Re: [PATCH 04/26] x86/traps: Add #VE support for TDX guest
From: Kirill A. Shutemov
Date: Thu Dec 30 2021 - 03:04:53 EST
On Wed, Dec 29, 2021 at 12:29:51PM +0100, Borislav Petkov wrote:
> On Wed, Dec 29, 2021 at 02:31:12AM +0300, Kirill A. Shutemov wrote:
> > On Thu, Dec 23, 2021 at 08:45:40PM +0100, Borislav Petkov wrote:
> > > What happens if the NMI handler triggers a #VE after all? Or where is it
> > > enforced that TDX guests should set panic_on_oops?
> >
> > Kernel will handle the #VE normally inside NMI handler. (We tested it once
> > again, just in case.)
> >
> > The critical part is that #VE must not be triggered in NMI entry code,
> > before kernel is ready to handle nested NMIs.
>
> Well, I can't read that in the commit message, maybe it needs expanding
> on that aspect?
>
> What I read is:
>
> "Interrupts, including NMIs, are blocked by the hardware starting with
> #VE delivery until TDGETVEINFO is called."
>
> but this simply means that *if* you get a #VE anywhere, NMIs are masked
> until TDGETVEINFO.
>
> If you get a #VE during the NMI entry code, then you're toast...
Hm. Two sentance above the one you quoted describes (maybe badly? I donno)
why #VE doesn't happen in entry paths. Maybe it's not clear it covers NMI
entry path too.
What if I replace the paragraph with these two:
Kernel avoids #VEs during syscall gap and NMI entry code. Entry code
paths do not access TD-shared memory, MMIO regions, use #VE triggering
MSRs, instructions, or CPUID leaves that might generate #VE. Similarly,
to page faults and breakpoints, #VEs are allowed in NMI handlers once
kernel is ready to deal with nested NMIs.
During #VE delivery, all interrupts, including NMIs, are blocked until
TDGETVEINFO is called. It prevents #VE nesting until kernel reads the VE
info.
Is it better?
> > tdx_virt_exception_user()/tdx_virt_exception_kernel() will be populated by
> > following patches. The patch adds generic infrastructure for #VE handling.
>
> Yeah, you either need to state that somewhere or keep changing those
> functions as they evolve in the patchset. As it is, it just confuses
> reviewers.
Commit message already has this:
Add basic infrastructure to handle any #VE which occurs in the kernel
or userspace. Later patches will add handling for specific #VE
scenarios.
I'm not sure what need to be changed.
--
Kirill A. Shutemov