Re: [PATCH] x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM

[Andrea Parri <parri.andrea@gmail.com>]

On Thu, May 05, 2022 at 09:15:02AM -0400, Tianyu Lan wrote:
> From: Tianyu Lan <Tianyu.Lan@microsoft.com>
> 
> Hyper-V Isolation VM code uses sev_es_ghcb_hv_call() to read/write MSR
> via GHCB page. The SEV-ES guest should negotiate GHCB version before
> reading/writing MSR via GHCB page. Expose sev_es_negotiate_protocol()
> and sev_es_terminate() from AMD SEV code and negotiate GHCB version in
> hyperv_init_ghcb() fro Hyper-V Isolation VM.
> 
> Signed-off-by: Tianyu Lan <Tianyu.Lan@microsoft.com>

Applied to tip's x86/sev and checked that this can fix the regression (to
be introduced) by commit 2ea29c5abbc2 ("x86/sev: Save the negotiated GHCB
version"):

Tested-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com>

Nits: (in the commit message) fro -> for, Isolation VM -> Isolated VM

Thanks,
  Andrea


> ---
>  arch/x86/hyperv/hv_init.c    | 8 ++++++++
>  arch/x86/include/asm/sev.h   | 6 ++++++
>  arch/x86/kernel/sev-shared.c | 4 ++--
>  3 files changed, 16 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c
> index 8b392b6b7b93..56e2c34e7d64 100644
> --- a/arch/x86/hyperv/hv_init.c
> +++ b/arch/x86/hyperv/hv_init.c
> @@ -29,6 +29,7 @@
>  #include <clocksource/hyperv_timer.h>
>  #include <linux/highmem.h>
>  #include <linux/swiotlb.h>
> +#include <asm/sev.h>
>  
>  int hyperv_init_cpuhp;
>  u64 hv_current_partition_id = ~0ull;
> @@ -70,6 +71,13 @@ static int hyperv_init_ghcb(void)
>  	ghcb_base = (void **)this_cpu_ptr(hv_ghcb_pg);
>  	*ghcb_base = ghcb_va;
>  
> +	/* Negotiate GHCB Version. */
> +	if (!sev_es_negotiate_protocol())
> +		sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SEV_ES_PROT_UNSUPPORTED);
> +
> +	/* Write ghcb page back after negotiating protocol. */
> +	wrmsrl(MSR_AMD64_SEV_ES_GHCB, ghcb_gpa);
> +	VMGEXIT();
>  	return 0;
>  }
>  
> diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
> index 19514524f0f8..ad69c1dc081b 100644
> --- a/arch/x86/include/asm/sev.h
> +++ b/arch/x86/include/asm/sev.h
> @@ -161,6 +161,9 @@ extern enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb,
>  					  struct es_em_ctxt *ctxt,
>  					  u64 exit_code, u64 exit_info_1,
>  					  u64 exit_info_2);
> +extern bool sev_es_negotiate_protocol(void);
> +extern void sev_es_terminate(unsigned int set, unsigned int reason);
> +
>  static inline int rmpadjust(unsigned long vaddr, bool rmp_psize, unsigned long attrs)
>  {
>  	int rc;
> @@ -226,6 +229,9 @@ static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *in
>  {
>  	return -ENOTTY;
>  }
> +
> +static bool sev_es_negotiate_protocol(void) { return false; }
> +static void sev_es_terminate(unsigned int set, unsigned int reason) { }
>  #endif
>  
>  #endif
> diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c
> index 2b4270d5559e..bffc38f0d5ed 100644
> --- a/arch/x86/kernel/sev-shared.c
> +++ b/arch/x86/kernel/sev-shared.c
> @@ -86,7 +86,7 @@ static bool __init sev_es_check_cpu_features(void)
>  	return true;
>  }
>  
> -static void __noreturn sev_es_terminate(unsigned int set, unsigned int reason)
> +void __noreturn sev_es_terminate(unsigned int set, unsigned int reason)
>  {
>  	u64 val = GHCB_MSR_TERM_REQ;
>  
> @@ -137,7 +137,7 @@ static void snp_register_ghcb_early(unsigned long paddr)
>  		sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_REGISTER);
>  }
>  
> -static bool sev_es_negotiate_protocol(void)
> +bool sev_es_negotiate_protocol(void)
>  {
>  	u64 val;
>  
> -- 
> 2.25.1
>