On Thu, Jul 20, 2023 at 10:03:58AM +0200, Peter Zijlstra wrote: > > Trying to understand more what prevents SSS to enable in pre FRED, Is > > it better #CP exception > > handling with other nested exceptions? > > SSS took the syscall gap and made it worse -- as in *way* worse. > > To top it off, the whole SSS busy bit thing is fundamentally > incompatible with how we manage to survive nested exceptions in NMI > context. > > Basically, the whole x86 exception / stack switching logic was already > borderline impossible (consider taking an MCE in the early NMI path > where we set up, but have not finished, the re-entrancy stuff), and SSS > pushed it over the edge and set it on fire. > > And NMI isn't the only problem, the various new virt exceptions #VC and > #HV are on their own already near impossible, adding SSS again pushes > the whole thing into clear insanity. > > There's a good exposition of the whole trainwreck by Andrew here: > > https://www.youtube.com/watch?v=qcORS8CN0ow > > (that is, sorry for the youtube link, but Google is failing me in > finding the actual Google Doc that talk is based on, or even the slide > deck :/) > > > > FRED solves all that by: > > - removing the stack gap, cc/ip/ss/sp/ssp/gs will all be switched > atomically and consistently for every transition. > > - removing the non-reentrant IST mechanism and replacing it with stack > levels > > - adding an explicit NMI latch > > - re-organising the actual shadow stacks and doing away with that busy > bit thing (I need to re-read the FRED spec on this detail again). > > > > Crazy as we are, we're not touching legacy/IDT SSS with a ten foot pole, > sorry.
