From: MUKESH RATHOR <mukeshrathor@microsoft.com>
To: Nuno Das Neves <nunodasneves@linux.microsoft.com>,
"linux-hyperv@vger.kernel.org" <linux-hyperv@vger.kernel.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"iommu@lists.linux.dev" <iommu@lists.linux.dev>,
"mhklinux@outlook.com" <mhklinux@outlook.com>,
"eahariha@linux.microsoft.com" <eahariha@linux.microsoft.com>
Cc: KY Srinivasan <kys@microsoft.com>,
Haiyang Zhang <haiyangz@microsoft.com>,
"wei.liu@kernel.org" <wei.liu@kernel.org>,
Dexuan Cui <decui@microsoft.com>,
"catalin.marinas@arm.com" <catalin.marinas@arm.com>,
"will@kernel.org" <will@kernel.org>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"mingo@redhat.com" <mingo@redhat.com>,
"bp@alien8.de" <bp@alien8.de>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"x86@kernel.org" <x86@kernel.org>,
"hpa@zytor.com" <hpa@zytor.com>,
"daniel.lezcano@linaro.org" <daniel.lezcano@linaro.org>,
"joro@8bytes.org" <joro@8bytes.org>,
"robin.murphy@arm.com" <robin.murphy@arm.com>,
"arnd@arndb.de" <arnd@arndb.de>,
"jinankjain@linux.microsoft.com" <jinankjain@linux.microsoft.com>,
"muminulrussell@gmail.com" <muminulrussell@gmail.com>,
"skinsburskii@linux.microsoft.com"
<skinsburskii@linux.microsoft.com>
Subject: Re: [PATCH v2 2/3] hyperv: Change hv_root_partition into a function
Date: Thu, 20 Feb 2025 21:59:27 +0000 [thread overview]
Message-ID: <5980eaf9-2e77-d0ec-e39b-b48913c8b72f@microsoft.com> (raw)
In-Reply-To: <1740076396-15086-3-git-send-email-nunodasneves@linux.microsoft.com>
On 2/20/25 10:33, Nuno Das Neves wrote:
> Introduce hv_current_partition_type to store the partition type
> as an enum.
>
> Right now this is limited to guest or root partition, but there will
> be other kinds in future and the enum is easily extensible.
>
> Set up hv_current_partition_type early in Hyper-V initialization with
> hv_identify_partition_type(). hv_root_partition() just queries this
> value, and shouldn't be called before that.
>
> Making this check into a function sets the stage for adding a config
> option to gate the compilation of root partition code. In particular,
> hv_root_partition() can be stubbed out always be false if root
> partition support isn't desired.
>
> Signed-off-by: Nuno Das Neves <nunodasneves@linux.microsoft.com>
> ---
> arch/arm64/hyperv/mshyperv.c | 2 ++
> arch/x86/hyperv/hv_init.c | 10 ++++-----
> arch/x86/kernel/cpu/mshyperv.c | 24 ++------------------
> drivers/clocksource/hyperv_timer.c | 4 ++--
> drivers/hv/hv.c | 10 ++++-----
> drivers/hv/hv_common.c | 35 +++++++++++++++++++++++++-----
> drivers/hv/vmbus_drv.c | 2 +-
> drivers/iommu/hyperv-iommu.c | 4 ++--
> include/asm-generic/mshyperv.h | 15 +++++++++++--
> 9 files changed, 61 insertions(+), 45 deletions(-)
>
> diff --git a/arch/arm64/hyperv/mshyperv.c b/arch/arm64/hyperv/mshyperv.c
> index 29fcfd595f48..2265ea5ce5ad 100644
> --- a/arch/arm64/hyperv/mshyperv.c
> +++ b/arch/arm64/hyperv/mshyperv.c
> @@ -61,6 +61,8 @@ static int __init hyperv_init(void)
> ms_hyperv.features, ms_hyperv.priv_high, ms_hyperv.hints,
> ms_hyperv.misc_features);
>
> + hv_identify_partition_type();
> +
> ret = hv_common_init();
> if (ret)
> return ret;
> diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c
> index 9be1446f5bd3..ddeb40930bc8 100644
> --- a/arch/x86/hyperv/hv_init.c
> +++ b/arch/x86/hyperv/hv_init.c
> @@ -90,7 +90,7 @@ static int hv_cpu_init(unsigned int cpu)
> return 0;
>
> hvp = &hv_vp_assist_page[cpu];
> - if (hv_root_partition) {
> + if (hv_root_partition()) {
> /*
> * For root partition we get the hypervisor provided VP assist
> * page, instead of allocating a new page.
> @@ -242,7 +242,7 @@ static int hv_cpu_die(unsigned int cpu)
>
> if (hv_vp_assist_page && hv_vp_assist_page[cpu]) {
> union hv_vp_assist_msr_contents msr = { 0 };
> - if (hv_root_partition) {
> + if (hv_root_partition()) {
> /*
> * For root partition the VP assist page is mapped to
> * hypervisor provided page, and thus we unmap the
> @@ -317,7 +317,7 @@ static int hv_suspend(void)
> union hv_x64_msr_hypercall_contents hypercall_msr;
> int ret;
>
> - if (hv_root_partition)
> + if (hv_root_partition())
> return -EPERM;
>
> /*
> @@ -518,7 +518,7 @@ void __init hyperv_init(void)
> rdmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
> hypercall_msr.enable = 1;
>
> - if (hv_root_partition) {
> + if (hv_root_partition()) {
> struct page *pg;
> void *src;
>
> @@ -592,7 +592,7 @@ void __init hyperv_init(void)
> * If we're running as root, we want to create our own PCI MSI domain.
> * We can't set this in hv_pci_init because that would be too late.
> */
> - if (hv_root_partition)
> + if (hv_root_partition())
> x86_init.irqs.create_pci_msi_domain = hv_create_pci_msi_domain;
> #endif
>
> diff --git a/arch/x86/kernel/cpu/mshyperv.c
b/arch/x86/kernel/cpu/mshyperv.c
> index f285757618fc..4f01f424ea5b 100644
> --- a/arch/x86/kernel/cpu/mshyperv.c
> +++ b/arch/x86/kernel/cpu/mshyperv.c
> @@ -33,8 +33,6 @@
> #include <asm/numa.h>
> #include <asm/svm.h>
>
> -/* Is Linux running as the root partition? */
> -bool hv_root_partition;
> /* Is Linux running on nested Microsoft Hypervisor */
> bool hv_nested;
> struct ms_hyperv_info ms_hyperv;
> @@ -451,25 +449,7 @@ static void __init ms_hyperv_init_platform(void)
> pr_debug("Hyper-V: max %u virtual processors, %u logical
processors\n",
> ms_hyperv.max_vp_index, ms_hyperv.max_lp_index);
>
> - /*
> - * Check CPU management privilege.
> - *
> - * To mirror what Windows does we should extract CPU management
> - * features and use the ReservedIdentityBit to detect if Linux is the
> - * root partition. But that requires negotiating CPU management
> - * interface (a process to be finalized). For now, use the privilege
> - * flag as the indicator for running as root.
> - *
> - * Hyper-V should never specify running as root and as a Confidential
> - * VM. But to protect against a compromised/malicious Hyper-V trying
> - * to exploit root behavior to expose Confidential VM memory, ignore
> - * the root partition setting if also a Confidential VM.
> - */
> - if ((ms_hyperv.priv_high & HV_CPU_MANAGEMENT) &&
> - !(ms_hyperv.priv_high & HV_ISOLATION)) {
> - hv_root_partition = true;
> - pr_info("Hyper-V: running as root partition\n");
> - }
> + hv_identify_partition_type();
>
> if (ms_hyperv.hints & HV_X64_HYPERV_NESTED) {
> hv_nested = true;
> @@ -618,7 +598,7 @@ static void __init ms_hyperv_init_platform(void)
>
> # ifdef CONFIG_SMP
> smp_ops.smp_prepare_boot_cpu = hv_smp_prepare_boot_cpu;
> - if (hv_root_partition ||
> + if (hv_root_partition() ||
> (!ms_hyperv.paravisor_present && hv_isolation_type_snp()))
> smp_ops.smp_prepare_cpus = hv_smp_prepare_cpus;
> # endif
> diff --git a/drivers/clocksource/hyperv_timer.c
b/drivers/clocksource/hyperv_timer.c
> index f00019b078a7..09549451dd51 100644
> --- a/drivers/clocksource/hyperv_timer.c
> +++ b/drivers/clocksource/hyperv_timer.c
> @@ -582,7 +582,7 @@ static void __init hv_init_tsc_clocksource(void)
> * mapped.
> */
> tsc_msr.as_uint64 = hv_get_msr(HV_MSR_REFERENCE_TSC);
> - if (hv_root_partition)
> + if (hv_root_partition())
> tsc_pfn = tsc_msr.pfn;
> else
> tsc_pfn = HVPFN_DOWN(virt_to_phys(tsc_page));
> @@ -627,7 +627,7 @@ void __init hv_remap_tsc_clocksource(void)
> if (!(ms_hyperv.features & HV_MSR_REFERENCE_TSC_AVAILABLE))
> return;
>
> - if (!hv_root_partition) {
> + if (!hv_root_partition()) {
> WARN(1, "%s: attempt to remap TSC page in guest partition\n",
> __func__);
> return;
> diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
> index fab0690b5c41..a38f84548bc2 100644
> --- a/drivers/hv/hv.c
> +++ b/drivers/hv/hv.c
> @@ -144,7 +144,7 @@ int hv_synic_alloc(void)
> * Synic message and event pages are allocated by paravisor.
> * Skip these pages allocation here.
> */
> - if (!ms_hyperv.paravisor_present && !hv_root_partition) {
> + if (!ms_hyperv.paravisor_present && !hv_root_partition()) {
> hv_cpu->synic_message_page =
> (void *)get_zeroed_page(GFP_ATOMIC);
> if (!hv_cpu->synic_message_page) {
> @@ -272,7 +272,7 @@ void hv_synic_enable_regs(unsigned int cpu)
> simp.as_uint64 = hv_get_msr(HV_MSR_SIMP);
> simp.simp_enabled = 1;
>
> - if (ms_hyperv.paravisor_present || hv_root_partition) {
> + if (ms_hyperv.paravisor_present || hv_root_partition()) {
> /* Mask out vTOM bit. ioremap_cache() maps decrypted */
> u64 base = (simp.base_simp_gpa << HV_HYP_PAGE_SHIFT) &
> ~ms_hyperv.shared_gpa_boundary;
> @@ -291,7 +291,7 @@ void hv_synic_enable_regs(unsigned int cpu)
> siefp.as_uint64 = hv_get_msr(HV_MSR_SIEFP);
> siefp.siefp_enabled = 1;
>
> - if (ms_hyperv.paravisor_present || hv_root_partition) {
> + if (ms_hyperv.paravisor_present || hv_root_partition()) {
> /* Mask out vTOM bit. ioremap_cache() maps decrypted */
> u64 base = (siefp.base_siefp_gpa << HV_HYP_PAGE_SHIFT) &
> ~ms_hyperv.shared_gpa_boundary;
> @@ -367,7 +367,7 @@ void hv_synic_disable_regs(unsigned int cpu)
> * addresses.
> */
> simp.simp_enabled = 0;
> - if (ms_hyperv.paravisor_present || hv_root_partition) {
> + if (ms_hyperv.paravisor_present || hv_root_partition()) {
> iounmap(hv_cpu->synic_message_page);
> hv_cpu->synic_message_page = NULL;
> } else {
> @@ -379,7 +379,7 @@ void hv_synic_disable_regs(unsigned int cpu)
> siefp.as_uint64 = hv_get_msr(HV_MSR_SIEFP);
> siefp.siefp_enabled = 0;
>
> - if (ms_hyperv.paravisor_present || hv_root_partition) {
> + if (ms_hyperv.paravisor_present || hv_root_partition()) {
> iounmap(hv_cpu->synic_event_page);
> hv_cpu->synic_event_page = NULL;
> } else {
> diff --git a/drivers/hv/hv_common.c b/drivers/hv/hv_common.c
> index 2120aead98d9..c5c5dc92ff21 100644
> --- a/drivers/hv/hv_common.c
> +++ b/drivers/hv/hv_common.c
> @@ -34,8 +34,11 @@
> u64 hv_current_partition_id = HV_PARTITION_ID_SELF;
> EXPORT_SYMBOL_GPL(hv_current_partition_id);
>
> +enum hv_partition_type hv_current_partition_type;
> +EXPORT_SYMBOL_GPL(hv_current_partition_type);
> +
nit: if possible and not too late, can we please use more Unix
style naming, eg, hv_curr_ptid and hv_curr_pt_type rather than this
long windows style names that causes unnecessary line wraps/splits.
Thanks,
-Mukesh
next prev parent reply other threads:[~2025-02-20 21:59 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-20 18:33 [PATCH v2 0/3] Introduce CONFIG_MSHV_ROOT for root partition code Nuno Das Neves
2025-02-20 18:33 ` [PATCH v2 1/3] hyperv: Convert hypercall statuses to linux error codes Nuno Das Neves
2025-02-20 18:49 ` Easwar Hariharan
2025-02-20 21:59 ` Nuno Das Neves
2025-02-20 19:03 ` Michael Kelley
2025-02-20 21:58 ` Nuno Das Neves
2025-02-20 18:33 ` [PATCH v2 2/3] hyperv: Change hv_root_partition into a function Nuno Das Neves
2025-02-20 18:56 ` Easwar Hariharan
2025-02-20 19:08 ` Michael Kelley
2025-02-20 19:17 ` Michael Kelley
2025-02-20 21:57 ` Nuno Das Neves
2025-02-20 21:59 ` MUKESH RATHOR [this message]
2025-02-20 22:56 ` Easwar Hariharan
2025-02-20 22:59 ` MUKESH RATHOR
2025-02-21 18:10 ` Nuno Das Neves
2025-02-21 18:38 ` Easwar Hariharan
2025-02-21 18:47 ` MUKESH RATHOR
2025-02-20 18:33 ` [PATCH v2 3/3] hyperv: Add CONFIG_MSHV_ROOT to gate root partition support Nuno Das Neves
2025-02-20 19:02 ` Easwar Hariharan
2025-02-20 19:22 ` Michael Kelley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5980eaf9-2e77-d0ec-e39b-b48913c8b72f@microsoft.com \
--to=mukeshrathor@microsoft.com \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=daniel.lezcano@linaro.org \
--cc=dave.hansen@linux.intel.com \
--cc=decui@microsoft.com \
--cc=eahariha@linux.microsoft.com \
--cc=haiyangz@microsoft.com \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux.dev \
--cc=jinankjain@linux.microsoft.com \
--cc=joro@8bytes.org \
--cc=kys@microsoft.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhklinux@outlook.com \
--cc=mingo@redhat.com \
--cc=muminulrussell@gmail.com \
--cc=nunodasneves@linux.microsoft.com \
--cc=robin.murphy@arm.com \
--cc=skinsburskii@linux.microsoft.com \
--cc=tglx@linutronix.de \
--cc=wei.liu@kernel.org \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.