Re: [PATCH 2/2] x86/tdx: Do not allow #VE due to EPT violation on the private memory
From: Dave Hansen
Date: Fri Oct 28 2022 - 11:42:07 EST
On 10/28/22 07:12, Kirill A. Shutemov wrote:
> arch/x86/coco/tdx/tdx.c | 49 +++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 49 insertions(+)
The patch is good, but I'm not crazy about the changelog or the big ol'
comment.
Really, this would do:
/*
* The kernel can not handle #VE's when accessing normal kernel
* memory. Ensure that no #VE will be delivered for accesses to
* TD-private memory. Only VMM-shared memory (MMIO) will #VE.
*/
if (!(td_attr & ATTR_SEPT_VE_DISABLE))
panic("TD misconfiguration: SEPT_VE_DISABLE attibute must be set.\n");
I'll probably trim both of them down. If I chop out something that's
critical, let me know, otherwise let's follow up and stick all of those
details in Documentation.