCH 2/2] x86/tdx: Do not allow #VE due to EPT violation on the private memory

From: Dave Hansen
Date: Fri Oct 28 2022 - 11:42:07 EST

Next message: Dave Hansen: "Re: [PATCH 1/2] x86/tdx: Extract GET_INFO call from get_cc_mask()"
Previous message: Fabrice Gasnier: "Re: [PATCH 1/3] dt-bindings: nvmem: add new stm32mp13 compatible for stm32-romem"
In reply to: Kirill A. Shutemov: "[PATCH 2/2] x86/tdx: Do not allow #VE due to EPT violation on the private memory"
Next in thread: Guorui Yu: "Re: [PATCH 2/2] x86/tdx: Do not allow #VE due to EPT violation on the private memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/28/22 07:12, Kirill A. Shutemov wrote:
> arch/x86/coco/tdx/tdx.c | 49 +++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 49 insertions(+)

The patch is good, but I'm not crazy about the changelog or the big ol'
comment.

Really, this would do:

/*
* The kernel can not handle #VE's when accessing normal kernel
* memory. Ensure that no #VE will be delivered for accesses to
* TD-private memory. Only VMM-shared memory (MMIO) will #VE.
*/
if (!(td_attr & ATTR_SEPT_VE_DISABLE))
panic("TD misconfiguration: SEPT_VE_DISABLE attibute must be set.\n");

I'll probably trim both of them down. If I chop out something that's
critical, let me know, otherwise let's follow up and stick all of those
details in Documentation.

Next message: Dave Hansen: "Re: [PATCH 1/2] x86/tdx: Extract GET_INFO call from get_cc_mask()"
Previous message: Fabrice Gasnier: "Re: [PATCH 1/3] dt-bindings: nvmem: add new stm32mp13 compatible for stm32-romem"
In reply to: Kirill A. Shutemov: "[PATCH 2/2] x86/tdx: Do not allow #VE due to EPT violation on the private memory"
Next in thread: Guorui Yu: "Re: [PATCH 2/2] x86/tdx: Do not allow #VE due to EPT violation on the private memory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]