lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5a0b9de8-e133-c17b-bc0d-93bfb593c48f@gmail.com>
Date:   Wed, 13 Oct 2021 22:24:30 +0800
From:   Tianyu Lan <ltykernel@...il.com>
To:     Borislav Petkov <bp@...en8.de>
Cc:     Tom Lendacky <thomas.lendacky@....com>, linux-arch@...r.kernel.org,
        linux-hyperv@...r.kernel.org, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org, vkuznets@...hat.com,
        konrad.wilk@...cle.com, hch@....de, robin.murphy@....com,
        joro@...tes.org, parri.andrea@...il.com, dave.hansen@...el.com,
        Hikys@...rosoft.com, haiyangz@...rosoft.com,
        sthemmin@...rosoft.com, wei.liu@...nel.org, decui@...rosoft.com,
        tglx@...utronix.de, mingo@...hat.com, x86@...nel.org,
        hpa@...or.com, dave.hansen@...ux.intel.com, luto@...nel.org,
        peterz@...radead.org, davem@...emloft.net, kuba@...nel.org,
        gregkh@...uxfoundation.org, arnd@...db.de, jroedel@...e.de,
        brijesh.singh@....com, Tianyu.Lan@...rosoft.com, pgonda@...gle.com,
        akpm@...ux-foundation.org, kirill.shutemov@...ux.intel.com,
        rppt@...nel.org, tj@...nel.org, aneesh.kumar@...ux.ibm.com,
        saravanand@...com, hannes@...xchg.org, rientjes@...gle.com,
        michael.h.kelley@...rosoft.com
Subject: Re: [PATCH V7 5/9] x86/sev-es: Expose __sev_es_ghcb_hv_call() to call
 ghcb hv call out of sev code

On 10/12/2021 1:22 AM, Borislav Petkov wrote:
> On Mon, Oct 11, 2021 at 10:42:18PM +0800, Tianyu Lan wrote:
>> Hi @Tom and Borislav:
>>       Please have a look at this patch. If it's ok, could you give your ack.
> 
> I needed to do some cleanups in that area first:
> 
> https://lore.kernel.org/r/YWRwxImd9Qcls/Yy@zn.tnic
> 
> Can you redo yours ontop so that you can show what exactly you need
> exported for HyperV?
> 
> Thx.

Hi Borislav :
	Please check whether the following change based on you patch is
ok for you.
---
x86/sev-es: Expose __sev_es_ghcb_hv_call() to call ghcb hv call out of 
sev code

     Hyper-V also needs to call ghcb hv call to write/read MSR in 
Isolation VM.
     So expose __sev_es_ghcb_hv_call() to call it in the Hyper-V code.

     Signed-off-by: Tianyu Lan <Tianyu.Lan@...rosoft.com>

diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index fa5cd05d3b5b..295c847c3cd4 100644
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -81,12 +81,23 @@ static __always_inline void sev_es_nmi_complete(void)
                 __sev_es_nmi_complete();
  }
  extern int __init sev_es_efi_map_ghcbs(pgd_t *pgd);
+extern enum es_result __sev_es_ghcb_hv_call(struct ghcb *ghcb,
+                                           struct es_em_ctxt *ctxt,
+                                           u64 exit_code, u64 exit_info_1,
+                                           u64 exit_info_2);
  #else
  static inline void sev_es_ist_enter(struct pt_regs *regs) { }
  static inline void sev_es_ist_exit(void) { }
  static inline int sev_es_setup_ap_jump_table(struct real_mode_header 
*rmh) { return 0; }
  static inline void sev_es_nmi_complete(void) { }
  static inline int sev_es_efi_map_ghcbs(pgd_t *pgd) { return 0; }
+static inline enum es_result
+__sev_es_ghcb_hv_call(struct ghcb *ghcb,
+                     u64 exit_code, u64 exit_info_1,
+                     u64 exit_info_2)
+{
+       return ES_VMM_ERROR;
+}
  #endif

  #endif
diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c
index ea9abd69237e..08c97cb057fa 100644
--- a/arch/x86/kernel/sev-shared.c
+++ b/arch/x86/kernel/sev-shared.c
@@ -124,10 +124,14 @@ static enum es_result verify_exception_info(struct 
ghcb *ghcb, struct es_em_ctxt
         return ES_VMM_ERROR;
  }

-static enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb,
-                                         struct es_em_ctxt *ctxt,
-                                         u64 exit_code, u64 exit_info_1,
-                                         u64 exit_info_2)
+/*
+ * __sev_es_ghcb_hv_call() is also used in the other platform code(e.g
+ * Hyper-V).
+ */
+enum es_result __sev_es_ghcb_hv_call(struct ghcb *ghcb,
+                                    struct es_em_ctxt *ctxt,
+                                    u64 exit_code, u64 exit_info_1,
+                                    u64 exit_info_2)
  {
         /* Fill in protocol and format specifiers */
         ghcb->protocol_version = GHCB_PROTOCOL_MAX;
@@ -137,12 +141,22 @@ static enum es_result sev_es_ghcb_hv_call(struct 
ghcb *ghcb,
         ghcb_set_sw_exit_info_1(ghcb, exit_info_1);
         ghcb_set_sw_exit_info_2(ghcb, exit_info_2);

-       sev_es_wr_ghcb_msr(__pa(ghcb));
         VMGEXIT();

         return verify_exception_info(ghcb, ctxt);
  }

+static enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb,
+                                         struct es_em_ctxt *ctxt,
+                                         u64 exit_code, u64 exit_info_1,
+                                         u64 exit_info_2)
+{
+       sev_es_wr_ghcb_msr(__pa(ghcb));
+
+       return __sev_es_ghcb_hv_call(ghcb, ctxt, exit_code, exit_info_1,
+                                    exit_info_2);
+}
+
  /*
   * Boot VC Handler - This is the first VC handler during boot, there 
is no GHCB
   * page yet, so it only supports the MSR based communication with the
(END)


Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ