[kernel,v2] x86/compressed/64: reduce #VC nesting for intercepted CPUID for SEV-SNP guest

  For certain intercepts an SNP guest uses the GHCB protocol to talk to
the hypervisor from the #VC handler. The protocol requires a shared page so
there is one per vCPU. In case NMI arrives in a middle of #VC or the NMI
handler triggers a #VC, there is another "backup" GHCB page which stores
the content of the first one while SVM_VMGEXIT_NMI_COMPLETE is sent.
The vc_raw_handle_exception() handler manages main and backup GHCB pages
via __sev_get_ghcb/__sev_put_ghcb.

This works fine for #VC and occasional NMIs. This does not work so fine if
the #VC handler causes intercept + another #VC, if NMI arrives during
the second #VC, there are no more pages for SVM_VMGEXIT_NMI_COMPLETE.
The problem place is the #VC CPUID handler. Running perf in the SNP guest
crashes with:

Kernel panic - not syncing: Unable to handle #VC exception! GHCB and Backup GHCB are already in use

vc_raw_handle_exception #1: exit_code 72 (CPUID) eax d ecx 1
We lock the main GHCB and while it is locked we get to
snp_cpuid_postprocess() which executes "rdmsr" of MSR_IA32_XSS==0xda0 which
triggers:

vc_raw_handle_exception #2: exit_code 7c (MSR) ecx da0
Here we lock the backup ghcb.

And then PMC NMI comes which cannot complete as there is no GHCB page left
to use:

CPU: 5 PID: 566 Comm: touch Not tainted 6.5.0-rc2-aik-ad9c-g7413e71d3dcf-dirty #27
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown unknown
Call Trace:
 <NMI>
 dump_stack_lvl+0x44/0x60
 panic+0x222/0x310
 ____sev_get_ghcb+0x21e/0x220
 __sev_es_nmi_complete+0x28/0xf0
 exc_nmi+0x1ac/0x1c0
 end_repeat_nmi+0x16/0x67
...
 </NMI>
 <TASK>
 vc_raw_handle_exception+0x9e/0x2c0
 kernel_exc_vmm_communication+0x4d/0xa0
 asm_exc_vmm_communication+0x31/0x60
RIP: 0010:snp_cpuid+0x2ad/0x420

Add a helper similar to rdmsr_safe() for making a direct hypercall in the SEV-ES
environment. Use the new helper instead of the raw "rdmsr" to avoid the extra
#VC event.

Fixes: ee0bfa08a345 ("x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers")
Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
---

This is made on top of (which has the "efi/unaccepted: Make sure unaccepted table is mapped"
fix for booting SNP):
b996cbe1203c (tip/master) 15 hours ago Ingo Molnar Merge branch into tip/master: 'x86/tdx'

plus:
https://lore.kernel.org/lkml/a5856fa1ebe3879de91a8f6298b6bbd901c61881.1690578565.git.thomas.lendacky@amd.com/


rdmsr_safe_GHCB() is in arch/x86/include/asm/svm.h as this is where
the ghcb struct is defined.


---
Changes:
v2:
* de-uglify by defining rdmsr_safe_GHCB()
---
 arch/x86/include/asm/svm.h   | 14 ++++++++++++++
 arch/x86/kernel/sev-shared.c |  5 +++--
 2 files changed, 17 insertions(+), 2 deletions(-)
  

On 9/25/23 23:05, Alexey Kardashevskiy wrote:
> For certain intercepts an SNP guest uses the GHCB protocol to talk to
> the hypervisor from the #VC handler. The protocol requires a shared page so
> there is one per vCPU. In case NMI arrives in a middle of #VC or the NMI
> handler triggers a #VC, there is another "backup" GHCB page which stores
> the content of the first one while SVM_VMGEXIT_NMI_COMPLETE is sent.
> The vc_raw_handle_exception() handler manages main and backup GHCB pages
> via __sev_get_ghcb/__sev_put_ghcb.
> 
> This works fine for #VC and occasional NMIs. This does not work so fine if
> the #VC handler causes intercept + another #VC, if NMI arrives during
> the second #VC, there are no more pages for SVM_VMGEXIT_NMI_COMPLETE.
> The problem place is the #VC CPUID handler. Running perf in the SNP guest
> crashes with:
> 
> Kernel panic - not syncing: Unable to handle #VC exception! GHCB and Backup GHCB are already in use
> 
> vc_raw_handle_exception #1: exit_code 72 (CPUID) eax d ecx 1
> We lock the main GHCB and while it is locked we get to
> snp_cpuid_postprocess() which executes "rdmsr" of MSR_IA32_XSS==0xda0 which
> triggers:
> 
> vc_raw_handle_exception #2: exit_code 7c (MSR) ecx da0
> Here we lock the backup ghcb.
> 
> And then PMC NMI comes which cannot complete as there is no GHCB page left
> to use:
> 
> CPU: 5 PID: 566 Comm: touch Not tainted 6.5.0-rc2-aik-ad9c-g7413e71d3dcf-dirty #27
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown unknown
> Call Trace:
>   <NMI>
>   dump_stack_lvl+0x44/0x60
>   panic+0x222/0x310
>   ____sev_get_ghcb+0x21e/0x220
>   __sev_es_nmi_complete+0x28/0xf0
>   exc_nmi+0x1ac/0x1c0
>   end_repeat_nmi+0x16/0x67
> ...
>   </NMI>
>   <TASK>
>   vc_raw_handle_exception+0x9e/0x2c0
>   kernel_exc_vmm_communication+0x4d/0xa0
>   asm_exc_vmm_communication+0x31/0x60
> RIP: 0010:snp_cpuid+0x2ad/0x420
> 
> Add a helper similar to rdmsr_safe() for making a direct hypercall in the SEV-ES
> environment. Use the new helper instead of the raw "rdmsr" to avoid the extra
> #VC event.
> 
> Fixes: ee0bfa08a345 ("x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers")
> Signed-off-by: Alexey Kardashevskiy <aik@amd.com>

Acked-by: Tom Lendacky <thomas.lendacky@amd.com>

> ---
> 
> This is made on top of (which has the "efi/unaccepted: Make sure unaccepted table is mapped"
> fix for booting SNP):
> b996cbe1203c (tip/master) 15 hours ago Ingo Molnar Merge branch into tip/master: 'x86/tdx'
> 
> plus:
> https://lore.kernel.org/lkml/a5856fa1ebe3879de91a8f6298b6bbd901c61881.1690578565.git.thomas.lendacky@amd.com/
> 
> 
> rdmsr_safe_GHCB() is in arch/x86/include/asm/svm.h as this is where
> the ghcb struct is defined.
> 
> 
> ---
> Changes:
> v2:
> * de-uglify by defining rdmsr_safe_GHCB()
> ---
>   arch/x86/include/asm/svm.h   | 14 ++++++++++++++
>   arch/x86/kernel/sev-shared.c |  5 +++--
>   2 files changed, 17 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
> index fb8366af59da..866ef7d6b7a9 100644
> --- a/arch/x86/include/asm/svm.h
> +++ b/arch/x86/include/asm/svm.h
> @@ -673,4 +673,18 @@ DEFINE_GHCB_ACCESSORS(sw_exit_info_2)
>   DEFINE_GHCB_ACCESSORS(sw_scratch)
>   DEFINE_GHCB_ACCESSORS(xcr0)
>   
> +/* Paravirt SEV-ES rdmsr which avoids extra #VC event */
> +#define rdmsr_safe_GHCB(msr, low, high, ghcb, ctxt) ({				\
> +	int __ret;								\
> +										\
> +	ghcb_set_rcx((ghcb), (msr));						\
> +	__ret = sev_es_ghcb_hv_call((ghcb), (ctxt), SVM_EXIT_MSR, 0, 0);	\
> +	if (__ret == ES_OK) {							\
> +		low  = (ghcb)->save.rax;					\
> +		high = (ghcb)->save.rdx;					\
> +		/* Invalidate qwords for likely another following GHCB call */	\
> +		vc_ghcb_invalidate(ghcb);					\
> +	}									\
> +	__ret; })
> +
>   #endif
> diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c
> index e73c90c9cc5b..b3fb9d0a07c6 100644
> --- a/arch/x86/kernel/sev-shared.c
> +++ b/arch/x86/kernel/sev-shared.c
> @@ -479,8 +479,9 @@ static int snp_cpuid_postprocess(struct ghcb *ghcb, struct es_em_ctxt *ctxt,
>   			if (leaf->eax & BIT(3)) {
>   				unsigned long lo, hi;
>   
> -				asm volatile("rdmsr" : "=a" (lo), "=d" (hi)
> -						     : "c" (MSR_IA32_XSS));
> +				if (rdmsr_safe_GHCB(MSR_IA32_XSS, lo, hi, ghcb, ctxt) != ES_OK)
> +					return -EINVAL;
> +
>   				xss = (hi << 32) | lo;
>   			}
>
  

* Alexey Kardashevskiy <aik@amd.com> wrote:

>  arch/x86/include/asm/svm.h   | 14 ++++++++++++++
>  arch/x86/kernel/sev-shared.c |  5 +++--

Doesn't build on x86-64 allmodconfig:

  arch/x86/kernel/sev-shared.c:442:75: error: ‘ghcb’ undeclared (first use in this function)
  arch/x86/kernel/sev-shared.c:442:81: error: ‘ctxt’ undeclared (first use in this function)

Not sure how this was supposed to work - there's no 'ghcb' passed in to
snp_cpuid_postprocess(). Does this patch have a dependency perhaps, that
I missed?

For the next version please also pick up the edited changelog I've done,
see below.

Thanks,

	Ingo

====================>
From: Alexey Kardashevskiy <aik@amd.com>
Subject: [PATCH] x86/sev: Reduce #VC nesting for intercepted CPUID for SEV-SNP guest, to fix nesting crash

For certain intercepts an SNP guest uses the GHCB protocol to talk to
the hypervisor from the #VC handler. The protocol requires a shared page so
there is one per vCPU. In case NMI arrives in a middle of #VC or the NMI
handler triggers a #VC, there is another "backup" GHCB page which stores
the content of the first one while SVM_VMGEXIT_NMI_COMPLETE is sent.
The vc_raw_handle_exception() handler manages main and backup GHCB pages
via __sev_get_ghcb/__sev_put_ghcb.

This works fine for #VC and occasional NMIs. This does not work so fine if
the #VC handler causes intercept + another #VC, if NMI arrives during
the second #VC, there are no more pages for SVM_VMGEXIT_NMI_COMPLETE.
The problem place is the #VC CPUID handler. Running perf in the SNP guest
crashes with:

  Kernel panic - not syncing: Unable to handle #VC exception! GHCB and Backup GHCB are already in use

  vc_raw_handle_exception #1: exit_code 72 (CPUID) eax d ecx 1

We lock the main GHCB and while it is locked we get to
snp_cpuid_postprocess() which executes "rdmsr" of MSR_IA32_XSS==0xda0 which
triggers:

  vc_raw_handle_exception #2: exit_code 7c (MSR) ecx da0

Here we lock the backup ghcb.

And then PMC NMI comes which cannot complete as there is no GHCB page left
to use:

  CPU: 5 PID: 566 Comm: touch Not tainted 6.5.0-rc2-aik-ad9c-g7413e71d3dcf-dirty #27
  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown unknown
  Call Trace:
   <NMI>
   dump_stack_lvl+0x44/0x60
   panic+0x222/0x310
   ____sev_get_ghcb+0x21e/0x220
   __sev_es_nmi_complete+0x28/0xf0
   exc_nmi+0x1ac/0x1c0
   end_repeat_nmi+0x16/0x67
  ...
   </NMI>
   <TASK>
   vc_raw_handle_exception+0x9e/0x2c0
   kernel_exc_vmm_communication+0x4d/0xa0
   asm_exc_vmm_communication+0x31/0x60
  RIP: 0010:snp_cpuid+0x2ad/0x420

Add a helper similar to rdmsr_safe() for making a direct hypercall in the SEV-ES
environment. Use the new helper instead of the raw "rdmsr" to avoid the extra #VC event.

Fixes: ee0bfa08a345 ("x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers")
Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lore.kernel.org/r/20230926040526.957240-1-aik@amd.com
  

On Wed, Sep 27, 2023 at 11:48:33AM +0200, Ingo Molnar wrote:
> Not sure how this was supposed to work - there's no 'ghcb' passed in to
> snp_cpuid_postprocess(). Does this patch have a dependency perhaps, that
> I missed?

Yes, it is explained above the diffstat. I'll take care of it when I get back.
  

* Borislav Petkov <bp@alien8.de> wrote:

> On Wed, Sep 27, 2023 at 11:48:33AM +0200, Ingo Molnar wrote:
> > Not sure how this was supposed to work - there's no 'ghcb' passed in to
> > snp_cpuid_postprocess(). Does this patch have a dependency perhaps, that
> > I missed?
> 
> Yes, it is explained above the diffstat. I'll take care of it when I get back.

Erm, yes indeed - I checked the first dependency which had the wrong SHA1
listed and which dependency is already upstream as 8dbe33956d96, but I missed
the second dependency:

> > > plus:
> > > https://lore.kernel.org/lkml/a5856fa1ebe3879de91a8f6298b6bbd901c61881.1690578565.git.thomas.lendacky@amd.com/

Alexey, for the v3 submission, instead of sending a standalone patch
that relies on a yet unmerged patch that was last submitted about two
months ago, please send a full series of patches that is self-consistent.

Ie. it should look something like this:

  [PATCH 0/2] x86: Misc SEV-SNP fixes
    [PATCH 1/2] x86/sev: Fix SNP CPUID requests to the hypervisor
    [PATCH 2/2] x86/compressed/64: Reduce #VC nesting for intercepted CPUID for SEV-SNP guest

( You can add your SOB to Tom's first patch, to signal that you
  tested it and are forwarding it, and that your fix relies on that fix. )

Thanks,

	Ingo
  

On Tue, Sep 26, 2023 at 02:05:26PM +1000, Alexey Kardashevskiy wrote:
> vc_raw_handle_exception #1: exit_code 72 (CPUID) eax d ecx 1
> We lock the main GHCB and while it is locked we get to

Please use passive voice in your commit message: no "we" or "I", etc,
and describe your changes in imperative mood.

Also, pls read section "2) Describe your changes" in
Documentation/process/submitting-patches.rst for more details.

Also, see section "Changelog" in
Documentation/process/maintainer-tip.rst

Bottom line is: personal pronouns are ambiguous in text, especially with
so many parties/companies/etc developing the kernel so let's avoid them
please.

> snp_cpuid_postprocess() which executes "rdmsr" of MSR_IA32_XSS==0xda0 which
> triggers:
> 
> vc_raw_handle_exception #2: exit_code 7c (MSR) ecx da0
> Here we lock the backup ghcb.
> 
> And then PMC NMI comes which cannot complete as there is no GHCB page left
> to use:
> 
> CPU: 5 PID: 566 Comm: touch Not tainted 6.5.0-rc2-aik-ad9c-g7413e71d3dcf-dirty #27
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown unknown
> Call Trace:
>  <NMI>
>  dump_stack_lvl+0x44/0x60
>  panic+0x222/0x310
>  ____sev_get_ghcb+0x21e/0x220
>  __sev_es_nmi_complete+0x28/0xf0
>  exc_nmi+0x1ac/0x1c0
>  end_repeat_nmi+0x16/0x67
> ...
>  </NMI>
>  <TASK>
>  vc_raw_handle_exception+0x9e/0x2c0
>  kernel_exc_vmm_communication+0x4d/0xa0
>  asm_exc_vmm_communication+0x31/0x60
> RIP: 0010:snp_cpuid+0x2ad/0x420

Drop that splat like we talked.

> +/* Paravirt SEV-ES rdmsr which avoids extra #VC event */
> +#define rdmsr_safe_GHCB(msr, low, high, ghcb, ctxt) ({				\
> +	int __ret;								\
> +										\
> +	ghcb_set_rcx((ghcb), (msr));						\
> +	__ret = sev_es_ghcb_hv_call((ghcb), (ctxt), SVM_EXIT_MSR, 0, 0);	\
> +	if (__ret == ES_OK) {							\
> +		low  = (ghcb)->save.rax;					\
> +		high = (ghcb)->save.rdx;					\
> +		/* Invalidate qwords for likely another following GHCB call */	\
> +		vc_ghcb_invalidate(ghcb);					\
> +	}									\
> +	__ret; })
> +

First of all, this should be a function, not a macro.

Then, it should be defined only in sev-shared.c for now.

Furthermore, it should not be called "rdmsr" or so but something like

ghcb_prot_read_msr()

or so to denote that it is using the GHCB protocol to read the MSR. I'm
sure it'll gain more users with time.

Thx.
  

On 30/9/23 17:17, Borislav Petkov wrote:
> On Tue, Sep 26, 2023 at 02:05:26PM +1000, Alexey Kardashevskiy wrote:
>> vc_raw_handle_exception #1: exit_code 72 (CPUID) eax d ecx 1
>> We lock the main GHCB and while it is locked we get to
> 
> Please use passive voice in your commit message: no "we" or "I", etc,
> and describe your changes in imperative mood.
> 
> Also, pls read section "2) Describe your changes" in
> Documentation/process/submitting-patches.rst for more details.
> 
> Also, see section "Changelog" in
> Documentation/process/maintainer-tip.rst
> 
> Bottom line is: personal pronouns are ambiguous in text, especially with
> so many parties/companies/etc developing the kernel so let's avoid them
> please.
> 
>> snp_cpuid_postprocess() which executes "rdmsr" of MSR_IA32_XSS==0xda0 which
>> triggers:
>>
>> vc_raw_handle_exception #2: exit_code 7c (MSR) ecx da0
>> Here we lock the backup ghcb.
>>
>> And then PMC NMI comes which cannot complete as there is no GHCB page left
>> to use:
>>
>> CPU: 5 PID: 566 Comm: touch Not tainted 6.5.0-rc2-aik-ad9c-g7413e71d3dcf-dirty #27
>> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown unknown
>> Call Trace:
>>   <NMI>
>>   dump_stack_lvl+0x44/0x60
>>   panic+0x222/0x310
>>   ____sev_get_ghcb+0x21e/0x220
>>   __sev_es_nmi_complete+0x28/0xf0
>>   exc_nmi+0x1ac/0x1c0
>>   end_repeat_nmi+0x16/0x67
>> ...
>>   </NMI>
>>   <TASK>
>>   vc_raw_handle_exception+0x9e/0x2c0
>>   kernel_exc_vmm_communication+0x4d/0xa0
>>   asm_exc_vmm_communication+0x31/0x60
>> RIP: 0010:snp_cpuid+0x2ad/0x420
> 
> Drop that splat like we talked.
> 
>> +/* Paravirt SEV-ES rdmsr which avoids extra #VC event */
>> +#define rdmsr_safe_GHCB(msr, low, high, ghcb, ctxt) ({				\
>> +	int __ret;								\
>> +										\
>> +	ghcb_set_rcx((ghcb), (msr));						\
>> +	__ret = sev_es_ghcb_hv_call((ghcb), (ctxt), SVM_EXIT_MSR, 0, 0);	\
>> +	if (__ret == ES_OK) {							\
>> +		low  = (ghcb)->save.rax;					\
>> +		high = (ghcb)->save.rdx;					\
>> +		/* Invalidate qwords for likely another following GHCB call */	\
>> +		vc_ghcb_invalidate(ghcb);					\
>> +	}									\
>> +	__ret; })
>> +
> 
> First of all, this should be a function, not a macro.

Ingo says different, who wins? :)

> Then, it should be defined only in sev-shared.c for now.

sev-shared.c makes me sad. Including .c is not ... nice, I would avoid 
adding stuff to it at any cost.

> Furthermore, it should not be called "rdmsr" or so but something like
> 
> ghcb_prot_read_msr()
> 
> or so to denote that it is using the GHCB protocol to read the MSR. I'm
> sure it'll gain more users with time.

What is "prot" going to signify?

And what about Tom's "x86/sev: Fix SNP CPUID requests to the 
hypervisor", are you taking that one or I have to repost this one and 
the Tom's patch?
  

On Sun, Oct 01, 2023 at 08:40:30PM +1100, Alexey Kardashevskiy wrote:
> Ingo says different, who wins? :)

I do: a function gives you type checking - a macro doesn't.

> > Then, it should be defined only in sev-shared.c for now.
> 
> sev-shared.c makes me sad. Including .c is not ... nice,

There's a point in doing things this way.

> I would avoid adding stuff to it at any cost.

Care to give a technical argument why or is it just general sadness?
Because I don't care about non-technical sentiments.

> > Furthermore, it should not be called "rdmsr" or so but something like
> > 
> > ghcb_prot_read_msr()
> > 
> > or so to denote that it is using the GHCB protocol to read the MSR. I'm
> > sure it'll gain more users with time.
> 
> What is "prot" going to signify?

"... or so to denote that it is using the GHCB protocol..."
					       ^^^^^^^^

it is right there.

> And what about Tom's "x86/sev: Fix SNP CPUID requests to the hypervisor",
> are you taking that one or I have to repost this one and the Tom's patch?

Yes, use this branch:

https://git.kernel.org/pub/scm/linux/kernel/git/bp/bp.git/log/?h=tip-x86-urgent

Thx.
  

* Borislav Petkov <bp@alien8.de> wrote:

> On Sun, Oct 01, 2023 at 08:40:30PM +1100, Alexey Kardashevskiy wrote:
> > Ingo says different, who wins? :)
> 
> I do: a function gives you type checking - a macro doesn't.

That's false, because this specific macro don't force any types, it
only passes types through as-is to type-checked functions, so both
the macro and the function variant does similar quality of type
checking ...

But I'm fine with both approaches, I suggested a macro because the
existing rdtsc definitions used macros already - but I have no
strong feelings which particular color this shed gets painted ...

Thanks,

	Ingo
  

* Ingo Molnar <mingo@kernel.org> wrote:

> But I'm fine with both approaches, I suggested a macro because the
> existing rdtsc definitions used macros already - but I have no
           ^---- rdmsr
  

On 1/10/23 20:53, Borislav Petkov wrote:
> On Sun, Oct 01, 2023 at 08:40:30PM +1100, Alexey Kardashevskiy wrote:
>> Ingo says different, who wins? :)
> 
> I do: a function gives you type checking - a macro doesn't.

The macro is a wrapper for the sev_es_ghcb_hv_call() function with type 
checking.

>>> Then, it should be defined only in sev-shared.c for now.
>>
>> sev-shared.c makes me sad. Including .c is not ... nice,
> 
> There's a point in doing things this way.
> 
>> I would avoid adding stuff to it at any cost.
> 
> Care to give a technical argument why or is it just general sadness?
> Because I don't care about non-technical sentiments.

No it is not technical, it is my ignorance :)

For example why inat.c/insn.c are included and not linked? Cannot linux 
compile arch/x86/lib/ files twice into two different .o, for compressed 
and running kernels? Is not more logical place for sev-shared.c in 
arch/x86/lib/sev.c?

>>> Furthermore, it should not be called "rdmsr" or so but something like
>>>
>>> ghcb_prot_read_msr()
>>>
>>> or so to denote that it is using the GHCB protocol to read the MSR. I'm
>>> sure it'll gain more users with time.
>>
>> What is "prot" going to signify?
> 
> "... or so to denote that it is using the GHCB protocol..."
> 					       ^^^^^^^^
> 
> it is right there.

Ah right. I am used (after some grepping - not just me) to "prot" == 
"protected", "protocol" would be "proto". imho not needed here but alright.


>> And what about Tom's "x86/sev: Fix SNP CPUID requests to the hypervisor",
>> are you taking that one or I have to repost this one and the Tom's patch?
> 
> Yes, use this branch:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/bp/bp.git/log/?h=tip-x86-urgent


Oh cool, thanks!


> Thx.
>