Re: [PATCHv2 28/29] x86/tdx: Warn about unexpected WBINVD
From: Thomas Gleixner
Date: Tue Feb 01 2022 - 20:46:23 EST
On Mon, Jan 24 2022 at 18:02, Kirill A. Shutemov wrote:
> WBINVD causes #VE in TDX guests. There's no reliable way to emulate it.
> The kernel can ask for VMM assistance, but VMM is untrusted and can ignore
> the request.
>
> Fortunately, there is no use case for WBINVD inside TDX guests.
If there is not usecase, then why
> Warn about any unexpected WBINVD.
instead of terminating the whole thing?
I'm tired of the "let us emit a warning in the hope it gets fixed'
thinking.
That's just wrong. Any code which has an assumption that it relies on
WBINVD to work correctly has to be analysed and not ignored on the
assumption that there is no use case for WBINVD inside TDX guests.
Its's simply wishful thinking that stuff gets fixed because of a
WARN_ONCE(). This has never worked. The only thing which works is to
make stuff fail hard or slow it down in a way which makes it annoying
enough to users to complain.
This is new technology. Anything which wants to use it has to obey to
the rules of this new technology. Just define it to be: WBINVD is
forbidden. End of story.
The Intel approach of 'Let us tolerate all sins of the past' has been
proven to be wrong, broken and outright dangerous in the past. So why
are you insisting to proliferate that?
Thanks,
tglx