Joerg Roedel
2021-Jun-08 09:54 UTC
[PATCH v3 4/7] x86/sev-es: Run #VC handler in plain IRQ state
From: Joerg Roedel <jroedel at suse.de>
Use irqentry_enter() and irqentry_exit() to track the runtime state of
the #VC handler. The reason it ran in NMI mode was solely to make sure
nothing interrupts the handler while the GHCB is in use.
This is handled now in sev_es_get/put_ghcb() directly, so there is no
reason the #VC handler can not run in normal IRQ mode and enjoy the
benefits like being able to send signals.
Fixes: 62441a1fb532 ("x86/sev-es: Correctly track IRQ states in runtime #VC
handler")
Signed-off-by: Joerg Roedel <jroedel at suse.de>
---
arch/x86/kernel/sev.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
index 2a922d1b03c8..b563fb747aed 100644
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -1354,8 +1354,7 @@ DEFINE_IDTENTRY_VC_SAFE_STACK(exc_vmm_communication)
return;
}
- irq_state = irqentry_nmi_enter(regs);
- lockdep_assert_irqs_disabled();
+ irq_state = irqentry_enter(regs);
instrumentation_begin();
/*
@@ -1408,7 +1407,7 @@ DEFINE_IDTENTRY_VC_SAFE_STACK(exc_vmm_communication)
out:
instrumentation_end();
- irqentry_nmi_exit(regs, irq_state);
+ irqentry_exit(regs, irq_state);
return;
--
2.31.1
Peter Zijlstra
2021-Jun-08 11:58 UTC
[PATCH v3 4/7] x86/sev-es: Run #VC handler in plain IRQ state
On Tue, Jun 08, 2021 at 11:54:36AM +0200, Joerg Roedel wrote:> From: Joerg Roedel <jroedel at suse.de> > > Use irqentry_enter() and irqentry_exit() to track the runtime state of > the #VC handler. The reason it ran in NMI mode was solely to make sure > nothing interrupts the handler while the GHCB is in use. > > This is handled now in sev_es_get/put_ghcb() directly, so there is no > reason the #VC handler can not run in normal IRQ mode and enjoy the > benefits like being able to send signals.You sure? So #VC cannot happen with IRQs disabled? raw_spin_lock_irq(&my_lock); <#VC> raw_spin_lock_irqsave(&my_lock); // whoopsie Every exception that can happen with IRQs disabled must be NMI like. Again, what you seem to want is to split the handler in a from-user and from-kernel way, just like we did with #DB and MCE. See how exc_debug_user() is IRQ-like and can send signals, while exc_debug_kernel() is NMI like and can not.