lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 21 Nov 2022 16:32:02 -0800
From:   Sathyanarayanan Kuppuswamy 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>
To:     Dexuan Cui <decui@...rosoft.com>, ak@...ux.intel.com,
        arnd@...db.de, bp@...en8.de, brijesh.singh@....com,
        dan.j.williams@...el.com, dave.hansen@...ux.intel.com,
        haiyangz@...rosoft.com, hpa@...or.com, jane.chu@...cle.com,
        kirill.shutemov@...ux.intel.com, kys@...rosoft.com,
        linux-arch@...r.kernel.org, linux-hyperv@...r.kernel.org,
        luto@...nel.org, mingo@...hat.com, peterz@...radead.org,
        rostedt@...dmis.org, seanjc@...gle.com, tglx@...utronix.de,
        tony.luck@...el.com, wei.liu@...nel.org, x86@...nel.org
Cc:     linux-kernel@...r.kernel.org
Subject: Re: [PATCH 4/6] x86/hyperv: Add hv_isolation_type_tdx() to detect TDX
 guests



On 11/21/22 11:51 AM, Dexuan Cui wrote:
> No logic change to SNP/VBS guests.

Add some info on how and where you are going to use this function.

> 
> Signed-off-by: Dexuan Cui <decui@...rosoft.com>
> ---
>  arch/x86/hyperv/ivm.c              |  7 +++++++
>  arch/x86/include/asm/hyperv-tlfs.h |  3 ++-
>  arch/x86/include/asm/mshyperv.h    |  3 +++
>  arch/x86/kernel/cpu/mshyperv.c     | 18 ++++++++++++++++--
>  drivers/hv/hv_common.c             |  6 ++++++
>  5 files changed, 34 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/x86/hyperv/ivm.c b/arch/x86/hyperv/ivm.c
> index 1dbcbd9da74d..0c219f163f71 100644
> --- a/arch/x86/hyperv/ivm.c
> +++ b/arch/x86/hyperv/ivm.c
> @@ -269,6 +269,13 @@ bool hv_isolation_type_snp(void)
>  	return static_branch_unlikely(&isolation_type_snp);
>  }
>  
> +DEFINE_STATIC_KEY_FALSE(isolation_type_tdx);
> +
> +bool hv_isolation_type_tdx(void)
> +{
> +	return static_branch_unlikely(&isolation_type_tdx);
> +}

Does it need #ifdef CONFIG_INTEL_TDX_GUEST? If not TDX, you can
live with weak reference.

> +
>  /*
>   * hv_mark_gpa_visibility - Set pages visible to host via hvcall.
>   *
> diff --git a/arch/x86/include/asm/hyperv-tlfs.h b/arch/x86/include/asm/hyperv-tlfs.h
> index 6d9368ea3701..6c0a04d078f5 100644
> --- a/arch/x86/include/asm/hyperv-tlfs.h
> +++ b/arch/x86/include/asm/hyperv-tlfs.h
> @@ -161,7 +161,8 @@
>  enum hv_isolation_type {
>  	HV_ISOLATION_TYPE_NONE	= 0,
>  	HV_ISOLATION_TYPE_VBS	= 1,
> -	HV_ISOLATION_TYPE_SNP	= 2
> +	HV_ISOLATION_TYPE_SNP	= 2,
> +	HV_ISOLATION_TYPE_TDX	= 3
>  };
>  
>  /* Hyper-V specific model specific registers (MSRs) */
> diff --git a/arch/x86/include/asm/mshyperv.h b/arch/x86/include/asm/mshyperv.h
> index fc09b6739922..9d593ab2be26 100644
> --- a/arch/x86/include/asm/mshyperv.h
> +++ b/arch/x86/include/asm/mshyperv.h
> @@ -14,6 +14,7 @@
>  union hv_ghcb;
>  
>  DECLARE_STATIC_KEY_FALSE(isolation_type_snp);
> +DECLARE_STATIC_KEY_FALSE(isolation_type_tdx);
>  
>  typedef int (*hyperv_fill_flush_list_func)(
>  		struct hv_guest_mapping_flush_list *flush,
> @@ -32,6 +33,8 @@ extern u64 hv_current_partition_id;
>  
>  extern union hv_ghcb * __percpu *hv_ghcb_pg;
>  
> +extern bool hv_isolation_type_tdx(void);
> +
>  int hv_call_deposit_pages(int node, u64 partition_id, u32 num_pages);
>  int hv_call_add_logical_proc(int node, u32 lp_index, u32 acpi_id);
>  int hv_call_create_vp(int node, u64 partition_id, u32 vp_index, u32 flags);
> diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
> index 831613959a92..9ad0b0abf0e0 100644
> --- a/arch/x86/kernel/cpu/mshyperv.c
> +++ b/arch/x86/kernel/cpu/mshyperv.c
> @@ -338,9 +338,23 @@ static void __init ms_hyperv_init_platform(void)
>  #endif
>  		}
>  		/* Isolation VMs are unenlightened SEV-based VMs, thus this check: */
> -		if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT)) {
> -			if (hv_get_isolation_type() != HV_ISOLATION_TYPE_NONE)
> +		if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT) ||
> +		    IS_ENABLED(CONFIG_INTEL_TDX_GUEST)) {
> +
> +			switch (hv_get_isolation_type()) {
> +			case HV_ISOLATION_TYPE_VBS:
> +			case HV_ISOLATION_TYPE_SNP:
>  				cc_set_vendor(CC_VENDOR_HYPERV);
> +				break;
> +
> +			case HV_ISOLATION_TYPE_TDX:
> +				static_branch_enable(&isolation_type_tdx);
> +				break;
> +

It is not clear why you need special handling for TDX?

> +			default:
> +				WARN_ON(1);
> +				break;
> +			}
>  		}
>  	}
>  
> diff --git a/drivers/hv/hv_common.c b/drivers/hv/hv_common.c
> index ae68298c0dca..a9a03ab04b97 100644
> --- a/drivers/hv/hv_common.c
> +++ b/drivers/hv/hv_common.c
> @@ -268,6 +268,12 @@ bool __weak hv_isolation_type_snp(void)
>  }
>  EXPORT_SYMBOL_GPL(hv_isolation_type_snp);
>  
> +bool __weak hv_isolation_type_tdx(void)
> +{
> +	return false;
> +}
> +EXPORT_SYMBOL_GPL(hv_isolation_type_tdx);
> +
>  void __weak hv_setup_vmbus_handler(void (*handler)(void))
>  {
>  }

-- 
Sathyanarayanan Kuppuswamy
Linux Kernel Developer

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ