Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp2718532pxb;
        Thu, 3 Feb 2022 12:40:21 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyhfJUy9cVEa9+PX03D6I/Bzmn3c/0HX5wABzz46ud/sNJPB/PHtSJxfQLX9VDbu/tz0QxR
X-Received: by 2002:a05:6a00:2402:: with SMTP id z2mr33917315pfh.42.1643920821510;
        Thu, 03 Feb 2022 12:40:21 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1643920821; cv=none;
        d=google.com; s=arc-20160816;
        b=edkGIClf2d4Ge+xyFFhZ58FXrAqXc0Q1Zg72actQJBgofMve/xkobtQfBlXPZliGeh
         lxAg1CcLrr6TojGPbJg1P7l7r5rzMf9p56/89sU8eYpG7hTpYWg3z5+BsI0sWMpgBxR+
         xNnmVjhNWDfEvjmw/vq5J3hwsLfoBqqIrpmou501VaxNBzyqekipfvYrPurLfEzWJF/y
         4LJiaGsrbca5iDrtYRi8RfXaXKQhOdEh1bfTlhn8+ax/CtIiKw6kG2cXclNd/amn4uls
         yHMO+Dc/eTPcxtxs+5BOyaXGFdmDop68TqJmMWrcTmbhcJBZHsdo7AEj46ODPkFqY9nR
         cVIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:message-id:date:references
         :in-reply-to:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=AGiWiIHa+2yZNcbqcByB7204HPvD7D4tghhSB7+YXHA=;
        b=cVO/4m9ChdT48KSCziLwcrtNiY2yhSIYnHlZ7borl05btn21X48UIxCfTKvuuqEZR9
         +QI6kI7PAbtkz6+OtlGr3pY2BVdkmLQG1V76O0SqfNrX2mEiW2YlmgLd83LHeq2E0RU5
         EbF7M5G6W1eP+9US8Xc1tao5KoJWLGIdHtGUxOmMKF768fxzYWsFYm0XUT2TPiLk3yqd
         Gc1k4gm5x6fTH048Beo9Vy+8O8bRIlai0UIjsizMG8SPQqBTwE6JTvn0zkV+Pg2LO5vc
         NEZd31tV94BHuA0s5v9Pr0NxWcADeqVh20Bmm2XI1pp4xoXhNoGkfIXWoh1n2ycJmYZJ
         qbeQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=ZRAm9VXK;
       dkim=neutral (no key) header.i=@linutronix.de header.b=f7lTnpw3;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id z25si22618030pgu.240.2022.02.03.12.40.07;
        Thu, 03 Feb 2022 12:40:21 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=ZRAm9VXK;
       dkim=neutral (no key) header.i=@linutronix.de header.b=f7lTnpw3;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S243731AbiBBBqV (ORCPT <rfc822;xiejw.io@gmail.com> + 99 others);
        Tue, 1 Feb 2022 20:46:21 -0500
Received: from Galois.linutronix.de ([193.142.43.55]:43676 "EHLO
        galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234657AbiBBBqT (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 1 Feb 2022 20:46:19 -0500
From:   Thomas Gleixner <tglx@linutronix.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020; t=1643766378;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=AGiWiIHa+2yZNcbqcByB7204HPvD7D4tghhSB7+YXHA=;
        b=ZRAm9VXKUXAlKDa/0few4F9ACdyAEcFBXtZqLXAfAjba3ycamueBcYvbrDeSMLc77Bo8KE
        uYF8p+ipR6HEh9uCm3ON+M+WAArN1t9WXgU1J61WaAp8rUzf9vspVg+ZYWssMZADWOTu0A
        mb5s1VB273+p9PJVymN9cZHYfQRYyefG2tbOMSPWjSxH98FghP/ZUPNNfAw+rv1dWPDhvY
        dipYwmGQANfut7Q2y48gbCibOLBrsZZ41+Dh+aW0GkS3moO15NsL3yE46BAy+Mw9mD8iRz
        TZ70wgY/eR4CqylShjx3p1Zv1/uoZBp3NPB0hVW5NfJ6pC+01kONTnpdU/nmnQ==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020e; t=1643766378;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=AGiWiIHa+2yZNcbqcByB7204HPvD7D4tghhSB7+YXHA=;
        b=f7lTnpw3eN2aKkRxWSlT6IGvu6n8rka/WwFH0T0paPjPD2hl8aiNkF6LIaCUoDZow5F8e8
        zaBoj01cJ9OJvXCw==
To:     "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
        mingo@redhat.com, bp@alien8.de, dave.hansen@intel.com,
        luto@kernel.org, peterz@infradead.org
Cc:     sathyanarayanan.kuppuswamy@linux.intel.com, aarcange@redhat.com,
        ak@linux.intel.com, dan.j.williams@intel.com, david@redhat.com,
        hpa@zytor.com, jgross@suse.com, jmattson@google.com,
        joro@8bytes.org, jpoimboe@redhat.com, knsathya@kernel.org,
        pbonzini@redhat.com, sdeep@vmware.com, seanjc@google.com,
        tony.luck@intel.com, vkuznets@redhat.com, wanpengli@tencent.com,
        x86@kernel.org, linux-kernel@vger.kernel.org,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: Re: [PATCHv2 28/29] x86/tdx: Warn about unexpected WBINVD
In-Reply-To: <20220124150215.36893-29-kirill.shutemov@linux.intel.com>
References: <20220124150215.36893-1-kirill.shutemov@linux.intel.com>
 <20220124150215.36893-29-kirill.shutemov@linux.intel.com>
Date:   Wed, 02 Feb 2022 02:46:17 +0100
Message-ID: <87y22uujkm.ffs@tglx>
MIME-Version: 1.0
Content-Type: text/plain
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Jan 24 2022 at 18:02, Kirill A. Shutemov wrote:

> WBINVD causes #VE in TDX guests. There's no reliable way to emulate it.
> The kernel can ask for VMM assistance, but VMM is untrusted and can ignore
> the request.
>
> Fortunately, there is no use case for WBINVD inside TDX guests.

If there is not usecase, then why

> Warn about any unexpected WBINVD.

instead of terminating the whole thing?

I'm tired of the "let us emit a warning in the hope it gets fixed'
thinking.

That's just wrong. Any code which has an assumption that it relies on
WBINVD to work correctly has to be analysed and not ignored on the
assumption that there is no use case for WBINVD inside TDX guests.

Its's simply wishful thinking that stuff gets fixed because of a
WARN_ONCE(). This has never worked. The only thing which works is to
make stuff fail hard or slow it down in a way which makes it annoying
enough to users to complain.

This is new technology. Anything which wants to use it has to obey to
the rules of this new technology. Just define it to be: WBINVD is
forbidden. End of story.

The Intel approach of 'Let us tolerate all sins of the past' has been
proven to be wrong, broken and outright dangerous in the past. So why
are you insisting to proliferate that?

Thanks,

        tglx