Re: [PATCH 1/4] x86/hyperv: Add missing ARCH_HAS_CC_PLATFORM dependency

From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Tianyu Lan <ltykernel@gmail.com>
Cc: Borislav Petkov <bp@alien8.de>, Wei Liu <wei.liu@kernel.org>,
	tglx@linutronix.de, mingo@redhat.com, dave.hansen@intel.com,
	luto@kernel.org, peterz@infradead.org,
	sathyanarayanan.kuppuswamy@linux.intel.com, aarcange@redhat.com,
	ak@linux.intel.com, dan.j.williams@intel.com, david@redhat.com,
	hpa@zytor.com, jmattson@google.com, seanjc@google.com,
	thomas.lendacky@amd.com, brijesh.singh@amd.com, x86@kernel.org,
	linux-kernel@vger.kernel.org,
	"K. Y. Srinivasan" <kys@microsoft.com>,
	Haiyang Zhang <haiyangz@microsoft.com>,
	Stephen Hemminger <sthemmin@microsoft.com>,
	Dexuan Cui <decui@microsoft.com>,
	Tianyu Lan <Tianyu.Lan@microsoft.com>
Subject: Re: [PATCH 1/4] x86/hyperv: Add missing ARCH_HAS_CC_PLATFORM dependency
Date: Wed, 23 Feb 2022 18:46:27 +0300	[thread overview]
Message-ID: <20220223154627.mssem3vgqdw6eecn@black.fi.intel.com> (raw)
In-Reply-To: <a34587e5-a144-c4a5-56f0-235da22ebce5@gmail.com>

On Wed, Feb 23, 2022 at 10:09:19PM +0800, Tianyu Lan wrote:
> 
> 
> On 2/23/2022 7:47 PM, Kirill A. Shutemov wrote:
> > On Wed, Feb 23, 2022 at 07:02:49PM +0800, Tianyu Lan wrote:
> > > On 2/23/2022 6:56 PM, Borislav Petkov wrote:
> > > > On Wed, Feb 23, 2022 at 06:43:40PM +0800, Tianyu Lan wrote:
> > > > > Hyper-V code check cpuid during runtime and there is no Hyper-V
> > > > > isolation VM option.
> > > > 
> > > > So how does "Current Hyper-V Isolation VM requires AMD_MEM_ENCRYPT" work
> > > > exactly?
> > > > 
> > > > Please explain in detail and not in piecemeal sentences.
> > > > 
> > > The kernel in the image needs to select AMD_MEM_ENCRYPT option
> > > otherwise the kernel can't boot up due to missing SEV support and
> > > sev_es_ghcb_hv_call() always return error.
> > 
> > If kernel boots under SEV, doesn't it mean we have 'sme_me_mask'
> > initialized? If it is non zero hv_is_isolation_supported() check in
> > cc_platform_has() has zero effect as it checked after 'sme_me_mask'.
> > 
> > I still have no idea what is going on.
> > 
> > How SEV related to HyperV isolation? How detection happens? Could you
> > give full picture?
> > 
> 
> Hi Kriil:
>      Current Hyper-V Isolation VM is unenlightened VM design. Hyper-V hides
> SEV capability from Linux guest and expose Hyper-V cpuid to show Hyper-V
> isolation VM capability. So sme_me_mask is zero in this case because SEV
> capability cpuid returns not-support.
>      Hyper-V Isolation VM code uses some SEV API sev_es_ghcb_hv_call() to
> share code and so it's necessary to select AMD_MEM_ENCRYPT option for
> Hyper-V Isolation VM.

Borislav, let's drop 1/4 and fold following fixup in 3/4.

diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
index c1c0123859b9..f9df31421d8c 100644
--- a/arch/x86/kernel/cpu/mshyperv.c
+++ b/arch/x86/kernel/cpu/mshyperv.c
@@ -345,7 +345,8 @@ static void __init ms_hyperv_init_platform(void)
 		 */
 		swiotlb_force = SWIOTLB_FORCE;
 #endif
-		if (hv_get_isolation_type() != HV_ISOLATION_TYPE_NONE)
+		if (hv_get_isolation_type() != HV_ISOLATION_TYPE_NONE &&
+		    IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT))
 			cc_set_vendor(CC_VENDOR_HYPERV);
 	}
 
-- 
 Kirill A. Shutemov
