From nobody Tue Oct 7 03:50:43 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 94503264A8D; Fri, 3 Oct 2025 22:27:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530442; cv=none; b=OwKJeyLAvWbgM/yib2O4YGyFE52zqFr+G4+EY6aRRF5uFTLS5J+R5vVSLSlBE34FpPKUAGEoHcT+xttaRvCpkSzuLZmYGnbZyYUOj7SNXjvvi62vHWf+d1jM64xsqZeYcbZeyQ/bO8zMMmCnrsPgjGgdSPlWjKdOuBdm2Oj8r1U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530442; c=relaxed/simple; bh=hcFIG3T4MNb2ARwn9CRbYr0i6nyOoCICFoYPJ22UP2s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=hGp4iLbd8gWzDM3NGx1CBysluKtZU7/lEKOG33uNg/1UKLXk2p87XK4+WEN80q4/ZUB928BIYwJhr5uLg7Z0/2Sx1upg31EhoJv4xI8vFTeit9kTpbilK+CrB0RuzxENp3JutAsbPJtT0tCSXlnBDYCwgm5aF48oV+6/xVDrNmo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=mVBDNRQp; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="mVBDNRQp" Received: from romank-3650.corp.microsoft.com (unknown [131.107.1.188]) by linux.microsoft.com (Postfix) with ESMTPSA id 1EE41211C26E; Fri, 3 Oct 2025 15:27:13 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 1EE41211C26E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1759530433; bh=40rcjWUu9hqFGXSOLTbk90II9TuVay0g6H1Pk+zi9PA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mVBDNRQpPriXkaBZ21dU9JslMjWjB7RXLfVgnbO9aMhzFwE7DlBa78mmFZrM9HHed SJLs7EIe+9ef5oB5R/ZmExja3O0xttehCrTIiAQkxobuqTZd8OLi8II0OLoqoWrRpy H3K3GSDl5uwYgOlOHDW4Pfd8bw+/vv+mlOwemQi8= From: Roman Kisel To: arnd@arndb.de, bp@alien8.de, corbet@lwn.net, dave.hansen@linux.intel.com, decui@microsoft.com, haiyangz@microsoft.com, hpa@zytor.com, kys@microsoft.com, mikelley@microsoft.com, mingo@redhat.com, tglx@linutronix.de, Tianyu.Lan@microsoft.com, wei.liu@kernel.org, x86@kernel.org, linux-hyperv@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Cc: benhill@microsoft.com, bperkins@microsoft.com, sunilmut@microsoft.com, romank@linux.microsoft.com Subject: [PATCH hyperv-next v6 01/17] Documentation: hyperv: Confidential VMBus Date: Fri, 3 Oct 2025 15:26:54 -0700 Message-ID: <20251003222710.6257-2-romank@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251003222710.6257-1-romank@linux.microsoft.com> References: <20251003222710.6257-1-romank@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Define what the confidential VMBus is and describe what advantages it offers on the capable hardware. Signed-off-by: Roman Kisel Reviewed-by: Alok Tiwari Reviewed-by: Michael Kelley --- Documentation/virt/hyperv/coco.rst | 139 ++++++++++++++++++++++++++++- 1 file changed, 138 insertions(+), 1 deletion(-) diff --git a/Documentation/virt/hyperv/coco.rst b/Documentation/virt/hyperv= /coco.rst index c15d6fe34b4e..e00d94d9f88f 100644 --- a/Documentation/virt/hyperv/coco.rst +++ b/Documentation/virt/hyperv/coco.rst @@ -178,7 +178,7 @@ These Hyper-V and VMBus memory pages are marked as decr= ypted: =20 * VMBus monitor pages =20 -* Synthetic interrupt controller (synic) related pages (unless supplied by +* Synthetic interrupt controller (SynIC) related pages (unless supplied by the paravisor) =20 * Per-cpu hypercall input and output pages (unless running with a paraviso= r) @@ -232,6 +232,143 @@ with arguments explicitly describing the access. See _hv_pcifront_read_config() and _hv_pcifront_write_config() and the "use_calls" flag indicating to use hypercalls. =20 +Confidential VMBus +------------------ +The confidential VMBus enables the confidential guest not to interact with +the untrusted host partition and the untrusted hypervisor. Instead, the gu= est +relies on the trusted paravisor to communicate with the devices processing +sensitive data. The hardware (SNP or TDX) encrypts the guest memory and the +register state while measuring the paravisor image using the platform secu= rity +processor to ensure trusted and confidential computing. + +Confidential VMBus provides a secure communication channel between the gue= st +and the paravisor, ensuring that sensitive data is protected from hypervis= or- +level access through memory encryption and register state isolation. + +Confidential VMBus is an extension of Confidential Computing (CoCo) VMs +(a.k.a. "Isolated" VMs in Hyper-V terminology). Without Confidential VMBus, +guest VMBus device drivers (the "VSC"s in VMBus terminology) communicate +with VMBus servers (the VSPs) running on the Hyper-V host. The +communication must be through memory that has been decrypted so the +host can access it. With Confidential VMBus, one or more of the VSPs reside +in the trusted paravisor layer in the guest VM. Since the paravisor layer = also +operates in encrypted memory, the memory used for communication with +such VSPs does not need to be decrypted and thereby exposed to the +Hyper-V host. The paravisor is responsible for communicating securely +with the Hyper-V host as necessary. + +The data is transferred directly between the VM and a vPCI device (a.k.a. +a PCI pass-thru device, see :doc:`vpci`) that is directly assigned to VTL2 +and that supports encrypted memory. In such a case, neither the host parti= tion +nor the hypervisor has any access to the data. The guest needs to establish +a VMBus connection only with the paravisor for the channels that process +sensitive data, and the paravisor abstracts the details of communicating +with the specific devices away providing the guest with the well-establish= ed +VSP (Virtual Service Provider) interface that has had support in the Hyper= -V +drivers for a decade. + +In the case the device does not support encrypted memory, the paravisor +provides bounce-buffering, and although the data is not encrypted, the bac= king +pages aren't mapped into the host partition through SLAT. While not imposs= ible, +it becomes much more difficult for the host partition to exfiltrate the da= ta +than it would be with a conventional VMBus connection where the host parti= tion +has direct access to the memory used for communication. + +Here is the data flow for a conventional VMBus connection (`C` stands for = the +client or VSC, `S` for the server or VSP, the `DEVICE` is a physical one, = might +be with multiple virtual functions):: + + +---- GUEST ----+ +----- DEVICE ----+ +----- HOST -----+ + | | | | | | + | | | | | | + | | | =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= | + | | | | | | + | | | | | | + | | | | | | + +----- C -------+ +-----------------+ +------- S ------+ + || || + || || + +------||------------------ VMBus --------------------------||------+ + | Interrupts, MMIO | + +-------------------------------------------------------------------+ + +and the Confidential VMBus connection:: + + +---- GUEST --------------- VTL0 ------+ +-- DEVICE --+ + | | | | + | +- PARAVISOR --------- VTL2 -----+ | | | + | | +-- VMBus Relay ------+ =3D=3D=3D=3D+=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D | + | | | Interrupts, MMIO | | | | | + | | +-------- S ----------+ | | +------------+ + | | || | | + | +---------+ || | | + | | Linux | || OpenHCL | | + | | kernel | || | | + | +---- C --+-----||---------------+ | + | || || | + +-------++------- C -------------------+ +------------+ + || | HOST | + || +---- S -----+ + +-------||----------------- VMBus ---------------------------||-----+ + | Interrupts, MMIO | + +-------------------------------------------------------------------+ + +An implementation of the VMBus relay that offers the Confidential VMBus +channels is available in the OpenVMM project as a part of the OpenHCL +paravisor. Please refer to + + * https://openvmm.dev/, and + * https://github.com/microsoft/openvmm + +for more information about the OpenHCL paravisor. + +A guest that is running with a paravisor must determine at runtime if +Confidential VMBus is supported by the current paravisor.The x86_64-specif= ic +approach relies on the CPUID Virtualization Stack leaf; the ARM64 implemen= tation +is expected to support the Confidential VMBus unconditionally when running +the ARM CCA guests. + +Confidential VMBus is a characteristic of the VMBus connection as a whole, +and of each VMBus channel that is created. When a Confidential VMBus +connection is established, the paravisor provides the guest the message-pa= ssing +path that is used for VMBus device creation and deletion, and it provides a +per-CPU synthetic interrupt controller (SynIC) just like the SynIC that is +offered by the Hyper-V host. Each VMBus device that is offered to the guest +indicates the degree to which it participates in Confidential VMBus. The o= ffer +indicates if the device uses encrypted ring buffers, and if the device uses +encrypted memory for DMA that is done outside the ring buffer. These setti= ngs +may be different for different devices using the same Confidential VMBus +connection. + +Although these settings are separate, in practice it'll always be encrypted +ring buffer only, or both encrypted ring buffer and external data. If a ch= annel +is offered by the paravisor with confidential VMBus, the ring buffer can a= lways +be encrypted since it's strictly for communication between the VTL2 paravi= sor +and the VTL0 guest. However, other memory regions are often used for e.g. = DMA, +so they need to be accessible by the underlying hardware, and must be +unencrypted (unless the device supports encrypted memory). Currently, ther= e are +not any VSPs in OpenHCL that support encrypted external memory, but future +versions are expected to enable this capability. + +Because some devices on a Confidential VMBus may require decrypted ring bu= ffers +and DMA transfers, the guest must interact with two SynICs -- the one prov= ided +by the paravisor and the one provided by the Hyper-V host when Confidential +VMBus is not offered. Interrupts are always signaled by the paravisor SynI= C, +but the guest must check for messages and for channel interrupts on both S= ynICs. + +In the case of a confidential VMBus, regular SynIC access by the guest is +intercepted by the paravisor (this includes various MSRs such as the SIMP = and +SIEFP, as well as hypercalls like HvPostMessage and HvSignalEvent). If the +guest actually wants to communicate with the hypervisor, it has to use spe= cial +mechanisms (GHCB page on SNP, or tdcall on TDX). Messages can be of either +kind: with confidential VMBus, messages use the paravisor SynIC, and if the +guest chose to communicate directly to the hypervisor, they use the hyperv= isor +SynIC. For interrupt signaling, some channels may be running on the host +(non-confidential, using the VMBus relay) and use the hypervisor SynIC, and +some on the paravisor and use its SynIC. The RelIDs are coordinated by the +OpenHCL VMBus server and are guaranteed to be unique regardless of whether +the channel originated on the host or the paravisor. + load_unaligned_zeropad() ------------------------ When transitioning memory between encrypted and decrypted, the caller of --=20 2.43.0 From nobody Tue Oct 7 03:50:43 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7642426CE36; Fri, 3 Oct 2025 22:27:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530443; cv=none; b=Q+//3S1495OjACRY4SLvrXav6OfxjkGciyvrP6a93gOF84WXipycp+l2z4/EKJpiLbAdWxi6mVxDXwYOlpsNfw21ErI1hGCrRZ4+adAq8Tr+fBXHKLQtEAqhBqLWskJK5Ewgfa824JfwGlX5io6z/RJsAh1HrYrD9guNA4fu0zk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530443; c=relaxed/simple; bh=EmdqJonXQw8Z2jRYzc7M+re/J1jj/YLl7LNcNq5oadE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZCZ6Ty6l0MvhsxfvLkrucRmYOWOiEM7IgDuWoKPa3/qsqHLujoPBEZYwFCkW39uiKJo5pCG7N+WN8K44HR2MVlGVkhhPwJLRXK0k+qoK1ld7kJFiQ2U8BFNDEQS45756u5NdZv7g7QTvK+PsjRWIAVExe4XXh5W2kG65+Qlt5yw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=N6LDqWVg; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="N6LDqWVg" Received: from romank-3650.corp.microsoft.com (unknown [131.107.1.188]) by linux.microsoft.com (Postfix) with ESMTPSA id 2540E211C26F; Fri, 3 Oct 2025 15:27:14 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 2540E211C26F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1759530434; bh=FldRD6DSzqKiWEm+SYrmROJpKqct2rSUWKzgLhu9cnI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=N6LDqWVgHOHbCI5qco6QzkC1jstC68ADFTYDki8ReLllK+0+kMo+hyj6W0LI6oSXT ZLZ/ryqjC3umsMBPj2dLV8gF07Dr1jBSSi6D2XdxbQgrVA8SeTz+a3Gpd8X331yhGq watsKGO0vceHCH92v1iYzKnMTb8Zd9qolc2GNnAw= From: Roman Kisel To: arnd@arndb.de, bp@alien8.de, corbet@lwn.net, dave.hansen@linux.intel.com, decui@microsoft.com, haiyangz@microsoft.com, hpa@zytor.com, kys@microsoft.com, mikelley@microsoft.com, mingo@redhat.com, tglx@linutronix.de, Tianyu.Lan@microsoft.com, wei.liu@kernel.org, x86@kernel.org, linux-hyperv@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Cc: benhill@microsoft.com, bperkins@microsoft.com, sunilmut@microsoft.com, romank@linux.microsoft.com Subject: [PATCH hyperv-next v6 02/17] Drivers: hv: VMBus protocol version 6.0 Date: Fri, 3 Oct 2025 15:26:55 -0700 Message-ID: <20251003222710.6257-3-romank@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251003222710.6257-1-romank@linux.microsoft.com> References: <20251003222710.6257-1-romank@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The confidential VMBus is supported starting from the protocol version 6.0 onwards. Provide the required definitions. No functional changes. Signed-off-by: Roman Kisel Reviewed-by: Alok Tiwari Reviewed-by: Michael Kelley --- drivers/hv/hyperv_vmbus.h | 2 ++ drivers/hv/vmbus_drv.c | 12 +++++++ include/hyperv/hvgdk_mini.h | 1 + include/linux/hyperv.h | 69 +++++++++++++++++++++++++++---------- 4 files changed, 65 insertions(+), 19 deletions(-) diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h index 0b450e53161e..4a01797d4851 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h @@ -333,6 +333,8 @@ extern const struct vmbus_channel_message_table_entry =20 /* General vmbus interface */ =20 +bool vmbus_is_confidential(void); + struct hv_device *vmbus_device_create(const guid_t *type, const guid_t *instance, struct vmbus_channel *channel); diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index 69591dc7bad2..3c414560fa5f 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -56,6 +56,18 @@ static long __percpu *vmbus_evt; int vmbus_irq; int vmbus_interrupt; =20 +/* + * If the Confidential VMBus is used, the data on the "wire" is not + * visible to either the host or the hypervisor. + */ +static bool is_confidential; + +bool vmbus_is_confidential(void) +{ + return is_confidential; +} +EXPORT_SYMBOL_GPL(vmbus_is_confidential); + /* * The panic notifier below is responsible solely for unloading the * vmbus connection, which is necessary in a panic event. diff --git a/include/hyperv/hvgdk_mini.h b/include/hyperv/hvgdk_mini.h index 77abddfc750e..7f730a0e54e6 100644 --- a/include/hyperv/hvgdk_mini.h +++ b/include/hyperv/hvgdk_mini.h @@ -260,6 +260,7 @@ union hv_hypervisor_version_info { #define HYPERV_CPUID_VIRT_STACK_PROPERTIES 0x40000082 /* Support for the extended IOAPIC RTE format */ #define HYPERV_VS_PROPERTIES_EAX_EXTENDED_IOAPIC_RTE BIT(2) +#define HYPERV_VS_PROPERTIES_EAX_CONFIDENTIAL_VMBUS_AVAILABLE BIT(3) =20 #define HYPERV_HYPERVISOR_PRESENT_BIT 0x80000000 #define HYPERV_CPUID_MIN 0x40000005 diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h index 59826c89171c..dfc516c1c719 100644 --- a/include/linux/hyperv.h +++ b/include/linux/hyperv.h @@ -265,16 +265,18 @@ static inline u32 hv_get_avail_to_write_percent( * Linux kernel. */ =20 -#define VERSION_WS2008 ((0 << 16) | (13)) -#define VERSION_WIN7 ((1 << 16) | (1)) -#define VERSION_WIN8 ((2 << 16) | (4)) -#define VERSION_WIN8_1 ((3 << 16) | (0)) -#define VERSION_WIN10 ((4 << 16) | (0)) -#define VERSION_WIN10_V4_1 ((4 << 16) | (1)) -#define VERSION_WIN10_V5 ((5 << 16) | (0)) -#define VERSION_WIN10_V5_1 ((5 << 16) | (1)) -#define VERSION_WIN10_V5_2 ((5 << 16) | (2)) -#define VERSION_WIN10_V5_3 ((5 << 16) | (3)) +#define VMBUS_MAKE_VERSION(MAJ, MIN) ((((u32)MAJ) << 16) | (MIN)) +#define VERSION_WS2008 VMBUS_MAKE_VERSION(0, 13) +#define VERSION_WIN7 VMBUS_MAKE_VERSION(1, 1) +#define VERSION_WIN8 VMBUS_MAKE_VERSION(2, 4) +#define VERSION_WIN8_1 VMBUS_MAKE_VERSION(3, 0) +#define VERSION_WIN10 VMBUS_MAKE_VERSION(4, 0) +#define VERSION_WIN10_V4_1 VMBUS_MAKE_VERSION(4, 1) +#define VERSION_WIN10_V5 VMBUS_MAKE_VERSION(5, 0) +#define VERSION_WIN10_V5_1 VMBUS_MAKE_VERSION(5, 1) +#define VERSION_WIN10_V5_2 VMBUS_MAKE_VERSION(5, 2) +#define VERSION_WIN10_V5_3 VMBUS_MAKE_VERSION(5, 3) +#define VERSION_WIN10_V6_0 VMBUS_MAKE_VERSION(6, 0) =20 /* Make maximum size of pipe payload of 16K */ #define MAX_PIPE_DATA_PAYLOAD (sizeof(u8) * 16384) @@ -335,14 +337,22 @@ struct vmbus_channel_offer { } __packed; =20 /* Server Flags */ -#define VMBUS_CHANNEL_ENUMERATE_DEVICE_INTERFACE 1 -#define VMBUS_CHANNEL_SERVER_SUPPORTS_TRANSFER_PAGES 2 -#define VMBUS_CHANNEL_SERVER_SUPPORTS_GPADLS 4 -#define VMBUS_CHANNEL_NAMED_PIPE_MODE 0x10 -#define VMBUS_CHANNEL_LOOPBACK_OFFER 0x100 -#define VMBUS_CHANNEL_PARENT_OFFER 0x200 -#define VMBUS_CHANNEL_REQUEST_MONITORED_NOTIFICATION 0x400 -#define VMBUS_CHANNEL_TLNPI_PROVIDER_OFFER 0x2000 +#define VMBUS_CHANNEL_ENUMERATE_DEVICE_INTERFACE 0x0001 +/* + * This flag indicates that the channel is offered by the paravisor, and m= ust + * use encrypted memory for the channel ring buffer. + */ +#define VMBUS_CHANNEL_CONFIDENTIAL_RING_BUFFER 0x0002 +/* + * This flag indicates that the channel is offered by the paravisor, and m= ust + * use encrypted memory for GPA direct packets and additional GPADLs. + */ +#define VMBUS_CHANNEL_CONFIDENTIAL_EXTERNAL_MEMORY 0x0004 +#define VMBUS_CHANNEL_NAMED_PIPE_MODE 0x0010 +#define VMBUS_CHANNEL_LOOPBACK_OFFER 0x0100 +#define VMBUS_CHANNEL_PARENT_OFFER 0x0200 +#define VMBUS_CHANNEL_REQUEST_MONITORED_NOTIFICATION 0x0400 +#define VMBUS_CHANNEL_TLNPI_PROVIDER_OFFER 0x2000 =20 struct vmpacket_descriptor { u16 type; @@ -621,6 +631,12 @@ struct vmbus_channel_relid_released { u32 child_relid; } __packed; =20 +/* + * Used by the paravisor only, means that the encrypted ring buffers and + * the encrypted external memory are supported + */ +#define VMBUS_FEATURE_FLAG_CONFIDENTIAL_CHANNELS 0x10 + struct vmbus_channel_initiate_contact { struct vmbus_channel_message_header header; u32 vmbus_version_requested; @@ -630,7 +646,8 @@ struct vmbus_channel_initiate_contact { struct { u8 msg_sint; u8 msg_vtl; - u8 reserved[6]; + u8 reserved[2]; + u32 feature_flags; /* VMBus version 6.0 */ }; }; u64 monitor_page1; @@ -1003,6 +1020,10 @@ struct vmbus_channel { =20 /* boolean to control visibility of sysfs for ring buffer */ bool ring_sysfs_visible; + /* The ring buffer is encrypted */ + bool co_ring_buffer; + /* The external memory is encrypted */ + bool co_external_memory; }; =20 #define lock_requestor(channel, flags) \ @@ -1027,6 +1048,16 @@ u64 vmbus_request_addr_match(struct vmbus_channel *c= hannel, u64 trans_id, u64 rqst_addr); u64 vmbus_request_addr(struct vmbus_channel *channel, u64 trans_id); =20 +static inline bool is_co_ring_buffer(const struct vmbus_channel_offer_chan= nel *o) +{ + return !!(o->offer.chn_flags & VMBUS_CHANNEL_CONFIDENTIAL_RING_BUFFER); +} + +static inline bool is_co_external_memory(const struct vmbus_channel_offer_= channel *o) +{ + return !!(o->offer.chn_flags & VMBUS_CHANNEL_CONFIDENTIAL_EXTERNAL_MEMORY= ); +} + static inline bool is_hvsock_offer(const struct vmbus_channel_offer_channe= l *o) { return !!(o->offer.chn_flags & VMBUS_CHANNEL_TLNPI_PROVIDER_OFFER); --=20 2.43.0 From nobody Tue Oct 7 03:50:43 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 76377269B0D; Fri, 3 Oct 2025 22:27:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530443; cv=none; b=JQ6/+gEHlaWVYWKAPW7eOKY6JyneCNseY+JqzVSAmc5oHADrCrQK70B7up+LnqRdesVOgckmaC05yO9RLxUX616qJNuh/lO6CLKiPZpiNtAwRRBMxN1TzsBE4v9x9bYsir9EXvXl35uGTiXtsWMzieYqyzFVkioC5+YUcsUnWLQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530443; c=relaxed/simple; bh=xVElnd3V/ymyu1N/Rt/2oKiDXH68oMwhNyFjCVAIZzI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=I5dBk7lfBfbt4omRsZg0B/35UVe1nPYXttY00/fwErMaqoDLuIxdEwfUHKDuF6e33RYCTOArH/MFTuyRyqP5MMjMbcY0F0mS2jfEqufImAHSP7eFU8gFar6EMLm8Crnfz8myp+jOqBB2HDu8nwQhLZtjZRyFo8YUXmZ1yzreDRI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=CY/y5MZT; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="CY/y5MZT" Received: from romank-3650.corp.microsoft.com (unknown [131.107.1.188]) by linux.microsoft.com (Postfix) with ESMTPSA id E4A16211C273; Fri, 3 Oct 2025 15:27:14 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com E4A16211C273 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1759530435; bh=j5zGyiGsUlHWBg6rMNx71IR0uGVAcVwN+RhBfbUB3DQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CY/y5MZT6OPj8KsdoHwtiBbyiH02pLvsxAJ6xoYibVM3QJkOGvs+o6dXqHDiqCU6I BQqqrSxBrB35VTgh2It3N4+l4jMVfszDnvmeBm7RFpMMIbM8GH2Bpm+n2LrzTCPS3V qkvYrI6KGPD4lRFHwFFV3nJPhBZOpIbYlY4kIJPA= From: Roman Kisel To: arnd@arndb.de, bp@alien8.de, corbet@lwn.net, dave.hansen@linux.intel.com, decui@microsoft.com, haiyangz@microsoft.com, hpa@zytor.com, kys@microsoft.com, mikelley@microsoft.com, mingo@redhat.com, tglx@linutronix.de, Tianyu.Lan@microsoft.com, wei.liu@kernel.org, x86@kernel.org, linux-hyperv@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Cc: benhill@microsoft.com, bperkins@microsoft.com, sunilmut@microsoft.com, romank@linux.microsoft.com Subject: [PATCH hyperv-next v6 03/17] arch/x86: mshyperv: Discover Confidential VMBus availability Date: Fri, 3 Oct 2025 15:26:56 -0700 Message-ID: <20251003222710.6257-4-romank@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251003222710.6257-1-romank@linux.microsoft.com> References: <20251003222710.6257-1-romank@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Confidential VMBus requires enabling paravisor SynIC, and the x86_64 guest has to inspect the Virtualization Stack (VS) CPUID leaf to see if Confidential VMBus is available. If it is, the guest shall enable the paravisor SynIC. Read the relevant data from the VS CPUID leaf. Refactor the code to avoid repeating CPUID and add flags to the struct ms_hyperv_info. For ARM64, the flag for Confidential VMBus is not set which provides the desired behaviour for now as it is not available on ARM64 just yet. Once ARM64 CCA guests are supported, this flag will be set unconditionally when running such a guest. Signed-off-by: Roman Kisel --- arch/x86/kernel/cpu/mshyperv.c | 28 +++++++++++++++------------- include/asm-generic/mshyperv.h | 2 ++ 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c index 25773af116bc..57163c7a000f 100644 --- a/arch/x86/kernel/cpu/mshyperv.c +++ b/arch/x86/kernel/cpu/mshyperv.c @@ -434,7 +434,7 @@ EXPORT_SYMBOL_GPL(hv_get_hypervisor_version); =20 static void __init ms_hyperv_init_platform(void) { - int hv_max_functions_eax; + int hv_max_functions_eax, eax; =20 #ifdef CONFIG_PARAVIRT pv_info.name =3D "Hyper-V"; @@ -469,6 +469,19 @@ static void __init ms_hyperv_init_platform(void) pr_info("Hyper-V: running on a nested hypervisor\n"); } =20 + /* + * There is no check against the max function for HYPERV_CPUID_VIRT_STACK= _* CPUID + * leaves as the hypervisor doesn't handle them. Even a nested root parti= tion (L2 + * root) will not get them because the nested (L1) hypervisor filters the= m out. + * These are handled through intercept processing by the Windows Hyper-V = stack + * or the paravisor. + */ + eax =3D cpuid_eax(HYPERV_CPUID_VIRT_STACK_PROPERTIES); + ms_hyperv.confidential_vmbus_available =3D + eax & HYPERV_VS_PROPERTIES_EAX_CONFIDENTIAL_VMBUS_AVAILABLE; + ms_hyperv.msi_ext_dest_id =3D + eax & HYPERV_VS_PROPERTIES_EAX_EXTENDED_IOAPIC_RTE; + if (ms_hyperv.features & HV_ACCESS_FREQUENCY_MSRS && ms_hyperv.misc_features & HV_FEATURE_FREQUENCY_MSRS_AVAILABLE) { x86_platform.calibrate_tsc =3D hv_get_tsc_khz; @@ -668,21 +681,10 @@ static bool __init ms_hyperv_x2apic_available(void) * pci-hyperv host bridge. * * Note: for a Hyper-V root partition, this will always return false. - * The hypervisor doesn't expose these HYPERV_CPUID_VIRT_STACK_* cpuids by - * default, they are implemented as intercepts by the Windows Hyper-V stac= k. - * Even a nested root partition (L2 root) will not get them because the - * nested (L1) hypervisor filters them out. */ static bool __init ms_hyperv_msi_ext_dest_id(void) { - u32 eax; - - eax =3D cpuid_eax(HYPERV_CPUID_VIRT_STACK_INTERFACE); - if (eax !=3D HYPERV_VS_INTERFACE_EAX_SIGNATURE) - return false; - - eax =3D cpuid_eax(HYPERV_CPUID_VIRT_STACK_PROPERTIES); - return eax & HYPERV_VS_PROPERTIES_EAX_EXTENDED_IOAPIC_RTE; + return ms_hyperv.msi_ext_dest_id; } =20 #ifdef CONFIG_AMD_MEM_ENCRYPT diff --git a/include/asm-generic/mshyperv.h b/include/asm-generic/mshyperv.h index 64ba6bc807d9..9049a9617324 100644 --- a/include/asm-generic/mshyperv.h +++ b/include/asm-generic/mshyperv.h @@ -62,6 +62,8 @@ struct ms_hyperv_info { }; }; u64 shared_gpa_boundary; + bool msi_ext_dest_id; + bool confidential_vmbus_available; }; extern struct ms_hyperv_info ms_hyperv; extern bool hv_nested; --=20 2.43.0 From nobody Tue Oct 7 03:50:43 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6450F274B44; Fri, 3 Oct 2025 22:27:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530444; cv=none; b=RfXJ2f7bltT3/x4Ji3uysAXYT9UrV4+Z/nfEr8FaBlWpxL1MpDgZW6GOF1MvZGtrIoLPmI+qGX9Tt0QivU8LgT4rf1rnvTqtl3/lQarL+vCT1WNtb2TjdwWlEWK0ANtNnbZpNH33LSPgEqtw9kJxSWCL+Pj4pAzqV0Rgoxo6hcg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530444; c=relaxed/simple; bh=cyDr5I7iXMv1WYt5xncj5fSI+68lwvx6K0dyTWcHBg4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PUaYgUuoEdWoLTe3Q4alBEWcRdB9YGVOqVWXBaF4I6sfkbcd3h0rhn3vWBiRc49RpApKWM5iwk47NCaD4X+5CVwwGQOG1aAu+BVm60U74KRl5HQmNUEqDs9UbMCQs1qwYXw8tSupmXilr6utZFadet+zILa6jCqnKXy9GvlKTSo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=iIIvDp49; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="iIIvDp49" Received: from romank-3650.corp.microsoft.com (unknown [131.107.1.188]) by linux.microsoft.com (Postfix) with ESMTPSA id A4F37211C272; Fri, 3 Oct 2025 15:27:15 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com A4F37211C272 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1759530435; bh=8W+5HDLzBlLq6Vdch6raMO3k9vQvcmFeqa68xKouQCs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=iIIvDp49tU/mw4TM1NlAvFs6KLWqhX1opUBe6FmLk2AH0y62AMoGgt2Byf0UnCjVz WwQHTfzMlJHDkSqmitW1UhUIPchop8nvJJFOo+0qIkT5eYmiiz3OE69B+Y0RNGjqr8 U3GzF0WfTf5pNULfBtLSX7ioqkO8jlanPC9J+OfA= From: Roman Kisel To: arnd@arndb.de, bp@alien8.de, corbet@lwn.net, dave.hansen@linux.intel.com, decui@microsoft.com, haiyangz@microsoft.com, hpa@zytor.com, kys@microsoft.com, mikelley@microsoft.com, mingo@redhat.com, tglx@linutronix.de, Tianyu.Lan@microsoft.com, wei.liu@kernel.org, x86@kernel.org, linux-hyperv@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Cc: benhill@microsoft.com, bperkins@microsoft.com, sunilmut@microsoft.com, romank@linux.microsoft.com Subject: [PATCH hyperv-next v6 04/17] arch: hyperv: Get/set SynIC synth.registers via paravisor Date: Fri, 3 Oct 2025 15:26:57 -0700 Message-ID: <20251003222710.6257-5-romank@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251003222710.6257-1-romank@linux.microsoft.com> References: <20251003222710.6257-1-romank@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The existing Hyper-V wrappers for getting and setting MSRs are hv_get/set_msr(). Via hv_get/set_non_nested_msr(), they detect when running in a CoCo VM with a paravisor, and use the TDX or SNP guest-host communication protocol to bypass the paravisor and go directly to the host hypervisor for SynIC MSRs. The "set" function also implements the required special handling for the SINT MSRs. Provide functions that allow manipulating the SynIC registers through the paravisor. Move vmbus_signal_eom() to a more appropriate location (which also avoids breaking KVM). Signed-off-by: Roman Kisel Reviewed-by: Alok Tiwari Reviewed-by: Michael Kelley --- arch/x86/kernel/cpu/mshyperv.c | 20 ++++++++++++++++ drivers/hv/hv_common.c | 11 +++++++++ drivers/hv/hyperv_vmbus.h | 44 ++++++++++++++++++++++++++++++++++ include/asm-generic/mshyperv.h | 42 ++------------------------------ 4 files changed, 77 insertions(+), 40 deletions(-) diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c index 57163c7a000f..af5a3bbbca9f 100644 --- a/arch/x86/kernel/cpu/mshyperv.c +++ b/arch/x86/kernel/cpu/mshyperv.c @@ -90,6 +90,26 @@ void hv_set_non_nested_msr(unsigned int reg, u64 value) } EXPORT_SYMBOL_GPL(hv_set_non_nested_msr); =20 +/* + * Get the SynIC register value from the paravisor. + */ +u64 hv_para_get_synic_register(unsigned int reg) +{ + if (WARN_ON(!ms_hyperv.paravisor_present || !hv_is_synic_msr(reg))) + return ~0ULL; + return native_read_msr(reg); +} + +/* + * Set the SynIC register value with the paravisor. + */ +void hv_para_set_synic_register(unsigned int reg, u64 val) +{ + if (WARN_ON(!ms_hyperv.paravisor_present || !hv_is_synic_msr(reg))) + return; + native_write_msr(reg, val); +} + u64 hv_get_msr(unsigned int reg) { if (hv_nested) diff --git a/drivers/hv/hv_common.c b/drivers/hv/hv_common.c index e109a620c83f..8756ca834546 100644 --- a/drivers/hv/hv_common.c +++ b/drivers/hv/hv_common.c @@ -716,6 +716,17 @@ u64 __weak hv_tdx_hypercall(u64 control, u64 param1, u= 64 param2) } EXPORT_SYMBOL_GPL(hv_tdx_hypercall); =20 +u64 __weak hv_para_get_synic_register(unsigned int reg) +{ + return ~0ULL; +} +EXPORT_SYMBOL_GPL(hv_para_get_synic_register); + +void __weak hv_para_set_synic_register(unsigned int reg, u64 val) +{ +} +EXPORT_SYMBOL_GPL(hv_para_set_synic_register); + void hv_identify_partition_type(void) { /* Assume guest role */ diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h index 4a01797d4851..9ac6f5520287 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -335,6 +336,49 @@ extern const struct vmbus_channel_message_table_entry =20 bool vmbus_is_confidential(void); =20 +#if IS_ENABLED(CONFIG_HYPERV_VMBUS) +/* Free the message slot and signal end-of-message if required */ +static inline void vmbus_signal_eom(struct hv_message *msg, u32 old_msg_ty= pe) +{ + /* + * On crash we're reading some other CPU's message page and we need + * to be careful: this other CPU may already had cleared the header + * and the host may already had delivered some other message there. + * In case we blindly write msg->header.message_type we're going + * to lose it. We can still lose a message of the same type but + * we count on the fact that there can only be one + * CHANNELMSG_UNLOAD_RESPONSE and we don't care about other messages + * on crash. + */ + if (cmpxchg(&msg->header.message_type, old_msg_type, + HVMSG_NONE) !=3D old_msg_type) + return; + + /* + * The cmxchg() above does an implicit memory barrier to + * ensure the write to MessageType (ie set to + * HVMSG_NONE) happens before we read the + * MessagePending and EOMing. Otherwise, the EOMing + * will not deliver any more messages since there is + * no empty slot + */ + if (msg->header.message_flags.msg_pending) { + /* + * This will cause message queue rescan to + * possibly deliver another msg from the + * hypervisor + */ + if (vmbus_is_confidential()) + hv_para_set_synic_register(HV_MSR_EOM, 0); + else + hv_set_msr(HV_MSR_EOM, 0); + } +} + +extern int vmbus_interrupt; +extern int vmbus_irq; +#endif /* CONFIG_HYPERV_VMBUS */ + struct hv_device *vmbus_device_create(const guid_t *type, const guid_t *instance, struct vmbus_channel *channel); diff --git a/include/asm-generic/mshyperv.h b/include/asm-generic/mshyperv.h index 9049a9617324..c010059f1518 100644 --- a/include/asm-generic/mshyperv.h +++ b/include/asm-generic/mshyperv.h @@ -165,46 +165,6 @@ static inline u64 hv_generate_guest_id(u64 kernel_vers= ion) return guest_id; } =20 -#if IS_ENABLED(CONFIG_HYPERV_VMBUS) -/* Free the message slot and signal end-of-message if required */ -static inline void vmbus_signal_eom(struct hv_message *msg, u32 old_msg_ty= pe) -{ - /* - * On crash we're reading some other CPU's message page and we need - * to be careful: this other CPU may already had cleared the header - * and the host may already had delivered some other message there. - * In case we blindly write msg->header.message_type we're going - * to lose it. We can still lose a message of the same type but - * we count on the fact that there can only be one - * CHANNELMSG_UNLOAD_RESPONSE and we don't care about other messages - * on crash. - */ - if (cmpxchg(&msg->header.message_type, old_msg_type, - HVMSG_NONE) !=3D old_msg_type) - return; - - /* - * The cmxchg() above does an implicit memory barrier to - * ensure the write to MessageType (ie set to - * HVMSG_NONE) happens before we read the - * MessagePending and EOMing. Otherwise, the EOMing - * will not deliver any more messages since there is - * no empty slot - */ - if (msg->header.message_flags.msg_pending) { - /* - * This will cause message queue rescan to - * possibly deliver another msg from the - * hypervisor - */ - hv_set_msr(HV_MSR_EOM, 0); - } -} - -extern int vmbus_interrupt; -extern int vmbus_irq; -#endif /* CONFIG_HYPERV_VMBUS */ - int hv_get_hypervisor_version(union hv_hypervisor_version_info *info); =20 void hv_setup_vmbus_handler(void (*handler)(void)); @@ -338,6 +298,8 @@ bool hv_is_isolation_supported(void); bool hv_isolation_type_snp(void); u64 hv_ghcb_hypercall(u64 control, void *input, void *output, u32 input_si= ze); u64 hv_tdx_hypercall(u64 control, u64 param1, u64 param2); +u64 hv_para_get_synic_register(unsigned int reg); +void hv_para_set_synic_register(unsigned int reg, u64 val); void hyperv_cleanup(void); bool hv_query_ext_cap(u64 cap_query); void hv_setup_dma_ops(struct device *dev, bool coherent); --=20 2.43.0 From nobody Tue Oct 7 03:50:43 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C0EB52727FA; Fri, 3 Oct 2025 22:27:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530443; cv=none; b=UzSyQGHuCRtx4MtqDoN1DmiXPNMif3hE4bWX5+Ntxm8MQAceGSHZIXCte0Vzpi/jntC1bemDYYAKtJE5nvzPACrQ1rWOy6NIZOqHMVP0QW79lnN8pWCkAB2wo21LHtgeZqa3FiiZyZgI5DaeEkH8jd2lsMT3ueOOldi7876YFLo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530443; c=relaxed/simple; bh=JKOTrjlVUJKUHFdIEfBYdS4J3LoK5/GyGoQx3ebwVUg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NLjRsCHJkw84WqOOiGrCJjyHaNqb7H7W2PtXIZ2rAjhyobwcJRljMi8sXhtOt4ro5S10Swg9npmSlwrmTaKznl/17MS9qdz/vauIp4wyzO8/TblpzTraQuompyhfoRmBxCzquvDnkeD2JYiTqICRmmSSgd0HZGwFY2dIcBzl0V8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=nXtL3cUm; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="nXtL3cUm" Received: from romank-3650.corp.microsoft.com (unknown [131.107.1.188]) by linux.microsoft.com (Postfix) with ESMTPSA id 71EAF211C270; Fri, 3 Oct 2025 15:27:16 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 71EAF211C270 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1759530436; bh=pJK0kJZ3LPfApoiqeuoQOMOzMEFQVROkUSaqumH4kCw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=nXtL3cUmo5KIPYNgJ5yYQSpCkyK0thyUtC1ae8z8dF5t14lPAoI+QRR9PZg4h3B/A LsWmUy+m11fzGTgVnuwdbfuD9LI5gvMHNjH99KIWXO8bDB2B0nkZox6TmlN/XSgXt+ c2vTCbn5rHWRwjPCGga8zJ4FoMZoAAvXYj6IDhNQ= From: Roman Kisel To: arnd@arndb.de, bp@alien8.de, corbet@lwn.net, dave.hansen@linux.intel.com, decui@microsoft.com, haiyangz@microsoft.com, hpa@zytor.com, kys@microsoft.com, mikelley@microsoft.com, mingo@redhat.com, tglx@linutronix.de, Tianyu.Lan@microsoft.com, wei.liu@kernel.org, x86@kernel.org, linux-hyperv@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Cc: benhill@microsoft.com, bperkins@microsoft.com, sunilmut@microsoft.com, romank@linux.microsoft.com Subject: [PATCH hyperv-next v6 05/17] arch/x86: mshyperv: Trap on access for some synthetic MSRs Date: Fri, 3 Oct 2025 15:26:58 -0700 Message-ID: <20251003222710.6257-6-romank@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251003222710.6257-1-romank@linux.microsoft.com> References: <20251003222710.6257-1-romank@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" hv_set_non_nested_msr() has special handling for SINT MSRs when a paravisor is present. In addition to updating the MSR on the host, the mirror MSR in the paravisor is updated, including with the proxy bit. But with Confidential VMBus, the proxy bit must not be used, so add a special case to skip it. Signed-off-by: Roman Kisel Reviewed-by: Alok Tiwari Reviewed-by: Tianyu Lan --- arch/x86/kernel/cpu/mshyperv.c | 29 +++++++++++++++++++++++++---- drivers/hv/hv_common.c | 5 +++++ include/asm-generic/mshyperv.h | 1 + 3 files changed, 31 insertions(+), 4 deletions(-) diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c index af5a3bbbca9f..b410b930938a 100644 --- a/arch/x86/kernel/cpu/mshyperv.c +++ b/arch/x86/kernel/cpu/mshyperv.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include @@ -38,6 +39,12 @@ bool hv_nested; struct ms_hyperv_info ms_hyperv; =20 +/* + * When running with the paravisor, controls proxying the synthetic interr= upts + * from the host + */ +static bool hv_para_sint_proxy; + /* Used in modules via hv_do_hypercall(): see arch/x86/include/asm/mshyper= v.h */ bool hyperv_paravisor_present __ro_after_init; EXPORT_SYMBOL_GPL(hyperv_paravisor_present); @@ -79,17 +86,31 @@ EXPORT_SYMBOL_GPL(hv_get_non_nested_msr); void hv_set_non_nested_msr(unsigned int reg, u64 value) { if (hv_is_synic_msr(reg) && ms_hyperv.paravisor_present) { + /* The hypervisor will get the intercept. */ hv_ivm_msr_write(reg, value); =20 - /* Write proxy bit via wrmsl instruction */ - if (hv_is_sint_msr(reg)) - wrmsrq(reg, value | 1 << 20); + /* Using wrmsrq so the following goes to the paravisor. */ + if (hv_is_sint_msr(reg)) { + union hv_synic_sint sint =3D { .as_uint64 =3D value }; + + sint.proxy =3D hv_para_sint_proxy; + native_wrmsrq(reg, sint.as_uint64); + } } else { - wrmsrq(reg, value); + native_wrmsrq(reg, value); } } EXPORT_SYMBOL_GPL(hv_set_non_nested_msr); =20 +/* + * Enable or disable proxying synthetic interrupts + * to the paravisor. + */ +void hv_para_set_sint_proxy(bool enable) +{ + hv_para_sint_proxy =3D enable; +} + /* * Get the SynIC register value from the paravisor. */ diff --git a/drivers/hv/hv_common.c b/drivers/hv/hv_common.c index 8756ca834546..1a5c7a358971 100644 --- a/drivers/hv/hv_common.c +++ b/drivers/hv/hv_common.c @@ -716,6 +716,11 @@ u64 __weak hv_tdx_hypercall(u64 control, u64 param1, u= 64 param2) } EXPORT_SYMBOL_GPL(hv_tdx_hypercall); =20 +void __weak hv_para_set_sint_proxy(bool enable) +{ +} +EXPORT_SYMBOL_GPL(hv_para_set_sint_proxy); + u64 __weak hv_para_get_synic_register(unsigned int reg) { return ~0ULL; diff --git a/include/asm-generic/mshyperv.h b/include/asm-generic/mshyperv.h index c010059f1518..3955ba6d60b8 100644 --- a/include/asm-generic/mshyperv.h +++ b/include/asm-generic/mshyperv.h @@ -298,6 +298,7 @@ bool hv_is_isolation_supported(void); bool hv_isolation_type_snp(void); u64 hv_ghcb_hypercall(u64 control, void *input, void *output, u32 input_si= ze); u64 hv_tdx_hypercall(u64 control, u64 param1, u64 param2); +void hv_para_set_sint_proxy(bool enable); u64 hv_para_get_synic_register(unsigned int reg); void hv_para_set_synic_register(unsigned int reg, u64 val); void hyperv_cleanup(void); --=20 2.43.0 From nobody Tue Oct 7 03:50:43 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BF6EB2727E3; Fri, 3 Oct 2025 22:27:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530443; cv=none; b=Ks+Pb8m5bdbYelt1Q3EX9kIU4+x6Y5fQojOxLgHhlUXP9CnXnDBCAlTqMW9FXucmOKgJraUuelcK2Vaffgw4aN2SI2ex4GEtHRImUhCR5XrgRW3cAahzcDHiXXTNjAoZ4r00rUBT0MtX8bFPONfF3EX69FWJUs3Y7uZFji0Dcp4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530443; c=relaxed/simple; bh=w6eBcbCBg83KK16MixPSnTYi2YgGONo2iUXGQvGoybs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=NmM7v6xq2LjAFbL7C2zpLaXi2nK0loc/fB/qtwY7U3c77Xw/ksuIC8ZwC1wRcMG5jn2bV5CAas8WBiSqwt39syxICcZn/tLFcNjm4lEm03yKqVqu/pl60TKTwvABrM83Tr0oWfXWU2IO40IqtJdhOprJmKtDtJDPyJb6sKiIgcw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=BX6hDh3r; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="BX6hDh3r" Received: from romank-3650.corp.microsoft.com (unknown [131.107.1.188]) by linux.microsoft.com (Postfix) with ESMTPSA id 133F1211C274; Fri, 3 Oct 2025 15:27:17 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 133F1211C274 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1759530437; bh=89Wu0GLHW4v0p3+AxQWhCDJatbg72b6BoQ6TL9uJTcM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BX6hDh3riHsHEj58970yNsyrAnrRHeH+NnNqlZrjcFLbkbVMoaTSXLXKSOCOkSUBS 0FVnrKalghHPl+3eSGm1frDZtkZUOyzPyMDMsZVU2M1+bZkda6KcTyFmPHS4m+Qi+V ur+ZdwJsqKW2S4OvvRsNBkLDVaz9UYVhwBBOtYo8= From: Roman Kisel To: arnd@arndb.de, bp@alien8.de, corbet@lwn.net, dave.hansen@linux.intel.com, decui@microsoft.com, haiyangz@microsoft.com, hpa@zytor.com, kys@microsoft.com, mikelley@microsoft.com, mingo@redhat.com, tglx@linutronix.de, Tianyu.Lan@microsoft.com, wei.liu@kernel.org, x86@kernel.org, linux-hyperv@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Cc: benhill@microsoft.com, bperkins@microsoft.com, sunilmut@microsoft.com, romank@linux.microsoft.com Subject: [PATCH hyperv-next v6 06/17] Drivers: hv: Rename fields for SynIC message and event pages Date: Fri, 3 Oct 2025 15:26:59 -0700 Message-ID: <20251003222710.6257-7-romank@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251003222710.6257-1-romank@linux.microsoft.com> References: <20251003222710.6257-1-romank@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Confidential VMBus requires interacting with two SynICs -- one provided by the host hypervisor, and one provided by the paravisor. Each SynIC requires its own message and event pages. Rename the existing host-accessible SynIC message and event pages with the "hyp_" prefix to clearly distinguish them from the paravisor ones. The field name is also changed in mshv_root.* for consistency. No functional changes. Signed-off-by: Roman Kisel Reviewed-by: Tianyu Lan Reviewed-by: Michael Kelley --- drivers/hv/channel_mgmt.c | 6 ++-- drivers/hv/hv.c | 66 +++++++++++++++++++-------------------- drivers/hv/hyperv_vmbus.h | 4 +-- drivers/hv/mshv_root.h | 2 +- drivers/hv/mshv_synic.c | 6 ++-- drivers/hv/vmbus_drv.c | 6 ++-- 6 files changed, 45 insertions(+), 45 deletions(-) diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c index 65dd299e2944..1a33c6944b3c 100644 --- a/drivers/hv/channel_mgmt.c +++ b/drivers/hv/channel_mgmt.c @@ -844,14 +844,14 @@ static void vmbus_wait_for_unload(void) =3D per_cpu_ptr(hv_context.cpu_context, cpu); =20 /* - * In a CoCo VM the synic_message_page is not allocated + * In a CoCo VM the hyp_synic_message_page is not allocated * in hv_synic_alloc(). Instead it is set/cleared in * hv_synic_enable_regs() and hv_synic_disable_regs() * such that it is set only when the CPU is online. If * not all present CPUs are online, the message page * might be NULL, so skip such CPUs. */ - page_addr =3D hv_cpu->synic_message_page; + page_addr =3D hv_cpu->hyp_synic_message_page; if (!page_addr) continue; =20 @@ -892,7 +892,7 @@ static void vmbus_wait_for_unload(void) struct hv_per_cpu_context *hv_cpu =3D per_cpu_ptr(hv_context.cpu_context, cpu); =20 - page_addr =3D hv_cpu->synic_message_page; + page_addr =3D hv_cpu->hyp_synic_message_page; if (!page_addr) continue; =20 diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c index b14c5f9e0ef2..b7419d0fad1d 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c @@ -147,20 +147,20 @@ int hv_synic_alloc(void) * Skip these pages allocation here. */ if (!ms_hyperv.paravisor_present && !hv_root_partition()) { - hv_cpu->synic_message_page =3D + hv_cpu->hyp_synic_message_page =3D (void *)get_zeroed_page(GFP_ATOMIC); - if (!hv_cpu->synic_message_page) { + if (!hv_cpu->hyp_synic_message_page) { pr_err("Unable to allocate SYNIC message page\n"); goto err; } =20 - hv_cpu->synic_event_page =3D + hv_cpu->hyp_synic_event_page =3D (void *)get_zeroed_page(GFP_ATOMIC); - if (!hv_cpu->synic_event_page) { + if (!hv_cpu->hyp_synic_event_page) { pr_err("Unable to allocate SYNIC event page\n"); =20 - free_page((unsigned long)hv_cpu->synic_message_page); - hv_cpu->synic_message_page =3D NULL; + free_page((unsigned long)hv_cpu->hyp_synic_message_page); + hv_cpu->hyp_synic_message_page =3D NULL; goto err; } } @@ -168,30 +168,30 @@ int hv_synic_alloc(void) if (!ms_hyperv.paravisor_present && (hv_isolation_type_snp() || hv_isolation_type_tdx())) { ret =3D set_memory_decrypted((unsigned long) - hv_cpu->synic_message_page, 1); + hv_cpu->hyp_synic_message_page, 1); if (ret) { pr_err("Failed to decrypt SYNIC msg page: %d\n", ret); - hv_cpu->synic_message_page =3D NULL; + hv_cpu->hyp_synic_message_page =3D NULL; =20 /* * Free the event page here so that hv_synic_free() * won't later try to re-encrypt it. */ - free_page((unsigned long)hv_cpu->synic_event_page); - hv_cpu->synic_event_page =3D NULL; + free_page((unsigned long)hv_cpu->hyp_synic_event_page); + hv_cpu->hyp_synic_event_page =3D NULL; goto err; } =20 ret =3D set_memory_decrypted((unsigned long) - hv_cpu->synic_event_page, 1); + hv_cpu->hyp_synic_event_page, 1); if (ret) { pr_err("Failed to decrypt SYNIC event page: %d\n", ret); - hv_cpu->synic_event_page =3D NULL; + hv_cpu->hyp_synic_event_page =3D NULL; goto err; } =20 - memset(hv_cpu->synic_message_page, 0, PAGE_SIZE); - memset(hv_cpu->synic_event_page, 0, PAGE_SIZE); + memset(hv_cpu->hyp_synic_message_page, 0, PAGE_SIZE); + memset(hv_cpu->hyp_synic_event_page, 0, PAGE_SIZE); } } =20 @@ -227,28 +227,28 @@ void hv_synic_free(void) =20 if (!ms_hyperv.paravisor_present && (hv_isolation_type_snp() || hv_isolation_type_tdx())) { - if (hv_cpu->synic_message_page) { + if (hv_cpu->hyp_synic_message_page) { ret =3D set_memory_encrypted((unsigned long) - hv_cpu->synic_message_page, 1); + hv_cpu->hyp_synic_message_page, 1); if (ret) { pr_err("Failed to encrypt SYNIC msg page: %d\n", ret); - hv_cpu->synic_message_page =3D NULL; + hv_cpu->hyp_synic_message_page =3D NULL; } } =20 - if (hv_cpu->synic_event_page) { + if (hv_cpu->hyp_synic_event_page) { ret =3D set_memory_encrypted((unsigned long) - hv_cpu->synic_event_page, 1); + hv_cpu->hyp_synic_event_page, 1); if (ret) { pr_err("Failed to encrypt SYNIC event page: %d\n", ret); - hv_cpu->synic_event_page =3D NULL; + hv_cpu->hyp_synic_event_page =3D NULL; } } } =20 free_page((unsigned long)hv_cpu->post_msg_page); - free_page((unsigned long)hv_cpu->synic_event_page); - free_page((unsigned long)hv_cpu->synic_message_page); + free_page((unsigned long)hv_cpu->hyp_synic_event_page); + free_page((unsigned long)hv_cpu->hyp_synic_message_page); } =20 kfree(hv_context.hv_numa_map); @@ -278,12 +278,12 @@ void hv_synic_enable_regs(unsigned int cpu) /* Mask out vTOM bit. ioremap_cache() maps decrypted */ u64 base =3D (simp.base_simp_gpa << HV_HYP_PAGE_SHIFT) & ~ms_hyperv.shared_gpa_boundary; - hv_cpu->synic_message_page =3D + hv_cpu->hyp_synic_message_page =3D (void *)ioremap_cache(base, HV_HYP_PAGE_SIZE); - if (!hv_cpu->synic_message_page) + if (!hv_cpu->hyp_synic_message_page) pr_err("Fail to map synic message page.\n"); } else { - simp.base_simp_gpa =3D virt_to_phys(hv_cpu->synic_message_page) + simp.base_simp_gpa =3D virt_to_phys(hv_cpu->hyp_synic_message_page) >> HV_HYP_PAGE_SHIFT; } =20 @@ -297,12 +297,12 @@ void hv_synic_enable_regs(unsigned int cpu) /* Mask out vTOM bit. ioremap_cache() maps decrypted */ u64 base =3D (siefp.base_siefp_gpa << HV_HYP_PAGE_SHIFT) & ~ms_hyperv.shared_gpa_boundary; - hv_cpu->synic_event_page =3D + hv_cpu->hyp_synic_event_page =3D (void *)ioremap_cache(base, HV_HYP_PAGE_SIZE); - if (!hv_cpu->synic_event_page) + if (!hv_cpu->hyp_synic_event_page) pr_err("Fail to map synic event page.\n"); } else { - siefp.base_siefp_gpa =3D virt_to_phys(hv_cpu->synic_event_page) + siefp.base_siefp_gpa =3D virt_to_phys(hv_cpu->hyp_synic_event_page) >> HV_HYP_PAGE_SHIFT; } =20 @@ -360,8 +360,8 @@ void hv_synic_disable_regs(unsigned int cpu) */ simp.simp_enabled =3D 0; if (ms_hyperv.paravisor_present || hv_root_partition()) { - iounmap(hv_cpu->synic_message_page); - hv_cpu->synic_message_page =3D NULL; + iounmap(hv_cpu->hyp_synic_message_page); + hv_cpu->hyp_synic_message_page =3D NULL; } else { simp.base_simp_gpa =3D 0; } @@ -372,8 +372,8 @@ void hv_synic_disable_regs(unsigned int cpu) siefp.siefp_enabled =3D 0; =20 if (ms_hyperv.paravisor_present || hv_root_partition()) { - iounmap(hv_cpu->synic_event_page); - hv_cpu->synic_event_page =3D NULL; + iounmap(hv_cpu->hyp_synic_event_page); + hv_cpu->hyp_synic_event_page =3D NULL; } else { siefp.base_siefp_gpa =3D 0; } @@ -403,7 +403,7 @@ static bool hv_synic_event_pending(void) { struct hv_per_cpu_context *hv_cpu =3D this_cpu_ptr(hv_context.cpu_context= ); union hv_synic_event_flags *event =3D - (union hv_synic_event_flags *)hv_cpu->synic_event_page + VMBUS_MESSAGE_S= INT; + (union hv_synic_event_flags *)hv_cpu->hyp_synic_event_page + VMBUS_MESSA= GE_SINT; unsigned long *recv_int_page =3D event->flags; /* assumes VMBus version >= =3D VERSION_WIN8 */ bool pending; u32 relid; diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h index 9ac6f5520287..d593af45a5b2 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h @@ -121,8 +121,8 @@ enum { * Per cpu state for channel handling */ struct hv_per_cpu_context { - void *synic_message_page; - void *synic_event_page; + void *hyp_synic_message_page; + void *hyp_synic_event_page; =20 /* * The page is only used in hv_post_message() for a TDX VM (with the diff --git a/drivers/hv/mshv_root.h b/drivers/hv/mshv_root.h index e3931b0f1269..db6b42db2fdc 100644 --- a/drivers/hv/mshv_root.h +++ b/drivers/hv/mshv_root.h @@ -169,7 +169,7 @@ struct mshv_girq_routing_table { }; =20 struct hv_synic_pages { - struct hv_message_page *synic_message_page; + struct hv_message_page *hyp_synic_message_page; struct hv_synic_event_flags_page *synic_event_flags_page; struct hv_synic_event_ring_page *synic_event_ring_page; }; diff --git a/drivers/hv/mshv_synic.c b/drivers/hv/mshv_synic.c index e6b6381b7c36..f8b0337cdc82 100644 --- a/drivers/hv/mshv_synic.c +++ b/drivers/hv/mshv_synic.c @@ -394,7 +394,7 @@ mshv_intercept_isr(struct hv_message *msg) void mshv_isr(void) { struct hv_synic_pages *spages =3D this_cpu_ptr(mshv_root.synic_pages); - struct hv_message_page **msg_page =3D &spages->synic_message_page; + struct hv_message_page **msg_page =3D &spages->hyp_synic_message_page; struct hv_message *msg; bool handled; =20 @@ -456,7 +456,7 @@ int mshv_synic_init(unsigned int cpu) #endif union hv_synic_scontrol sctrl; struct hv_synic_pages *spages =3D this_cpu_ptr(mshv_root.synic_pages); - struct hv_message_page **msg_page =3D &spages->synic_message_page; + struct hv_message_page **msg_page =3D &spages->hyp_synic_message_page; struct hv_synic_event_flags_page **event_flags_page =3D &spages->synic_event_flags_page; struct hv_synic_event_ring_page **event_ring_page =3D @@ -550,7 +550,7 @@ int mshv_synic_cleanup(unsigned int cpu) union hv_synic_sirbp sirbp; union hv_synic_scontrol sctrl; struct hv_synic_pages *spages =3D this_cpu_ptr(mshv_root.synic_pages); - struct hv_message_page **msg_page =3D &spages->synic_message_page; + struct hv_message_page **msg_page =3D &spages->hyp_synic_message_page; struct hv_synic_event_flags_page **event_flags_page =3D &spages->synic_event_flags_page; struct hv_synic_event_ring_page **event_ring_page =3D diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index 3c414560fa5f..e12f0ba0701f 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -1060,7 +1060,7 @@ static void vmbus_onmessage_work(struct work_struct *= work) void vmbus_on_msg_dpc(unsigned long data) { struct hv_per_cpu_context *hv_cpu =3D (void *)data; - void *page_addr =3D hv_cpu->synic_message_page; + void *page_addr =3D hv_cpu->hyp_synic_message_page; struct hv_message msg_copy, *msg =3D (struct hv_message *)page_addr + VMBUS_MESSAGE_SINT; struct vmbus_channel_message_header *hdr; @@ -1244,7 +1244,7 @@ static void vmbus_chan_sched(struct hv_per_cpu_contex= t *hv_cpu) * The event page can be directly checked to get the id of * the channel that has the interrupt pending. */ - void *page_addr =3D hv_cpu->synic_event_page; + void *page_addr =3D hv_cpu->hyp_synic_event_page; union hv_synic_event_flags *event =3D (union hv_synic_event_flags *)page_addr + VMBUS_MESSAGE_SINT; @@ -1327,7 +1327,7 @@ static void vmbus_isr(void) =20 vmbus_chan_sched(hv_cpu); =20 - page_addr =3D hv_cpu->synic_message_page; + page_addr =3D hv_cpu->hyp_synic_message_page; msg =3D (struct hv_message *)page_addr + VMBUS_MESSAGE_SINT; =20 /* Check if there are actual msgs to be processed */ --=20 2.43.0 From nobody Tue Oct 7 03:50:43 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6B3BF275B16; Fri, 3 Oct 2025 22:27:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530444; cv=none; b=GbCBY3VhJkUgm0MfCyzuEYPMxAYorYzOY2UG88tSa65QyzMTmcxwChH7fuyoSSn2AFNvuPJPCbXeKadsIYBtkLszzMCnkIh9CcyQK5lBiM2IXrY0dYzxTSzXFtBi6jy3bn9+0pbpY1YSBFDt5aKK06Kdrbpzf9Lq9JznHBswUbY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530444; c=relaxed/simple; bh=MFWwX7fgGPQhxEhqLc/uPxVeZMqiQDxOh4ZYTv1ei7U=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uy3BpVOslLiOY3dAWBpBr5Kv9TRmb17XeXzAVxzVqTYYiqhC7/T/O45ljcLjfTLCX6dQKWnbXWmnmC/uoziKeHBGSyzfA0+EDQ0rOK+nCN3VpPntjii1d4EqVwJyaaptHAgySSO1RcSEQuKZV030XciZLz6NLXXxaoTNgrP+RiY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=jvZVBCjy; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="jvZVBCjy" Received: from romank-3650.corp.microsoft.com (unknown [131.107.1.188]) by linux.microsoft.com (Postfix) with ESMTPSA id 1236D211C275; Fri, 3 Oct 2025 15:27:18 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 1236D211C275 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1759530438; bh=x5zmEthTUhDikkV8hFYL03q0Vx7wjW3cyLItKGaV1wE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jvZVBCjy/IxFTA3vXLJr/rWR2qVflXvanXehjGSI0igy1opglq2BviXlXWW2f+8ul 0fFd6ztT6vs311248TQ64addtTb4WbLbfpj5TMu674J81XMEI8vVhdbrJReXDS1p4X RvWyKCBtb0I+GItn6usd3v3JTArWJIV7OykPqteE= From: Roman Kisel To: arnd@arndb.de, bp@alien8.de, corbet@lwn.net, dave.hansen@linux.intel.com, decui@microsoft.com, haiyangz@microsoft.com, hpa@zytor.com, kys@microsoft.com, mikelley@microsoft.com, mingo@redhat.com, tglx@linutronix.de, Tianyu.Lan@microsoft.com, wei.liu@kernel.org, x86@kernel.org, linux-hyperv@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Cc: benhill@microsoft.com, bperkins@microsoft.com, sunilmut@microsoft.com, romank@linux.microsoft.com Subject: [PATCH hyperv-next v6 07/17] Drivers: hv: Allocate the paravisor SynIC pages when required Date: Fri, 3 Oct 2025 15:27:00 -0700 Message-ID: <20251003222710.6257-8-romank@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251003222710.6257-1-romank@linux.microsoft.com> References: <20251003222710.6257-1-romank@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Confidential VMBus requires interacting with two SynICs -- one provided by the host hypervisor, and one provided by the paravisor. Each SynIC requires its own message and event pages. Refactor and extend the existing code to add allocating and freeing the message and event pages for the paravisor SynIC when it is present. Signed-off-by: Roman Kisel Reviewed-by: Tianyu Lan Reviewed-by: Michael Kelley --- drivers/hv/hv.c | 184 +++++++++++++++++++------------------- drivers/hv/hyperv_vmbus.h | 18 ++++ 2 files changed, 112 insertions(+), 90 deletions(-) diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c index b7419d0fad1d..90db1e17582d 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c @@ -96,10 +96,70 @@ int hv_post_message(union hv_connection_id connection_i= d, return hv_result(status); } =20 +static int hv_alloc_page(void **page, bool decrypt, const char *note) +{ + int ret =3D 0; + + /* + * After the page changes its encryption status, its contents might + * appear scrambled on some hardware. Thus `get_zeroed_page` would + * zero the page out in vain, so do that explicitly exactly once. + * + * By default, the page is allocated encrypted in a CoCo VM. + */ + *page =3D (void *)__get_free_page(GFP_KERNEL); + if (!*page) + return -ENOMEM; + + if (decrypt) + ret =3D set_memory_decrypted((unsigned long)*page, 1); + if (ret) + goto failed; + + memset(*page, 0, PAGE_SIZE); + return 0; + +failed: + /* + * Report the failure but don't put the page back on the free list as + * its encryption status is unknown. + */ + pr_err("allocation failed for %s page, error %d, decrypted %d\n", + note, ret, decrypt); + *page =3D NULL; + return ret; +} + +static int hv_free_page(void **page, bool encrypt, const char *note) +{ + int ret =3D 0; + + if (!*page) + return 0; + + if (encrypt) + ret =3D set_memory_encrypted((unsigned long)*page, 1); + + /* + * In the case of the failure, the page is leaked. Something is wrong, + * prefer to lose the page with the unknown encryption status and stay af= loat. + */ + if (ret) + pr_err("deallocation failed for %s page, error %d, encrypt %d\n", + note, ret, encrypt); + else + free_page((unsigned long)*page); + + *page =3D NULL; + + return ret; +} + int hv_synic_alloc(void) { int cpu, ret =3D -ENOMEM; struct hv_per_cpu_context *hv_cpu; + const bool decrypt =3D !vmbus_is_confidential(); =20 /* * First, zero all per-cpu memory areas so hv_synic_free() can @@ -125,73 +185,37 @@ int hv_synic_alloc(void) vmbus_on_msg_dpc, (unsigned long)hv_cpu); =20 if (ms_hyperv.paravisor_present && hv_isolation_type_tdx()) { - hv_cpu->post_msg_page =3D (void *)get_zeroed_page(GFP_ATOMIC); - if (!hv_cpu->post_msg_page) { - pr_err("Unable to allocate post msg page\n"); + ret =3D hv_alloc_page(&hv_cpu->post_msg_page, + decrypt, "post msg"); + if (ret) goto err; - } - - ret =3D set_memory_decrypted((unsigned long)hv_cpu->post_msg_page, 1); - if (ret) { - pr_err("Failed to decrypt post msg page: %d\n", ret); - /* Just leak the page, as it's unsafe to free the page. */ - hv_cpu->post_msg_page =3D NULL; - goto err; - } - - memset(hv_cpu->post_msg_page, 0, PAGE_SIZE); } =20 /* - * Synic message and event pages are allocated by paravisor. - * Skip these pages allocation here. + * If these SynIC pages are not allocated, SIEF and SIM pages + * are configured using what the root partition or the paravisor + * provides upon reading the SIEFP and SIMP registers. */ if (!ms_hyperv.paravisor_present && !hv_root_partition()) { - hv_cpu->hyp_synic_message_page =3D - (void *)get_zeroed_page(GFP_ATOMIC); - if (!hv_cpu->hyp_synic_message_page) { - pr_err("Unable to allocate SYNIC message page\n"); + ret =3D hv_alloc_page(&hv_cpu->hyp_synic_message_page, + decrypt, "hypervisor SynIC msg"); + if (ret) goto err; - } - - hv_cpu->hyp_synic_event_page =3D - (void *)get_zeroed_page(GFP_ATOMIC); - if (!hv_cpu->hyp_synic_event_page) { - pr_err("Unable to allocate SYNIC event page\n"); - - free_page((unsigned long)hv_cpu->hyp_synic_message_page); - hv_cpu->hyp_synic_message_page =3D NULL; + ret =3D hv_alloc_page(&hv_cpu->hyp_synic_event_page, + decrypt, "hypervisor SynIC event"); + if (ret) goto err; - } } =20 - if (!ms_hyperv.paravisor_present && - (hv_isolation_type_snp() || hv_isolation_type_tdx())) { - ret =3D set_memory_decrypted((unsigned long) - hv_cpu->hyp_synic_message_page, 1); - if (ret) { - pr_err("Failed to decrypt SYNIC msg page: %d\n", ret); - hv_cpu->hyp_synic_message_page =3D NULL; - - /* - * Free the event page here so that hv_synic_free() - * won't later try to re-encrypt it. - */ - free_page((unsigned long)hv_cpu->hyp_synic_event_page); - hv_cpu->hyp_synic_event_page =3D NULL; + if (vmbus_is_confidential()) { + ret =3D hv_alloc_page(&hv_cpu->para_synic_message_page, + false, "paravisor SynIC msg"); + if (ret) goto err; - } - - ret =3D set_memory_decrypted((unsigned long) - hv_cpu->hyp_synic_event_page, 1); - if (ret) { - pr_err("Failed to decrypt SYNIC event page: %d\n", ret); - hv_cpu->hyp_synic_event_page =3D NULL; + ret =3D hv_alloc_page(&hv_cpu->para_synic_event_page, + false, "paravisor SynIC event"); + if (ret) goto err; - } - - memset(hv_cpu->hyp_synic_message_page, 0, PAGE_SIZE); - memset(hv_cpu->hyp_synic_event_page, 0, PAGE_SIZE); } } =20 @@ -207,48 +231,28 @@ int hv_synic_alloc(void) =20 void hv_synic_free(void) { - int cpu, ret; + int cpu; + const bool encrypt =3D !vmbus_is_confidential(); =20 for_each_present_cpu(cpu) { struct hv_per_cpu_context *hv_cpu =3D per_cpu_ptr(hv_context.cpu_context, cpu); =20 - /* It's better to leak the page if the encryption fails. */ - if (ms_hyperv.paravisor_present && hv_isolation_type_tdx()) { - if (hv_cpu->post_msg_page) { - ret =3D set_memory_encrypted((unsigned long) - hv_cpu->post_msg_page, 1); - if (ret) { - pr_err("Failed to encrypt post msg page: %d\n", ret); - hv_cpu->post_msg_page =3D NULL; - } - } + if (ms_hyperv.paravisor_present && hv_isolation_type_tdx()) + hv_free_page(&hv_cpu->post_msg_page, + encrypt, "post msg"); + if (!ms_hyperv.paravisor_present && !hv_root_partition()) { + hv_free_page(&hv_cpu->hyp_synic_event_page, + encrypt, "hypervisor SynIC event"); + hv_free_page(&hv_cpu->hyp_synic_message_page, + encrypt, "hypervisor SynIC msg"); } - - if (!ms_hyperv.paravisor_present && - (hv_isolation_type_snp() || hv_isolation_type_tdx())) { - if (hv_cpu->hyp_synic_message_page) { - ret =3D set_memory_encrypted((unsigned long) - hv_cpu->hyp_synic_message_page, 1); - if (ret) { - pr_err("Failed to encrypt SYNIC msg page: %d\n", ret); - hv_cpu->hyp_synic_message_page =3D NULL; - } - } - - if (hv_cpu->hyp_synic_event_page) { - ret =3D set_memory_encrypted((unsigned long) - hv_cpu->hyp_synic_event_page, 1); - if (ret) { - pr_err("Failed to encrypt SYNIC event page: %d\n", ret); - hv_cpu->hyp_synic_event_page =3D NULL; - } - } + if (vmbus_is_confidential()) { + hv_free_page(&hv_cpu->para_synic_event_page, + false, "paravisor SynIC event"); + hv_free_page(&hv_cpu->para_synic_message_page, + false, "paravisor SynIC msg"); } - - free_page((unsigned long)hv_cpu->post_msg_page); - free_page((unsigned long)hv_cpu->hyp_synic_event_page); - free_page((unsigned long)hv_cpu->hyp_synic_message_page); } =20 kfree(hv_context.hv_numa_map); diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h index d593af45a5b2..3c70051c0431 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h @@ -121,8 +121,26 @@ enum { * Per cpu state for channel handling */ struct hv_per_cpu_context { + /* + * SynIC pages for communicating with the host. + * + * These pages are accessible to the host partition and the hypervisor. + * They may be used for exchanging data with the host partition and the + * hypervisor even when they aren't trusted yet the guest partition + * must be prepared to handle the malicious behavior. + */ void *hyp_synic_message_page; void *hyp_synic_event_page; + /* + * SynIC pages for communicating with the paravisor. + * + * These pages may be accessed from within the guest partition only in + * CoCo VMs. Neither the host partition nor the hypervisor can access + * these pages in that case; they are used for exchanging data with the + * paravisor. + */ + void *para_synic_message_page; + void *para_synic_event_page; =20 /* * The page is only used in hv_post_message() for a TDX VM (with the --=20 2.43.0 From nobody Tue Oct 7 03:50:43 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6E601276024; Fri, 3 Oct 2025 22:27:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530444; cv=none; b=tnxqcktnzR4TR0g+ELvRlAnIFpZwULaRw4jnNMrDSyN0MJIa4peFEy/Y1HvScTniHomoSZEHbdIOfWE60fiSZaPilOcE+Qv7RPBYpMvRI+HqdMt7gVGybe86aSxV8JN9SlIrJDn02si2px3LI8s9KQyXgBbPXmsoGWYWit/WKWI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530444; c=relaxed/simple; bh=QrjgDhfUYEiE2JmDWJqZFzILCDgpPrTC9WtUjLJlBAw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=VUOptfg75TUjEpWp2I6sYZ3RtfYkKQ/Xl+rGvzFvRJiWSR96tAC75gaw4Dnkt2DA25UIMjt8klUGWhYZW9UaS3kaOLTiQaRcD1baSNi+11pEltSTsl5T9qedUMRG2O1a1yv3lvwU3j8qM6byoLk4dR6quoYXTVUS7Bqt3iYxHAY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=UyBGTywJ; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="UyBGTywJ" Received: from romank-3650.corp.microsoft.com (unknown [131.107.1.188]) by linux.microsoft.com (Postfix) with ESMTPSA id F05DC211C277; Fri, 3 Oct 2025 15:27:18 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com F05DC211C277 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1759530439; bh=zA4+/A3eGa9jS47gg2tblmQ4Wwt0MSCKxw5bVUpv0k0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UyBGTywJXqGPNzCrkHM6zEWC/qsNqzzoh2zysfgRi9qbJdq3JXqcCqp2IMkV+Fn8X rlZy8R14O/GLl17gQx/dFvNHUwVFSefZvQxcyif2Ay8OeqFX4gvIJJ9k6iDW2+VurU FnnGfZCTVLzPy++0CWopQM59cgQb6bn2AgK2VF6w= From: Roman Kisel To: arnd@arndb.de, bp@alien8.de, corbet@lwn.net, dave.hansen@linux.intel.com, decui@microsoft.com, haiyangz@microsoft.com, hpa@zytor.com, kys@microsoft.com, mikelley@microsoft.com, mingo@redhat.com, tglx@linutronix.de, Tianyu.Lan@microsoft.com, wei.liu@kernel.org, x86@kernel.org, linux-hyperv@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Cc: benhill@microsoft.com, bperkins@microsoft.com, sunilmut@microsoft.com, romank@linux.microsoft.com Subject: [PATCH hyperv-next v6 08/17] Drivers: hv: Post messages through the confidential VMBus if available Date: Fri, 3 Oct 2025 15:27:01 -0700 Message-ID: <20251003222710.6257-9-romank@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251003222710.6257-1-romank@linux.microsoft.com> References: <20251003222710.6257-1-romank@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When the confidential VMBus is available, the guest should post messages to the paravisor. Update hv_post_message() to post messages to the paravisor rather than through GHCB or TD calls. Signed-off-by: Roman Kisel Reviewed-by: Tianyu Lan Reviewed-by: Michael Kelley --- drivers/hv/hv.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c index 90db1e17582d..b1085473778c 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c @@ -74,7 +74,11 @@ int hv_post_message(union hv_connection_id connection_id, aligned_msg->payload_size =3D payload_size; memcpy((void *)aligned_msg->payload, payload, payload_size); =20 - if (ms_hyperv.paravisor_present) { + if (ms_hyperv.paravisor_present && !vmbus_is_confidential()) { + /* + * If the VMBus isn't confidential, use the CoCo-specific + * mechanism to communicate with the hypervisor. + */ if (hv_isolation_type_tdx()) status =3D hv_tdx_hypercall(HVCALL_POST_MESSAGE, virt_to_phys(aligned_msg), 0); @@ -88,6 +92,11 @@ int hv_post_message(union hv_connection_id connection_id, u64 control =3D HVCALL_POST_MESSAGE; =20 control |=3D hv_nested ? HV_HYPERCALL_NESTED : 0; + /* + * If there is no paravisor, this will go to the hypervisor. + * In the Confidential VMBus case, there is the paravisor + * to which this will trap. + */ status =3D hv_do_hypercall(control, aligned_msg, NULL); } =20 --=20 2.43.0 From nobody Tue Oct 7 03:50:43 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4AF36279DB5; Fri, 3 Oct 2025 22:27:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530445; cv=none; b=oulYF1OWAqsRyk2UUUNrCbSC44dLwNxOswiOQjUWEA+AiuV43KVYlgLg0H44MUSbDdyloIv9nvdQVFWpqvxTya/yFvDwf+Vomryu6ItHy1QbGlyahdkSicXzm+zx3GZe3U4B+ejgUWtJsA3eL/eFB/zPNsgLlxiEUHncuhvuFiA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530445; c=relaxed/simple; bh=UCHaAztmaqPan3WN8y2waQiYdBywI5TdRQdR25q0yqY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=J0PR0EpJeVoi0pDt+ff0t4aHUCJEwQmF1HSuagCWN6ByKYMkwIuIdbTFZj36MARPLKgZdZrrxGDTJcIVSNPEIiuqSbB0xzBe4vfSg0isGQmYMSLOH55FZU7rikraFRjRaetPrXzhspEAvjUYd8pvQWPsyf17GOudE7jpO3sN5EY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=Gm0tCL5f; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="Gm0tCL5f" Received: from romank-3650.corp.microsoft.com (unknown [131.107.1.188]) by linux.microsoft.com (Postfix) with ESMTPSA id 821FE211C27A; Fri, 3 Oct 2025 15:27:19 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 821FE211C27A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1759530439; bh=9gEps6uGn9x2EAxbkmBhwMfVhSm/46tAIltv0VH9bmo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Gm0tCL5fUFubphWC7/R8yr83pEmnBosFdd7e599hq1KOfmkDDTwTnT+AL61tYrQsT 3kenkuqA5urUTCtZqpwyk9IDAXxcCpqPz6zugYSYnSsmNiKc8oxpmLMzos7I6pq5a3 QEtTyz1AZIvQvc7hFSYKb92vXjgXqOYr/2nkZKPE= From: Roman Kisel To: arnd@arndb.de, bp@alien8.de, corbet@lwn.net, dave.hansen@linux.intel.com, decui@microsoft.com, haiyangz@microsoft.com, hpa@zytor.com, kys@microsoft.com, mikelley@microsoft.com, mingo@redhat.com, tglx@linutronix.de, Tianyu.Lan@microsoft.com, wei.liu@kernel.org, x86@kernel.org, linux-hyperv@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Cc: benhill@microsoft.com, bperkins@microsoft.com, sunilmut@microsoft.com, romank@linux.microsoft.com Subject: [PATCH hyperv-next v6 09/17] Drivers: hv: remove stale comment Date: Fri, 3 Oct 2025 15:27:02 -0700 Message-ID: <20251003222710.6257-10-romank@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251003222710.6257-1-romank@linux.microsoft.com> References: <20251003222710.6257-1-romank@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The comment about the x2v shim is ancient and long since incorrect. Remove the incorrect comment. Signed-off-by: Roman Kisel Reviewed-by: Tianyu Lan Reviewed-by: Michael Kelley --- drivers/hv/hv.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c index b1085473778c..95631c08a71f 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c @@ -268,11 +268,7 @@ void hv_synic_free(void) } =20 /* - * hv_synic_init - Initialize the Synthetic Interrupt Controller. - * - * If it is already initialized by another entity (ie x2v shim), we need to - * retrieve the initialized message and event pages. Otherwise, we create= and - * initialize the message and event pages. + * hv_synic_enable_regs - Initialize the Synthetic Interrupt Controller. */ void hv_synic_enable_regs(unsigned int cpu) { --=20 2.43.0 From nobody Tue Oct 7 03:50:43 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4F67B279DD3; Fri, 3 Oct 2025 22:27:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530445; cv=none; b=Iplk5Ws4GB2clHDoQMahkVigbXlyc70tZbiJMZoS/KypwRthRrA6xXKdbt6EFcpVZgBkBt86QCvS0WeSiBlsQK4jSR+aPJieVYIfh+Ceon9VkN5oytJ66TEWHHGEjMUQgw+0oTI3oEubNuL03KlgOXNKwWc9araZ4flA7McSbpg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530445; c=relaxed/simple; bh=cRVDFC2LLTaEruKHWjtQLz4rlG6E8UCZaFj6Usr1wa0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=r5iuE+oBfRE/yVUsfQoOyZQR8WDHguLOeAunosAeNwVji5Sm/wYOvA5YDBdLdpleDT5TU3cBYGZgh3SBoX+ChNdANJYi6Evn7YBNTEaVmrf3kF5AopgEwcl24/oCtCVXqAOeXGxaxrrC0O0WmAg+DDd/s0ETEty+8uzS41ECBgU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=Evmsg6y7; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="Evmsg6y7" Received: from romank-3650.corp.microsoft.com (unknown [131.107.1.188]) by linux.microsoft.com (Postfix) with ESMTPSA id 16BCA211C278; Fri, 3 Oct 2025 15:27:20 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 16BCA211C278 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1759530440; bh=lLTSGrBaTN5y6gKG/MiXOcpE4ecS29uI64cqxHJrGcc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Evmsg6y7qzg0bvgKJnU5OOskhmAJg5bAZ+NgBSFcSGXoy5JRNtuHKRC/JUpuEQslp YHosMJwbyr1yq/MgA7G8KX4ko6fZM9QQKEBSSWCAnCJWOcJI9TrSiyO96j6FHrC+sF syIqeoAGwxQB2G0/MXgKAz+I6bkd1xOF7QaX8uv8= From: Roman Kisel To: arnd@arndb.de, bp@alien8.de, corbet@lwn.net, dave.hansen@linux.intel.com, decui@microsoft.com, haiyangz@microsoft.com, hpa@zytor.com, kys@microsoft.com, mikelley@microsoft.com, mingo@redhat.com, tglx@linutronix.de, Tianyu.Lan@microsoft.com, wei.liu@kernel.org, x86@kernel.org, linux-hyperv@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Cc: benhill@microsoft.com, bperkins@microsoft.com, sunilmut@microsoft.com, romank@linux.microsoft.com Subject: [PATCH hyperv-next v6 10/17] Drivers: hv: Check message and event pages for non-NULL before iounmap() Date: Fri, 3 Oct 2025 15:27:03 -0700 Message-ID: <20251003222710.6257-11-romank@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251003222710.6257-1-romank@linux.microsoft.com> References: <20251003222710.6257-1-romank@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" It might happen that some hyp SynIC pages aren't allocated. Check for that and only then call iounmap(). Signed-off-by: Roman Kisel Reviewed-by: Tianyu Lan Reviewed-by: Michael Kelley --- drivers/hv/hv.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c index 95631c08a71f..8e102bcc0be8 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c @@ -369,8 +369,10 @@ void hv_synic_disable_regs(unsigned int cpu) */ simp.simp_enabled =3D 0; if (ms_hyperv.paravisor_present || hv_root_partition()) { - iounmap(hv_cpu->hyp_synic_message_page); - hv_cpu->hyp_synic_message_page =3D NULL; + if (hv_cpu->hyp_synic_message_page) { + iounmap(hv_cpu->hyp_synic_message_page); + hv_cpu->hyp_synic_message_page =3D NULL; + } } else { simp.base_simp_gpa =3D 0; } @@ -381,8 +383,10 @@ void hv_synic_disable_regs(unsigned int cpu) siefp.siefp_enabled =3D 0; =20 if (ms_hyperv.paravisor_present || hv_root_partition()) { - iounmap(hv_cpu->hyp_synic_event_page); - hv_cpu->hyp_synic_event_page =3D NULL; + if (hv_cpu->hyp_synic_event_page) { + iounmap(hv_cpu->hyp_synic_event_page); + hv_cpu->hyp_synic_event_page =3D NULL; + } } else { siefp.base_siefp_gpa =3D 0; } --=20 2.43.0 From nobody Tue Oct 7 03:50:44 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 53A0327A454; Fri, 3 Oct 2025 22:27:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530445; cv=none; b=ofzUE1bCiFq5CLHbu3hjaW2Yxdc5MRDCCCicIrKS0OY32OuHVMS5PwATahnseVhDGSOxVYNMwud247V0J2w9czbYow6iKzZTvgj9nIhAB7eilAowgifoHG65HzCky/XKvCNyeU/nzM7oFiDod1m5jFcq773pHAxo+6CBSyCmB2s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530445; c=relaxed/simple; bh=yfJOYFcpcaft9gfk4TP1GboP8J7q/Uygy2ixjcvgtwc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=W/cuyIYB76lNMhY2ww/t7TAJWTTNUzvKx35oFMUjChYkqWih7Fi09s8xzthTYGd7/mSh5t6MlWjtf+sv7uhmTd6xbZv6K5k5CQc3A7zJKFwqtVBjGFviiiDtj8u4SPU4zT3UBqErX7XM/cT3L2C5QJT3AFJSO4oxMcczQJ3Bb98= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=XG5q5ffV; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="XG5q5ffV" Received: from romank-3650.corp.microsoft.com (unknown [131.107.1.188]) by linux.microsoft.com (Postfix) with ESMTPSA id DF0D4211C279; Fri, 3 Oct 2025 15:27:20 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com DF0D4211C279 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1759530441; bh=8Mh8PV+ES1bK1a1G4y3sHqCiVkIAXlaKpbQtNpSOMQQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=XG5q5ffVudsGJdQBGGntPtaItzHtiBAlK0S1CjHsz3YXHuBMymwpu1ilfT5vsUpEF qwSkAgfO0+p64iVhjzcanrj3GZ/QcK8BvFNDfRjBvygJvWv3T70VSROn00snI1zb4d AuP6fTtJjF0W+duT83Jo4OIn2q1cCrWAYKT3r3TQ= From: Roman Kisel To: arnd@arndb.de, bp@alien8.de, corbet@lwn.net, dave.hansen@linux.intel.com, decui@microsoft.com, haiyangz@microsoft.com, hpa@zytor.com, kys@microsoft.com, mikelley@microsoft.com, mingo@redhat.com, tglx@linutronix.de, Tianyu.Lan@microsoft.com, wei.liu@kernel.org, x86@kernel.org, linux-hyperv@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Cc: benhill@microsoft.com, bperkins@microsoft.com, sunilmut@microsoft.com, romank@linux.microsoft.com Subject: [PATCH hyperv-next v6 11/17] Drivers: hv: Rename the SynIC enable and disable routines Date: Fri, 3 Oct 2025 15:27:04 -0700 Message-ID: <20251003222710.6257-12-romank@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251003222710.6257-1-romank@linux.microsoft.com> References: <20251003222710.6257-1-romank@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The confidential VMBus requires support for the both hypervisor facing SynIC and the paravisor one. Rename the functions that enable and disable SynIC with the hypervisor. No functional changes. Signed-off-by: Roman Kisel Reviewed-by: Tianyu Lan Reviewed-by: Michael Kelley --- drivers/hv/channel_mgmt.c | 2 +- drivers/hv/hv.c | 11 ++++++----- drivers/hv/hyperv_vmbus.h | 4 ++-- drivers/hv/vmbus_drv.c | 6 +++--- 4 files changed, 12 insertions(+), 11 deletions(-) diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c index 1a33c6944b3c..6d66cbc9030b 100644 --- a/drivers/hv/channel_mgmt.c +++ b/drivers/hv/channel_mgmt.c @@ -846,7 +846,7 @@ static void vmbus_wait_for_unload(void) /* * In a CoCo VM the hyp_synic_message_page is not allocated * in hv_synic_alloc(). Instead it is set/cleared in - * hv_synic_enable_regs() and hv_synic_disable_regs() + * hv_hyp_synic_enable_regs() and hv_hyp_synic_disable_regs() * such that it is set only when the CPU is online. If * not all present CPUs are online, the message page * might be NULL, so skip such CPUs. diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c index 8e102bcc0be8..76138ebe7c0c 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c @@ -268,9 +268,10 @@ void hv_synic_free(void) } =20 /* - * hv_synic_enable_regs - Initialize the Synthetic Interrupt Controller. + * hv_hyp_synic_enable_regs - Initialize the Synthetic Interrupt Controller + * with the hypervisor. */ -void hv_synic_enable_regs(unsigned int cpu) +void hv_hyp_synic_enable_regs(unsigned int cpu) { struct hv_per_cpu_context *hv_cpu =3D per_cpu_ptr(hv_context.cpu_context, cpu); @@ -336,14 +337,14 @@ void hv_synic_enable_regs(unsigned int cpu) =20 int hv_synic_init(unsigned int cpu) { - hv_synic_enable_regs(cpu); + hv_hyp_synic_enable_regs(cpu); =20 hv_stimer_legacy_init(cpu, VMBUS_MESSAGE_SINT); =20 return 0; } =20 -void hv_synic_disable_regs(unsigned int cpu) +void hv_hyp_synic_disable_regs(unsigned int cpu) { struct hv_per_cpu_context *hv_cpu =3D per_cpu_ptr(hv_context.cpu_context, cpu); @@ -530,7 +531,7 @@ int hv_synic_cleanup(unsigned int cpu) always_cleanup: hv_stimer_legacy_cleanup(cpu); =20 - hv_synic_disable_regs(cpu); + hv_hyp_synic_disable_regs(cpu); =20 return ret; } diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h index 3c70051c0431..552ed782bcfc 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h @@ -190,10 +190,10 @@ extern int hv_synic_alloc(void); =20 extern void hv_synic_free(void); =20 -extern void hv_synic_enable_regs(unsigned int cpu); +extern void hv_hyp_synic_enable_regs(unsigned int cpu); extern int hv_synic_init(unsigned int cpu); =20 -extern void hv_synic_disable_regs(unsigned int cpu); +extern void hv_hyp_synic_disable_regs(unsigned int cpu); extern int hv_synic_cleanup(unsigned int cpu); =20 /* Interface */ diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index e12f0ba0701f..2b5bf672c467 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -2810,7 +2810,7 @@ static void hv_crash_handler(struct pt_regs *regs) */ cpu =3D smp_processor_id(); hv_stimer_cleanup(cpu); - hv_synic_disable_regs(cpu); + hv_hyp_synic_disable_regs(cpu); }; =20 static int hv_synic_suspend(void) @@ -2835,14 +2835,14 @@ static int hv_synic_suspend(void) * interrupts-disabled context. */ =20 - hv_synic_disable_regs(0); + hv_hyp_synic_disable_regs(0); =20 return 0; } =20 static void hv_synic_resume(void) { - hv_synic_enable_regs(0); + hv_hyp_synic_enable_regs(0); =20 /* * Note: we don't need to call hv_stimer_init(0), because the timer --=20 2.43.0 From nobody Tue Oct 7 03:50:44 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5184A27A10F; Fri, 3 Oct 2025 22:27:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530445; cv=none; b=hHbKCS7EG/siRIy0jeBnedgFzHjHVkSPLi1QuShrqxP2S3ZrKiNc6ngVN2wFGOlHNrA578HgnLHoMD6pG15N+Gc3enOwq8bpAEygWr8YIUHUUmQjTcmtstPprq0SEvQQ8rXiu6H2Pf6y1ZVphe0kDk4DwvAzennJIlMPKNtscEE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530445; c=relaxed/simple; bh=3sYrfbLh1No9MnApa8e+Dzrxl59vkJn6AMXDBVfJh5U=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Wmw/w/8AX43avzDPBYpSPvOEUW4oO0jtLTkNlXRn6ohux0PCfl5H5yNKn6Np8M5GOk4HWWYLS4CNj54xnR+YDtX7E+J31YEfNccOfFVIufb/k9t5ZAk1V2mfcm7SNZf5fg+k83bdhpafQgkWmBYT1aUmWoRw9ahyf0QLfMQ07YU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=re5b4fEH; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="re5b4fEH" Received: from romank-3650.corp.microsoft.com (unknown [131.107.1.188]) by linux.microsoft.com (Postfix) with ESMTPSA id 7B15B211C27E; Fri, 3 Oct 2025 15:27:21 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 7B15B211C27E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1759530441; bh=U/V7LAyJxRAC6jWs2mHF+EcmxCXjONzJ+HhJb3jU37A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=re5b4fEHBg9/GGThcQz9eP9kpl8eMWtI7ovCEhVD8JIMYCjIdawmWUfBFA7K1I+He svycoF/cqxnVIs/yKEzr3BL72VZiEwP/BrpN/Ft3HWnQDCHMhqZ2UAl59UP8cOru9P nuydr2De9XuIH/XyqlRF6U5OiA6GGQVxMckc2cC4= From: Roman Kisel To: arnd@arndb.de, bp@alien8.de, corbet@lwn.net, dave.hansen@linux.intel.com, decui@microsoft.com, haiyangz@microsoft.com, hpa@zytor.com, kys@microsoft.com, mikelley@microsoft.com, mingo@redhat.com, tglx@linutronix.de, Tianyu.Lan@microsoft.com, wei.liu@kernel.org, x86@kernel.org, linux-hyperv@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Cc: benhill@microsoft.com, bperkins@microsoft.com, sunilmut@microsoft.com, romank@linux.microsoft.com Subject: [PATCH hyperv-next v6 12/17] Drivers: hv: Functions for setting up and tearing down the paravisor SynIC Date: Fri, 3 Oct 2025 15:27:05 -0700 Message-ID: <20251003222710.6257-13-romank@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251003222710.6257-1-romank@linux.microsoft.com> References: <20251003222710.6257-1-romank@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The confidential VMBus runs with the paravisor SynIC and requires configuring it with the paravisor. Add the functions for configuring the paravisor SynIC. Update overall SynIC initialization logic to initialize the SynIC if it is present. Finally, break out SynIC interrupt enable/disable code into separate functions so that SynIC interrupts can be enabled or disabled via the paravisor instead of the hypervisor if the paravisor SynIC is present. Signed-off-by: Roman Kisel Reviewed-by: Michael Kelley --- drivers/hv/hv.c | 138 +++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 126 insertions(+), 12 deletions(-) diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c index 76138ebe7c0c..5789b41be76c 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c @@ -278,9 +278,8 @@ void hv_hyp_synic_enable_regs(unsigned int cpu) union hv_synic_simp simp; union hv_synic_siefp siefp; union hv_synic_sint shared_sint; - union hv_synic_scontrol sctrl; =20 - /* Setup the Synic's message page */ + /* Setup the Synic's message page with the hypervisor. */ simp.as_uint64 =3D hv_get_msr(HV_MSR_SIMP); simp.simp_enabled =3D 1; =20 @@ -299,7 +298,7 @@ void hv_hyp_synic_enable_regs(unsigned int cpu) =20 hv_set_msr(HV_MSR_SIMP, simp.as_uint64); =20 - /* Setup the Synic's event page */ + /* Setup the Synic's event page with the hypervisor. */ siefp.as_uint64 =3D hv_get_msr(HV_MSR_SIEFP); siefp.siefp_enabled =3D 1; =20 @@ -327,6 +326,11 @@ void hv_hyp_synic_enable_regs(unsigned int cpu) shared_sint.masked =3D false; shared_sint.auto_eoi =3D hv_recommend_using_aeoi(); hv_set_msr(HV_MSR_SINT0 + VMBUS_MESSAGE_SINT, shared_sint.as_uint64); +} + +static void hv_hyp_synic_enable_interrupts(void) +{ + union hv_synic_scontrol sctrl; =20 /* Enable the global synic bit */ sctrl.as_uint64 =3D hv_get_msr(HV_MSR_SCONTROL); @@ -335,9 +339,59 @@ void hv_hyp_synic_enable_regs(unsigned int cpu) hv_set_msr(HV_MSR_SCONTROL, sctrl.as_uint64); } =20 +static void hv_para_synic_enable_regs(unsigned int cpu) +{ + union hv_synic_simp simp; + union hv_synic_siefp siefp; + struct hv_per_cpu_context *hv_cpu + =3D per_cpu_ptr(hv_context.cpu_context, cpu); + + /* Setup the Synic's message page with the paravisor. */ + simp.as_uint64 =3D hv_para_get_synic_register(HV_MSR_SIMP); + simp.simp_enabled =3D 1; + simp.base_simp_gpa =3D virt_to_phys(hv_cpu->para_synic_message_page) + >> HV_HYP_PAGE_SHIFT; + hv_para_set_synic_register(HV_MSR_SIMP, simp.as_uint64); + + /* Setup the Synic's event page with the paravisor. */ + siefp.as_uint64 =3D hv_para_get_synic_register(HV_MSR_SIEFP); + siefp.siefp_enabled =3D 1; + siefp.base_siefp_gpa =3D virt_to_phys(hv_cpu->para_synic_event_page) + >> HV_HYP_PAGE_SHIFT; + hv_para_set_synic_register(HV_MSR_SIEFP, siefp.as_uint64); +} + +static void hv_para_synic_enable_interrupts(void) +{ + union hv_synic_scontrol sctrl; + + /* Enable the global synic bit */ + sctrl.as_uint64 =3D hv_para_get_synic_register(HV_MSR_SCONTROL); + sctrl.enable =3D 1; + hv_para_set_synic_register(HV_MSR_SCONTROL, sctrl.as_uint64); +} + int hv_synic_init(unsigned int cpu) { + if (vmbus_is_confidential()) + hv_para_synic_enable_regs(cpu); + + /* + * The SINT is set in hv_hyp_synic_enable_regs() by calling + * hv_set_msr(). hv_set_msr() in turn has special case code for the + * SINT MSRs that write to the hypervisor version of the MSR *and* + * the paravisor version of the MSR (but *without* the proxy bit when + * VMBus is confidential). + * + * Then enable interrupts via the paravisor if VMBus is confidential, + * and otherwise via the hypervisor. + */ + hv_hyp_synic_enable_regs(cpu); + if (vmbus_is_confidential()) + hv_para_synic_enable_interrupts(); + else + hv_hyp_synic_enable_interrupts(); =20 hv_stimer_legacy_init(cpu, VMBUS_MESSAGE_SINT); =20 @@ -351,7 +405,6 @@ void hv_hyp_synic_disable_regs(unsigned int cpu) union hv_synic_sint shared_sint; union hv_synic_simp simp; union hv_synic_siefp siefp; - union hv_synic_scontrol sctrl; =20 shared_sint.as_uint64 =3D hv_get_msr(HV_MSR_SINT0 + VMBUS_MESSAGE_SINT); =20 @@ -363,7 +416,7 @@ void hv_hyp_synic_disable_regs(unsigned int cpu) =20 simp.as_uint64 =3D hv_get_msr(HV_MSR_SIMP); /* - * In Isolation VM, sim and sief pages are allocated by + * In Isolation VM, simp and sief pages are allocated by * paravisor. These pages also will be used by kdump * kernel. So just reset enable bit here and keep page * addresses. @@ -393,14 +446,42 @@ void hv_hyp_synic_disable_regs(unsigned int cpu) } =20 hv_set_msr(HV_MSR_SIEFP, siefp.as_uint64); +} + +static void hv_hyp_synic_disable_interrupts(void) +{ + union hv_synic_scontrol sctrl; =20 /* Disable the global synic bit */ sctrl.as_uint64 =3D hv_get_msr(HV_MSR_SCONTROL); sctrl.enable =3D 0; hv_set_msr(HV_MSR_SCONTROL, sctrl.as_uint64); +} =20 - if (vmbus_irq !=3D -1) - disable_percpu_irq(vmbus_irq); +static void hv_para_synic_disable_regs(unsigned int cpu) +{ + union hv_synic_simp simp; + union hv_synic_siefp siefp; + + /* Disable SynIC's message page in the paravisor. */ + simp.as_uint64 =3D hv_para_get_synic_register(HV_MSR_SIMP); + simp.simp_enabled =3D 0; + hv_para_set_synic_register(HV_MSR_SIMP, simp.as_uint64); + + /* Disable SynIC's event page in the paravisor. */ + siefp.as_uint64 =3D hv_para_get_synic_register(HV_MSR_SIEFP); + siefp.siefp_enabled =3D 0; + hv_para_set_synic_register(HV_MSR_SIEFP, siefp.as_uint64); +} + +static void hv_para_synic_disable_interrupts(void) +{ + union hv_synic_scontrol sctrl; + + /* Disable the global synic bit */ + sctrl.as_uint64 =3D hv_para_get_synic_register(HV_MSR_SCONTROL); + sctrl.enable =3D 0; + hv_para_set_synic_register(HV_MSR_SCONTROL, sctrl.as_uint64); } =20 #define HV_MAX_TRIES 3 @@ -413,16 +494,18 @@ void hv_hyp_synic_disable_regs(unsigned int cpu) * that the normal interrupt handling mechanism will find and process the = channel interrupt * "very soon", and in the process clear the bit. */ -static bool hv_synic_event_pending(void) +static bool __hv_synic_event_pending(union hv_synic_event_flags *event, in= t sint) { - struct hv_per_cpu_context *hv_cpu =3D this_cpu_ptr(hv_context.cpu_context= ); - union hv_synic_event_flags *event =3D - (union hv_synic_event_flags *)hv_cpu->hyp_synic_event_page + VMBUS_MESSA= GE_SINT; - unsigned long *recv_int_page =3D event->flags; /* assumes VMBus version >= =3D VERSION_WIN8 */ + unsigned long *recv_int_page; bool pending; u32 relid; int tries =3D 0; =20 + if (!event) + return false; + + event +=3D sint; + recv_int_page =3D event->flags; /* assumes VMBus version >=3D VERSION_WIN= 8 */ retry: pending =3D false; for_each_set_bit(relid, recv_int_page, HV_EVENT_FLAGS_COUNT) { @@ -439,6 +522,17 @@ static bool hv_synic_event_pending(void) return pending; } =20 +static bool hv_synic_event_pending(void) +{ + struct hv_per_cpu_context *hv_cpu =3D this_cpu_ptr(hv_context.cpu_context= ); + union hv_synic_event_flags *hyp_synic_event_page =3D hv_cpu->hyp_synic_ev= ent_page; + union hv_synic_event_flags *para_synic_event_page =3D hv_cpu->para_synic_= event_page; + + return + __hv_synic_event_pending(hyp_synic_event_page, VMBUS_MESSAGE_SINT) || + __hv_synic_event_pending(para_synic_event_page, VMBUS_MESSAGE_SINT); +} + static int hv_pick_new_cpu(struct vmbus_channel *channel) { int ret =3D -EBUSY; @@ -531,7 +625,27 @@ int hv_synic_cleanup(unsigned int cpu) always_cleanup: hv_stimer_legacy_cleanup(cpu); =20 + /* + * First, disable the event and message pages + * used for communicating with the host, and then + * disable the host interrupts if VMBus is not + * confidential. + */ hv_hyp_synic_disable_regs(cpu); + if (!vmbus_is_confidential()) + hv_hyp_synic_disable_interrupts(); + + /* + * Perform the same steps for the Confidential VMBus. + * The sequencing provides the guarantee that no data + * may be posted for processing before disabling interrupts. + */ + if (vmbus_is_confidential()) { + hv_para_synic_disable_regs(cpu); + hv_para_synic_disable_interrupts(); + } + if (vmbus_irq !=3D -1) + disable_percpu_irq(vmbus_irq); =20 return ret; } --=20 2.43.0 From nobody Tue Oct 7 03:50:44 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 94C2327AC2E; Fri, 3 Oct 2025 22:27:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530445; cv=none; b=py3VnXvXoqsXuCvnH0DacWAPiLUf3ZZJ3f9dXK+HyNTT7YhbvQ9W+JOBcHgZ7Qe3JJ+ZzKCPMutrgi5YSVhHCGkWh898xCFecfkfVO/4pPEt+dBNte5V575E3LlkY8bXrP30DI2DXALr3nRSNoIf+uJSOsp9FeeMnuqYudj6SLA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530445; c=relaxed/simple; bh=zsQY+WqYWAxLA21W3qx/i6NmAIG6aC4pmIlzWNp7h4M=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZC6GrJztJjr6tnKqbLQamrIJJ6ZPJAFExH7iRpFmK/bUCakP77WAGOKEPEjlgaXShK1wgyEqPo4HoFy4Y8C8ndPb0droPyoBEktUjjLdD4u5wB6Mz4RT2HY7RG1J5AbEMMHz8JMuqukfKCAXdR2Qy4ZwIw+DHfblfaHEv7Tr3FI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=IrTbYs0p; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="IrTbYs0p" Received: from romank-3650.corp.microsoft.com (unknown [131.107.1.188]) by linux.microsoft.com (Postfix) with ESMTPSA id 6130F211C27C; Fri, 3 Oct 2025 15:27:22 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 6130F211C27C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1759530442; bh=vtN9ga2NrbyJZ289tK3Dk45vzqdd8mFliIhwRfz5wjM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IrTbYs0pqbWZUaKoEM5lOjztegQ93vkvcrbSUAgJcuBua8op6dmo1OZVl+rRh6otu zFKRlVy/U70uzOGbBRhhzj6RagwDBWBsJcd1AeHhDMPykC5NbOx5OySoq7mbwOnK8i ey5kD+0RwN2FY3JQN9AQP8Kmt04yTM/FD2QUCXXw= From: Roman Kisel To: arnd@arndb.de, bp@alien8.de, corbet@lwn.net, dave.hansen@linux.intel.com, decui@microsoft.com, haiyangz@microsoft.com, hpa@zytor.com, kys@microsoft.com, mikelley@microsoft.com, mingo@redhat.com, tglx@linutronix.de, Tianyu.Lan@microsoft.com, wei.liu@kernel.org, x86@kernel.org, linux-hyperv@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Cc: benhill@microsoft.com, bperkins@microsoft.com, sunilmut@microsoft.com, romank@linux.microsoft.com Subject: [PATCH hyperv-next v6 13/17] Drivers: hv: Allocate encrypted buffers when requested Date: Fri, 3 Oct 2025 15:27:06 -0700 Message-ID: <20251003222710.6257-14-romank@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251003222710.6257-1-romank@linux.microsoft.com> References: <20251003222710.6257-1-romank@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Confidential VMBus is built around using buffers not shared with the host. Support allocating encrypted buffers when requested. Signed-off-by: Roman Kisel Reviewed-by: Tianyu Lan Reviewed-by: Michael Kelley --- drivers/hv/channel.c | 49 +++++++++++++++++++++++---------------- drivers/hv/hyperv_vmbus.h | 3 ++- drivers/hv/ring_buffer.c | 5 ++-- 3 files changed, 34 insertions(+), 23 deletions(-) diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c index 162d6aeece7b..d69713201bef 100644 --- a/drivers/hv/channel.c +++ b/drivers/hv/channel.c @@ -444,20 +444,23 @@ static int __vmbus_establish_gpadl(struct vmbus_chann= el *channel, return ret; } =20 - /* - * Set the "decrypted" flag to true for the set_memory_decrypted() - * success case. In the failure case, the encryption state of the - * memory is unknown. Leave "decrypted" as true to ensure the - * memory will be leaked instead of going back on the free list. - */ - gpadl->decrypted =3D true; - ret =3D set_memory_decrypted((unsigned long)kbuffer, - PFN_UP(size)); - if (ret) { - dev_warn(&channel->device_obj->device, - "Failed to set host visibility for new GPADL %d.\n", - ret); - return ret; + gpadl->decrypted =3D !((channel->co_external_memory && type =3D=3D HV_GPA= DL_BUFFER) || + (channel->co_ring_buffer && type =3D=3D HV_GPADL_RING)); + if (gpadl->decrypted) { + /* + * The "decrypted" flag being true assumes that set_memory_decrypted() s= ucceeds. + * But if it fails, the encryption state of the memory is unknown. In th= at case, + * leave "decrypted" as true to ensure the memory is leaked instead of g= oing back + * on the free list. + */ + ret =3D set_memory_decrypted((unsigned long)kbuffer, + PFN_UP(size)); + if (ret) { + dev_warn(&channel->device_obj->device, + "Failed to set host visibility for new GPADL %d.\n", + ret); + return ret; + } } =20 init_completion(&msginfo->waitevent); @@ -545,8 +548,10 @@ static int __vmbus_establish_gpadl(struct vmbus_channe= l *channel, * left as true so the memory is leaked instead of being * put back on the free list. */ - if (!set_memory_encrypted((unsigned long)kbuffer, PFN_UP(size))) - gpadl->decrypted =3D false; + if (gpadl->decrypted) { + if (!set_memory_encrypted((unsigned long)kbuffer, PFN_UP(size))) + gpadl->decrypted =3D false; + } } =20 return ret; @@ -677,12 +682,13 @@ static int __vmbus_open(struct vmbus_channel *newchan= nel, goto error_clean_ring; =20 err =3D hv_ringbuffer_init(&newchannel->outbound, - page, send_pages, 0); + page, send_pages, 0, newchannel->co_ring_buffer); if (err) goto error_free_gpadl; =20 err =3D hv_ringbuffer_init(&newchannel->inbound, &page[send_pages], - recv_pages, newchannel->max_pkt_size); + recv_pages, newchannel->max_pkt_size, + newchannel->co_ring_buffer); if (err) goto error_free_gpadl; =20 @@ -863,8 +869,11 @@ int vmbus_teardown_gpadl(struct vmbus_channel *channel= , struct vmbus_gpadl *gpad =20 kfree(info); =20 - ret =3D set_memory_encrypted((unsigned long)gpadl->buffer, - PFN_UP(gpadl->size)); + if (gpadl->decrypted) + ret =3D set_memory_encrypted((unsigned long)gpadl->buffer, + PFN_UP(gpadl->size)); + else + ret =3D 0; if (ret) pr_warn("Fail to set mem host visibility in GPADL teardown %d.\n", ret); =20 diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h index 552ed782bcfc..f7fc2630c054 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h @@ -201,7 +201,8 @@ extern int hv_synic_cleanup(unsigned int cpu); void hv_ringbuffer_pre_init(struct vmbus_channel *channel); =20 int hv_ringbuffer_init(struct hv_ring_buffer_info *ring_info, - struct page *pages, u32 pagecnt, u32 max_pkt_size); + struct page *pages, u32 pagecnt, u32 max_pkt_size, + bool confidential); =20 void hv_ringbuffer_cleanup(struct hv_ring_buffer_info *ring_info); =20 diff --git a/drivers/hv/ring_buffer.c b/drivers/hv/ring_buffer.c index 23ce1fb70de1..3c421a7f78c0 100644 --- a/drivers/hv/ring_buffer.c +++ b/drivers/hv/ring_buffer.c @@ -184,7 +184,8 @@ void hv_ringbuffer_pre_init(struct vmbus_channel *chann= el) =20 /* Initialize the ring buffer. */ int hv_ringbuffer_init(struct hv_ring_buffer_info *ring_info, - struct page *pages, u32 page_cnt, u32 max_pkt_size) + struct page *pages, u32 page_cnt, u32 max_pkt_size, + bool confidential) { struct page **pages_wraparound; int i; @@ -208,7 +209,7 @@ int hv_ringbuffer_init(struct hv_ring_buffer_info *ring= _info, =20 ring_info->ring_buffer =3D (struct hv_ring_buffer *) vmap(pages_wraparound, page_cnt * 2 - 1, VM_MAP, - pgprot_decrypted(PAGE_KERNEL)); + confidential ? PAGE_KERNEL : pgprot_decrypted(PAGE_KERNEL)); =20 kfree(pages_wraparound); if (!ring_info->ring_buffer) --=20 2.43.0 From nobody Tue Oct 7 03:50:44 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B3DAB27B4E5; Fri, 3 Oct 2025 22:27:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530445; cv=none; b=U/a/4+oyewAEZN/whYZMYpG2w2OqLrqgmV5BJVJHwxwRa54OOAGw00xLeDhlXcK3C/u1z1eM+4XKv2cCKAqMdifOE0tVB8F5N00G7wAXJsjeXKYJbb3WcT5CzQmhvIonOmxsf8EmZE6rJa4zbQdhcMtBEhq2Epn1SSzWs4gR7ek= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530445; c=relaxed/simple; bh=Fkn/javTiww3cFoTkMbsTMJizV3BWu9Hp9OMgATsTkM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=BetrW3MaOWn3Q7p6cwzoTkOib8ApUGjdmrmZJHMeRuT1xZ1H1YDKphWhOYNzy3PjUsmlqsmrSJtl8lZF2sYWk0GOGMVQAGtUp6p1Y7VuK/Y8m5JvGRla9y3B0c09syONWLAvImUJX0fwp/9ULpxq01cqxtoIgwHDZKf5fxa6pfo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=skGNtAaH; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="skGNtAaH" Received: from romank-3650.corp.microsoft.com (unknown [131.107.1.188]) by linux.microsoft.com (Postfix) with ESMTPSA id 148E1211C27F; Fri, 3 Oct 2025 15:27:23 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 148E1211C27F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1759530443; bh=KOeZVTeTzRHNYVd4hRy4Pl2r3BRcW7MVMnUEOSxzTv8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=skGNtAaHOaCpeay5u6LSqN2AnKr0jPNhmYCorB9ZcOOETtmkl9Mk0nrEocN2vv726 vcfTaPaaQqIl36uWX2Kwq9Ri+HucteE7M3NZm1AG27aymCDhvO78Fj9dUKtdFXYaZx tGuGhzRaOjw9JEjPL5vhx2cb6+wxLSO3fyP4BMJ0= From: Roman Kisel To: arnd@arndb.de, bp@alien8.de, corbet@lwn.net, dave.hansen@linux.intel.com, decui@microsoft.com, haiyangz@microsoft.com, hpa@zytor.com, kys@microsoft.com, mikelley@microsoft.com, mingo@redhat.com, tglx@linutronix.de, Tianyu.Lan@microsoft.com, wei.liu@kernel.org, x86@kernel.org, linux-hyperv@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Cc: benhill@microsoft.com, bperkins@microsoft.com, sunilmut@microsoft.com, romank@linux.microsoft.com Subject: [PATCH hyperv-next v6 14/17] Drivers: hv: Free msginfo when the buffer fails to decrypt Date: Fri, 3 Oct 2025 15:27:07 -0700 Message-ID: <20251003222710.6257-15-romank@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251003222710.6257-1-romank@linux.microsoft.com> References: <20251003222710.6257-1-romank@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The early failure path in __vmbus_establish_gpadl() doesn't deallocate msginfo if the buffer fails to decrypt. Fix the leak by breaking out the cleanup code into a separate function and calling it where required. Fixes: d4dccf353db80 ("Drivers: hv: vmbus: Mark vmbus ring buffer visible t= o host in Isolation VM") Reported-by: Michael Kelley Closes: https://lore.kernel.org/linux-hyperv/SN6PR02MB41573796F9787F67E0E97= 049D472A@SN6PR02MB4157.namprd02.prod.outlook.com Signed-off-by: Roman Kisel Reviewed-by: Michael Kelley --- drivers/hv/channel.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c index d69713201bef..88485d255a42 100644 --- a/drivers/hv/channel.c +++ b/drivers/hv/channel.c @@ -410,6 +410,21 @@ static int create_gpadl_header(enum hv_gpadl_type type= , void *kbuffer, return 0; } =20 +static void vmbus_free_channel_msginfo(struct vmbus_channel_msginfo *msgin= fo) +{ + struct vmbus_channel_msginfo *submsginfo, *tmp; + + if (!msginfo) + return; + + list_for_each_entry_safe(submsginfo, tmp, &msginfo->submsglist, + msglistentry) { + kfree(submsginfo); + } + + kfree(msginfo); +} + /* * __vmbus_establish_gpadl - Establish a GPADL for a buffer or ringbuffer * @@ -429,7 +444,7 @@ static int __vmbus_establish_gpadl(struct vmbus_channel= *channel, struct vmbus_channel_gpadl_header *gpadlmsg; struct vmbus_channel_gpadl_body *gpadl_body; struct vmbus_channel_msginfo *msginfo =3D NULL; - struct vmbus_channel_msginfo *submsginfo, *tmp; + struct vmbus_channel_msginfo *submsginfo; struct list_head *curr; u32 next_gpadl_handle; unsigned long flags; @@ -459,6 +474,7 @@ static int __vmbus_establish_gpadl(struct vmbus_channel= *channel, dev_warn(&channel->device_obj->device, "Failed to set host visibility for new GPADL %d.\n", ret); + vmbus_free_channel_msginfo(msginfo); return ret; } } @@ -535,12 +551,8 @@ static int __vmbus_establish_gpadl(struct vmbus_channe= l *channel, spin_lock_irqsave(&vmbus_connection.channelmsg_lock, flags); list_del(&msginfo->msglistentry); spin_unlock_irqrestore(&vmbus_connection.channelmsg_lock, flags); - list_for_each_entry_safe(submsginfo, tmp, &msginfo->submsglist, - msglistentry) { - kfree(submsginfo); - } =20 - kfree(msginfo); + vmbus_free_channel_msginfo(msginfo); =20 if (ret) { /* --=20 2.43.0 From nobody Tue Oct 7 03:50:44 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 808DB283FD7; Fri, 3 Oct 2025 22:27:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530446; cv=none; b=LxM1kpqDUPqGcWcr0Fk3YWh8LyWMMysJLCRFcasg1HSCFH0N7mfYVSqBPYPcdQXeJ5Y8/i/mRNg6XD4ev9w9Vztj6GElSd1/xCk8aqHbiqxEs/K4HOs4dmZC7LnV2ToIvRQda0Lr1r+DL3As2CiHy9ctzmHJI1/7VR8eotyQB2g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530446; c=relaxed/simple; bh=WBPIfgVxPGV/LSFNZSZg5i9TojfsH9u2tXp3iGnaa74=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DGoG+qQ6UkctnOurE5LmwI0HIw4yvrkN182JdhoKfDxHit93D1IZGlCtEAY/Qcnzrcc176rqQCY2cmnBjfvfDu9RKxfaHYzQwvePPMWcqg7squQDyO6Er7+T0qx3fxH3DIfxEtbUIyCbrQvqCyYTKE4YzAZaG0mMPZmLj76wUrc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=GkbvjsL2; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="GkbvjsL2" Received: from romank-3650.corp.microsoft.com (unknown [131.107.1.188]) by linux.microsoft.com (Postfix) with ESMTPSA id 9C0E9211C280; Fri, 3 Oct 2025 15:27:23 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 9C0E9211C280 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1759530443; bh=4R3Q4+AFI3c1tV24p2R3HQuzaQyvhOVsFSX+WtZ8g/0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GkbvjsL2Wh0oiQhqhbwfdLDDc07cnbi1jhom4DUiqm6wg5zStipT9TcxHOKdMPzE/ MfXbPmh4hWR47gAxIWJxCy1S5l4/qZDxdpvckzpD/w1NJNHc836VUAtAWkhNvTL7NM OikZxQTnY1q2GDqirK5ggCUlnMMwmwIc1otpK9Rw= From: Roman Kisel To: arnd@arndb.de, bp@alien8.de, corbet@lwn.net, dave.hansen@linux.intel.com, decui@microsoft.com, haiyangz@microsoft.com, hpa@zytor.com, kys@microsoft.com, mikelley@microsoft.com, mingo@redhat.com, tglx@linutronix.de, Tianyu.Lan@microsoft.com, wei.liu@kernel.org, x86@kernel.org, linux-hyperv@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Cc: benhill@microsoft.com, bperkins@microsoft.com, sunilmut@microsoft.com, romank@linux.microsoft.com Subject: [PATCH hyperv-next v6 15/17] Drivers: hv: Support confidential VMBus channels Date: Fri, 3 Oct 2025 15:27:08 -0700 Message-ID: <20251003222710.6257-16-romank@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251003222710.6257-1-romank@linux.microsoft.com> References: <20251003222710.6257-1-romank@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" To make use of Confidential VMBus channels, initialize the co_ring_buffers and co_external_memory fields of the channel structure. Advertise support upon negotiating the version and compute values for those fields and initialize them. Signed-off-by: Roman Kisel Reviewed-by: Michael Kelley --- drivers/hv/channel_mgmt.c | 19 +++++++++++++++++++ drivers/hv/connection.c | 3 +++ 2 files changed, 22 insertions(+) diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c index 6d66cbc9030b..74fed2c073d4 100644 --- a/drivers/hv/channel_mgmt.c +++ b/drivers/hv/channel_mgmt.c @@ -1022,6 +1022,7 @@ static void vmbus_onoffer(struct vmbus_channel_messag= e_header *hdr) struct vmbus_channel_offer_channel *offer; struct vmbus_channel *oldchannel, *newchannel; size_t offer_sz; + bool co_ring_buffer, co_external_memory; =20 offer =3D (struct vmbus_channel_offer_channel *)hdr; =20 @@ -1034,6 +1035,22 @@ static void vmbus_onoffer(struct vmbus_channel_messa= ge_header *hdr) return; } =20 + co_ring_buffer =3D is_co_ring_buffer(offer); + co_external_memory =3D is_co_external_memory(offer); + if (!co_ring_buffer && co_external_memory) { + pr_err("Invalid offer relid=3D%d: the ring buffer isn't encrypted\n", + offer->child_relid); + return; + } + if (co_ring_buffer || co_external_memory) { + if (vmbus_proto_version < VERSION_WIN10_V6_0 || !vmbus_is_confidential()= ) { + pr_err("Invalid offer relid=3D%d: no support for confidential VMBus\n", + offer->child_relid); + atomic_dec(&vmbus_connection.offer_in_progress); + return; + } + } + oldchannel =3D find_primary_channel_by_offer(offer); =20 if (oldchannel !=3D NULL) { @@ -1112,6 +1129,8 @@ static void vmbus_onoffer(struct vmbus_channel_messag= e_header *hdr) pr_err("Unable to allocate channel object\n"); return; } + newchannel->co_ring_buffer =3D co_ring_buffer; + newchannel->co_external_memory =3D co_external_memory; =20 vmbus_setup_channel_state(newchannel, offer); =20 diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c index 1fe3573ae52a..5ac9232396f7 100644 --- a/drivers/hv/connection.c +++ b/drivers/hv/connection.c @@ -105,6 +105,9 @@ int vmbus_negotiate_version(struct vmbus_channel_msginf= o *msginfo, u32 version) vmbus_connection.msg_conn_id =3D VMBUS_MESSAGE_CONNECTION_ID; } =20 + if (vmbus_is_confidential() && version >=3D VERSION_WIN10_V6_0) + msg->feature_flags =3D VMBUS_FEATURE_FLAG_CONFIDENTIAL_CHANNELS; + /* * shared_gpa_boundary is zero in non-SNP VMs, so it's safe to always * bitwise OR it --=20 2.43.0 From nobody Tue Oct 7 03:50:44 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id EB573287259; Fri, 3 Oct 2025 22:27:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530446; cv=none; b=I5Ac1l05Rpa7G1nP1jUShGT3iR9fhIlWLVwr/nybRTXe+M9h9pllak1/M4uZVhK6ABHLBg8CjfF+7eHNynHh6xzLL90jKdipvt1W0hp6sRBj3CR4/yujdnb4ALr8niAHxjj16B4/LbWcJB3VOjd4Onn2BemN7NKPOzdXLW8nbe8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530446; c=relaxed/simple; bh=dLBtBMRxPgTl5LlhBr9ohEdugqGfe8R5auGo67rDwCI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Dg7Gjm8CL0mMeCVFG+4fG7Is2496R5ySu1ocSlbGDDfbhngF41XpeQ+2ZbsSXPqauw3TPlgoAJGY6HTMj7dHgfedwMyCWzvndy36hwbsfXFZPBB41D+9kzP1K/EFxkTJQI/Zx8/iyB2oCDQYC+tkCY1WSRZbxyk6vtmBfaLZmbY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=QzlcFVsd; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="QzlcFVsd" Received: from romank-3650.corp.microsoft.com (unknown [131.107.1.188]) by linux.microsoft.com (Postfix) with ESMTPSA id 3A744211C281; Fri, 3 Oct 2025 15:27:24 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 3A744211C281 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1759530444; bh=A/sW4Txq4BEAcrtbSZAL2Hl6CGu5CJrb8pFJartsG9I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QzlcFVsd5ibqXgsF2TgLT9V3IrsPSJr+Ts4gAdJfo/ERFUiPEnuzEAdaYvJ/xe8RU x3uABocJqd4Q0Du+Ez2RWZ3e694x0c1UBDH8xtkNNGbITBE5ccb6sebXTIyUG1JGux OK3/YXtGewMTZvwoiD1JXMu9zMKiEecIxmChuIUo= From: Roman Kisel To: arnd@arndb.de, bp@alien8.de, corbet@lwn.net, dave.hansen@linux.intel.com, decui@microsoft.com, haiyangz@microsoft.com, hpa@zytor.com, kys@microsoft.com, mikelley@microsoft.com, mingo@redhat.com, tglx@linutronix.de, Tianyu.Lan@microsoft.com, wei.liu@kernel.org, x86@kernel.org, linux-hyperv@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Cc: benhill@microsoft.com, bperkins@microsoft.com, sunilmut@microsoft.com, romank@linux.microsoft.com Subject: [PATCH hyperv-next v6 16/17] Drivers: hv: Set the default VMBus version to 6.0 Date: Fri, 3 Oct 2025 15:27:09 -0700 Message-ID: <20251003222710.6257-17-romank@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251003222710.6257-1-romank@linux.microsoft.com> References: <20251003222710.6257-1-romank@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The confidential VMBus is supported by the protocol version 6.0 onwards. Attempt to establish the VMBus 6.0 connection thus enabling the confidential VMBus features when available. Signed-off-by: Roman Kisel Reviewed-by: Michael Kelley --- drivers/hv/connection.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c index 5ac9232396f7..5d9cb5bf2d62 100644 --- a/drivers/hv/connection.c +++ b/drivers/hv/connection.c @@ -51,6 +51,7 @@ EXPORT_SYMBOL_GPL(vmbus_proto_version); * Linux guests and are not listed. */ static __u32 vmbus_versions[] =3D { + VERSION_WIN10_V6_0, VERSION_WIN10_V5_3, VERSION_WIN10_V5_2, VERSION_WIN10_V5_1, @@ -65,7 +66,7 @@ static __u32 vmbus_versions[] =3D { * Maximal VMBus protocol version guests can negotiate. Useful to cap the * VMBus version for testing and debugging purpose. */ -static uint max_version =3D VERSION_WIN10_V5_3; +static uint max_version =3D VERSION_WIN10_V6_0; =20 module_param(max_version, uint, S_IRUGO); MODULE_PARM_DESC(max_version, --=20 2.43.0 From nobody Tue Oct 7 03:50:44 2025 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C2A862C21F3; Fri, 3 Oct 2025 22:27:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530447; cv=none; b=KXX8iIxHst9aHfhifwgQ/+giFKt8p1ABLWqR4s/tR6y6CSuadyDj08BDKGKTCjBE2Tm0SPeNe9srShOjlAmptBJJQLJ6UvALHKaeOX3i7Py1gMpjjYNqswgrVzAvqJ4CcfKTBXy0YeTqle6wvX2/B20Ca3z5u0KkqbR83HLBcjQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759530447; c=relaxed/simple; bh=vi21MmW6hNpvJW+ahdrYgZwj9la5FUVN0ykIg2JgtSY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=iR3fYyqpccnQwdimFskVYrDfgcXoGnJFR3tJJ7xuTpuyfvyzyxRlPH/eq+lmcioz0nz7MLQy4DTJaw7O5kPz1udvvb9WhBKXvYgfuZrwb8ii0zdDDfCHm1AEDg4dfW+TVbrnDUnDXjSbjkVZGVKVpenqRnEq+4FCEy9Lhf5PM3M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=rHOSACPW; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="rHOSACPW" Received: from romank-3650.corp.microsoft.com (unknown [131.107.1.188]) by linux.microsoft.com (Postfix) with ESMTPSA id E4013211C285; Fri, 3 Oct 2025 15:27:24 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com E4013211C285 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1759530445; bh=sMrXYp/LXKrQSONphfvQVUtB/mFfprwjOJ4nPGwda+I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rHOSACPWoU5HMCRxiFxTRJPRUu6eECNFo1783nVQtWxkT5YsZPE5MXAb12ZMTj9uv 8fgUoak9EpOnC3+FHZAo+LNNE/zTFS46Si/Mah4GN7iR7mU4yHHDLOJYsWIjBVX4qS FcvXiBeKopipNwNzCDBc6moJyDvrMXGCrIfXxDYc= From: Roman Kisel To: arnd@arndb.de, bp@alien8.de, corbet@lwn.net, dave.hansen@linux.intel.com, decui@microsoft.com, haiyangz@microsoft.com, hpa@zytor.com, kys@microsoft.com, mikelley@microsoft.com, mingo@redhat.com, tglx@linutronix.de, Tianyu.Lan@microsoft.com, wei.liu@kernel.org, x86@kernel.org, linux-hyperv@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org Cc: benhill@microsoft.com, bperkins@microsoft.com, sunilmut@microsoft.com, romank@linux.microsoft.com Subject: [PATCH hyperv-next v6 17/17] Drivers: hv: Support establishing the confidential VMBus connection Date: Fri, 3 Oct 2025 15:27:10 -0700 Message-ID: <20251003222710.6257-18-romank@linux.microsoft.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251003222710.6257-1-romank@linux.microsoft.com> References: <20251003222710.6257-1-romank@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" To establish the confidential VMBus connection the CoCo VM, the guest first checks on the confidential VMBus availability, and then proceeds to initializing the communication stack. Implement that in the VMBus driver initialization. Signed-off-by: Roman Kisel Reviewed-by: Michael Kelley --- drivers/hv/vmbus_drv.c | 168 ++++++++++++++++++++++++++--------------- 1 file changed, 106 insertions(+), 62 deletions(-) diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index 2b5bf672c467..0dc4692b411a 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -1057,12 +1057,9 @@ static void vmbus_onmessage_work(struct work_struct = *work) kfree(ctx); } =20 -void vmbus_on_msg_dpc(unsigned long data) +static void __vmbus_on_msg_dpc(void *message_page_addr) { - struct hv_per_cpu_context *hv_cpu =3D (void *)data; - void *page_addr =3D hv_cpu->hyp_synic_message_page; - struct hv_message msg_copy, *msg =3D (struct hv_message *)page_addr + - VMBUS_MESSAGE_SINT; + struct hv_message msg_copy, *msg; struct vmbus_channel_message_header *hdr; enum vmbus_channel_message_type msgtype; const struct vmbus_channel_message_table_entry *entry; @@ -1070,6 +1067,10 @@ void vmbus_on_msg_dpc(unsigned long data) __u8 payload_size; u32 message_type; =20 + if (!message_page_addr) + return; + msg =3D (struct hv_message *)message_page_addr + VMBUS_MESSAGE_SINT; + /* * 'enum vmbus_channel_message_type' is supposed to always be 'u32' as * it is being used in 'struct vmbus_channel_message_header' definition @@ -1195,6 +1196,14 @@ void vmbus_on_msg_dpc(unsigned long data) vmbus_signal_eom(msg, message_type); } =20 +void vmbus_on_msg_dpc(unsigned long data) +{ + struct hv_per_cpu_context *hv_cpu =3D (void *)data; + + __vmbus_on_msg_dpc(hv_cpu->hyp_synic_message_page); + __vmbus_on_msg_dpc(hv_cpu->para_synic_message_page); +} + #ifdef CONFIG_PM_SLEEP /* * Fake RESCIND_CHANNEL messages to clean up hv_sock channels by force for @@ -1233,21 +1242,19 @@ static void vmbus_force_channel_rescinded(struct vm= bus_channel *channel) #endif /* CONFIG_PM_SLEEP */ =20 /* - * Schedule all channels with events pending + * Schedule all channels with events pending. + * The event page can be directly checked to get the id of + * the channel that has the interrupt pending. */ -static void vmbus_chan_sched(struct hv_per_cpu_context *hv_cpu) +static void vmbus_chan_sched(void *event_page_addr) { unsigned long *recv_int_page; u32 maxbits, relid; + union hv_synic_event_flags *event; =20 - /* - * The event page can be directly checked to get the id of - * the channel that has the interrupt pending. - */ - void *page_addr =3D hv_cpu->hyp_synic_event_page; - union hv_synic_event_flags *event - =3D (union hv_synic_event_flags *)page_addr + - VMBUS_MESSAGE_SINT; + if (!event_page_addr) + return; + event =3D (union hv_synic_event_flags *)event_page_addr + VMBUS_MESSAGE_S= INT; =20 maxbits =3D HV_EVENT_FLAGS_COUNT; recv_int_page =3D event->flags; @@ -1255,6 +1262,11 @@ static void vmbus_chan_sched(struct hv_per_cpu_conte= xt *hv_cpu) if (unlikely(!recv_int_page)) return; =20 + /* + * Suggested-by: Michael Kelley + * One possible optimization would be to keep track of the largest relID = that's in use, + * and only scan up to that relID. + */ for_each_set_bit(relid, recv_int_page, maxbits) { void (*callback_fn)(void *context); struct vmbus_channel *channel; @@ -1318,26 +1330,35 @@ static void vmbus_chan_sched(struct hv_per_cpu_cont= ext *hv_cpu) } } =20 -static void vmbus_isr(void) +static void vmbus_message_sched(struct hv_per_cpu_context *hv_cpu, void *m= essage_page_addr) { - struct hv_per_cpu_context *hv_cpu - =3D this_cpu_ptr(hv_context.cpu_context); - void *page_addr; struct hv_message *msg; =20 - vmbus_chan_sched(hv_cpu); - - page_addr =3D hv_cpu->hyp_synic_message_page; - msg =3D (struct hv_message *)page_addr + VMBUS_MESSAGE_SINT; + if (!message_page_addr) + return; + msg =3D (struct hv_message *)message_page_addr + VMBUS_MESSAGE_SINT; =20 /* Check if there are actual msgs to be processed */ if (msg->header.message_type !=3D HVMSG_NONE) { if (msg->header.message_type =3D=3D HVMSG_TIMER_EXPIRED) { hv_stimer0_isr(); vmbus_signal_eom(msg, HVMSG_TIMER_EXPIRED); - } else + } else { tasklet_schedule(&hv_cpu->msg_dpc); + } } +} + +static void vmbus_isr(void) +{ + struct hv_per_cpu_context *hv_cpu + =3D this_cpu_ptr(hv_context.cpu_context); + + vmbus_chan_sched(hv_cpu->hyp_synic_event_page); + vmbus_chan_sched(hv_cpu->para_synic_event_page); + + vmbus_message_sched(hv_cpu, hv_cpu->hyp_synic_message_page); + vmbus_message_sched(hv_cpu, hv_cpu->para_synic_message_page); =20 add_interrupt_randomness(vmbus_interrupt); } @@ -1355,6 +1376,59 @@ static void vmbus_percpu_work(struct work_struct *wo= rk) hv_synic_init(cpu); } =20 +static int vmbus_alloc_synic_and_connect(void) +{ + int ret, cpu; + struct work_struct __percpu *works; + int hyperv_cpuhp_online; + + ret =3D hv_synic_alloc(); + if (ret < 0) + goto err_alloc; + + works =3D alloc_percpu(struct work_struct); + if (!works) { + ret =3D -ENOMEM; + goto err_alloc; + } + + /* + * Initialize the per-cpu interrupt state and stimer state. + * Then connect to the host. + */ + cpus_read_lock(); + for_each_online_cpu(cpu) { + struct work_struct *work =3D per_cpu_ptr(works, cpu); + + INIT_WORK(work, vmbus_percpu_work); + schedule_work_on(cpu, work); + } + + for_each_online_cpu(cpu) + flush_work(per_cpu_ptr(works, cpu)); + + /* Register the callbacks for possible CPU online/offline'ing */ + ret =3D cpuhp_setup_state_nocalls_cpuslocked(CPUHP_AP_ONLINE_DYN, "hyperv= /vmbus:online", + hv_synic_init, hv_synic_cleanup); + cpus_read_unlock(); + free_percpu(works); + if (ret < 0) + goto err_alloc; + hyperv_cpuhp_online =3D ret; + + ret =3D vmbus_connect(); + if (ret) + goto err_connect; + return 0; + +err_connect: + cpuhp_remove_state(hyperv_cpuhp_online); + return -ENODEV; +err_alloc: + hv_synic_free(); + return -ENOMEM; +} + /* * vmbus_bus_init -Main vmbus driver initialization routine. * @@ -1365,8 +1439,7 @@ static void vmbus_percpu_work(struct work_struct *wor= k) */ static int vmbus_bus_init(void) { - int ret, cpu; - struct work_struct __percpu *works; + int ret; =20 ret =3D hv_init(); if (ret !=3D 0) { @@ -1401,41 +1474,15 @@ static int vmbus_bus_init(void) } } =20 - ret =3D hv_synic_alloc(); - if (ret) - goto err_alloc; - - works =3D alloc_percpu(struct work_struct); - if (!works) { - ret =3D -ENOMEM; - goto err_alloc; - } - /* - * Initialize the per-cpu interrupt state and stimer state. - * Then connect to the host. + * Cache the value as getting it involves a VM exit on x86(_64), and + * doing that on each VP while initializing SynIC's wastes time. */ - cpus_read_lock(); - for_each_online_cpu(cpu) { - struct work_struct *work =3D per_cpu_ptr(works, cpu); - - INIT_WORK(work, vmbus_percpu_work); - schedule_work_on(cpu, work); - } - - for_each_online_cpu(cpu) - flush_work(per_cpu_ptr(works, cpu)); - - /* Register the callbacks for possible CPU online/offline'ing */ - ret =3D cpuhp_setup_state_nocalls_cpuslocked(CPUHP_AP_ONLINE_DYN, "hyperv= /vmbus:online", - hv_synic_init, hv_synic_cleanup); - cpus_read_unlock(); - free_percpu(works); - if (ret < 0) - goto err_alloc; - hyperv_cpuhp_online =3D ret; - - ret =3D vmbus_connect(); + is_confidential =3D ms_hyperv.confidential_vmbus_available; + if (is_confidential) + pr_info("Establishing connection to the confidential VMBus\n"); + hv_para_set_sint_proxy(!is_confidential); + ret =3D vmbus_alloc_synic_and_connect(); if (ret) goto err_connect; =20 @@ -1451,9 +1498,6 @@ static int vmbus_bus_init(void) return 0; =20 err_connect: - cpuhp_remove_state(hyperv_cpuhp_online); -err_alloc: - hv_synic_free(); if (vmbus_irq =3D=3D -1) { hv_remove_vmbus_handler(); } else { --=20 2.43.0