microsoft
/
CBL-Mariner
зеркало из https://github.com/microsoft/CBL-Mariner.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Fix patch 

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
This commit is contained in:
Aurélien Bombo 2024-09-03 20:48:44 +00:00
Родитель 0f26282d6e
Коммит a78bc3ec76
1 изменённых файлов: 164 добавлений и 19 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

183
SPECS/cloud-hypervisor-cvm/microsoft-cloud-hypervisor-6695.patch
Просмотреть файл

@ -1,19 +1,157 @@
From 333d068b566b8355ed97c9964f8c13ead77c4aa5 Mon Sep 17 00:00:00 2001
From b775bc89e6d15000a92aeff89a08b1bece037879 Mon Sep 17 00:00:00 2001
From: Jinank Jain <jinankjain@microsoft.com>
Date: Mon, 22 Jul 2024 13:22:41 +0530
Subject: [PATCH 1/3] hypervisor: mshv: Clear SW_EXIT_INFO1 in case of no error
There were some scenarios where we are not clearing SW_EXIT_INFO1 to
indicate that there were no error while handling the GHCB exit.
Recently, new Linux guests got stricter with checking the value of
SW_EXIT_INFO1 after coming back from VMGEXIT and started crashing. Fix
this behavior by clearing out SW_EXIT_INFO1 in case of no error.
Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
(cherry picked from commit 330e1aac3698e15eddbe1f1627aa40e5d81ebb89)
[ liuwe: fix contextual conflicts ]
Signed-off-by: Wei Liu <liuwe@microsoft.com>
---
hypervisor/src/mshv/mod.rs | 60 +++++++++++++++++++++-----------------
1 file changed, 34 insertions(+), 26 deletions(-)
diff --git a/hypervisor/src/mshv/mod.rs b/hypervisor/src/mshv/mod.rs
index 91cad92a9..cc62c1844 100644
--- a/hypervisor/src/mshv/mod.rs
+++ b/hypervisor/src/mshv/mod.rs
@@ -918,15 +918,7 @@ impl cpu::Vcpu for MshvVcpu {
)?;
// Clear the SW_EXIT_INFO1 register to indicate no error
- let mut swei1_rw_gpa_arg =
- mshv_bindings::mshv_read_write_gpa {
- base_gpa: ghcb_gpa + GHCB_SW_EXITINFO1_OFFSET,
- byte_count: std::mem::size_of::<u64>() as u32,
- ..Default::default()
- };
- self.fd.gpa_write(&mut swei1_rw_gpa_arg).map_err(
- |e| cpu::HypervisorCpuError::GpaWrite(e.into()),
- )?;
+ self.clear_swexit_info1(ghcb_gpa)?;
}
SVM_NAE_HV_DOORBELL_PAGE_QUERY => {
let mut reg_assocs = [ hv_register_assoc {
@@ -948,6 +940,9 @@ impl cpu::Vcpu for MshvVcpu {
self.fd.gpa_write(&mut swei2_rw_gpa_arg).map_err(
|e| cpu::HypervisorCpuError::GpaWrite(e.into()),
)?;
+
+ // Clear the SW_EXIT_INFO1 register to indicate no error
+ self.clear_swexit_info1(ghcb_gpa)?;
}
SVM_NAE_HV_DOORBELL_PAGE_CLEAR => {
let mut swei2_rw_gpa_arg =
@@ -1049,14 +1044,7 @@ impl cpu::Vcpu for MshvVcpu {
}
// Clear the SW_EXIT_INFO1 register to indicate no error
- let mut swei1_rw_gpa_arg = mshv_bindings::mshv_read_write_gpa {
- base_gpa: ghcb_gpa + GHCB_SW_EXITINFO1_OFFSET,
- byte_count: std::mem::size_of::<u64>() as u32,
- ..Default::default()
- };
- self.fd
- .gpa_write(&mut swei1_rw_gpa_arg)
- .map_err(|e| cpu::HypervisorCpuError::GpaWrite(e.into()))?;
+ self.clear_swexit_info1(ghcb_gpa)?;
}
SVM_EXITCODE_MMIO_READ => {
let src_gpa =
@@ -1085,6 +1073,9 @@ impl cpu::Vcpu for MshvVcpu {
self.fd
.gpa_write(&mut arg)
.map_err(|e| cpu::HypervisorCpuError::GpaWrite(e.into()))?;
+
+ // Clear the SW_EXIT_INFO1 register to indicate no error
+ self.clear_swexit_info1(ghcb_gpa)?;
}
SVM_EXITCODE_MMIO_WRITE => {
let dst_gpa =
@@ -1113,6 +1104,9 @@ impl cpu::Vcpu for MshvVcpu {
cpu::HypervisorCpuError::RunVcpu(e.into())
})?;
}
+
+ // Clear the SW_EXIT_INFO1 register to indicate no error
+ self.clear_swexit_info1(ghcb_gpa)?;
}
SVM_EXITCODE_SNP_GUEST_REQUEST => {
let req_gpa =
@@ -1158,15 +1152,8 @@ impl cpu::Vcpu for MshvVcpu {
.sev_snp_ap_create(&mshv_ap_create_req)
.map_err(|e| cpu::HypervisorCpuError::RunVcpu(e.into()))?;
- let mut swei2_rw_gpa_arg = mshv_bindings::mshv_read_write_gpa {
- base_gpa: ghcb_gpa + GHCB_SW_EXITINFO1_OFFSET,
- byte_count: std::mem::size_of::<u64>() as u32,
- ..Default::default()
- };
-
- self.fd
- .gpa_write(&mut swei2_rw_gpa_arg)
- .map_err(|e| cpu::HypervisorCpuError::GpaWrite(e.into()))?;
+ // Clear the SW_EXIT_INFO1 register to indicate no error
+ self.clear_swexit_info1(ghcb_gpa)?;
}
_ => panic!(
"GHCB_INFO_NORMAL: Unhandled exit code: {:0x}",
@@ -1482,6 +1469,27 @@ impl MshvVcpu {
.set_vcpu_events(events)
.map_err(|e| cpu::HypervisorCpuError::SetVcpuEvents(e.into()))
}
+
+ ///
+ /// Clear SW_EXIT_INFO1 register for SEV-SNP guests.
+ ///
+ #[cfg(feature = "sev_snp")]
+ fn clear_swexit_info1(
+ &self,
+ ghcb_gpa: u64,
+ ) -> std::result::Result<cpu::VmExit, cpu::HypervisorCpuError> {
+ // Clear the SW_EXIT_INFO1 register to indicate no error
+ let mut swei1_rw_gpa_arg = mshv_bindings::mshv_read_write_gpa {
+ base_gpa: ghcb_gpa + GHCB_SW_EXITINFO1_OFFSET,
+ byte_count: std::mem::size_of::<u64>() as u32,
+ ..Default::default()
+ };
+ self.fd
+ .gpa_write(&mut swei1_rw_gpa_arg)
+ .map_err(|e| cpu::HypervisorCpuError::GpaWrite(e.into()))?;
+
+ Ok(cpu::VmExit::Ignore)
+ }
}
struct MshvEmulatorContext<'a> {
--
2.34.1
From 054319b212fca0d0212a3a243e386edfb3b4f58f Mon Sep 17 00:00:00 2001
From: Tom Dohrmann <erbse.13@gmx.de>
Date: Wed, 28 Aug 2024 09:07:41 +0200
Subject: [PATCH 1/2] hypervisor: mshv: add helpers for reading and writing
Subject: [PATCH 2/3] hypervisor: mshv: add helpers for reading and writing
guest memory
Signed-off-by: Tom Dohrmann <erbse.13@gmx.de>
(cherry picked from commit 486c61da5e21da7e35b41c0cc104226944ea2f61)
Signed-off-by: Wei Liu <liuwe@microsoft.com>
---
hypervisor/src/mshv/mod.rs | 197 +++++++++++++++----------------------
1 file changed, 80 insertions(+), 117 deletions(-)
diff --git a/hypervisor/src/mshv/mod.rs b/hypervisor/src/mshv/mod.rs
index 5d23492fc9..cc217c69dd 100644
index cc62c1844..67690704d 100644
--- a/hypervisor/src/mshv/mod.rs
+++ b/hypervisor/src/mshv/mod.rs
@@ -904,17 +904,9 @@ impl cpu::Vcpu for MshvVcpu {
@@ -867,17 +867,9 @@ impl cpu::Vcpu for MshvVcpu {
SVM_NAE_HV_DOORBELL_PAGE_GET_PREFERRED => {
// Hypervisor does not have any preference for doorbell GPA.
let preferred_doorbell_gpa: u64 = 0xFFFFFFFFFFFFFFFF;
@ -33,7 +171,7 @@ index 5d23492fc9..cc217c69dd 100644
)?;
}
SVM_NAE_HV_DOORBELL_PAGE_SET => {
@@ -942,16 +934,9 @@ impl cpu::Vcpu for MshvVcpu {
@@ -905,16 +897,9 @@ impl cpu::Vcpu for MshvVcpu {
cpu::HypervisorCpuError::SetRegister(e.into())
})?;
@ -53,7 +191,7 @@ index 5d23492fc9..cc217c69dd 100644
)?;
// Clear the SW_EXIT_INFO1 register to indicate no error
@@ -965,31 +950,19 @@ impl cpu::Vcpu for MshvVcpu {
@@ -928,31 +913,19 @@ impl cpu::Vcpu for MshvVcpu {
self.fd.get_reg(&mut reg_assocs).unwrap();
// SAFETY: Accessing a union element from bindgen generated bindings.
let doorbell_gpa = unsafe { reg_assocs[0].value.reg64 };
@ -92,7 +230,7 @@ index 5d23492fc9..cc217c69dd 100644
)?;
}
_ => {
@@ -1007,16 +980,10 @@ impl cpu::Vcpu for MshvVcpu {
@@ -970,16 +943,10 @@ impl cpu::Vcpu for MshvVcpu {
// 0x6 means `The NAE event was not valid`
// Reference: GHCB Spec, page 42
let value: u64 = 0x6;
@ -113,7 +251,7 @@ index 5d23492fc9..cc217c69dd 100644
}
SVM_EXITCODE_IOIO_PROT => {
let exit_info1 =
@@ -1042,42 +1009,26 @@ impl cpu::Vcpu for MshvVcpu {
@@ -1005,42 +972,26 @@ impl cpu::Vcpu for MshvVcpu {
let is_write =
// SAFETY: Accessing a union element from bindgen generated bindings.
unsafe { port_info.__bindgen_anon_1.access_type() == 0 };
@ -164,7 +302,7 @@ index 5d23492fc9..cc217c69dd 100644
}
// Clear the SW_EXIT_INFO1 register to indicate no error
@@ -1095,21 +1046,12 @@ impl cpu::Vcpu for MshvVcpu {
@@ -1058,21 +1009,12 @@ impl cpu::Vcpu for MshvVcpu {
let mut data: Vec<u8> = vec![0; data_len];
if let Some(vm_ops) = &self.vm_ops {
@ -191,7 +329,7 @@ index 5d23492fc9..cc217c69dd 100644
// Clear the SW_EXIT_INFO1 register to indicate no error
self.clear_swexit_info1(ghcb_gpa)?;
@@ -1123,23 +1065,14 @@ impl cpu::Vcpu for MshvVcpu {
@@ -1086,23 +1028,14 @@ impl cpu::Vcpu for MshvVcpu {
as usize;
// Sanity check to make sure data len is within supported range.
assert!(data_len <= 0x8);
@ -220,7 +358,7 @@ index 5d23492fc9..cc217c69dd 100644
}
// Clear the SW_EXIT_INFO1 register to indicate no error
@@ -1162,14 +1095,7 @@ impl cpu::Vcpu for MshvVcpu {
@@ -1125,14 +1058,7 @@ impl cpu::Vcpu for MshvVcpu {
req_gpa, rsp_gpa
);
@ -236,7 +374,7 @@ index 5d23492fc9..cc217c69dd 100644
}
SVM_EXITCODE_SNP_AP_CREATION => {
let vmsa_gpa =
@@ -1573,17 +1499,54 @@ impl MshvVcpu {
@@ -1479,17 +1405,54 @@ impl MshvVcpu {
ghcb_gpa: u64,
) -> std::result::Result<cpu::VmExit, cpu::HypervisorCpuError> {
// Clear the SW_EXIT_INFO1 register to indicate no error
@ -298,12 +436,15 @@ index 5d23492fc9..cc217c69dd 100644
+ }
}
/// Wrapper over Mshv VM ioctls.
struct MshvEmulatorContext<'a> {
--
2.34.1
From f2ee162ed05980d0a3e5aa2c5bc439c2cd1b46e7 Mon Sep 17 00:00:00 2001
From e82fe7585376cb8579d1cca208609f5507fde615 Mon Sep 17 00:00:00 2001
From: Tom Dohrmann <erbse.13@gmx.de>
Date: Mon, 26 Aug 2024 11:14:34 +0200
Subject: [PATCH 2/2] hypervisor: mshv: implement extended guest requests with
Subject: [PATCH 3/3] hypervisor: mshv: implement extended guest requests with
empty certs
Previously we didn't handle extended guest requests at all and always
@ -313,16 +454,18 @@ normal requests and write zeros to the extended area to signal to the
guest that we don't want to supply any additional certificate data.
Signed-off-by: Tom Dohrmann <erbse.13@gmx.de>
(cherry picked from commit 8fd0310db9b816c5f3dae2cf5e714359e96478a9)
Signed-off-by: Wei Liu <liuwe@microsoft.com>
---
hypervisor/src/mshv/mod.rs | 33 +++++++++++++++++-----------
hypervisor/src/mshv/snp_constants.rs | 1 +
2 files changed, 21 insertions(+), 13 deletions(-)
diff --git a/hypervisor/src/mshv/mod.rs b/hypervisor/src/mshv/mod.rs
index cc217c69dd..692b99febe 100644
index 67690704d..afe17694d 100644
--- a/hypervisor/src/mshv/mod.rs
+++ b/hypervisor/src/mshv/mod.rs
@@ -973,18 +973,6 @@ impl cpu::Vcpu for MshvVcpu {
@@ -936,18 +936,6 @@ impl cpu::Vcpu for MshvVcpu {
}
}
}
@ -341,7 +484,7 @@ index cc217c69dd..692b99febe 100644
SVM_EXITCODE_IOIO_PROT => {
let exit_info1 =
info.__bindgen_anon_2.__bindgen_anon_1.sw_exit_info1 as u32;
@@ -1078,7 +1066,26 @@ impl cpu::Vcpu for MshvVcpu {
@@ -1041,7 +1029,26 @@ impl cpu::Vcpu for MshvVcpu {
// Clear the SW_EXIT_INFO1 register to indicate no error
self.clear_swexit_info1(ghcb_gpa)?;
}
@ -370,7 +513,7 @@ index cc217c69dd..692b99febe 100644
info.__bindgen_anon_2.__bindgen_anon_1.sw_exit_info1;
let rsp_gpa =
diff --git a/hypervisor/src/mshv/snp_constants.rs b/hypervisor/src/mshv/snp_constants.rs
index 307326dddd..69b123647a 100644
index 307326ddd..69b123647 100644
--- a/hypervisor/src/mshv/snp_constants.rs
+++ b/hypervisor/src/mshv/snp_constants.rs
@@ -20,5 +20,6 @@ pub const ECDSA_SIG_Y_COMPONENT_END: usize =
@ -380,3 +523,5 @@ index 307326dddd..69b123647a 100644
+pub const GHCB_RBX_OFFSET: u64 = 0x0318;
pub const GHCB_SW_EXITINFO1_OFFSET: u64 = 0x398;
pub const GHCB_SW_EXITINFO2_OFFSET: u64 = 0x3A0;
--
2.34.1