Re: [RFC PATCH V6 01/14] x86/sev: Add a #HV exception handler

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Tom Lendacky <thomas.lendacky@xxxxxxx>
Subject: Re: [RFC PATCH V6 01/14] x86/sev: Add a #HV exception handler
From: Dave Hansen <dave.hansen@xxxxxxxxx>
Date: Tue, 30 May 2023 12:03:52 -0700
Cc: "Gupta, Pankaj" <pankaj.gupta@xxxxxxx>, Tianyu Lan <ltykernel@xxxxxxxxx>, luto@xxxxxxxxxx, tglx@xxxxxxxxxxxxx, mingo@xxxxxxxxxx, bp@xxxxxxxxx, dave.hansen@xxxxxxxxxxxxxxx, x86@xxxxxxxxxx, hpa@xxxxxxxxx, seanjc@xxxxxxxxxx, pbonzini@xxxxxxxxxx, jgross@xxxxxxxx, tiala@xxxxxxxxxxxxx, kirill@xxxxxxxxxxxxx, jiangshan.ljs@xxxxxxxxxxxx, ashish.kalra@xxxxxxx, srutherford@xxxxxxxxxx, akpm@xxxxxxxxxxxxxxxxxxxx, anshuman.khandual@xxxxxxx, pawan.kumar.gupta@xxxxxxxxxxxxxxx, adrian.hunter@xxxxxxxxx, daniel.sneddon@xxxxxxxxxxxxxxx, alexander.shishkin@xxxxxxxxxxxxxxx, sandipan.das@xxxxxxx, ray.huang@xxxxxxx, brijesh.singh@xxxxxxx, michael.roth@xxxxxxx, venu.busireddy@xxxxxxxxxx, sterritt@xxxxxxxxxx, tony.luck@xxxxxxxxx, samitolvanen@xxxxxxxxxx, fenghua.yu@xxxxxxxxx, pangupta@xxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, kvm@xxxxxxxxxxxxxxx, linux-hyperv@xxxxxxxxxxxxxxx, linux-arch@xxxxxxxxxxxxxxx
In-reply-to: <20230530185232.GA211927@hirez.programming.kicks-ass.net>
References: <20230515165917.1306922-1-ltykernel@gmail.com> <20230515165917.1306922-2-ltykernel@gmail.com> <20230516093010.GC2587705@hirez.programming.kicks-ass.net> <d43c14d9-a149-860c-71d6-e5c62b7c356f@amd.com> <20230530143504.GA200197@hirez.programming.kicks-ass.net> <0f0ab135-cdd0-0691-e0c1-42645671fe15@amd.com> <20230530185232.GA211927@hirez.programming.kicks-ass.net>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0

On 5/30/23 11:52, Peter Zijlstra wrote:
>> That should really say that a nested #HV should never be raised by the
>> hypervisor, but if it is, then the guest should detect that and
>> self-terminate knowing that the hypervisor is possibly being malicious.
> I've yet to see code that can do that reliably.

By "#HV should never be raised by the hypervisor", I think Tom means:

	#HV can and will be raised by malicious hypervisors and the
	guest must be able to unambiguously handle it in a way that
	will not result in the guest getting rooted.

Right? ;)

References:
- [RFC PATCH V6 00/14] x86/hyperv/sev: Add AMD sev-snp enlightened guest support on hyperv
  - From: Tianyu Lan
- [RFC PATCH V6 01/14] x86/sev: Add a #HV exception handler
  - From: Tianyu Lan
- Re: [RFC PATCH V6 01/14] x86/sev: Add a #HV exception handler
  - From: Peter Zijlstra
- Re: [RFC PATCH V6 01/14] x86/sev: Add a #HV exception handler
  - From: Gupta, Pankaj
- Re: [RFC PATCH V6 01/14] x86/sev: Add a #HV exception handler
  - From: Peter Zijlstra
- Re: [RFC PATCH V6 01/14] x86/sev: Add a #HV exception handler
  - From: Tom Lendacky
- Re: [RFC PATCH V6 01/14] x86/sev: Add a #HV exception handler
  - From: Peter Zijlstra

Prev by Date: Re: [RFC PATCH V6 01/14] x86/sev: Add a #HV exception handler
Next by Date: Re: [PATCH v3 08/11] slub: Replace cmpxchg_double()
Previous by thread: Re: [RFC PATCH V6 01/14] x86/sev: Add a #HV exception handler
Next by thread: Re: [RFC PATCH V6 01/14] x86/sev: Add a #HV exception handler
Index(es):
- Date
- Thread

[Index of Archives] [Linux Kernel] [Kernel Newbies] [x86 Platform Driver] [Netdev] [Linux Wireless] [Netfilter] [Bugtraq] [Linux Filesystems] [Yosemite Discussion] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Device Mapper]