Message ID | 1668147701-4583-3-git-send-email-mikelley@microsoft.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp572568wru; Thu, 10 Nov 2022 22:23:18 -0800 (PST) X-Google-Smtp-Source: AA0mqf7bT7PHKm+MviaQQmT/drYXVkFx/zE/GoP7yN5yT0gzYU9/FRBaaqGcpFDaJnige4BV/boj X-Received: by 2002:a17:906:1ed0:b0:78d:9e77:1f8c with SMTP id m16-20020a1709061ed000b0078d9e771f8cmr740090ejj.236.1668147798772; Thu, 10 Nov 2022 22:23:18 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1668147798; cv=pass; d=google.com; s=arc-20160816; b=y7trI7nNjYGV0j8U2Slw+6doIG7biJJD2NqXbpCZVBh6SPyD7J0TU0QMS7sgWhPV62 Ksii8qldUAws5Tmvkn1mT+gc54mfJooAIagMPGVwudHiR+NjWr6Cj/OLyqg7ztjZpKKq jJ6dOdFcJxdn5adBQWWziMmGjqpI+rCUfQlA6pTW9pNC25+E70oONN+UiKmzUC9qkwG5 6x69i2q5XGHjnpB0JYE0a5VBKekPVuxHBl10fqrWrWBJNCGbB1EewtEHHgcrmNdG1vh1 Sl5+yjqOUf6ExTxt8IzxP3AyO1APJhzzBwNJTCaRoik+ZJ3IQu74j5zvt6vZpJyFrNuD Qr0g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=8OcaeMt/u9wYn2yxcRzom+6u54BPUvchqecBRIxcVm4=; b=kWCqZENnl9kGYiClfuDOfYNQFo0TEe4TP4Dj4RR5bbYj7vMRtkQ1KhQz+Qmieudcut Aqmk2pKKUz+Ea+LK+4lFO3lsb0XKlKASp/sY+yYnIxAXuGauMrz6gkGDbiLDxxRqp2dO Kan2W+MSSqTZyBMG4Lj5ptmwpzlUECTdOO05PjpToAT4IaqakhxL9k17z4S5bqIU45Nj yY4/Pmn1gQY7NFlkW+pcpgbFcOBEpoT310nu1zYpJobf1iTu2NUd7Mm+lYFpjIERewFo Oo2ZseqS0+n7EQACW2Kk5YKi6Nh25KzVDGJ04xjGuzAmt8Bt6m3x9F5XO1sukyn5H1WC msdA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector2 header.b=H7WU6C6O; arc=pass (i=1 spf=pass spfdomain=microsoft.com dkim=pass dkdomain=microsoft.com dmarc=pass fromdomain=microsoft.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y8-20020a056402270800b0046751bddcf0si474209edd.425.2022.11.10.22.22.54; Thu, 10 Nov 2022 22:23:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@microsoft.com header.s=selector2 header.b=H7WU6C6O; arc=pass (i=1 spf=pass spfdomain=microsoft.com dkim=pass dkdomain=microsoft.com dmarc=pass fromdomain=microsoft.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232837AbiKKGWa (ORCPT <rfc822;winker.wchi@gmail.com> + 99 others); Fri, 11 Nov 2022 01:22:30 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47962 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232784AbiKKGW0 (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Fri, 11 Nov 2022 01:22:26 -0500 Received: from na01-obe.outbound.protection.outlook.com (mail-eastusazon11022018.outbound.protection.outlook.com [52.101.53.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 42F8E663FB; Thu, 10 Nov 2022 22:22:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RMcBWMbKBOl0gTR43MuD/6CkRQDi9YQYWASKE8jQWJJ9TR1l6rQ0rLuoaD9BgnnLqWlK0im22P8OHa7Ua8xjD85Np0WoZexi/s16YVjL+jOi2M8K2LvFH1IsZqKUmkrkpXWXSEwS3GYBuKIFVpiYZA+CbRScibHGihfE4wMYJe6OyBro5qIPAN5r5E7JpQYI1FLt8jWMOwTkHbbRVUNxBbhj3o+gEcAjS0KvinzoOIyP91cn1IxNf1saXhLo6cdo+u5OugL7riRxr8bCOrdyqkPxRB7KJZ6rhu5XwalKAyib0kpg0Ub3frAIjTEC5YU1X4e2gKZwcnHQJ7K90IVDHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8OcaeMt/u9wYn2yxcRzom+6u54BPUvchqecBRIxcVm4=; b=PjJVYA5y+dEffQ9Zz8cXxCQmIRWZJbFmp+N2llI1a1KKic22eKZYI6+R5wbYQQe+ixPP0QzUN8258KAgWgBms+DggZUzOaK9a2+D81aJk5myM+t3e53VTtex3QcvxSAwBC1G9rm1YXspDwQUc2WeVzxJi7DQZyO9bxeKBL7xgIg/aYlChlnKnQcH2r1fkutZIxYa8vtDUpnOm6y2iZNIl+cybwGsiaR6lUvOixEPl0vYS72J6FRA3zfH7we590Q2iscm7WQbqYV0UMRrvm8repd/CZuZALrOK9rcMFlrmCYBMD4nZKxT0p0EWWI7wuEfT2VAw8RPmJkf/iEQDknxXw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8OcaeMt/u9wYn2yxcRzom+6u54BPUvchqecBRIxcVm4=; b=H7WU6C6Oh2TMZF+Qzk8SWcmzU2SvWb04XoKdjWxGRLdWESdao1Wvn8KlcRREFr7klyPHACatj0UiCb7m7N1RP6IH3OIM9q6Uk+ZJcKyeMwSPPRXUZ8ewop0z9BkOoLWIlcIABXm01BmxnDzxLw5lYjUv2V3iTrmt38GZd5E9K1c= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com; Received: from DM6PR21MB1370.namprd21.prod.outlook.com (2603:10b6:5:16b::28) by MW4PR21MB1857.namprd21.prod.outlook.com (2603:10b6:303:74::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5834.2; Fri, 11 Nov 2022 06:22:14 +0000 Received: from DM6PR21MB1370.namprd21.prod.outlook.com ([fe80::c3e3:a6ef:232c:299b]) by DM6PR21MB1370.namprd21.prod.outlook.com ([fe80::c3e3:a6ef:232c:299b%7]) with mapi id 15.20.5834.002; Fri, 11 Nov 2022 06:22:14 +0000 From: Michael Kelley <mikelley@microsoft.com> To: hpa@zytor.com, kys@microsoft.com, haiyangz@microsoft.com, wei.liu@kernel.org, decui@microsoft.com, luto@kernel.org, peterz@infradead.org, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, lpieralisi@kernel.org, robh@kernel.org, kw@linux.com, bhelgaas@google.com, arnd@arndb.de, hch@infradead.org, m.szyprowski@samsung.com, robin.murphy@arm.com, thomas.lendacky@amd.com, brijesh.singh@amd.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, Tianyu.Lan@microsoft.com, kirill.shutemov@linux.intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, ak@linux.intel.com, isaku.yamahata@intel.com, dan.j.williams@intel.com, jane.chu@oracle.com, seanjc@google.com, tony.luck@intel.com, x86@kernel.org, linux-kernel@vger.kernel.org, linux-hyperv@vger.kernel.org, netdev@vger.kernel.org, linux-pci@vger.kernel.org, linux-arch@vger.kernel.org, iommu@lists.linux.dev Cc: mikelley@microsoft.com Subject: [PATCH v2 02/12] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute Date: Thu, 10 Nov 2022 22:21:31 -0800 Message-Id: <1668147701-4583-3-git-send-email-mikelley@microsoft.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1668147701-4583-1-git-send-email-mikelley@microsoft.com> References: <1668147701-4583-1-git-send-email-mikelley@microsoft.com> Content-Type: text/plain X-ClientProxiedBy: MW4PR04CA0329.namprd04.prod.outlook.com (2603:10b6:303:82::34) To DM6PR21MB1370.namprd21.prod.outlook.com (2603:10b6:5:16b::28) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DM6PR21MB1370:EE_|MW4PR21MB1857:EE_ X-MS-Office365-Filtering-Correlation-Id: e5f819b8-a68f-4569-c9ed-08dac3ad12c2 X-LD-Processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: UJtq86ry/vEbYzqSqkbP2e7HDBlzZa7in6TGb6fzURJDIUdq6Fm5nA88Sw6GYiPgq8gyGzSixyHjk+pOCOLcoYH0nkvlHa+++SK2wplIVdoQ01BKl7ghphXoMEjh6RToVBTZ6a74X0lRsc4pcwvFZR2qFuMl2qQOjQ+iZ7cCp66KQ4tKAoeeCWfDWbTk89Glwk98jHSJxnx2t1X1hvNH2DHCdSYk0XpP5hiO5YEbNlfbIliDDiApEOWXtf1EK1862C3JMytMZTUuJmhQ6zDlQHwdl9YNDY+xoC+6OHKefSR2nJZYdrfc2OccFk+dCrrShYVAgNEX2f3iKKzG+bXIQDHROaDxQrMqEHMh+7Hnw77FSUFJ2SN4W+7vf9OrcKQ3MB+ijqpahrTSWMNKJwqOzNZNMpfRct1niEiZ4V0s99FmVM0EmDGlTRmLznPSdk2wtwsjgveXucKrAbiSAFxCijt7hMwvMoJi8tC0OqQte0vGzjB12IEZAzLfUNY6oRVhqQsMiFYNh3LdYiGmc5RXmbCUaist69XG/nrWC2kAMQ8gXuSMRxv+FbMz5ys0CXq4IFRs8y2HFvC9eS7g9pCwoAcGXHjukZanchKuGtjupIMLU5hTDM6bnE/wWPyDXwltWUlRkXpno8KIq4k9+sdFpiljOk5vTo5iO1LjNpzyOS9lwlqko1HkmwZR7Um8SGIpvBcgUF7vZ/jueAsHRRhCEPE2jiT8y2yw0KnY264JeGhoFWAqkcK95wFD5Sa3QVkfg343BYNIFeGZROCStcbhPN4ECTfD9BVjbzRZ9yq0BuLmIVDpPDzKnQty9Py33suw5Na7QqD24YwbaTOuFvcBxg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR21MB1370.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(39860400002)(346002)(376002)(366004)(136003)(396003)(451199015)(83380400001)(52116002)(26005)(6666004)(6512007)(186003)(38100700002)(107886003)(2616005)(7406005)(2906002)(316002)(7416002)(6506007)(10290500003)(6486002)(66946007)(66476007)(5660300002)(8936002)(41300700001)(8676002)(4326008)(66556008)(478600001)(38350700002)(36756003)(86362001)(921005)(82960400001)(82950400001);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Nh+v0WkPJj4vMR/VScDAW9JXeXPIMtWP1pYrcNyZFp7CV7u36TDTIG5tnPIyiVKUXE4pdqi/9ILRA9+VKhFZGEoH4BKCamiQALiquY0p2l/tVUqrOau+m8jyDa8eQ+nvI5tmgkWyEuHNsEUsGmVF7MLNqy6Sv7yO4MNA0TGKYmw8li4MnJ/fjobF9pJOvFviVYvHDy8/p7iBf0yGmzZJ3usTESFROfljubW0WoZtpYB0tYqA3bMeb4kUvmwSQU/gRv+kpI0hJx3yQ86FCzjReeem+ATcfjk0ydfAVRWacPGSMiktzGmKfWY9roSy6LDN560xKzvgZvC78uG0itvIsKYhQoSkquflpozWy5jgWleUb+je9uwUaN6pB4+Z42HtOO/U3d5XzI6/Qq/e3MGGiHz2IhNTw44cqSUlUHDXjU0SRTfJ0Cm4YEx3CsL0sF9gjfUfi4lc7ZhgTR6DlI7cF23WyIq220HFwvc9mQWaJU3OOz+Y6W8HUfDeGcW/dZaj01fjQstxo/xdDzlv1VbqYjgwKTla6HVbOTAH/zsBnV0D9qDkNoQ3oCRUgIKu5sMkKN0eruVBgAso6lNNEXbQd000UFz1K2U1yRySJDt3ybaZUvqDlugGY/tORrf2X3U8wALrGS5zY0PF5nRQwToJ5awv+dj7uAz2bE4KBmJB+la96ANtByaisu8DW+Esj0fIgbl6EERWp6MK4tf6MI/dafsdWji5X+BT6ZHrIT3DC7ZNyUpGVHw3528utEzElSp1kxW9ExDyfr1EjBamFMWVZyDkCzjN5ny0qNUha19qbum3d9jYOf8lyoQzVn1vyWRsAaXDdhvVBEbVPkDGAFYDoD45Fin29sF/mXMtbukVKng49YQjN80sfGgwGn4uXYGox+F7q6cDL3PLcez2jQ2KarSXBZxV5Nf9al6ayA9QN/YyFt/r9sQTX1ENaFpyPPL7k6Nvesi5eUM0ljqV4678trWygIuO7H2jdetKpr/cbUGqQeHZseZQPLcRUl3Eg9eMNNoDNoNcJ8xjaTPeYVfocEjDvno3rEIrIaBJjRJWjxzP+7jytHAZh2WKwKQDGvubsk01qLY3I6+8zikLrMCa771A9YkljjFXEFJ08b8el9RL60cIiCAUeTJZ4mRRvnbo1L8hCt1SaiIyhb3Xj+YR0Sa6B9vW0/Ngqad6mjjS1Rz4zlOr+efI5YshrbPhXrE0UGHP+l83KZhAZhJQsgA1XMZ4Jv+EYkbgpZBp1BKO9I242LQXF6mNzIZdO6meN9CkYvv4JLrF1+alMqDI3PUEn9C9WEqIz9atELNbWIfrTap2kuZ0FOkZ/SawmFXymPDyzvT7MCRuKfnYN8KA2vwc4Ogj+XBSa4op4xzDHFObhr8umwqlVsYlES+b7xk8IQO4Qzxf1lI4Vs1CZ51S2uk3feGVXss7XXpgQ5olYfsmiGs78ccsuxgS83tX1XCOjwA7yAgbwMWjpVc6wwaOqABk//JWV7sjPn863w/lhjGTg1194OpF/xDHHstuMTt9yaZLxKYixwXS5gwoLQoxfhmNdHk9+6XWwTk/rL/S/WI1dKQ4V4CILoDel4RF7Fehi/EgHMiY8OjrzeU/dFbHg/4M9g== X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: e5f819b8-a68f-4569-c9ed-08dac3ad12c2 X-MS-Exchange-CrossTenant-AuthSource: DM6PR21MB1370.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Nov 2022 06:22:13.9891 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: F5ZGfvO9AJ0eB4++BJ9L+a7Sy6FwfIh8OXjs2EuR5V19H9l/us+D+xzPH7+fIHTlnWw7ZvneK41cW+8SJriudg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR21MB1857 X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_NONE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749179746221649761?= X-GMAIL-MSGID: =?utf-8?q?1749179746221649761?= |
Series |
Drivers: hv: Add PCI pass-thru support to Hyper-V Confidential VMs
|
|
Commit Message
Michael Kelley (LINUX)
Nov. 11, 2022, 6:21 a.m. UTC
Current code always maps the IOAPIC as shared (decrypted) in a confidential VM. But Hyper-V guest VMs on AMD SEV-SNP with vTOM enabled use a paravisor running in VMPL0 to emulate the IOAPIC. In such a case, the IOAPIC must be accessed as private (encrypted). Fix this by gating the IOAPIC decrypted mapping on a new cc_platform_has() attribute that a subsequent patch in the series will set only for Hyper-V guests. The new attribute is named somewhat generically because similar paravisor emulation cases may arise in the future. Signed-off-by: Michael Kelley <mikelley@microsoft.com> Reviewed-by: Wei Liu <wei.liu@kernel.org> --- arch/x86/kernel/apic/io_apic.c | 3 ++- include/linux/cc_platform.h | 13 +++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-)
Comments
On 11/10/22 22:21, Michael Kelley wrote: > * Ensure fixmaps for IOAPIC MMIO respect memory encryption pgprot > * bits, just like normal ioremap(): > */ > - flags = pgprot_decrypted(flags); > + if (!cc_platform_has(CC_ATTR_HAS_PARAVISOR)) > + flags = pgprot_decrypted(flags); This begs the question whether *all* paravisors will want to avoid a decrypted ioapic mapping. Is this _fundamental_ to paravisors, or it is an implementation detail of this _individual_ paravisor?
From: Dave Hansen <dave.hansen@intel.com> Sent: Friday, November 11, 2022 4:22 PM > > On 11/10/22 22:21, Michael Kelley wrote: > > * Ensure fixmaps for IOAPIC MMIO respect memory encryption pgprot > > * bits, just like normal ioremap(): > > */ > > - flags = pgprot_decrypted(flags); > > + if (!cc_platform_has(CC_ATTR_HAS_PARAVISOR)) > > + flags = pgprot_decrypted(flags); > > This begs the question whether *all* paravisors will want to avoid a > decrypted ioapic mapping. Is this _fundamental_ to paravisors, or it is > an implementation detail of this _individual_ paravisor? Hard to say. The paravisor that Hyper-V provides for use with the vTOM option in a SEV SNP VM is the only paravisor I've seen. At least as defined by Hyper-V and AMD SNP Virtual Machine Privilege Levels (VMPLs), the paravisor resides within the VM trust boundary. Anything that a paravisor emulates would be in the "private" (i.e., encrypted) memory so it can be accessed by both the guest OS and the paravisor. But nothing fundamental says that IOAPIC emulation *must* be done in the paravisor. I originally though about naming this attribute HAS_EMULATED_IOAPIC, but that felt a bit narrow as other emulated hardware might need similar treatment in the future, at least with the Hyper-V and AMD SEV SNP vTOM paravisor. Net, we currently have N=1 for paravisors, and we won't know what the more generalized case looks like until N >= 2. If/when that happens, additional logic might be needed here, and the name of this attribute might need adjustment to support broader usage. But if there's consensus on a different name now, or on the narrower HAS_EMULATED_IOAPIC name, it doesn’t really matter to me. Michael
On 11/11/22 20:48, Michael Kelley (LINUX) wrote: > From: Dave Hansen <dave.hansen@intel.com> Sent: Friday, November 11, 2022 4:22 PM >> On 11/10/22 22:21, Michael Kelley wrote: >>> * Ensure fixmaps for IOAPIC MMIO respect memory encryption pgprot >>> * bits, just like normal ioremap(): >>> */ >>> - flags = pgprot_decrypted(flags); >>> + if (!cc_platform_has(CC_ATTR_HAS_PARAVISOR)) >>> + flags = pgprot_decrypted(flags); >> This begs the question whether *all* paravisors will want to avoid a >> decrypted ioapic mapping. Is this _fundamental_ to paravisors, or it is >> an implementation detail of this _individual_ paravisor? > Hard to say. The paravisor that Hyper-V provides for use with the vTOM > option in a SEV SNP VM is the only paravisor I've seen. At least as defined > by Hyper-V and AMD SNP Virtual Machine Privilege Levels (VMPLs), the > paravisor resides within the VM trust boundary. Anything that a paravisor > emulates would be in the "private" (i.e., encrypted) memory so it can be > accessed by both the guest OS and the paravisor. But nothing fundamental > says that IOAPIC emulation *must* be done in the paravisor. Please just make this check more specific. Either make this a specific Hyper-V+SVM check, or rename it HAS_EMULATED_IOAPIC, like you were thinking. If paravisors catch on and we end up with ten more of these things across five different paravisors and see a pattern, *then* a paravisor-specific one makes sense.
From: Dave Hansen <dave.hansen@intel.com> Sent: Monday, November 14, 2022 8:23 AM > > On 11/11/22 20:48, Michael Kelley (LINUX) wrote: > > From: Dave Hansen <dave.hansen@intel.com> Sent: Friday, November 11, 2022 4:22 > PM > >> On 11/10/22 22:21, Michael Kelley wrote: > >>> * Ensure fixmaps for IOAPIC MMIO respect memory encryption pgprot > >>> * bits, just like normal ioremap(): > >>> */ > >>> - flags = pgprot_decrypted(flags); > >>> + if (!cc_platform_has(CC_ATTR_HAS_PARAVISOR)) > >>> + flags = pgprot_decrypted(flags); > >> This begs the question whether *all* paravisors will want to avoid a > >> decrypted ioapic mapping. Is this _fundamental_ to paravisors, or it is > >> an implementation detail of this _individual_ paravisor? > > Hard to say. The paravisor that Hyper-V provides for use with the vTOM > > option in a SEV SNP VM is the only paravisor I've seen. At least as defined > > by Hyper-V and AMD SNP Virtual Machine Privilege Levels (VMPLs), the > > paravisor resides within the VM trust boundary. Anything that a paravisor > > emulates would be in the "private" (i.e., encrypted) memory so it can be > > accessed by both the guest OS and the paravisor. But nothing fundamental > > says that IOAPIC emulation *must* be done in the paravisor. > > Please just make this check more specific. Either make this a specific > Hyper-V+SVM check, or rename it HAS_EMULATED_IOAPIC, like you were > thinking. If paravisors catch on and we end up with ten more of these > things across five different paravisors and see a pattern, *then* a > paravisor-specific one makes sense. I'm good with that. I'll use HAS_EMULATED_IOAPIC in v3. Michael
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c index a868b76..d2c1bf7 100644 --- a/arch/x86/kernel/apic/io_apic.c +++ b/arch/x86/kernel/apic/io_apic.c @@ -2686,7 +2686,8 @@ static void io_apic_set_fixmap(enum fixed_addresses idx, phys_addr_t phys) * Ensure fixmaps for IOAPIC MMIO respect memory encryption pgprot * bits, just like normal ioremap(): */ - flags = pgprot_decrypted(flags); + if (!cc_platform_has(CC_ATTR_HAS_PARAVISOR)) + flags = pgprot_decrypted(flags); __set_fixmap(idx, phys, flags); } diff --git a/include/linux/cc_platform.h b/include/linux/cc_platform.h index cb0d6cd..b6c4a79 100644 --- a/include/linux/cc_platform.h +++ b/include/linux/cc_platform.h @@ -90,6 +90,19 @@ enum cc_attr { * Examples include TDX Guest. */ CC_ATTR_HOTPLUG_DISABLED, + + /** + * @CC_ATTR_HAS_PARAVISOR: Guest VM is running with a paravisor + * + * The platform/OS is running as a guest/virtual machine with + * a paravisor in VMPL0. Having a paravisor affects things + * like whether the I/O APIC is emulated and operates in the + * encrypted or decrypted portion of the guest physical address + * space. + * + * Examples include Hyper-V SEV-SNP guests using vTOM. + */ + CC_ATTR_HAS_PARAVISOR, }; #ifdef CONFIG_ARCH_HAS_CC_PLATFORM