On 2/20/2025 11:17 AM, Michael Kelley wrote:
> From: Nuno Das Neves <nunodasneves@xxxxxxxxxxxxxxxxxxx> Sent: Thursday, February 20, 2025 10:33 AM
>>
>> Introduce hv_current_partition_type to store the partition type
>> as an enum.
>>
>> Right now this is limited to guest or root partition, but there will
>> be other kinds in future and the enum is easily extensible.
>>
>> Set up hv_current_partition_type early in Hyper-V initialization with
>> hv_identify_partition_type(). hv_root_partition() just queries this
>> value, and shouldn't be called before that.
>>
>> Making this check into a function sets the stage for adding a config
>> option to gate the compilation of root partition code. In particular,
>> hv_root_partition() can be stubbed out always be false if root
>> partition support isn't desired.
>>
>>
>
> [snip]
>
>> +void hv_identify_partition_type(void)
>> +{
>> + /* Assume guest role */
>> + hv_current_partition_type = HV_PARTITION_TYPE_GUEST;
>> + /*
>> + * Check partition creation and cpu management privileges
>> + *
>> + * Hyper-V should never specify running as root and as a Confidential
>> + * VM. But to protect against a compromised/malicious Hyper-V trying
>> + * to exploit root behavior to expose Confidential VM memory, ignore
>> + * the root partition setting if also a Confidential VM.
>> + */
>> + if ((ms_hyperv.priv_high & HV_CREATE_PARTITIONS) &&
>> + (ms_hyperv.priv_high & HV_CPU_MANAGEMENT) &&
>> + !(ms_hyperv.priv_high & HV_ISOLATION)) {
>> + pr_info("Hyper-V: running as root partition\n");
>> + if (IS_ENABLED(CONFIG_MSHV_ROOT))
>
> I'll have to rescind the "Reviewed-by:" that I just gave. There's a patch
> sequencing problem in that CONFIG_MSHV_ROOT doesn't exist yet.
> It's added in Patch 3 of the series. Because it doesn't exist, the
> IS_ENABLED() will always return 'false', which isn't fatal in the sense
> of causing a compile error. But the code won't run in the root partition
> because hv_current_partition_type isn't set.
>
Oops! Thanks for catching that, I'll just move the check from this patch
to patch 3.
> Michael
>
>> + hv_current_partition_type = HV_PARTITION_TYPE_ROOT;
>> + else
>> + pr_crit("Hyper-V: CONFIG_MSHV_ROOT not enabled!\n");
>> + }
>> +}
