From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: "Michael Kelley (LINUX)" <mikelley@microsoft.com>,
Tianyu Lan <ltykernel@gmail.com>,
KY Srinivasan <kys@microsoft.com>,
Haiyang Zhang <haiyangz@microsoft.com>,
"wei.liu@kernel.org" <wei.liu@kernel.org>,
Dexuan Cui <decui@microsoft.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"mingo@redhat.com" <mingo@redhat.com>,
"bp@alien8.de" <bp@alien8.de>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"x86@kernel.org" <x86@kernel.org>,
"hpa@zytor.com" <hpa@zytor.com>,
"daniel.lezcano@linaro.org" <daniel.lezcano@linaro.org>,
"arnd@arndb.de" <arnd@arndb.de>
Cc: Tianyu Lan <Tianyu.Lan@microsoft.com>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"linux-hyperv@vger.kernel.org" <linux-hyperv@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: RE: [PATCH 3/9] x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest
Date: Thu, 08 Jun 2023 15:44:27 +0200 [thread overview]
Message-ID: <87y1ku2hms.fsf@redhat.com> (raw)
In-Reply-To: <BYAPR21MB16883BF49ED337A6EF063461D750A@BYAPR21MB1688.namprd21.prod.outlook.com>
"Michael Kelley (LINUX)" <mikelley@microsoft.com> writes:
> From: Vitaly Kuznetsov <vkuznets@redhat.com> Sent: Tuesday, June 6, 2023 8:49 AM
>>
>> Tianyu Lan <ltykernel@gmail.com> writes:
>>
>> > On 6/5/2023 8:13 PM, Vitaly Kuznetsov wrote:
>> >>> @@ -113,6 +114,11 @@ static int hv_cpu_init(unsigned int cpu)
>> >>>
>> >>> }
>> >>> if (!WARN_ON(!(*hvp))) {
>> >>> + if (hv_isolation_type_en_snp()) {
>> >>> + WARN_ON_ONCE(set_memory_decrypted((unsigned long)(*hvp), 1));
>> >>> + memset(*hvp, 0, PAGE_SIZE);
>> >>> + }
>> >> Why do we need to set the page as decrypted here and not when we
>> >> allocate the page (a few lines above)?
>> >
>> > If Linux root partition boots in the SEV-SNP guest, the page still needs
>> > to be decrypted.
>
> We have code in place that prevents this scenario. We don't allow Linux
> in the root partition to run in SEV-SNP mode. See commit f8acb24aaf89.
>
>> >
>>
>> I'd suggest we add a flag to indicate that VP assist page was actually
>> set (on the first invocation of hv_cpu_init() for guest partitions and
>> all invocations for root partition) and only call
>> set_memory_decrypted()/memset() then: that would both help with the
>> potential issue with KVM using enlightened vmcs and avoid the unneeded
>> hypercall.
>>
>
> I think there's actually a more immediate problem with the code as
> written. The VP assist page for a CPU is not re-encrypted or freed when
> a CPU goes offline (for reasons that have been discussed elsewhere). So
> if a CPU in an SEV-SNP VM goes offline and then comes back online, the
> originally allocated and already decrypted VP assist page will be reused.
> But bad things will happen if we try to decrypt the page again.
>
> Given that we disallow the root partition running in SEV-SNP mode,
> can we avoid the complexity of a flag, and just do the decryption and
> zero'ing when the page is allocated?
Sure, makes perfect sense but let's leave a [one line] comment why we
don't do any decryption for root partition then.
--
Vitaly
next prev parent reply other threads:[~2023-06-08 13:45 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-01 15:16 [PATCH 0/9] x86/hyperv: Add AMD sev-snp enlightened guest support on hyperv Tianyu Lan
2023-06-01 15:16 ` [PATCH 1/9] x86/hyperv: Add sev-snp enlightened guest static key Tianyu Lan
2023-06-05 12:09 ` Vitaly Kuznetsov
2023-06-06 13:43 ` Tianyu Lan
2023-07-18 5:52 ` Tianyu Lan
2023-06-08 12:56 ` Michael Kelley (LINUX)
2023-06-08 13:17 ` Tianyu Lan
2023-06-01 15:16 ` [PATCH 2/9] x86/hyperv: Set Virtual Trust Level in VMBus init message Tianyu Lan
2023-06-08 13:06 ` Michael Kelley (LINUX)
2023-06-08 13:21 ` Tianyu Lan
2023-06-01 15:16 ` [PATCH 3/9] x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest Tianyu Lan
2023-06-05 12:13 ` Vitaly Kuznetsov
2023-06-06 15:22 ` Tianyu Lan
2023-06-06 15:49 ` Vitaly Kuznetsov
2023-06-08 13:25 ` Michael Kelley (LINUX)
2023-06-08 13:44 ` Vitaly Kuznetsov [this message]
2023-06-01 15:16 ` [PATCH 4/9] drivers: hv: Mark shared pages " Tianyu Lan
2023-06-05 12:54 ` Vitaly Kuznetsov
2023-06-07 8:16 ` Tianyu Lan
2023-06-08 8:54 ` Vitaly Kuznetsov
2023-06-08 14:21 ` Michael Kelley (LINUX)
2023-06-01 15:16 ` [PATCH 5/9] x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp " Tianyu Lan
2023-06-05 13:00 ` Vitaly Kuznetsov
2023-06-08 13:21 ` Peter Zijlstra
2023-06-08 15:15 ` [EXTERNAL] " Tianyu Lan
2023-06-27 10:57 ` Tianyu Lan
2023-06-27 11:50 ` Peter Zijlstra
2023-06-27 12:05 ` Borislav Petkov
2023-06-27 13:38 ` Peter Zijlstra
2023-06-28 10:53 ` Peter Zijlstra
2023-06-01 15:16 ` [PATCH 6/9] clocksource: hyper-v: Mark hyperv tsc page unencrypted " Tianyu Lan
2023-06-01 15:16 ` [PATCH 7/9] x86/hyperv: Initialize cpu and memory for SEV-SNP " Tianyu Lan
2023-06-08 13:51 ` Michael Kelley (LINUX)
2023-06-09 9:56 ` Jeremi Piotrowski
2023-06-08 14:09 ` Michael Kelley (LINUX)
2023-06-08 15:18 ` Tianyu Lan
2023-06-01 15:16 ` [PATCH 8/9] x86/hyperv: Add smp support for SEV-SNP guest Tianyu Lan
2023-06-01 15:16 ` [PATCH 9/9] x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES Tianyu Lan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y1ku2hms.fsf@redhat.com \
--to=vkuznets@redhat.com \
--cc=Tianyu.Lan@microsoft.com \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=daniel.lezcano@linaro.org \
--cc=dave.hansen@linux.intel.com \
--cc=decui@microsoft.com \
--cc=haiyangz@microsoft.com \
--cc=hpa@zytor.com \
--cc=kys@microsoft.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ltykernel@gmail.com \
--cc=mikelley@microsoft.com \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=wei.liu@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).