> > > So what happens if NMI happens here, and triggers a nested #VE ? > > > > Yes that's a gap. We should probably bail out and reexecute the original > > instruction. The VE handler would need to set a flag for that. > > > > Or alternatively the NMI always gets the VE information and puts > > it on some internal stack, but that would seem clunkier. > > The same is possible with MCE and #DB I imagine.
I don't think there are currently any plans to inject #MC into TDX guests. It's doubtful this could be done securely. #DB is trickier because it will happen every time, so simply reexecuting won't work. I guess it would need the ve info stack, or some care in kprobes/kernel debugger that it cannot happen. I think I would prefer the later. -Andi
