On 5/30/23 09:35, Peter Zijlstra wrote:
On Tue, May 30, 2023 at 02:16:55PM +0200, Gupta, Pankaj wrote:
Add a #HV exception handler that uses IST stack.
Urgh.. that is entirely insufficient. Like it doesn't even begin to
start to cover things.
The whole existing VC IST stack abuse is already a nightmare and you're
duplicating that.. without any explanation for why this would be needed
and how it is correct.
Please try again.
#HV handler handles both #NMI & #MCE in the guest and nested #HV is never
raised by the hypervisor.
I thought all this confidental computing nonsense was about not trusting
the hypervisor, so how come we're now relying on the hypervisor being
sane?
That should really say that a nested #HV should never be raised by the
hypervisor, but if it is, then the guest should detect that and
self-terminate knowing that the hypervisor is possibly being malicious.
Thanks,
Tom
