[6.6]Hygon: CSV3 patch series part 2 (launch and running support on both KVM and guest sides) #395
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hygon inclusion category: feature CVE: NA --------------------------- Define Hygon CSV3 key management command id and structure. The command definition is available in Hygon CSV3 spec. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- The command initializes the CSV3 guest's context. The firmware should be initialized before we issue any CSV3 guest commands. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- The command is used to load and encrypt data in CSV3 guest's private memory. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- The command is used to get secure VMCB physical address which is allocated in private memory by firmware. Besides, shadow VMCB physical address will be updated in secure VMCB. Also the firmware creates a new private page for guest's VMSA per vcpu. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- CSV3 guest's nested page table is managed by firmware. All the guest memory is private by default. The firmware maps guest's private memory in nested page table in advance. CSV3 guest may declare some memory regions as shared. It needs to send secure call command with specified memory region to firmware, then firmware frees the private pages which is mapped to the memory region. When guest access the specified memory region by then, nested page fault happens. When nested page fault happens, host needs to issue an external command UPDATE_NPT to firmware. Then firmware helps to map the specified shared pages in nested page table. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: yangwencheng <yangwencheng@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- Check if CSV3 guest is active at boot compressed stage. It checks HYGON hardware with CPUID 0x00000000 and bit30 of MSR 0xc0010131. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- CSV3 secure call is a method to communicate with the dedicated secure processor that host cannot tamper with. We declare two dedicated pages named secure call pages to hold the command which guest wants to send to the secure processor. The secure processor always sets only one page of the two as present in nested page table. Read/write action on the two pages will triger NPF then host must issue an external command to the secure processor. The secure processor gets the guest's command if the fault address is secure call page. CSV3 secure call command is used to set specified memory as shared or private in usual. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- The function is needed to set encrypted page as private or set decrypted page as shared at the stage where identity page table is created. By default, all memory is set as private. CSV3 guest's NPT is managed by the secure processor. The secure processor must perform the correct action for private/shared memory. The secure processor manages the guest's secure isolated memory which cannot be accessed by other guest or host. As CSV3 feaure, CSV3 guest's encrypted memory maps to secure isolated memory and decrypted memory which is shared with host maps to normal memory. At the stage of kernel decompressing, only GHCB page is set as shared. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- The functions are needed to set memory as private/shared memory or reset all memory as private memory at the stage where the identity mapping page table is available. Generally, at early runtime of the decompressed kernel, it needs to obtain CSV3 secure call pages then reset all memory as private before switching to new kernel page table. Otherwise, prior shared memory regions will be wrongly used and private data in guest may be accessed maliciously. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- Guest kernel declares bss decrypted memory section to share data with host. In CSV3 guest, the decrypted memory must be set as shared. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- Add functions to change the memory shared/private attribute in early boot code. When CSV3 is active, the decrypted memory must be mapped to normal (non-isolated) memory in nested page table so that hypervisor and guest can access shared data. But in-place encrypt/decrypt action on the memory is not applicable in CSV3 as CSV3 guest's private page will not be changed to shared page until the secure processor update NPT. Also new secure call pages should be initialized for per cpu to support multiple cpu secure call commands simultaneously. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- Add support for changing the memory to private or shared memory for multiple pages if CSV3 is active. When CSV3 guest wants to share data with host like SWIOTLB or change the unused shared memory to private memory, it must perform an secure call command to the secure processor to update mapping in nested page table. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn>
hygon inclusion category: feature CVE: NA --------------------------- Print Hygon secure virtualization feature. Add CSV3 info in feature list if CSV3 is active. Signed-off-by: Xin Jiang <jiangxin@hygon.cn> Signed-off-by: hanliyang <hanliyang@hygon.cn>
…LAUNCH_ENCRYPT_VMCB hygon inclusion category: feature CVE: NA --------------------------- Before the commit b7e4be0 ("KVM: SEV-ES: Delegate LBR virtualization to the processor"), the LBR Virtualization is enabled during init VMCB: init_vmcb() -> sev_init_vmcb() -> sev_es_init_vmcb() While the commit b7e4be0 ("KVM: SEV-ES: Delegate LBR virtualization to the processor") enable LBR Virtualization after succeed to LAUNCH_UPDATE_VMSA for each vCPUs. The process to enable LBR Virtualization will not be executed in common code path. To ensure the CSV3 guest to work properly, we should explicitly to enable LBR Virtualization after succeed to LAUNCH_ENCRYPT_VMCB for each vCPUs. Fixes: b7e4be0 ("KVM: SEV-ES: Delegate LBR virtualization to the processor") Signed-off-by: hanliyang <hanliyang@hygon.cn>
|
Hi @wojiaohanliyang. Thanks for your PR. I'm waiting for a deepin-community member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Contributor
|
/ok-to-test |
deepin pr auto reviewCSV: Add support for CSV3 git-svn-id: ffe668792ed3600446811f42624e92bf3aa95f7@196982 91177308-0d34-0410-b5e6-96231b3b80d8 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Host side support:
Implement APIs and KVM ioctl interfaces to support boot and handling VMExit in the lifecycle of the CSV3 guest.
KVM: Define CSV3 key management command id
KVM: SVM: CSV: Add KVM_CSV3_INIT command
KVM: SVM: CSV: Add KVM_CSV3_LAUNCH_ENCRYPT_DATA command
KVM: SVM: CSV: Add KVM_CSV3_LAUNCH_ENCRYPT_VMCB command
KVM: SVM: CSV: Manage CSV3 guest's nested page table
Guest side support:
Detect whether the CSV3 is active in the guest, and use secure call to maintain the private and shared pages.
x86/boot/compressed/64: Add CSV3 guest detection
x86/boot/compressed/64: Init CSV3 secure call pages
x86/boot/compressed/64: Add CSV3 update page attr(private/shared)
x86/kernel: Add CSV3 early update(enc/dec)/reset memory helpers
x86/kernel: Set bss decrypted memory as shared in CSV3 guest
x86: Update memory shared/private attribute in early boot for CSV3 guest
x86: Add support for changing the memory attribute for CSV3 guest
x86/mm: Print CSV3 info into kernel log
Host side fix:
LBRV is necessary when running CSV3 guest, the code to enable LBRV is changed since b7e4be0 ("KVM: SEV-ES: Delegate LBR virtualization to the processor"), we need enable LBRV explicitly.
KVM: SVM: CSV: Explicitly enable LBR Virtualization after succeed to LAUNCH_ENCRYPT_VMCB