forked from huangbibo/kernel
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'linux-6.6.y' into linux-6.6-y-rolling-lts-stable
- Loading branch information
Showing
19 changed files
with
335 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
.. SPDX-License-Identifier: GPL-2.0 | ||
=========================== | ||
HYGON Secure Virtualization | ||
=========================== | ||
|
||
China Secure Virtualization (CSV) is a key virtualization feature on Hygon | ||
processors. | ||
|
||
The 1st generation of CSV (CSV for short) is a secure virtualization technology | ||
to provide memory encryption for the virtual machine (VM), each VM's memory is | ||
encrypted by its unique encryption key which is managed by secure processor. | ||
|
||
The 2nd generation of CSV (CSV2 for short) provides security enhancement to CSV | ||
by encrypting not only the VM's memory but also the vCPU's registers of the VM. | ||
|
||
The 3rd generation of CSV (CSV3 for short) is a more advanced secure | ||
virtualization technology, it integrates secure processor, memory encryption and | ||
memory isolation to provide the ability to protect guest's private data. The CSV3 | ||
guest's context like CPU registers, control block and nested page table is accessed | ||
only by the guest itself and the secure processor. Neither other guests nor the | ||
host can tamper with the guest's context. | ||
|
||
The secure processor is a separate processor inside Hygon hardware. The firmware | ||
running inside the secure processor performs activities in a secure way, such as | ||
OVMF encryption, VM launch, secure memory management and nested page table | ||
management etc. For more information, please see CSV spec and CSV3 spec from Hygon. | ||
|
||
A CSV guest is running in the memory that is encrypted with a dedicated encrypt | ||
key which is set by the secure processor. And CSV guest's memory encrypt key is | ||
unique from the others. A low latency crypto engine resides on Hygon hardware | ||
to minimize the negative effect on memory bandwidth. In CSV guest, a guest private | ||
page will be automatically decrypted when read from memory and encrypted when | ||
written to memory. | ||
|
||
CSV3 provides an enhancement technology named memory isolation to improve the | ||
security. A dedicated memory isolation hardware is built in Hygon hardware. Only | ||
the secure processor has privilege to configure the isolation hardware. The VMM | ||
allocates CMA memory and transfers them to secure processor. The secure processor | ||
maps the memory to secure nested page table and manages them as guest's private | ||
memory. Any memory access (read or write) to CSV3 guest's private memory outside | ||
the guest will be blocked by isolation hardware. | ||
|
||
A CSV3 guest may declare some memory regions as shared to share data with the | ||
host. When a page is set as shared, read/write on the page will bypass the | ||
isolation hardware and the guest's shared memory can be accessed by the host. A | ||
method named CSV3 secure call command is designed and CSV3 guest sends the secure | ||
call command to the secure processor to change private memory to shared memory. | ||
In the method, 2 dedicated pages are reserved at early stage of the guest. Any | ||
read/write on the dedicated pages will trigger nested page fault. When NPF | ||
happens, the host helps to issue an external command to the secure processor but | ||
cannot tamper with the data in the guest's private memory. Then the secure | ||
processor checks the fault address and handles the command if the address is | ||
exactly the dedicated pages. | ||
|
||
Support for CSV can be determined through the CPUID instruction. The CPUID | ||
function 0x8000001f reports information to CSV:: | ||
|
||
0x8000001f[eax]: | ||
Bit[1] indicates support for CSV | ||
Bit[3] indicates support for CSV2 | ||
Bit[30] indicates support for CSV3 | ||
|
||
If CSV is support, MSR 0xc0010131 can be used to determine if CSV is active:: | ||
|
||
0xc0010131: | ||
Bit[0] 0 = CSV is not active | ||
1 = CSV is active | ||
Bit[1] 0 = CSV2 is not active | ||
1 = CSV2 is active | ||
Bit[30] 0 = CSV3 is not active | ||
1 = CSV3 is active | ||
|
||
All CSV/CSV2's configurations must be enabled in CSV3. Linux can activate CSV3 by | ||
default (CONFIG_HYGON_CSV=y, CONFIG_CMA=y). CSV3 guest's memory is managed by | ||
CMA (Contiguous Memory Allocation). User must specify CSV3 total secure memory on | ||
the linux kernel command line with csv_mem_size or csv_mem_percentage:: | ||
|
||
csv_mem_size=nn[MG] | ||
[KNL,CSV] | ||
Reserve specified CSV3 memory size in CMA. CSV3's memory will be | ||
allocated from these CMAs. | ||
For instance, csv_mem_size=40G, 40G memory is reserved for CSV3. | ||
|
||
csv_mem_percentage=nn | ||
[KNL,CSV] | ||
Reserve specified memory size which is prorated according to the | ||
whole system memory size. CSV3 guest's memory will be allocated | ||
from these CMAs. | ||
For instance, csv_mem_percentage=60, means 60% system memory is | ||
reserved for CSV3. | ||
The maximum percentage is 80. And the default percentage is 0. | ||
|
||
Limitations | ||
The reserved CSV3 memory within CMA cannot be used by kernel or any application that | ||
may pin memory using long term gup during the application's life time. | ||
For instance, if the whole system memory is 64G and 32G is reserved for CSV3 with | ||
kernel command line csv_mem_percentage=50, only 32G memory is available for CSV/CSV2. | ||
As a result, user will fail to run a CSV/CSV2 guest with memory size which exceeds | ||
32G. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
/* SPDX-License-Identifier: GPL-2.0 */ | ||
/* | ||
* The helpers to support Hygon CPU specific code path. | ||
* | ||
* Copyright (C) 2024 Hygon Info Technologies Ltd. | ||
* | ||
* Author: Liyang Han <[email protected]> | ||
*/ | ||
|
||
#ifndef _ASM_X86_PROCESSOR_HYGON_H | ||
#define _ASM_X86_PROCESSOR_HYGON_H | ||
|
||
#include <asm/processor.h> | ||
|
||
/* | ||
* helper to determine HYGON CPU | ||
*/ | ||
static inline bool is_x86_vendor_hygon(void) | ||
{ | ||
return boot_cpu_data.x86_vendor == X86_VENDOR_HYGON; | ||
} | ||
|
||
#endif /* _ASM_X86_PROCESSOR_HYGON_H */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.