From patchwork Wed Nov 8 11:17:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Saenz Julienne X-Patchwork-Id: 16373 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:aa0b:0:b0:403:3b70:6f57 with SMTP id k11csp841242vqo; Wed, 8 Nov 2023 03:18:37 -0800 (PST) X-Google-Smtp-Source: AGHT+IGELtA/f3FFWohTc/x9C3z4AmJm9QcRAAnAvPX7Gg8Twt+D1zLEW0oJD55pVegstD63fsoA X-Received: by 2002:a05:6870:7021:b0:1f0:84cb:9a35 with SMTP id u33-20020a056870702100b001f084cb9a35mr1885006oae.4.1699442316929; Wed, 08 Nov 2023 03:18:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699442316; cv=none; d=google.com; s=arc-20160816; b=LMsvQ+6j0KnpOHn6lZIwbfQgy+/qQ0LsTvQ63EmPOjsm7U1dx9NtLNMHNOaHb+7HeJ bSfbw9EsgsNhN6FWYRk///rXKewE1DijVNceSP+HdOpEFPNK5ZqNulWfaDs7MVDQ6YF8 +4dvNdMdoVUB3GR+tgfu6q2VVPtGyAnJl0zNUqU3C+n41cFcPkMTzTMgb3hnBiYHDeiw NnVlacv93+0tTEjo7fGR6xBCh3zkQl+TF8UocF1+XPirhXkHD0DGgwvAoqD59HrBurKC bRmT6UZb5vSwDd49k27eUPcMt78wuraqWQntpj3DGofWH5zG28VbT5S2IhCN5DTBwR9g P0yA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=YhNiCY6Yx16hIA8ic6bDnU8CklxIVvoOxjYhmVU762I=; fh=HB9ImBoUqYRbUAG4zQt6lry8rjfzmKWb+XvPQWZxTPk=; b=udqV7fkPsbpbmEJ+BBI13VsPw22t1I2+zrq/vTfvpNcxrnkQV5SUQ4W3R4k1Cyniuo TySrHoazdp27uH4kd0iqaCa9+WtsTBzgiLvrQwuP7Ko2SgxKm4Rjhai2Rh002vsHa+1D CFUnz7fuUSnSsy6Cg/zepVoCAWouaXLsN/IkAGrz5cH+viDGgNTOvfeovn001kr7Zh/h V6t+UOL1FjG0swpTvwLUp9tQaCTBVe8jsdS5ylsbcEewpg7XNg7NbGxnQF3c89htzROq 4g/uRGCYYlS1BCMkMKuvGzAcU9fh5oEsONNXbW0CVzpSmSajg0f7SHZKjeTay8bmRSlV TieQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=KFXFH01+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id bn10-20020a056a02030a00b005b92842d469si5241882pgb.62.2023.11.08.03.18.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Nov 2023 03:18:36 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=KFXFH01+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id D68E4837B2FF; Wed, 8 Nov 2023 03:18:35 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344373AbjKHLSe (ORCPT + 32 others); Wed, 8 Nov 2023 06:18:34 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51746 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230045AbjKHLSc (ORCPT ); Wed, 8 Nov 2023 06:18:32 -0500 Received: from smtp-fw-9105.amazon.com (smtp-fw-9105.amazon.com [207.171.188.204]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B2C83101; Wed, 8 Nov 2023 03:18:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1699442311; x=1730978311; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=YhNiCY6Yx16hIA8ic6bDnU8CklxIVvoOxjYhmVU762I=; b=KFXFH01+WyKZVuGXSf+Ano1t5HqH4ywbQheqAJa6homt8uBTBLEo7NpO mG65UaJQHbEmtZp6YhIXHpCCp/+Exe8ozrAhXA+i4sQ+O66EPO1Hsr+DZ ftf8HaracbQVHh+VARBIggQLgn81310Sh/zYUHrSX+7HOACPx8iVcyWjr o=; X-IronPort-AV: E=Sophos;i="6.03,286,1694736000"; d="scan'208";a="683505176" Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO email-inbound-relay-iad-1d-m6i4x-f05d30a1.us-east-1.amazon.com) ([10.25.36.210]) by smtp-border-fw-9105.sea19.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Nov 2023 11:18:25 +0000 Received: from smtpout.prod.us-east-1.prod.farcaster.email.amazon.dev (iad7-ws-svc-p70-lb3-vlan3.iad.amazon.com [10.32.235.38]) by email-inbound-relay-iad-1d-m6i4x-f05d30a1.us-east-1.amazon.com (Postfix) with ESMTPS id 74C1080D5F; Wed, 8 Nov 2023 11:18:21 +0000 (UTC) Received: from EX19MTAEUC002.ant.amazon.com [10.0.43.254:31015] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.43.105:2525] with esmtp (Farcaster) id b8d2a861-c97a-4ec8-b470-7641a9da532f; Wed, 8 Nov 2023 11:18:20 +0000 (UTC) X-Farcaster-Flow-ID: b8d2a861-c97a-4ec8-b470-7641a9da532f Received: from EX19D004EUC001.ant.amazon.com (10.252.51.190) by EX19MTAEUC002.ant.amazon.com (10.252.51.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.39; Wed, 8 Nov 2023 11:18:20 +0000 Received: from dev-dsk-nsaenz-1b-189b39ae.eu-west-1.amazon.com (10.13.235.138) by EX19D004EUC001.ant.amazon.com (10.252.51.190) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.39; Wed, 8 Nov 2023 11:18:15 +0000 From: Nicolas Saenz Julienne To: CC: , , , , , , , , , , , , , , Subject: [RFC 0/33] KVM: x86: hyperv: Introduce VSM support Date: Wed, 8 Nov 2023 11:17:33 +0000 Message-ID: <20231108111806.92604-1-nsaenz@amazon.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 X-Originating-IP: [10.13.235.138] X-ClientProxiedBy: EX19D037UWC004.ant.amazon.com (10.13.139.254) To EX19D004EUC001.ant.amazon.com (10.252.51.190) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Wed, 08 Nov 2023 03:18:35 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781994426786089794 X-GMAIL-MSGID: 1781994426786089794 Hyper-V's Virtual Secure Mode (VSM) is a virtualisation security feature that leverages the hypervisor to create secure execution environments within a guest. VSM is documented as part of Microsoft's Hypervisor Top Level Functional Specification [1]. Security features that build upon VSM, like Windows Credential Guard, are enabled by default on Windows 11, and are becoming a prerequisite in some industries. This RFC series introduces the necessary infrastructure to emulate VSM enabled guests. It is a snapshot of the progress we made so far, and its main goal is to gather design feedback. Specifically on the KVM APIs we introduce. For a high level design overview, see the documentation in patch 33. Additionally, this topic will be discussed as part of the KVM Micro-conference, in this year's Linux Plumbers Conference [2]. The series is accompanied by two repositories: - A PoC QEMU implementation of VSM [3]. - VSM kvm-unit-tests [4]. Note that this isn't a full VSM implementation. For now it only supports 2 VTLs, and only runs on uniprocessor guests. It is capable of booting Windows Sever 2016/2019, but is unstable during runtime. The series is based on the v6.6 kernel release, and depends on the introduction of KVM memory attributes, which is being worked on independently in "KVM: guest_memfd() and per-page attributes" [5]. A full Linux tree is also made available [6]. Series rundown: - Patch 2 introduces the concept of APIC ID groups. - Patches 3-12 introduce the VSM capability and basic VTL awareness into Hyper-V emulation. - Patch 13 introduces vCPU polling support. - Patches 14-31 use KVM's memory attributes to implement VTL memory protections. Introduces the VTL KMV device and secure memory intercepts. - Patch 32 is a temporary implementation of HVCALL_TRANSLATE_VIRTUAL_ADDRESS necessary to boot Windows 2019. - Patch 33 introduces documentation. Our intention is to integrate feedback gathered in the RFC and LPC while we finish the VSM implementation. In the future, we will split the series into distinct feature patch sets and upstream these independently. Thanks, Nicolas [1] https://raw.githubusercontent.com/Microsoft/Virtualization-Documentation/master/tlfs/Hypervisor%20Top%20Level%20Functional%20Specification%20v6.0b.pdf [2] https://lpc.events/event/17/sessions/166/#20231114 [3] https://github.com/vianpl/qemu/tree/vsm-rfc-v1 [4] https://github.com/vianpl/kvm-unit-tests/tree/vsm-rfc-v1 [5] https://lore.kernel.org/lkml/20231105163040.14904-1-pbonzini@redhat.com/. [6] Full tree: https://github.com/vianpl/linux/tree/vsm-rfc-v1. There are also two small dependencies with https://marc.info/?l=kvm&m=167887543028109&w=2 and https://lkml.org/lkml/2023/10/17/972