> The hardware (and VMMs and SEAM) have ways of telling the guest kernel > what is supported: CPUID. If it screws up, and the guest gets an > unexpected #VE, so be it.
The main reason for disabling stuff is actually that we don't need to harden it. All these things are potential attack paths. > > We don't have all kinds of crazy handling in the kernel's #UD handler > just in case a CPU mis-enumerates a feature and we get a #UD. We have > to trust the underlying hardware to be sane. If it isn't, we die a > horrible death as fast as possible. Why should TDX be any different? That's what the original patch did -- no unnecessary checks -- but reviewers keep asking for the extra checks, so Sathya added more. We have the not unusual problem here that reviewers don't agree among themselves. -Andi
