From: Peter Zijlstra <peterz@infradead.org>
To: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
mingo@redhat.com, bp@alien8.de, dave.hansen@intel.com,
luto@kernel.org, sathyanarayanan.kuppuswamy@linux.intel.com,
aarcange@redhat.com, ak@linux.intel.com,
dan.j.williams@intel.com, david@redhat.com, hpa@zytor.com,
jgross@suse.com, jmattson@google.com, joro@8bytes.org,
jpoimboe@redhat.com, knsathya@kernel.org, pbonzini@redhat.com,
sdeep@vmware.com, seanjc@google.com, tony.luck@intel.com,
vkuznets@redhat.com, wanpengli@tencent.com,
thomas.lendacky@amd.com, brijesh.singh@amd.com, x86@kernel.org,
linux-kernel@vger.kernel.org,
Sean Christopherson <sean.j.christopherson@intel.com>,
Dave Hansen <dave.hansen@linux.intel.com>
Subject: Re: [PATCHv6 07/30] x86/traps: Add #VE support for TDX guest
Date: Thu, 17 Mar 2022 21:21:41 +0100 [thread overview]
Message-ID: <20220317202141.GO8939@worktop.programming.kicks-ass.net> (raw)
In-Reply-To: <20220317173354.rqymufl37lcrtmjh@black.fi.intel.com>
On Thu, Mar 17, 2022 at 08:33:54PM +0300, Kirill A. Shutemov wrote:
> [ Disclaimer: I have limited understanding of the entry code complexity
> and may miss some crucial details. But I try my best. ]
>
> Yes, it is the same comment, but it is based on code audit, not only on
> testing.
>
> I claim that kernel does not do anything that can possibly trigger #VE
> where kernel cannot deal with it:
>
> - on syscall entry code before kernel stack is set up (few instructions
> in the beginning of entry_SYSCALL_64())
>
> - in NMI entry code (asm_exc_nmi()) before NMI nesting is safe:
> + for NMI from user mode, before switched to thread stack
> + for NMI from kernel, up to end_repead_nmi
>
> After that points #VE is safe.
In what way is it guaranteed that #VE isn't raised in those places? What
does an auditor / future coder looking to changes things, need to
consider to keep this so.
From vague memories #VE can be raised on any memop, loading the stack
address in the syscall-gap is a memop. What makes that special? Can we
get a comment _there_ to explain how this is safe such that we can keep
it so?
Same for the NMI path I suppose.
next prev parent reply other threads:[~2022-03-17 20:22 UTC|newest]
Thread overview: 89+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-16 2:08 [PATCHv6 00/30] TDX Guest: TDX core support Kirill A. Shutemov
2022-03-16 2:08 ` [PATCHv6 01/30] x86/tdx: Detect running as a TDX guest in early boot Kirill A. Shutemov
2022-03-16 23:10 ` Thomas Gleixner
2022-03-16 2:08 ` [PATCHv6 02/30] x86/tdx: Provide common base for SEAMCALL and TDCALL C wrappers Kirill A. Shutemov
2022-03-16 23:33 ` Thomas Gleixner
2022-03-16 2:08 ` [PATCHv6 03/30] x86/tdx: Add __tdx_module_call() and __tdx_hypercall() helper functions Kirill A. Shutemov
2022-03-16 23:43 ` Thomas Gleixner
2022-03-17 16:03 ` Borislav Petkov
2022-03-16 2:08 ` [PATCHv6 04/30] x86/tdx: Extend the confidential computing API to support TDX guests Kirill A. Shutemov
2022-03-17 0:01 ` Thomas Gleixner
2022-03-16 2:08 ` [PATCHv6 05/30] x86/tdx: Exclude shared bit from __PHYSICAL_MASK Kirill A. Shutemov
2022-03-17 0:16 ` Thomas Gleixner
2022-03-17 13:58 ` Kirill A. Shutemov
2022-03-17 14:39 ` Thomas Gleixner
2022-03-16 2:08 ` [PATCHv6 06/30] x86/traps: Refactor exc_general_protection() Kirill A. Shutemov
2022-03-17 0:21 ` Thomas Gleixner
2022-03-17 14:05 ` Kirill A. Shutemov
2022-03-16 2:08 ` [PATCHv6 07/30] x86/traps: Add #VE support for TDX guest Kirill A. Shutemov
2022-03-17 0:48 ` Thomas Gleixner
2022-03-17 17:33 ` Kirill A. Shutemov
2022-03-17 18:18 ` Thomas Gleixner
2022-03-17 20:21 ` Peter Zijlstra [this message]
2022-03-17 20:32 ` Dave Hansen
2022-03-18 10:55 ` Peter Zijlstra
2022-03-18 13:03 ` Kirill A. Shutemov
2022-03-18 14:19 ` Thomas Gleixner
2022-03-18 15:34 ` Kirill A. Shutemov
2022-03-16 2:08 ` [PATCHv6 08/30] x86/tdx: Add HLT support for TDX guests Kirill A. Shutemov
2022-03-16 2:08 ` [PATCHv6 09/30] x86/tdx: Add MSR " Kirill A. Shutemov
2022-03-17 11:30 ` Thomas Gleixner
2022-03-16 2:08 ` [PATCHv6 10/30] x86/tdx: Handle CPUID via #VE Kirill A. Shutemov
2022-03-17 11:32 ` Thomas Gleixner
2022-03-16 2:08 ` [PATCHv6 11/30] x86/tdx: Handle in-kernel MMIO Kirill A. Shutemov
2022-03-16 21:53 ` Dave Hansen
2022-03-17 11:48 ` Thomas Gleixner
2022-03-17 11:35 ` Thomas Gleixner
2022-03-16 2:08 ` [PATCHv6 12/30] x86/tdx: Detect TDX at early kernel decompression time Kirill A. Shutemov
2022-03-17 11:55 ` Thomas Gleixner
2022-03-17 18:04 ` Kirill A. Shutemov
2022-03-16 2:08 ` [PATCHv6 13/30] x86: Adjust types used in port I/O helpers Kirill A. Shutemov
2022-03-17 11:56 ` Thomas Gleixner
2022-03-16 2:08 ` [PATCHv6 14/30] x86: Consolidate " Kirill A. Shutemov
2022-03-16 2:08 ` [PATCHv6 15/30] x86/boot: Port I/O: allow to hook up alternative helpers Kirill A. Shutemov
2022-03-16 22:02 ` Dave Hansen
2022-03-17 12:12 ` Thomas Gleixner
2022-03-17 20:10 ` Kirill A. Shutemov
2022-03-17 20:20 ` Dave Hansen
2022-03-17 20:23 ` Dave Hansen
2022-03-17 22:48 ` Kirill A. Shutemov
2022-03-18 14:20 ` Thomas Gleixner
2022-03-16 2:08 ` [PATCHv6 16/30] x86/boot: Port I/O: add decompression-time support for TDX Kirill A. Shutemov
2022-03-17 12:15 ` Thomas Gleixner
2022-03-17 20:15 ` Kirill A. Shutemov
2022-03-18 14:28 ` Thomas Gleixner
2022-03-18 15:36 ` Kirill A. Shutemov
2022-03-16 2:08 ` [PATCHv6 17/30] x86/tdx: Port I/O: add runtime hypercalls Kirill A. Shutemov
2022-03-17 12:25 ` Thomas Gleixner
2022-03-16 2:08 ` [PATCHv6 18/30] x86/tdx: Port I/O: add early boot support Kirill A. Shutemov
2022-03-16 2:08 ` [PATCHv6 19/30] x86/tdx: Wire up KVM hypercalls Kirill A. Shutemov
2022-03-16 2:08 ` [PATCHv6 20/30] x86/boot: Add a trampoline for booting APs via firmware handoff Kirill A. Shutemov
2022-03-17 12:32 ` Thomas Gleixner
2022-03-17 12:44 ` Boris Petkov
2022-03-17 20:21 ` Kirill A. Shutemov
2022-03-18 9:55 ` Borislav Petkov
2022-03-16 2:08 ` [PATCHv6 21/30] x86/acpi, x86/boot: Add multiprocessor wake-up support Kirill A. Shutemov
2022-03-16 23:47 ` Dave Hansen
2022-03-17 12:44 ` Thomas Gleixner
2022-03-16 2:08 ` [PATCHv6 22/30] x86/boot: Set CR0.NE early and keep it set during the boot Kirill A. Shutemov
2022-03-17 12:46 ` Thomas Gleixner
2022-03-16 2:08 ` [PATCHv6 23/30] x86/boot: Avoid #VE during boot for TDX platforms Kirill A. Shutemov
2022-03-17 12:48 ` Thomas Gleixner
2022-03-16 2:08 ` [PATCHv6 24/30] x86/topology: Disable CPU online/offline control for TDX guests Kirill A. Shutemov
2022-03-17 12:50 ` Thomas Gleixner
2022-03-17 20:47 ` Kirill A. Shutemov
2022-03-16 2:08 ` [PATCHv6 25/30] x86/tdx: Make pages shared in ioremap() Kirill A. Shutemov
2022-03-16 22:06 ` Dave Hansen
2022-03-17 14:33 ` Thomas Gleixner
2022-03-16 2:08 ` [PATCHv6 26/30] x86/mm/cpa: Add support for TDX shared memory Kirill A. Shutemov
2022-03-17 14:56 ` Thomas Gleixner
2022-03-16 2:08 ` [PATCHv6 27/30] x86/kvm: Make SWIOTLB buffer shared for TD guest Kirill A. Shutemov
2022-03-16 22:24 ` Dave Hansen
2022-03-16 2:08 ` [PATCHv6 28/30] x86/tdx: ioapic: Add shared bit for IOAPIC base address Kirill A. Shutemov
2022-03-17 15:00 ` Thomas Gleixner
2022-03-16 2:08 ` [PATCHv6 29/30] ACPICA: Avoid cache flush inside virtual machines Kirill A. Shutemov
2022-03-16 22:13 ` Dave Hansen
2022-03-17 15:32 ` Dan Williams
2022-03-17 23:04 ` Kirill A. Shutemov
2022-03-17 15:23 ` Thomas Gleixner
2022-03-16 2:08 ` [PATCHv6 30/30] Documentation/x86: Document TDX kernel architecture Kirill A. Shutemov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220317202141.GO8939@worktop.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=aarcange@redhat.com \
--cc=ak@linux.intel.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=david@redhat.com \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=jpoimboe@redhat.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=knsathya@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=sdeep@vmware.com \
--cc=sean.j.christopherson@intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tony.luck@intel.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox