Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Message-ID: <0f0ab135-cdd0-0691-e0c1-42645671fe15@amd.com>
Date:   Tue, 30 May 2023 10:59:01 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.11.0
Subject: Re: [RFC PATCH V6 01/14] x86/sev: Add a #HV exception handler
Content-Language: en-US
To:     Peter Zijlstra <peterz@infradead.org>,
        "Gupta, Pankaj" <pankaj.gupta@amd.com>
Cc:     Tianyu Lan <ltykernel@gmail.com>, luto@kernel.org,
        tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
        dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com,
        seanjc@google.com, pbonzini@redhat.com, jgross@suse.com,
        tiala@microsoft.com, kirill@shutemov.name,
        jiangshan.ljs@antgroup.com, ashish.kalra@amd.com,
        srutherford@google.com, akpm@linux-foundation.org,
        anshuman.khandual@arm.com, pawan.kumar.gupta@linux.intel.com,
        adrian.hunter@intel.com, daniel.sneddon@linux.intel.com,
        alexander.shishkin@linux.intel.com, sandipan.das@amd.com,
        ray.huang@amd.com, brijesh.singh@amd.com, michael.roth@amd.com,
        venu.busireddy@oracle.com, sterritt@google.com,
        tony.luck@intel.com, samitolvanen@google.com, fenghua.yu@intel.com,
        pangupta@amd.com, linux-kernel@vger.kernel.org,
        kvm@vger.kernel.org, linux-hyperv@vger.kernel.org,
        linux-arch@vger.kernel.org
References: <20230515165917.1306922-1-ltykernel@gmail.com>
 <20230515165917.1306922-2-ltykernel@gmail.com>
 <20230516093010.GC2587705@hirez.programming.kicks-ass.net>
 <d43c14d9-a149-860c-71d6-e5c62b7c356f@amd.com>
 <20230530143504.GA200197@hirez.programming.kicks-ass.net>
From:   Tom Lendacky <thomas.lendacky@amd.com>
In-Reply-To: <20230530143504.GA200197@hirez.programming.kicks-ass.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?QjZJRXdHdlU2a3RLRHNLeVlFc3lTSGRyWjlaRVlBNmlmMGdtTFA4a0U3TnJF?=
 =?utf-8?B?TExLRmVkU3dZaHRNUGFxNE9BbEdLeGdSRzZMdUkyYzcyUXd5aWVZallNUnhX?=
 =?utf-8?B?YldWSUorb3lsKzVIaVE4UkJnRXlxWGZvVXRkeHNvVWF5UTNMckRsZlVpeVgx?=
 =?utf-8?B?ZGxwYUdTa1ZpdTY5MWlxZnhUWjVydGRQMm9LYUFLZVJtNHRHbU02QU4wNFZE?=
 =?utf-8?B?dkViWG9Wa2daQTJOa2NjWUJibmxSYVhlQTJvOTBYT3R3ZFd0WjAwVjdZVE5k?=
 =?utf-8?B?czk4VjFyVXQzUnplMGl0Rno4eWJQcGo5RytHaEp0OFZEWE9seHBTRHRrY3hX?=
 =?utf-8?B?cTNsVjZMQ3liemVRMUtjdmwvYm4wcnFiQlM1dU9abWcvTU9TeUplcW9zQ0dX?=
 =?utf-8?B?eDVMZS9MWGEvUVBlUHRaNGQ1QlVYR0ppRXF2WG9maHpPL1J0WkQxVzJ1aU11?=
 =?utf-8?B?bDdCc2RCZk1ITExGMTlMWG5xM3Y0ZG5YY05tQW1OMlNmUTJ0NC9KWUJQSk80?=
 =?utf-8?B?bjBFdE51bU1XakZBL0hWMVBwM2NsZDRhVnhxSW56R2dRa2tsZUtmY0xZTm92?=
 =?utf-8?B?RUhyQVlOekV4UjMzM0JMMDB0Ujg3NHU3b0FDV0dKM29PLzdTb0NxdkVzS2k2?=
 =?utf-8?B?RHpieTQzSmwzWUF1NnZRdjVoTzFVZGNTRXMwcXVhTmhEOFlEcy9QYWU0MEVp?=
 =?utf-8?B?OVJadVFuam9OTGtLVHNpWTFIS0Raa3V1MUFLbFV2NUI3SzIrdGRwYWd3bnhZ?=
 =?utf-8?B?Y3pqSlhydDhvWjJ1V1UrMlIzdDBhRlpEMHMyV3dVMS91L05ud1VIbnpDRWZV?=
 =?utf-8?B?WjZZMTduMXNCMHIvcWEyY2hjTGhvRkRNa29WZjg5aUJUTGtUaVVLakpCM09P?=
 =?utf-8?B?WVJ0MUV1U2ZPTWJoaXE1WkI3UzZjV1FUNlJXdkIvVDdSamV5VVNkRHRhVCtw?=
 =?utf-8?B?K3M4M2k1THM5OWcxbWlpUmx6S2o1V3kxWjJVYVdDc1J2L1MreVA5QW1GbTBM?=
 =?utf-8?B?QXBTRkoyaEI3TW1DdHlDNlRkWFY0SkJmVDlrb2xMZldyNmlpZ0E2OUZpdlRP?=
 =?utf-8?B?Rk0rbE45VUxxRWNFY2plcHVTKzJnQnhOS2NBUnJEUHhrc0xidXJPeS9aeGMy?=
 =?utf-8?B?Y3ZUeVRCdkRFV3d1cmlPWmFvdm9zZm44SkpVWk50ZWRUUzFCVFNDL21lZmFT?=
 =?utf-8?B?VkpoWGhWYTZYMDRpVUJHU2czZndIK2hrR2dtUXEyaDhLWWdDd0FNNzRkRGxG?=
 =?utf-8?B?K3hDZ1pWczlmVVY3L0lreUVsMGNUeTF4TnhKeGh2c1BhU0sxbzUrV2lWMDlT?=
 =?utf-8?B?MzNKOEVQejU1K2N0NUVta0xnU1VzQ3hnMGtkemxXbXlnYWFMMTlLVnZodXJP?=
 =?utf-8?B?Y1d0TG9NQVVFUExXa1hHMWI5RWJKbkUxRWEzYktNTkMvOUR0blphTURteFRU?=
 =?utf-8?B?eC9YWTVmeXhHV2VRUHdEbzdYZ0J5dWsvdVZ5TkRZS2VYdWRpS0ZTM2s5Z0RB?=
 =?utf-8?B?aXVFR29PV3Zhc0VGUmtMancxcG5LWVlZVEtwTGI1RXJOOWN4OTg5bTZxY2lJ?=
 =?utf-8?B?YU1LdzNYU3F3WjVoSkd1NmFhY3pvK0o5eVFLYy9keUpxTVRZejQ5NkhtalpS?=
 =?utf-8?B?T3pVSjUwMnJXQm5OMmxJYUU1bExlNXBnOG1JTFQzQW1ncGUwWW1DbE5PSFhp?=
 =?utf-8?B?V2Z6S2w2ZGROeDNISFJYT3hYYXg4VnNzdGMvcFRLaGgvZ2M5RG82MENROFFW?=
 =?utf-8?B?RVNicmJ3c0dvZ3Y4dElHSTlXS0VETkFSYUN2ck9CdXdZZDd4U0M1TFZoMEd1?=
 =?utf-8?B?NkpRNFVsYXZqZkJ0SkJMMVRvc2JHeGVQTCtaeVVqTFRDZnhFNUhneHMyV1R3?=
 =?utf-8?B?Z3pxY0I1QWpIMHBhWkRVRjhQOTZpa3Q0cW0wbWlXdDdVS2s0VHE3SHVCSm8v?=
 =?utf-8?B?NWt6aW5rT2VwOElUemRXdlZzSi9uZEhVSlVEZ3lCYlRkUjl0Tkx0VUR0akJi?=
 =?utf-8?B?d21USkd1aVg3bHg0MWlNWUloRmpyMTZuRjFORFdZaHp3d044VHYvSW9oYlJz?=
 =?utf-8?B?WkFYdDA5eFhiZHJQZFlyWXlXM0dWOHlMdSthdTJyaVY5K1VZR1dQWWVqY1Uz?=
 =?utf-8?Q?nPQ/hX11xin3/3t8DDYA94MKd?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8daa34e6-04e8-475b-f946-08db6126cb9d
X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 May 2023 15:59:05.7777
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: wkD/omVYbZUAmLIXE8LvsjWQaLMAY4uGlX0xqhTIjgEkdVbxUa6KMwB0zJYptrqwTPY0L4nEMQnNkdWmrTQgqw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR12MB9227
X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO,NICE_REPLY_A,
        RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE,
        T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=no autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 5/30/23 09:35, Peter Zijlstra wrote:
> On Tue, May 30, 2023 at 02:16:55PM +0200, Gupta, Pankaj wrote:
>>
>>>> Add a #HV exception handler that uses IST stack.
>>>>
>>>
>>> Urgh.. that is entirely insufficient. Like it doesn't even begin to
>>> start to cover things.
>>>
>>> The whole existing VC IST stack abuse is already a nightmare and you're
>>> duplicating that.. without any explanation for why this would be needed
>>> and how it is correct.
>>>
>>> Please try again.
>>
>> #HV handler handles both #NMI & #MCE in the guest and nested #HV is never
>> raised by the hypervisor.
> 
> I thought all this confidental computing nonsense was about not trusting
> the hypervisor, so how come we're now relying on the hypervisor being
> sane?

That should really say that a nested #HV should never be raised by the 
hypervisor, but if it is, then the guest should detect that and 
self-terminate knowing that the hypervisor is possibly being malicious.

Thanks,
Tom