Message ID | 1666288635-72591-3-git-send-email-mikelley@microsoft.com (mailing list archive) |
---|---|
State | Not Applicable |
Headers | show |
Series | Add PCI pass-thru support to Hyper-V Confidential VMs | expand |
Context | Check | Description |
---|---|---|
netdev/tree_selection | success | Not a local patch |
On Thu, Oct 20, 2022 at 10:57:05AM -0700, Michael Kelley wrote: > Current code always maps the IOAPIC as shared (decrypted) in a > confidential VM. But Hyper-V guest VMs on AMD SEV-SNP with vTOM > enabled use a paravisor running in VMPL0 to emulate the IOAPIC. > In such a case, the IOAPIC must be accessed as private (encrypted). > > Fix this by gating the IOAPIC decrypted mapping on a new > cc_platform_has() attribute that a subsequent patch in the series > will set only for Hyper-V guests. The new attribute is named > somewhat generically because similar paravisor emulation cases > may arise in the future. > > Signed-off-by: Michael Kelley <mikelley@microsoft.com> Reviewed-by: Wei Liu <wei.liu@kernel.org> > --- > arch/x86/kernel/apic/io_apic.c | 3 ++- > include/linux/cc_platform.h | 13 +++++++++++++ > 2 files changed, 15 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c > index a868b76..d2c1bf7 100644 > --- a/arch/x86/kernel/apic/io_apic.c > +++ b/arch/x86/kernel/apic/io_apic.c > @@ -2686,7 +2686,8 @@ static void io_apic_set_fixmap(enum fixed_addresses idx, phys_addr_t phys) > * Ensure fixmaps for IOAPIC MMIO respect memory encryption pgprot > * bits, just like normal ioremap(): > */ > - flags = pgprot_decrypted(flags); > + if (!cc_platform_has(CC_ATTR_HAS_PARAVISOR)) > + flags = pgprot_decrypted(flags); > > __set_fixmap(idx, phys, flags); > } > diff --git a/include/linux/cc_platform.h b/include/linux/cc_platform.h > index cb0d6cd..b6c4a79 100644 > --- a/include/linux/cc_platform.h > +++ b/include/linux/cc_platform.h > @@ -90,6 +90,19 @@ enum cc_attr { > * Examples include TDX Guest. > */ > CC_ATTR_HOTPLUG_DISABLED, > + > + /** > + * @CC_ATTR_HAS_PARAVISOR: Guest VM is running with a paravisor > + * > + * The platform/OS is running as a guest/virtual machine with > + * a paravisor in VMPL0. Having a paravisor affects things > + * like whether the I/O APIC is emulated and operates in the > + * encrypted or decrypted portion of the guest physical address > + * space. > + * > + * Examples include Hyper-V SEV-SNP guests using vTOM. > + */ > + CC_ATTR_HAS_PARAVISOR, > }; > > #ifdef CONFIG_ARCH_HAS_CC_PLATFORM > -- > 1.8.3.1 >
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c index a868b76..d2c1bf7 100644 --- a/arch/x86/kernel/apic/io_apic.c +++ b/arch/x86/kernel/apic/io_apic.c @@ -2686,7 +2686,8 @@ static void io_apic_set_fixmap(enum fixed_addresses idx, phys_addr_t phys) * Ensure fixmaps for IOAPIC MMIO respect memory encryption pgprot * bits, just like normal ioremap(): */ - flags = pgprot_decrypted(flags); + if (!cc_platform_has(CC_ATTR_HAS_PARAVISOR)) + flags = pgprot_decrypted(flags); __set_fixmap(idx, phys, flags); } diff --git a/include/linux/cc_platform.h b/include/linux/cc_platform.h index cb0d6cd..b6c4a79 100644 --- a/include/linux/cc_platform.h +++ b/include/linux/cc_platform.h @@ -90,6 +90,19 @@ enum cc_attr { * Examples include TDX Guest. */ CC_ATTR_HOTPLUG_DISABLED, + + /** + * @CC_ATTR_HAS_PARAVISOR: Guest VM is running with a paravisor + * + * The platform/OS is running as a guest/virtual machine with + * a paravisor in VMPL0. Having a paravisor affects things + * like whether the I/O APIC is emulated and operates in the + * encrypted or decrypted portion of the guest physical address + * space. + * + * Examples include Hyper-V SEV-SNP guests using vTOM. + */ + CC_ATTR_HAS_PARAVISOR, }; #ifdef CONFIG_ARCH_HAS_CC_PLATFORM
Current code always maps the IOAPIC as shared (decrypted) in a confidential VM. But Hyper-V guest VMs on AMD SEV-SNP with vTOM enabled use a paravisor running in VMPL0 to emulate the IOAPIC. In such a case, the IOAPIC must be accessed as private (encrypted). Fix this by gating the IOAPIC decrypted mapping on a new cc_platform_has() attribute that a subsequent patch in the series will set only for Hyper-V guests. The new attribute is named somewhat generically because similar paravisor emulation cases may arise in the future. Signed-off-by: Michael Kelley <mikelley@microsoft.com> --- arch/x86/kernel/apic/io_apic.c | 3 ++- include/linux/cc_platform.h | 13 +++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-)