qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH v3 12/36] i386/tdx: Add property sept-ve-disable for tdx-

From: Xiaoyao Li
Subject: Re: [RFC PATCH v3 12/36] i386/tdx: Add property sept-ve-disable for tdx-guest object
Date: Thu, 24 Mar 2022 16:08:17 +0800
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0 Thunderbird/91.6.1 
On 3/24/2022 3:57 PM, Gerd Hoffmann wrote:

On Thu, Mar 24, 2022 at 02:52:10PM +0800, Xiaoyao Li wrote:

On 3/22/2022 5:02 PM, Gerd Hoffmann wrote:

On Thu, Mar 17, 2022 at 09:58:49PM +0800, Xiaoyao Li wrote:

Add sept-ve-disable property for tdx-guest object. It's used to
configure bit 28 of TD attributes.


What is this?


It seems this bit doesn't show up in the public spec yet.

Bit 28 (SEPT_VE_DISABLE): Disable EPT violation conversion to #VE ON guest
TD ACCESS of PENDING pages.

The TDX architecture requires a private page to be accepted before using. If
guest accesses a not-accepted (pending) page it will get #VE.

For some OS, e.g., Linux TD guest, it doesn't want the #VE on pending page
so it will set this bit.


Hmm.  That looks rather pointless to me.  The TDX patches for OVMF add a
#VE handler, so I suspect every guest wants #VE exceptions if even the
firmware cares to install a handler ...
#VE can be triggered in various situations. e.g., CPUID on some leaves, and RD/WRMSR on some MSRs. #VE on pending page is just one of the sources, Linux just wants to disable this kind of #VE since it wants to prevent unexpected #VE during SYSCALL gap. 


Also: What will happen instead? EPT fault delivered to the host?


Yes.


take care,
   Gerd
reply via email to
[Prev in Thread] Current Thread [Next in Thread]