linux-coco.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
From: Peter Zijlstra <peterz@infradead.org>
To: Joerg Roedel <jroedel@suse.de>
Cc: Joerg Roedel <joro@8bytes.org>,
	x86@kernel.org, Hyunwook Baek <baekhw@google.com>,
	hpa@zytor.com, Andy Lutomirski <luto@kernel.org>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Jiri Slaby <jslaby@suse.cz>,
	Dan Williams <dan.j.williams@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Juergen Gross <jgross@suse.com>,
	Kees Cook <keescook@chromium.org>,
	David Rientjes <rientjes@google.com>,
	Cfir Cohen <cfir@google.com>, Erdem Aktas <erdemaktas@google.com>,
	Masami Hiramatsu <mhiramat@kernel.org>,
	Mike Stunes <mstunes@vmware.com>,
	Sean Christopherson <seanjc@google.com>,
	Martin Radev <martin.b.radev@gmail.com>,
	Arvind Sankar <nivedita@alum.mit.edu>,
	linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
	kvm@vger.kernel.org, virtualization@lists.linux-foundation.org
Subject: Re: [PATCH v2 5/8] x86/sev-es: Leave NMI-mode before sending signals
Date: Wed, 19 May 2021 21:31:58 +0200	[thread overview]
Message-ID: <20210519193158.GJ21560@worktop.programming.kicks-ass.net> (raw)
In-Reply-To: <YKVjRJmva/Y2EHPZ@suse.de>

On Wed, May 19, 2021 at 09:13:08PM +0200, Joerg Roedel wrote:
> Hi Peter,
> 
> thanks for your review.
> 
> On Wed, May 19, 2021 at 07:54:50PM +0200, Peter Zijlstra wrote:
> > On Wed, May 19, 2021 at 03:52:48PM +0200, Joerg Roedel wrote:
> > > --- a/arch/x86/kernel/sev.c
> > > +++ b/arch/x86/kernel/sev.c
> > > @@ -1343,9 +1343,10 @@ DEFINE_IDTENTRY_VC_SAFE_STACK(exc_vmm_communication)
> > >  		return;
> > >  	}
> > >  
> > > +	instrumentation_begin();
> > > +
> > >  	irq_state = irqentry_nmi_enter(regs);
> > >  	lockdep_assert_irqs_disabled();
> > > -	instrumentation_begin();
> > >  
> > >  	/*
> > >  	 * This is invoked through an interrupt gate, so IRQs are disabled. The
> > 
> > That's just plain wrong. No instrumentation is allowed before you enter
> > the exception context.
> 
> Okay.
> 
> > > +	irqentry_nmi_exit(regs, irq_state);
> > > +
> > 
> > And this is wrong too; because at this point the handler doesn't run in
> > _any_ context anymore, certainly not one you can call regular C code
> > from.
> 
> The #VC handler is at this point not running on the IST stack anymore,
> but on the stack it came from or on the task stack. So my believe was
> that at this point it inherits the context it came from (just like the
> page-fault handler). But I also don't fully understand the context
> tracking, so is my assumption wrong?

Being on the right stack is only part of the issue; you also need to
make sure your runtime environment is set up.

Regular kernel C expects a whole lot of things to be present; esp. so
with all the debug options on. The irqentry_*_enter() family of
functions very carefully sets up this environment and the
irqentry_*_exit() undoes it again. Before and after you really cannot
run normal code.

Just an example, RCU might not be watching, it might think the CPU is in
userspace and advance the GP while you're relying on it not doing so.

Similarly lockdep is in some undefined state and any lock used can
trigger random 'funny' things.

Just because this is 'C', doesn't immediately mean you can go call any
random function. Up until recently most of this was in ASM. There's a
reason for the noinstr annotations.

  reply	other threads:[~2021-05-19 19:34 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-19 13:52 [PATCH v2 0/8] x86/sev-es: Fixes for SEV-ES Guest Support Joerg Roedel
2021-05-19 13:52 ` [PATCH v2 1/8] x86/sev-es: Don't return NULL from sev_es_get_ghcb() Joerg Roedel
2021-05-19 13:52 ` [PATCH v2 2/8] x86/sev-es: Forward page-faults which happen during emulation Joerg Roedel
2021-05-19 13:52 ` [PATCH v2 3/8] x86/sev-es: Use __put_user()/__get_user() for data accesses Joerg Roedel
2021-05-19 13:52 ` [PATCH v2 4/8] x86/sev-es: Fix error message in runtime #VC handler Joerg Roedel
2021-05-19 13:52 ` [PATCH v2 5/8] x86/sev-es: Leave NMI-mode before sending signals Joerg Roedel
2021-05-19 17:54   ` Peter Zijlstra
2021-05-19 19:13     ` Joerg Roedel
2021-05-19 19:31       ` Peter Zijlstra [this message]
2021-05-19 13:52 ` [PATCH v2 6/8] x86/insn-eval: Make 0 a valid RIP for insn_get_effective_ip() Joerg Roedel
2021-05-19 13:52 ` [PATCH v2 7/8] x86/insn: Extend error reporting from insn_fetch_from_user[_inatomic]() Joerg Roedel
2021-05-21 14:34   ` Borislav Petkov
2021-05-19 13:52 ` [PATCH v2 8/8] x86/sev-es: Propagate #GP if getting linear instruction address failed Joerg Roedel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210519193158.GJ21560@worktop.programming.kicks-ass.net \
    --to=peterz@infradead.org \
    --cc=baekhw@google.com \
    --cc=cfir@google.com \
    --cc=dan.j.williams@intel.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=erdemaktas@google.com \
    --cc=hpa@zytor.com \
    --cc=jgross@suse.com \
    --cc=joro@8bytes.org \
    --cc=jroedel@suse.de \
    --cc=jslaby@suse.cz \
    --cc=keescook@chromium.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-coco@lists.linux.dev \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=martin.b.radev@gmail.com \
    --cc=mhiramat@kernel.org \
    --cc=mstunes@vmware.com \
    --cc=nivedita@alum.mit.edu \
    --cc=rientjes@google.com \
    --cc=seanjc@google.com \
    --cc=thomas.lendacky@amd.com \
    --cc=virtualization@lists.linux-foundation.org \
    --cc=x86@kernel.org \
    --subject='Re: [PATCH v2 5/8] x86/sev-es: Leave NMI-mode before sending signals' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).