mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2024-11-05 11:31:14 +00:00
69e8f60b91
This is required for booting Linux: From: https://lore.kernel.org/all/20221028141220.29217-3-kirill.shutemov@linux.intel.com/ """ Virtualization Exceptions (#VE) are delivered to TDX guests due to specific guest actions such as using specific instructions or accessing a specific MSR. Notable reason for #VE is access to specific guest physical addresses. It requires special security considerations as it is not fully in control of the guest kernel. VMM can remove a page from EPT page table and trigger #VE on access. The primary use-case for #VE on a memory access is MMIO: VMM removes page from EPT to trigger exception in the guest which allows guest to emulate MMIO with hypercalls. MMIO only happens on shared memory. All conventional kernel memory is private. This includes everything from kernel stacks to kernel text. Handling exceptions on arbitrary accesses to kernel memory is essentially impossible as handling #VE may require access to memory that also triggers the exception. TDX module provides mechanism to disable #VE delivery on access to private memory. If SEPT_VE_DISABLE TD attribute is set, private EPT violation will not be reflected to the guest as #VE, but will trigger exit to VMM. Make sure the attribute is set by VMM. Panic otherwise. There's small window during the boot before the check where kernel has early #VE handler. But the handler is only for port I/O and panic as soon as it sees any other #VE reason. SEPT_VE_DISABLE makes SEPT violation unrecoverable and terminating the TD is the only option. Kernel has no legitimate use-cases for #VE on private memory. It is either a guest kernel bug (like access of unaccepted memory) or malicious/buggy VMM that removes guest page that is still in use. In both cases terminating TD is the right thing to do. """ With this change Cloud Hypervisor can boot the current Linux guest kernel. Reported-By: Jiaqi Gao <jiaqi.gao@intel.com Signed-off-by: Rob Bradford <robert.bradford@intel.com> |
||
---|---|---|
.. | ||
src | ||
Cargo.toml |