| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Nov 2022 12:49:50 -0600
From: Tom Lendacky <thomas.lendacky@....com>
To: Michael Kelley <mikelley@...rosoft.com>, hpa@...or.com,
kys@...rosoft.com, haiyangz@...rosoft.com, wei.liu@...nel.org,
decui@...rosoft.com, luto@...nel.org, peterz@...radead.org,
davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
pabeni@...hat.com, lpieralisi@...nel.org, robh@...nel.org,
kw@...ux.com, bhelgaas@...gle.com, arnd@...db.de,
hch@...radead.org, m.szyprowski@...sung.com, robin.murphy@....com,
brijesh.singh@....com, tglx@...utronix.de, mingo@...hat.com,
bp@...en8.de, dave.hansen@...ux.intel.com,
Tianyu.Lan@...rosoft.com, kirill.shutemov@...ux.intel.com,
sathyanarayanan.kuppuswamy@...ux.intel.com, ak@...ux.intel.com,
isaku.yamahata@...el.com, dan.j.williams@...el.com,
jane.chu@...cle.com, seanjc@...gle.com, tony.luck@...el.com,
x86@...nel.org, linux-kernel@...r.kernel.org,
linux-hyperv@...r.kernel.org, netdev@...r.kernel.org,
linux-pci@...r.kernel.org, linux-arch@...r.kernel.org,
iommu@...ts.linux.dev
Subject: Re: [PATCH v2 05/12] x86/hyperv: Change vTOM handling to use standard
coco mechanisms
On 11/11/22 00:21, Michael Kelley wrote:
> Hyper-V guests on AMD SEV-SNP hardware have the option of using the
> "virtual Top Of Memory" (vTOM) feature specified by the SEV-SNP
> architecture. With vTOM, shared vs. private memory accesses are
> controlled by splitting the guest physical address space into two
> halves. vTOM is the dividing line where the uppermost bit of the
> physical address space is set; e.g., with 47 bits of guest physical
> address space, vTOM is 0x40000000000 (bit 46 is set). Guest phyiscal
> memory is accessible at two parallel physical addresses -- one below
> vTOM and one above vTOM. Accesses below vTOM are private (encrypted)
> while accesses above vTOM are shared (decrypted). In this sense, vTOM
> is like the GPA.SHARED bit in Intel TDX.
>
> Support for Hyper-V guests using vTOM was added to the Linux kernel in
> two patch sets[1][2]. This support treats the vTOM bit as part of
> the physical address. For accessing shared (decrypted) memory, these
> patch sets create a second kernel virtual mapping that maps to physical
> addresses above vTOM.
>
> A better approach is to treat the vTOM bit as a protection flag, not
> as part of the physical address. This new approach is like the approach
> for the GPA.SHARED bit in Intel TDX. Rather than creating a second kernel
> virtual mapping, the existing mapping is updated using recently added
> coco mechanisms. When memory is changed between private and shared using
> set_memory_decrypted() and set_memory_encrypted(), the PTEs for the
> existing kernel mapping are changed to add or remove the vTOM bit
> in the guest physical address, just as with TDX. The hypercalls to
> change the memory status on the host side are made using the existing
> callback mechanism. Everything just works, with a minor tweak to map
> the I/O APIC to use private accesses.
>
> To accomplish the switch in approach, the following must be done in
> in this single patch:
>
> * Update Hyper-V initialization to set the cc _mask based on vTOM
> and do other coco initialization.
>
> * Update physical_mask so the vTOM bit is no longer treated as part
> of the physical address
>
> * Update cc_mkenc() and cc_mkdec() to be active for Hyper-V guests.
> This makes the vTOM bit part of the protection flags.
>
> * Code already exists to make hypercalls to inform Hyper-V about pages
> changing between shared and private. Update this code to run as a
> callback from __set_memory_enc_pgtable().
>
> * Remove the Hyper-V special case from __set_memory_enc_dec(), and
> make the normal case active for Hyper-V VMs, which have
> CC_ATTR_GUEST_MEM_ENCRYPT, but not CC_ATTR_MEM_ENCRYPT.
>
> [1] https://lore.kernel.org/all/20211025122116.264793-1-ltykernel@gmail.com/
> [2] https://lore.kernel.org/all/20211213071407.314309-1-ltykernel@gmail.com/
>
> Signed-off-by: Michael Kelley <mikelley@...rosoft.com>
> Reviewed-by: Tianyu Lan <Tianyu.Lan@...rosoft.com>
> ---
> arch/x86/coco/core.c | 10 ++++++++-
> arch/x86/hyperv/ivm.c | 45 +++++++++++++++++++++++++++++++----------
> arch/x86/include/asm/mshyperv.h | 8 ++------
> arch/x86/kernel/cpu/mshyperv.c | 15 +++++++-------
> arch/x86/mm/pat/set_memory.c | 6 ++----
> 5 files changed, 54 insertions(+), 30 deletions(-)
>
> diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c
> index 06eb8910..024fbf4 100644
> --- a/arch/x86/mm/pat/set_memory.c
> +++ b/arch/x86/mm/pat/set_memory.c
> @@ -2126,10 +2126,8 @@ static int __set_memory_enc_pgtable(unsigned long addr, int numpages, bool enc)
>
> static int __set_memory_enc_dec(unsigned long addr, int numpages, bool enc)
> {
> - if (hv_is_isolation_supported())
> - return hv_set_mem_host_visibility(addr, numpages, !enc);
> -
> - if (cc_platform_has(CC_ATTR_MEM_ENCRYPT))
> + if (cc_platform_has(CC_ATTR_MEM_ENCRYPT) ||
> + cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
This seems kind of strange since CC_ATTR_MEM_ENCRYPT is supposed to mean
either HOST or GUEST memory encryption, but then you check for GUEST
memory encryption directly. Can your cc_platform_has() support be setup to
handle the CC_ATTR_MEM_ENCRYPT attribute in some way?
Thanks,
Tom
> return __set_memory_enc_pgtable(addr, numpages, enc);
>
> return 0;
Powered by blists - more mailing lists