Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp311491ybh;
        Wed, 15 Jul 2020 02:35:55 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJysp/zh7ohY1RHUawJcyqfbr5DK0NIimn9+89lIJeiDlKWYJIahi5zfx1FT4iCqYFwdZVKT
X-Received: by 2002:a17:906:40d7:: with SMTP id a23mr8173659ejk.421.1594805755245;
        Wed, 15 Jul 2020 02:35:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1594805755; cv=none;
        d=google.com; s=arc-20160816;
        b=bdZ25RWY+4NiFu36diDO8eyHmf2/ZUpDpC/k9x0h2CNwgbdR0FHr3aTTqLvVLto4Kp
         yStUiaQEhKJEqzkvsAZx5RegZa0IAXIWPPiLW32CoRqxrQ3myiB0bbOt+PdKXAKVMl1I
         D5wDMbhzgdrvQUdK2mREcYNlbAqoOS58wWaCL0b25kJnK6a1V/ZLdQKpYTDATQ90rLY8
         zJDlwupJFPGMq+YS8m6NV5u7qqwpG4GOptrPc3XVeewY6DwbZK7u0hRl+IF4aI7Iw51S
         dxK9OilrR6+5LSNC+GGVb8EL4uLcdZSrbbZoslpMlKtvgcGDSW8UlzS96VKqFQJ/hdS4
         f6gQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=G3U7TLxheiLpWDKXWeU9wGgbppWFetgTZ88ngqUCeBQ=;
        b=gYnSDQrHlyOWq4cTGj/nn/QVNY1FxRTQFWrC66mZTIdehkUFX7ZRCBvsm5/W5FKrql
         aG9lmdXav0BeG5NPPLIZqAOZ6b4wWZSYaAUXsIpFOWknKq3jht3r9KYkkq8d4BUpoX6a
         6tWayBOf51PQmxvzSYHc8uqrGRxH+/8c22FO/cFx7PyF8NmyVepmZ+4iCUFzU7hYEIhZ
         KX7MN6LarOFl+ZqHAk2OC/yGjqRHoE0dtjpKyVTnnp3rUe3jppxTLE7wkpf9ASk6ff5I
         XgOMo+5MfOP3wytftZftTx2kB1MVdz8/2ev/iPuPE9PwQ2BI2pMCvRR01NchpawQ78QQ
         XRMA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id w6si937029eja.471.2020.07.15.02.35.31;
        Wed, 15 Jul 2020 02:35:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730703AbgGOJ0m (ORCPT <rfc822;xqjcool@gmail.com> + 99 others);
        Wed, 15 Jul 2020 05:26:42 -0400
Received: from [195.135.220.15] ([195.135.220.15]:36262 "EHLO mx2.suse.de"
        rhost-flags-FAIL-FAIL-OK-OK) by vger.kernel.org with ESMTP
        id S1729869AbgGOJ0m (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 15 Jul 2020 05:26:42 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.221.27])
        by mx2.suse.de (Postfix) with ESMTP id 0D1F0AF6F;
        Wed, 15 Jul 2020 09:26:44 +0000 (UTC)
Date:   Wed, 15 Jul 2020 11:26:38 +0200
From:   Joerg Roedel <jroedel@suse.de>
To:     Kees Cook <keescook@chromium.org>
Cc:     Joerg Roedel <joro@8bytes.org>, x86@kernel.org, hpa@zytor.com,
        Andy Lutomirski <luto@kernel.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Jiri Slaby <jslaby@suse.cz>,
        Dan Williams <dan.j.williams@intel.com>,
        Tom Lendacky <thomas.lendacky@amd.com>,
        Juergen Gross <jgross@suse.com>,
        David Rientjes <rientjes@google.com>,
        Cfir Cohen <cfir@google.com>,
        Erdem Aktas <erdemaktas@google.com>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Mike Stunes <mstunes@vmware.com>,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        Martin Radev <martin.b.radev@gmail.com>,
        linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
        virtualization@lists.linux-foundation.org
Subject: Re: [PATCH v4 70/75] x86/head/64: Don't call verify_cpu() on
 starting APs
Message-ID: <20200715092638.GJ16200@suse.de>
References: <20200714120917.11253-1-joro@8bytes.org>
 <20200714120917.11253-71-joro@8bytes.org>
 <202007141837.2B93BBD78@keescook>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <202007141837.2B93BBD78@keescook>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Kees,

thanks for your reviews!

On Tue, Jul 14, 2020 at 06:40:30PM -0700, Kees Cook wrote:
> Eek, no. MSR_IA32_MISC_ENABLE_XD_DISABLE needs to be cleared very early
> during CPU startup; this can't just be skipped.

That MSR is Intel-only, right? The boot-path installed here is only used
for SEV-ES guests, running on AMD systems, so this MSR is not even
accessed during boot on those VMs.

The alternative is to set up exception handling prior to calling
verify_cpu, including segments, stack and IDT. Given that verify_cpu()
does not add much value to SEV-ES guests, I'd like to avoid adding this
complexity.

> Also, is UNWIND_HINT_EMPTY needed for the new target?

Yes, I think it is, will add it in the next version.

Regards,

	Joerg