Re: [PATCH] x86/sev-es: Expose __sev_es_ghcb_hv_call() to call ghcb hv call out of sev code

From: Tianyu Lan <ltykernel@gmail.com>
To: Borislav Petkov <bp@alien8.de>
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
	Tianyu Lan <Tianyu.Lan@microsoft.com>,
	kys@microsoft.com, haiyangz@microsoft.com,
	sthemmin@microsoft.com, wei.liu@kernel.org, decui@microsoft.com,
	tglx@linutronix.de, mingo@redhat.com, x86@kernel.org,
	hpa@zytor.com, dave.hansen@linux.intel.com, luto@kernel.org,
	peterz@infradead.org, davem@davemloft.net, kuba@kernel.org,
	gregkh@linuxfoundation.org, arnd@arndb.de, jroedel@suse.de,
	brijesh.singh@amd.com, pgonda@google.com,
	akpm@linux-foundation.org, kirill.shutemov@linux.intel.com,
	rppt@kernel.org, tj@kernel.org, aneesh.kumar@linux.ibm.com,
	saravanand@fb.com, hannes@cmpxchg.org, rientjes@google.com,
	michael.h.kelley@microsoft.com, linux-arch@vger.kernel.org,
	linux-hyperv@vger.kernel.org, linux-kernel@vger.kernel.org,
	netdev@vger.kernel.org, vkuznets@redhat.com,
	konrad.wilk@oracle.com, hch@lst.de, robin.murphy@arm.com,
	joro@8bytes.org, parri.andrea@gmail.com, dave.hansen@intel.com
Subject: Re: [PATCH] x86/sev-es: Expose __sev_es_ghcb_hv_call() to call ghcb hv call out of sev code
Date: Wed, 20 Oct 2021 23:09:03 +0800	[thread overview]
Message-ID: <7bab8b73-e276-c23c-7a0a-2a6280e8a7d9@gmail.com> (raw)
In-Reply-To: <YXAqBOGdK91ieVIT@zn.tnic>

On 10/20/2021 10:39 PM, Borislav Petkov wrote:
> On Wed, Oct 20, 2021 at 10:23:06PM +0800, Tianyu Lan wrote:
>> This follows Joreg's previous comment and I implemented similar version in
>> the V! patchset([PATCH 05/13] HV: Add Write/Read MSR registers via ghcb page
>> https://lkml.org/lkml/2021/7/28/668).
>> "Instead, factor out a helper function which contains what Hyper-V needs and
>> use that in sev_es_ghcb_hv_call() and Hyper-V code."
>>
>> https://lkml.org/lkml/2021/8/2/375
> 
> If you wanna point to mails on a mailing list, you simply do
> 
> https://lore.kernel.org/r/<Message-id>
> 
> No need to use some random, unreliable web pages.

OK. Thanks for suggestion.

> 
> As to Joerg's suggestion, in the version I'm seeing, you're checking the
> *context* - and the one you sent today, avoids the __pa(ghcb) MSR write.
> 
> So which is it?
> 
> Because your current version will look at the context too, see
> 
> 	return verify_exception_info(ghcb, ctxt);
> 
> at the end of the function.
Both old and new patches are to avoid setting GHCB page address via MSR.
Paravisor is in charge of doing that and un-enlightened guest should not 
change it. The old one was in the patchset v1 "x86/Hyper-V: Add Hyper-V
Isolation VM support". The patch I sent today is based on your clean up 
patch and for review first. It should be in patchset "x86/Hyper-V: Add 
Hyper-V Isolation VM support."

> 
> So is the issue what Tom said that "the paravisor uses the same GHCB MSR
> and GHCB protocol, it just can't use __pa() to get the address of the
> GHCB."?

Yes, hyper-V enables vTOM in the CVM and GHCB page PA reported by 
paravisor contains vTOM bit. We need to use memremap() to map ghcb page 
before accessing GHCB page. __pa() doesn't work for PA with vTOM bit.
Otherwise, guest should not set GHCB page address and avoid conflict 
with paravisor.

> 
> If that is the case and the only thing you want is to avoid the GHCB PA
> write, then, in the future, we might drop that MSR write altogether on
> the enlightened Linux guests too and then the same function will be used
> by your paravisor and the Linux guest.

Yes, this is the target of the patch. Can we put the change in the 
Hyper-V patchset? Other patch has been fully reviewed.

Thanks.