| Message ID | 1669951831-4180-2-git-send-email-mikelley@microsoft.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp623679wrr;
Thu, 1 Dec 2022 19:33:42 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf4ezdA7nYRlR/iZpyUVfTcsrBzajUO3hTMQW7XLpQMwmjdXnjk/UMgfyjQzNwuECNGMFwK2
X-Received: by 2002:a17:906:f756:b0:7bf:4a66:943f with SMTP id
jp22-20020a170906f75600b007bf4a66943fmr20291332ejb.691.1669952022681;
Thu, 01 Dec 2022 19:33:42 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1669952022; cv=pass;
d=google.com; s=arc-20160816;
b=Q5geAyND0ox3G0tIqdcZy/PQdGio4ydikrAuOlpxt8wF4MVuCaumFqMILk+inuRB89
YNNWb4eGTflZJN+gMh0Oo3qv6BWCmPneBo45WDbFZAwo02wgJYUZSG/LuRBQajIEz+eX
KPqvccqxsqleAHAFijaU0Z2bzonO40FexN5x1bG51NVaCdUeytea/AFwBa2QIIVLze9L
n17fvKfQT00NcCH7fOhVwctYDvPlWHMS8akDKOiXIDnP4cwf82nVFHEx1zbynNuEy4Vf
W8jvt8GFNZVIRY2nonOPB2d4g70mTm+VAKarIDk/CGjjHIjC1C1lnL5mT1tPih7FixUV
87pQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:mime-version:references:in-reply-to:message-id
:date:subject:cc:to:from:dkim-signature;
bh=Lk2VDA8PK6HH9QYkfJfq+OgtogjLpKdOY0dq2ImQLko=;
b=ZfLb5KvCS5ADJuQE73krfQtyDWR/w0wYD5E0SgYJ4GcSXB3wmHMVSCvp3iqU+is+tE
KhMdO7QhC+rVCFneemGwqonP2BOhKRD34Wc7x3IZXNtcpK3YdTYQ46rf5MGu7VNYMnr7
mxvpbjCjpHQu6glrsEvH7u3m1n4F/BAthSba1LFn+xWipwcYagDRrNYkDNg4zdXi1kYH
E9qRKnlHgdxXxmmpvlR/Dgl2K5ok+SBtqARKGnE4DBzL5NL8FDl1OCo3OAKqJz4yGTIv
Roj8rx0B0gyuS36w5T7S3P+XXGIxnjHa5KQPEeDYc788hVI+MFVs2RREUWnw2UJh4d+o
o2/Q==
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@microsoft.com header.s=selector2 header.b=LW7edWm+;
arc=pass (i=1 spf=pass spfdomain=microsoft.com dkim=pass
dkdomain=microsoft.com dmarc=pass fromdomain=microsoft.com);
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
k13-20020aa7c38d000000b00461cdda451dsi4771103edq.435.2022.12.01.19.33.19;
Thu, 01 Dec 2022 19:33:42 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@microsoft.com header.s=selector2 header.b=LW7edWm+;
arc=pass (i=1 spf=pass spfdomain=microsoft.com dkim=pass
dkdomain=microsoft.com dmarc=pass fromdomain=microsoft.com);
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S231181AbiLBDcf (ORCPT <rfc822;heyuhang3455@gmail.com>
+ 99 others); Thu, 1 Dec 2022 22:32:35 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42238 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S232054AbiLBDcP (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 1 Dec 2022 22:32:15 -0500
Received: from CY4PR02CU007-vft-obe.outbound.protection.outlook.com
(mail-westcentralusazon11021020.outbound.protection.outlook.com
[40.93.199.20])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B0916D9B39;
Thu, 1 Dec 2022 19:32:14 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=bcvcUcxGHqP+bRG4DXN3e8wE7xKIzxxtx6+94IoZJCpVWPQ/Be4USKZLx/7Uta+xTCq0OPbzFEee9GSjfUa0Yh0d9e29PwJZyGr4AgOaT52C4BiS9UdVwc4QK9rFQHg2rHC7EcCsG0qSt4iAkMo1Pj7VysY7ivfD5KLRTFiTiE9r7+MfDcu/dybi4HfJRdjTxdwhwZ6ngrOafXaAjjQyXXtaMM50pwUOqO6NHoLUZ36Iv+RuYkoP7c5Xc+SdushaLcq2n/QMZ/ArJT4KNafMOwHk2V9ABY0Kxs8rVWejcI8pWEPoTE0Oe1+Ko9vAGm+1J2glQLxKqgBXdGqarBHXYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=Lk2VDA8PK6HH9QYkfJfq+OgtogjLpKdOY0dq2ImQLko=;
b=DzQZFd/ILOo1L+GVi5me9Neihx0ZoGk4v9pkZXVbrQ2Zwp1Wr0UjvKFLTAaYjKxYuioNBTCYOLgqejwt3KyF65/vW1PVnYqARDsGYCIk/T20bn1SLofJMGhAKdp0+RIrK1AtkU3hYHCcNvo/7fnK6W6F6i+HOUz2eOubTg+KriMTk8Gx3AHnN/r/9IfvDWXdLv2VemIsoBOyXcVe7CIEZfYHK4JNeBMwncBb5Ze6h1F5t5MInpvKsRAvJaRY/5uDRhcdZTJWe4OiTGOStKidgWY5egHz2OB8aQE6yPuhoNQ0fO0q5pTrogyhoqbjknoWV84BR0YbMG+ebywRa30nlw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=microsoft.com; dmarc=pass action=none
header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=selector2;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=Lk2VDA8PK6HH9QYkfJfq+OgtogjLpKdOY0dq2ImQLko=;
b=LW7edWm+INDzPE5bcFFbciEhMLU0gOOI1ycwQv1LFHa7yNcSHS/aiTj3NQbwdgL2MUK8+X3zyV9Ro4T7zsK2gry3MOwb0R9cJ858b9tf7x4iHXaNdL2bJVGlWIVNdUL2kw7zRnUGTH5Tu+wz5ey12+5ntXnQhgBdaq6C4AubcOI=
Authentication-Results: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=microsoft.com;
Received: from DM6PR21MB1370.namprd21.prod.outlook.com (2603:10b6:5:16b::28)
by BL0PR2101MB1316.namprd21.prod.outlook.com (2603:10b6:208:92::10) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5901.8; Fri, 2 Dec
2022 03:32:05 +0000
Received: from DM6PR21MB1370.namprd21.prod.outlook.com
([fe80::c3e3:a6ef:232c:299b]) by DM6PR21MB1370.namprd21.prod.outlook.com
([fe80::c3e3:a6ef:232c:299b%9]) with mapi id 15.20.5901.008; Fri, 2 Dec 2022
03:32:05 +0000
From: Michael Kelley <mikelley@microsoft.com>
To: hpa@zytor.com, kys@microsoft.com, haiyangz@microsoft.com,
wei.liu@kernel.org, decui@microsoft.com, luto@kernel.org,
peterz@infradead.org, davem@davemloft.net, edumazet@google.com,
kuba@kernel.org, pabeni@redhat.com, lpieralisi@kernel.org,
robh@kernel.org, kw@linux.com, bhelgaas@google.com, arnd@arndb.de,
hch@infradead.org, m.szyprowski@samsung.com, robin.murphy@arm.com,
thomas.lendacky@amd.com, brijesh.singh@amd.com, tglx@linutronix.de,
mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com,
Tianyu.Lan@microsoft.com, kirill.shutemov@linux.intel.com,
sathyanarayanan.kuppuswamy@linux.intel.com, ak@linux.intel.com,
isaku.yamahata@intel.com, dan.j.williams@intel.com,
jane.chu@oracle.com, seanjc@google.com, tony.luck@intel.com,
x86@kernel.org, linux-kernel@vger.kernel.org,
linux-hyperv@vger.kernel.org, netdev@vger.kernel.org,
linux-pci@vger.kernel.org, linux-arch@vger.kernel.org,
iommu@lists.linux.dev
Cc: mikelley@microsoft.com
Subject: [Patch v4 01/13] x86/ioapic: Gate decrypted mapping on
cc_platform_has() attribute
Date: Thu, 1 Dec 2022 19:30:19 -0800
Message-Id: <1669951831-4180-2-git-send-email-mikelley@microsoft.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1669951831-4180-1-git-send-email-mikelley@microsoft.com>
References: <1669951831-4180-1-git-send-email-mikelley@microsoft.com>
Content-Type: text/plain
X-ClientProxiedBy: MW4PR04CA0234.namprd04.prod.outlook.com
(2603:10b6:303:87::29) To DM6PR21MB1370.namprd21.prod.outlook.com
(2603:10b6:5:16b::28)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DM6PR21MB1370:EE_|BL0PR2101MB1316:EE_
X-MS-Office365-Filtering-Correlation-Id: b62a164f-714a-4679-711b-08dad415c85b
X-LD-Processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
L95MwJiDD8Ho40Ixp3kZUdI1547fVrQjP/+WpHo6LSOeLDz6pcRK563/JONVINVGqUYIV2bD3fhu9hn6oI4ngF1PBUu2NcGS5CNPSmTYdb5Lz02bBv8m2UNvKzVUWre5jmDYky2SAJOVrFuPwdtgPW9Leg5X8PjFflf8y5jbk4gvv7CxUB53uCQQ59qGJ6C6IgvBuZFdLPBQnruV7zFmpYdXVZTy6SWU5BrtqusOS654T9v0viwEOsDfEFMUzpcYLvFZKTjk53Z+kuOdPZQRw/m7CamydFsDGZWj8eSyIBfEp3Su+ZnjOOASecRC2xgqPoqJfKFeAuf1n2QIrH5gRVPDf46TkGTWcfsHVYSin8gTU1byc4c1QJenZt4ar1jM8XrF2ZhLuelIKzLQWYP6JFCZcRjC8W7APNw+yPUbXqVfgGFjVwwR+aqFWbgBPMdnUtiMS4Oxz/6kFlaFUNWLzr2y5mX7IdcD4kGeS7brv2M1DQd/TAhIwPWQlmjPUa/M3Fnn6o/WLK4d2Teui3d0CL3YnFzHZ/bortOpkazCv/VQmudo8vzQpBkndRzAIurxksO+ryLWnT0ETl2kb7OOHbx3MzdoyADuotcjKNMQT3gUNPgeXGGeeK/CsZ8xaiEthUlN65K+nXQHniEA10zYTz0FezL+m9mU1uaD6VUOh2Gz6mA8pap7cdC3SsM0AHvC2vo4HERVSEByDQb1vyTL2v0ROE8hTFz9/icE4c07zDYAotN0stOTsY9oOWa8V10h
X-Forefront-Antispam-Report:
CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR21MB1370.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(346002)(376002)(136003)(396003)(39860400002)(366004)(451199015)(86362001)(921005)(41300700001)(36756003)(2616005)(186003)(8936002)(5660300002)(66476007)(66556008)(52116002)(66946007)(82960400001)(7406005)(8676002)(7416002)(6506007)(6666004)(107886003)(6486002)(316002)(478600001)(10290500003)(4326008)(6512007)(26005)(82950400001)(38100700002)(38350700002)(2906002)(83380400001);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
TOouGj/nnkA9oIKK9EX/XO0EeNNwHZBIe7Tu1FgkUZP/OPslwWR/XbEViWdtPx0VGNa2nKHXEz0ev7Nlabik/T7nnP2VAvFN7MGG7zoK1LFZClvorMp6WSxzjqEcul7twUKTVomuz67UudhU6ZUM1/75KWJXiSETw80NzTgMdfRKixhWv9IG8lrDeEv/ZejzCZFHrT+lpO3w9dpsT7O/KDA9WXBDDkypmyXTuZR6QHxOT4jRRJWvNb7kw2N2eVccC3Yc3HHKtmV40cY2LFesfWfCrn47Mu1FIIo8/rP9YhdVRCHRPMe6m39iogTmDLNj9wCzYYICUTQtDchdog3Ly6EZYwaPoWu1sNovOWXyzj58rPTsYvM/gqBylPsXEnYPOzcQmcrtSz/sXWYJMA22PakAro7CjhkZ6n19YvDrGWAmOhTdQov5gWSuQ2vCNf+1JhfyU5Q/Czt54/d4dBHf21SnfZffXAP7q3zqHAGoY8P57FpmyU23YT+VK7nlDBDe40htzsvA8lY5NoV24/Hss+gbOrsuQDhmZSjqNR4BcbZXazpECTqI0mZVF0MO5fhF+tULRzFS+TxuKbivdi9s2R0Ux6034q2wV9Ukf9/ukGdK4FDMUEwhss/Uo0hUax73LiAQKIhRr5XD2GMp8fs0SYddiRFXIoshL4iFnkm0OyHrBOusl9Jzu8qdo1sahqZcxFj3gzYFCK/dLVjfU0pxHqAZO/7UALQcY8Qq6ihevhpUDMAyCGIuwQ7UEkM+l5sA0jUA3/8e9MxZ+B95XJkRf7XOidnCpQx0YsBcn3Ji6mDTuiRV0Xrh+FpIz1fkPJN7TX8Ng+4qgUGAvlgMzNywb7kLnrEk2g7mYztdBF2GHTAQRm2Q/wEQelQ29bCYdmdyFM3w9MwiBjywc5rHgw2Q9vZBKCV+9Sc0z8VuJOPjAMNNYqjKUCqnAfveatT5VcTEMwSM0OeOyKoA+9opKAfOA0IcxLkiByOA0TmqaGB6teRcPxtkYg4FwJUQ1CACBxWrRjOSCAWThldcfG+j0W3wusERArzkk1Qx6ZXPALSXEP6/yfcn4+DRimf8mJxox505dKLJHrDxG7dMnOzsOfAHZwUEDPYrzhzSWQ6aPT0qazqDRGoQrevPDYUw3Qq1195KZqg5cFLSZ6H8Kr84vvvy3q2NXijRygO0pLIVJqOPrQP19dAC+pwmV8IkKVcUOraJqbXLUsGKgH2nA0+k5WfvnZf1OpppMxZfEpCdyQ1cEPEHk+XdQIFxQFJR+10nf0mDDpphivHGFMR2uj7I2XGLeYT5vMjf7I3Lfbb6UTD7cdHHnEnHKgvLrE6bYloN7v6GJFiyQ7/3irJDO0JtDRY9iD6HVOGDap8z1i4y3TknWsWC9Iu4SUAn+Cj16FbiliLbDSWZ3xnOZLC1E5d3N5WptSC1aM6bZZ8yUimqBi/XqeBtP2EtSuXGVEpMbUGeKeri+liFQH/hdOOybyXuehdkDtS6XYwkmDdHN7inMkpmLvfA0DcTG9tLObtoRhpKjI+YbBBTYWvpJfSmdRioYv7YYshYF24kXmAcxin84aTV9oD1A140tCaLqjPYTo/RKm9qIfJccq3ICSZsd/Eu9KXqYQ==
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id:
b62a164f-714a-4679-711b-08dad415c85b
X-MS-Exchange-CrossTenant-AuthSource: DM6PR21MB1370.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Dec 2022 03:32:04.9541
(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName:
kS5Wpc5s6X4RKXDwKEZ3DcO3lMjG7pQ4amWqULAqvMIbaG+TF91DhqD9uPNsz1FuuMNbDHdwOEfBxPChOwL0xg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR2101MB1316
X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO,
RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE
autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1751071612463930767?=
X-GMAIL-MSGID: =?utf-8?q?1751071612463930767?=
|
| Series |
Add PCI pass-thru support to Hyper-V Confidential VMs
|
|
Commit Message
Michael Kelley (LINUX)
Dec. 2, 2022, 3:30 a.m. UTC
Current code always maps the IO-APIC as shared (decrypted) in a confidential VM. But Hyper-V guest VMs on AMD SEV-SNP with vTOM enabled use a paravisor running in VMPL0 to emulate the IO-APIC. In such a case, the IO-APIC must be accessed as private (encrypted). Fix this by gating the IO-APIC decrypted mapping on a new cc_platform_has() attribute that a subsequent patch in the series will set only for guests using vTOM. Signed-off-by: Michael Kelley <mikelley@microsoft.com> Reviewed-by: Wei Liu <wei.liu@kernel.org> --- arch/x86/kernel/apic/io_apic.c | 3 ++- include/linux/cc_platform.h | 12 ++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-)
Comments
On Thu, Dec 01, 2022 at 07:30:19PM -0800, Michael Kelley wrote: > Current code always maps the IO-APIC as shared (decrypted) in a > confidential VM. But Hyper-V guest VMs on AMD SEV-SNP with vTOM > enabled use a paravisor running in VMPL0 to emulate the IO-APIC. > In such a case, the IO-APIC must be accessed as private (encrypted). Lemme see I understand this correctly: the paravisor is emulating the IO-APIC in the lower range of the address space, under the vTOM which is accessed encrypted. That's why you need to access it encrypted in the guest. Close? Thx.
On 12/1/22 7:30 PM, Michael Kelley wrote: > Current code always maps the IO-APIC as shared (decrypted) in a > confidential VM. But Hyper-V guest VMs on AMD SEV-SNP with vTOM > enabled use a paravisor running in VMPL0 to emulate the IO-APIC. > In such a case, the IO-APIC must be accessed as private (encrypted). > > Fix this by gating the IO-APIC decrypted mapping on a new > cc_platform_has() attribute that a subsequent patch in the series > will set only for guests using vTOM. > > Signed-off-by: Michael Kelley <mikelley@microsoft.com> > Reviewed-by: Wei Liu <wei.liu@kernel.org> > --- Looks good to me. Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> > arch/x86/kernel/apic/io_apic.c | 3 ++- > include/linux/cc_platform.h | 12 ++++++++++++ > 2 files changed, 14 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c > index a868b76..2b70e2e 100644 > --- a/arch/x86/kernel/apic/io_apic.c > +++ b/arch/x86/kernel/apic/io_apic.c > @@ -2686,7 +2686,8 @@ static void io_apic_set_fixmap(enum fixed_addresses idx, phys_addr_t phys) > * Ensure fixmaps for IOAPIC MMIO respect memory encryption pgprot > * bits, just like normal ioremap(): > */ > - flags = pgprot_decrypted(flags); > + if (!cc_platform_has(CC_ATTR_ACCESS_IOAPIC_ENCRYPTED)) > + flags = pgprot_decrypted(flags); > > __set_fixmap(idx, phys, flags); > } > diff --git a/include/linux/cc_platform.h b/include/linux/cc_platform.h > index cb0d6cd..7b63a7d 100644 > --- a/include/linux/cc_platform.h > +++ b/include/linux/cc_platform.h > @@ -90,6 +90,18 @@ enum cc_attr { > * Examples include TDX Guest. > */ > CC_ATTR_HOTPLUG_DISABLED, > + > + /** > + * @CC_ATTR_ACCESS_IOAPIC_ENCRYPTED: Guest VM IO-APIC is encrypted > + * > + * The platform/OS is running as a guest/virtual machine with > + * an IO-APIC that is emulated by a paravisor running in the > + * guest VM context. As such, the IO-APIC is accessed in the > + * encrypted portion of the guest physical address space. > + * > + * Examples include Hyper-V SEV-SNP guests using vTOM. > + */ > + CC_ATTR_ACCESS_IOAPIC_ENCRYPTED, > }; > > #ifdef CONFIG_ARCH_HAS_CC_PLATFORM
From: Borislav Petkov <bp@alien8.de> Sent: Tuesday, December 6, 2022 11:23 AM > > On Thu, Dec 01, 2022 at 07:30:19PM -0800, Michael Kelley wrote: > > Current code always maps the IO-APIC as shared (decrypted) in a > > confidential VM. But Hyper-V guest VMs on AMD SEV-SNP with vTOM > > enabled use a paravisor running in VMPL0 to emulate the IO-APIC. > > In such a case, the IO-APIC must be accessed as private (encrypted). > > Lemme see I understand this correctly: > > the paravisor is emulating the IO-APIC in the lower range of the address > space, under the vTOM which is accessed encrypted. > > That's why you need to access it encrypted in the guest. > > Close? > Exactly correct. Michael
On Tue, Dec 06, 2022 at 07:54:02PM +0000, Michael Kelley (LINUX) wrote:
> Exactly correct.
Ok, thanks.
Let's put that in the commit message and get rid of the "subsequent
patch" wording as patch order in git is ambiguous.
IOW, something like this:
Current code always maps the IO-APIC as shared (decrypted) in a
confidential VM. But Hyper-V guest VMs on AMD SEV-SNP with vTOM enabled
use a paravisor running in VMPL0 to emulate the IO-APIC.
In such a case, the IO-APIC must be accessed as private (encrypted)
because the paravisor emulates the IO-APIC in the lower half of the vTOM
where all accesses must be encrypted.
Add a new CC attribute which determines how the IO-APIC MMIO mapping
should be established depending on the platform the kernel is running on
as a guest.
Thx.
From: Borislav Petkov <bp@alien8.de> Sent: Thursday, December 29, 2022 3:39 AM > > On Tue, Dec 06, 2022 at 07:54:02PM +0000, Michael Kelley (LINUX) wrote: > > Exactly correct. > > Ok, thanks. > > Let's put that in the commit message and get rid of the "subsequent > patch" wording as patch order in git is ambiguous. > > IOW, something like this: > > Current code always maps the IO-APIC as shared (decrypted) in a > confidential VM. But Hyper-V guest VMs on AMD SEV-SNP with vTOM enabled > use a paravisor running in VMPL0 to emulate the IO-APIC. > > In such a case, the IO-APIC must be accessed as private (encrypted) > because the paravisor emulates the IO-APIC in the lower half of the vTOM > where all accesses must be encrypted. > > Add a new CC attribute which determines how the IO-APIC MMIO mapping > should be established depending on the platform the kernel is running on > as a guest. > Works for me. I'll adopt this wording in v5. Michael
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c index a868b76..2b70e2e 100644 --- a/arch/x86/kernel/apic/io_apic.c +++ b/arch/x86/kernel/apic/io_apic.c @@ -2686,7 +2686,8 @@ static void io_apic_set_fixmap(enum fixed_addresses idx, phys_addr_t phys) * Ensure fixmaps for IOAPIC MMIO respect memory encryption pgprot * bits, just like normal ioremap(): */ - flags = pgprot_decrypted(flags); + if (!cc_platform_has(CC_ATTR_ACCESS_IOAPIC_ENCRYPTED)) + flags = pgprot_decrypted(flags); __set_fixmap(idx, phys, flags); } diff --git a/include/linux/cc_platform.h b/include/linux/cc_platform.h index cb0d6cd..7b63a7d 100644 --- a/include/linux/cc_platform.h +++ b/include/linux/cc_platform.h @@ -90,6 +90,18 @@ enum cc_attr { * Examples include TDX Guest. */ CC_ATTR_HOTPLUG_DISABLED, + + /** + * @CC_ATTR_ACCESS_IOAPIC_ENCRYPTED: Guest VM IO-APIC is encrypted + * + * The platform/OS is running as a guest/virtual machine with + * an IO-APIC that is emulated by a paravisor running in the + * guest VM context. As such, the IO-APIC is accessed in the + * encrypted portion of the guest physical address space. + * + * Examples include Hyper-V SEV-SNP guests using vTOM. + */ + CC_ATTR_ACCESS_IOAPIC_ENCRYPTED, }; #ifdef CONFIG_ARCH_HAS_CC_PLATFORM