Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp3836654ybt; Tue, 23 Jun 2020 11:57:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxUcU/gm0lJ3Y081ydIhYV3boRxeRzMk9Y92rMJu2ySf/lbaA3ocB7gXEQiCx5dEI8Gzpl1 X-Received: by 2002:a17:906:7c07:: with SMTP id t7mr16182809ejo.487.1592938622773; Tue, 23 Jun 2020 11:57:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592938622; cv=none; d=google.com; s=arc-20160816; b=AHc7MIdQyi5+iZnJq3rhKFwkQxZWUk0BcVfasVKU7Ausi1I3hX3ZxHnXfhsQaZFiZc 1VXxy0uxCv3lOXkf5vjkEShk/KpAK9WhynS/gVidjLTFiVDsYswhRO2J5gc8NKZP3JdQ 7gX8GoHYFJAOfBGwMZ42KsCxvQUkR4DXKDjV+oXmI6+pgLVk2z8erw9nPtyt/K8MTdF+ sotPn1IKT77OKGJL9C6+Tf7KHWvZeuAHgKOXhGbYUBASgssOqUzS7BVyQMHyKuINSl4C dEmfB34lJn1L8v8ajQrHLQQdMFQBJn/+Wf/EghLtfic35XrIH2gMhczG4PvP7pkIffpK ENsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:ironport-sdr; bh=qwmtsCuGrptZzZl1xRYYJsswg4L+GtE1QfJbHDu4v+4=; b=Ebt8DOQZ+2/ZAVWpXXUDTP3pLE5/3shZAiO5XRsn0gkhjzg4zw82YuR2YoHuDJxv01 9P3ht4UnLUqweqOl52owlqcsf0QBkpEc+u+g+rJv5hWRVWOK0iSLVyhR6t5HUuDL2xpi LTfS4thYha6fGbQ9koKT00SiZuADMVUoMKNKQwWBlwC3SIN/l21iuqnLoWqOi+0l6g9Q mbzTJBVoQSUJIH7DK1ljLafRWpxYZJ4bJgHVNVycoqybwDLZb49l7Jexdm9ajarOYBs0 AeKF9/PL4n55WVkzx/sfJhiS1W27+UmN+zbf/87XbzNORWAI3o18hNhAIPaxKU4npWtR dJ9g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=citrix.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q5si11067546edn.1.2020.06.23.11.56.39; Tue, 23 Jun 2020 11:57:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=citrix.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387434AbgFWS4L (ORCPT + 99 others); Tue, 23 Jun 2020 14:56:11 -0400 Received: from esa2.hc3370-68.iphmx.com ([216.71.145.153]:40565 "EHLO esa2.hc3370-68.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1733170AbgFWS4J (ORCPT ); Tue, 23 Jun 2020 14:56:09 -0400 Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: HZoyfT2vf33w1z9W96Q31xxyjCAMO0xw8TBy2gZTBDmoSy1MZFeXrch2n1spl+f6E/NmTrtxwS k5iP7kQ8cuLxbbU/vnhwv+jjfEP+J4H7JT9PoWyzn9SMW32au21uissWCgPFMqewyZ+dmLcQmm xToOXokdpxYtZvL+C7DQ2JGvzLImSCiT/rWn4+gqqkVjcrBkNDR1toDJYNrOUlwscUAo3zkcWF YwCzwu7QTuQSrF+xGeJofhf4ROYfqp3oP8mmvifiIBd7DBn9hUnF0i5LHE+uR6dxKq+LyfjgFx fo8= X-SBRS: 2.7 X-MesageID: 20764232 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.75,272,1589256000"; d="scan'208";a="20764232" Subject: Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) To: Andy Lutomirski CC: Peter Zijlstra , Joerg Roedel , Joerg Roedel , Dave Hansen , "Tom Lendacky" , Mike Stunes , "Dan Williams" , Dave Hansen , "H. Peter Anvin" , "Juergen Gross" , Jiri Slaby , Kees Cook , kvm list , LKML , Thomas Hellstrom , Linux Virtualization , X86 ML , Sean Christopherson References: <20200425202316.GL21900@8bytes.org> <20200623094519.GF31822@suse.de> <20200623104559.GA4817@hirez.programming.kicks-ass.net> <20200623111107.GG31822@suse.de> <20200623111443.GC4817@hirez.programming.kicks-ass.net> <20200623114324.GA14101@suse.de> <20200623115014.GE4817@hirez.programming.kicks-ass.net> <20200623121237.GC14101@suse.de> <20200623130322.GH4817@hirez.programming.kicks-ass.net> <9e3f9b2a-505e-dfd7-c936-461227b4033e@citrix.com> From: Andrew Cooper Message-ID: <7a7c6e7c-8450-3785-035a-197be9268b70@citrix.com> Date: Tue, 23 Jun 2020 19:56:02 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Language: en-GB X-ClientProxiedBy: AMSPEX02CAS02.citrite.net (10.69.22.113) To AMSPEX02CL02.citrite.net (10.69.22.126) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 23/06/2020 19:26, Andy Lutomirski wrote: > On Tue, Jun 23, 2020 at 8:23 AM Andrew Cooper wrote: >> On 23/06/2020 14:03, Peter Zijlstra wrote: >>> On Tue, Jun 23, 2020 at 02:12:37PM +0200, Joerg Roedel wrote: >>>> On Tue, Jun 23, 2020 at 01:50:14PM +0200, Peter Zijlstra wrote: >>>>> If SNP is the sole reason #VC needs to be IST, then I'd strongly urge >>>>> you to only make it IST if/when you try and make SNP happen, not before. >>>> It is not the only reason, when ES guests gain debug register support >>>> then #VC also needs to be IST, because #DB can be promoted into #VC >>>> then, and as #DB is IST for a reason, #VC needs to be too. >>> Didn't I read somewhere that that is only so for Rome/Naples but not for >>> the later chips (Milan) which have #DB pass-through? >> I don't know about hardware timelines, but some future part can now opt >> in to having debug registers as part of the encrypted state, and swapped >> by VMExit, which would make debug facilities generally usable, and >> supposedly safe to the #DB infinite loop issues, at which point the >> hypervisor need not intercept #DB for safety reasons. >> >> Its worth nothing that on current parts, the hypervisor can set up debug >> facilities on behalf of the guest (or behind its back) as the DR state >> is unencrypted, but that attempting to intercept #DB will redirect to >> #VC inside the guest and cause fun. (Also spare a thought for 32bit >> kernels which have to cope with userspace singlestepping the SYSENTER >> path with every #DB turning into #VC.) > What do you mean 32-bit? 64-bit kernels have exactly the same > problem. At least the stack is okay, though. :) AMD-like CPUs disallow SYSENTER/SYSEXIT in Long Mode, and raise #UD, even from a compatibility mode segment. 64bit kernels only have this problem on Intel-like CPUs. (It is a massive shame that between everyone's attempts, there are 0 "fast system call" instructions with sane semantics, but it is several decades late to fix this problem...) ~Andrew