From: "Michael Kelley (LINUX)" <mikelley@microsoft.com>
To: Tianyu Lan <ltykernel@gmail.com>,
"luto@kernel.org" <luto@kernel.org>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"mingo@redhat.com" <mingo@redhat.com>,
"bp@alien8.de" <bp@alien8.de>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"x86@kernel.org" <x86@kernel.org>,
"hpa@zytor.com" <hpa@zytor.com>,
"seanjc@google.com" <seanjc@google.com>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"jgross@suse.com" <jgross@suse.com>,
Tianyu Lan <Tianyu.Lan@microsoft.com>,
"kirill@shutemov.name" <kirill@shutemov.name>,
"jiangshan.ljs@antgroup.com" <jiangshan.ljs@antgroup.com>,
"peterz@infradead.org" <peterz@infradead.org>,
"ashish.kalra@amd.com" <ashish.kalra@amd.com>,
"srutherford@google.com" <srutherford@google.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"anshuman.khandual@arm.com" <anshuman.khandual@arm.com>,
"pawan.kumar.gupta@linux.intel.com"
<pawan.kumar.gupta@linux.intel.com>,
"adrian.hunter@intel.com" <adrian.hunter@intel.com>,
"daniel.sneddon@linux.intel.com" <daniel.sneddon@linux.intel.com>,
"alexander.shishkin@linux.intel.com"
<alexander.shishkin@linux.intel.com>,
"sandipan.das@amd.com" <sandipan.das@amd.com>,
"ray.huang@amd.com" <ray.huang@amd.com>,
"brijesh.singh@amd.com" <brijesh.singh@amd.com>,
"michael.roth@amd.com" <michael.roth@amd.com>,
"thomas.lendacky@amd.com" <thomas.lendacky@amd.com>,
"venu.busireddy@oracle.com" <venu.busireddy@oracle.com>,
"sterritt@google.com" <sterritt@google.com>,
"tony.luck@intel.com" <tony.luck@intel.com>,
"samitolvanen@google.com" <samitolvanen@google.com>,
"fenghua.yu@intel.com" <fenghua.yu@intel.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"linux-hyperv@vger.kernel.org" <linux-hyperv@vger.kernel.org>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>
Subject: RE: [RFC PATCH V2 08/18] x86/hyperv: decrypt vmbus pages for sev-snp enlightened guest
Date: Tue, 13 Dec 2022 18:08:07 +0000 [thread overview]
Message-ID: <BYAPR21MB168838758CAA630B55E73DB2D7E39@BYAPR21MB1688.namprd21.prod.outlook.com> (raw)
In-Reply-To: <20221119034633.1728632-9-ltykernel@gmail.com>
From: Tianyu Lan <ltykernel@gmail.com> Sent: Friday, November 18, 2022 7:46 PM
>
The Subject prefix for this patch should be "Drivers: hv: vmbus:"
> Vmbus int, synic and post message pages are shared with hypervisor
> and so decrypt these pages in the sev-snp guest.
>
> Signed-off-by: Tianyu Lan <tiala@microsoft.com>
> ---
> drivers/hv/connection.c | 13 +++++++++++++
> drivers/hv/hv.c | 32 +++++++++++++++++++++++++++++++-
> 2 files changed, 44 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c
> index 9dc27e5d367a..43141225ea15 100644
> --- a/drivers/hv/connection.c
> +++ b/drivers/hv/connection.c
> @@ -215,6 +215,15 @@ int vmbus_connect(void)
> (void *)((unsigned long)vmbus_connection.int_page +
> (HV_HYP_PAGE_SIZE >> 1));
>
> + if (hv_isolation_type_snp() || hv_isolation_type_en_snp()) {
This decryption should be done only for a fully enlightened SEV-SNP
guest, not for a vTOM guest.
> + ret = set_memory_decrypted((unsigned long)
> + vmbus_connection.int_page, 1);
> + if (ret)
> + goto cleanup;
This cleanup path doesn't work correctly. It calls
vmbus_disconnect(), which will try to re-encrypt the memory.
But if the original decryption failed, re-encrypting is the wrong
thing to do.
It looks like this same bug exists in current code if the decryption
of the monitor pages fails or if just one of the original memory
allocations fails. vmbus_disconnect() doesn't know whether it
should re-encrypt the pages.
> +
> + memset(vmbus_connection.int_page, 0, PAGE_SIZE);
> + }
> +
> /*
> * Setup the monitor notification facility. The 1st page for
> * parent->child and the 2nd page for child->parent
> @@ -372,6 +381,10 @@ void vmbus_disconnect(void)
> destroy_workqueue(vmbus_connection.work_queue);
>
> if (vmbus_connection.int_page) {
> + if (hv_isolation_type_en_snp())
> + set_memory_encrypted((unsigned long)
> + vmbus_connection.int_page, 1);
> +
> hv_free_hyperv_page((unsigned long)vmbus_connection.int_page);
> vmbus_connection.int_page = NULL;
> }
> diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
> index 4d6480d57546..f9111eb32739 100644
> --- a/drivers/hv/hv.c
> +++ b/drivers/hv/hv.c
> @@ -20,6 +20,7 @@
> #include <linux/interrupt.h>
> #include <clocksource/hyperv_timer.h>
> #include <asm/mshyperv.h>
> +#include <linux/set_memory.h>
> #include "hyperv_vmbus.h"
>
> /* The one and only */
> @@ -117,7 +118,7 @@ int hv_post_message(union hv_connection_id connection_id,
>
> int hv_synic_alloc(void)
> {
> - int cpu;
> + int cpu, ret;
> struct hv_per_cpu_context *hv_cpu;
>
> /*
> @@ -168,6 +169,29 @@ int hv_synic_alloc(void)
> pr_err("Unable to allocate post msg page\n");
> goto err;
> }
> +
> + if (hv_isolation_type_en_snp()) {
> + ret = set_memory_decrypted((unsigned long)
> + hv_cpu->synic_message_page, 1);
> + ret |= set_memory_decrypted((unsigned long)
> + hv_cpu->synic_event_page, 1);
> + ret |= set_memory_decrypted((unsigned long)
> + hv_cpu->post_msg_page, 1);
> +
> + if (ret) {
> + set_memory_encrypted((unsigned long)
> + hv_cpu->synic_message_page, 1);
> + set_memory_encrypted((unsigned long)
> + hv_cpu->synic_event_page, 1);
> + set_memory_encrypted((unsigned long)
> + hv_cpu->post_msg_page, 1);
> + goto err;
Same kind of cleanup problem here. Some of the memory may have
been decrypted, but some may not have. Re-encrypting all three pages
risks re-encrypting a page that failed to be decrypted, and that might
cause problems.
> + }
> +
> + memset(hv_cpu->synic_message_page, 0, PAGE_SIZE);
> + memset(hv_cpu->synic_event_page, 0, PAGE_SIZE);
> + memset(hv_cpu->post_msg_page, 0, PAGE_SIZE);
> + }
> }
>
> return 0;
> @@ -188,6 +212,12 @@ void hv_synic_free(void)
> struct hv_per_cpu_context *hv_cpu
> = per_cpu_ptr(hv_context.cpu_context, cpu);
>
> + if (hv_isolation_type_en_snp()) {
> + set_memory_encrypted((unsigned long)hv_cpu->synic_message_page, 1);
> + set_memory_encrypted((unsigned long)hv_cpu->synic_event_page, 1);
> + set_memory_encrypted((unsigned long)hv_cpu->post_msg_page, 1);
This cleanup doesn't always work correctly. There are multiple memory
allocations in hv_synic_alloc(). If some succeeded, but some failed, then
might get here with some memory that was allocated but not decrypted.
Trying to re-encrypt that memory before freeing it could cause problems.
> + }
> +
> free_page((unsigned long)hv_cpu->synic_event_page);
> free_page((unsigned long)hv_cpu->synic_message_page);
> free_page((unsigned long)hv_cpu->post_msg_page);
> --
> 2.25.1
next prev parent reply other threads:[~2022-12-13 18:08 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-19 3:46 [RFC PATCH V2 00/18] x86/hyperv/sev: Add AMD sev-snp enlightened guest support on hyperv Tianyu Lan
2022-11-19 3:46 ` [RFC PATCH V2 01/18] x86/sev: Pvalidate memory gab for decompressing kernel Tianyu Lan
2022-11-29 12:56 ` Borislav Petkov
2022-11-29 14:42 ` Tianyu Lan
2022-11-29 15:22 ` Borislav Petkov
2022-12-28 19:15 ` Michael Kelley (LINUX)
2022-12-06 9:16 ` Gupta, Pankaj
2022-12-08 13:04 ` Tianyu Lan
2022-11-19 3:46 ` [RFC PATCH V2 02/18] x86/hyperv: Add sev-snp enlightened guest specific config Tianyu Lan
2022-12-12 17:56 ` Michael Kelley (LINUX)
2022-12-13 9:58 ` Tianyu Lan
2022-11-19 3:46 ` [RFC PATCH V2 03/18] x86/hyperv: apic change for sev-snp enlightened guest Tianyu Lan
2022-12-12 19:00 ` Michael Kelley (LINUX)
2022-11-19 3:46 ` [RFC PATCH V2 04/18] x86/hyperv: Decrypt hv vp assist page in " Tianyu Lan
2022-12-12 19:41 ` Michael Kelley (LINUX)
2022-12-13 15:21 ` Tianyu Lan
2022-11-19 3:46 ` [RFC PATCH V2 05/18] x86/hyperv: Get Virtual Trust Level via hvcall Tianyu Lan
2022-12-12 23:41 ` Michael Kelley (LINUX)
2022-11-19 3:46 ` [RFC PATCH V2 06/18] x86/hyperv: Use vmmcall to implement hvcall in sev-snp enlightened guest Tianyu Lan
2022-12-13 17:19 ` Michael Kelley (LINUX)
2022-12-14 16:02 ` Tianyu Lan
2023-01-09 7:24 ` Dexuan Cui
2022-11-19 3:46 ` [RFC PATCH V2 07/18] clocksource: hyper-v: decrypt hyperv tsc page " Tianyu Lan
2022-12-13 17:30 ` Michael Kelley (LINUX)
2022-12-14 16:05 ` Tianyu Lan
2022-11-19 3:46 ` [RFC PATCH V2 08/18] x86/hyperv: decrypt vmbus pages for " Tianyu Lan
2022-12-13 18:08 ` Michael Kelley (LINUX) [this message]
2022-12-26 4:19 ` Tianyu Lan
2022-11-19 3:46 ` [RFC PATCH V2 09/18] x86/hyperv: set target vtl in the vmbus init message Tianyu Lan
2022-12-14 18:12 ` Michael Kelley (LINUX)
2022-11-19 3:46 ` [RFC PATCH V2 10/18] drivers: hv: Decrypt percpu hvcall input arg page in sev-snp enlightened guest Tianyu Lan
2022-12-08 21:52 ` Dexuan Cui
2022-12-09 2:26 ` Tianyu Lan
2022-12-14 18:16 ` Michael Kelley (LINUX)
2022-12-26 7:26 ` Tianyu Lan
2022-11-19 3:46 ` [RFC PATCH V2 11/18] Drivers: hv: vmbus: Decrypt vmbus ring buffer Tianyu Lan
2022-12-14 18:25 ` Michael Kelley (LINUX)
2022-12-26 7:59 ` Tianyu Lan
2022-11-19 3:46 ` [RFC PATCH V2 12/18] x86/hyperv: Initialize cpu and memory for sev-snp enlightened guest Tianyu Lan
2022-12-28 17:07 ` Michael Kelley (LINUX)
2022-11-19 3:46 ` [RFC PATCH V2 13/18] x86/hyperv: Add smp support for sev-snp guest Tianyu Lan
2022-12-28 18:14 ` Michael Kelley (LINUX)
2022-11-19 3:46 ` [RFC PATCH V2 14/18] x86/hyperv: Add hyperv-specific hadling for VMMCALL under SEV-ES Tianyu Lan
2022-11-19 3:46 ` [RFC PATCH V2 15/18] x86/sev: Add a #HV exception handler Tianyu Lan
2023-01-10 12:47 ` Gupta, Pankaj
2023-01-10 13:43 ` Tianyu Lan
2023-01-12 7:43 ` Gupta, Pankaj
2022-11-19 3:46 ` [RFC PATCH V2 16/18] x86/sev: Initialize #HV doorbell and handle interrupt requests Tianyu Lan
2022-11-21 15:05 ` Kalra, Ashish
2022-11-22 13:46 ` Tianyu Lan
2022-11-22 19:17 ` Kalra, Ashish
2022-11-23 18:36 ` Tom Lendacky
2022-11-25 3:36 ` Tianyu Lan
2022-11-25 11:49 ` Christophe de Dinechin
2022-11-28 5:47 ` Tianyu Lan
2022-12-07 14:13 ` Gupta, Pankaj
2022-12-08 14:21 ` Tianyu Lan
2022-12-08 14:36 ` Gupta, Pankaj
2022-12-08 11:47 ` Gupta, Pankaj
2022-12-08 14:25 ` Tianyu Lan
2022-11-19 3:46 ` [RFC PATCH V2 17/18] x86/sev: optimize system vector processing invoked from #HV exception Tianyu Lan
2022-11-19 3:46 ` [RFC PATCH V2 18/18] x86/sev: Fix interrupt exit code paths " Tianyu Lan
2022-12-13 7:37 ` Gupta, Pankaj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BYAPR21MB168838758CAA630B55E73DB2D7E39@BYAPR21MB1688.namprd21.prod.outlook.com \
--to=mikelley@microsoft.com \
--cc=Tianyu.Lan@microsoft.com \
--cc=adrian.hunter@intel.com \
--cc=akpm@linux-foundation.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=anshuman.khandual@arm.com \
--cc=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=daniel.sneddon@linux.intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=fenghua.yu@intel.com \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=jiangshan.ljs@antgroup.com \
--cc=kirill@shutemov.name \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ltykernel@gmail.com \
--cc=luto@kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=ray.huang@amd.com \
--cc=samitolvanen@google.com \
--cc=sandipan.das@amd.com \
--cc=seanjc@google.com \
--cc=srutherford@google.com \
--cc=sterritt@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=tony.luck@intel.com \
--cc=venu.busireddy@oracle.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).