Re: [PATCH 09/21] KVM: TDX: Retry seamcall when TDX_OPERAND_BUSY with operand SEPT
From: Edgecombe, Rick P
Date: Mon Sep 09 2024 - 16:26:22 EST
On Fri, 2024-09-06 at 13:41 +1200, Huang, Kai wrote:
> 3) That means the _ONLY_ reason to retry in the common code for
> TDH_MEM_xx()s is to mitigate zero-step attack by reducing the times of
> letting guest to fault on the same instruction.
My read of the zero-step mitigation is that it is implemented in the TDX module.
(which makes sense since it is defending against VMMs). There is some optional
ability for the guest to request notification, but the host defense is always in
place. Is that your understanding?
>
> I don't think we need to handle zero-step attack mitigation in the first
> TDX support submission. So I think we can just remove this patch.
Thanks for highlighting the weirdness here. I think it needs more investigation.