Public bug reported:
SRU Justification
[Impact]
Refresh the TDX support and support DDA for a TDX VM with paravisor.
Ideally we would revert
commit b8b46adebbd8 ("UBUNTU: SAUCE: Support TDX+HCL (July 9, 2023)"), and
apply "[PATCH v7 0/8] x86/hyperv: Add AMD sev-snp enlightened guest support on
hyperv" [1]
and apply "[PATCH v3 00/10] Support TDX guests on Hyper-V (the Hyper-V specific
part)" [2]
(Note: [2] depends on [1]), but that would introduce too many changes, and
actually "AMD sev-snp enlightened guest support on hyperv" still needs some
extra patches that are not in the upstream yet, e.g. Tianyu Lan's #HV
interrupt injection patch [3] is not in the upstream yet.
So I think a better way to have [2] is to make a patch that adds the missing
part of [2] for the 6.2-based linux-azure kernel, hence I made this patch.
This patch mainly does the below two things:
a) Add commit 23378295042a ("Drivers: hv: vmbus: Bring the post_msg_page back
for TDX VMs with the paravisor") [4]
This fixes a bug in the hv_pci driver for device assignment (DDA) for a TDX
VM with the paravisor: in such a VM, the hyperv_pcpu_input_arg must be
private (i.e. encrypted), otherwise the hypercalls in hv_pci fail since the
hypercalls in such a VM is handled by the paravisor rather than by the
hypervisor.
b) Undo some hack code introduced by
commit b8b46adebbd8 ("UBUNTU: SAUCE: Support TDX+HCL (July 9, 2023)"),
e.g. in hyperv_init(), this patch moves the below code to its original place:
cpuhp_setup_state(CPUHP_AP_HYPERV_ONLINE, "x86/hyperv_init:online",
hv_cpu_init, hv_cpu_die);
With this patch, now hyperv_init() in this 6.2 linux-azure kernel is
exactly the same as the version in the mainline kernel.
References:
[1] https://lwn.net/ml/linux-kernel/ZOQMiLEdPsD+pF8q@liuwe-devbox-debian-v2/
[2] https://lwn.net/ml/linux-kernel/ZOfwSDjW0wlHozYV@liuwe-devbox-debian-v2/
[3]
https://lwn.net/ml/linux-kernel/20230515165917.1306922-3-ltyker...@gmail.com/
[4]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=23378295042a4bcaeec350733a4771678e7a1f3a
[Test Plan]
Microsoft tested.
I tested the patch for a TDX VM without and with paravisor, a VBS VM,
a SNP VM with paravisor, and a regular VM. All the VMs have 128 vCPUs
and 20 GB of memory. All worked as expected.
[Regression potential]
Azure TDX enabled VMs could misbehave.
[Other Info]
SF: #00364214
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Incomplete
** Description changed:
SRU Justification
[Impact]
Refresh the TDX support and support DDA for a TDX VM with paravisor.
Ideally we would revert
- commit b8b46adebbd8 ("UBUNTU: SAUCE: Support TDX+HCL (July 9, 2023)"), and
- apply "[PATCH v7 0/8] x86/hyperv: Add AMD sev-snp enlightened guest
support on hyperv" [1]
- and apply "[PATCH v3 00/10] Support TDX guests on Hyper-V (the Hyper-V
specific part)" [2]
- (Note: [2] depends on [1]), but that would introduce too many changes, and
- actually "AMD sev-snp enlightened guest support on hyperv" still needs
some
- extra patches that are not in the upstream yet, e.g. Tianyu Lan's #HV
- interrupt injection patch [3] is not in the upstream yet.
-
- So I think a better way to have [2] is to make a patch that adds the
missing
- part of [2] for the 6.2-based linux-azure kernel, hence I made this patch.
-
- This patch mainly does the below two things:
-
- a) Add commit 23378295042a ("Drivers: hv: vmbus: Bring the post_msg_page
back for TDX VMs with the paravisor") [4]
- This fixes a bug in the hv_pci driver for device assignment (DDA) for a
TDX
- VM with the paravisor: in such a VM, the hyperv_pcpu_input_arg must be
- private (i.e. encrypted), otherwise the hypercalls in hv_pci fail since
the
- hypercalls in such a VM is handled by the paravisor rather than by the
- hypervisor.
-
- b) Undo some hack code introduced by
- commit b8b46adebbd8 ("UBUNTU: SAUCE: Support TDX+HCL (July 9, 2023)"),
- e.g. in hyperv_init(), this patch moves the below code to its original
place:
-
- cpuhp_setup_state(CPUHP_AP_HYPERV_ONLINE, "x86/hyperv_init:online",
- hv_cpu_init, hv_cpu_die);
-
- With this patch, now hyperv_init() in this 6.2 linux-azure kernel is
- exactly the same as the version in the mainline kernel.
+ commit b8b46adebbd8 ("UBUNTU: SAUCE: Support TDX+HCL (July 9, 2023)"), and
+ apply "[PATCH v7 0/8] x86/hyperv: Add AMD sev-snp enlightened guest support
on hyperv" [1]
+ and apply "[PATCH v3 00/10] Support TDX guests on Hyper-V (the Hyper-V
specific part)" [2]
+ (Note: [2] depends on [1]), but that would introduce too many changes, and
+ actually "AMD sev-snp enlightened guest support on hyperv" still needs some
+ extra patches that are not in the upstream yet, e.g. Tianyu Lan's #HV
+ interrupt injection patch [3] is not in the upstream yet.
- References:
- [1]
https://lwn.net/ml/linux-kernel/ZOQMiLEdPsD+pF8q@liuwe-devbox-debian-v2/
- [2]
https://lwn.net/ml/linux-kernel/ZOfwSDjW0wlHozYV@liuwe-devbox-debian-v2/
- [3]
https://lwn.net/ml/linux-kernel/20230515165917.1306922-3-ltyker...@gmail.com/
- [4]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=23378295042a4bcaeec350733a4771678e7a1f3a
+ So I think a better way to have [2] is to make a patch that adds the missing
+ part of [2] for the 6.2-based linux-azure kernel, hence I made this patch.
+
+ This patch mainly does the below two things:
+
+ a) Add commit 23378295042a ("Drivers: hv: vmbus: Bring the post_msg_page back
for TDX VMs with the paravisor") [4]
+ This fixes a bug in the hv_pci driver for device assignment (DDA) for a TDX
+ VM with the paravisor: in such a VM, the hyperv_pcpu_input_arg must be
+ private (i.e. encrypted), otherwise the hypercalls in hv_pci fail since the
+ hypercalls in such a VM is handled by the paravisor rather than by the
+ hypervisor.
+
+ b) Undo some hack code introduced by
+ commit b8b46adebbd8 ("UBUNTU: SAUCE: Support TDX+HCL (July 9, 2023)"),
+ e.g. in hyperv_init(), this patch moves the below code to its original place:
+
+ cpuhp_setup_state(CPUHP_AP_HYPERV_ONLINE, "x86/hyperv_init:online",
+ hv_cpu_init, hv_cpu_die);
+
+ With this patch, now hyperv_init() in this 6.2 linux-azure kernel is
+ exactly the same as the version in the mainline kernel.
+
+ References:
+ [1] https://lwn.net/ml/linux-kernel/ZOQMiLEdPsD+pF8q@liuwe-devbox-debian-v2/
+ [2] https://lwn.net/ml/linux-kernel/ZOfwSDjW0wlHozYV@liuwe-devbox-debian-v2/
+ [3]
https://lwn.net/ml/linux-kernel/20230515165917.1306922-3-ltyker...@gmail.com/
+ [4]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=23378295042a4bcaeec350733a4771678e7a1f3a
[Test Plan]
Microsoft tested.
I tested the patch for a TDX VM without and with paravisor, a VBS VM,
a SNP VM with paravisor, and a regular VM. All the VMs have 128 vCPUs
and 20 GB of memory. All worked as expected.
[Regression potential]
Azure TDX enabled VMs could misbehave.
[Other Info]
SF: #00364214
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2040163
Title:
Azure: Update TDX support
Status in linux package in Ubuntu:
Incomplete
Bug description:
SRU Justification
[Impact]
Refresh the TDX support and support DDA for a TDX VM with paravisor.
Ideally we would revert
commit b8b46adebbd8 ("UBUNTU: SAUCE: Support TDX+HCL (July 9, 2023)"), and
apply "[PATCH v7 0/8] x86/hyperv: Add AMD sev-snp enlightened guest support
on hyperv" [1]
and apply "[PATCH v3 00/10] Support TDX guests on Hyper-V (the Hyper-V
specific part)" [2]
(Note: [2] depends on [1]), but that would introduce too many changes, and
actually "AMD sev-snp enlightened guest support on hyperv" still needs some
extra patches that are not in the upstream yet, e.g. Tianyu Lan's #HV
interrupt injection patch [3] is not in the upstream yet.
So I think a better way to have [2] is to make a patch that adds the missing
part of [2] for the 6.2-based linux-azure kernel, hence I made this patch.
This patch mainly does the below two things:
a) Add commit 23378295042a ("Drivers: hv: vmbus: Bring the post_msg_page back
for TDX VMs with the paravisor") [4]
This fixes a bug in the hv_pci driver for device assignment (DDA) for a TDX
VM with the paravisor: in such a VM, the hyperv_pcpu_input_arg must be
private (i.e. encrypted), otherwise the hypercalls in hv_pci fail since the
hypercalls in such a VM is handled by the paravisor rather than by the
hypervisor.
b) Undo some hack code introduced by
commit b8b46adebbd8 ("UBUNTU: SAUCE: Support TDX+HCL (July 9, 2023)"),
e.g. in hyperv_init(), this patch moves the below code to its original place:
cpuhp_setup_state(CPUHP_AP_HYPERV_ONLINE, "x86/hyperv_init:online",
hv_cpu_init, hv_cpu_die);
With this patch, now hyperv_init() in this 6.2 linux-azure kernel is
exactly the same as the version in the mainline kernel.
References:
[1] https://lwn.net/ml/linux-kernel/ZOQMiLEdPsD+pF8q@liuwe-devbox-debian-v2/
[2] https://lwn.net/ml/linux-kernel/ZOfwSDjW0wlHozYV@liuwe-devbox-debian-v2/
[3]
https://lwn.net/ml/linux-kernel/20230515165917.1306922-3-ltyker...@gmail.com/
[4]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=23378295042a4bcaeec350733a4771678e7a1f3a
[Test Plan]
Microsoft tested.
I tested the patch for a TDX VM without and with paravisor, a VBS VM,
a SNP VM with paravisor, and a regular VM. All the VMs have 128 vCPUs
and 20 GB of memory. All worked as expected.
[Regression potential]
Azure TDX enabled VMs could misbehave.
[Other Info]
SF: #00364214
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2040163/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
