From d6e2d652443751e290b2edb70173ec3c22f78fbe Mon Sep 17 00:00:00 2001 From: Tianyu Lan Date: Fri, 18 Aug 2023 06:29:11 -0400 Subject: x86/hyperv: Add sev-snp enlightened guest static key Introduce static key isolation_type_en_snp for enlightened sev-snp guest check. Reviewed-by: Dexuan Cui Reviewed-by: Michael Kelley Signed-off-by: Tianyu Lan Signed-off-by: Wei Liu Link: https://lore.kernel.org/r/20230818102919.1318039-2-ltykernel@gmail.com --- include/asm-generic/mshyperv.h | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/asm-generic/mshyperv.h b/include/asm-generic/mshyperv.h index 402a8c1c202d..580c766958de 100644 --- a/include/asm-generic/mshyperv.h +++ b/include/asm-generic/mshyperv.h @@ -36,15 +36,21 @@ struct ms_hyperv_info { u32 nested_features; u32 max_vp_index; u32 max_lp_index; - u32 isolation_config_a; + union { + u32 isolation_config_a; + struct { + u32 paravisor_present : 1; + u32 reserved_a1 : 31; + }; + }; union { u32 isolation_config_b; struct { u32 cvm_type : 4; - u32 reserved1 : 1; + u32 reserved_b1 : 1; u32 shared_gpa_boundary_active : 1; u32 shared_gpa_boundary_bits : 6; - u32 reserved2 : 20; + u32 reserved_b2 : 20; }; }; u64 shared_gpa_boundary; @@ -58,6 +64,7 @@ extern void * __percpu *hyperv_pcpu_output_arg; extern u64 hv_do_hypercall(u64 control, void *inputaddr, void *outputaddr); extern u64 hv_do_fast_hypercall8(u16 control, u64 input8); extern bool hv_isolation_type_snp(void); +extern bool hv_isolation_type_en_snp(void); /* Helper functions that provide a consistent pattern for checking Hyper-V hypercall status. */ static inline int hv_result(u64 status) -- cgit v1.2.3 From 8387ce06d70bbbb97a0c168a52b68268ae0da075 Mon Sep 17 00:00:00 2001 From: Tianyu Lan Date: Fri, 18 Aug 2023 06:29:12 -0400 Subject: x86/hyperv: Set Virtual Trust Level in VMBus init message SEV-SNP guests on Hyper-V can run at multiple Virtual Trust Levels (VTL). During boot, get the VTL at which we're running using the GET_VP_REGISTERs hypercall, and save the value for future use. Then during VMBus initialization, set the VTL with the saved value as required in the VMBus init message. Reviewed-by: Dexuan Cui Reviewed-by: Michael Kelley Signed-off-by: Tianyu Lan Signed-off-by: Wei Liu Link: https://lore.kernel.org/r/20230818102919.1318039-3-ltykernel@gmail.com --- include/asm-generic/mshyperv.h | 1 + include/linux/hyperv.h | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/asm-generic/mshyperv.h b/include/asm-generic/mshyperv.h index 580c766958de..efd0d2aedad3 100644 --- a/include/asm-generic/mshyperv.h +++ b/include/asm-generic/mshyperv.h @@ -54,6 +54,7 @@ struct ms_hyperv_info { }; }; u64 shared_gpa_boundary; + u8 vtl; }; extern struct ms_hyperv_info ms_hyperv; extern bool hv_nested; diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h index bfbc37ce223b..1f2bfec4abde 100644 --- a/include/linux/hyperv.h +++ b/include/linux/hyperv.h @@ -665,8 +665,8 @@ struct vmbus_channel_initiate_contact { u64 interrupt_page; struct { u8 msg_sint; - u8 padding1[3]; - u32 padding2; + u8 msg_vtl; + u8 reserved[6]; }; }; u64 monitor_page1; -- cgit v1.2.3 From 44676bb9d566ce2bfbd132f9745eb7eb2d784476 Mon Sep 17 00:00:00 2001 From: Tianyu Lan Date: Fri, 18 Aug 2023 06:29:17 -0400 Subject: x86/hyperv: Add smp support for SEV-SNP guest In the AMD SEV-SNP guest, AP needs to be started up via sev es save area and Hyper-V requires to call HVCALL_START_VP hypercall to pass the gpa of sev es save area with AP's vp index and VTL(Virtual trust level) parameters. Override wakeup_secondary_cpu_64 callback with hv_snp_boot_ap. Reviewed-by: Dexuan Cui Reviewed-by: Michael Kelley Signed-off-by: Tianyu Lan Signed-off-by: Wei Liu Link: https://lore.kernel.org/r/20230818102919.1318039-8-ltykernel@gmail.com --- include/asm-generic/hyperv-tlfs.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/asm-generic/hyperv-tlfs.h b/include/asm-generic/hyperv-tlfs.h index f4e4cc4f965f..fdac4a1714ec 100644 --- a/include/asm-generic/hyperv-tlfs.h +++ b/include/asm-generic/hyperv-tlfs.h @@ -223,6 +223,7 @@ enum HV_GENERIC_SET_FORMAT { #define HV_STATUS_INVALID_PORT_ID 17 #define HV_STATUS_INVALID_CONNECTION_ID 18 #define HV_STATUS_INSUFFICIENT_BUFFERS 19 +#define HV_STATUS_TIME_OUT 120 #define HV_STATUS_VTL_ALREADY_ENABLED 134 /* -- cgit v1.2.3 From bb9b0e46b84c19d3dd7d453a2da71a0fdc172b31 Mon Sep 17 00:00:00 2001 From: Saurabh Sengar Date: Tue, 15 Aug 2023 21:34:38 -0700 Subject: hv: hyperv.h: Replace one-element array with flexible-array member One-element and zero-length arrays are deprecated. Replace one-element array in struct vmtransfer_page_packet_header with flexible-array member. This change fixes below warning: [ 2.593788] ================================================================================ [ 2.593908] UBSAN: array-index-out-of-bounds in drivers/net/hyperv/netvsc.c:1445:41 [ 2.593989] index 1 is out of range for type 'vmtransfer_page_range [1]' [ 2.594049] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.5.0-rc4-next-20230803+ #1 [ 2.594114] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 04/20/2023 [ 2.594121] Call Trace: [ 2.594126] [ 2.594133] dump_stack_lvl+0x4c/0x70 [ 2.594154] dump_stack+0x14/0x20 [ 2.594162] __ubsan_handle_out_of_bounds+0xa6/0xf0 [ 2.594224] netvsc_poll+0xc01/0xc90 [hv_netvsc] [ 2.594258] __napi_poll+0x30/0x1e0 [ 2.594320] net_rx_action+0x194/0x2f0 [ 2.594333] __do_softirq+0xde/0x31e [ 2.594345] __irq_exit_rcu+0x6b/0x90 [ 2.594357] irq_exit_rcu+0x12/0x20 [ 2.594366] sysvec_hyperv_callback+0x84/0x90 [ 2.594376] [ 2.594379] [ 2.594383] asm_sysvec_hyperv_callback+0x1f/0x30 [ 2.594394] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 2.594452] Code: 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 05 35 3f 00 fb f4 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 2.594459] RSP: 0018:ffffb841c00d3e88 EFLAGS: 00000256 [ 2.594469] RAX: ffff9d18c326f4a0 RBX: ffff9d18c031df40 RCX: 4000000000000000 [ 2.594475] RDX: 0000000000000001 RSI: 0000000000000082 RDI: 00000000000268dc [ 2.594481] RBP: ffffb841c00d3e90 R08: 00000066a171109b R09: 00000000d33d2600 [ 2.594486] R10: 000000009a41bf00 R11: 0000000000000000 R12: 0000000000000001 [ 2.594491] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2.594501] ? ct_kernel_exit.constprop.0+0x7d/0x90 [ 2.594513] ? default_idle+0xd/0x20 [ 2.594523] arch_cpu_idle+0xd/0x20 [ 2.594532] default_idle_call+0x30/0xe0 [ 2.594542] do_idle+0x200/0x240 [ 2.594553] ? complete+0x71/0x80 [ 2.594613] cpu_startup_entry+0x24/0x30 [ 2.594624] start_secondary+0x12d/0x160 [ 2.594634] secondary_startup_64_no_verify+0x17e/0x18b [ 2.594649] [ 2.594656] ================================================================================ With this change the structure size is reduced by 8 bytes, below is the pahole output. struct vmtransfer_page_packet_header { struct vmpacket_descriptor d; /* 0 16 */ u16 xfer_pageset_id; /* 16 2 */ u8 sender_owns_set; /* 18 1 */ u8 reserved; /* 19 1 */ u32 range_cnt; /* 20 4 */ struct vmtransfer_page_range ranges[]; /* 24 0 */ /* size: 24, cachelines: 1, members: 6 */ /* last cacheline: 24 bytes */ }; The validation code in the netvsc driver is affected by changing the struct size, but the effects have been examined and have been determined to be appropriate. Signed-off-by: Saurabh Sengar Reviewed-by: Michael Kelley Signed-off-by: Wei Liu Link: https://lore.kernel.org/r/1692160478-18469-1-git-send-email-ssengar@linux.microsoft.com --- include/linux/hyperv.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h index 1f2bfec4abde..a922d4526de4 100644 --- a/include/linux/hyperv.h +++ b/include/linux/hyperv.h @@ -348,7 +348,7 @@ struct vmtransfer_page_packet_header { u8 sender_owns_set; u8 reserved; u32 range_cnt; - struct vmtransfer_page_range ranges[1]; + struct vmtransfer_page_range ranges[]; } __packed; struct vmgpadl_packet_header { -- cgit v1.2.3 From 08e9d12077fcc7c4c4579d7dcd8093b59b01369e Mon Sep 17 00:00:00 2001 From: Dexuan Cui Date: Thu, 24 Aug 2023 01:07:03 -0700 Subject: x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests No logic change to SNP/VBS guests. hv_isolation_type_tdx() will be used to instruct a TDX guest on Hyper-V to do some TDX-specific operations, e.g. for a fully enlightened TDX guest (i.e. without the paravisor), hv_do_hypercall() should use __tdx_hypercall() and such a guest on Hyper-V should handle the Hyper-V Event/Message/Monitor pages specially. Reviewed-by: Michael Kelley Reviewed-by: Tianyu Lan Signed-off-by: Dexuan Cui Signed-off-by: Wei Liu Link: https://lore.kernel.org/r/20230824080712.30327-2-decui@microsoft.com --- include/asm-generic/mshyperv.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/asm-generic/mshyperv.h b/include/asm-generic/mshyperv.h index efd0d2aedad3..82eba2d5fc4c 100644 --- a/include/asm-generic/mshyperv.h +++ b/include/asm-generic/mshyperv.h @@ -66,6 +66,7 @@ extern u64 hv_do_hypercall(u64 control, void *inputaddr, void *outputaddr); extern u64 hv_do_fast_hypercall8(u16 control, u64 input8); extern bool hv_isolation_type_snp(void); extern bool hv_isolation_type_en_snp(void); +bool hv_isolation_type_tdx(void); /* Helper functions that provide a consistent pattern for checking Hyper-V hypercall status. */ static inline int hv_result(u64 status) -- cgit v1.2.3 From d6e0228d265f29348a01780ff306321c399d8b95 Mon Sep 17 00:00:00 2001 From: Dexuan Cui Date: Thu, 24 Aug 2023 01:07:04 -0700 Subject: x86/hyperv: Support hypercalls for fully enlightened TDX guests A fully enlightened TDX guest on Hyper-V (i.e. without the paravisor) only uses the GHCI call rather than hv_hypercall_pg. Do not initialize hypercall_pg for such a guest. In hv_common_cpu_init(), the hyperv_pcpu_input_arg page needs to be decrypted in such a guest. Reviewed-by: Kuppuswamy Sathyanarayanan Reviewed-by: Michael Kelley Reviewed-by: Tianyu Lan Signed-off-by: Dexuan Cui Signed-off-by: Wei Liu Link: https://lore.kernel.org/r/20230824080712.30327-3-decui@microsoft.com --- include/asm-generic/mshyperv.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/asm-generic/mshyperv.h b/include/asm-generic/mshyperv.h index 82eba2d5fc4c..f577eff58ea0 100644 --- a/include/asm-generic/mshyperv.h +++ b/include/asm-generic/mshyperv.h @@ -283,6 +283,7 @@ enum hv_isolation_type hv_get_isolation_type(void); bool hv_is_isolation_supported(void); bool hv_isolation_type_snp(void); u64 hv_ghcb_hypercall(u64 control, void *input, void *output, u32 input_size); +u64 hv_tdx_hypercall(u64 control, u64 param1, u64 param2); void hyperv_cleanup(void); bool hv_query_ext_cap(u64 cap_query); void hv_setup_dma_ops(struct device *dev, bool coherent); -- cgit v1.2.3 From e3131f1c81448a87e08dffd21867312a5ce563d9 Mon Sep 17 00:00:00 2001 From: Dexuan Cui Date: Thu, 24 Aug 2023 01:07:11 -0700 Subject: x86/hyperv: Remove hv_isolation_type_en_snp In ms_hyperv_init_platform(), do not distinguish between a SNP VM with the paravisor and a SNP VM without the paravisor. Replace hv_isolation_type_en_snp() with !ms_hyperv.paravisor_present && hv_isolation_type_snp(). The hv_isolation_type_en_snp() in drivers/hv/hv.c and drivers/hv/hv_common.c can be changed to hv_isolation_type_snp() since we know !ms_hyperv.paravisor_present is true there. Signed-off-by: Dexuan Cui Reviewed-by: Michael Kelley Reviewed-by: Tianyu Lan Signed-off-by: Wei Liu Link: https://lore.kernel.org/r/20230824080712.30327-10-decui@microsoft.com --- include/asm-generic/mshyperv.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'include') diff --git a/include/asm-generic/mshyperv.h b/include/asm-generic/mshyperv.h index f577eff58ea0..e7ecf03f675e 100644 --- a/include/asm-generic/mshyperv.h +++ b/include/asm-generic/mshyperv.h @@ -64,8 +64,7 @@ extern void * __percpu *hyperv_pcpu_output_arg; extern u64 hv_do_hypercall(u64 control, void *inputaddr, void *outputaddr); extern u64 hv_do_fast_hypercall8(u16 control, u64 input8); -extern bool hv_isolation_type_snp(void); -extern bool hv_isolation_type_en_snp(void); +bool hv_isolation_type_snp(void); bool hv_isolation_type_tdx(void); /* Helper functions that provide a consistent pattern for checking Hyper-V hypercall status. */ -- cgit v1.2.3