> Which is supposedly then set up to avoid #VE during the syscall gap,
> yes? Which then results in #VE not having to be IST.
Yes that is currently true because all memory is pre-accepted.
If we ever do lazy accept we would need to make sure the memory accessed in
the syscall gap is already accepted, or move over to an IST.
> > +#ifdef CONFIG_INTEL_TDX_GUEST
> > +DEFINE_IDTENTRY(exc_virtualization_exception)
> > +{
> > + struct ve_info ve;
> > + int ret;
> > +
> > + RCU_LOCKDEP_WARN(!rcu_is_watching(), "entry code didn't wake RCU");
> > +
> > + /* Consume #VE info before re-enabling interrupts */
>
> So what happens if NMI happens here, and triggers a nested #VE ?
Yes that's a gap. We should probably bail out and reexecute the original
instruction. The VE handler would need to set a flag for that.
Or alternatively the NMI always gets the VE information and puts
it on some internal stack, but that would seem clunkier.
-Andi
