Re: [PATCH] x86/sev-es: Expose __sev_es_ghcb_hv_call() to call ghcb hv call out of sev code

From: Tianyu Lan <ltykernel@gmail.com>
To: Tom Lendacky <thomas.lendacky@amd.com>, Borislav Petkov <bp@alien8.de>
Cc: Tianyu Lan <Tianyu.Lan@microsoft.com>,
	kys@microsoft.com, haiyangz@microsoft.com,
	sthemmin@microsoft.com, wei.liu@kernel.org, decui@microsoft.com,
	tglx@linutronix.de, mingo@redhat.com, x86@kernel.org,
	hpa@zytor.com, dave.hansen@linux.intel.com, luto@kernel.org,
	peterz@infradead.org, davem@davemloft.net, kuba@kernel.org,
	gregkh@linuxfoundation.org, arnd@arndb.de, jroedel@suse.de,
	brijesh.singh@amd.com, pgonda@google.com,
	akpm@linux-foundation.org, kirill.shutemov@linux.intel.com,
	rppt@kernel.org, tj@kernel.org, aneesh.kumar@linux.ibm.com,
	saravanand@fb.com, hannes@cmpxchg.org, rientjes@google.com,
	michael.h.kelley@microsoft.com, linux-arch@vger.kernel.org,
	linux-hyperv@vger.kernel.org, linux-kernel@vger.kernel.org,
	netdev@vger.kernel.org, vkuznets@redhat.com,
	konrad.wilk@oracle.com, hch@lst.de, robin.murphy@arm.com,
	joro@8bytes.org, parri.andrea@gmail.com, dave.hansen@intel.com
Subject: Re: [PATCH] x86/sev-es: Expose __sev_es_ghcb_hv_call() to call ghcb hv call out of sev code
Date: Wed, 20 Oct 2021 22:23:06 +0800	[thread overview]
Message-ID: <32336f13-fa66-670d-0ea3-7822bd5b829b@gmail.com> (raw)
In-Reply-To: <62ffaeb4-1940-4934-2c39-b8283d402924@amd.com>

On 10/20/2021 9:56 PM, Tom Lendacky wrote:
> On 10/20/21 8:39 AM, Borislav Petkov wrote:
>> On Wed, Oct 20, 2021 at 08:39:59PM +0800, Tianyu Lan wrote:
>>> Hyper-V runs paravisor in guest VMPL0 which emulates some functions
>>> (e.g, timer, tsc, serial console and so on) via handling VC exception.
>>> GHCB pages are allocated and set up by the paravisor and report to Linux
>>> guest via MSR register.Hyper-V SEV implementation is unenlightened guest
>>> case which doesn't Linux doesn't handle VC and paravisor in the VMPL0
>>> handle it.
>>
>> Aha, unenlightened.
>>
>> So why don't you export the original function by doing this (only
>> partial diff to show intent only):

This follows Joreg's previous comment and I implemented similar version 
in the V! patchset([PATCH 05/13] HV: Add Write/Read MSR registers via 
ghcb page https://lkml.org/lkml/2021/7/28/668).
"Instead, factor out a helper function which contains what Hyper-V needs 
and use that in sev_es_ghcb_hv_call() and Hyper-V code."

https://lkml.org/lkml/2021/8/2/375

>>
>> ---
>> diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c
>> index f1d513897baf..bfe82f58508f 100644
>> --- a/arch/x86/kernel/sev-shared.c
>> +++ b/arch/x86/kernel/sev-shared.c
>> @@ -125,7 +125,7 @@ static enum es_result verify_exception_info(struct 
>> ghcb *ghcb, struct es_em_ctxt
>>       return ES_VMM_ERROR;
>>   }
>> -static enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb,
>> +static enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb, bool 
>> set_ghcb_msr,
>>                         struct es_em_ctxt *ctxt,
>>                         u64 exit_code, u64 exit_info_1,
>>                         u64 exit_info_2)
>> @@ -138,7 +138,14 @@ static enum es_result sev_es_ghcb_hv_call(struct 
>> ghcb *ghcb,
>>       ghcb_set_sw_exit_info_1(ghcb, exit_info_1);
>>       ghcb_set_sw_exit_info_2(ghcb, exit_info_2);
>> -    sev_es_wr_ghcb_msr(__pa(ghcb));
>> +    /*
>> +     * Hyper-V unenlightened guests use a paravisor for communicating 
>> and
>> +     * GHCB pages are being allocated by that paravisor which uses a
>> +     * different MSR and protocol.
> 
> Just to clarify the comment, the paravisor uses the same GHCB MSR and 
> GHCB protocol, it just can't use __pa() to get the address of the GHCB. 
> So I expect that the Hyper-V support sets the address properly before 
> calling this function.
> 
> Thanks,
> Tom
> 
>> +     */
>> +    if (set_ghcb_msr)
>> +        sev_es_wr_ghcb_msr(__pa(ghcb));
>> +
>>       VMGEXIT();
>>       return verify_exception_info(ghcb, ctxt);
>>
>>