mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-08-05 16:54:27 +00:00
812b0597fb
Hyper-V guests on AMD SEV-SNP hardware have the option of using the "virtual Top Of Memory" (vTOM) feature specified by the SEV-SNP architecture. With vTOM, shared vs. private memory accesses are controlled by splitting the guest physical address space into two halves. vTOM is the dividing line where the uppermost bit of the physical address space is set; e.g., with 47 bits of guest physical address space, vTOM is 0x400000000000 (bit 46 is set). Guest physical memory is accessible at two parallel physical addresses -- one below vTOM and one above vTOM. Accesses below vTOM are private (encrypted) while accesses above vTOM are shared (decrypted). In this sense, vTOM is like the GPA.SHARED bit in Intel TDX. Support for Hyper-V guests using vTOM was added to the Linux kernel in two patch sets[1][2]. This support treats the vTOM bit as part of the physical address. For accessing shared (decrypted) memory, these patch sets create a second kernel virtual mapping that maps to physical addresses above vTOM. A better approach is to treat the vTOM bit as a protection flag, not as part of the physical address. This new approach is like the approach for the GPA.SHARED bit in Intel TDX. Rather than creating a second kernel virtual mapping, the existing mapping is updated using recently added coco mechanisms. When memory is changed between private and shared using set_memory_decrypted() and set_memory_encrypted(), the PTEs for the existing kernel mapping are changed to add or remove the vTOM bit in the guest physical address, just as with TDX. The hypercalls to change the memory status on the host side are made using the existing callback mechanism. Everything just works, with a minor tweak to map the IO-APIC to use private accesses. To accomplish the switch in approach, the following must be done: * Update Hyper-V initialization to set the cc_mask based on vTOM and do other coco initialization. * Update physical_mask so the vTOM bit is no longer treated as part of the physical address * Remove CC_VENDOR_HYPERV and merge the associated vTOM functionality under CC_VENDOR_AMD. Update cc_mkenc() and cc_mkdec() to set/clear the vTOM bit as a protection flag. * Code already exists to make hypercalls to inform Hyper-V about pages changing between shared and private. Update this code to run as a callback from __set_memory_enc_pgtable(). * Remove the Hyper-V special case from __set_memory_enc_dec() * Remove the Hyper-V specific call to swiotlb_update_mem_attributes() since mem_encrypt_init() will now do it. * Add a Hyper-V specific implementation of the is_private_mmio() callback that returns true for the IO-APIC and vTPM MMIO addresses [1] https://lore.kernel.org/all/20211025122116.264793-1-ltykernel@gmail.com/ [2] https://lore.kernel.org/all/20211213071407.314309-1-ltykernel@gmail.com/ [ bp: Touchups. ] Signed-off-by: Michael Kelley <mikelley@microsoft.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Link: https://lore.kernel.org/r/1679838727-87310-7-git-send-email-mikelley@microsoft.com
160 lines
3.6 KiB
C
160 lines
3.6 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* Confidential Computing Platform Capability checks
|
|
*
|
|
* Copyright (C) 2021 Advanced Micro Devices, Inc.
|
|
*
|
|
* Author: Tom Lendacky <thomas.lendacky@amd.com>
|
|
*/
|
|
|
|
#include <linux/export.h>
|
|
#include <linux/cc_platform.h>
|
|
|
|
#include <asm/coco.h>
|
|
#include <asm/processor.h>
|
|
|
|
static enum cc_vendor vendor __ro_after_init;
|
|
static u64 cc_mask __ro_after_init;
|
|
|
|
static bool intel_cc_platform_has(enum cc_attr attr)
|
|
{
|
|
switch (attr) {
|
|
case CC_ATTR_GUEST_UNROLL_STRING_IO:
|
|
case CC_ATTR_HOTPLUG_DISABLED:
|
|
case CC_ATTR_GUEST_MEM_ENCRYPT:
|
|
case CC_ATTR_MEM_ENCRYPT:
|
|
return true;
|
|
default:
|
|
return false;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Handle the SEV-SNP vTOM case where sme_me_mask is zero, and
|
|
* the other levels of SME/SEV functionality, including C-bit
|
|
* based SEV-SNP, are not enabled.
|
|
*/
|
|
static __maybe_unused bool amd_cc_platform_vtom(enum cc_attr attr)
|
|
{
|
|
switch (attr) {
|
|
case CC_ATTR_GUEST_MEM_ENCRYPT:
|
|
case CC_ATTR_MEM_ENCRYPT:
|
|
return true;
|
|
default:
|
|
return false;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* SME and SEV are very similar but they are not the same, so there are
|
|
* times that the kernel will need to distinguish between SME and SEV. The
|
|
* cc_platform_has() function is used for this. When a distinction isn't
|
|
* needed, the CC_ATTR_MEM_ENCRYPT attribute can be used.
|
|
*
|
|
* The trampoline code is a good example for this requirement. Before
|
|
* paging is activated, SME will access all memory as decrypted, but SEV
|
|
* will access all memory as encrypted. So, when APs are being brought
|
|
* up under SME the trampoline area cannot be encrypted, whereas under SEV
|
|
* the trampoline area must be encrypted.
|
|
*/
|
|
|
|
static bool amd_cc_platform_has(enum cc_attr attr)
|
|
{
|
|
#ifdef CONFIG_AMD_MEM_ENCRYPT
|
|
|
|
if (sev_status & MSR_AMD64_SNP_VTOM)
|
|
return amd_cc_platform_vtom(attr);
|
|
|
|
switch (attr) {
|
|
case CC_ATTR_MEM_ENCRYPT:
|
|
return sme_me_mask;
|
|
|
|
case CC_ATTR_HOST_MEM_ENCRYPT:
|
|
return sme_me_mask && !(sev_status & MSR_AMD64_SEV_ENABLED);
|
|
|
|
case CC_ATTR_GUEST_MEM_ENCRYPT:
|
|
return sev_status & MSR_AMD64_SEV_ENABLED;
|
|
|
|
case CC_ATTR_GUEST_STATE_ENCRYPT:
|
|
return sev_status & MSR_AMD64_SEV_ES_ENABLED;
|
|
|
|
/*
|
|
* With SEV, the rep string I/O instructions need to be unrolled
|
|
* but SEV-ES supports them through the #VC handler.
|
|
*/
|
|
case CC_ATTR_GUEST_UNROLL_STRING_IO:
|
|
return (sev_status & MSR_AMD64_SEV_ENABLED) &&
|
|
!(sev_status & MSR_AMD64_SEV_ES_ENABLED);
|
|
|
|
case CC_ATTR_GUEST_SEV_SNP:
|
|
return sev_status & MSR_AMD64_SEV_SNP_ENABLED;
|
|
|
|
default:
|
|
return false;
|
|
}
|
|
#else
|
|
return false;
|
|
#endif
|
|
}
|
|
|
|
bool cc_platform_has(enum cc_attr attr)
|
|
{
|
|
switch (vendor) {
|
|
case CC_VENDOR_AMD:
|
|
return amd_cc_platform_has(attr);
|
|
case CC_VENDOR_INTEL:
|
|
return intel_cc_platform_has(attr);
|
|
default:
|
|
return false;
|
|
}
|
|
}
|
|
EXPORT_SYMBOL_GPL(cc_platform_has);
|
|
|
|
u64 cc_mkenc(u64 val)
|
|
{
|
|
/*
|
|
* Both AMD and Intel use a bit in the page table to indicate
|
|
* encryption status of the page.
|
|
*
|
|
* - for AMD, bit *set* means the page is encrypted
|
|
* - for AMD with vTOM and for Intel, *clear* means encrypted
|
|
*/
|
|
switch (vendor) {
|
|
case CC_VENDOR_AMD:
|
|
if (sev_status & MSR_AMD64_SNP_VTOM)
|
|
return val & ~cc_mask;
|
|
else
|
|
return val | cc_mask;
|
|
case CC_VENDOR_INTEL:
|
|
return val & ~cc_mask;
|
|
default:
|
|
return val;
|
|
}
|
|
}
|
|
|
|
u64 cc_mkdec(u64 val)
|
|
{
|
|
/* See comment in cc_mkenc() */
|
|
switch (vendor) {
|
|
case CC_VENDOR_AMD:
|
|
if (sev_status & MSR_AMD64_SNP_VTOM)
|
|
return val | cc_mask;
|
|
else
|
|
return val & ~cc_mask;
|
|
case CC_VENDOR_INTEL:
|
|
return val | cc_mask;
|
|
default:
|
|
return val;
|
|
}
|
|
}
|
|
EXPORT_SYMBOL_GPL(cc_mkdec);
|
|
|
|
__init void cc_set_vendor(enum cc_vendor v)
|
|
{
|
|
vendor = v;
|
|
}
|
|
|
|
__init void cc_set_mask(u64 mask)
|
|
{
|
|
cc_mask = mask;
|
|
}
|