On Tue, May 30, 2023 at 10:59:01AM -0500, Tom Lendacky wrote: > On 5/30/23 09:35, Peter Zijlstra wrote: > > On Tue, May 30, 2023 at 02:16:55PM +0200, Gupta, Pankaj wrote: > > > > > > > > Add a #HV exception handler that uses IST stack. > > > > > > > > > > > > > Urgh.. that is entirely insufficient. Like it doesn't even begin to > > > > start to cover things. > > > > > > > > The whole existing VC IST stack abuse is already a nightmare and you're > > > > duplicating that.. without any explanation for why this would be needed > > > > and how it is correct. > > > > > > > > Please try again. > > > > > > #HV handler handles both #NMI & #MCE in the guest and nested #HV is never > > > raised by the hypervisor. > > > > I thought all this confidental computing nonsense was about not trusting > > the hypervisor, so how come we're now relying on the hypervisor being > > sane? > > That should really say that a nested #HV should never be raised by the > hypervisor, but if it is, then the guest should detect that and > self-terminate knowing that the hypervisor is possibly being malicious. I've yet to see code that can do that reliably.
