Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp2767732imw; Wed, 6 Jul 2022 11:22:55 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sJyXmXugtBRA65Rr2fCsvj9DjXCKZuZRjcoTQqeTCDcNeyq+Pe0sNYdPuZYjn4xVcpzjx6 X-Received: by 2002:a63:90c8:0:b0:412:94e8:2f03 with SMTP id a191-20020a6390c8000000b0041294e82f03mr4317277pge.197.1657131775323; Wed, 06 Jul 2022 11:22:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657131775; cv=none; d=google.com; s=arc-20160816; b=qthaBVZwlipA33+zvM+eavwqW95mYol8uGHi4SR3lxSlG3Rz7hGwCn5Zn+m8puVACV RFH2ol1YdOadgnNpTlI3hRHkkLQDNSf4wj9b8B+vo7lVYPZFqEsp47xaCti7C1zSMtI2 Lz25TMAwtPubJJ0VYvxeRBsiHSTMKh9a8OP3JAm+PXjShcnDTXakBBCZZVTcZDI/D/ZZ /eUsC8BO7WtdxIGhc1SO+ddjJUiZYJrqcR8W0owgKBMCXW9ophv2LcVrnUw6ci/Ly/gU 8z8ipqsVedUC0Q9qEyG4PzWtuepgu7XhtnNxi8CG4wYH7MLLVGsa3QEpwYnl2OjubTqB oWbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=7fWRDNeX9MMfp7ZEnj1zISls/i3Z9E63XbcmRmnrtV4=; b=VNHWN8DEGdEBLn6o6PVHpIv5hdwKmRjPNfDVm0JSQTxsy7tRB04Tokun7FJdfkaPAP iOD6tgpcup3J7MLl4rPeP9GbkM8/+F+VjrZnNr8CYNdSyVlmY6IRGBa5bNZveeZUCPvA zD/qVuQBncmYrizmtBSrMzmk48bzTVUMNDykJHbXkwJklr1yHfIj2WRbjnex/ybZsdyr MbNnf4LAZTrlwUqdOOWTx97Ws2faCqSlgzKov+7NKDhh3YhT4mEqG6U4aR1T7N9nu338 Yzq1AkcD9tbyJXZ5OjMTOFyZyTp7OLtTs1d8czwHokzhRF9IT1uB6WXMHnWzYNx4+ltD TGHQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=LSY5fpPH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h69-20020a638348000000b004126f7aa5c6si7430789pge.183.2022.07.06.11.22.41; Wed, 06 Jul 2022 11:22:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=LSY5fpPH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234273AbiGFSNz (ORCPT + 99 others); Wed, 6 Jul 2022 14:13:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57068 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234373AbiGFSNt (ORCPT ); Wed, 6 Jul 2022 14:13:49 -0400 Received: from mail-oa1-x30.google.com (mail-oa1-x30.google.com [IPv6:2001:4860:4864:20::30]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 25B2E62D4 for ; Wed, 6 Jul 2022 11:13:48 -0700 (PDT) Received: by mail-oa1-x30.google.com with SMTP id 586e51a60fabf-10c0430e27dso10875401fac.4 for ; Wed, 06 Jul 2022 11:13:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7fWRDNeX9MMfp7ZEnj1zISls/i3Z9E63XbcmRmnrtV4=; b=LSY5fpPHj4ODjWxLFsQ9CCFHdMccQXXVWbagQg8W6sKSpRG79C61MjDBvwdytJYiP1 v/sOP4TlMEi9u8iCMRIvpNMnk5MDT30+cGLjsGLXmiI2SiSk+7ojKAmmRyYdGZWz/gKH jyRYhjWDLxcCB4tk8HADZx8VemvH77M4nBLeqNxfXlkrDsVzmXIYbSVch2LVL5RzMDXF vgDLZUpSMPj2TdbmuXkGJ+Q5hphs9i9pMD+RX2jt5UxnqjSeof3u1cu4LqnFJDTTEb9j +RIB3tV1O8+E3L3JcHABdZKK4JPWtxLMy0cLIOjyQdvA5UCtCUCXZ860tRxOYl3nVMLM Yt/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7fWRDNeX9MMfp7ZEnj1zISls/i3Z9E63XbcmRmnrtV4=; b=goYh4dw8PxdJhQaRX7P4o3wTkTbaSRHIiX9AbCoL1FF8c6lEOWkANDuY9svs2meBpS j0+xWhOcLvJTbWlRei4NveBGV7xh3c+lENf9I+943DTA0eBIy6PfVRP8gj9vIBwHKnH6 Do1zCL1Y0VoFUtGkXZ5C+8u7y5n//FRLb/MVblfI1Cd+oKb02IfTnPBnqmzmPnL7UdBQ tKoMaRO2KEk6We+9rYFiCX2Y1ebVD/V18bqq0FN+3VWRpE44HmetWM9l2aESDkNUdbC6 kQZ4m9MQ3uLs272YEl1LWYSBf6q1k9LuL0S5H4PNHTKGOBr28rlX1krnXDqWbtQWRd3c RPrw== X-Gm-Message-State: AJIora91BoWBL43NbMye+a5y8rp/Yz9E0q0RfXXXoQtph19Die2QN76v llzrCWbIDdZL/Vv+TqBObwd/rrgL2oewOErPiU+MrQ== X-Received: by 2002:a05:6870:56aa:b0:10b:f4fb:8203 with SMTP id p42-20020a05687056aa00b0010bf4fb8203mr11908251oao.181.1657131227362; Wed, 06 Jul 2022 11:13:47 -0700 (PDT) MIME-Version: 1.0 References: <20220621150902.46126-1-mlevitsk@redhat.com> <20220621150902.46126-12-mlevitsk@redhat.com> <42da1631c8cdd282e5d9cfd0698b6df7deed2daf.camel@redhat.com> <289c2dd941ecbc3c32514fc0603148972524b22d.camel@redhat.com> In-Reply-To: <289c2dd941ecbc3c32514fc0603148972524b22d.camel@redhat.com> From: Jim Mattson Date: Wed, 6 Jul 2022 11:13:36 -0700 Message-ID: Subject: Re: [PATCH v2 11/11] KVM: x86: emulator/smm: preserve interrupt shadow in SMRAM To: Maxim Levitsky Cc: kvm@vger.kernel.org, Sean Christopherson , x86@kernel.org, Kees Cook , Dave Hansen , linux-kernel@vger.kernel.org, "H. Peter Anvin" , Borislav Petkov , Joerg Roedel , Ingo Molnar , Paolo Bonzini , Thomas Gleixner , Vitaly Kuznetsov , Wanpeng Li Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 5, 2022 at 6:38 AM Maxim Levitsky wrote: > Most of the SMI save state area is reserved, and the handler has no way of knowing > what CPU stored there, it can only access the fields that are reserved in the spec. > > Yes, if the SMI handler really insists it can see that the saved RIP points to an > instruction that follows the STI, but does that really matter? It is allowed by the > spec explicitly anyway. I was just pointing out that the difference between blocking SMI and not blocking SMI is, in fact, observable. > Plus our SMI layout (at least for 32 bit) doesn't confirm to the X86 spec anyway, > we as I found out flat out write over the fields that have other meaning in the X86 spec. Shouldn't we fix that? > Also I proposed to preserve the int shadow in internal kvm state and migrate > it in upper 4 bits of the 'shadow' field of struct kvm_vcpu_events. > Both Paolo and Sean proposed to store the int shadow in the SMRAM instead, > and you didn't object to this, and now after I refactored and implemented > the whole thing you suddently do. I did not see the prior conversations. I rarely get an opportunity to read the list. > However AMD just recently posted a VNMI patch series to avoid > single stepping the CPU when NMI is blocked due to the same reason, because > it is fragile. The vNMI feature isn't available in any shipping processor yet, is it? > Do you really want KVM to single step the guest in this case, to deliver the #SMI? > I can do it, but it is bound to cause lot of trouble. Perhaps you could document this as a KVM erratum...one of many involving virtual SMI delivery.