Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp369272ybh; Wed, 15 Jul 2020 04:16:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyGpY1QoAxZ+oCvnyBKYTAvgXWBb6n0faN1XRrGs5A68P8GOPTMFcaGnBiAFIAGO944SRHk X-Received: by 2002:a05:6402:3099:: with SMTP id de25mr9190582edb.228.1594811813239; Wed, 15 Jul 2020 04:16:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594811813; cv=none; d=google.com; s=arc-20160816; b=T1mhWM9AufQg/ncrvODz6NDmrfyMq1SkNh4oDByvobDXH7/hjeoyCqwQhtM1PHpGV8 UBX8BtDo0MtJARHUmtSVnsA+qD8Yu6XLe3b0DwQLEmAmEAcUZ6QZNpMrneX0+5fHqBrS Lk1N/3MzRSZWCVDUpEkUv+ZE3K43Of6Ji48JzZxla6qKiCK9QAR6DXLv4ylGQthwM39+ M0kiSZIPfN5LkjcXetegOPZOo7tqbcIc/YBIw48WNa67qMeXw92AnGEPyfds+/ms4FDt 0IByhuqkkZniFWa5liTxxWPrImeScacSz8Oa2sNvaaNJ16pNAsS8tHCQva5WNteJYrnb HDFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=icvsh0UAC9qH2aXd5iDWHDNfzNryn9ZQFj2YeE2x3Lo=; b=IjTN0iKIOmC8rtsJU5WlROGW2M1epZTC5z8EzSbF26rY1+QeQe81ZUUQuyfOk8Lc7P pNq5FOdch/+iKhkHDGll9OBl8e4IR7qLHjtvKU+1Sf1vgrZhgWBl6EpWnFAk5lw51TS6 AgJba4/YjmQOgB9/f8uFCmkxhbIvhXgD7V1umJIPhCtJxYFv54pCBxzv7VcUI98nHnYi gXd/yU7Acp2SgMtc8gD5k7y/gh4SATn5RnibHEtZERCkkLPLEKh3eKarp5wcCsN7XD7U s27jSfqNGuWRiLwCLqgEuAXuqfiU6i3wF/JErFjm+bOtux6HLegLbm+YVtW+18+j4wea mt7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b="aVqwxJf/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s27si1007729ejd.181.2020.07.15.04.16.26; Wed, 15 Jul 2020 04:16:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=merlin.20170209 header.b="aVqwxJf/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730805AbgGOJ4K (ORCPT + 99 others); Wed, 15 Jul 2020 05:56:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37518 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726511AbgGOJ4J (ORCPT ); Wed, 15 Jul 2020 05:56:09 -0400 Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 28DE2C061755; Wed, 15 Jul 2020 02:56:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=icvsh0UAC9qH2aXd5iDWHDNfzNryn9ZQFj2YeE2x3Lo=; b=aVqwxJf/YogDENWanh6k54iAGI 9UWG/KMCQJeVdsLop0VPQ79Zr/SQfouIqOsOlLMxUwWnqkkXy4Oh6Sdw/0KZmzWZ+HycSExS2RqNy 4dCX+oEmw4S4UUGMrF4jUES2V8rnOvJZW5gkCi41UyGni8n7w/OrL1RNO/WQxMeHqsC2fiV7h7ERZ 78bzlQI2ze2+W5xpUlOrrCFcz/VkLV+AAj1M68CU/vKoQVKVDI+82A0HARYOp8qUjd6peTUn0XET0 PNeM9BfgcQNefofCusAPr5QFt3rPrPGPI7BUEVpSgW60HTQaWwS/lB8IqzlYdsOcP1WPds8VPAGzb ri6mySkA==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=noisy.programming.kicks-ass.net) by merlin.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jve8s-0001Wv-P0; Wed, 15 Jul 2020 09:55:59 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id E514A302753; Wed, 15 Jul 2020 11:55:56 +0200 (CEST) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id D1352207A6655; Wed, 15 Jul 2020 11:55:56 +0200 (CEST) Date: Wed, 15 Jul 2020 11:55:56 +0200 From: Peter Zijlstra To: Joerg Roedel Cc: Joerg Roedel , x86@kernel.org, hpa@zytor.com, Andy Lutomirski , Dave Hansen , Jiri Slaby , Dan Williams , Tom Lendacky , Juergen Gross , Kees Cook , David Rientjes , Cfir Cohen , Erdem Aktas , Masami Hiramatsu , Mike Stunes , Sean Christopherson , Martin Radev , linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org Subject: Re: [PATCH v4 00/75] x86: SEV-ES Guest Support Message-ID: <20200715095556.GI10769@hirez.programming.kicks-ass.net> References: <20200714120917.11253-1-joro@8bytes.org> <20200715092456.GE10769@hirez.programming.kicks-ass.net> <20200715093426.GK16200@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200715093426.GK16200@suse.de> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jul 15, 2020 at 11:34:26AM +0200, Joerg Roedel wrote: > On Wed, Jul 15, 2020 at 11:24:56AM +0200, Peter Zijlstra wrote: > > Can we get some more words -- preferably in actual code comments, on > > when exactly #VC happens? > > Sure, will add this as a comment before the actual runtime VC handler. Thanks! > > Because the only thing I remember is that #VC could happen on any memop, > > but I also have vague memories of that being a later extention. > > Currently it is only raised when something happens that the hypervisor > intercepts, for example on a couple of instructions like CPUID, > RD/WRMSR, ..., or on MMIO/IOIO accesses. > > With Secure Nested Paging (SNP), which needs additional enablement, a #VC can > happen on any memory access. I wrote the IST handling entry code for #VC > with that in mind, but do not actually enable it. This is the reason why > the #VC handler just panics the system when it ends up on the fall-back > (VC2) stack, with SNP enabled it needs to handle the SNP exit-codes in > that path. And recursive #VC was instant death, right? Because there's no way to avoid IST stack corruption in that case.