| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a28c5655-8d7a-0fe2-2759-cc69ebbe0a3a@amd.com>
Date: Mon, 1 May 2023 11:05:55 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: Tianyu Lan <ltykernel@...il.com>, luto@...nel.org,
tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com,
seanjc@...gle.com, pbonzini@...hat.com, jgross@...e.com,
tiala@...rosoft.com, kirill@...temov.name,
jiangshan.ljs@...group.com, peterz@...radead.org,
ashish.kalra@....com, srutherford@...gle.com,
akpm@...ux-foundation.org, anshuman.khandual@....com,
pawan.kumar.gupta@...ux.intel.com, adrian.hunter@...el.com,
daniel.sneddon@...ux.intel.com, alexander.shishkin@...ux.intel.com,
sandipan.das@....com, ray.huang@....com, brijesh.singh@....com,
michael.roth@....com, venu.busireddy@...cle.com,
sterritt@...gle.com, tony.luck@...el.com, samitolvanen@...gle.com,
fenghua.yu@...el.com
Cc: pangupta@....com, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org, linux-hyperv@...r.kernel.org,
linux-arch@...r.kernel.org
Subject: Re: [RFC PATCH V5 00/15] x86/hyperv/sev: Add AMD sev-snp enlightened
guest support on hyperv
On 5/1/23 03:57, Tianyu Lan wrote:
> From: Tianyu Lan <tiala@...rosoft.com>
>
> This patchset is to add AMD sev-snp enlightened guest
> support on hyperv. Hyperv uses Linux direct boot mode
> to boot up Linux kernel and so it needs to pvalidate
> system memory by itself.
>
> In hyperv case, there is no boot loader and so cc blob
> is prepared by hypervisor. In this series, hypervisor
> set the cc blob address directly into boot parameter
> of Linux kernel.
>
> Shared memory between guests and hypervisor should be
> decrypted and zero memory after decrypt memory. The data
> in the target address. It maybe smearedto avoid smearing
> data.
>
> Introduce #HV exception support in AMD sev snp code and
> #HV handler.
For bisectability, shouldn't the #HV patches be in place before the
enlightened SNP support is added, e.g., AP's are launched with the
restricted injection enabled (even though the BSP will also have that), so
that things don't crash right away?
Thanks,
Tom
>
> Change since v4:
> - Use pgcount to free intput arg page.
> - Fix encrypt and free page order.
> - struct_size to calculate array size
> - Share asm code between #HV and #VC exception.
>
> Change since v3:
> - Replace struct sev_es_save_area with struct vmcb_save_area
> - Move smp, cpu and memory enumerating code from mshyperv.c to ivm.c
> - Handle nested entry case of do_exc_hv() case.
> - Check NMI event when irq is disabled
>
> Change since v2:
> - Remove validate kernel memory code at boot stage
> - Split #HV page patch into two parts
> - Remove HV-APIC change due to enable x2apic from
> host side
> - Rework vmbus code to handle error of decrypt page
> - Spilt memory and cpu initialization patch.
> Change since v1:
> - Remove boot param changes for cc blob address and
> use setup head to pass cc blob info
> - Remove unnessary WARN and BUG check
> - Add system vector table map in the #HV exception
> - Fix interrupt exit issue when use #HV exception
>
> Ashish Kalra (2):
> x86/sev: optimize system vector processing invoked from #HV exception
> x86/sev: Fix interrupt exit code paths from #HV exception
>
> Tianyu Lan (13):
> x86/hyperv: Add sev-snp enlightened guest static key
> x86/hyperv: Decrypt hv vp assist page in sev-snp enlightened guest
> x86/hyperv: Set Virtual Trust Level in VMBus init message
> x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp
> enlightened guest
> clocksource/drivers/hyper-v: decrypt hyperv tsc page in sev-snp
> enlightened guest
> hv: vmbus: decrypt VMBus pages for sev-snp enlightened guest
> drivers: hv: Decrypt percpu hvcall input arg page in sev-snp
> enlightened guest
> x86/hyperv: Initialize cpu and memory for sev-snp enlightened guest
> x86/hyperv: Add smp support for sev-snp guest
> x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES
> x86/sev: Add a #HV exception handler
> x86/sev: Add Check of #HV event in path
> x86/sev: Add AMD sev-snp enlightened guest support on hyperv
>
> arch/x86/entry/entry_64.S | 46 ++-
> arch/x86/hyperv/hv_init.c | 42 +++
> arch/x86/hyperv/ivm.c | 186 ++++++++++++
> arch/x86/include/asm/cpu_entry_area.h | 6 +
> arch/x86/include/asm/hyperv-tlfs.h | 7 +
> arch/x86/include/asm/idtentry.h | 106 ++++++-
> arch/x86/include/asm/irqflags.h | 14 +-
> arch/x86/include/asm/mem_encrypt.h | 2 +
> arch/x86/include/asm/mshyperv.h | 82 +++++-
> arch/x86/include/asm/page_64_types.h | 1 +
> arch/x86/include/asm/sev.h | 13 +
> arch/x86/include/asm/svm.h | 15 +-
> arch/x86/include/asm/trapnr.h | 1 +
> arch/x86/include/asm/traps.h | 1 +
> arch/x86/include/uapi/asm/svm.h | 4 +
> arch/x86/kernel/cpu/common.c | 1 +
> arch/x86/kernel/cpu/mshyperv.c | 42 ++-
> arch/x86/kernel/dumpstack_64.c | 9 +-
> arch/x86/kernel/idt.c | 1 +
> arch/x86/kernel/sev.c | 408 ++++++++++++++++++++++----
> arch/x86/kernel/traps.c | 42 +++
> arch/x86/kernel/vmlinux.lds.S | 7 +
> arch/x86/mm/cpu_entry_area.c | 2 +
> drivers/clocksource/hyperv_timer.c | 2 +-
> drivers/hv/connection.c | 1 +
> drivers/hv/hv.c | 41 ++-
> drivers/hv/hv_common.c | 27 +-
> include/asm-generic/hyperv-tlfs.h | 19 ++
> include/asm-generic/mshyperv.h | 1 +
> include/linux/hyperv.h | 4 +-
> 30 files changed, 1047 insertions(+), 86 deletions(-)
>
Powered by blists - more mailing lists