On Fri, Sep 02, 2022 at 03:26:35PM +, Sean Christopherson wrote:
> On Fri, Sep 02, 2022, Gerd Hoffmann wrote:
> >
> > Hmm, ok, but shouldn't the SEPT_VE bit *really* controlled by the guest
> > then?
> >
> > Having a hypervisor-controlled config bit to protect against a malicious
> >
On Fri, Sep 02, 2022, Gerd Hoffmann wrote:
> On Fri, Sep 02, 2022 at 02:52:25AM +, Sean Christopherson wrote:
> > On Fri, Sep 02, 2022, Xiaoyao Li wrote:
> > > On 8/26/2022 1:57 PM, Gerd Hoffmann wrote:
> > > >Hi,
> > > > > For TD guest kernel, it has its own reason to turn SEPT_VE on or
On Fri, Sep 02, 2022 at 02:52:25AM +, Sean Christopherson wrote:
> On Fri, Sep 02, 2022, Xiaoyao Li wrote:
> > On 8/26/2022 1:57 PM, Gerd Hoffmann wrote:
> > >Hi,
> > > > For TD guest kernel, it has its own reason to turn SEPT_VE on or off.
> > > > E.g.,
> > > > linux TD guest requires
On Fri, Sep 02, 2022, Xiaoyao Li wrote:
> On 8/26/2022 1:57 PM, Gerd Hoffmann wrote:
> >Hi,
> > > For TD guest kernel, it has its own reason to turn SEPT_VE on or off.
> > > E.g.,
> > > linux TD guest requires SEPT_VE to be disabled to avoid #VE on syscall gap
> > > [1].
> >
> > Why is that
On 8/26/2022 1:57 PM, Gerd Hoffmann wrote:
Hi,
For TD guest kernel, it has its own reason to turn SEPT_VE on or off. E.g.,
linux TD guest requires SEPT_VE to be disabled to avoid #VE on syscall gap
[1].
Why is that a problem for a TD guest kernel? Installing exception
handlers is done
Hi,
> For TD guest kernel, it has its own reason to turn SEPT_VE on or off. E.g.,
> linux TD guest requires SEPT_VE to be disabled to avoid #VE on syscall gap
> [1].
Why is that a problem for a TD guest kernel? Installing exception
handlers is done quite early in the boot process, certainly
On 8/25/2022 7:36 PM, Gerd Hoffmann wrote:
On Tue, Aug 02, 2022 at 03:47:25PM +0800, Xiaoyao Li wrote:
Bit 28, named SEPT_VE_DISABLE, disables EPT violation conversion to #VE
on guest TD access of PENDING pages when set to 1. Some guest OS (e.g.,
Linux TD guest) may require this bit set as 1.
On Tue, Aug 02, 2022 at 03:47:25PM +0800, Xiaoyao Li wrote:
> Bit 28, named SEPT_VE_DISABLE, disables EPT violation conversion to #VE
> on guest TD access of PENDING pages when set to 1. Some guest OS (e.g.,
> Linux TD guest) may require this bit set as 1. Otherwise refuse to boot.
Bit 28, named SEPT_VE_DISABLE, disables EPT violation conversion to #VE
on guest TD access of PENDING pages when set to 1. Some guest OS (e.g.,
Linux TD guest) may require this bit set as 1. Otherwise refuse to boot.
Add sept-ve-disable property for tdx-guest object, for user to configure
this