Re: [PATCH] x86/sev-es: Expose __sev_es_ghcb_hv_call() to call ghcb hv call out of sev code

From: Tianyu Lan
Date: Wed Oct 20 2021 - 08:40:34 EST

Next message: Michal Hocko: "Re: [PATCH memcg 2/3] memcg: remove charge forcinig for dying tasks"
Previous message: Neil Armstrong: "[PATCH v3 6/6] drm/meson: encoder_cvbs: switch to bridge with ATTACH_NO_CONNECTOR"
In reply to: Borislav Petkov: "Re: [PATCH] x86/sev-es: Expose __sev_es_ghcb_hv_call() to call ghcb hv call out of sev code"
Next in thread: Borislav Petkov: "Re: [PATCH] x86/sev-es: Expose __sev_es_ghcb_hv_call() to call ghcb hv call out of sev code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/20/2021 5:59 PM, Borislav Petkov wrote:

On Wed, Oct 20, 2021 at 02:23:16AM -0400, Tianyu Lan wrote:

From: Tianyu Lan <Tianyu.Lan@xxxxxxxxxxxxx>

Hyper-V also needs to call ghcb hv call to write/read MSR in Isolation VM.
So expose __sev_es_ghcb_hv_call() to call it in the Hyper-V code.

Signed-off-by: Tianyu Lan <Tianyu.Lan@xxxxxxxxxxxxx>
---
arch/x86/include/asm/sev.h | 11 +++++++++++
arch/x86/kernel/sev-shared.c | 24 +++++++++++++++++++-----
2 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index fa5cd05d3b5b..295c847c3cd4 100644
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -81,12 +81,23 @@ static __always_inline void sev_es_nmi_complete(void)
__sev_es_nmi_complete();
}
extern int __init sev_es_efi_map_ghcbs(pgd_t *pgd);
+extern enum es_result __sev_es_ghcb_hv_call(struct ghcb *ghcb,
+ struct es_em_ctxt *ctxt,
+ u64 exit_code, u64 exit_info_1,
+ u64 exit_info_2);

You can do here:

static inline enum es_result
__sev_es_ghcb_hv_call(struct ghcb *ghcb, u64 exit_code, u64 exit_info_1, u64 exit_info_2) { return ES_VMM_ERROR; }

@@ -137,12 +141,22 @@ static enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb,
ghcb_set_sw_exit_info_1(ghcb, exit_info_1);
ghcb_set_sw_exit_info_2(ghcb, exit_info_2);
- sev_es_wr_ghcb_msr(__pa(ghcb));
VMGEXIT();
return verify_exception_info(ghcb, ctxt);
}
+static enum es_result sev_es_ghcb_hv_call(struct ghcb *ghcb,
+ struct es_em_ctxt *ctxt,
+ u64 exit_code, u64 exit_info_1,
+ u64 exit_info_2)
+{
+ sev_es_wr_ghcb_msr(__pa(ghcb));
+
+ return __sev_es_ghcb_hv_call(ghcb, ctxt, exit_code, exit_info_1,
+ exit_info_2);
+}

Well, why does Hyper-V need this thing a bit differently, without the
setting of the GHCB's physical address?

Hyper-V runs paravisor in guest VMPL0 which emulates some functions
(e.g, timer, tsc, serial console and so on) via handling VC exception.
GHCB pages are allocated and set up by the paravisor and report to Linux
guest via MSR register.Hyper-V SEV implementation is unenlightened guest
case which doesn't Linux doesn't handle VC and paravisor in the VMPL0
handle it.

What if another hypervisor does yet another SEV implementation and yet
another HV call needs to be defined?

In the early version, these ghcb operations are implemented in Hyper-V code and get comments to use existing code in the SEV ES as much as possible. So latter versions expose the API to re-use code.

Current two cases: enlightened guest and un-enlightened guest. Tom and
brjesh pushed enlightened case. Hyper-V is un-enlightened case and a
paravisor runs in VMPL0 to handle VC to emulate devices inside VM. GHCB
is allocated and set up by paravisor in the un-enlightened case. The new
__sev_es_ghcb_hv_call() is to handle these two cases.

Next message: Michal Hocko: "Re: [PATCH memcg 2/3] memcg: remove charge forcinig for dying tasks"
Previous message: Neil Armstrong: "[PATCH v3 6/6] drm/meson: encoder_cvbs: switch to bridge with ATTACH_NO_CONNECTOR"
In reply to: Borislav Petkov: "Re: [PATCH] x86/sev-es: Expose __sev_es_ghcb_hv_call() to call ghcb hv call out of sev code"
Next in thread: Borislav Petkov: "Re: [PATCH] x86/sev-es: Expose __sev_es_ghcb_hv_call() to call ghcb hv call out of sev code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]