Re: [RFC PATCH V6 01/14] x86/sev: Add a #HV exception handler

From: Gupta, Pankaj
Date: Tue Jun 06 2023 - 02:01:02 EST

Next message: Vijendar Mukunda: "[PATCH V3 1/9] ASoC: amd: ps: create platform devices based on acp config"
Previous message: Krishna chaitanya chundru: "[PATCH] PCI: qcom-ep: Add ICC bandwidth voting support"
Next in thread: Peter Zijlstra: "Re: [RFC PATCH V6 01/14] x86/sev: Add a #HV exception handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

That should really say that a nested #HV should never be raised by the
hypervisor, but if it is, then the guest should detect that and
self-terminate knowing that the hypervisor is possibly being malicious.

I've yet to see code that can do that reliably.

- Currently, we are detecting the direct nested #HV with below check and
guest self terminate.

<snip>
if (get_stack_info_noinstr(stack, current, &info) &&
(info.type == (STACK_TYPE_EXCEPTION + ESTACK_HV) ||
info.type == (STACK_TYPE_EXCEPTION + ESTACK_HV2)))
panic("Nested #HV exception, HV IST corrupted, stack
type = %d\n", info.type);
</snip>

- Thinking about below solution to detect the nested
#HV reliably:

-- Make reliable IST stack switching for #VC -> #HV -> #VC case
(similar to done in __sev_es_ist_enter/__sev_es_ist_exit for NMI
IST stack).

-- In addition to this, we can make nested #HV detection (with another
exception type) more reliable with refcounting (percpu?).

Need your inputs before I implement this solution. Or any other idea in software you have in mind?

Thanks,
Pankaj

Next message: Vijendar Mukunda: "[PATCH V3 1/9] ASoC: amd: ps: create platform devices based on acp config"
Previous message: Krishna chaitanya chundru: "[PATCH] PCI: qcom-ep: Add ICC bandwidth voting support"
Next in thread: Peter Zijlstra: "Re: [RFC PATCH V6 01/14] x86/sev: Add a #HV exception handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]