On Mon, Oct 25, 2021 at 08:21:05AM -0400, Tianyu Lan wrote: > From: Tianyu Lan <Tianyu.Lan@xxxxxxxxxxxxx> > > Hyper-V provides two kinds of Isolation VMs. VBS(Virtualization-based > security) and AMD SEV-SNP unenlightened Isolation VMs. This patchset > is to add support for these Isolation VM support in Linux. > > The memory of these vms are encrypted and host can't access guest > memory directly. Hyper-V provides new host visibility hvcall and > the guest needs to call new hvcall to mark memory visible to host > before sharing memory with host. For security, all network/storage > stack memory should not be shared with host and so there is bounce > buffer requests. > > Vmbus channel ring buffer already plays bounce buffer role because > all data from/to host needs to copy from/to between the ring buffer > and IO stack memory. So mark vmbus channel ring buffer visible. > > For SNP isolation VM, guest needs to access the shared memory via > extra address space which is specified by Hyper-V CPUID HYPERV_CPUID_ > ISOLATION_CONFIG. The access physical address of the shared memory > should be bounce buffer memory GPA plus with shared_gpa_boundary > reported by CPUID. > > This patchset is rebased on the commit d9abdee of Linux mainline tree > and plus clean up patch from Borislav Petkov(https://lore.kernel.org/r/ > YWRwxImd9Qcls/Yy@xxxxxxx) > > Applied to hyperv-next. Thanks. Wei.
