From: Tianyu Lan <ltykernel@gmail.com>
To: "Michael Kelley (LINUX)" <mikelley@microsoft.com>,
KY Srinivasan <kys@microsoft.com>,
Haiyang Zhang <haiyangz@microsoft.com>,
Stephen Hemminger <sthemmin@microsoft.com>,
"wei.liu@kernel.org" <wei.liu@kernel.org>,
Dexuan Cui <decui@microsoft.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"mingo@redhat.com" <mingo@redhat.com>,
"bp@alien8.de" <bp@alien8.de>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"x86@kernel.org" <x86@kernel.org>,
"hpa@zytor.com" <hpa@zytor.com>,
"davem@davemloft.net" <davem@davemloft.net>,
"kuba@kernel.org" <kuba@kernel.org>,
"jejb@linux.ibm.com" <jejb@linux.ibm.com>,
"martin.petersen@oracle.com" <martin.petersen@oracle.com>,
"arnd@arndb.de" <arnd@arndb.de>,
"hch@infradead.org" <hch@infradead.org>,
"m.szyprowski@samsung.com" <m.szyprowski@samsung.com>,
"robin.murphy@arm.com" <robin.murphy@arm.com>,
Tianyu Lan <Tianyu.Lan@microsoft.com>,
"thomas.lendacky@amd.com" <thomas.lendacky@amd.com>
Cc: "iommu@lists.linux-foundation.org"
<iommu@lists.linux-foundation.org>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
"linux-hyperv@vger.kernel.org" <linux-hyperv@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
vkuznets <vkuznets@redhat.com>,
"brijesh.singh@amd.com" <brijesh.singh@amd.com>,
"konrad.wilk@oracle.com" <konrad.wilk@oracle.com>,
"hch@lst.de" <hch@lst.de>, "joro@8bytes.org" <joro@8bytes.org>,
"parri.andrea@gmail.com" <parri.andrea@gmail.com>,
"dave.hansen@intel.com" <dave.hansen@intel.com>
Subject: Re: [PATCH V6 2/5] x86/hyper-v: Add hyperv Isolation VM check in the cc_platform_has()
Date: Fri, 10 Dec 2021 19:26:40 +0800 [thread overview]
Message-ID: <e4125f7b-fdd9-dc0d-63d0-93d841dbb3c3@gmail.com> (raw)
In-Reply-To: <MWHPR21MB1593F014EC440F5DEDCFDDFFD7709@MWHPR21MB1593.namprd21.prod.outlook.com>
On 12/10/2021 4:38 AM, Michael Kelley (LINUX) wrote:
> From: Tianyu Lan <ltykernel@gmail.com> Sent: Monday, December 6, 2021 11:56 PM
>>
>> Hyper-V provides Isolation VM which has memory encrypt support. Add
>> hyperv_cc_platform_has() and return true for check of GUEST_MEM_ENCRYPT
>> attribute.
>>
>> Signed-off-by: Tianyu Lan <Tianyu.Lan@microsoft.com>
>> ---
>> Change since v3:
>> * Change code style of checking GUEST_MEM attribute in the
>> hyperv_cc_platform_has().
>> ---
>> arch/x86/kernel/cc_platform.c | 8 ++++++++
>> 1 file changed, 8 insertions(+)
>>
>> diff --git a/arch/x86/kernel/cc_platform.c b/arch/x86/kernel/cc_platform.c
>> index 03bb2f343ddb..47db88c275d5 100644
>> --- a/arch/x86/kernel/cc_platform.c
>> +++ b/arch/x86/kernel/cc_platform.c
>> @@ -11,6 +11,7 @@
>> #include <linux/cc_platform.h>
>> #include <linux/mem_encrypt.h>
>>
>> +#include <asm/mshyperv.h>
>> #include <asm/processor.h>
>>
>> static bool __maybe_unused intel_cc_platform_has(enum cc_attr attr)
>> @@ -58,9 +59,16 @@ static bool amd_cc_platform_has(enum cc_attr attr)
>> #endif
>> }
>>
>> +static bool hyperv_cc_platform_has(enum cc_attr attr)
>> +{
>> + return attr == CC_ATTR_GUEST_MEM_ENCRYPT;
>> +}
>>
>> bool cc_platform_has(enum cc_attr attr)
>> {
>> + if (hv_is_isolation_supported())
>> + return hyperv_cc_platform_has(attr);
>> +
>> if (sme_me_mask)
>> return amd_cc_platform_has(attr);
>>
>
> Throughout Linux kernel code, there are about 20 calls to cc_platform_has()
> with CC_ATTR_GUEST_MEM_ENCRYPT as the argument. The original code
> (from v1 of this patch set) only dealt with the call in sev_setup_arch(). But
> with this patch, all the other calls that previously returned "false" will now
> return "true" in a Hyper-V Isolated VM. I didn't try to analyze all these other
> calls, so I think there's an open question about whether this is the behavior
> we want.
>
CC_ATTR_GUEST_MEM_ENCRYPT is for SEV support so far. Hyper-V Isolation
VM is based on SEV or software memory encrypt. Most checks can be
reused. The difference is that SEV code use encrypt bit in the page
table to encrypt and decrypt memory while Hyper-V uses vTOM. But the sev
memory encrypt mask "sme_me_mask" is unset in the Hyper-V Isolation VM
where claims sev and sme are unsupported. The rest of checks for mem enc
bit are still safe. So reuse CC_ATTR_GUEST_MEM_ENCRYPT for Hyper-V.
next prev parent reply other threads:[~2021-12-10 11:26 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-07 7:55 [PATCH V6 0/5] x86/Hyper-V: Add Hyper-V Isolation VM support(Second part) Tianyu Lan
2021-12-07 7:55 ` [PATCH V6 1/5] swiotlb: Add swiotlb bounce buffer remap function for HV IVM Tianyu Lan
2021-12-07 7:55 ` [PATCH V6 2/5] x86/hyper-v: Add hyperv Isolation VM check in the cc_platform_has() Tianyu Lan
2021-12-07 9:47 ` Borislav Petkov
2021-12-07 11:18 ` Tianyu Lan
2021-12-08 14:52 ` [PATCH V6.1] " Tianyu Lan
2021-12-08 15:12 ` Tianyu Lan
2021-12-09 20:38 ` [PATCH V6 2/5] " Michael Kelley (LINUX)
2021-12-10 11:26 ` Tianyu Lan [this message]
2021-12-07 7:55 ` [PATCH V6 3/5] hyper-v: Enable swiotlb bounce buffer for Isolation VM Tianyu Lan
2021-12-09 20:09 ` Michael Kelley (LINUX)
2021-12-10 13:25 ` Tianyu Lan
2021-12-10 14:01 ` Tianyu Lan
2021-12-07 7:56 ` [PATCH V6 4/5] scsi: storvsc: Add Isolation VM support for storvsc driver Tianyu Lan
2021-12-09 8:00 ` Long Li
2021-12-09 11:17 ` Tianyu Lan
2021-12-07 7:56 ` [PATCH V6 5/5] net: netvsc: Add Isolation VM support for netvsc driver Tianyu Lan
2021-12-08 20:14 ` Haiyang Zhang
2021-12-09 8:08 ` Tianyu Lan
2021-12-09 19:54 ` Michael Kelley (LINUX)
2021-12-09 20:40 ` Haiyang Zhang
-- strict thread matches above, loose matches on Subject: below --
2021-12-07 7:19 [PATCH V6 0/5] x86/Hyper-V: Add Hyper-V Isolation VM support(Second part) Tianyu Lan
2021-12-07 7:19 ` [PATCH V6 2/5] x86/hyper-v: Add hyperv Isolation VM check in the cc_platform_has() Tianyu Lan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e4125f7b-fdd9-dc0d-63d0-93d841dbb3c3@gmail.com \
--to=ltykernel@gmail.com \
--cc=Tianyu.Lan@microsoft.com \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=decui@microsoft.com \
--cc=haiyangz@microsoft.com \
--cc=hch@infradead.org \
--cc=hch@lst.de \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=jejb@linux.ibm.com \
--cc=joro@8bytes.org \
--cc=konrad.wilk@oracle.com \
--cc=kuba@kernel.org \
--cc=kys@microsoft.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=martin.petersen@oracle.com \
--cc=mikelley@microsoft.com \
--cc=mingo@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=parri.andrea@gmail.com \
--cc=robin.murphy@arm.com \
--cc=sthemmin@microsoft.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=vkuznets@redhat.com \
--cc=wei.liu@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).