[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BYAPR21MB16885201D61623BB10FC3781D7FE9@BYAPR21MB1688.namprd21.prod.outlook.com>
Date: Mon, 9 Jan 2023 19:35:58 +0000
From: "Michael Kelley (LINUX)" <mikelley@...rosoft.com>
To: Borislav Petkov <bp@...en8.de>,
"wei.liu@...nel.org" <wei.liu@...nel.org>
CC: "hpa@...or.com" <hpa@...or.com>, KY Srinivasan <kys@...rosoft.com>,
Haiyang Zhang <haiyangz@...rosoft.com>,
Dexuan Cui <decui@...rosoft.com>,
"luto@...nel.org" <luto@...nel.org>,
"peterz@...radead.org" <peterz@...radead.org>,
"davem@...emloft.net" <davem@...emloft.net>,
"edumazet@...gle.com" <edumazet@...gle.com>,
"kuba@...nel.org" <kuba@...nel.org>,
"pabeni@...hat.com" <pabeni@...hat.com>,
"lpieralisi@...nel.org" <lpieralisi@...nel.org>,
"robh@...nel.org" <robh@...nel.org>, "kw@...ux.com" <kw@...ux.com>,
"bhelgaas@...gle.com" <bhelgaas@...gle.com>,
"arnd@...db.de" <arnd@...db.de>,
"hch@...radead.org" <hch@...radead.org>,
"m.szyprowski@...sung.com" <m.szyprowski@...sung.com>,
"robin.murphy@....com" <robin.murphy@....com>,
"thomas.lendacky@....com" <thomas.lendacky@....com>,
"brijesh.singh@....com" <brijesh.singh@....com>,
"tglx@...utronix.de" <tglx@...utronix.de>,
"mingo@...hat.com" <mingo@...hat.com>,
"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
Tianyu Lan <Tianyu.Lan@...rosoft.com>,
"kirill.shutemov@...ux.intel.com" <kirill.shutemov@...ux.intel.com>,
"sathyanarayanan.kuppuswamy@...ux.intel.com"
<sathyanarayanan.kuppuswamy@...ux.intel.com>,
"ak@...ux.intel.com" <ak@...ux.intel.com>,
"isaku.yamahata@...el.com" <isaku.yamahata@...el.com>,
"dan.j.williams@...el.com" <dan.j.williams@...el.com>,
"jane.chu@...cle.com" <jane.chu@...cle.com>,
"seanjc@...gle.com" <seanjc@...gle.com>,
"tony.luck@...el.com" <tony.luck@...el.com>,
"x86@...nel.org" <x86@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-hyperv@...r.kernel.org" <linux-hyperv@...r.kernel.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"linux-pci@...r.kernel.org" <linux-pci@...r.kernel.org>,
"linux-arch@...r.kernel.org" <linux-arch@...r.kernel.org>,
"iommu@...ts.linux.dev" <iommu@...ts.linux.dev>
Subject: RE: [Patch v4 00/13] Add PCI pass-thru support to Hyper-V
Confidential VMs
From: Borislav Petkov <bp@...en8.de> Sent: Monday, January 9, 2023 10:47 AM
>
> On Thu, Dec 01, 2022 at 07:30:18PM -0800, Michael Kelley wrote:
> > This patch series adds support for PCI pass-thru devices to Hyper-V
> > Confidential VMs (also called "Isolation VMs"). But in preparation, it
> > first changes how private (encrypted) vs. shared (decrypted) memory is
> > handled in Hyper-V SEV-SNP guest VMs. The new approach builds on the
> > confidential computing (coco) mechanisms introduced in the 5.19 kernel
> > for TDX support and significantly reduces the amount of Hyper-V specific
> > code. Furthermore, with this new approach a proposed RFC patch set for
> > generic DMA layer functionality[1] is no longer necessary.
>
> In any case, this is starting to get ready - how do we merge this?
>
> I apply the x86 bits and give Wei an immutable branch to add the rest of the
> HyperV stuff ontop?
>
> --
> Regards/Gruss,
> Boris.
>
I'll let Wei respond on handling the merging.
I'll spin a v5 in a few days. Changes will be:
* Address your comments
* Use PAGE_KERNEL in the arch independent Hyper-V code instead of
PAGE_KERNEL_NOENC. PAGE_KERNEL_NOENC doesn't exist for ARM64, so
it causes compile errors when building for ARM64. Using PAGE_KERNEL means
getting sme_me_mask when on x86, but that value will be zero for vTOM VMs.
* Fix a problem with the virtual TPM device getting mapped decrypted. Like
the IOAPIC, the vTPM is provided by the paravisor, and needs to be mapped
encrypted. My thinking is to allow hypervisor initialization code to specify
a guest physical address range to be treated as encrypted, and add a check against
that range in __ioremap_check_other(), similar to what is done for EFI memory.
Thoughts? I don't want to change the vTPM driver, and the devm_* interfaces
it uses don't provide an option to map encrypted anyway. But I'm open to
other ideas.
Thanks for the review!
Michael
Powered by blists - more mailing lists