Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp5533879rwl;
        Tue, 21 Mar 2023 21:19:28 -0700 (PDT)
X-Google-Smtp-Source: AK7set99mxkphonVG0RP+CuMuZaf9Fs6pRdPkgN6lf4uht79/QChtbdMgMKExzKnxJN7GFNywJ2A
X-Received: by 2002:a17:906:7102:b0:8b1:806b:7dbb with SMTP id x2-20020a170906710200b008b1806b7dbbmr5738610ejj.51.1679458767939;
        Tue, 21 Mar 2023 21:19:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1679458767; cv=none;
        d=google.com; s=arc-20160816;
        b=nxb07I6/Ou1hfZ6+HynAl+72om3WeqWDwkPkKX67hS7Saj7eQYU9gvqx9nY0SBdlNX
         Qz4sry8Rb5P6jcoiq0qjEHR6BUsrEebtprMdTVOcWug4lFOD+X8rF1Gu64BgIOP+oG7l
         qehJ8QKULnIIjqM+uVpkNttjAWYKCvNJzL60UPNvmH0p/CjNoCWlGOvXTzmXmJO5PHHD
         Zap+DL97yAjXJWeErBu6YPIfpbW97Ynp/7lMC0u50pqG84bf7uEk5CkUOfUwNbb+dMFd
         /D1M5TXmfkoRi1jnnaSfLY9xwVE1oyj3K5IBKShLtwF6e5ft89N9hL/6q/zB8FLi/MjB
         ZPhg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:content-language:subject:user-agent:mime-version
         :date:message-id:dkim-signature;
        bh=v7lS/ElJEykP/TU5Ro42M6OH95/2UNJEIGt/5mzQygQ=;
        b=FmX0RFfd+WcZ+InEY5OUnNMFO/luebCEFAbg6byqhdMFKPTssKZvM5/L8NGiDU/BQa
         ALC9F23un7hHGlAYFqWOLFDxlHctMSEK9He81Vj+fO6FkL7UYVmausLnBPXbjJZ5RxKZ
         dYUabsKzcpQwHh130g/ANIg+26Nk21Kw7LmlEWRHXzUq6jPSW7Y+mzh7P3s33ST5UtRm
         fAuimkbiDJ7ZrbjPcUX6jVrLffJE4tSrp+wLMT4LFrGXvBJxODZqISVl1DXAbIfUlzXf
         9ag2BPEIA/HbkQk4SVyXlQcG8V/aPoyw3xHspO/fI2cKYXj67byLuuOYy8uqA3thFpmi
         OVqA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b="Iqh/a+UA";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id v9-20020a170906338900b0093346a7ad4esi10382943eja.1005.2023.03.21.21.19.00;
        Tue, 21 Mar 2023 21:19:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b="Iqh/a+UA";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230330AbjCVEDo (ORCPT <rfc822;a.miskiewicz@gmail.com>
        + 99 others); Wed, 22 Mar 2023 00:03:44 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47098 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230436AbjCVEDT (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 22 Mar 2023 00:03:19 -0400
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5DFDF5BD95;
        Tue, 21 Mar 2023 21:02:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1679457732; x=1710993732;
  h=message-id:date:mime-version:subject:to:cc:references:
   from:in-reply-to:content-transfer-encoding;
  bh=7Hj7tRv4+Rc9UMP86VA4Ii4mE8aI+72mPUgX4/qzk3g=;
  b=Iqh/a+UA/7ZFHwjluWsS/3q6Ihpk6MOMZdWQnSfXZS4Wk8xSJBTVlWja
   Sfgaiy+SKiYE6se6Ga9IA5mJNoEs9hMquc0yKiv8UH6YB7sUQO/cGGBue
   occeMexe+sSscZvzeebj5dT9OmF1Lw+pgP5ob5b1OWJ+UKbQvph6tYVIn
   tMSdsFXRmbC43+6R02RZTLLW0Gi6IvRVsBiqb4oHe9ixCkqxALsLlLlGm
   vCDb0lGEyYi/SPq7g1mpSxD98ngcchf0/nr52JIA+VD9eozr5L39QX2np
   AdSHcvDNqrWklt8kSlOW1VdsWtNiXtNT7rBXRsAfXHFV1K9im07/ZpfVr
   g==;
X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="341477218"
X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; 
   d="scan'208";a="341477218"
Received: from fmsmga005.fm.intel.com ([10.253.24.32])
  by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 21:01:19 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="1011222409"
X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; 
   d="scan'208";a="1011222409"
Received: from rhchan-mobl1.amr.corp.intel.com (HELO [10.212.217.72]) ([10.212.217.72])
  by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 21:01:18 -0700
Message-ID: <7a3bf16a-5ad2-39b0-c68d-f36d40b8dfc4@intel.com>
Date:   Tue, 21 Mar 2023 21:01:17 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.7.1
Subject: Re: [PATCH v5 22/34] x86/fred: FRED initialization code
Content-Language: en-US
To:     "Li, Xin3" <xin3.li@intel.com>,
        Lai Jiangshan <jiangshanlai@gmail.com>,
        "H. Peter Anvin" <hpa@zytor.com>
Cc:     "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "x86@kernel.org" <x86@kernel.org>,
        "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
        "tglx@linutronix.de" <tglx@linutronix.de>,
        "mingo@redhat.com" <mingo@redhat.com>,
        "bp@alien8.de" <bp@alien8.de>,
        "dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
        "peterz@infradead.org" <peterz@infradead.org>,
        "andrew.cooper3@citrix.com" <andrew.cooper3@citrix.com>,
        "Christopherson,, Sean" <seanjc@google.com>,
        "pbonzini@redhat.com" <pbonzini@redhat.com>,
        "Shankar, Ravi V" <ravi.v.shankar@intel.com>
References: <20230307023946.14516-1-xin3.li@intel.com>
 <20230307023946.14516-23-xin3.li@intel.com>
 <CAJhGHyADXz-3PCFS3M_7TJ8qLGJ=4NcV9aBWrpjemuXB_SnMGg@mail.gmail.com>
 <5D679723-D84F-42F0-AD8A-8BD1A38FB6CD@zytor.com>
 <CAJhGHyC0_1xJD2R03-NoRVpMXFTHR4v8CdzyJOZe_k0rdv=NfQ@mail.gmail.com>
 <SA1PR11MB673486AB91F77B468ED1BD82A8869@SA1PR11MB6734.namprd11.prod.outlook.com>
From:   Dave Hansen <dave.hansen@intel.com>
In-Reply-To: <SA1PR11MB673486AB91F77B468ED1BD82A8869@SA1PR11MB6734.namprd11.prod.outlook.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.5 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_NONE,URIBL_BLOCKED autolearn=unavailable
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 3/21/23 19:22, Li, Xin3 wrote:
>> If there is no other concrete reason other than overflowing for assigning NMI and
>> #DB with a stack level > 0, #VE should also be assigned with a stack level > 0, and
>> #BP too. #VE can happen anytime and anywhere, so it is subject to overflowing too.
> With IDT, both #VE and #BP do not use IST, but NMI, #DB, #MC and #DF do.
> 
> Let's keep this "secret" logic for now, i.e., not change the stack levels
> for #VE and #BP at this point. We can do "optimization", i.e., change them
> later ????.

#VE also can't happen anywhere.  There is some documentation about it in
here:

	https://docs.kernel.org/x86/tdx.html#linux-ve-handler

But, basically, the only halfway sane thing a guest might do to hit a
#VE is touch some "MMIO".  The host can *not* cause them in arbitrary
places because of the SEPT_VE_DISABLE attribute.

#VE's also can't nest until after the guest retrieves the "VE info".
That means that the #VE handler at _least_ reaches C code before it's
subject to another #VE and that second one would still need to be
induced by something the guest does explicitly.