From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Andy Lutomirski <luto@kernel.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
Thomas Gleixner <tglx@linutronix.de>,
LKML <linux-kernel@vger.kernel.org>, X86 ML <x86@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Tom Lendacky <thomas.lendacky@amd.com>, Pu Wen <puwen@hygon.cn>,
Stephen Hemminger <sthemmin@microsoft.com>,
Sasha Levin <alexander.levin@microsoft.com>,
Dirk Hohndel <dirkhh@vmware.com>,
Jan Kiszka <jan.kiszka@siemens.com>,
Tony W Wang-oc <TonyWWang-oc@zhaoxin.com>,
"H. Peter Anvin" <hpa@linux.intel.com>,
Asit Mallick <asit.k.mallick@intel.com>,
Gordon Tetlow <gordon@tetlows.org>,
David Kaplan <David.Kaplan@amd.com>,
Tony Luck <tony.luck@intel.com>
Subject: Re: TDX #VE in SYSCALL gap (was: [RFD] x86: Curing the exception and syscall trainwreck in hardware)
Date: Wed, 26 Aug 2020 12:16:45 -0700 [thread overview]
Message-ID: <20200826191644.GC21065@sjchrist-ice> (raw)
In-Reply-To: <CALCETrWy2x-RByfknjjKxRbE0LBPk2Ugj1d58xYHb91ogbfnvA@mail.gmail.com>
On Tue, Aug 25, 2020 at 10:28:53AM -0700, Andy Lutomirski wrote:
> On Tue, Aug 25, 2020 at 10:19 AM Sean Christopherson
> <sean.j.christopherson@intel.com> wrote:
> > One thought would be to have the TDX module (thing that runs in SEAM and
> > sits between the VMM and the guest) provide a TDCALL (hypercall from guest
> > to TDX module) to the guest that would allow the guest to specify a very
> > limited number of GPAs that must never generate a #VE, e.g. go straight to
> > guest shutdown if a disallowed GPA would go pending. That seems doable
> > from a TDX perspective without incurring noticeable overhead (assuming the
> > list of GPAs is very small) and should be easy to to support in the guest,
> > e.g. make a TDCALL/hypercall or two during boot to protect the SYSCALL
> > page and its scratch data.
>
> I guess you could do that, but this is getting gross. The x86
> architecture has really gone off the rails here.
Does it suck less than using an IST? Honest question.
I will add my voice to the "fix SYSCALL" train, but the odds of that getting
a proper fix in time to intercept TDX are not good. On the other hand,
"fixing" the SYSCALL issue in the TDX module is much more feasible, but only
if we see real value in such an approach as opposed to just using an IST. I
personally like the idea of a TDX module solution as I think it would be
simpler for the kernel to implement/support, and would mean we wouldn't need
to roll back IST usage for #VE if the heavens should part and bestow upon us
a sane SYSCALL.
next prev parent reply other threads:[~2020-08-26 19:16 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-24 12:24 [RFD] x86: Curing the exception and syscall trainwreck in hardware Thomas Gleixner
2020-08-24 13:52 ` Andrew Cooper
2020-08-25 4:39 ` TDX #VE in SYSCALL gap (was: [RFD] x86: Curing the exception and syscall trainwreck in hardware) Sean Christopherson
2020-08-25 15:25 ` Dave Hansen
2020-08-25 16:49 ` Andy Lutomirski
2020-08-25 17:19 ` Sean Christopherson
2020-08-25 17:28 ` Andy Lutomirski
2020-08-25 17:35 ` Luck, Tony
2020-08-25 17:41 ` Andy Lutomirski
2020-08-25 17:59 ` Andrew Cooper
2020-08-25 18:38 ` Dave Hansen
2020-08-25 19:49 ` Thomas Gleixner
2020-08-26 19:16 ` Sean Christopherson [this message]
2020-08-30 15:37 ` Andy Lutomirski
2020-08-30 18:37 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200826191644.GC21065@sjchrist-ice \
--to=sean.j.christopherson@intel.com \
--cc=David.Kaplan@amd.com \
--cc=TonyWWang-oc@zhaoxin.com \
--cc=alexander.levin@microsoft.com \
--cc=andrew.cooper3@citrix.com \
--cc=asit.k.mallick@intel.com \
--cc=dirkhh@vmware.com \
--cc=gordon@tetlows.org \
--cc=hpa@linux.intel.com \
--cc=jan.kiszka@siemens.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=puwen@hygon.cn \
--cc=sthemmin@microsoft.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tony.luck@intel.com \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox