+++ /dev/null
-From 8c7f822d930cf4aec45b8794cc68dbae34651849 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Wed, 8 Oct 2025 16:34:15 -0700
-Subject: Drivers: hv: Allocate encrypted buffers when requested
-
-From: Roman Kisel <romank@linux.microsoft.com>
-
-[ Upstream commit 0a4534bdf29a5b7f5a355c267d28dad9c40ba252 ]
-
-Confidential VMBus is built around using buffers not shared with
-the host.
-
-Support allocating encrypted buffers when requested.
-
-Signed-off-by: Roman Kisel <romank@linux.microsoft.com>
-Reviewed-by: Tianyu Lan <tiala@microsoft.com>
-Reviewed-by: Michael Kelley <mhklinux@outlook.com>
-Signed-off-by: Wei Liu <wei.liu@kernel.org>
-Stable-dep-of: 510164539f16 ("Drivers: hv: Free msginfo when the buffer fails to decrypt")
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- drivers/hv/channel.c | 49 +++++++++++++++++++++++----------------
- drivers/hv/hyperv_vmbus.h | 3 ++-
- drivers/hv/ring_buffer.c | 5 ++--
- 3 files changed, 34 insertions(+), 23 deletions(-)
-
-diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
-index 7c7c66e0dc3f2..1621b95263a5b 100644
---- a/drivers/hv/channel.c
-+++ b/drivers/hv/channel.c
-@@ -444,20 +444,23 @@ static int __vmbus_establish_gpadl(struct vmbus_channel *channel,
- return ret;
- }
-
-- /*
-- * Set the "decrypted" flag to true for the set_memory_decrypted()
-- * success case. In the failure case, the encryption state of the
-- * memory is unknown. Leave "decrypted" as true to ensure the
-- * memory will be leaked instead of going back on the free list.
-- */
-- gpadl->decrypted = true;
-- ret = set_memory_decrypted((unsigned long)kbuffer,
-- PFN_UP(size));
-- if (ret) {
-- dev_warn(&channel->device_obj->device,
-- "Failed to set host visibility for new GPADL %d.\n",
-- ret);
-- return ret;
-+ gpadl->decrypted = !((channel->co_external_memory && type == HV_GPADL_BUFFER) ||
-+ (channel->co_ring_buffer && type == HV_GPADL_RING));
-+ if (gpadl->decrypted) {
-+ /*
-+ * The "decrypted" flag being true assumes that set_memory_decrypted() succeeds.
-+ * But if it fails, the encryption state of the memory is unknown. In that case,
-+ * leave "decrypted" as true to ensure the memory is leaked instead of going back
-+ * on the free list.
-+ */
-+ ret = set_memory_decrypted((unsigned long)kbuffer,
-+ PFN_UP(size));
-+ if (ret) {
-+ dev_warn(&channel->device_obj->device,
-+ "Failed to set host visibility for new GPADL %d.\n",
-+ ret);
-+ return ret;
-+ }
- }
-
- init_completion(&msginfo->waitevent);
-@@ -545,8 +548,10 @@ static int __vmbus_establish_gpadl(struct vmbus_channel *channel,
- * left as true so the memory is leaked instead of being
- * put back on the free list.
- */
-- if (!set_memory_encrypted((unsigned long)kbuffer, PFN_UP(size)))
-- gpadl->decrypted = false;
-+ if (gpadl->decrypted) {
-+ if (!set_memory_encrypted((unsigned long)kbuffer, PFN_UP(size)))
-+ gpadl->decrypted = false;
-+ }
- }
-
- return ret;
-@@ -677,12 +682,13 @@ static int __vmbus_open(struct vmbus_channel *newchannel,
- goto error_clean_ring;
-
- err = hv_ringbuffer_init(&newchannel->outbound,
-- page, send_pages, 0);
-+ page, send_pages, 0, newchannel->co_ring_buffer);
- if (err)
- goto error_free_gpadl;
-
- err = hv_ringbuffer_init(&newchannel->inbound, &page[send_pages],
-- recv_pages, newchannel->max_pkt_size);
-+ recv_pages, newchannel->max_pkt_size,
-+ newchannel->co_ring_buffer);
- if (err)
- goto error_free_gpadl;
-
-@@ -863,8 +869,11 @@ int vmbus_teardown_gpadl(struct vmbus_channel *channel, struct vmbus_gpadl *gpad
-
- kfree(info);
-
-- ret = set_memory_encrypted((unsigned long)gpadl->buffer,
-- PFN_UP(gpadl->size));
-+ if (gpadl->decrypted)
-+ ret = set_memory_encrypted((unsigned long)gpadl->buffer,
-+ PFN_UP(gpadl->size));
-+ else
-+ ret = 0;
- if (ret)
- pr_warn("Fail to set mem host visibility in GPADL teardown %d.\n", ret);
-
-diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h
-index 4a01797d48513..0d969f77388ef 100644
---- a/drivers/hv/hyperv_vmbus.h
-+++ b/drivers/hv/hyperv_vmbus.h
-@@ -182,7 +182,8 @@ extern int hv_synic_cleanup(unsigned int cpu);
- void hv_ringbuffer_pre_init(struct vmbus_channel *channel);
-
- int hv_ringbuffer_init(struct hv_ring_buffer_info *ring_info,
-- struct page *pages, u32 pagecnt, u32 max_pkt_size);
-+ struct page *pages, u32 pagecnt, u32 max_pkt_size,
-+ bool confidential);
-
- void hv_ringbuffer_cleanup(struct hv_ring_buffer_info *ring_info);
-
-diff --git a/drivers/hv/ring_buffer.c b/drivers/hv/ring_buffer.c
-index 23ce1fb70de14..3c421a7f78c00 100644
---- a/drivers/hv/ring_buffer.c
-+++ b/drivers/hv/ring_buffer.c
-@@ -184,7 +184,8 @@ void hv_ringbuffer_pre_init(struct vmbus_channel *channel)
-
- /* Initialize the ring buffer. */
- int hv_ringbuffer_init(struct hv_ring_buffer_info *ring_info,
-- struct page *pages, u32 page_cnt, u32 max_pkt_size)
-+ struct page *pages, u32 page_cnt, u32 max_pkt_size,
-+ bool confidential)
- {
- struct page **pages_wraparound;
- int i;
-@@ -208,7 +209,7 @@ int hv_ringbuffer_init(struct hv_ring_buffer_info *ring_info,
-
- ring_info->ring_buffer = (struct hv_ring_buffer *)
- vmap(pages_wraparound, page_cnt * 2 - 1, VM_MAP,
-- pgprot_decrypted(PAGE_KERNEL));
-+ confidential ? PAGE_KERNEL : pgprot_decrypted(PAGE_KERNEL));
-
- kfree(pages_wraparound);
- if (!ring_info->ring_buffer)
---
-2.51.0
-
+++ /dev/null
-From 21dda4b283c12e9f17f26add62621b9646e7c4b3 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Wed, 8 Oct 2025 16:34:16 -0700
-Subject: Drivers: hv: Free msginfo when the buffer fails to decrypt
-
-From: Roman Kisel <romank@linux.microsoft.com>
-
-[ Upstream commit 510164539f16062e842a9de762616b5008616fa1 ]
-
-The early failure path in __vmbus_establish_gpadl() doesn't deallocate
-msginfo if the buffer fails to decrypt.
-
-Fix the leak by breaking out the cleanup code into a separate function
-and calling it where required.
-
-Fixes: d4dccf353db80 ("Drivers: hv: vmbus: Mark vmbus ring buffer visible to host in Isolation VM")
-Reported-by: Michael Kelley <mkhlinux@outlook.com>
-Closes: https://lore.kernel.org/linux-hyperv/SN6PR02MB41573796F9787F67E0E97049D472A@SN6PR02MB4157.namprd02.prod.outlook.com
-Signed-off-by: Roman Kisel <romank@linux.microsoft.com>
-Reviewed-by: Michael Kelley <mhklinux@outlook.com>
-Signed-off-by: Wei Liu <wei.liu@kernel.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- drivers/hv/channel.c | 24 ++++++++++++++++++------
- 1 file changed, 18 insertions(+), 6 deletions(-)
-
-diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
-index 1621b95263a5b..70270202209b6 100644
---- a/drivers/hv/channel.c
-+++ b/drivers/hv/channel.c
-@@ -410,6 +410,21 @@ static int create_gpadl_header(enum hv_gpadl_type type, void *kbuffer,
- return 0;
- }
-
-+static void vmbus_free_channel_msginfo(struct vmbus_channel_msginfo *msginfo)
-+{
-+ struct vmbus_channel_msginfo *submsginfo, *tmp;
-+
-+ if (!msginfo)
-+ return;
-+
-+ list_for_each_entry_safe(submsginfo, tmp, &msginfo->submsglist,
-+ msglistentry) {
-+ kfree(submsginfo);
-+ }
-+
-+ kfree(msginfo);
-+}
-+
- /*
- * __vmbus_establish_gpadl - Establish a GPADL for a buffer or ringbuffer
- *
-@@ -429,7 +444,7 @@ static int __vmbus_establish_gpadl(struct vmbus_channel *channel,
- struct vmbus_channel_gpadl_header *gpadlmsg;
- struct vmbus_channel_gpadl_body *gpadl_body;
- struct vmbus_channel_msginfo *msginfo = NULL;
-- struct vmbus_channel_msginfo *submsginfo, *tmp;
-+ struct vmbus_channel_msginfo *submsginfo;
- struct list_head *curr;
- u32 next_gpadl_handle;
- unsigned long flags;
-@@ -459,6 +474,7 @@ static int __vmbus_establish_gpadl(struct vmbus_channel *channel,
- dev_warn(&channel->device_obj->device,
- "Failed to set host visibility for new GPADL %d.\n",
- ret);
-+ vmbus_free_channel_msginfo(msginfo);
- return ret;
- }
- }
-@@ -535,12 +551,8 @@ static int __vmbus_establish_gpadl(struct vmbus_channel *channel,
- spin_lock_irqsave(&vmbus_connection.channelmsg_lock, flags);
- list_del(&msginfo->msglistentry);
- spin_unlock_irqrestore(&vmbus_connection.channelmsg_lock, flags);
-- list_for_each_entry_safe(submsginfo, tmp, &msginfo->submsglist,
-- msglistentry) {
-- kfree(submsginfo);
-- }
-
-- kfree(msginfo);
-+ vmbus_free_channel_msginfo(msginfo);
-
- if (ret) {
- /*
---
-2.51.0
-
+++ /dev/null
-From 3e405c5c587eb43d8daec137bc7efff2027d38a2 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Wed, 8 Oct 2025 16:34:04 -0700
-Subject: Drivers: hv: VMBus protocol version 6.0
-
-From: Roman Kisel <romank@linux.microsoft.com>
-
-[ Upstream commit 6802d8af47d1dccd9a74a1f708fb9129244ef843 ]
-
-The confidential VMBus is supported starting from the protocol
-version 6.0 onwards.
-
-Provide the required definitions. No functional changes.
-
-Signed-off-by: Roman Kisel <romank@linux.microsoft.com>
-Reviewed-by: Alok Tiwari <alok.a.tiwari@oracle.com>
-Reviewed-by: Michael Kelley <mhklinux@outlook.com>
-Signed-off-by: Wei Liu <wei.liu@kernel.org>
-Stable-dep-of: 510164539f16 ("Drivers: hv: Free msginfo when the buffer fails to decrypt")
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- drivers/hv/hyperv_vmbus.h | 2 ++
- drivers/hv/vmbus_drv.c | 12 +++++++
- include/hyperv/hvgdk_mini.h | 1 +
- include/linux/hyperv.h | 69 +++++++++++++++++++++++++++----------
- 4 files changed, 65 insertions(+), 19 deletions(-)
-
-diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h
-index 0b450e53161e5..4a01797d48513 100644
---- a/drivers/hv/hyperv_vmbus.h
-+++ b/drivers/hv/hyperv_vmbus.h
-@@ -333,6 +333,8 @@ extern const struct vmbus_channel_message_table_entry
-
- /* General vmbus interface */
-
-+bool vmbus_is_confidential(void);
-+
- struct hv_device *vmbus_device_create(const guid_t *type,
- const guid_t *instance,
- struct vmbus_channel *channel);
-diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c
-index 2ed5a1e89d694..c2f913b9aad58 100644
---- a/drivers/hv/vmbus_drv.c
-+++ b/drivers/hv/vmbus_drv.c
-@@ -56,6 +56,18 @@ static long __percpu *vmbus_evt;
- int vmbus_irq;
- int vmbus_interrupt;
-
-+/*
-+ * If the Confidential VMBus is used, the data on the "wire" is not
-+ * visible to either the host or the hypervisor.
-+ */
-+static bool is_confidential;
-+
-+bool vmbus_is_confidential(void)
-+{
-+ return is_confidential;
-+}
-+EXPORT_SYMBOL_GPL(vmbus_is_confidential);
-+
- /*
- * The panic notifier below is responsible solely for unloading the
- * vmbus connection, which is necessary in a panic event.
-diff --git a/include/hyperv/hvgdk_mini.h b/include/hyperv/hvgdk_mini.h
-index 1be7f6a023046..981a687bdc7eb 100644
---- a/include/hyperv/hvgdk_mini.h
-+++ b/include/hyperv/hvgdk_mini.h
-@@ -260,6 +260,7 @@ union hv_hypervisor_version_info {
- #define HYPERV_CPUID_VIRT_STACK_PROPERTIES 0x40000082
- /* Support for the extended IOAPIC RTE format */
- #define HYPERV_VS_PROPERTIES_EAX_EXTENDED_IOAPIC_RTE BIT(2)
-+#define HYPERV_VS_PROPERTIES_EAX_CONFIDENTIAL_VMBUS_AVAILABLE BIT(3)
-
- #define HYPERV_HYPERVISOR_PRESENT_BIT 0x80000000
- #define HYPERV_CPUID_MIN 0x40000005
-diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h
-index a59c5c3e95fb8..a1820fabbfc0c 100644
---- a/include/linux/hyperv.h
-+++ b/include/linux/hyperv.h
-@@ -265,16 +265,18 @@ static inline u32 hv_get_avail_to_write_percent(
- * Linux kernel.
- */
-
--#define VERSION_WS2008 ((0 << 16) | (13))
--#define VERSION_WIN7 ((1 << 16) | (1))
--#define VERSION_WIN8 ((2 << 16) | (4))
--#define VERSION_WIN8_1 ((3 << 16) | (0))
--#define VERSION_WIN10 ((4 << 16) | (0))
--#define VERSION_WIN10_V4_1 ((4 << 16) | (1))
--#define VERSION_WIN10_V5 ((5 << 16) | (0))
--#define VERSION_WIN10_V5_1 ((5 << 16) | (1))
--#define VERSION_WIN10_V5_2 ((5 << 16) | (2))
--#define VERSION_WIN10_V5_3 ((5 << 16) | (3))
-+#define VMBUS_MAKE_VERSION(MAJ, MIN) ((((u32)MAJ) << 16) | (MIN))
-+#define VERSION_WS2008 VMBUS_MAKE_VERSION(0, 13)
-+#define VERSION_WIN7 VMBUS_MAKE_VERSION(1, 1)
-+#define VERSION_WIN8 VMBUS_MAKE_VERSION(2, 4)
-+#define VERSION_WIN8_1 VMBUS_MAKE_VERSION(3, 0)
-+#define VERSION_WIN10 VMBUS_MAKE_VERSION(4, 0)
-+#define VERSION_WIN10_V4_1 VMBUS_MAKE_VERSION(4, 1)
-+#define VERSION_WIN10_V5 VMBUS_MAKE_VERSION(5, 0)
-+#define VERSION_WIN10_V5_1 VMBUS_MAKE_VERSION(5, 1)
-+#define VERSION_WIN10_V5_2 VMBUS_MAKE_VERSION(5, 2)
-+#define VERSION_WIN10_V5_3 VMBUS_MAKE_VERSION(5, 3)
-+#define VERSION_WIN10_V6_0 VMBUS_MAKE_VERSION(6, 0)
-
- /* Make maximum size of pipe payload of 16K */
- #define MAX_PIPE_DATA_PAYLOAD (sizeof(u8) * 16384)
-@@ -335,14 +337,22 @@ struct vmbus_channel_offer {
- } __packed;
-
- /* Server Flags */
--#define VMBUS_CHANNEL_ENUMERATE_DEVICE_INTERFACE 1
--#define VMBUS_CHANNEL_SERVER_SUPPORTS_TRANSFER_PAGES 2
--#define VMBUS_CHANNEL_SERVER_SUPPORTS_GPADLS 4
--#define VMBUS_CHANNEL_NAMED_PIPE_MODE 0x10
--#define VMBUS_CHANNEL_LOOPBACK_OFFER 0x100
--#define VMBUS_CHANNEL_PARENT_OFFER 0x200
--#define VMBUS_CHANNEL_REQUEST_MONITORED_NOTIFICATION 0x400
--#define VMBUS_CHANNEL_TLNPI_PROVIDER_OFFER 0x2000
-+#define VMBUS_CHANNEL_ENUMERATE_DEVICE_INTERFACE 0x0001
-+/*
-+ * This flag indicates that the channel is offered by the paravisor, and must
-+ * use encrypted memory for the channel ring buffer.
-+ */
-+#define VMBUS_CHANNEL_CONFIDENTIAL_RING_BUFFER 0x0002
-+/*
-+ * This flag indicates that the channel is offered by the paravisor, and must
-+ * use encrypted memory for GPA direct packets and additional GPADLs.
-+ */
-+#define VMBUS_CHANNEL_CONFIDENTIAL_EXTERNAL_MEMORY 0x0004
-+#define VMBUS_CHANNEL_NAMED_PIPE_MODE 0x0010
-+#define VMBUS_CHANNEL_LOOPBACK_OFFER 0x0100
-+#define VMBUS_CHANNEL_PARENT_OFFER 0x0200
-+#define VMBUS_CHANNEL_REQUEST_MONITORED_NOTIFICATION 0x0400
-+#define VMBUS_CHANNEL_TLNPI_PROVIDER_OFFER 0x2000
-
- struct vmpacket_descriptor {
- u16 type;
-@@ -621,6 +631,12 @@ struct vmbus_channel_relid_released {
- u32 child_relid;
- } __packed;
-
-+/*
-+ * Used by the paravisor only, means that the encrypted ring buffers and
-+ * the encrypted external memory are supported
-+ */
-+#define VMBUS_FEATURE_FLAG_CONFIDENTIAL_CHANNELS 0x10
-+
- struct vmbus_channel_initiate_contact {
- struct vmbus_channel_message_header header;
- u32 vmbus_version_requested;
-@@ -630,7 +646,8 @@ struct vmbus_channel_initiate_contact {
- struct {
- u8 msg_sint;
- u8 msg_vtl;
-- u8 reserved[6];
-+ u8 reserved[2];
-+ u32 feature_flags; /* VMBus version 6.0 */
- };
- };
- u64 monitor_page1;
-@@ -1008,6 +1025,10 @@ struct vmbus_channel {
-
- /* boolean to control visibility of sysfs for ring buffer */
- bool ring_sysfs_visible;
-+ /* The ring buffer is encrypted */
-+ bool co_ring_buffer;
-+ /* The external memory is encrypted */
-+ bool co_external_memory;
- };
-
- #define lock_requestor(channel, flags) \
-@@ -1032,6 +1053,16 @@ u64 vmbus_request_addr_match(struct vmbus_channel *channel, u64 trans_id,
- u64 rqst_addr);
- u64 vmbus_request_addr(struct vmbus_channel *channel, u64 trans_id);
-
-+static inline bool is_co_ring_buffer(const struct vmbus_channel_offer_channel *o)
-+{
-+ return !!(o->offer.chn_flags & VMBUS_CHANNEL_CONFIDENTIAL_RING_BUFFER);
-+}
-+
-+static inline bool is_co_external_memory(const struct vmbus_channel_offer_channel *o)
-+{
-+ return !!(o->offer.chn_flags & VMBUS_CHANNEL_CONFIDENTIAL_EXTERNAL_MEMORY);
-+}
-+
- static inline bool is_hvsock_offer(const struct vmbus_channel_offer_channel *o)
- {
- return !!(o->offer.chn_flags & VMBUS_CHANNEL_TLNPI_PROVIDER_OFFER);
---
-2.51.0
-
selftests-bpf-fix-failure-paths-in-send_signal-test.patch
bpf-check-skb-transport_header-is-set-in-bpf_skb_che.patch
mshv-fix-deposit-memory-in-mshv_root_hvcall.patch
-drivers-hv-vmbus-protocol-version-6.0.patch
-drivers-hv-allocate-encrypted-buffers-when-requested.patch
-drivers-hv-free-msginfo-when-the-buffer-fails-to-dec.patch
mshv-fix-create-memory-region-overlap-check.patch
watchdog-wdat_wdt-fix-acpi-table-leak-in-probe-funct.patch
watchdog-starfive-fix-resource-leak-in-probe-error-p.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
