e to
host in Isolation VM")
Reported-by: Michael Kelly
Closes:
https://lore.kernel.org/linux-hyperv/sn6pr02mb41573796f9787f67e0e97049d4...@sn6pr02mb4157.namprd02.prod.outlook.com
Signed-off-by: Roman Kisel
---
drivers/hv/channel.c | 32 ++--
1 file changed, 22 in
To make use of Confidential VMBus channels, initialize the
co_ring_buffers and co_external_memory fields of the channel
structure.
Advertise support upon negotiating the version and compute
values for those fields and initialize them.
Signed-off-by: Roman Kisel
---
drivers/hv/channel_mgmt.c
To establish the confidential VMBus connection the CoCo VM guest
first attempts to connect to the VMBus server run by the paravisor.
If that fails, the guest falls back to the non-confidential VMBus.
Implement that in the VMBus driver initialization.
Signed-off-by: Roman Kisel
---
drivers/hv
The confidential VMBus is supported by the protocol version
6.0 onwards.
Attempt to establish the VMBus 6.0 connection thus enabling
the confidential VMBus features when available.
Signed-off-by: Roman Kisel
---
drivers/hv/connection.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion
SynIC when it is
present.
Signed-off-by: Roman Kisel
---
drivers/hv/hv.c | 184 +++---
drivers/hv/hyperv_vmbus.h | 18
2 files changed, 112 insertions(+), 90 deletions(-)
diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
index 964b9102477d
The confidential VMBus requires support for the both hypervisor
facing SynIC and the paravisor one.
Rename the functions that enable and disable SynIC with the
hypervisor. No functional changes.
Signed-off-by: Roman Kisel
---
drivers/hv/channel_mgmt.c | 2 +-
drivers/hv/hv.c | 11
into separate functions so that SynIC interrupts can be
enabled or disabled via the paravisor instead of the hypervisor
if the paravisor SynIC is present.
Signed-off-by: Roman Kisel
---
drivers/hv/hv.c | 197 +---
1 file changed, 185 insertions(+), 12
Confidential VMBus is built around using buffers not shared with
the host.
Support allocating encrypted buffers when requested.
Signed-off-by: Roman Kisel
---
drivers/hv/channel.c | 49 +++
drivers/hv/hyperv_vmbus.h | 3 ++-
drivers/hv/ring_buffer.c
istinguish them from the paravisor
ones. The field name is also changed in mshv_root.* for consistency.
No functional changes.
Signed-off-by: Roman Kisel
---
drivers/hv/channel_mgmt.c | 6 ++--
drivers/hv/hv.c | 66 +++
drivers/hv/hyperv_vm
The comment about the x2v shim is ancient and long since incorrect.
Remove the incorrect comment.
Signed-off-by: Roman Kisel
---
drivers/hv/hv.c | 6 +-
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
index 816f8a14ff63..820711e954d1 100644
When the confidential VMBus is available, the guest should post
messages to the paravisor.
Update hv_post_message() to post messages to the paravisor rather than
through GHCB or TD calls.
Signed-off-by: Roman Kisel
---
drivers/hv/hv.c | 11 ++-
1 file changed, 10 insertions(+), 1
It might happen that some hyp SynIC pages aren't allocated.
Check for that and only then call iounmap().
Signed-off-by: Roman Kisel
---
drivers/hv/hv.c | 12
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
index 820711e
it.
Update the hv_set_non_nested_msr() function as well as
vmbus_signal_eom() to trap on access for some synthetic MSRs.
Signed-off-by: Roman Kisel
Reviewed-by: Alok Tiwari
---
arch/x86/kernel/cpu/mshyperv.c | 17 +
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a
isor.
Signed-off-by: Roman Kisel
Reviewed-by: Alok Tiwari
---
arch/x86/kernel/cpu/mshyperv.c | 39 ++
drivers/hv/hv_common.c | 13 ++
include/asm-generic/mshyperv.h | 75 ++
3 files changed, 92 insertions(+), 35 deletions(-)
diff --g
The confidential VMBus is supported starting from the protocol
version 6.0 onwards.
Update the relevant definitions, and provide a function that returns
whether VMBus is confidential or not. No functional changes.
Signed-off-by: Roman Kisel
Reviewed-by: Alok Tiwari
---
drivers/hv/vmbus_drv.c
Define what the confidential VMBus is and describe what advantages
it offers on the capable hardware.
Signed-off-by: Roman Kisel
Reviewed-by: Alok Tiwari
---
Documentation/virt/hyperv/coco.rst | 140 -
1 file changed, 139 insertions(+), 1 deletion(-)
diff --git a
you, Christoph, Dexuan, Dan, Michael, James, Robin! **
[V1]
https://lore.kernel.org/linux-hyperv/20250409000835.285105-1-rom...@linux.microsoft.com/
Roman Kisel (16):
Documentation: hyperv: Confidential VMBus
drivers: hv: VMBus protocol version 6.0
arch: hyperv: Get/set SynIC synth.r
synthetic MSRs.
Signed-off-by: Roman Kisel
Reviewed-by: Alok Tiwari
---
arch/x86/kernel/cpu/mshyperv.c | 23 +++
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
index 83a85d94bcb3..db6f3e3db012 100644
When the confidential VMBus is available, the guest should post
messages via the paravisor.
Update hv_post_message() to request posting messages from the paravisor
rather than through GHCB or TD calls.
Signed-off-by: Roman Kisel
---
drivers/hv/hv.c | 2 +-
1 file changed, 1 insertion(+), 1
The confidential VMBus is supported by the protocol version
6.0 onwards.
Attempt to establish the VMBus 6.0 connection thus enabling
the confidential VMBus features when available.
Signed-off-by: Roman Kisel
---
drivers/hv/connection.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion
The confidential VMBus is supported starting from the protocol
version 6.0 onwards.
Update the relevant definitions, and provide a function that returns
whether VMBus is confidential or not. No functional changes.
Signed-off-by: Roman Kisel
Reviewed-by: Alok Tiwari
---
drivers/hv/vmbus_drv.c
It might happen that some hyp SynIC pages aren't IO mapped.
Use memunmap() that checks for that and only then calls iounmap()
Signed-off-by: Roman Kisel
---
drivers/hv/hv.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
To establish the confidential VMBus connection the CoCo VM guest
first attempts to connect to the VMBus server run by the paravisor.
If that fails, the guest falls back to the non-confidential VMBus.
Implement that in the VMBus driver initialization.
Signed-off-by: Roman Kisel
---
drivers/hv
Confidential VMBus is built around using buffers not shared with
the host.
Support allocating encrypted buffers when requested.
Signed-off-by: Roman Kisel
---
drivers/hv/channel.c | 43 +++
drivers/hv/hyperv_vmbus.h | 3 ++-
drivers/hv/ring_buffer.c
The confidential VMBus runs with the paravisor SynIC and requires
configuring it with the paravisor.
Add the functions for configuring the paravisor SynIC
Signed-off-by: Roman Kisel
---
drivers/hv/hv.c | 180 +---
1 file changed, 169 insertions
To run a confidential VMBus channels, one has to initialize the
co_ring_buffers and co_external_memory fields of the channel
structure.
Advertise support upon negoatiating the version and compute
values for those fields and initialize them.
Signed-off-by: Roman Kisel
---
drivers/hv
The comment about the x2v shim is ancient and long since incorrect.
Remove the incorrect comment.
Signed-off-by: Roman Kisel
---
drivers/hv/hv.c | 6 +-
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
index 1f7cf1244509..6a4857def82d 100644
The confidential VMBus requires support for the both hypervisor
facing SynIC and the paravisor one.
Rename the functions that enable and disable SynIC with the
hypervisor.
Signed-off-by: Roman Kisel
---
drivers/hv/channel_mgmt.c | 2 +-
drivers/hv/hv.c | 11 ++-
drivers/hv
changed in mshv_root.* for consistency.
Signed-off-by: Roman Kisel
---
drivers/hv/channel_mgmt.c | 6 ++--
drivers/hv/hv.c | 66 +++
drivers/hv/hyperv_vmbus.h | 4 +--
drivers/hv/mshv_root.h| 2 +-
drivers/hv/mshv_synic.c | 6 ++--
drivers/hv
The paravisor needs the SynIC pages to communicate with the guest
via the confidential VMBus.
Refactor and extaned the exisitng code to account for that.
Signed-off-by: Roman Kisel
---
drivers/hv/hv.c | 184 +++---
drivers/hv/hyperv_vmbus.h | 17
The confidential VMBus is built on the guest talking to the
paravisor only.
Provide functions that allow manipulating the SynIC registers
via paravisor. No functional changes.
Signed-off-by: Roman Kisel
Reviewed-by: Alok Tiwari
---
arch/x86/kernel/cpu/mshyperv.c | 44
Define what the confidential VMBus is and describe what advantages
it offers on the capable hardware.
Signed-off-by: Roman Kisel
Reviewed-by: Alok Tiwari
---
Documentation/virt/hyperv/coco.rst | 125 -
1 file changed, 124 insertions(+), 1 deletion(-)
diff --git a
//lore.kernel.org/linux-hyperv/20250409000835.285105-1-rom...@linux.microsoft.com/
Roman Kisel (15):
Documentation: hyperv: Confidential VMBus
drivers: hv: VMBus protocol version 6.0
arch: hyperv: Get/set SynIC synth.registers via paravisor
arch/x86: mshyperv: Trap on access for some synthetic MSRs
Driver
> From: Roman Kisel Sent: Sunday, May 11, 2025
> 4:08 PM
>>
>> Define what the confidential VMBus is and describe what advantages
>> it offers on the capable hardware.
>>
>> Signed-off-by: Roman Kisel
>> ---
>> Documentation/virt/hyperv/vmbus.r
On 5/12/2025 6:13 AM, ALOK TIWARI wrote:
On 12-05-2025 04:37, Roman Kisel wrote:
Confidential VMBus employs the paravisor SynIC pages to implement
the control plane of the protocol, and the data plane may use
encrypted pages.
Implement scanning the additional pages in the control plane
On 5/12/2025 2:49 AM, ALOK TIWARI wrote:
On 12-05-2025 04:37, Roman Kisel wrote:
The confidential VMBus is supported starting from the protocol
version 6.0 onwards.
Update the relevant definitions, provide a function that returns
whether VMBus is condifential or not.
typo condifential
On 5/11/2025 10:22 PM, ALOK TIWARI wrote:
On 12-05-2025 04:37, Roman Kisel wrote:
Define what the confidential VMBus is and describe what advantages
it offers on the capable hardware.
Signed-off-by: Roman Kisel
---
Documentation/virt/hyperv/vmbus.rst | 41
On 5/12/2025 2:39 AM, ALOK TIWARI wrote:
On 12-05-2025 04:37, Roman Kisel wrote:
+/*
+ * Not every paravisor supports getting SynIC registers, and
+ * this function may fail. The caller has to make sure that this
function
+ * runs on the CPU of interest.
+ */
Title and Intent: Clearly
) unconditionally.
Signed-off-by: Roman Kisel
---
arch/x86/kernel/cpu/mshyperv.c | 23 +-
drivers/hv/channel.c | 36 +--
drivers/hv/channel_mgmt.c | 29 +-
drivers/hv/connection.c| 10 +-
drivers/hv/hv.c| 485 -
drivers/hv
The confidential VMBus is built on the guest talking to the
paravisor only.
Provide functions that allow manipulating the SynIC registers
via paravisor.
Signed-off-by: Roman Kisel
---
arch/arm64/hyperv/mshyperv.c | 19 +++
arch/arm64/include/asm/mshyperv.h | 3 +++
arch
The confidential VMBus is supported starting from the protocol
version 6.0 onwards.
Update the relevant definitions, provide a function that returns
whether VMBus is condifential or not.
Signed-off-by: Roman Kisel
---
drivers/hv/vmbus_drv.c | 12 ++
include/asm-generic/mshyperv.h
Define what the confidential VMBus is and describe what advantages
it offers on the capable hardware.
Signed-off-by: Roman Kisel
---
Documentation/virt/hyperv/vmbus.rst | 41 +
1 file changed, 41 insertions(+)
diff --git a/Documentation/virt/hyperv/vmbus.rst
b
the storage (for the simplicity sake) but not for the network. These
changes
might be proposed in the future again after revolving the issues.
** Thanks you, Christoph, Dexuan, Dan, Michael, James, Robin! **
[V1]
https://lore.kernel.org/linux-hyperv/20250409000835.285105-1-rom...@linux.m
Define what the confidential VMBus is and describe what advantages
it offers on the capable hardware.
Signed-off-by: Roman Kisel
---
Documentation/virt/hyperv/vmbus.rst | 41 +
1 file changed, 41 insertions(+)
diff --git a/Documentation/virt/hyperv/vmbus.rst
b
locating and
freeing in `hv.c`,
- John and Sven for the design,
- Mike for helping to avoid pitfalls when dealing with the GFP flags,
- Sven for blazing the trail and implementing the design in few
codebases.
Roman Kisel (6):
Documentation: hyperv: Confidential VMBus
drivers: hyperv: VMBus pr
On 4/10/2025 9:54 AM, ALOK TIWARI wrote:
[...]
typo trsuted -> trusted
+To support confidential communication with the paravisor, a VmBus client
+will first attempt to use regular, non-isolated mechanisms for
communication.
+To do this, it must:
Thanks for your help with this p
On 4/10/2025 12:21 AM, Christoph Hellwig wrote:
On Wed, Apr 09, 2025 at 09:44:03AM -0700, Roman Kisel wrote:
Do you feel this is shoehorned in `struct device`? I couldn't find an
appropriate private (== opaque pointer) part in the structure to store
that bit (`struct device_private` wou
On 4/9/2025 3:52 AM, Christoph Hellwig wrote:
On Tue, Apr 08, 2025 at 05:08:34PM -0700, Roman Kisel wrote:
Bounce-buffering makes the system spend more time copying
I/O data. When the I/O transaction take place between
a confidential and a non-confidential endpoints, there is
no other way
On 4/9/2025 9:03 AM, Robin Murphy wrote:
On 2025-04-09 1:08 am, Roman Kisel wrote:
Bounce-buffering makes the system spend more time copying
I/O data. When the I/O transaction take place between
a confidential and a non-confidential endpoints, there is
no other way around.
Introduce a
On 4/9/2025 3:53 AM, Christoph Hellwig wrote:
On Tue, Apr 08, 2025 at 05:08:35PM -0700, Roman Kisel wrote:
The device bit that indicates that the device is capable of I/O
with private pages lets avoid excessive copying in the Hyper-V
SCSI driver.
Set that bit equal to the confidential
. The capable
device may employ it to save on copying data around.
Signed-off-by: Roman Kisel
---
arch/x86/mm/mem_encrypt.c | 3 +++
include/linux/device.h | 8
include/linux/dma-direct.h | 3 +++
include/linux/swiotlb.h| 3 +++
4 files changed, 17 insertions(+)
diff --git a/arch/x
) unconditionally.
Signed-off-by: Roman Kisel
---
arch/x86/kernel/cpu/mshyperv.c | 23 +-
drivers/hv/channel.c | 36 +--
drivers/hv/channel_mgmt.c | 29 +-
drivers/hv/connection.c| 10 +-
drivers/hv/hv.c| 485 -
drivers/hv
The device bit that indicates that the device is capable of I/O
with private pages lets avoid excessive copying in the Hyper-V
SCSI driver.
Set that bit equal to the confidential external memory one to
not bounce buffer
Signed-off-by: Roman Kisel
---
drivers/scsi/storvsc_drv.c | 2 ++
1 file
The confidential VMBus is supported starting from the protocol
version 6.0 onwards.
Update the relevant definitions, provide a function that returns
whether VMBus is condifential or not.
Signed-off-by: Roman Kisel
---
drivers/hv/vmbus_drv.c | 12 ++
include/asm-generic/mshyperv.h
The confidential VMBus is built on the guest talking to the
paravisor only.
Provide functions that allow manipulating the SynIC registers
via paravisor.
Signed-off-by: Roman Kisel
---
arch/arm64/hyperv/mshyperv.c | 19 +++
arch/arm64/include/asm/mshyperv.h | 3 +++
arch
On 1/13/2025 6:56 AM, mhkelle...@gmail.com wrote:
From: Michael Kelley
[...]
An incredible read, thank you, Michael!
Reviewed-by: Roman Kisel
diff --git a/Documentation/virt/hyperv/index.rst
b/Documentation/virt/hyperv/index.rst
index 79bc4080329e..c84c40fd61c9 100644
--- a
On 12/12/2024 3:17 PM, mhkelle...@gmail.com wrote:
From: Michael Kelley
Add documentation on how hibernation works in a guest VM on Hyper-V.
Describe how VMBus devices and the VMBus itself are hibernated and
resumed, along with various limitations.
Signed-off-by: Michael Kelley
---
Document
57 matches
Mail list logo