Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp3140354ybz; Mon, 27 Apr 2020 10:40:26 -0700 (PDT) X-Google-Smtp-Source: APiQypKHMsTTZnQU98hJifPkjvgWtlelUD1+3Vq7nEHZ2l9+TMjwKzLnt4C5hS1d6ZVrF4RkxIJo X-Received: by 2002:aa7:cf0e:: with SMTP id a14mr6419038edy.188.1588009225805; Mon, 27 Apr 2020 10:40:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588009225; cv=none; d=google.com; s=arc-20160816; b=F6PAtn01HoLZxlhOz43GZtkGBH4sTtKsoPfh9GtndH45sQMH2KiWDQ+tnDxgeGbzFX p3Hf+vNmSsgbeyN0lHbiT+fUfL/a8qOSSD+XKp2HKockHyxdFr2s/ry0Li84+Ou5dZmf cP0OXmMzoX9ad8TTEKrBn+7zkhRnLFekz1hMj5J2yDrNMhrdIWPchpaL6PTUO0ZhQa6q d5UyX5OvxEW+ch9qWp6PWJYfwVWgrQxsSNbX5xQ4deaDPe5r3m59WEWitUEjRLeyIQpY CZSriY06RiJ6FJNWr4cB4mVV6ml53yBitP5Z+y9+nEleFYVcrpC88jKaJrFt/bZLu4JT IQMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=yknuEdnoaxd8NzO3DPNaT9PlaUSym/Jg9J84Sgp+llE=; b=sWp3UsDhi1OCKRNgPXBsmwZeoI/4NAjYhlSQLfxzSffcbCKECqv9Xk5aReHiC7PXCb sqrCYNZP5rSkkobI/cXyFpU8VEtmb9KdmYmRKQ77/XgpUTxBsXPXCxEpMr5kz3Wjv0N8 OJXUPauSe9ko9X+wP/mX9xoPChcC20mQSOaPNj0grDM7/CMte9uu4YHulNyLpfUH0wUr PfX1YPUWsPcdwgxk0eNGzW19HgkA2TnrrgLMl1yT8VaXZg/guaQnRr5KtAzmN2dsKrci dAIduIqf6kMdlLZg8sABSxQIqp8/qcPq4NxOMwEXPHCwkUDpyFrZjEZmE1CAnynkWBF/ 2Clg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=nu+Pwm8C; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z13si152967eju.18.2020.04.27.10.40.01; Mon, 27 Apr 2020 10:40:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=nu+Pwm8C; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726307AbgD0Rhz (ORCPT + 99 others); Mon, 27 Apr 2020 13:37:55 -0400 Received: from mail.kernel.org ([198.145.29.99]:48246 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725963AbgD0Rhz (ORCPT ); Mon, 27 Apr 2020 13:37:55 -0400 Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 27790206D9 for ; Mon, 27 Apr 2020 17:37:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1588009074; bh=CRnrGSfeXKE04SYiSfLjK47OzoOEUP1L82XDJvKWoR4=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=nu+Pwm8C7ZzEGBJLMJ9VwcO6z51c/SaWNuYsdGhtItHu3A+6FYmc/eXSNmTVAb2uK tneA1fuX8ZfPP79F3RSubUzWXXK8kKasgds0aHFbkTeJbXUGK2foYTtQ/f6xlDFlN3 djowQs6+Y1171rpUGBcqSzTO520lNKT2mJFacNgE= Received: by mail-wr1-f53.google.com with SMTP id s10so21572166wrr.0 for ; Mon, 27 Apr 2020 10:37:54 -0700 (PDT) X-Gm-Message-State: AGi0PuaoDMbn+pkSwQX/ZDX3Sj3batRQWuVplvOGQ5PXjIFIK9n03gBn tiU1NkLd81QhTHDxVESDQ3DzDr3ivhxih7TLdDRLjg== X-Received: by 2002:adf:f648:: with SMTP id x8mr27923047wrp.257.1588009072661; Mon, 27 Apr 2020 10:37:52 -0700 (PDT) MIME-Version: 1.0 References: <20200425191032.GK21900@8bytes.org> <910AE5B4-4522-4133-99F7-64850181FBF9@amacapital.net> <20200425202316.GL21900@8bytes.org> In-Reply-To: From: Andy Lutomirski Date: Mon, 27 Apr 2020 10:37:41 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) To: Andy Lutomirski Cc: Joerg Roedel , Joerg Roedel , Dave Hansen , Tom Lendacky , Mike Stunes , Dan Williams , Dave Hansen , "H. Peter Anvin" , Juergen Gross , Jiri Slaby , Kees Cook , kvm list , LKML , Peter Zijlstra , Thomas Hellstrom , Linux Virtualization , X86 ML , Sean Christopherson , Andrew Cooper Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Apr 25, 2020 at 3:10 PM Andy Lutomirski wrote: > > On Sat, Apr 25, 2020 at 1:23 PM Joerg Roedel wrote: > > > > On Sat, Apr 25, 2020 at 12:47:31PM -0700, Andy Lutomirski wrote: > > > I assume the race you mean is: > > > > > > #VC > > > Immediate NMI before IST gets shifted > > > #VC > > > > > > Kaboom. > > > > > > How are you dealing with this? Ultimately, I think that NMI will need > > > to turn off IST before engaging in any funny business. Let me ponder > > > this a bit. > > > > Right, I dealt with that by unconditionally shifting/unshifting the #VC IST entry > > in do_nmi() (thanks to Davin Kaplan for the idea). It might cause > > one of the IST stacks to be unused during nesting, but that is fine. The > > stack memory for #VC is only allocated when SEV-ES is active (in an > > SEV-ES VM). > > Blech. It probably works, but still, yuck. It's a bit sad that we > seem to be growing more and more poorly designed happens-anywhere > exception types at an alarming rate. We seem to have #NM, #MC, #VC, > #HV, and #DB. This doesn't really scale. I have a somewhat serious question: should we use IST for #VC at all? As I understand it, Rome and Naples make it mandatory for hypervisors to intercept #DB, which means that, due to the MOV SS mess, it's sort of mandatory to use IST for #VC. But Milan fixes the #DB issue, so, if we're running under a sufficiently sensible hypervisor, we don't need IST for #VC. So I think we have two choices: 1. Use IST for #VC and deal with all the mess that entails. 2. Say that we SEV-ES client support on Rome and Naples is for development only and do a quick boot-time check for whether #DB is intercepted. (Just set TF and see what vector we get.) If #DB is intercepted, print a very loud warning and refuse to boot unless some special sev_es.insecure_development_mode or similar option is set. #2 results in simpler and more robust entry code. #1 is more secure. So my question is: will anyone actually use SEV-ES in production on Rome or Naples? As I understand it, it's not really ready for prime time on those chips. And do we care if the combination of a malicious hypervisor and malicious guest userspace on Milan can compromise the guest kernel? I don't think SEV-ES is really mean to resist a concerted effort by the hypervisor to compromise the guest. --Andy