Re: [PATCH V9 0/9] x86/Hyper-V: Add Hyper-V Isolation VM support(First part)
From: Wei Liu
Date: Mon Oct 25 2021 - 16:56:08 EST
On Mon, Oct 25, 2021 at 08:21:05AM -0400, Tianyu Lan wrote:
> From: Tianyu Lan <Tianyu.Lan@xxxxxxxxxxxxx>
>
> Hyper-V provides two kinds of Isolation VMs. VBS(Virtualization-based
> security) and AMD SEV-SNP unenlightened Isolation VMs. This patchset
> is to add support for these Isolation VM support in Linux.
>
> The memory of these vms are encrypted and host can't access guest
> memory directly. Hyper-V provides new host visibility hvcall and
> the guest needs to call new hvcall to mark memory visible to host
> before sharing memory with host. For security, all network/storage
> stack memory should not be shared with host and so there is bounce
> buffer requests.
>
> Vmbus channel ring buffer already plays bounce buffer role because
> all data from/to host needs to copy from/to between the ring buffer
> and IO stack memory. So mark vmbus channel ring buffer visible.
>
> For SNP isolation VM, guest needs to access the shared memory via
> extra address space which is specified by Hyper-V CPUID HYPERV_CPUID_
> ISOLATION_CONFIG. The access physical address of the shared memory
> should be bounce buffer memory GPA plus with shared_gpa_boundary
> reported by CPUID.
>
> This patchset is rebased on the commit d9abdee of Linux mainline tree
> and plus clean up patch from Borislav Petkov(https://lore.kernel.org/r/
> YWRwxImd9Qcls/Yy@xxxxxxx)
>
>
Applied to hyperv-next. Thanks.
Wei.