On Tue, Jun 08, 2021 at 11:54:36AM +0200, Joerg Roedel wrote:

From: Joerg Roedel <redacted>

Use irqentry_enter() and irqentry_exit() to track the runtime state of
the #VC handler. The reason it ran in NMI mode was solely to make sure
nothing interrupts the handler while the GHCB is in use.

This is handled now in sev_es_get/put_ghcb() directly, so there is no
reason the #VC handler can not run in normal IRQ mode and enjoy the
benefits like being able to send signals.

You sure?

So #VC cannot happen with IRQs disabled?

	raw_spin_lock_irq(&my_lock);
	<#VC>
		raw_spin_lock_irqsave(&my_lock); // whoopsie

Every exception that can happen with IRQs disabled must be NMI like.

Again, what you seem to want is to split the handler in a from-user and
from-kernel way, just like we did with #DB and MCE. See how
exc_debug_user() is IRQ-like and can send signals, while
exc_debug_kernel() is NMI like and can not.