Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp168224pxf; Wed, 31 Mar 2021 20:30:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzyix1q2FX3KU4kiw52+4y13NkSSi7D/zeoPhS0T9//gFkhKMM1iSc3rgV2ZMSWcliSohO+ X-Received: by 2002:a05:6402:3593:: with SMTP id y19mr7458949edc.317.1617247855883; Wed, 31 Mar 2021 20:30:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617247855; cv=none; d=google.com; s=arc-20160816; b=irta3t+TKV4B7Id9t9bNQOHxWJMB+uDYmv32/a0h5aWdnR8jGqsJG9y2vd6q1AX/B4 q3mK9HrCHGr7Rh+/RiA7MlfNHEhmTqAH15yfCceDhQiEpNe97mxpSACX9rdSR9fcU4J1 0+s7RXpWauNBl5OOFO40MbzMN4ItjBzabySIszJw1FitYvewkGnc/Vy4MUqiaco+k+1a KsGvO60uVxbtuPErEjtkMG4UipeCuno1IWiMWpePoGmOOyu2WAgSb+hzUGm3A+sD59BR OuXnpZOcyoK54nlr9ERvHPmFUQYizMNFYdXLZUAqEOdWQFWZGxugZLvLKTp+hLY3Q0Nr L0Lw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:ironport-sdr :ironport-sdr; bh=AByIXrt6l5+T+w3fLzUiSvAUFSinpelXS0gz8zHe5DE=; b=VdBVudpMRU9diHCDy+ie+4cFWPN6CcdxxxKcL6arVBelbHDXFfbaxE/5ZGZdedJHNH ObMO2Mc7z6xUOvGIQJ6axTrRun3t8tIZv2GESX+W+Vd6+DL1kwdEaaK9YcnKJ3Uz6bq0 tMQkxOwBpx6TOqLfKbhV2+QQ5tgoTDXVJiUJpo8TR4u++HPU5krrhnajGKqllTw7Jkpz FrHinKh0UVAgfiHCC8qKYW94jfLcJxU+eavgXEVz5xfqiAMvR19VNAoTVddvZhGtKz5/ QawakR6WbO6yFarrJ4uZVaLL7mXQ20EXQeJNVXlYnUx/bF3yT2LIpUz1q1QpDUBeI0em LMuQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f1si3054933ejh.95.2021.03.31.20.30.24; Wed, 31 Mar 2021 20:30:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233258AbhDAD3H (ORCPT + 99 others); Wed, 31 Mar 2021 23:29:07 -0400 Received: from mga18.intel.com ([134.134.136.126]:1968 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229497AbhDAD2a (ORCPT ); Wed, 31 Mar 2021 23:28:30 -0400 IronPort-SDR: 2MTUcjlbQ4ojpHzQMKpJIHi9fyXm0HVx6iqdb+zM1IJEhlHEwKCsc0mJ/df5Na3+ZcvgJl/Tzr eAt0imU0LM+g== X-IronPort-AV: E=McAfee;i="6000,8403,9940"; a="179673824" X-IronPort-AV: E=Sophos;i="5.81,295,1610438400"; d="scan'208";a="179673824" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Mar 2021 20:28:28 -0700 IronPort-SDR: jFzuCrbarKH2l5etqdYvkXLFpiSuobIgylq4Nl/71ddc5yuctmlS/Vdyn/XaFkHh49I7q/bN+K N1yaoDAKonmw== X-IronPort-AV: E=Sophos;i="5.81,295,1610438400"; d="scan'208";a="418984789" Received: from tassilo.jf.intel.com ([10.54.74.11]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Mar 2021 20:28:28 -0700 Date: Wed, 31 Mar 2021 20:28:27 -0700 From: Andi Kleen To: Dave Hansen Cc: "Kuppuswamy, Sathyanarayanan" , Sean Christopherson , Peter Zijlstra , Andy Lutomirski , Kirill Shutemov , Kuppuswamy Sathyanarayanan , Dan Williams , Raj Ashok , linux-kernel@vger.kernel.org Subject: Re: [PATCH v4 1/1] x86/tdx: Handle MWAIT, MONITOR and WBINVD Message-ID: <20210401032827.GI1285835@tassilo.jf.intel.com> References: <2FE32855-EA5D-44E4-AACC-25E9B1476547@amacapital.net> <5d961c25-3dee-4a5d-4bba-a97d157a5a49@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > The hardware (and VMMs and SEAM) have ways of telling the guest kernel > what is supported: CPUID. If it screws up, and the guest gets an > unexpected #VE, so be it. The main reason for disabling stuff is actually that we don't need to harden it. All these things are potential attack paths. > > We don't have all kinds of crazy handling in the kernel's #UD handler > just in case a CPU mis-enumerates a feature and we get a #UD. We have > to trust the underlying hardware to be sane. If it isn't, we die a > horrible death as fast as possible. Why should TDX be any different? That's what the original patch did -- no unnecessary checks -- but reviewers keep asking for the extra checks, so Sathya added more. We have the not unusual problem here that reviewers don't agree among themselves. -Andi