RE: [Patch v4 01/13] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: RE: [Patch v4 01/13] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute
From: "Michael Kelley (LINUX)" <mikelley@xxxxxxxxxxxxx>
Date: Tue, 6 Dec 2022 19:54:02 +0000
Cc: "hpa@xxxxxxxxx" <hpa@xxxxxxxxx>, KY Srinivasan <kys@xxxxxxxxxxxxx>, Haiyang Zhang <haiyangz@xxxxxxxxxxxxx>, "wei.liu@xxxxxxxxxx" <wei.liu@xxxxxxxxxx>, Dexuan Cui <decui@xxxxxxxxxxxxx>, "luto@xxxxxxxxxx" <luto@xxxxxxxxxx>, "peterz@xxxxxxxxxxxxx" <peterz@xxxxxxxxxxxxx>, "davem@xxxxxxxxxxxxx" <davem@xxxxxxxxxxxxx>, "edumazet@xxxxxxxxxx" <edumazet@xxxxxxxxxx>, "kuba@xxxxxxxxxx" <kuba@xxxxxxxxxx>, "pabeni@xxxxxxxxxx" <pabeni@xxxxxxxxxx>, "lpieralisi@xxxxxxxxxx" <lpieralisi@xxxxxxxxxx>, "robh@xxxxxxxxxx" <robh@xxxxxxxxxx>, "kw@xxxxxxxxx" <kw@xxxxxxxxx>, "bhelgaas@xxxxxxxxxx" <bhelgaas@xxxxxxxxxx>, "arnd@xxxxxxxx" <arnd@xxxxxxxx>, "hch@xxxxxxxxxxxxx" <hch@xxxxxxxxxxxxx>, "m.szyprowski@xxxxxxxxxxx" <m.szyprowski@xxxxxxxxxxx>, "robin.murphy@xxxxxxx" <robin.murphy@xxxxxxx>, "thomas.lendacky@xxxxxxx" <thomas.lendacky@xxxxxxx>, "brijesh.singh@xxxxxxx" <brijesh.singh@xxxxxxx>, "tglx@xxxxxxxxxxxxx" <tglx@xxxxxxxxxxxxx>, "mingo@xxxxxxxxxx" <mingo@xxxxxxxxxx>, "dave.hansen@xxxxxxxxxxxxxxx" <dave.hansen@xxxxxxxxxxxxxxx>, Tianyu Lan <Tianyu.Lan@xxxxxxxxxxxxx>, "kirill.shutemov@xxxxxxxxxxxxxxx" <kirill.shutemov@xxxxxxxxxxxxxxx>, "sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx" <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx>, "ak@xxxxxxxxxxxxxxx" <ak@xxxxxxxxxxxxxxx>, "isaku.yamahata@xxxxxxxxx" <isaku.yamahata@xxxxxxxxx>, "Williams, Dan J" <dan.j.williams@xxxxxxxxx>, "jane.chu@xxxxxxxxxx" <jane.chu@xxxxxxxxxx>, "seanjc@xxxxxxxxxx" <seanjc@xxxxxxxxxx>, "tony.luck@xxxxxxxxx" <tony.luck@xxxxxxxxx>, "x86@xxxxxxxxxx" <x86@xxxxxxxxxx>, "linux-kernel@xxxxxxxxxxxxxxx" <linux-kernel@xxxxxxxxxxxxxxx>, "linux-hyperv@xxxxxxxxxxxxxxx" <linux-hyperv@xxxxxxxxxxxxxxx>, "netdev@xxxxxxxxxxxxxxx" <netdev@xxxxxxxxxxxxxxx>, "linux-pci@xxxxxxxxxxxxxxx" <linux-pci@xxxxxxxxxxxxxxx>, "linux-arch@xxxxxxxxxxxxxxx" <linux-arch@xxxxxxxxxxxxxxx>, "iommu@xxxxxxxxxxxxxxx" <iommu@xxxxxxxxxxxxxxx>
In-reply-to: <Y4+WjB/asSvxXW/t@zn.tnic>
Msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=1dc6a1af-ab62-46c2-831d-627e9cc8b76b;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2022-12-06T19:53:18Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
References: <1669951831-4180-1-git-send-email-mikelley@microsoft.com> <1669951831-4180-2-git-send-email-mikelley@microsoft.com> <Y4+WjB/asSvxXW/t@zn.tnic>

From: Borislav Petkov <bp@xxxxxxxxx> Sent: Tuesday, December 6, 2022 11:23 AM
> 
> On Thu, Dec 01, 2022 at 07:30:19PM -0800, Michael Kelley wrote:
> > Current code always maps the IO-APIC as shared (decrypted) in a
> > confidential VM. But Hyper-V guest VMs on AMD SEV-SNP with vTOM
> > enabled use a paravisor running in VMPL0 to emulate the IO-APIC.
> > In such a case, the IO-APIC must be accessed as private (encrypted).
> 
> Lemme see I understand this correctly:
> 
> the paravisor is emulating the IO-APIC in the lower range of the address
> space, under the vTOM which is accessed encrypted.
> 
> That's why you need to access it encrypted in the guest.
> 
> Close?
> 

Exactly correct.

Michael

Follow-Ups:
- Re: [Patch v4 01/13] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute
  - From: Borislav Petkov

References:
- [Patch v4 00/13] Add PCI pass-thru support to Hyper-V Confidential VMs
  - From: Michael Kelley
- [Patch v4 01/13] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute
  - From: Michael Kelley
- Re: [Patch v4 01/13] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute
  - From: Borislav Petkov

Prev by Date: Re: [Patch v4 05/13] init: Call mem_encrypt_init() after Hyper-V hypercall init is done
Next by Date: RE: [Patch v4 05/13] init: Call mem_encrypt_init() after Hyper-V hypercall init is done
Previous by thread: Re: [Patch v4 01/13] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute
Next by thread: Re: [Patch v4 01/13] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute
Index(es):
- Date
- Thread

[Index of Archives] [DMA Engine] [Linux Coverity] [Linux USB] [Video for Linux] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI] [Greybus]