From: Paolo Bonzini <pbonzini@redhat.com>
To: Peter Zijlstra <peterz@infradead.org>, Andi Kleen <ak@linux.intel.com>
Cc: Joerg Roedel <jroedel@suse.de>,
David Rientjes <rientjes@google.com>,
Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>,
Sean Christopherson <seanjc@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Jon Grimm <jon.grimm@amd.com>,
Thomas Gleixner <tglx@linutronix.de>,
Christoph Hellwig <hch@lst.de>, Ingo Molnar <mingo@redhat.com>,
x86@kernel.org, linux-mm@kvack.org
Subject: Re: AMD SEV-SNP/Intel TDX: validation of memory pages
Date: Sat, 13 Feb 2021 00:51:11 +0100 [thread overview]
Message-ID: <a5bc3a04-62ec-075a-4693-101e5276dde3@redhat.com> (raw)
In-Reply-To: <20210212215852.GL8912@worktop.programming.kicks-ass.net>
On 12/02/21 22:58, Peter Zijlstra wrote:
> But AFAI recursive #VE is entirely possible. The moment #VE reads that
> ve_info thing, NMIs can happen, which can trigger another #VE which then
> clobbers your stack and we're irrecoverably screwed again.
Yes, you need to zero the handler-active word in the info structure, and
at that point recursion can happen.
A while ago Andy proposed re-enabling #VE from an interrupt, that would
have worked at the time since we were concerned with asynchronous page
faults but it wouldn't extend to TDX.
Unlike NMIs, however, #VE handlers can be written so that they only a
single nesting happens. A few months ago, also while discussing #VE for
asynchronous page faults, I came up with a scheme that did exactly that
and handled recursion by flipping the IST between two stacks
(https://lkml.org/lkml/2020/5/15/1239). It should work and it'd be
almost entirely C code, but I don't expect you or Thomas to be ecstatic
about it...
> (also, inhibiting NMI is a seriously dodgy hack, the very last thing x86
> needs is is more ductape on the recursion rules)
I can't disagree about that, but then again I don't see many alternatives.
Paolo
next prev parent reply other threads:[~2021-02-12 23:51 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-02 1:51 AMD SEV-SNP/Intel TDX: validation of memory pages David Rientjes
2021-02-02 13:17 ` Matthew Wilcox
2021-02-02 16:02 ` Kirill A. Shutemov
2021-02-03 0:16 ` Brijesh Singh
2021-02-11 17:46 ` Sean Christopherson
2021-02-02 22:37 ` Andi Kleen
2021-02-11 20:46 ` Peter Zijlstra
2021-02-12 13:19 ` Joerg Roedel
2021-02-12 14:17 ` Peter Zijlstra
2021-02-12 14:53 ` Joerg Roedel
2021-02-12 15:19 ` Peter Zijlstra
2021-02-12 15:28 ` Joerg Roedel
2021-02-12 16:12 ` Peter Zijlstra
2021-02-12 16:18 ` Joerg Roedel
2021-02-12 16:45 ` Peter Zijlstra
2021-02-12 17:48 ` Dave Hansen
2021-02-12 18:22 ` Sean Christopherson
2021-02-12 18:38 ` Andy Lutomirski
2021-02-12 18:43 ` Sean Christopherson
2021-02-12 18:46 ` Dave Hansen
2021-02-12 19:24 ` Sean Christopherson
2021-02-16 10:00 ` Joerg Roedel
2021-02-16 14:27 ` Andi Kleen
2021-02-16 14:46 ` Peter Zijlstra
2021-02-16 15:59 ` Paolo Bonzini
2021-02-16 16:25 ` Joerg Roedel
2021-02-16 16:48 ` Paolo Bonzini
2021-02-16 18:26 ` Joerg Roedel
2021-02-16 18:33 ` Paolo Bonzini
2021-02-16 16:47 ` Peter Zijlstra
2021-02-16 16:57 ` Andy Lutomirski
2021-02-16 17:05 ` Paolo Bonzini
2021-02-16 16:55 ` Andi Kleen
2021-02-12 21:42 ` Andi Kleen
2021-02-12 21:58 ` Peter Zijlstra
2021-02-12 22:39 ` Andi Kleen
2021-02-12 22:46 ` Andy Lutomirski
2021-02-13 9:38 ` Peter Zijlstra
2021-02-12 23:51 ` Paolo Bonzini [this message]
2021-03-23 9:33 ` Joerg Roedel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a5bc3a04-62ec-075a-4693-101e5276dde3@redhat.com \
--to=pbonzini@redhat.com \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=hch@lst.de \
--cc=jon.grimm@amd.com \
--cc=jroedel@suse.de \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=rientjes@google.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.