Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp5608531ybv;
        Tue, 11 Feb 2020 19:49:01 -0800 (PST)
X-Google-Smtp-Source: APXvYqwhvYCURpTaMCzPCBUDr46W4MRVAZatxt354sD4ZmKOBta65oM+q6zbKAgmPGb6OMwmnoSx
X-Received: by 2002:aca:c691:: with SMTP id w139mr5077994oif.17.1581479341334;
        Tue, 11 Feb 2020 19:49:01 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1581479341; cv=none;
        d=google.com; s=arc-20160816;
        b=ruwxZNNQZeqeXxBPb90IxHhXkohUV7Uhb7wOf2E33WTXX5XZhgAfgWp94ozkY+eG5v
         d+O4U7iuHpILjlsmsstvon34ZpJTYFibW71N3X4QB2oBvCwQigdH/hEau5wYxqVjCOgD
         eA531UpgA3PuczyRI34FIGf4+kCfHrHTyfqbzsP66S4qkJCABIOlPw+15yuZ3NJU++eM
         qXsJbMHS6ljnI48fRuWvWA7AM+7UMamxa1+0hnYyroyOZ8z5T1/uaLvaIwvVQjfqkoE9
         U5Myyr6pm+dPU8eMJ3LOWyi9nTJZ2UYzJc4AYMo6yMAyg3dooVcnldGua7/hMqHj5S0A
         2hLQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:in-reply-to:cc:references:message-id
         :date:subject:mime-version:from:content-transfer-encoding
         :dkim-signature;
        bh=6n20LY7Gbk1vIJ9y2Ek0mCSqczMDBuYCkKoruXym20c=;
        b=JVidYT0yYZfNcOB6oSRJoMSeBVSfkjVRZsubp8ZCa9f6vL9krzNq5dVcJopYU9DclJ
         n1Wb+MXiKaPSMji+3N/bpxVxsvaY0Ae9aCIBOsE5xj+uvJ/wM0hImkonZNUusOlIMH+E
         17eEeIEDGDyw5usY0By+fEt3jSlg3MAkmAkebLgBTLbDavm8IGVAFyX+UwbrB4I4XJP2
         Y+WSMBvrISBHFja4xm3Jc9gbso+uOukXHBFW/gCxZmCIMBICczUE6aYNychXZeY+ljKK
         uZlg6dE4ufB5Q43W7rUx5o8rAMHc6CkvqRkCf/r0lYK08R2Gh/9ZafLc4C+//TXK4vMn
         ZwiQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=qOIuXMr7;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v23si2737387oto.81.2020.02.11.19.48.49;
        Tue, 11 Feb 2020 19:49:01 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=qOIuXMr7;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727946AbgBLDsS (ORCPT <rfc822;kkoh.linux@gmail.com>
        + 99 others); Tue, 11 Feb 2020 22:48:18 -0500
Received: from mail-pg1-f196.google.com ([209.85.215.196]:41605 "EHLO
        mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727931AbgBLDsR (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 11 Feb 2020 22:48:17 -0500
Received: by mail-pg1-f196.google.com with SMTP id 70so467580pgf.8
        for <linux-kernel@vger.kernel.org>; Tue, 11 Feb 2020 19:48:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=amacapital-net.20150623.gappssmtp.com; s=20150623;
        h=content-transfer-encoding:from:mime-version:subject:date:message-id
         :references:cc:in-reply-to:to;
        bh=6n20LY7Gbk1vIJ9y2Ek0mCSqczMDBuYCkKoruXym20c=;
        b=qOIuXMr7r5BjTTN+iUHHZHwXO2d7fltI4qfqf6tbvQdh49e6cPRYEmcbGwuGAudwb8
         w30L9oHSj79cz2PbPcfqcB0XK5ilmwynVKV5aJeHITXsOfGQ2xUe9v8aFSP2LLudhaqZ
         5EuvCyJJGJ3MGeULZocj6JU8fEJyVtrln/UygU9d8PPqtZxL46O0XGUSRS+39CSaFCaR
         PhuepTAcAYHA+JKjnq+oXEayOFQCah3uurRAwCjTvqdoLYAUh8wSQQCctFOTihvo8swD
         tQpwBaUvnbY54Av/9UrQQY8UAW1JwMUpiJdvP7Al5IAKyacPUWPBhZ8RkUJSh68erc9A
         ehOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:content-transfer-encoding:from:mime-version
         :subject:date:message-id:references:cc:in-reply-to:to;
        bh=6n20LY7Gbk1vIJ9y2Ek0mCSqczMDBuYCkKoruXym20c=;
        b=jts2s5rCR2YzJ9kfPXxVFzD7jZOai3sb2vryETA5h5MRlyURUEijZ1q7ZWQ2c42Ozr
         XNt0OImWeO0/QKdEMstmmxNTzigTpRd8t4oHECZ2eM8Dwh+n21UYcUZU9LzkD/KWxGZv
         VL7fGU8MQCB9NOVxVqYVh6UJCN6gcv8xGIkQK6M1Rnz/cywJWs8z0CV1uoLLoJ+wfJi0
         QN9JRyw8omHj+YJ/mWn2AWY8XhIF2D42h9IjlN/4Nkor8HDiDrrGT0U47SPV3fHA6s6E
         JM7pJ1ayT5kNX+7LWTbp3cJrFDk9CQs+X19FXjHmFRQu4Mk4dduZvZPyU+TEoEUA+x6K
         4a5g==
X-Gm-Message-State: APjAAAXwbM6TB5l5um7POzUH/I3jieg1E6WiCanmEaNjvPefMr8YTD14
        VhPEP4I7WtxFxVPxmhxG7AOmnE7DErY=
X-Received: by 2002:a63:f20a:: with SMTP id v10mr10098705pgh.420.1581479295020;
        Tue, 11 Feb 2020 19:48:15 -0800 (PST)
Received: from ?IPv6:2601:646:c200:1ef2:d1cf:7a62:c997:6a4b? ([2601:646:c200:1ef2:d1cf:7a62:c997:6a4b])
        by smtp.gmail.com with ESMTPSA id 72sm6294836pfw.7.2020.02.11.19.48.13
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 11 Feb 2020 19:48:14 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
From:   Andy Lutomirski <luto@amacapital.net>
Mime-Version: 1.0 (1.0)
Subject: Re: [RFC PATCH 00/62] Linux as SEV-ES Guest Support
Date:   Tue, 11 Feb 2020 19:48:12 -0800
Message-Id: <BD48E405-8E3F-4EEE-A72A-8A7EDCB6A376@amacapital.net>
References: <20200211135256.24617-1-joro@8bytes.org>
Cc:     x86@kernel.org, hpa@zytor.com, Andy Lutomirski <luto@kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Hellstrom <thellstrom@vmware.com>,
        Jiri Slaby <jslaby@suse.cz>,
        Dan Williams <dan.j.williams@intel.com>,
        Tom Lendacky <Thomas.Lendacky@amd.com>,
        Juergen Gross <JGross@suse.com>,
        Kees Cook <keescook@chromium.org>,
        linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
        virtualization@lists.linux-foundation.org,
        Joerg Roedel <jroedel@suse.de>
In-Reply-To: <20200211135256.24617-1-joro@8bytes.org>
To:     Joerg Roedel <joro@8bytes.org>
X-Mailer: iPhone Mail (17D50)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



> On Feb 11, 2020, at 5:53 AM, Joerg Roedel <joro@8bytes.org> wrote:

>=20
>=20
>    * Putting some NMI-load on the guest will make it crash usually
>      within a minute

Suppose you do CPUID or some MMIO and get #VC. You fill in the GHCB to ask f=
or help. Some time between when you start filling it out and when you do VMG=
EXIT, you get NMI. If the NMI does
its own GHCB access [0], it will clobber the outer #VC=E2=80=99a state, resu=
lting in a failure when VMGEXIT happens. There=E2=80=99s a related failure m=
ode if the NMI is after the VMGEXIT but before the result is read.

I suspect you can fix this by saving the GHCB at the beginning of do_nmi and=
 restoring it at the end. This has the major caveat that it will not work if=
 do_nmi comes from user mode and schedules, but I don=E2=80=99t believe this=
 can happen.

[0] Due to the NMI_COMPLETE catastrophe, there is a 100% chance that this ha=
ppens.=