Re: [PATCH 2/2] x86/tdx: Do not allow #VE due to EPT violation on the private memory

[Guorui Yu]

在 2022/10/31 22:22, Dave Hansen 写道:
> On 10/30/22 21:07, Guorui Yu wrote:
> > We have encountered similar problems on SEV-ES, here are their fixes
> > on Kernel [1] and OVMF[2].
>
> SEV-ES and TDX are very different beasts in this area.
>
> > Instead of enforcing the ATTR_SEPT_VE_DISABLE in TDX guest kernel, I
> > think the fix should also include necessary check on the MMIO path of
> > the #VE routine.
>
> Instead?
Yes, "Instead of" should be "Addtionally,".

> Without ATTR_SEPT_VE_DISABLE, a #VE can occur on basically any
> instruction.  We call those kinds of exceptions "paranoid entry" points.
>   They need special handling like the NMI or #MC handlers.
>
> I'd be happy to look at a patch that does the MMIO path check *and*
> turns the #VE handler into a robust entry point.
>
> Bonus points if you can do ~5 lines of C like the approach in this thread.

Yes, there is a fix to satify your requirement and get the bouns points :)

Please refer to 
https://github.com/intel/tdx/commit/f045b0d52a5f7d8bf66cd4410307d05a90523f10 


case EXIT_REASON_EPT_VIOLATION:
+ if (!(ve->gpa & tdx_shared_mask())) {
+ panic("#VE due to access to unaccepted memory. "
+ "GPA: %#llx\n", ve->gpa);
+ }
+
/* original from Kirill and Kuppuswamy */

It's already there, but it just didn't get into the main branch.


Sincerely,
Guorui