Commit 49d6a3c0 authored by Tianyu Lan's avatar Tianyu Lan Committed by Wei Liu

x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM

Hyper-V Isolation VM current code uses sev_es_ghcb_hv_call()
to read/write MSR via GHCB page and depends on the sev code.
This may cause regression when sev code changes interface
design.

The latest SEV-ES code requires to negotiate GHCB version before
reading/writing MSR via GHCB page and sev_es_ghcb_hv_call() doesn't
work for Hyper-V Isolation VM. Add Hyper-V ghcb related implementation
to decouple SEV and Hyper-V code. Negotiate GHCB version in the
hyperv_init() and use the version to communicate with Hyper-V
in the ghcb hv call function.

Fixes: 2ea29c5a ("x86/sev: Save the negotiated GHCB version")
Signed-off-by: default avatarTianyu Lan <Tianyu.Lan@microsoft.com>
Reviewed-by: default avatarMichael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20220614014553.1915929-1-ltykernel@gmail.comSigned-off-by: default avatarWei Liu <wei.liu@kernel.org>
parent 656c5ba5
...@@ -13,6 +13,7 @@ ...@@ -13,6 +13,7 @@
#include <linux/io.h> #include <linux/io.h>
#include <asm/apic.h> #include <asm/apic.h>
#include <asm/desc.h> #include <asm/desc.h>
#include <asm/sev.h>
#include <asm/hypervisor.h> #include <asm/hypervisor.h>
#include <asm/hyperv-tlfs.h> #include <asm/hyperv-tlfs.h>
#include <asm/mshyperv.h> #include <asm/mshyperv.h>
...@@ -405,6 +406,11 @@ void __init hyperv_init(void) ...@@ -405,6 +406,11 @@ void __init hyperv_init(void)
} }
if (hv_isolation_type_snp()) { if (hv_isolation_type_snp()) {
/* Negotiate GHCB Version. */
if (!hv_ghcb_negotiate_protocol())
hv_ghcb_terminate(SEV_TERM_SET_GEN,
GHCB_SEV_ES_PROT_UNSUPPORTED);
hv_ghcb_pg = alloc_percpu(union hv_ghcb *); hv_ghcb_pg = alloc_percpu(union hv_ghcb *);
if (!hv_ghcb_pg) if (!hv_ghcb_pg)
goto free_vp_assist_page; goto free_vp_assist_page;
......
...@@ -53,6 +53,8 @@ union hv_ghcb { ...@@ -53,6 +53,8 @@ union hv_ghcb {
} hypercall; } hypercall;
} __packed __aligned(HV_HYP_PAGE_SIZE); } __packed __aligned(HV_HYP_PAGE_SIZE);
static u16 hv_ghcb_version __ro_after_init;
u64 hv_ghcb_hypercall(u64 control, void *input, void *output, u32 input_size) u64 hv_ghcb_hypercall(u64 control, void *input, void *output, u32 input_size)
{ {
union hv_ghcb *hv_ghcb; union hv_ghcb *hv_ghcb;
...@@ -96,12 +98,85 @@ u64 hv_ghcb_hypercall(u64 control, void *input, void *output, u32 input_size) ...@@ -96,12 +98,85 @@ u64 hv_ghcb_hypercall(u64 control, void *input, void *output, u32 input_size)
return status; return status;
} }
static inline u64 rd_ghcb_msr(void)
{
return __rdmsr(MSR_AMD64_SEV_ES_GHCB);
}
static inline void wr_ghcb_msr(u64 val)
{
native_wrmsrl(MSR_AMD64_SEV_ES_GHCB, val);
}
static enum es_result hv_ghcb_hv_call(struct ghcb *ghcb, u64 exit_code,
u64 exit_info_1, u64 exit_info_2)
{
/* Fill in protocol and format specifiers */
ghcb->protocol_version = hv_ghcb_version;
ghcb->ghcb_usage = GHCB_DEFAULT_USAGE;
ghcb_set_sw_exit_code(ghcb, exit_code);
ghcb_set_sw_exit_info_1(ghcb, exit_info_1);
ghcb_set_sw_exit_info_2(ghcb, exit_info_2);
VMGEXIT();
if (ghcb->save.sw_exit_info_1 & GENMASK_ULL(31, 0))
return ES_VMM_ERROR;
else
return ES_OK;
}
void hv_ghcb_terminate(unsigned int set, unsigned int reason)
{
u64 val = GHCB_MSR_TERM_REQ;
/* Tell the hypervisor what went wrong. */
val |= GHCB_SEV_TERM_REASON(set, reason);
/* Request Guest Termination from Hypvervisor */
wr_ghcb_msr(val);
VMGEXIT();
while (true)
asm volatile("hlt\n" : : : "memory");
}
bool hv_ghcb_negotiate_protocol(void)
{
u64 ghcb_gpa;
u64 val;
/* Save ghcb page gpa. */
ghcb_gpa = rd_ghcb_msr();
/* Do the GHCB protocol version negotiation */
wr_ghcb_msr(GHCB_MSR_SEV_INFO_REQ);
VMGEXIT();
val = rd_ghcb_msr();
if (GHCB_MSR_INFO(val) != GHCB_MSR_SEV_INFO_RESP)
return false;
if (GHCB_MSR_PROTO_MAX(val) < GHCB_PROTOCOL_MIN ||
GHCB_MSR_PROTO_MIN(val) > GHCB_PROTOCOL_MAX)
return false;
hv_ghcb_version = min_t(size_t, GHCB_MSR_PROTO_MAX(val),
GHCB_PROTOCOL_MAX);
/* Write ghcb page back after negotiating protocol. */
wr_ghcb_msr(ghcb_gpa);
VMGEXIT();
return true;
}
void hv_ghcb_msr_write(u64 msr, u64 value) void hv_ghcb_msr_write(u64 msr, u64 value)
{ {
union hv_ghcb *hv_ghcb; union hv_ghcb *hv_ghcb;
void **ghcb_base; void **ghcb_base;
unsigned long flags; unsigned long flags;
struct es_em_ctxt ctxt;
if (!hv_ghcb_pg) if (!hv_ghcb_pg)
return; return;
...@@ -120,8 +195,7 @@ void hv_ghcb_msr_write(u64 msr, u64 value) ...@@ -120,8 +195,7 @@ void hv_ghcb_msr_write(u64 msr, u64 value)
ghcb_set_rax(&hv_ghcb->ghcb, lower_32_bits(value)); ghcb_set_rax(&hv_ghcb->ghcb, lower_32_bits(value));
ghcb_set_rdx(&hv_ghcb->ghcb, upper_32_bits(value)); ghcb_set_rdx(&hv_ghcb->ghcb, upper_32_bits(value));
if (sev_es_ghcb_hv_call(&hv_ghcb->ghcb, false, &ctxt, if (hv_ghcb_hv_call(&hv_ghcb->ghcb, SVM_EXIT_MSR, 1, 0))
SVM_EXIT_MSR, 1, 0))
pr_warn("Fail to write msr via ghcb %llx.\n", msr); pr_warn("Fail to write msr via ghcb %llx.\n", msr);
local_irq_restore(flags); local_irq_restore(flags);
...@@ -133,7 +207,6 @@ void hv_ghcb_msr_read(u64 msr, u64 *value) ...@@ -133,7 +207,6 @@ void hv_ghcb_msr_read(u64 msr, u64 *value)
union hv_ghcb *hv_ghcb; union hv_ghcb *hv_ghcb;
void **ghcb_base; void **ghcb_base;
unsigned long flags; unsigned long flags;
struct es_em_ctxt ctxt;
/* Check size of union hv_ghcb here. */ /* Check size of union hv_ghcb here. */
BUILD_BUG_ON(sizeof(union hv_ghcb) != HV_HYP_PAGE_SIZE); BUILD_BUG_ON(sizeof(union hv_ghcb) != HV_HYP_PAGE_SIZE);
...@@ -152,8 +225,7 @@ void hv_ghcb_msr_read(u64 msr, u64 *value) ...@@ -152,8 +225,7 @@ void hv_ghcb_msr_read(u64 msr, u64 *value)
} }
ghcb_set_rcx(&hv_ghcb->ghcb, msr); ghcb_set_rcx(&hv_ghcb->ghcb, msr);
if (sev_es_ghcb_hv_call(&hv_ghcb->ghcb, false, &ctxt, if (hv_ghcb_hv_call(&hv_ghcb->ghcb, SVM_EXIT_MSR, 0, 0))
SVM_EXIT_MSR, 0, 0))
pr_warn("Fail to read msr via ghcb %llx.\n", msr); pr_warn("Fail to read msr via ghcb %llx.\n", msr);
else else
*value = (u64)lower_32_bits(hv_ghcb->ghcb.save.rax) *value = (u64)lower_32_bits(hv_ghcb->ghcb.save.rax)
......
...@@ -179,9 +179,13 @@ int hv_set_mem_host_visibility(unsigned long addr, int numpages, bool visible); ...@@ -179,9 +179,13 @@ int hv_set_mem_host_visibility(unsigned long addr, int numpages, bool visible);
#ifdef CONFIG_AMD_MEM_ENCRYPT #ifdef CONFIG_AMD_MEM_ENCRYPT
void hv_ghcb_msr_write(u64 msr, u64 value); void hv_ghcb_msr_write(u64 msr, u64 value);
void hv_ghcb_msr_read(u64 msr, u64 *value); void hv_ghcb_msr_read(u64 msr, u64 *value);
bool hv_ghcb_negotiate_protocol(void);
void hv_ghcb_terminate(unsigned int set, unsigned int reason);
#else #else
static inline void hv_ghcb_msr_write(u64 msr, u64 value) {} static inline void hv_ghcb_msr_write(u64 msr, u64 value) {}
static inline void hv_ghcb_msr_read(u64 msr, u64 *value) {} static inline void hv_ghcb_msr_read(u64 msr, u64 *value) {}
static inline bool hv_ghcb_negotiate_protocol(void) { return false; }
static inline void hv_ghcb_terminate(unsigned int set, unsigned int reason) {}
#endif #endif
extern bool hv_isolation_type_snp(void); extern bool hv_isolation_type_snp(void);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment