Re: [PATCH] x86/sev-es: Expose __sev_es_ghcb_hv_call() to call ghcb hv call out of sev code

From: Tianyu Lan
Date: Wed Oct 20 2021 - 11:09:19 EST

Next message: Rob Herring: "Re: [PATCH v4 2/4] dt-bindings: mfd: sprd: Add bindings for ums512 global registers"
Previous message: Roberto Sassu: "RE: [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature"
In reply to: Borislav Petkov: "Re: [PATCH] x86/sev-es: Expose __sev_es_ghcb_hv_call() to call ghcb hv call out of sev code"
Next in thread: Borislav Petkov: "Re: [PATCH] x86/sev-es: Expose __sev_es_ghcb_hv_call() to call ghcb hv call out of sev code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/20/2021 10:39 PM, Borislav Petkov wrote:

On Wed, Oct 20, 2021 at 10:23:06PM +0800, Tianyu Lan wrote:

This follows Joreg's previous comment and I implemented similar version in
the V! patchset([PATCH 05/13] HV: Add Write/Read MSR registers via ghcb page
https://lkml.org/lkml/2021/7/28/668).
"Instead, factor out a helper function which contains what Hyper-V needs and
use that in sev_es_ghcb_hv_call() and Hyper-V code."

https://lkml.org/lkml/2021/8/2/375

If you wanna point to mails on a mailing list, you simply do

https://lore.kernel.org/r/<Message-id>

No need to use some random, unreliable web pages.

OK. Thanks for suggestion.

As to Joerg's suggestion, in the version I'm seeing, you're checking the
*context* - and the one you sent today, avoids the __pa(ghcb) MSR write.

So which is it?

Because your current version will look at the context too, see

return verify_exception_info(ghcb, ctxt);

at the end of the function.

Both old and new patches are to avoid setting GHCB page address via MSR.
Paravisor is in charge of doing that and un-enlightened guest should not change it. The old one was in the patchset v1 "x86/Hyper-V: Add Hyper-V
Isolation VM support". The patch I sent today is based on your clean up patch and for review first. It should be in patchset "x86/Hyper-V: Add Hyper-V Isolation VM support."

So is the issue what Tom said that "the paravisor uses the same GHCB MSR
and GHCB protocol, it just can't use __pa() to get the address of the
GHCB."?

Yes, hyper-V enables vTOM in the CVM and GHCB page PA reported by paravisor contains vTOM bit. We need to use memremap() to map ghcb page before accessing GHCB page. __pa() doesn't work for PA with vTOM bit.
Otherwise, guest should not set GHCB page address and avoid conflict with paravisor.

If that is the case and the only thing you want is to avoid the GHCB PA
write, then, in the future, we might drop that MSR write altogether on
the enlightened Linux guests too and then the same function will be used
by your paravisor and the Linux guest.

Yes, this is the target of the patch. Can we put the change in the Hyper-V patchset? Other patch has been fully reviewed.

Thanks.

Next message: Rob Herring: "Re: [PATCH v4 2/4] dt-bindings: mfd: sprd: Add bindings for ums512 global registers"
Previous message: Roberto Sassu: "RE: [RFC PATCH v7 12/16] fsverity|security: add security hooks to fsverity digest and signature"
In reply to: Borislav Petkov: "Re: [PATCH] x86/sev-es: Expose __sev_es_ghcb_hv_call() to call ghcb hv call out of sev code"
Next in thread: Borislav Petkov: "Re: [PATCH] x86/sev-es: Expose __sev_es_ghcb_hv_call() to call ghcb hv call out of sev code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]