[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230320112258.GCZBhCEpNAIk0rUDnx@fat_crate.local>
Date: Mon, 20 Mar 2023 12:22:58 +0100
From: Borislav Petkov <bp@...en8.de>
To: Michael Kelley <mikelley@...rosoft.com>
Cc: hpa@...or.com, kys@...rosoft.com, haiyangz@...rosoft.com,
wei.liu@...nel.org, decui@...rosoft.com, luto@...nel.org,
peterz@...radead.org, davem@...emloft.net, edumazet@...gle.com,
kuba@...nel.org, pabeni@...hat.com, lpieralisi@...nel.org,
robh@...nel.org, kw@...ux.com, bhelgaas@...gle.com, arnd@...db.de,
hch@....de, m.szyprowski@...sung.com, robin.murphy@....com,
thomas.lendacky@....com, brijesh.singh@....com, tglx@...utronix.de,
mingo@...hat.com, dave.hansen@...ux.intel.com,
Tianyu.Lan@...rosoft.com, kirill.shutemov@...ux.intel.com,
sathyanarayanan.kuppuswamy@...ux.intel.com, ak@...ux.intel.com,
isaku.yamahata@...el.com, dan.j.williams@...el.com,
jane.chu@...cle.com, seanjc@...gle.com, tony.luck@...el.com,
x86@...nel.org, linux-kernel@...r.kernel.org,
linux-hyperv@...r.kernel.org, netdev@...r.kernel.org,
linux-pci@...r.kernel.org, linux-arch@...r.kernel.org,
iommu@...ts.linux.dev
Subject: Re: [PATCH v6 06/13] x86/hyperv: Change vTOM handling to use
standard coco mechanisms
On Wed, Mar 08, 2023 at 06:40:07PM -0800, Michael Kelley wrote:
> diff --git a/arch/x86/coco/core.c b/arch/x86/coco/core.c
> index 49b44f8..d1c3306 100644
> --- a/arch/x86/coco/core.c
> +++ b/arch/x86/coco/core.c
> @@ -88,8 +106,6 @@ bool cc_platform_has(enum cc_attr attr)
> return amd_cc_platform_has(attr);
> case CC_VENDOR_INTEL:
> return intel_cc_platform_has(attr);
> - case CC_VENDOR_HYPERV:
> - return hyperv_cc_platform_has(attr);
> default:
> return false;
> }
> @@ -103,11 +119,14 @@ u64 cc_mkenc(u64 val)
> * encryption status of the page.
> *
> * - for AMD, bit *set* means the page is encrypted
> - * - for Intel *clear* means encrypted.
> + * - for AMD with vTOM and for Intel, *clear* means encrypted
> */
> switch (vendor) {
> case CC_VENDOR_AMD:
> - return val | cc_mask;
> + if (sev_status & MSR_AMD64_SNP_VTOM)
> + return val & ~cc_mask;
This is silly. It should simply be:
if (sev_status & MSR_AMD64_SNP_VTOM)
return val;
> + else
> + return val | cc_mask;
> case CC_VENDOR_INTEL:
> return val & ~cc_mask;
> default:
> @@ -120,7 +139,10 @@ u64 cc_mkdec(u64 val)
> /* See comment in cc_mkenc() */
> switch (vendor) {
> case CC_VENDOR_AMD:
> - return val & ~cc_mask;
> + if (sev_status & MSR_AMD64_SNP_VTOM)
> + return val | cc_mask;
So if you set the C-bit, that doesn't make it decrypted on AMD. cc_mask
on VTOM is 0 so why even bother?
Same as the above.
> + else
> + return val & ~cc_mask;
> case CC_VENDOR_INTEL:
> return val | cc_mask;
> default:
...
> +void __init hv_vtom_init(void)
> +{
> + /*
> + * By design, a VM using vTOM doesn't see the SEV setting,
> + * so SEV initialization is bypassed and sev_status isn't set.
> + * Set it here to indicate a vTOM VM.
> + */
This looks like a hack. The SEV status MSR cannot be intercepted so the
guest should see vTOM. How are you running vTOM without setting it even up?!
> + sev_status = MSR_AMD64_SNP_VTOM;
> + cc_set_vendor(CC_VENDOR_AMD);
> + cc_set_mask(ms_hyperv.shared_gpa_boundary);
> + physical_mask &= ms_hyperv.shared_gpa_boundary - 1;
> +
> + x86_platform.hyper.is_private_mmio = hv_is_private_mmio;
> + x86_platform.guest.enc_cache_flush_required = hv_vtom_cache_flush_required;
> + x86_platform.guest.enc_tlb_flush_required = hv_vtom_tlb_flush_required;
> + x86_platform.guest.enc_status_change_finish = hv_vtom_set_host_visibility;
> +}
> +
> +#endif /* CONFIG_AMD_MEM_ENCRYPT */
> +
> /*
> * hv_map_memory - map memory to extra space in the AMD SEV-SNP Isolation VM.
> */
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists