Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp2669947rwb; Thu, 17 Nov 2022 14:21:03 -0800 (PST) X-Google-Smtp-Source: AA0mqf65TVvw7A0jBcpGdT6ulITaNotdK+Gv54GrU7OTqVeaDNeMv1WBdFXgGSkgnM+dcrOma95C X-Received: by 2002:a17:906:844c:b0:781:aff3:c68d with SMTP id e12-20020a170906844c00b00781aff3c68dmr3897235ejy.36.1668723663139; Thu, 17 Nov 2022 14:21:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668723663; cv=none; d=google.com; s=arc-20160816; b=N4VYYTxrpykqoQCRZiULcG8vrx8DK+tWWfLEWkXWX+PHuWvYkdILjJ0sBV7geodNW1 ESURsBVC3TZRF3YnTerGq2a3v8VEc3E5Ho711ArmTwPKHyKiewWG9TMrAAeyGbLymWZa 4yRFUIKSdzIVhrWg3uukVXa+akWiBo9qyrp+gFTFS1D7ZpoFL4cSSHahzRXTWO1RgX6J FagYXslZShMFnnc2X9LUQxnE3soqrXgQku8pTv6b3eHmAk6DtHH6t8yifvh5j5hEOtj2 iAK7X7XdNFu1tnZ0KurhPqOK/+vbNGrPjb8zY8yXNZXIoAIcnE05sJSR31PkHnlfR7op KBzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:to:content-language:subject:user-agent:mime-version:date :message-id:dkim-signature; bh=03NbQodZhU2Wjc4UK+8qT3eJNc6+6Hj+4FBCSHt+RUU=; b=tzE4qNYV6yg/yQPYRdkygUS5AYgeiVdcQE9g86IO6eQCFXdWuLFet5e9o0Lz5Vi7M2 vBjNhGR+sJ0AkhLrio/6RhJEBSI9q27K6KzvvxU1kolX5qProWzpPnou1sV37hR0BSUw OcSXCtjn28TXEZvp1ZWuVoxyuYVX6RJLONFzOS5xOKf5bEx/AYduLIYvU/YMZ9oufrfP zVvc3DNNYmRZHc59gGf/fjVt6lIvd1LTSLVVAzhH4j36GQkWAbEY9VpD05a7Mb+acVGb BqsTzS9J//WmNs3bRHin8P62YjNJ1H3yU6910L4aTl7ImC5eci4BSX0emx1uI5WYpiXa nrOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=UwFcpCkq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n1-20020a1709062bc100b0078e28a52d58si1439191ejg.874.2022.11.17.14.20.39; Thu, 17 Nov 2022 14:21:03 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=UwFcpCkq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239716AbiKQVjN (ORCPT + 92 others); Thu, 17 Nov 2022 16:39:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54440 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232126AbiKQVjJ (ORCPT ); Thu, 17 Nov 2022 16:39:09 -0500 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A4782251C; Thu, 17 Nov 2022 13:39:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1668721148; x=1700257148; h=message-id:date:mime-version:subject:to:references:from: in-reply-to:content-transfer-encoding; bh=0niZneHfbkcxXEZ9uvCv+etpZqLq0KbVLSwB6K5fTv4=; b=UwFcpCkqRTsf0nLvu0eaM/WnpffQJfY//ELSqIWuX7D/JtxcnXP8RnpW jTYsj36VF05RPejPZaWAiVbz8d/7fB2ExP3EiBQBLoWaGP4nKlYEwKTl4 yQhNvEIGCJJUErIvXdjvJ7ULCk3tqHFe95rAdibZ1SUwWoq3olAAqQw68 w2VIlJqQN5hDagWVP1werbIdpz3dA98lYu6kCN5nL9qpBn1PpfHH4+vNP SPFkeuy5SW4GDKyMTlt3CyR2kDkkN7c3BgHwXrkVLHGBUlJyHdsnShXeT nKR+2TWsdJ8F5rL8CgiEChu9jDkQDzKZJBfV2mxrDiadbBZZvex59xv2b A==; X-IronPort-AV: E=McAfee;i="6500,9779,10534"; a="312995513" X-IronPort-AV: E=Sophos;i="5.96,172,1665471600"; d="scan'208";a="312995513" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Nov 2022 13:39:08 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10534"; a="639967396" X-IronPort-AV: E=Sophos;i="5.96,172,1665471600"; d="scan'208";a="639967396" Received: from wangyi7-mobl3.amr.corp.intel.com (HELO [10.212.182.5]) ([10.212.182.5]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Nov 2022 13:39:06 -0800 Message-ID: <23c123b6-4588-9888-ec8d-ec3303ce2406@linux.intel.com> Date: Thu, 17 Nov 2022 13:39:06 -0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 Thunderbird/102.2.2 Subject: Re: [Patch v3 02/14] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute Content-Language: en-US To: Michael Kelley , hpa@zytor.com, kys@microsoft.com, haiyangz@microsoft.com, wei.liu@kernel.org, decui@microsoft.com, luto@kernel.org, peterz@infradead.org, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, lpieralisi@kernel.org, robh@kernel.org, kw@linux.com, bhelgaas@google.com, arnd@arndb.de, hch@infradead.org, m.szyprowski@samsung.com, robin.murphy@arm.com, thomas.lendacky@amd.com, brijesh.singh@amd.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, Tianyu.Lan@microsoft.com, kirill.shutemov@linux.intel.com, ak@linux.intel.com, isaku.yamahata@intel.com, dan.j.williams@intel.com, jane.chu@oracle.com, seanjc@google.com, tony.luck@intel.com, x86@kernel.org, linux-kernel@vger.kernel.org, linux-hyperv@vger.kernel.org, netdev@vger.kernel.org, linux-pci@vger.kernel.org, linux-arch@vger.kernel.org, iommu@lists.linux.dev References: <1668624097-14884-1-git-send-email-mikelley@microsoft.com> <1668624097-14884-3-git-send-email-mikelley@microsoft.com> From: Sathyanarayanan Kuppuswamy In-Reply-To: <1668624097-14884-3-git-send-email-mikelley@microsoft.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-7.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/16/22 10:41 AM, Michael Kelley wrote: > Current code always maps the IOAPIC as shared (decrypted) in a > confidential VM. But Hyper-V guest VMs on AMD SEV-SNP with vTOM > enabled use a paravisor running in VMPL0 to emulate the IOAPIC. > In such a case, the IOAPIC must be accessed as private (encrypted). > > Fix this by gating the IOAPIC decrypted mapping on a new > cc_platform_has() attribute that a subsequent patch in the series > will set only for Hyper-V guests. > > Signed-off-by: Michael Kelley > Reviewed-by: Wei Liu > --- Looks fine to me. Reviewed-by: Kuppuswamy Sathyanarayanan > arch/x86/kernel/apic/io_apic.c | 3 ++- > include/linux/cc_platform.h | 12 ++++++++++++ > 2 files changed, 14 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c > index a868b76..c65e0cc 100644 > --- a/arch/x86/kernel/apic/io_apic.c > +++ b/arch/x86/kernel/apic/io_apic.c > @@ -2686,7 +2686,8 @@ static void io_apic_set_fixmap(enum fixed_addresses idx, phys_addr_t phys) > * Ensure fixmaps for IOAPIC MMIO respect memory encryption pgprot > * bits, just like normal ioremap(): > */ > - flags = pgprot_decrypted(flags); > + if (!cc_platform_has(CC_ATTR_EMULATED_IOAPIC)) > + flags = pgprot_decrypted(flags); > > __set_fixmap(idx, phys, flags); > } > diff --git a/include/linux/cc_platform.h b/include/linux/cc_platform.h > index cb0d6cd..7a0da75 100644 > --- a/include/linux/cc_platform.h > +++ b/include/linux/cc_platform.h > @@ -90,6 +90,18 @@ enum cc_attr { > * Examples include TDX Guest. > */ > CC_ATTR_HOTPLUG_DISABLED, > + > + /** > + * @CC_ATTR_EMULATED_IOAPIC: Guest VM has an emulated I/O APIC > + * > + * The platform/OS is running as a guest/virtual machine with > + * an I/O APIC that is emulated by a paravisor running in the > + * guest VM context. As such, the I/O APIC is accessed in the > + * encrypted portion of the guest physical address space. > + * > + * Examples include Hyper-V SEV-SNP guests using vTOM. > + */ > + CC_ATTR_EMULATED_IOAPIC, > }; > > #ifdef CONFIG_ARCH_HAS_CC_PLATFORM -- Sathyanarayanan Kuppuswamy Linux Kernel Developer