lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240726225910.1912537-1-romank@linux.microsoft.com>
Date: Fri, 26 Jul 2024 15:59:03 -0700
From: Roman Kisel <romank@...ux.microsoft.com>
To: arnd@...db.de,
	bhelgaas@...gle.com,
	bp@...en8.de,
	catalin.marinas@....com,
	dave.hansen@...ux.intel.com,
	decui@...rosoft.com,
	haiyangz@...rosoft.com,
	hpa@...or.com,
	kw@...ux.com,
	kys@...rosoft.com,
	lenb@...nel.org,
	lpieralisi@...nel.org,
	mingo@...hat.com,
	rafael@...nel.org,
	robh@...nel.org,
	tglx@...utronix.de,
	wei.liu@...nel.org,
	will@...nel.org,
	linux-acpi@...r.kernel.org,
	linux-arch@...r.kernel.org,
	linux-arm-kernel@...ts.infradead.org,
	linux-hyperv@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	linux-pci@...r.kernel.org,
	x86@...nel.org
Cc: apais@...rosoft.com,
	benhill@...rosoft.com,
	ssengar@...rosoft.com,
	sunilmut@...rosoft.com,
	vdso@...bites.dev
Subject: [PATCH v3 0/7] arm64: hyperv: Support Virtual Trust Level Boot

This patch set enables the Hyper-V code to boot on ARM64 inside a Virtual Trust
Level. These levels are a part of the Virtual Secure Mode documented in the
Top-Level Functional Specification available at
https://learn.microsoft.com/en-us/virtualization/hyper-v-on-windows/tlfs/vsm

[V3]
    - Employed the SMC recently implemented in the Microsoft Hyper-V hypervisor
      to detect running on Hyper-V/arm64. No dependence on ACPI/DT is needed
      anymore although the source code still falls back to ACPI as the new
      hypervisor might be available only in the Windows Insiders channel just
      yet.
    - As a part of the above, refactored detecting the hypervisor via ACPI FADT.
    - There was a suggestion to explore whether it is feasible or not to express
      that ACPI must be absent for the VTL mode and present for the regular guests
      in the Hyper-V Kconfig file.
      My current conclusion is that this will require refactoring in many places.
      That becomes especially convoluted on x86_64 due to the MSI and APIC
      dependencies. I'd ask to let us tackle that in another patch series (or chalk
      up to nice-have's rather than fires to put out) to separate concerns and
      decrease chances of breakage.
    - While refactoring `get_vtl(void)` and the related code, fixed the hypercall
      output address not to overlap with the input as the Hyper-V TLFS mandates:
      "The input and output parameter lists cannot overlap or cross page boundaries."
      See https://learn.microsoft.com/en-us/virtualization/hyper-v-on-windows/tlfs/hypercall-interface
      for more.
      Some might argue that should've been a topic for a separate patch series;
      I'd counter that the change is well-contained (one line), has no dependencies,
      and makes the code legal.
    - Made the VTL boot code (c)leaner as was suggested.
    - Set DMA cache coherency for the VMBus.
    - Updated DT bindings in the VMBus documentation (separated out into a new patch).
    - Fixed `vmbus_set_irq` to use the API that works both for the ACPI and OF.
    - Reworked setting up the vPCI MSI IRQ domain in the non-ACPI case. The logic
      looks a bit fiddly/ad-hoc as I couldn't find the API that would fit the bill.
      Added comments to explain myself.

[V2]
    https://lore.kernel.org/all/20240514224508.212318-1-romank@linux.microsoft.com/
    - Decreased number of #ifdef's
    - Updated the wording in the commit messages to adhere to the guidlines
    - Sending to the correct set of maintainers and mail lists

[V1]
    https://lore.kernel.org/all/20240510160602.1311352-1-romank@linux.microsoft.com/

For validation, I built kernels for the arch'es in question with the small initrd
embedded into the kernel and booted the Hyper-V VMs off of that.

Roman Kisel (7):
  arm64: hyperv: Use SMC to detect hypervisor presence
  Drivers: hv: Enable VTL mode for arm64
  Drivers: hv: Provide arch-neutral implementation of get_vtl()
  arm64: hyperv: Boot in a Virtual Trust Level
  dt-bindings: bus: Add Hyper-V VMBus cache coherency and IRQs
  Drivers: hv: vmbus: Get the IRQ number from DT
  PCI: hv: Get vPCI MSI IRQ domain from DT

 .../bindings/bus/microsoft,vmbus.yaml         | 11 +++
 arch/arm64/hyperv/Makefile                    |  1 +
 arch/arm64/hyperv/hv_vtl.c                    | 13 ++++
 arch/arm64/hyperv/mshyperv.c                  | 40 +++++++++--
 arch/arm64/include/asm/mshyperv.h             | 12 ++++
 arch/x86/hyperv/hv_init.c                     | 34 ---------
 arch/x86/include/asm/hyperv-tlfs.h            |  7 --
 drivers/hv/Kconfig                            |  6 +-
 drivers/hv/hv_common.c                        | 47 +++++++++++-
 drivers/hv/vmbus_drv.c                        | 72 ++++++++++++++++---
 drivers/pci/controller/pci-hyperv.c           | 55 +++++++++++++-
 include/asm-generic/hyperv-tlfs.h             |  7 ++
 include/asm-generic/mshyperv.h                |  6 ++
 include/linux/hyperv.h                        |  2 +
 14 files changed, 251 insertions(+), 62 deletions(-)
 create mode 100644 arch/arm64/hyperv/hv_vtl.c


base-commit: 831bcbcead6668ebf20b64fdb27518f1362ace3a
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ