On 16/02/21 15:46, Peter Zijlstra wrote:
On Tue, Feb 16, 2021 at 06:27:41AM -0800, Andi Kleen wrote:
I think the IST solution should at least be explored before
dismissing it. It might be simpler than anything else (like
using new APIs)
Have you seen the trainwreck bonzini proposed?
You had been suspiciously silent...
The very simplest thing is saying no to TDX.
That 'solution' also hard relies on #VE not nesting more than once, so
lovely things like: #VE -> #DB -> #VE -> #NMI -> #VE, or #VE -> NMI ->
#VE -> #MC -> #VE or any number of other possible 'fun' combinations
_must_ not happen.
... but no, this is not how it works. It is actually guaranteed that
#VE does not nest more than once, and that's the big difference with NMIs.
Let's look at the first case you listed, this is what would happen:
#VE handler starts on stack 1
First #VE processing...
clear VE-in-progress flag in the info block (allowing reentrancy)
#DB handler starts
nested #VE handler starts on stack 2
outer #VE handler marks stack 1 for reexecution
nested #VE handler ends ***
#DB handler ends
#VE handler IRETs back to the start of the handler itself
Second #VE processing starts (also on stack 1)
clear VE-in-progress flag in the info block
#NMI handler
nested #VE handler starts on stack 2
outer #VE handler marks stack 1 for reexecution
nested #VE handler ends ***
#NMI handler ends
#VE handler IRETs back to the start of the handler itself
Third #VE processing starts (also on stack 1)
clear VE-in-progress flag in the info block
#VE handler IRETs back to the caller
Two things of note:
- note that at the points marked *** the nested #VE handler has not
allowed another exception to come. That only happens in the outer handler.
- the inner handler does nothing but telling the outer handler to rerun.
The way it does it is certainly not pretty, because it has to work at
any instruction boundary, but at its heart it's basically a do{}while loop.
Paolo
And yes, I know #MC isn't supported just now, but the above would
mandate it never be supported _ever_, because otherwise the IST hack
crumbles.
Again, repeat after me: ISTs are a part of the problem.
So how about fixing TDX instead of forcing us to do horrible fragile
things we all know will end up in tears?