Re: [RFC PATCH V6 01/14] x86/sev: Add a #HV exception handler

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 5/30/23 09:35, Peter Zijlstra wrote:
On Tue, May 30, 2023 at 02:16:55PM +0200, Gupta, Pankaj wrote:

Add a #HV exception handler that uses IST stack.


Urgh.. that is entirely insufficient. Like it doesn't even begin to
start to cover things.

The whole existing VC IST stack abuse is already a nightmare and you're
duplicating that.. without any explanation for why this would be needed
and how it is correct.

Please try again.

#HV handler handles both #NMI & #MCE in the guest and nested #HV is never
raised by the hypervisor.

I thought all this confidental computing nonsense was about not trusting
the hypervisor, so how come we're now relying on the hypervisor being
sane?

That should really say that a nested #HV should never be raised by the hypervisor, but if it is, then the guest should detect that and self-terminate knowing that the hypervisor is possibly being malicious.

Thanks,
Tom



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux