Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace)

[RFC PATCH 00/70 v2] x86: SEV-ES Guest Support · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 04/70] x86/traps: Move some definitions to <asm/trap_defs.h> · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 10/70] x86/boot/compressed: Fix debug_puthex() parameter type · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 12/70] x86/boot/compressed/64: Add IDT Infrastructure · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 12/70] x86/boot/compressed/64: Add IDT Infrastructure · Arvind Sankar <hidden> · 2020-04-07
Re: [PATCH 12/70] x86/boot/compressed/64: Add IDT Infrastructure · Joerg Roedel <joro@8bytes.org> · 2020-04-16
[PATCH 13/70] x86/boot/compressed/64: Rename kaslr_64.c to ident_map_64.c · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 15/70] x86/boot/compressed/64: Always switch to own page-table · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 15/70] x86/boot/compressed/64: Always switch to own page-table · Borislav Petkov <bp@alien8.de> · 2020-04-06
[PATCH 16/70] x86/boot/compressed/64: Don't pre-map memory in KASLR code · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 20/70] x86/boot/compressed/64: Check return value of kernel_ident_mapping_init() · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 29/70] x86/head/64: Install boot GDT · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 34/70] x86/head/64: Load IDT earlier · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 39/70] x86/sev-es: Setup GHCB based boot #VC handler · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 45/70] x86/sev-es: Harden runtime #VC handler for exceptions from user-space · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 46/70] x86/sev-es: Filter exceptions not supported from user-space · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 53/70] x86/sev-es: Handle RDPMC Events · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 58/70] x86/sev-es: Handle VMMCALL Events · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 65/70] x86/realmode: Setup AP jump table · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 66/70] x86/head/64: Don't call verify_cpu() on starting APs · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 63/70] x86/vmware: Add VMware specific handling for VMMCALL under SEV-ES · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 63/70] x86/vmware: Add VMware specific handling for VMMCALL under SEV-ES · Thomas Hellstrom <hidden> · 2020-03-19
[PATCH 62/70] x86/kvm: Add KVM specific VMMCALL handling under SEV-ES · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 62/70] x86/kvm: Add KVM specific VMMCALL handling under SEV-ES · David Rientjes <rientjes@google.com> · 2020-03-20
Re: [PATCH 62/70] x86/kvm: Add KVM specific VMMCALL handling under SEV-ES · Joerg Roedel <joro@8bytes.org> · 2020-03-20
[PATCH 57/70] x86/sev-es: Handle MWAIT/MWAITX Events · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 51/70] x86/sev-es: Handle WBINVD Events · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 70/70] x86/sev-es: Add NMI state tracking · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 70/70] x86/sev-es: Add NMI state tracking · Andy Lutomirski <luto@kernel.org> · 2020-03-19
Re: [PATCH 70/70] x86/sev-es: Add NMI state tracking · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 70/70] x86/sev-es: Add NMI state tracking · Andy Lutomirski <luto@kernel.org> · 2020-03-19
Re: [PATCH 70/70] x86/sev-es: Add NMI state tracking · Joerg Roedel <hidden> · 2020-03-19
Re: [PATCH 70/70] x86/sev-es: Add NMI state tracking · Andy Lutomirski <luto@kernel.org> · 2020-03-19
Re: [PATCH 70/70] x86/sev-es: Add NMI state tracking · Joerg Roedel <joro@8bytes.org> · 2020-03-20
[RFC PATCH v2.1] x86/sev-es: Handle NMI State · Joerg Roedel <joro@8bytes.org> · 2020-03-20
Re: [RFC PATCH v2.1] x86/sev-es: Handle NMI State · Dave Hansen <hidden> · 2020-03-20
Re: [RFC PATCH v2.1] x86/sev-es: Handle NMI State · Joerg Roedel <joro@8bytes.org> · 2020-03-20
Re: [PATCH 70/70] x86/sev-es: Add NMI state tracking · Mika Penttilä <hidden> · 2020-03-19
Re: [PATCH 70/70] x86/sev-es: Add NMI state tracking · Joerg Roedel <hidden> · 2020-03-19
[PATCH 69/70] x86/cpufeature: Add SEV_ES_GUEST CPU Feature · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 68/70] x86/sev-es: Support CPU offline/online · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 67/70] x86/head/64: Rename start_cpu0 · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 28/70] x86/idt: Move two function from k/idt.c to i/a/desc.h · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 64/70] x86/realmode: Add SEV-ES specific trampoline entry point · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 61/70] x86/paravirt: Allow hypervisor specific VMMCALL handling under SEV-ES · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 60/70] x86/sev-es: Handle #DB Events · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 59/70] x86/sev-es: Handle #AC Events · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 27/70] x86/idt: Split idt_data setup out of set_intr_gate() · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 56/70] x86/sev-es: Handle MONITOR/MONITORX Events · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 55/70] x86/sev-es: Handle RDTSCP Events · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH] Allow RDTSC and RDTSCP from userspace · Mike Stunes <hidden> · 2020-04-24
Re: [PATCH] Allow RDTSC and RDTSCP from userspace · Dave Hansen <hidden> · 2020-04-24
Re: [PATCH] Allow RDTSC and RDTSCP from userspace · Tom Lendacky <thomas.lendacky@amd.com> · 2020-04-24
Re: [PATCH] Allow RDTSC and RDTSCP from userspace · Dave Hansen <hidden> · 2020-04-24
Re: [PATCH] Allow RDTSC and RDTSCP from userspace · Joerg Roedel <hidden> · 2020-04-25
Re: [PATCH] Allow RDTSC and RDTSCP from userspace · Andy Lutomirski <luto@kernel.org> · 2020-04-25
Re: [PATCH] Allow RDTSC and RDTSCP from userspace · Joerg Roedel <joro@8bytes.org> · 2020-04-25
Re: [PATCH] Allow RDTSC and RDTSCP from userspace · Andy Lutomirski <luto@amacapital.net> · 2020-04-25
Re: [PATCH] Allow RDTSC and RDTSCP from userspace · Joerg Roedel <joro@8bytes.org> · 2020-04-25
Re: [PATCH] Allow RDTSC and RDTSCP from userspace · Andy Lutomirski <luto@kernel.org> · 2020-04-25
Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Andy Lutomirski <luto@kernel.org> · 2020-04-27
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Andrew Cooper <hidden> · 2020-04-27
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Tom Lendacky <thomas.lendacky@amd.com> · 2020-04-27
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Joerg Roedel <hidden> · 2020-04-28
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Andrew Cooper <hidden> · 2020-04-28
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Peter Zijlstra <peterz@infradead.org> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Joerg Roedel <hidden> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Peter Zijlstra <peterz@infradead.org> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Joerg Roedel <hidden> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Peter Zijlstra <peterz@infradead.org> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Joerg Roedel <hidden> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Peter Zijlstra <peterz@infradead.org> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Peter Zijlstra <peterz@infradead.org> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Joerg Roedel <hidden> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Peter Zijlstra <peterz@infradead.org> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Joerg Roedel <hidden> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Peter Zijlstra <peterz@infradead.org> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Peter Zijlstra <peterz@infradead.org> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Andrew Cooper <hidden> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Peter Zijlstra <peterz@infradead.org> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Dave Hansen <hidden> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Peter Zijlstra <peterz@infradead.org> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Borislav Petkov <bp@alien8.de> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Andrew Cooper <hidden> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Peter Zijlstra <peterz@infradead.org> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Andrew Cooper <hidden> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Borislav Petkov <bp@alien8.de> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Joerg Roedel <hidden> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Peter Zijlstra <peterz@infradead.org> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Joerg Roedel <hidden> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Peter Zijlstra <peterz@infradead.org> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Joerg Roedel <hidden> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Peter Zijlstra <peterz@infradead.org> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Joerg Roedel <hidden> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Peter Zijlstra <peterz@infradead.org> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Joerg Roedel <hidden> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Peter Zijlstra <peterz@infradead.org> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Andrew Cooper <hidden> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Borislav Petkov <bp@alien8.de> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Andrew Cooper <hidden> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Andy Lutomirski <luto@kernel.org> · 2020-06-23
Re: Should SEV-ES #VC use IST? (Re: [PATCH] Allow RDTSC and RDTSCP from userspace) · Andrew Cooper <hidden> · 2020-06-23
Re: [PATCH] Allow RDTSC and RDTSCP from userspace · Dave Hansen <hidden> · 2020-04-27
Re: [PATCH] Allow RDTSC and RDTSCP from userspace · Joerg Roedel <hidden> · 2020-04-25
[PATCH 54/70] x86/sev-es: Handle INVD Events · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 52/70] x86/sev-es: Handle RDTSC Events · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 50/70] x86/sev-es: Handle DR7 read/write events · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 49/70] x86/sev-es: Handle MSR events · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 48/70] x86/sev-es: Handle MMIO String Instructions · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 47/70] x86/sev-es: Handle MMIO events · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 43/70] x86/sev-es: Wire up existing #VC exit-code handlers · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 42/70] x86/sev-es: Support nested #VC exceptions · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 42/70] x86/sev-es: Support nested #VC exceptions · Andy Lutomirski <luto@kernel.org> · 2020-03-19
Re: [PATCH 42/70] x86/sev-es: Support nested #VC exceptions · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 44/70] x86/sev-es: Handle instruction fetches from user-space · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 40/70] x86/sev-es: Setup per-cpu GHCBs for the runtime handler · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 40/70] x86/sev-es: Setup per-cpu GHCBs for the runtime handler · Mike Stunes <hidden> · 2020-04-14
Re: [PATCH 40/70] x86/sev-es: Setup per-cpu GHCBs for the runtime handler · Tom Lendacky <thomas.lendacky@amd.com> · 2020-04-14
Re: [PATCH 40/70] x86/sev-es: Setup per-cpu GHCBs for the runtime handler · Dave Hansen <hidden> · 2020-04-14
Re: [PATCH 40/70] x86/sev-es: Setup per-cpu GHCBs for the runtime handler · Tom Lendacky <thomas.lendacky@amd.com> · 2020-04-14
Re: [PATCH 40/70] x86/sev-es: Setup per-cpu GHCBs for the runtime handler · Tom Lendacky <thomas.lendacky@amd.com> · 2020-04-14
Re: [PATCH 40/70] x86/sev-es: Setup per-cpu GHCBs for the runtime handler · Joerg Roedel <hidden> · 2020-04-15
Re: [PATCH 40/70] x86/sev-es: Setup per-cpu GHCBs for the runtime handler · Joerg Roedel <hidden> · 2020-04-15
Re: Re: [PATCH 40/70] x86/sev-es: Setup per-cpu GHCBs for the runtime handler · Bo Gan <hidden> · 2020-04-23
Re: Re: [PATCH 40/70] x86/sev-es: Setup per-cpu GHCBs for the runtime handler · Joerg Roedel <hidden> · 2020-04-23
[PATCH 41/70] x86/sev-es: Add Runtime #VC Exception Handler · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 41/70] x86/sev-es: Add Runtime #VC Exception Handler · Andy Lutomirski <luto@kernel.org> · 2020-03-19
Re: [PATCH 41/70] x86/sev-es: Add Runtime #VC Exception Handler · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 41/70] x86/sev-es: Add Runtime #VC Exception Handler · Andy Lutomirski <luto@kernel.org> · 2020-03-19
Re: [PATCH 41/70] x86/sev-es: Add Runtime #VC Exception Handler · Joerg Roedel <hidden> · 2020-03-19
[PATCH 36/70] x86/sev-es: Add SEV-ES Feature Detection · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 38/70] x86/sev-es: Setup early #VC handler · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 37/70] x86/sev-es: Compile early handler code into kernel image · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 35/70] x86/head/64: Move early exception dispatch to C code · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 33/70] x86/head/64: Build k/head64.c with -fno-stack-protector · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 31/70] x86/head/64: Load segment registers earlier · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 32/70] x86/head/64: Switch to initial stack earlier · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 30/70] x86/head/64: Reload GDT after switch to virtual addresses · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 26/70] x86/idt: Move IDT to data segment · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 22/70] x86/boot/compressed/64: Setup GHCB Based VC Exception handler · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 25/70] x86/sev-es: Add CPUID handling to #VC handler · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 23/70] x86/sev-es: Add support for handling IOIO exceptions · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 23/70] x86/sev-es: Add support for handling IOIO exceptions · David Rientjes <rientjes@google.com> · 2020-03-20
Re: [PATCH 23/70] x86/sev-es: Add support for handling IOIO exceptions · Joerg Roedel <hidden> · 2020-03-20
[PATCH 24/70] x86/fpu: Move xgetbv()/xsetbv() into separate header · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 21/70] x86/boot/compressed/64: Add function to map a page unencrypted · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 21/70] x86/boot/compressed/64: Add function to map a page unencrypted · David Rientjes <rientjes@google.com> · 2020-03-20
Re: [PATCH 21/70] x86/boot/compressed/64: Add function to map a page unencrypted · Dave Hansen <hidden> · 2020-03-20
Re: [PATCH 21/70] x86/boot/compressed/64: Add function to map a page unencrypted · Joerg Roedel <joro@8bytes.org> · 2020-03-20
Re: [PATCH 21/70] x86/boot/compressed/64: Add function to map a page unencrypted · Dave Hansen <hidden> · 2020-03-20
Re: [PATCH 21/70] x86/boot/compressed/64: Add function to map a page unencrypted · Joerg Roedel <joro@8bytes.org> · 2020-03-21
[PATCH 18/70] x86/boot/compressed/64: Add stage1 #VC handler · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 18/70] x86/boot/compressed/64: Add stage1 #VC handler · David Rientjes <rientjes@google.com> · 2020-03-20
Re: [PATCH 18/70] x86/boot/compressed/64: Add stage1 #VC handler · Joerg Roedel <joro@8bytes.org> · 2020-03-20
Re: [PATCH 18/70] x86/boot/compressed/64: Add stage1 #VC handler · Borislav Petkov <bp@alien8.de> · 2020-04-06
[PATCH 19/70] x86/boot/compressed/64: Call set_sev_encryption_mask earlier · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 17/70] x86/boot/compressed/64: Change add_identity_map() to take start and end · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 14/70] x86/boot/compressed/64: Add page-fault handler · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 14/70] x86/boot/compressed/64: Add page-fault handler · Borislav Petkov <bp@alien8.de> · 2020-04-02
[PATCH 11/70] x86/boot/compressed/64: Disable red-zone usage · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 11/70] x86/boot/compressed/64: Disable red-zone usage · Borislav Petkov <bp@alien8.de> · 2020-03-31
[PATCH 06/70] x86/umip: Factor out instruction fetch · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 06/70] x86/umip: Factor out instruction fetch · Borislav Petkov <bp@alien8.de> · 2020-03-26
[PATCH 09/70] x86/insn: Add insn_rep_prefix() helper · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 09/70] x86/insn: Add insn_rep_prefix() helper · Masami Hiramatsu <mhiramat@kernel.org> · 2020-03-27
[PATCH 08/70] x86/insn: Add insn_get_modrm_reg_off() · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 08/70] x86/insn: Add insn_get_modrm_reg_off() · Masami Hiramatsu <mhiramat@kernel.org> · 2020-03-27
[PATCH 07/70] x86/umip: Factor out instruction decoding · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 07/70] x86/umip: Factor out instruction decoding · Borislav Petkov <bp@alien8.de> · 2020-03-26
[PATCH 05/70] x86/insn: Make inat-tables.c suitable for pre-decompression code · Joerg Roedel <joro@8bytes.org> · 2020-03-19
Re: [PATCH 05/70] x86/insn: Make inat-tables.c suitable for pre-decompression code · Borislav Petkov <bp@alien8.de> · 2020-03-25
Re: [PATCH 05/70] x86/insn: Make inat-tables.c suitable for pre-decompression code · Masami Hiramatsu <mhiramat@kernel.org> · 2020-03-27
Re: [PATCH 05/70] x86/insn: Make inat-tables.c suitable for pre-decompression code · Joerg Roedel <joro@8bytes.org> · 2020-04-16
Re: [PATCH 05/70] x86/insn: Make inat-tables.c suitable for pre-decompression code · Masami Hiramatsu <mhiramat@kernel.org> · 2020-04-17
Re: [PATCH 05/70] x86/insn: Make inat-tables.c suitable for pre-decompression code · Joerg Roedel <joro@8bytes.org> · 2020-04-17
[PATCH 03/70] x86/cpufeatures: Add SEV-ES CPU feature · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH 01/70] KVM: SVM: Add GHCB definitions · Joerg Roedel <joro@8bytes.org> · 2020-03-19
[PATCH] KVM: SVM: Use __packed shorthard · Borislav Petkov <bp@alien8.de> · 2020-03-23
Re: [PATCH] KVM: SVM: Use __packed shorthard · Joerg Roedel <joro@8bytes.org> · 2020-03-24
[PATCH 02/70] KVM: SVM: Add GHCB Accessor functions · Joerg Roedel <joro@8bytes.org> · 2020-03-19

From: Andrew Cooper <hidden>
Date: 2020-06-23 13:57:28
Also in: kvm, lkml

On 23/06/2020 13:47, Peter Zijlstra wrote:

On Tue, Jun 23, 2020 at 12:51:03PM +0100, Andrew Cooper wrote:

quoted

There are cases which are definitely non-recoverable.

For both ES and SNP, a malicious hypervisor can mess with the guest
physmap to make the the NMI, #VC and #DF stacks all alias.

For ES, this had better result in the #DF handler deciding that crashing
is the way out, whereas for SNP, this had better escalate to Shutdown.
Crashing out hard if the hypervisor is misbehaving is acceptable.

Then I'm thinking the only sensible option is to crash hard for any SNP
#VC from kernel mode.

Sadly that doesn't help with #VC needing to be IST :-( IST is such a
frigging nightmare.

I presume you mean any #VC caused by RMP faults (i.e. something went
wrong with the memory owner/etc metadata) ?

If so, then yes.  Any failure here is a bug in the kernel or hypervisor
(and needs fixing) or a malicious hypervisor and the guest should
terminate for its own safety.

~Andrew
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help