diff options
author | Tianyu Lan <tiala@microsoft.com> | 2023-08-18 12:29:13 +0200 |
---|---|---|
committer | Wei Liu <wei.liu@kernel.org> | 2023-08-22 02:38:20 +0200 |
commit | b13103559dddbc64330c2e63ebf7342e70fbab4e (patch) | |
tree | bc4fb79146c0589f05555a756990fd415f00a8a4 | |
parent | x86/hyperv: Set Virtual Trust Level in VMBus init message (diff) | |
download | linux-b13103559dddbc64330c2e63ebf7342e70fbab4e.tar.xz linux-b13103559dddbc64330c2e63ebf7342e70fbab4e.zip |
x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest
hv vp assist page needs to be shared between SEV-SNP guest and Hyper-V.
So mark the page unencrypted in the SEV-SNP guest.
Reviewed-by: Dexuan Cui <decui@microsoft.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Signed-off-by: Tianyu Lan <tiala@microsoft.com>
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Link: https://lore.kernel.org/r/20230818102919.1318039-4-ltykernel@gmail.com
-rw-r--r-- | arch/x86/hyperv/hv_init.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c index 318010eb9f9e..bcfbcda8b050 100644 --- a/arch/x86/hyperv/hv_init.c +++ b/arch/x86/hyperv/hv_init.c @@ -18,6 +18,7 @@ #include <asm/hyperv-tlfs.h> #include <asm/mshyperv.h> #include <asm/idtentry.h> +#include <asm/set_memory.h> #include <linux/kexec.h> #include <linux/version.h> #include <linux/vmalloc.h> @@ -106,8 +107,21 @@ static int hv_cpu_init(unsigned int cpu) * in hv_cpu_die(), otherwise a CPU may not be stopped in the * case of CPU offlining and the VM will hang. */ - if (!*hvp) + if (!*hvp) { *hvp = __vmalloc(PAGE_SIZE, GFP_KERNEL | __GFP_ZERO); + + /* + * Hyper-V should never specify a VM that is a Confidential + * VM and also running in the root partition. Root partition + * is blocked to run in Confidential VM. So only decrypt assist + * page in non-root partition here. + */ + if (*hvp && hv_isolation_type_en_snp()) { + WARN_ON_ONCE(set_memory_decrypted((unsigned long)(*hvp), 1)); + memset(*hvp, 0, PAGE_SIZE); + } + } + if (*hvp) msr.pfn = vmalloc_to_pfn(*hvp); |