linux-coco.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
From: Joerg Roedel <jroedel@suse.de>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Joerg Roedel <joro@8bytes.org>,
	x86@kernel.org, Hyunwook Baek <baekhw@google.com>,
	hpa@zytor.com, Andy Lutomirski <luto@kernel.org>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Jiri Slaby <jslaby@suse.cz>,
	Dan Williams <dan.j.williams@intel.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Juergen Gross <jgross@suse.com>,
	Kees Cook <keescook@chromium.org>,
	David Rientjes <rientjes@google.com>,
	Cfir Cohen <cfir@google.com>, Erdem Aktas <erdemaktas@google.com>,
	Masami Hiramatsu <mhiramat@kernel.org>,
	Mike Stunes <mstunes@vmware.com>,
	Sean Christopherson <seanjc@google.com>,
	Martin Radev <martin.b.radev@gmail.com>,
	Arvind Sankar <nivedita@alum.mit.edu>,
	linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
	kvm@vger.kernel.org, virtualization@lists.linux-foundation.org
Subject: Re: [PATCH v2 5/8] x86/sev-es: Leave NMI-mode before sending signals
Date: Wed, 19 May 2021 21:13:08 +0200	[thread overview]
Message-ID: <YKVjRJmva/Y2EHPZ@suse.de> (raw)
In-Reply-To: <20210519175450.GF21560@worktop.programming.kicks-ass.net>

Hi Peter,

thanks for your review.

On Wed, May 19, 2021 at 07:54:50PM +0200, Peter Zijlstra wrote:
> On Wed, May 19, 2021 at 03:52:48PM +0200, Joerg Roedel wrote:
> > --- a/arch/x86/kernel/sev.c
> > +++ b/arch/x86/kernel/sev.c
> > @@ -1343,9 +1343,10 @@ DEFINE_IDTENTRY_VC_SAFE_STACK(exc_vmm_communication)
> >  		return;
> >  	}
> >  
> > +	instrumentation_begin();
> > +
> >  	irq_state = irqentry_nmi_enter(regs);
> >  	lockdep_assert_irqs_disabled();
> > -	instrumentation_begin();
> >  
> >  	/*
> >  	 * This is invoked through an interrupt gate, so IRQs are disabled. The
> 
> That's just plain wrong. No instrumentation is allowed before you enter
> the exception context.

Okay.

> > +	irqentry_nmi_exit(regs, irq_state);
> > +
> 
> And this is wrong too; because at this point the handler doesn't run in
> _any_ context anymore, certainly not one you can call regular C code
> from.

The #VC handler is at this point not running on the IST stack anymore,
but on the stack it came from or on the task stack. So my believe was
that at this point it inherits the context it came from (just like the
page-fault handler). But I also don't fully understand the context
tracking, so is my assumption wrong?

Regards,

	Joerg


  reply	other threads:[~2021-05-19 19:13 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-19 13:52 [PATCH v2 0/8] x86/sev-es: Fixes for SEV-ES Guest Support Joerg Roedel
2021-05-19 13:52 ` [PATCH v2 1/8] x86/sev-es: Don't return NULL from sev_es_get_ghcb() Joerg Roedel
2021-05-19 13:52 ` [PATCH v2 2/8] x86/sev-es: Forward page-faults which happen during emulation Joerg Roedel
2021-05-19 13:52 ` [PATCH v2 3/8] x86/sev-es: Use __put_user()/__get_user() for data accesses Joerg Roedel
2021-05-19 13:52 ` [PATCH v2 4/8] x86/sev-es: Fix error message in runtime #VC handler Joerg Roedel
2021-05-19 13:52 ` [PATCH v2 5/8] x86/sev-es: Leave NMI-mode before sending signals Joerg Roedel
2021-05-19 17:54   ` Peter Zijlstra
2021-05-19 19:13     ` Joerg Roedel [this message]
2021-05-19 19:31       ` Peter Zijlstra
2021-05-19 13:52 ` [PATCH v2 6/8] x86/insn-eval: Make 0 a valid RIP for insn_get_effective_ip() Joerg Roedel
2021-05-19 13:52 ` [PATCH v2 7/8] x86/insn: Extend error reporting from insn_fetch_from_user[_inatomic]() Joerg Roedel
2021-05-21 14:34   ` Borislav Petkov
2021-05-19 13:52 ` [PATCH v2 8/8] x86/sev-es: Propagate #GP if getting linear instruction address failed Joerg Roedel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YKVjRJmva/Y2EHPZ@suse.de \
    --to=jroedel@suse.de \
    --cc=baekhw@google.com \
    --cc=cfir@google.com \
    --cc=dan.j.williams@intel.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=erdemaktas@google.com \
    --cc=hpa@zytor.com \
    --cc=jgross@suse.com \
    --cc=joro@8bytes.org \
    --cc=jslaby@suse.cz \
    --cc=keescook@chromium.org \
    --cc=kvm@vger.kernel.org \
    --cc=linux-coco@lists.linux.dev \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=martin.b.radev@gmail.com \
    --cc=mhiramat@kernel.org \
    --cc=mstunes@vmware.com \
    --cc=nivedita@alum.mit.edu \
    --cc=peterz@infradead.org \
    --cc=rientjes@google.com \
    --cc=seanjc@google.com \
    --cc=thomas.lendacky@amd.com \
    --cc=virtualization@lists.linux-foundation.org \
    --cc=x86@kernel.org \
    --subject='Re: [PATCH v2 5/8] x86/sev-es: Leave NMI-mode before sending signals' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).