> Which is supposedly then set up to avoid #VE during the syscall gap, > yes? Which then results in #VE not having to be IST.
Yes that is currently true because all memory is pre-accepted. If we ever do lazy accept we would need to make sure the memory accessed in the syscall gap is already accepted, or move over to an IST. > > +#ifdef CONFIG_INTEL_TDX_GUEST > > +DEFINE_IDTENTRY(exc_virtualization_exception) > > +{ > > + struct ve_info ve; > > + int ret; > > + > > + RCU_LOCKDEP_WARN(!rcu_is_watching(), "entry code didn't wake RCU"); > > + > > + /* Consume #VE info before re-enabling interrupts */ > > So what happens if NMI happens here, and triggers a nested #VE ? Yes that's a gap. We should probably bail out and reexecute the original instruction. The VE handler would need to set a flag for that. Or alternatively the NMI always gets the VE information and puts it on some internal stack, but that would seem clunkier. -Andi