Re: [PATCH 09/21] KVM: TDX: Retry seamcall when TDX_OPERAND_BUSY with operand SEPT

From: Edgecombe, Rick P
Date: Mon Sep 09 2024 - 16:26:22 EST

Next message: Arnd Bergmann: "[PATCH] mm: z3fold: deprecated ZSWAP_ZPOOL_DEFAULT_Z3FOLD as well"
Previous message: Arnd Bergmann: "[PATCH] drm/xe: fix build warning with CONFIG_PM=n"
In reply to: Yan Zhao: "Re: [PATCH 09/21] KVM: TDX: Retry seamcall when TDX_OPERAND_BUSY with operand SEPT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2024-09-06 at 13:41 +1200, Huang, Kai wrote:
> 3) That means the _ONLY_ reason to retry in the common code for
> TDH_MEM_xx()s is to mitigate zero-step attack by reducing the times of
> letting guest to fault on the same instruction.

My read of the zero-step mitigation is that it is implemented in the TDX module.
(which makes sense since it is defending against VMMs). There is some optional
ability for the guest to request notification, but the host defense is always in
place. Is that your understanding?

>
> I don't think we need to handle zero-step attack mitigation in the first
> TDX support submission. So I think we can just remove this patch.

Thanks for highlighting the weirdness here. I think it needs more investigation.

Next message: Arnd Bergmann: "[PATCH] mm: z3fold: deprecated ZSWAP_ZPOOL_DEFAULT_Z3FOLD as well"
Previous message: Arnd Bergmann: "[PATCH] drm/xe: fix build warning with CONFIG_PM=n"
In reply to: Yan Zhao: "Re: [PATCH 09/21] KVM: TDX: Retry seamcall when TDX_OPERAND_BUSY with operand SEPT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]