On Fri, Jun 13, 2025, Rick P Edgecombe wrote: > On Fri, 2025-06-13 at 09:32 +0800, Yan Zhao wrote: > > > > Eww, no. Having to react on _every_ EPT violation would be annoying, > > > > and trying to debug issues where the guest is mixing options would > > > > probably be a nightmare. > > > > > > > > I was thinking of something along the lines of an init-time or > > > > boot-time opt- in. > > > > > > Fair. > > > > Agreed. > > Arg, I just realized a one-way opt-in will have a theoretical gap. If the guest > kexec's, the new kernel will need to match the opt-in. All the more reason to make this a property of the VM that is passed via "struct td_params". I.e. put the onus on the owner of the VM to ensure their kernel(s) have been updated accordingly. I understand that this could be painful, but honestly _all_ of TDX and SNP is painful for the guest. E.g. I don't think it's any worse than the security issues with TDX (and SNP) guests using kvmclock (which I'd love some reviews on, btw). https://lore.kernel.org/all/20250227021855.3257188-35-seanjc@xxxxxxxxxx
