From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Tianyu Lan <ltykernel@gmail.com>,
kys@microsoft.com, haiyangz@microsoft.com, wei.liu@kernel.org,
decui@microsoft.com, tglx@linutronix.de, mingo@redhat.com,
bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org,
hpa@zytor.com, daniel.lezcano@linaro.org, arnd@arndb.de,
michael.h.kelley@microsoft.com
Cc: Tianyu Lan <tiala@microsoft.com>,
linux-arch@vger.kernel.org, linux-hyperv@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/9] x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest
Date: Mon, 05 Jun 2023 14:13:29 +0200 [thread overview]
Message-ID: <873536ksye.fsf@redhat.com> (raw)
In-Reply-To: <20230601151624.1757616-4-ltykernel@gmail.com>
Tianyu Lan <ltykernel@gmail.com> writes:
> From: Tianyu Lan <tiala@microsoft.com>
>
> hv vp assist page needs to be shared between SEV-SNP guest and Hyper-V.
> So mark the page unencrypted in the SEV-SNP guest.
>
> Signed-off-by: Tianyu Lan <tiala@microsoft.com>
> ---
> arch/x86/hyperv/hv_init.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c
> index b4a2327c823b..331b855314b7 100644
> --- a/arch/x86/hyperv/hv_init.c
> +++ b/arch/x86/hyperv/hv_init.c
> @@ -18,6 +18,7 @@
> #include <asm/hyperv-tlfs.h>
> #include <asm/mshyperv.h>
> #include <asm/idtentry.h>
> +#include <asm/set_memory.h>
> #include <linux/kexec.h>
> #include <linux/version.h>
> #include <linux/vmalloc.h>
> @@ -113,6 +114,11 @@ static int hv_cpu_init(unsigned int cpu)
>
> }
> if (!WARN_ON(!(*hvp))) {
> + if (hv_isolation_type_en_snp()) {
> + WARN_ON_ONCE(set_memory_decrypted((unsigned long)(*hvp), 1));
> + memset(*hvp, 0, PAGE_SIZE);
> + }
Why do we need to set the page as decrypted here and not when we
allocate the page (a few lines above)? And why do we need to clear it
_after_ we made it decrypted? In case we care about not leaking the
stale content to the hypervisor, we should've cleared it _before_, but
the bigger problem I see is that memset() is problemmatic e.g. for KVM
which uses enlightened VMCS. You put a CPU offline and then back online
and this path will be taken. Clearing VP assist page will likely brake
things. (AFAIU SEV-SNP Hyper-V guests don't expose SVM yet so the
problem is likely theoretical only, but still).
> +
> msr.enable = 1;
> wrmsrl(HV_X64_MSR_VP_ASSIST_PAGE, msr.as_uint64);
> }
--
Vitaly
next prev parent reply other threads:[~2023-06-05 12:14 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-01 15:16 [PATCH 0/9] x86/hyperv: Add AMD sev-snp enlightened guest support on hyperv Tianyu Lan
2023-06-01 15:16 ` [PATCH 1/9] x86/hyperv: Add sev-snp enlightened guest static key Tianyu Lan
2023-06-05 12:09 ` Vitaly Kuznetsov
2023-06-06 13:43 ` Tianyu Lan
2023-07-18 5:52 ` Tianyu Lan
2023-06-08 12:56 ` Michael Kelley (LINUX)
2023-06-08 13:17 ` Tianyu Lan
2023-06-01 15:16 ` [PATCH 2/9] x86/hyperv: Set Virtual Trust Level in VMBus init message Tianyu Lan
2023-06-08 13:06 ` Michael Kelley (LINUX)
2023-06-08 13:21 ` Tianyu Lan
2023-06-01 15:16 ` [PATCH 3/9] x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest Tianyu Lan
2023-06-05 12:13 ` Vitaly Kuznetsov [this message]
2023-06-06 15:22 ` Tianyu Lan
2023-06-06 15:49 ` Vitaly Kuznetsov
2023-06-08 13:25 ` Michael Kelley (LINUX)
2023-06-08 13:44 ` Vitaly Kuznetsov
2023-06-01 15:16 ` [PATCH 4/9] drivers: hv: Mark shared pages " Tianyu Lan
2023-06-05 12:54 ` Vitaly Kuznetsov
2023-06-07 8:16 ` Tianyu Lan
2023-06-08 8:54 ` Vitaly Kuznetsov
2023-06-08 14:21 ` Michael Kelley (LINUX)
2023-06-01 15:16 ` [PATCH 5/9] x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp " Tianyu Lan
2023-06-05 13:00 ` Vitaly Kuznetsov
2023-06-08 13:21 ` Peter Zijlstra
2023-06-08 15:15 ` [EXTERNAL] " Tianyu Lan
2023-06-27 10:57 ` Tianyu Lan
2023-06-27 11:50 ` Peter Zijlstra
2023-06-27 12:05 ` Borislav Petkov
2023-06-27 13:38 ` Peter Zijlstra
2023-06-28 10:53 ` Peter Zijlstra
2023-06-01 15:16 ` [PATCH 6/9] clocksource: hyper-v: Mark hyperv tsc page unencrypted " Tianyu Lan
2023-06-01 15:16 ` [PATCH 7/9] x86/hyperv: Initialize cpu and memory for SEV-SNP " Tianyu Lan
2023-06-08 13:51 ` Michael Kelley (LINUX)
2023-06-09 9:56 ` Jeremi Piotrowski
2023-06-08 14:09 ` Michael Kelley (LINUX)
2023-06-08 15:18 ` Tianyu Lan
2023-06-01 15:16 ` [PATCH 8/9] x86/hyperv: Add smp support for SEV-SNP guest Tianyu Lan
2023-06-01 15:16 ` [PATCH 9/9] x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES Tianyu Lan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=873536ksye.fsf@redhat.com \
--to=vkuznets@redhat.com \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=daniel.lezcano@linaro.org \
--cc=dave.hansen@linux.intel.com \
--cc=decui@microsoft.com \
--cc=haiyangz@microsoft.com \
--cc=hpa@zytor.com \
--cc=kys@microsoft.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ltykernel@gmail.com \
--cc=michael.h.kelley@microsoft.com \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=tiala@microsoft.com \
--cc=wei.liu@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.