The hv_do_rep_hypercall() will trigger a fatal fault because Hyper-V
requires that the 'ipi_arg' should point to a shared (i.e. decrypted) page.
Avoid the fatal fault by setting *this_cpu_ptr(hyperv_pcpu_input_arg) after
calling set_memory_decrypted() returns: by doing this, __send_ipi_mask_ex()
returns HV_STATUS_INVALID_PARAMETER because *this_cpu_ptr(hyperv_pcpu_input_arg)
is still NULL, and __send_ipi_mask() returns false, meaning hv_send_ipi_allbutself()
calls orig_apic.send_IPI_all(), i.e. x2apic_send_IPI_all), to send IPIs.
x2apic_send_IPI_all() doesn't depend on *this_cpu_ptr(hyperv_pcpu_input_arg.
Signed-off-by: Dexuan Cui <email address hidden>
(cherry picked from commit f1e61e384cae06a16b97c63fa2238313ad090a3c https://github.com/dcui/linux)
Signed-off-by: Tim Gardner <email address hidden>
a494aef23dfc ("PCI: hv: Replace retarget_msi_interrupt_params with hyperv_pcpu_input_arg")
2c6ba4216844 ("PCI: hv: Enable PCI pass-thru devices in Confidential VMs")
update the Hyper-V virtual PCI driver to use the hyperv_pcpu_input_arg
because that memory will be correctly marked as decrypted or encrypted
for all VM types (CoCo or normal). But problems ensue when CPUs in the
VM go online or offline after virtual PCI devices have been configured.
When a CPU is brought online, the hyperv_pcpu_input_arg for that CPU is
initialized by hv_cpu_init() running under state CPUHP_AP_ONLINE_DYN.
But this state occurs after state CPUHP_AP_IRQ_AFFINITY_ONLINE, which
may call the virtual PCI driver and fault trying to use the as yet
uninitialized hyperv_pcpu_input_arg. A similar problem occurs in a CoCo
VM if the MMIO read and write hypercalls are used from state
CPUHP_AP_IRQ_AFFINITY_ONLINE.
When a CPU is taken offline, IRQs may be reassigned in state
CPUHP_TEARDOWN_CPU. Again, the virtual PCI driver may fault trying to
use the hyperv_pcpu_input_arg that has already been freed by a
higher state.
Fix the onlining problem by adding state CPUHP_AP_HYPERV_ONLINE
immediately after CPUHP_AP_ONLINE_IDLE (similar to CPUHP_AP_KVM_ONLINE)
and before CPUHP_AP_IRQ_AFFINITY_ONLINE. Use this new state for
Hyper-V initialization so that hyperv_pcpu_input_arg is allocated
early enough.
Fix the offlining problem by not freeing hyperv_pcpu_input_arg when
a CPU goes offline. Retain the allocated memory, and reuse it if
the CPU comes back online later.
Signed-off-by: Michael Kelley <email address hidden>
Reviewed-by: Vitaly Kuznetsov <email address hidden>
Acked-by: Borislav Petkov (AMD) <email address hidden>
Reviewed-by: Dexuan Cui <email address hidden>
Link: https://<email address hidden>
Signed-off-by: Wei Liu <email address hidden>
(cherry picked from commit 9636be85cc5bdd8b7a7f6a53405cbcc52161c93c)
Signed-off-by: Dexuan Cui <email address hidden>
(cherry picked from commit f4fe22fc55bc5b72aa2fc39474043d7336e5b994 https://github.com/dcui/linux)
Signed-off-by: Tim Gardner <email address hidden>
The changes will be furher cleaned up and posted to LKML.
Tested the below scenarios and the VMs were able to boot up with 128 VPs:
1) TDX with the pavavisor.
2) TDX without the pavavisor.
3) SNP with the pavavisor.
4) VBS.
5) Regular VMs.
The alignment mask in swiotlb_do_find_slots() masks off the high
bits which are not relevant for the alignment, so multiple
requirements are combined with a bitwise OR rather than AND.
In plain English, the stricter the alignment, the more bits must
be set in iotlb_align_mask.
Confusion may arise from the fact that the same variable is also
used to mask off the offset within a swiotlb slot, which is
achieved with a bitwise AND.
Fixes: 0eee5ae10256 ("swiotlb: fix slot alignment checks")
Reported-by: Dexuan Cui <email address hidden>
Link: https://lore.kernel<email address hidden>/
Reported-by: Kelsey Steele <email address hidden>
Link: https://<email address hidden>/
Signed-off-by: Petr Tesarik <email address hidden>
Tested-by: Dexuan Cui <email address hidden>
Signed-off-by: Christoph Hellwig <email address hidden>
(cherry picked from commit bbb73a103fbbed6f63cb738d3783261c4241b4b2)
Signed-off-by: Tim Gardner <email address hidden>
Acked-by: Cengiz Can <email address hidden>
Acked-by: John Cabaj <email address hidden>
Signed-off-by: Tim Gardner <email address hidden>