From nobody Fri Dec 19 20:16:20 2025 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2065.outbound.protection.outlook.com [40.107.244.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4A7DC20AF8E; Wed, 26 Feb 2025 09:06:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.65 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560770; cv=fail; b=jL4FaSnHICrnYV86NsMWviYSyc7eCyqBF19dXy/xjMaftTHoocTWgB8SaiB2NAQ0FePNN28INHRFRX/dMXykv1NB+anIxYRPF4hAPDWkHbNZkBmHyBCgbSCWd67gLfKt1KP8HmNXiH5Pa3MSLzZaZQRQlzd+p6FNxoOu9kLwP3c= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560770; c=relaxed/simple; bh=AGWhOL64aMztAe1CdTGvXU6UyjNJ5mUAQYMfRqkJUj8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=B9fEiJHh056W3gRr8NTxZfo3dRiTu0AuhX+rXsmohUFpOKvmQcVaAsxV2s1O8TUY24yPNPTR7qbu2Bw74Tu4r6GbhJ5xQryPw/+29GuoyKeverfUTBaxW/i9+EcC2pQ+WUU0thqEtrjGETPdmjMCJyLO98UF0CiiAXk5jTuJjpE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=lALKxbcD; arc=fail smtp.client-ip=40.107.244.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="lALKxbcD" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=lC66LDql8V5rNm9sTlRgFFbyPDUfX3OJzLY3IwbKJFrOZ5AH/859EWbC3JY39ieSgVopiU2kFJqw1whNaxrD4fROZAoExS/HVOo+3gnZlqpGm05SXGmcktb4UV51wpGiGZvOLQ12KpOVxkOCnaKGEY67N2zF0BPoHI3NQdnk9PtHgOHK7FlfxJJqAkGc5hoD1GzvXHI+AoyO3ZSayLN6Wgx5RiBDRXCNQ9BF3DffT9io+Lj1+JrzsHUB64mD9SYe5MiXX9erYgFK1a7Vlr/tw07hC3lWPdyjr2Pf6Ll8GOHYY9juHiLCeYHqmDorBOyicZTNdYQZWgfk8YJZ/xudUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dyhSwW21TACWTBU4L8BDOnE5hxVwe7vAH7ppASVyoSU=; b=F5nRgYZNwsfsE62N1CQpgxAlF96UINV06pZ0/gBvpeuzvMjVN+NIGki0KJphZNvdSLXmbDv1V8RN+EjCz9gVSPNMfWQ3/yGBKyx49mnp3r7O8u7B/nokAGvg2RA1JHg/i1rmLacDpLU8mUPTXvVSWBahMuiG2456KpN6O2qZRVTj+ryRSfHVTRFEIuHETR58vQ1Yz6oQm3Sbg36fMonubhA8vj93J923mFbX8NspR25eUgRCOO4sz3jVDg7DeurctZ9JY3F4wNSxMKriQ9OKDwiZ/dSt5DCJZHcU9DWW5drEs2w+pD0e9t8uTv0DWqMkXCmndHtMwdE/jwgEJI9+BA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dyhSwW21TACWTBU4L8BDOnE5hxVwe7vAH7ppASVyoSU=; b=lALKxbcDkOZryjgfj7EAH58/Hy3kr4tq4NsTNvdKLQNJjmdO3GwxVnWdHUeY1tViDCXKjVoBLy7cNkMY2lhVAzTZcBEILGYwUQ/B1+tC6ElcBNSHue0vxzts261yK6fer6kAHnkzH0wAzjP/6UOKD9nLkePFMhJ4gmHNXyNOp8Y= Received: from SJ0PR13CA0006.namprd13.prod.outlook.com (2603:10b6:a03:2c0::11) by PH7PR12MB8038.namprd12.prod.outlook.com (2603:10b6:510:27c::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.20; Wed, 26 Feb 2025 09:06:04 +0000 Received: from SJ1PEPF0000231E.namprd03.prod.outlook.com (2603:10b6:a03:2c0:cafe::2e) by SJ0PR13CA0006.outlook.office365.com (2603:10b6:a03:2c0::11) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.15 via Frontend Transport; Wed, 26 Feb 2025 09:06:03 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF0000231E.mail.protection.outlook.com (10.167.242.230) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Wed, 26 Feb 2025 09:06:03 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 26 Feb 2025 03:05:55 -0600 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , Subject: [RFC v2 01/17] x86/apic: Add new driver for Secure AVIC Date: Wed, 26 Feb 2025 14:35:09 +0530 Message-ID: <20250226090525.231882-2-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> References: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF0000231E:EE_|PH7PR12MB8038:EE_ X-MS-Office365-Filtering-Correlation-Id: 31ba67ba-c39f-4aa4-c89e-08dd5644cc15 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|376014|7416014|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?axfY9Mm2oFQc3qwm1D7GKRuACBQuyCQ/pmv84ttpH/NLWkH9S2rUNJ0eBCXi?= =?us-ascii?Q?1fUuBru0Y4PBE/VOrG8ZowhFJC6S20qv9Nevb8qMlqkkOkLL/xb6/jxdi8ht?= =?us-ascii?Q?rjKpjQ91MtFC+Q53KWJ6lidmCdKPtpTmgGVidc4b6nOV2Dy1ZPhYjouYR69R?= =?us-ascii?Q?WczO55P1cgzNnJYF6ua6HDlV/vsPZonWbeeqBXdyE0ARwgWH/g8HEi15VRq0?= =?us-ascii?Q?g4QdBDZlXZjyoHa47qLQIjIaSfFD/TwSE7bcTvKXbe1qwZzZMa7Ji2FQCLBg?= =?us-ascii?Q?apgCm2+OOhzT0VQDdsdixVhsJlmbHCt1/ByplRO/fY697hLSH1I5jbSBv+xx?= =?us-ascii?Q?FVTkLqA2vRxAwvAw8XGFU+pEXgo5gaMZjWBQ9XkdL0La6ey1c9dQlu/WGE5V?= =?us-ascii?Q?654UAAs+AJzAdFfAEE/RPiB+fB8LVn5CUeT1F4AUHaO9GwurCx4tJiKCkc5S?= =?us-ascii?Q?pjGTDqsU16VEbSDlWSkGEaXaFT6Y2edYwj2A79auS7Lb3oN8M5ZzOS7wwqii?= =?us-ascii?Q?/4E1czBeWiUBq26VVmqyR0qPWEvzeAEaxx1CC3ZwDHKPA0h6sGlK1GeOqx8p?= =?us-ascii?Q?sdmV5TeqULNFLjj2dklppBA16jN/X+SMWiaylYYSxitRW1VNYUHXx01B4qsk?= =?us-ascii?Q?j+CtHZLFTVFFyiCQCi0DdGzbFyyXcTE3KgxZl2VfbZYbkPsqkwh6TDrhR9VC?= =?us-ascii?Q?ME4NZDmlhYQa92O+79JpqJvpgkoApfAycL5nXpAKRry1ZUXr8dPMHlWU/b9T?= =?us-ascii?Q?vB0rxR/qKYvDttdBWgeHPM6AGLoo08Cf4xRLlt7SdFMYptTIv+q8yyy6oQFQ?= =?us-ascii?Q?l1I5/WiRyBCceXb60WwEBHGpTH+sXiJrRN6OVdbBqFFWvNuUWYsfYaRiGzNs?= =?us-ascii?Q?71GfYQsOTgheAF9DyPwK1uCQVa656M+P2mcK3bRKpODM0T0+MheAbynhNuYn?= =?us-ascii?Q?7fifAoIEHonKO/E1otZkbTG1GDiqNkpVh0K8ckcVs89spjoUHV+PkhP/HR0p?= =?us-ascii?Q?L7hZVTkDnoKpdhSVoBcixqbm6Et533w4L8clBNoG+Q73hYD7jIfT84G3WJPx?= =?us-ascii?Q?WIrab0yP1GZjup9VSXUUd13VUY1CLngQdYB03ArNo+8oNEfKTqegSjPUX+oy?= =?us-ascii?Q?3KM5sSj/zqiNA6Z+vvppnX+4R2XQBv5Bcw7hlRQuCSpqTrHXlVO+UjUWlVCn?= =?us-ascii?Q?0bA42ig4M1UAggXhOj4G61hvvWQeVAs4NtXYMCoHbZGf9o8V/kWr9YxbuBEY?= =?us-ascii?Q?BcPrmxIT3PK/RHU6MLV0zWipjoD/bC3VQOlb54yPmQD0JPnqqlRPOO8nxonD?= =?us-ascii?Q?15ylPCTqxiPER3/rp1nAwNKa+80Vk0rpfYYYad6v9QsYjqdlqBGYJejVEux3?= =?us-ascii?Q?yYcI3MF/lzcnjDcujTggicjp9DODZIZsYkjL+GFEOnhjdfAUvd3TTEqbbdov?= =?us-ascii?Q?2VQDFfY+0OB8E0argjuTNmdMZ6sU6wZ2l8Hp218eJw3Lo2KBhPp8YByhAeJQ?= =?us-ascii?Q?674SldknTWauGyg=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(376014)(7416014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2025 09:06:03.6504 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 31ba67ba-c39f-4aa4-c89e-08dd5644cc15 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF0000231E.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB8038 Content-Type: text/plain; charset="utf-8" The Secure AVIC feature provides SEV-SNP guests hardware acceleration for performance sensitive APIC accesses while securely managing the guest-owned APIC state through the use of a private APIC backing page. This helps prevent hypervisor from generating unexpected interrupts for a vCPU or otherwise violate architectural assumptions around APIC behavior. Add a new x2APIC driver that will serve as the base of the Secure AVIC support. It is initially the same as the x2APIC phys driver, but will be modified as features of Secure AVIC are implemented. If the hypervisor sets the Secure AVIC bit in SEV_STATUS and the bit is not set in SNP_FEATURES_PRESENT, maintain the current behavior to enforce the guest termination. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v1: - Updated the commit log to highlight the behavior for the case when guest SNP_FEATURES_PRESENT does not have SECURE AVIC set and Hv has set the bit in SEV_STATUS. - Select AMD_SECURE_AVIC config if AMD_MEM_ENCRYPT config is enabled. - Updated the config AMD_SECURE_AVIC description to highlight functional dependency on x2apic enablement. arch/x86/Kconfig | 14 ++++ arch/x86/boot/compressed/sev.c | 1 + arch/x86/coco/core.c | 3 + arch/x86/include/asm/msr-index.h | 4 +- arch/x86/kernel/apic/Makefile | 1 + arch/x86/kernel/apic/x2apic_savic.c | 112 ++++++++++++++++++++++++++++ include/linux/cc_platform.h | 8 ++ 7 files changed, 142 insertions(+), 1 deletion(-) create mode 100644 arch/x86/kernel/apic/x2apic_savic.c diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 42c8a69bfb49..7776645e71d1 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -474,6 +474,19 @@ config X86_X2APIC =20 If you don't know what to do here, say N. =20 +config AMD_SECURE_AVIC + bool "AMD Secure AVIC" + depends on X86_X2APIC + help + This enables AMD Secure AVIC support on guests that have this feature. + + AMD Secure AVIC provides hardware acceleration for performance sensitive + APIC accesses and support for managing guest owned APIC state for SEV-S= NP + guests. Secure AVIC does not support xapic mode. It has functional + dependency on x2apic being enabled in the guest. + + If you don't know what to do here, say N. + config X86_POSTED_MSI bool "Enable MSI and MSI-x delivery by posted interrupts" depends on X86_64 && IRQ_REMAP @@ -1557,6 +1570,7 @@ config AMD_MEM_ENCRYPT select X86_MEM_ENCRYPT select UNACCEPTED_MEMORY select CRYPTO_LIB_AESGCM + select AMD_SECURE_AVIC help Say yes to enable support for the encryption of system memory. This requires an AMD processor that supports Secure Memory diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index bb55934c1cee..798fdd3dbd1e 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -394,6 +394,7 @@ void do_boot_stage2_vc(struct pt_regs *regs, unsigned l= ong exit_code) MSR_AMD64_SNP_VMSA_REG_PROT | \ MSR_AMD64_SNP_RESERVED_BIT13 | \ MSR_AMD64_SNP_RESERVED_BIT15 | \ + MSR_AMD64_SNP_SECURE_AVIC | \ MSR_AMD64_SNP_RESERVED_MASK) =20 /* diff --git a/arch/x86/coco/core.c b/arch/x86/coco/core.c index 9a0ddda3aa69..3d7bf37e2155 100644 --- a/arch/x86/coco/core.c +++ b/arch/x86/coco/core.c @@ -102,6 +102,9 @@ static bool noinstr amd_cc_platform_has(enum cc_attr at= tr) case CC_ATTR_HOST_SEV_SNP: return cc_flags.host_sev_snp; =20 + case CC_ATTR_SNP_SECURE_AVIC: + return sev_status & MSR_AMD64_SNP_SECURE_AVIC; + default: return false; } diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-in= dex.h index 72765b2fe0d8..a42d88e9def8 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -683,7 +683,9 @@ #define MSR_AMD64_SNP_VMSA_REG_PROT BIT_ULL(MSR_AMD64_SNP_VMSA_REG_PROT_BI= T) #define MSR_AMD64_SNP_SMT_PROT_BIT 17 #define MSR_AMD64_SNP_SMT_PROT BIT_ULL(MSR_AMD64_SNP_SMT_PROT_BIT) -#define MSR_AMD64_SNP_RESV_BIT 18 +#define MSR_AMD64_SNP_SECURE_AVIC_BIT 18 +#define MSR_AMD64_SNP_SECURE_AVIC BIT_ULL(MSR_AMD64_SNP_SECURE_AVIC_BIT) +#define MSR_AMD64_SNP_RESV_BIT 19 #define MSR_AMD64_SNP_RESERVED_MASK GENMASK_ULL(63, MSR_AMD64_SNP_RESV_BIT) #define MSR_AMD64_RMP_BASE 0xc0010132 #define MSR_AMD64_RMP_END 0xc0010133 diff --git a/arch/x86/kernel/apic/Makefile b/arch/x86/kernel/apic/Makefile index 3bf0487cf3b7..12153993c12b 100644 --- a/arch/x86/kernel/apic/Makefile +++ b/arch/x86/kernel/apic/Makefile @@ -18,6 +18,7 @@ ifeq ($(CONFIG_X86_64),y) # APIC probe will depend on the listing order here obj-$(CONFIG_X86_NUMACHIP) +=3D apic_numachip.o obj-$(CONFIG_X86_UV) +=3D x2apic_uv_x.o +obj-$(CONFIG_AMD_SECURE_AVIC) +=3D x2apic_savic.o obj-$(CONFIG_X86_X2APIC) +=3D x2apic_phys.o obj-$(CONFIG_X86_X2APIC) +=3D x2apic_cluster.o obj-y +=3D apic_flat_64.o diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c new file mode 100644 index 000000000000..c3a4d387c63f --- /dev/null +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -0,0 +1,112 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * AMD Secure AVIC Support (SEV-SNP Guests) + * + * Copyright (C) 2024 Advanced Micro Devices, Inc. + * + * Author: Neeraj Upadhyay + */ + +#include +#include + +#include +#include + +#include "local.h" + +static int x2apic_savic_acpi_madt_oem_check(char *oem_id, char *oem_table_= id) +{ + return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); +} + +static void x2apic_savic_send_IPI(int cpu, int vector) +{ + u32 dest =3D per_cpu(x86_cpu_to_apicid, cpu); + + /* x2apic MSRs are special and need a special fence: */ + weak_wrmsr_fence(); + __x2apic_send_IPI_dest(dest, vector, APIC_DEST_PHYSICAL); +} + +static void +__send_IPI_mask(const struct cpumask *mask, int vector, int apic_dest) +{ + unsigned long query_cpu; + unsigned long this_cpu; + unsigned long flags; + + /* x2apic MSRs are special and need a special fence: */ + weak_wrmsr_fence(); + + local_irq_save(flags); + + this_cpu =3D smp_processor_id(); + for_each_cpu(query_cpu, mask) { + if (apic_dest =3D=3D APIC_DEST_ALLBUT && this_cpu =3D=3D query_cpu) + continue; + __x2apic_send_IPI_dest(per_cpu(x86_cpu_to_apicid, query_cpu), + vector, APIC_DEST_PHYSICAL); + } + local_irq_restore(flags); +} + +static void x2apic_savic_send_IPI_mask(const struct cpumask *mask, int vec= tor) +{ + __send_IPI_mask(mask, vector, APIC_DEST_ALLINC); +} + +static void x2apic_savic_send_IPI_mask_allbutself(const struct cpumask *ma= sk, int vector) +{ + __send_IPI_mask(mask, vector, APIC_DEST_ALLBUT); +} + +static int x2apic_savic_probe(void) +{ + if (!cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) + return 0; + + if (!x2apic_mode) { + pr_err("Secure AVIC enabled in non x2APIC mode\n"); + snp_abort(); + } + + pr_info("Secure AVIC Enabled\n"); + + return 1; +} + +static struct apic apic_x2apic_savic __ro_after_init =3D { + + .name =3D "secure avic x2apic", + .probe =3D x2apic_savic_probe, + .acpi_madt_oem_check =3D x2apic_savic_acpi_madt_oem_check, + + .dest_mode_logical =3D false, + + .disable_esr =3D 0, + + .cpu_present_to_apicid =3D default_cpu_present_to_apicid, + + .max_apic_id =3D UINT_MAX, + .x2apic_set_max_apicid =3D true, + .get_apic_id =3D x2apic_get_apic_id, + + .calc_dest_apicid =3D apic_default_calc_apicid, + + .send_IPI =3D x2apic_savic_send_IPI, + .send_IPI_mask =3D x2apic_savic_send_IPI_mask, + .send_IPI_mask_allbutself =3D x2apic_savic_send_IPI_mask_allbutself, + .send_IPI_allbutself =3D x2apic_send_IPI_allbutself, + .send_IPI_all =3D x2apic_send_IPI_all, + .send_IPI_self =3D x2apic_send_IPI_self, + .nmi_to_offline_cpu =3D true, + + .read =3D native_apic_msr_read, + .write =3D native_apic_msr_write, + .eoi =3D native_apic_msr_eoi, + .icr_read =3D native_x2apic_icr_read, + .icr_write =3D native_x2apic_icr_write, +}; + +apic_driver(apic_x2apic_savic); diff --git a/include/linux/cc_platform.h b/include/linux/cc_platform.h index 0bf7d33a1048..7fcec025c5e0 100644 --- a/include/linux/cc_platform.h +++ b/include/linux/cc_platform.h @@ -96,6 +96,14 @@ enum cc_attr { * enabled to run SEV-SNP guests. */ CC_ATTR_HOST_SEV_SNP, + + /** + * @CC_ATTR_SNP_SECURE_AVIC: Secure AVIC mode is active. + * + * The host kernel is running with the necessary features enabled + * to run SEV-SNP guests with full Secure AVIC capabilities. + */ + CC_ATTR_SNP_SECURE_AVIC, }; =20 #ifdef CONFIG_ARCH_HAS_CC_PLATFORM --=20 2.34.1 From nobody Fri Dec 19 20:16:20 2025 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2071.outbound.protection.outlook.com [40.107.100.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0890F20AF8E; Wed, 26 Feb 2025 09:06:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.100.71 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560787; cv=fail; b=G/GzypAg60IX0zoARFnCowqX/T28K4G+kasN9YKstGKdHqA11kgLDCahv08UDM+E+zE+MLFzJ8bX6i8C53DfjEUAtGVc7IYkNCIS3wZxNAIU9XLUA4JT5ISMo45Vh1FBfWJu4D0IsnzKlEPK3+f/0BqkKoxCK77GUcGdY9fO60g= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560787; c=relaxed/simple; bh=+SYu31qiseV5CtPL40d2jOGctjaYJsf1UeEDd1Nai88=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=dOYDf/GEJRzjp/iP7zegtoIeO9a8MMK20odGb6fe2kiHmNVwmD/9gFEiSotN88hO3WES/YG9P+9l3UIayCaoolgCGtBUlqMm034O6C6/+ZOjOcHg8WVE7vOC8cen7+1YXCEDDh58wctRhquFrcaZold7/GcRmHGNz59uDVOLkvA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=01iAPTt5; arc=fail smtp.client-ip=40.107.100.71 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="01iAPTt5" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=epdyPn9j3wGfBLwMcki6mCS9qwSsnd6gLcBcEiq4u5S5nwJi34V1Jkie4pCA7wFpmh5fQI4FzipA6Cc1y6Pdr14Z23I1J3jRdlXqyMTA5QXbtRR2arVywhB3ADuSiV/ApvDIFq/IquKUzCVqZqqWnsw8fANtMzTMkr9CgMzKmBg6W7UDrF3wdBePP6eV+CfFYSjHDIY6w/Twcjmfqns8HB30YsrM07g7SuqOqLQ8Th1pQmuP/VD8NX7FtoPwJQLZOo+llyaEZX2wS4/HBQ8eiUBPoE1P7XJnpm8JZtA5Gv/yp5kxI6wBKagUJYRJV6q0/XftHmXznDP9h/HG+564CQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fQ72ZTQ8IAzZQMuyhjih4kEsBpl5nqht3oQkjU1CWuc=; b=QPDy6euR7yx/yb0C9n1cjYVCs0/1uQ0jYpwASa4s8X89ajv8zgbQyjL1dWm29/2feWKK7xbbM/EV9SEMjvs0NKHVvdPuvEr8Y9fRweU++0upNTcxFFtBFr2wt2EpxLAtgkxj4Y4Yppq3rS9guREu4cMGK5V1FT1d9CsA+zA/bXJmtd2TxqExzGvdBlO8E05RhV5ZxQRAMrlh7YAEXwgp3ZcHdWBzJFywwOeurLvLL9Qn8kyqlaIpgiBiv94/vwA7HJZ5XQQWKt4GCNa6tgUlH4iIxUICWzuGKuXWvTSInrLVePXDJ2gS1qWoWMxebJsXFlCDHGFJs7tOQCIU8khrWQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fQ72ZTQ8IAzZQMuyhjih4kEsBpl5nqht3oQkjU1CWuc=; b=01iAPTt5dL7MxJBQyt3ZN9/k+GaaxM1oGPGf+9EadOKNTUJfstixC3DM6MaczYP0BOxfA7HvXdLravBfJg37M5pWxg/cRDSFKiY286EBXcDo8k+DskmoXM+LkFS7WTGhoizWsniD2/IDzegcsGFqjQ0gHTWkwJhdH/7eqQ7mP0w= Received: from SJ0PR03CA0245.namprd03.prod.outlook.com (2603:10b6:a03:3a0::10) by DM4PR12MB7696.namprd12.prod.outlook.com (2603:10b6:8:100::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.20; Wed, 26 Feb 2025 09:06:20 +0000 Received: from SJ1PEPF0000231B.namprd03.prod.outlook.com (2603:10b6:a03:3a0:cafe::8a) by SJ0PR03CA0245.outlook.office365.com (2603:10b6:a03:3a0::10) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8466.20 via Frontend Transport; Wed, 26 Feb 2025 09:06:20 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF0000231B.mail.protection.outlook.com (10.167.242.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Wed, 26 Feb 2025 09:06:19 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 26 Feb 2025 03:06:14 -0600 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , Subject: [RFC v2 02/17] x86/apic: Initialize Secure AVIC APIC backing page Date: Wed, 26 Feb 2025 14:35:10 +0530 Message-ID: <20250226090525.231882-3-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> References: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF0000231B:EE_|DM4PR12MB7696:EE_ X-MS-Office365-Filtering-Correlation-Id: 87e7a623-f1ae-4383-5d26-08dd5644d5c1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|36860700013|82310400026|376014|13003099007; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?XmE6JoRFArdJs6JRfoeAeyWfkqsfK3qnmEZrnKGN2gsbPpIL1KGHvMcUMTHD?= =?us-ascii?Q?7ECHFYiAIFVraEmPnOSdgm2RM/Uue1yjwuVLyQ38OZViEEWeO5COxLDJQExn?= =?us-ascii?Q?purLvKe5toxEUzHTWqh2JaqgTsQVITH/3UrOcDiRwcY829xVJ6dyGT82SCMj?= =?us-ascii?Q?yk/BpdJHGmer0moZW4QfqAnpqX7wI24f1TG3wLMnbiDfr8NZjTt9GXHZFSBW?= =?us-ascii?Q?Sn8e2lSE0BI8P2P8FMuDQDElOIcYOvltLrJ5lNO7dqL20bgZSxntPw1IH5dY?= =?us-ascii?Q?696RZsVh26sTEGYWMnh6O9L9n//Yyk0QL3YZbcKL2qL6ZXaS+t3Qez5VhMjp?= =?us-ascii?Q?UnFbMZG2SJeKN6qXyRjAAkmOMvaFRLMFA2+gK+I3vAWPQMpI1mvnUoUvV1bg?= =?us-ascii?Q?2qkhlrl1PLwaUcF3CjMLdkEgEWCj0+RlmvHdlyja7ZeW6BC0Fg4lROMltYUs?= =?us-ascii?Q?RZRY/Eer5wQl2PljSD9EDmECtFbFRqWdn6mibLDhsty5rjP7/t2ap6aTZkHy?= =?us-ascii?Q?1BlPcQrCT8RFXC/gjqYn4Tqljf2BAAoW+W/X8GrhfTW4pTO0T9pFbBGMYxvh?= =?us-ascii?Q?+Fh2UMaoaw8z/vT3zyuas8+L9+aga4C+x2GZ+RA2VtIwi1lI3o/A2bK11qxA?= =?us-ascii?Q?vM+VjAeZfE+YS2835Ou4aZbuYq+ogVMCjRrB020l8ePy5BQ/a0WgyU8v/aQq?= =?us-ascii?Q?1NOWKELqDPVyl1Rh/anCrgQm7QONnFmMCE5G1AeJNNNdGrgqiOQwcy/sOPVy?= =?us-ascii?Q?n5hoczM0pf1VDM8WDiB58wwq5R+hhfltfIVgzmiKlYTpvzYwoMOHEksViZYd?= =?us-ascii?Q?ZPWC2VPxi12WATLgif4g9CnoqUjzhtRYqRLacepTwHJ3lSOu47PwCCdlQAUq?= =?us-ascii?Q?81NsbZDsJb2Ob6jovsr7RPyq0F4JhAJX0r+4l83aPaoSA4PS7gn6MzmwxmTS?= =?us-ascii?Q?G5+t0JMGUmTHF8bP5V310N/0fS3NmFwULH2bA9J6jc25VRQiLVr1WiPe0WPd?= =?us-ascii?Q?UZiF5qbEKhi2cOrjWDVPCRhB63VmEWWcBioP2Fu2UcKc0LdWyBoUZs19h8bP?= =?us-ascii?Q?1oTD1Vb0sTW1m5UiknKISFv7y7eCl30HqiCKhPK+9yccqz0EgEsecaCArnnN?= =?us-ascii?Q?mkpwDItS+zbk+2T23FlgR1uXI+3boH/B+LZE4PGja+EWQo/B8vVCmyItZM1k?= =?us-ascii?Q?ZLmc5F6lUENny85NYazFsNvQ2d3XVyNbjYoRfBumQ/O0RP1DrsxObMQ7DMk+?= =?us-ascii?Q?Iwy0mUFQ74jFofGlMVtb2iHwLhPutmQRICPc13iUQ4hXnKGuO+9zYO0KuyVv?= =?us-ascii?Q?uJZgSdz/ZoylncqxUDi26r1LvRC2mxYiJhWT1QIjmDWbf6/XwFkArbk3axyw?= =?us-ascii?Q?8O4IRx7LuYq9evkktWuUK8rmY3SCOzWuxIb7WUBt1ZU5dH1H87yAxHyS8a2M?= =?us-ascii?Q?UEoBs4CxyQ8fspaC+DI3iuP9ufz4WsZOYQWUUvIMLK4NFf3wF34P/9HMIBZP?= =?us-ascii?Q?+ATRWpY8Muh4tHs=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(36860700013)(82310400026)(376014)(13003099007);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2025 09:06:19.8900 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 87e7a623-f1ae-4383-5d26-08dd5644d5c1 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF0000231B.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB7696 Content-Type: text/plain; charset="utf-8" With Secure AVIC, the APIC backing page is owned and managed by guest. Allocate and initialize APIC backing page for all guest CPUs. The NPT entry for the vCPU's APIC backing page must always be present when the vCPU is running in order for Secure AVIC to function. A VMEXIT_BUSY is returned on VMRUN and the vCPU cannot be resumed if the NPT entry for the APIC backing page is not present. Notify GPA of the vCPU's APIC backing page to the hypervisor by using the SVM_VMGEXIT_SECURE_AVIC GHCB protocol event. Before executing VMRUN, the hypervisor makes use of this information to make sure the APIC backing page is mapped in NPT. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v1: - Updated commit log. - Allocate APIC backing page for each CPU as a separate PAGE_SIZE allocation with GFP_KERNEL flag. - Update the GPA registeration API as per the latest GHCB spec updates for Secure AVIC GHCB protocol event (yet to be published). Corresponding KVM support is here: https://github.com/AMDESE/linux-kvm/commit/5fbf231861207edf73bb31742f75e= 22cae18607b - Remove savic_setup_done variable. - Removed initialization of LVT* regs in backing page from Hv values. These regs will reads/writes will be propagated to Hv in subsequent patches. - Move savic_ghcb_msr_read() definition to a later patch where it will be first used. arch/x86/coco/sev/core.c | 32 +++++++++++++++++++++++++++ arch/x86/include/asm/apic.h | 1 + arch/x86/include/asm/sev.h | 3 +++ arch/x86/include/uapi/asm/svm.h | 3 +++ arch/x86/kernel/apic/apic.c | 2 ++ arch/x86/kernel/apic/x2apic_savic.c | 34 +++++++++++++++++++++++++++++ 6 files changed, 75 insertions(+) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 82492efc5d94..300bc8f6eb6f 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1504,6 +1504,38 @@ static enum es_result vc_handle_msr(struct ghcb *ghc= b, struct es_em_ctxt *ctxt) return ret; } =20 +/* + * Register GPA of the Secure AVIC backing page. + * + * @apic_id: APIC ID of the vCPU. Use -1ULL for the current vCPU + * doing the call. + * @gpa : GPA of the Secure AVIC backing page. + */ +enum es_result savic_register_gpa(u64 apic_id, u64 gpa) +{ + struct ghcb_state state; + struct es_em_ctxt ctxt; + unsigned long flags; + struct ghcb *ghcb; + int ret =3D 0; + + local_irq_save(flags); + + ghcb =3D __sev_get_ghcb(&state); + + vc_ghcb_invalidate(ghcb); + + ghcb_set_rax(ghcb, apic_id); + ghcb_set_rbx(ghcb, gpa); + ret =3D sev_es_ghcb_hv_call(ghcb, &ctxt, SVM_VMGEXIT_SECURE_AVIC, + SVM_VMGEXIT_SECURE_AVIC_REGISTER_GPA, 0); + + __sev_put_ghcb(&state); + + local_irq_restore(flags); + return ret; +} + static void snp_register_per_cpu_ghcb(void) { struct sev_es_runtime_data *data; diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h index f21ff1932699..3f70aa2f3aba 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -305,6 +305,7 @@ struct apic { =20 /* Probe, setup and smpboot functions */ int (*probe)(void); + void (*setup)(void); int (*acpi_madt_oem_check)(char *oem_id, char *oem_table_id); =20 void (*init_apic_ldr)(void); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 1581246491b5..626588386cf2 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -483,6 +483,7 @@ int snp_send_guest_request(struct snp_msg_desc *mdesc, = struct snp_guest_req *req =20 void __init snp_secure_tsc_prepare(void); void __init snp_secure_tsc_init(void); +enum es_result savic_register_gpa(u64 apic_id, u64 gpa); =20 #else /* !CONFIG_AMD_MEM_ENCRYPT */ =20 @@ -526,6 +527,8 @@ static inline int snp_send_guest_request(struct snp_msg= _desc *mdesc, struct snp_ struct snp_guest_request_ioctl *rio) { return -ENODEV; } static inline void __init snp_secure_tsc_prepare(void) { } static inline void __init snp_secure_tsc_init(void) { } +static inline enum es_result savic_register_gpa(u64 apic_id, + u64 gpa) { return ES_UNSUPPORTED; } =20 #endif /* CONFIG_AMD_MEM_ENCRYPT */ =20 diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/sv= m.h index 1814b413fd57..0bb70c5988bb 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -116,6 +116,9 @@ #define SVM_VMGEXIT_AP_CREATE 1 #define SVM_VMGEXIT_AP_DESTROY 2 #define SVM_VMGEXIT_SNP_RUN_VMPL 0x80000018 +#define SVM_VMGEXIT_SECURE_AVIC 0x8000001a +#define SVM_VMGEXIT_SECURE_AVIC_REGISTER_GPA 0 +#define SVM_VMGEXIT_SECURE_AVIC_UNREGISTER_GPA 1 #define SVM_VMGEXIT_HV_FEATURES 0x8000fffd #define SVM_VMGEXIT_TERM_REQUEST 0x8000fffe #define SVM_VMGEXIT_TERM_REASON(reason_set, reason_code) \ diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index e893dc6f11c1..1c0b5f14435e 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -1504,6 +1504,8 @@ static void setup_local_APIC(void) return; } =20 + if (apic->setup) + apic->setup(); /* * If this comes from kexec/kcrash the APIC might be enabled in * SPIV. Soft disable it before doing further initialization. diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index c3a4d387c63f..c444161d81b3 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -9,12 +9,15 @@ =20 #include #include +#include =20 #include #include =20 #include "local.h" =20 +static DEFINE_PER_CPU(void *, apic_backing_page); + static int x2apic_savic_acpi_madt_oem_check(char *oem_id, char *oem_table_= id) { return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); @@ -61,6 +64,36 @@ static void x2apic_savic_send_IPI_mask_allbutself(const = struct cpumask *mask, in __send_IPI_mask(mask, vector, APIC_DEST_ALLBUT); } =20 +static void x2apic_savic_setup(void) +{ + void *backing_page; + enum es_result ret; + unsigned long gpa; + + if (this_cpu_read(apic_backing_page)) + return; + + backing_page =3D kzalloc(PAGE_SIZE, GFP_KERNEL); + if (!backing_page) + snp_abort(); + this_cpu_write(apic_backing_page, backing_page); + gpa =3D __pa(backing_page); + + /* + * The NPT entry for the vCPU's APIC backing page must always be + * present when the vCPU is running in order for Secure AVIC to + * function. A VMEXIT_BUSY is returned on VMRUN and the vCPU cannot + * be resumed if the NPT entry for the APIC backing page is not + * present. Notify GPA of the vCPU's APIC backing page to the + * hypervisor by calling savic_register_gpa(). Before executing + * VMRUN, the hypervisor makes use of this information to make sure + * the APIC backing page is mapped in NPT. + */ + ret =3D savic_register_gpa(-1ULL, gpa); + if (ret !=3D ES_OK) + snp_abort(); +} + static int x2apic_savic_probe(void) { if (!cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) @@ -81,6 +114,7 @@ static struct apic apic_x2apic_savic __ro_after_init =3D= { .name =3D "secure avic x2apic", .probe =3D x2apic_savic_probe, .acpi_madt_oem_check =3D x2apic_savic_acpi_madt_oem_check, + .setup =3D x2apic_savic_setup, =20 .dest_mode_logical =3D false, =20 --=20 2.34.1 From nobody Fri Dec 19 20:16:20 2025 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2065.outbound.protection.outlook.com [40.107.236.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 102DA2135B7; Wed, 26 Feb 2025 09:06:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.65 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560803; cv=fail; b=f6k+9azTZz2b9+0P87Nakffa9m9Y1RgovT+N1I8uezg/Gh+qKiJe+XvLK0UGiOz+jTc+ZwtgF/S3haOSWHKYemGeF6P1dBAXd+KypEkQ1dKgaOIE2pNiTEMvaAqHnauka6SFhfcVgVZiuO+QmDyR42+uRpj08/gyDTIvczIkMIg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560803; c=relaxed/simple; bh=29DCPu6PYbPoNp9CleIiURSMkuo5Oax5j/JhjFrQuqg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=P920a0o68aw7y3lZ+YpZCWgx/pF+ld+mlYiUR8wmTA3YPECrmg3+nKMHv4aNVSRb2ekL6GSTTV5B1KFiFgbB9l1y/JqJFSDHMsCGtwODmwTnAdM44xmwJEMx1EjgBdO4LUcgWCFHr6RUWozMtDbEx8WKLSedZUc+iDFmcM9RM+I= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=x4GFlAWb; arc=fail smtp.client-ip=40.107.236.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="x4GFlAWb" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=vxYBquI/NHwziREtQFUmbxLFE2GFVV81lO73xxmA0TH7pottbmUG4DDGh/R/BeePC2oyZG25eeLjZUodV0oLQtNl2s+WSTdq3Itl8ln8mDCjperXYExqnU3aU2M/uTGLL7l0ouCBmDrqe2/e1PauxVDmE/pVPtj6L3iD3PK1BVjqa3/CJaDLyfqJ2z6n/JD6OpcNPHoEs0dw2XiY0yvQXSZ+7a2YnXOr1O4Ppm8BOjRsh0W/1u0q8Ajc6Kc6yjZb+00ChtApCkNXjueh7/QnrQ4l/xcyjh7DGkiNlU3K/et/cQMCmk3EAavw9oYGdTNC0AUhh9TEG4He80y4JTvmXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vlOI/TnpcwrbfTWAvslBQn0i6Sn/KczzFfbkyF1ffi4=; b=mxS71VN+YfHlkNMHLoGROb9JgKjv5wfmK2BvHDYn7Q4gPbb61dOYaC11yrT88zwVndrNdWnOaMrYhd0R0Pw/Ltdnk8XX9RuMWtLx1Cqc5wgBhwRx2YA2evK1oyW9grGl0tHg6QOKYpl5SQXhfRQYeEQX4tN+XyJYCZEuhX/go68Gr26hj2IuMKQOtkefVg8dXDT+V5NmO8vC6hJW6/O+z8dnpU3MmjoNPJ32bmxk7NwfpliSxl76DI/4yhD6dMu5sJ4jIOoGkf6XxmS8usQOv4UQ7z34RK3CIkRGCTbQ3orpcEKYL3SIFUHBVheZBt8iQqultk/nhVP3zCMxgN8ETA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vlOI/TnpcwrbfTWAvslBQn0i6Sn/KczzFfbkyF1ffi4=; b=x4GFlAWbSoO7Lb8Iqb/ZLXB38jS5pSqLwHlcrTb3sNzAKoOU4RkNQhSc6rTF3naO40pkD03lN8u0g8Parz1fy6sBvDnjZSs1iKW8GfKzLhWhZoUwOo++kYNE5J9RmCB855tIXqa7zAECxotbsyz8jAw10HBDhVOcSmIYyCmcwbg= Received: from MW3PR05CA0015.namprd05.prod.outlook.com (2603:10b6:303:2b::20) by DM6PR12MB4372.namprd12.prod.outlook.com (2603:10b6:5:2af::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.20; Wed, 26 Feb 2025 09:06:38 +0000 Received: from SJ1PEPF0000231F.namprd03.prod.outlook.com (2603:10b6:303:2b:cafe::ec) by MW3PR05CA0015.outlook.office365.com (2603:10b6:303:2b::20) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.15 via Frontend Transport; Wed, 26 Feb 2025 09:06:38 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF0000231F.mail.protection.outlook.com (10.167.242.235) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Wed, 26 Feb 2025 09:06:37 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 26 Feb 2025 03:06:31 -0600 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , Subject: [RFC v2 03/17] x86/apic: Populate .read()/.write() callbacks of Secure AVIC driver Date: Wed, 26 Feb 2025 14:35:11 +0530 Message-ID: <20250226090525.231882-4-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> References: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF0000231F:EE_|DM6PR12MB4372:EE_ X-MS-Office365-Filtering-Correlation-Id: 5cea5c9a-062e-495c-ece0-08dd5644e06b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|7416014|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?BC2QpXe/aIcNoQj0lF1wlWQ63b4Yl/YDMerpz65DlrFwcEz8waegsXD3oSMs?= =?us-ascii?Q?wC95mVmuU7w7qLhUhvEPc2t1phgRbxqCMCLM8n7J54bgVoyz3HXIfEyN5XMQ?= =?us-ascii?Q?QK5/cY7DbgFFExapfWcJ1JtrCHsiIXffcdKtbnPsf3hg/vDcqRQKxxOoy2Ry?= =?us-ascii?Q?mto/RT4gZU7/qWVc+9LVeOZZAhIPymKmpt9KrwJIDBRpeIuJpmeqsQtlvOgi?= =?us-ascii?Q?YjT9xKAxk3UQls1A82HIR0xTIivGRtIO5VgNjQ0D9WQLtHxVyBvIFI36+kqN?= =?us-ascii?Q?rhjgTrwIvsiBjlm4sAo1wtgjuX6aDJQrn/Qr/PrzCvRzMKiJPdXPQZgZCamp?= =?us-ascii?Q?JsFwl9VH/tcMzYqPIf3nmtGabdGbjpodDafXI523iXehOCPp2q3MqGuPsDel?= =?us-ascii?Q?Tdz3t/OkNgrf268zRX9MoQAiRcY5waxIYd0GeObbFWPQ+bi8ttEDrGv+j5nb?= =?us-ascii?Q?3byRwy06nXdoKDNsmapgCq6CwJFjJSaBVpp7BrAOkkOF/97bjj99JNIkJMMy?= =?us-ascii?Q?09zUXBd5yvlzmlJ13/GO/MPGB/fJGClPsXDvvAZN8cOuhOD5tRJ8xxvvfUMn?= =?us-ascii?Q?KJxNhP6C3wsK7rvHsBLYQFimHLFMkH6TOBeGT5tm3UyKgfMjpw/bADX2LShP?= =?us-ascii?Q?i7h49xy/xteCrGxKk1Rd2HjSgm4pLIFAKAuUFjd/zFU7vCS0SWTK42OEJxFr?= =?us-ascii?Q?uUllS9qG2ZhZVDLBTX4LD5y8pPUyj6DKxP8l8y9GntqFtyhIdRjZX2QDrNZ4?= =?us-ascii?Q?jR0t+8CRSOVKdRS8DY0CftVSZrtL1t84JSLupnMen1Dbf+n/dSYjbRU5G6/a?= =?us-ascii?Q?emNL0S5ppsi6RZOS+/fHZjvU0Hiou9MTOERdi01savxS19v/hDo+F+2wu52b?= =?us-ascii?Q?7FoBRBXxIVPQyDsYqmBtYKGhgct8MU0GeeHtQQDiWvMtbFPjmlOgqMYvrONM?= =?us-ascii?Q?QuZ5v1EvkvX9NqpO6s+CmE4UCrvyylwj9Sw/JWhuGx07m5ivyFAcQjRUo0LX?= =?us-ascii?Q?ucIt1tyHMTomzMz9HIhsaClvqpphxdPQnUfqUG3LiQ+FegzPRljUwko3rfZi?= =?us-ascii?Q?mQWJJGfFcVKE8kZO+OEseivylDNuaoZjoSomm3l0QE+RKTmWM3/R7oNZcyFo?= =?us-ascii?Q?J7nhd5DKrzH0YUrwXgNtIPTi6LaQ8pUxPdqka2vHB7xivj0pSDbB18aH6l+6?= =?us-ascii?Q?ljIB/ZkyN8qcIndGCE68w6/oSOgDCd+Xw+0BFMBne8FJhHJP3249c0H213TS?= =?us-ascii?Q?7OmWIa6STFi1p4USV50HYOnhyKFVRSxNVUqmyuBEoBNHYIs3Zeahe22Hz6eN?= =?us-ascii?Q?KGCTMKnWJkJLZQXcoVv4/YN2AETFGoXjY4oupsiJYdNrxgSGYoJvM+L90kBS?= =?us-ascii?Q?VnuXlGS6THr5tMBO1FoDBFXDij25TH4DDOchU7I/aGtf1ReK5el+aL3vI1Wm?= =?us-ascii?Q?VeKU2IH1Iwa+hZfXPcw7diyhMOW+Dzo/DNBxUktJBxt34ElR53IZZtykXz46?= =?us-ascii?Q?oCltqMwSmk4uqVQ=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(376014)(7416014)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2025 09:06:37.7693 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5cea5c9a-062e-495c-ece0-08dd5644e06b X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF0000231F.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4372 Content-Type: text/plain; charset="utf-8" The x2APIC registers are mapped at an offset within the guest APIC backing page which is same as their x2APIC MMIO offset. Secure AVIC adds new registers such as ALLOWED_IRRs (which are at 4-byte offset within the IRR register offset range) and NMI_REQ to the APIC register space. Add read() and write() APIC callback functions to read and write x2APIC registers directly from the guest APIC backing page. When Secure AVIC is enabled, rdmsr/wrmsr of APIC registers result in VC exception (for non-accelerated register accesses). The #VC exception handler can read/write the x2APIC register in the guest APIC backing page. Since doing this would increase the latency of accessing x2APIC registers, instead of doing rdmsr/wrmsr based accesses and handling apic register reads/writes in VC VMEXIT_AVIC_NOACCEL error condition, the read() and write() callbacks of Secure AVIC driver directly read/write APIC register from/to the guest APIC backing page. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v1: - APIC_ID reg write is not allowed. - Put information about not using #VC exception path for register reads/writes as comments. - So not read backing page if WARN_ONCE is triggered for misaligned reads. - Cleanups. arch/x86/include/asm/apicdef.h | 2 + arch/x86/kernel/apic/x2apic_savic.c | 120 +++++++++++++++++++++++++++- 2 files changed, 120 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/apicdef.h b/arch/x86/include/asm/apicdef.h index 094106b6a538..be39a543fbe5 100644 --- a/arch/x86/include/asm/apicdef.h +++ b/arch/x86/include/asm/apicdef.h @@ -135,6 +135,8 @@ #define APIC_TDR_DIV_128 0xA #define APIC_EFEAT 0x400 #define APIC_ECTRL 0x410 +#define APIC_SEOI 0x420 +#define APIC_IER 0x480 #define APIC_EILVTn(n) (0x500 + 0x10 * n) #define APIC_EILVT_NR_AMD_K8 1 /* # of extended interrupts */ #define APIC_EILVT_NR_AMD_10H 4 diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index c444161d81b3..ba904f241d34 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -10,6 +10,7 @@ #include #include #include +#include =20 #include #include @@ -23,6 +24,121 @@ static int x2apic_savic_acpi_madt_oem_check(char *oem_i= d, char *oem_table_id) return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); } =20 +static inline u32 get_reg(char *page, int reg) +{ + return READ_ONCE(*((u32 *)(page + reg))); +} + +static inline void set_reg(char *page, int reg, u32 val) +{ + WRITE_ONCE(*((u32 *)(page + reg)), val); +} + +#define SAVIC_ALLOWED_IRR_OFFSET 0x204 + +static u32 x2apic_savic_read(u32 reg) +{ + void *backing_page =3D this_cpu_read(apic_backing_page); + + /* + * When Secure AVIC is enabled, rdmsr/wrmsr of APIC registers result in + * #VC exception (for non-accelerated register accesses). The #VC + * exception handler can read/write the x2APIC register in the guest + * APIC backing page. Since doing this would increase the latency of + * accessing x2APIC registers, instead of doing rdmsr/wrmsr based + * accesses and handling apic register reads/writes in + * #VC VMEXIT_AVIC_NOACCEL error condition, the read() and write() + * callbacks of Secure AVIC driver directly read/write APIC register + * from/to the guest APIC backing page. + */ + switch (reg) { + case APIC_LVTT: + case APIC_TMICT: + case APIC_TMCCT: + case APIC_TDCR: + case APIC_ID: + case APIC_LVR: + case APIC_TASKPRI: + case APIC_ARBPRI: + case APIC_PROCPRI: + case APIC_LDR: + case APIC_SPIV: + case APIC_ESR: + case APIC_ICR: + case APIC_LVTTHMR: + case APIC_LVTPC: + case APIC_LVT0: + case APIC_LVT1: + case APIC_LVTERR: + case APIC_EFEAT: + case APIC_ECTRL: + case APIC_SEOI: + case APIC_IER: + case APIC_EILVTn(0) ... APIC_EILVTn(3): + return get_reg(backing_page, reg); + case APIC_ISR ... APIC_ISR + 0x70: + case APIC_TMR ... APIC_TMR + 0x70: + if (WARN_ONCE(!IS_ALIGNED(reg, 16), + "Reg offset 0x%x not aligned at 16 bytes", reg)) + return 0; + return get_reg(backing_page, reg); + /* IRR and ALLOWED_IRR offset range */ + case APIC_IRR ... APIC_IRR + 0x74: + /* + * Either aligned at 16 bytes for valid IRR reg offset or a + * valid Secure AVIC ALLOWED_IRR offset. + */ + if (WARN_ONCE(!(IS_ALIGNED(reg, 16) || + IS_ALIGNED(reg - SAVIC_ALLOWED_IRR_OFFSET, 16)), + "Misaligned IRR/ALLOWED_IRR reg offset 0x%x", reg)) + return 0; + return get_reg(backing_page, reg); + default: + pr_err("Permission denied: read of Secure AVIC reg offset 0x%x\n", reg); + return 0; + } +} + +#define SAVIC_NMI_REQ_OFFSET 0x278 + +static void x2apic_savic_write(u32 reg, u32 data) +{ + void *backing_page =3D this_cpu_read(apic_backing_page); + + switch (reg) { + case APIC_LVTT: + case APIC_LVT0: + case APIC_LVT1: + case APIC_TMICT: + case APIC_TDCR: + case APIC_SELF_IPI: + case APIC_TASKPRI: + case APIC_EOI: + case APIC_SPIV: + case SAVIC_NMI_REQ_OFFSET: + case APIC_ESR: + case APIC_ICR: + case APIC_LVTTHMR: + case APIC_LVTPC: + case APIC_LVTERR: + case APIC_ECTRL: + case APIC_SEOI: + case APIC_IER: + case APIC_EILVTn(0) ... APIC_EILVTn(3): + set_reg(backing_page, reg, data); + break; + /* ALLOWED_IRR offsets are writable */ + case SAVIC_ALLOWED_IRR_OFFSET ... SAVIC_ALLOWED_IRR_OFFSET + 0x70: + if (IS_ALIGNED(reg - SAVIC_ALLOWED_IRR_OFFSET, 16)) { + set_reg(backing_page, reg, data); + break; + } + fallthrough; + default: + pr_err("Permission denied: write to Secure AVIC reg offset 0x%x\n", reg); + } +} + static void x2apic_savic_send_IPI(int cpu, int vector) { u32 dest =3D per_cpu(x86_cpu_to_apicid, cpu); @@ -136,8 +252,8 @@ static struct apic apic_x2apic_savic __ro_after_init = =3D { .send_IPI_self =3D x2apic_send_IPI_self, .nmi_to_offline_cpu =3D true, =20 - .read =3D native_apic_msr_read, - .write =3D native_apic_msr_write, + .read =3D x2apic_savic_read, + .write =3D x2apic_savic_write, .eoi =3D native_apic_msr_eoi, .icr_read =3D native_x2apic_icr_read, .icr_write =3D native_x2apic_icr_write, --=20 2.34.1 From nobody Fri Dec 19 20:16:20 2025 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2054.outbound.protection.outlook.com [40.107.223.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5C136224222; Wed, 26 Feb 2025 09:06:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.54 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560821; cv=fail; b=NwQg46HqDuuXhOg6CfPEmFVnq5Yv1zeSFNq1wtuGyDtnY9UIMKYnjCBWgiU8Y50Hk5KXOnKjycEsYtnRIWxSv4ExfvV3KseWKX0BIoQ493Y370h8XNT48YjZxVZ1Wbe84ISWugKYx5mt5UiwiaVpIjKTVByycjVZs3y27v5T/QQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560821; c=relaxed/simple; bh=XivFbG9n21eQqwa05fzmt/Zn+cJNEcsotV9yPVWrwP8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=fBakbn0lHC+mcpBQ5pjfE8XZwmuMtpisveIh6Rar0pXKsBlUHcKDlw5GAF6KwUl3tehmTbfZy8Uj1rcwBVtNo2vArkj3US6kgY+JMih/vpnxxGPq8lxhtqbbvJGYCG+y/uWL3pGs6gWse5fqgONZ1LA1pD4k3C3ilhaveDmvd4U= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=XBhZH8ku; arc=fail smtp.client-ip=40.107.223.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="XBhZH8ku" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=DhV4VY+MyPiO29LxD9E7rpc2t4M+xECLvH0+7f2wIoXLjs1GVZkcmcPyC2DabGgz5iq7ftj1x+f3sO7FztLm4cm8IPCUlp75l+VQ+RYrWY1JVkOL7cJgtdPxK0BmSEHOEvnJQpTvTYb5AGUvPOlg0Oja91cz6hkbPSuYG0FPQi4yjajOt4z0wEf7E+O77cWW3ivC5syEFTQQaKdowJPlYhMpFsmMkNDLmHpVL5qF0WokZwzkJw4X0hISyzeWQT67nKy0GEhgt7vFIWUOH7mkz9z/B3NfytDOopKsYe8Uk6b5ABo7X/sltyqcVneawIZf/GZXlm3IPk0QldYv/d+9gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=53vV5LTns57yYnQiQPZu5dZ3argO2heuRyLtysJtz/A=; b=T6ShfpRN9j0A39N2e5EeobXlaxXbWiwhTTxbRI8cR9OAkV2PiwwmIKwQ3KzftV4OPLqtq/0+l474sFoUJ/dTLZuvm7bWnigHeN6AJS+2csVWpdDWmaNWawRmybyH+TIFHZWqIWZmzt7bevW0hPuBXQ8YohF3QOFi03SPRTHIBWiOF0VZ7nvm2q+V6bY0EvxMw1SAYdTDHbSbHK8HEA6+HHxTi5E7jxlMb5bBwgRYSe15AlfnSltC7nN3OUJD5kzNR7Z5eK9SHNpo3RyaF/Wui0u1vjN5BULwqtANwyIlj5P0s3hM/wgJAVQsIMMkgAHLdZPFkTYlFyofUQLr55BaiA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=53vV5LTns57yYnQiQPZu5dZ3argO2heuRyLtysJtz/A=; b=XBhZH8ku2KNZjaSqJLOWTcW/9JDTizBBQxzJ4Gbk+mgmIc7xWIN4ZB6YQsmDeuPs7Yi4GfyXLL0gEOUuZ/kawcfb26N1T3dmzYHJyO6bfYOrhFJgPGWWWwBAefqoPDb9QwITonrrJ7G+aLFywSwEwkNZFN/zhc2NC313RDG9VBU= Received: from MW3PR05CA0026.namprd05.prod.outlook.com (2603:10b6:303:2b::31) by CY8PR12MB7244.namprd12.prod.outlook.com (2603:10b6:930:57::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.19; Wed, 26 Feb 2025 09:06:56 +0000 Received: from SJ1PEPF0000231F.namprd03.prod.outlook.com (2603:10b6:303:2b:cafe::39) by MW3PR05CA0026.outlook.office365.com (2603:10b6:303:2b::31) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.15 via Frontend Transport; Wed, 26 Feb 2025 09:06:56 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF0000231F.mail.protection.outlook.com (10.167.242.235) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Wed, 26 Feb 2025 09:06:55 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 26 Feb 2025 03:06:49 -0600 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , Subject: [RFC v2 04/17] x86/apic: Initialize APIC ID for Secure AVIC Date: Wed, 26 Feb 2025 14:35:12 +0530 Message-ID: <20250226090525.231882-5-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> References: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF0000231F:EE_|CY8PR12MB7244:EE_ X-MS-Office365-Filtering-Correlation-Id: b9f5d822-39f6-4314-e5f7-08dd5644eb28 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|36860700013|1800799024|7416014|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?eTHAp3QaTW5h1SYdrfAsNXl6o/0e0r8K2BFC4QtZRdwCqe0OOeBcIUSl4uE+?= =?us-ascii?Q?2mRj7/37lu9Z8CmdESMRJs8JWjoQuRDIm0ajjo6Oq8HZli5lS+NQqKw2Yaw7?= =?us-ascii?Q?5NB8rF7KfVEJWfUAHz06Cg+xmJ3UfYK7BxnSuyA7MNC+EXLHhS/ivWfGI46y?= =?us-ascii?Q?NzqDula1X2BoSR0Q7oHRJcoMMsrxYgU20sDPqRPkmsDorM+ps7UMBR9mkyP3?= =?us-ascii?Q?PZTv8fC02feqgE9opt9xlhAj63ofXxPK2cXdLVwCWVHg+/+cXgJxezzQb/Z0?= =?us-ascii?Q?LxoYY1ixBbbN/y9sd6WCC2RZviVBs2KlvQsujehzURclDtpuca5ndEwQSOAc?= =?us-ascii?Q?sJfwUapMbYMkYgxEbCfMccy33ZE7Fi3vecrBYDRRrGnl47WHeycxMAgirkIs?= =?us-ascii?Q?+ooBQyzNDMEDRObXwJPm8FvX6gHoQAXbQAJDxOAqkiDuSqOwZHVTOrZNA38M?= =?us-ascii?Q?79KcHwZ/WSZtKj/PdDQo2Vhfz3a+Cxz/vy7fNpj/vEMjId6g09DRVrOX0Yjn?= =?us-ascii?Q?aFHsBZhrp47lFJP9ayIIrgQMqjREWBPlG5QyIVLJHx/JHi6C5Q3aAU19vzcX?= =?us-ascii?Q?vrfX8bFqhEGK5fWfQbWWmK3NVq0zEifc1ZLBdf/DUuLkohrJ2Z8q5ATLD/F+?= =?us-ascii?Q?dWrEHPb+dZ3+b6P4gcxOQ8krtXh17zctkOYaYpHoJYUEHKoWCWzY9+4UNBUJ?= =?us-ascii?Q?0j8ZEbwdY5HlSyXcx/eFddn0ASBbkvAiEglC6HiIAvR/+9D5CWHiqwVDy1wA?= =?us-ascii?Q?qSydcqnUn3qR539CHzfoDVExmM+clkIB0QdhyH2DwY+y/A0kTMylaBIqJpxM?= =?us-ascii?Q?zQcDeU356J8ASy1r2jHwL1osrZ3FjZkdcmi2KbvRKRap2qjJk9diNbfciNec?= =?us-ascii?Q?QoJfXTMbNRr7E+UdRYw40imM4iq3pJV7cm7USGcea/JAA4JcUG6zyi6PzGYF?= =?us-ascii?Q?r3tAWud1Rj+pwbVXezir77v5JCKltAsFJFlrNXRv6AoSRqAWSQMITSN4/ILB?= =?us-ascii?Q?Hs0BV5QqJS+yW/2+ZxhSFtftxC5NY45fce17Ld4BiX8MLBG61J71RAM8YXY/?= =?us-ascii?Q?FxLQGhIT7A9uHLUHqGoGocaH7bJKzKRVJCtk4n+LDMpyuXjUjCF23/7DuzFP?= =?us-ascii?Q?PBsDRxuSl/reTafSm84J2Rkb7uvh6hrs+vaNSyceyDd8m6BpqNit0CHHv3QL?= =?us-ascii?Q?zPwRwiQ54LZo71f1OlniKNlYCcNIoCrSlwC5J52Hb5ProTq1dxZhCQyBDidr?= =?us-ascii?Q?k4TbxFaPw1j8ycxAvmnqc2/vGJS83tcQj7AJv/yw2tkj2jg1H/fuvC96Xlbe?= =?us-ascii?Q?0KdWAUCYjQGy4hkcr9U5zJgFnKmfRZn5plO22lGKyWN0gmX3y6jh0B4WufNy?= =?us-ascii?Q?syB6Yk3zuUJYDaahV3IvmZ2VTjeFQS/a2292J4DlQMyoAkvddAMz3eDMr0tS?= =?us-ascii?Q?BxmUWXbgKUeVwSxQ5DyLtN5qcH0EP502r80f/UFMz/1a5biKPXVfTzdVB5OO?= =?us-ascii?Q?PCmq39RTohLhRVA=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(36860700013)(1800799024)(7416014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2025 09:06:55.7850 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b9f5d822-39f6-4314-e5f7-08dd5644eb28 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF0000231F.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB7244 Content-Type: text/plain; charset="utf-8" Initialize the APIC ID in the Secure AVIC APIC backing page with the APIC_ID msr value read from Hypervisor. Maintain a hashmap to check and report same APIC_ID value returned by Hypervisor for two different vCPUs. Signed-off-by: Neeraj Upadhyay --- Changes since v1: - Do not read APIC_ID from CPUID. Read APIC_ID from Hv and check for duplicates. - Add a more user-friendly log message on detecting duplicate APIC IDs. arch/x86/kernel/apic/x2apic_savic.c | 59 +++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index ba904f241d34..505ef2d29311 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -11,6 +11,8 @@ #include #include #include +#include +#include =20 #include #include @@ -19,6 +21,16 @@ =20 static DEFINE_PER_CPU(void *, apic_backing_page); =20 +struct apic_id_node { + struct llist_node node; + u32 apic_id; + int cpu; +}; + +static DEFINE_PER_CPU(struct apic_id_node, apic_id_node); + +static struct llist_head *apic_id_map; + static int x2apic_savic_acpi_madt_oem_check(char *oem_id, char *oem_table_= id) { return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); @@ -180,6 +192,44 @@ static void x2apic_savic_send_IPI_mask_allbutself(cons= t struct cpumask *mask, in __send_IPI_mask(mask, vector, APIC_DEST_ALLBUT); } =20 +static void init_backing_page(void *backing_page) +{ + struct apic_id_node *next_node, *this_cpu_node; + unsigned int apic_map_slot; + u32 apic_id; + int cpu; + + /* + * Before Secure AVIC is enabled, APIC msr reads are + * intercepted. APIC_ID msr read returns the value + * from hv. + */ + apic_id =3D native_apic_msr_read(APIC_ID); + set_reg(backing_page, APIC_ID, apic_id); + + if (!apic_id_map) + return; + + cpu =3D smp_processor_id(); + this_cpu_node =3D &per_cpu(apic_id_node, cpu); + this_cpu_node->apic_id =3D apic_id; + this_cpu_node->cpu =3D cpu; + /* + * In common case, apic_ids for CPUs are sequentially numbered. + * So, each CPU should hash to a different slot in the apic id + * map. + */ + apic_map_slot =3D apic_id % nr_cpu_ids; + llist_add(&this_cpu_node->node, &apic_id_map[apic_map_slot]); + /* Each CPU checks only its next nodes for duplicates. */ + llist_for_each_entry(next_node, this_cpu_node->node.next, node) { + if (WARN_ONCE(next_node->apic_id =3D=3D apic_id, + "Duplicate APIC %u for cpu %d and cpu %d. IPI handling will suffe= r!", + apic_id, cpu, next_node->cpu)) + break; + } +} + static void x2apic_savic_setup(void) { void *backing_page; @@ -193,6 +243,7 @@ static void x2apic_savic_setup(void) if (!backing_page) snp_abort(); this_cpu_write(apic_backing_page, backing_page); + init_backing_page(backing_page); gpa =3D __pa(backing_page); =20 /* @@ -212,6 +263,8 @@ static void x2apic_savic_setup(void) =20 static int x2apic_savic_probe(void) { + int i; + if (!cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) return 0; =20 @@ -220,6 +273,12 @@ static int x2apic_savic_probe(void) snp_abort(); } =20 + apic_id_map =3D kvmalloc(nr_cpu_ids * sizeof(*apic_id_map), GFP_KERNEL); + + if (apic_id_map) + for (i =3D 0; i < nr_cpu_ids; i++) + init_llist_head(&apic_id_map[i]); + pr_info("Secure AVIC Enabled\n"); =20 return 1; --=20 2.34.1 From nobody Fri Dec 19 20:16:20 2025 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2086.outbound.protection.outlook.com [40.107.243.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A97A0258CED; Wed, 26 Feb 2025 09:07:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.86 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560842; cv=fail; b=H5UOnf0rKjkcFKr5wqcbWDTCtLSM2W52XikWcd3tAI9TUbMHqBSjaHrb6/Ocg3Ww7UIAE18drHzSJV0LZKFEtH79eat4uF3CkJhZYCl49odlfNakd3H+HZOJBmitzGDv3FlDiebkS68EXXTV0QJWkJIInruY34rczsXWmImhXCM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560842; c=relaxed/simple; bh=3YnFrQXCo/INqUXLFcbfnznwCes3L5ySaGwVPv6n3VA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=VCuNw0Zc+6QGv2C8ta/QJFK+Lg3kq1SsMHqAdsM1P3mUzp5NOvrOrpJy+ICQRiTPdueIkQ4YZLeQ2rYAfKBvx3x0oyCrtSU7Tat/3cdo5giSN1TNPbFDrFp1UlFacfoxnPV2A6Uf3Z5Ok0AQOf7fg6gllHEtswvCe2dkdTqdcic= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=hdXbcWsB; arc=fail smtp.client-ip=40.107.243.86 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="hdXbcWsB" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=FvQLsmDJXROHlPQUzFDSVY4yBDL1amkHzsi/WI1ufltSMfArRMqW+kAQ2PI9pGqUEEt1AP9b94d2tltrRe2kxlVpJ5nm4leN7HEfy6LKk5t73VjopxDHtd/XBJ72gssK9aWo+AVWsjNkV8SqqB9wd6SHpJXsjbx1FgffMqRl6IOeoFT9nB5B0snTOVLouxBXtP63g2SC6+qF2oyMNPFcORoOAkYfDYW2d+WOJf1Jfajb58MOj9vTrj+FhvDPg2q2iiPNx0HwLZG58//WqZWLyzW6QYOA+6gjUPYlLVeunc2Imv9SfHs5MVjcr0I8oIVj632iisottYOyScQ5r3Mepg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9r4SVFhcZ3qInjoVK0HAfkqT6nyscsZvRGcB0j6cefo=; b=Fkczd/Mk+lEbt2AHoAU5ifP1HJrJeTCKDXhdkxLOAfJWWSoV0NCV7lAo/5QaCLpX8gC/IMTWPPAWA2egCNroeJMje/QPZs3vl5Wywlr8lWjTJecfRGiNx1APbZbyF1srTBrVzByQ/IDGwBeNE7n/3apUuLym9ggovCMV+2MkJ/KeEX8D8UvA2D555xLj3eCeS3Gm3wG8tVIaK6GLAr9GiHHFXo4sxU+0K1gabPHIGWLc3/0EaDK6icIK/0t/KPtRNouxa72zf0jl/51lQfOQ0B9yr6cu7sJZTLcNleborYiAV4MiNxL95oCZZdRBj81jgwBnEaqjWEJ4OFMD3Wxt7A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9r4SVFhcZ3qInjoVK0HAfkqT6nyscsZvRGcB0j6cefo=; b=hdXbcWsBSgPwu8z8vFuCSr2tMvBYPr0Q3DPzoyY3UiW7p6vomC0J7eTfaU/qeZbUYP28tJbnxKDozqbdfsDB9bGH0MNFEGcY3qczkTQDFWJsGyUSk9rSq3PsB8QxbzxgDCekvUIsI4fkJQUdXsz+h6N2KoAWw72g8FmvaHncwto= Received: from SJ0PR03CA0259.namprd03.prod.outlook.com (2603:10b6:a03:3a0::24) by PH0PR12MB8127.namprd12.prod.outlook.com (2603:10b6:510:292::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.18; Wed, 26 Feb 2025 09:07:14 +0000 Received: from SJ1PEPF0000231B.namprd03.prod.outlook.com (2603:10b6:a03:3a0:cafe::b2) by SJ0PR03CA0259.outlook.office365.com (2603:10b6:a03:3a0::24) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8466.21 via Frontend Transport; Wed, 26 Feb 2025 09:07:14 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF0000231B.mail.protection.outlook.com (10.167.242.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Wed, 26 Feb 2025 09:07:14 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 26 Feb 2025 03:07:07 -0600 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , Subject: [RFC v2 05/17] x86/apic: Add update_vector callback for Secure AVIC Date: Wed, 26 Feb 2025 14:35:13 +0530 Message-ID: <20250226090525.231882-6-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> References: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF0000231B:EE_|PH0PR12MB8127:EE_ X-MS-Office365-Filtering-Correlation-Id: bd047a5e-b10e-4c6e-05b0-08dd5644f63b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|7416014|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?BiDL6Hp1SKysPJ5DPYg/uYXPnwxvddQ/chcvucu66mmAix8WVSNEpnJpmRaU?= =?us-ascii?Q?H7pTaNv3mh1JiBFw7eXITEcdnmMyOLIjOOpfGh+JmXQtomyjlHwcNO2jT179?= =?us-ascii?Q?oqE4tyKXBMgB9UEVTsnXt3ugTRmJWKnbckCisAI4sFRGVtxdinb3oQelH+Di?= =?us-ascii?Q?1zbBk/tuqgreULm2mE7O2h/L4S8kdvaWORv6VD4+QeA2y4HX1ag8SWrKMPVw?= =?us-ascii?Q?309l/V91a81bw69nmzA3xDt5krlZOiHrJQea58IGwIo3JhlvoKfWZWzdXTgx?= =?us-ascii?Q?N6Ew+y35yZQoz5BSQIWvDewNOAs5Kv5p4HoGJbB0JR4h6xHka4sygPjZwQij?= =?us-ascii?Q?o0lhsdCwHrbdJKpUAlnw1yRaEIvVxnL7Budhxdh3fw/QC9HMfriPz28MHX2R?= =?us-ascii?Q?tdUVZyE9Ko9G9axw9W78WDlFrBsVwFckcSaq81ZsGU/E6D9Xh/H+x9dMal+Z?= =?us-ascii?Q?A2YcEgAzsiRN7jEdbMqQ3lyETS8HPlVZLOrQgz8knyUV0YUyHwEE5wShub64?= =?us-ascii?Q?yWqhCY7srhkXZb8UvSyGmjoXEVDHiU0mqodxVL1TNu+B/4C3/iOTriWV/J3F?= =?us-ascii?Q?aWTomQxLVrIYFriboSwgRmyIZYO3oIQNRXz4lIYb8sHb6vG2+AisrqU2ehs9?= =?us-ascii?Q?oucECC2uzXlOPhEOIhdEV4Nl/gGIvyquaXVMsVkMOF0RQ3Xkhxy6advjWxfw?= =?us-ascii?Q?HtHxp81jqwiFmxXLDMImgZh8fXhOaWGmLfdSV0iH1IzUhFHhjdcz6iGmZ2EQ?= =?us-ascii?Q?zNfpzuGKamHo5JE17324lPrtkopHaUi33A6O9jC0sYU8sh5IJYC7fYaBlwwj?= =?us-ascii?Q?mAapWUssFwIgIBO1IYD40MCQt7PPtj8vDpPdpGcCFAHlz8StLSygjspMwfhJ?= =?us-ascii?Q?ng0ZW31IPvlqmNyaOlcyeGwelAy+Il3pUu/TYMDHXdixQs8NQEUs0q6cY6bQ?= =?us-ascii?Q?o22DKZIq3x2FTJrsMTSmK6wkANXg2GNl2uVkdXc9+NRXrW9v99Wpk1z129ln?= =?us-ascii?Q?3S/LfWyPHy8BY6433dLwaR0svKXpLQRd8JYo+JWEROewko5I3kd/EYbL2769?= =?us-ascii?Q?dSBch0kG/G5DV+CjCFFez30p7oS9ovC7RueSMaZPuLb1Hi32jm3lbX39ywXU?= =?us-ascii?Q?cz6mZwh5ZK6FL8221WnNLl/JKotZAflCTCjuitOPHBptOtGQD7TWlpwOhzTO?= =?us-ascii?Q?k1Fw2kzsAF0lqkJcftXs5e8Dp0hsQ7aZBt21PE6m+hwnX6Qwi0kSYg2iZ5jP?= =?us-ascii?Q?JzHtGdRdaXhzegYZAZ9hqtgv5UxfPUHRVrEIbQ51cig95TdFt/kMZ7bGv9sD?= =?us-ascii?Q?hmOeFu7m9nbutotLj/OtjHlGXgJm6Ov+3lTt4m6sowoitzBdQHmTMizdCfI3?= =?us-ascii?Q?3F6gUWdx5+NOM0vcKLoXH4OURmZ8NP4s9NolvcZ6j40EFbM6t7zZvq8UjEer?= =?us-ascii?Q?pNTl+680XSUM98N0mM5075mXCImvnQk3fVsUlTqN5kLMRtv0FOoIr/5M3SdT?= =?us-ascii?Q?3lQKQAGbMipSXgk=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(376014)(7416014)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2025 09:07:14.3744 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: bd047a5e-b10e-4c6e-05b0-08dd5644f63b X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF0000231B.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB8127 Content-Type: text/plain; charset="utf-8" Add update_vector callback to set/clear ALLOWED_IRR field in the APIC backing page. The ALLOWED_IRR field indicates the interrupt vectors which the guest allows the hypervisor to send (typically for emulated devices). Interrupt vectors used exclusively by the guest itself (like IPI vectors) should not be allowed to be injected into the guest for security reasons. The update_vector callback is invoked from APIC vector domain whenever a vector is allocated, freed or moved. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v1: - No change. arch/x86/include/asm/apic.h | 2 ++ arch/x86/kernel/apic/vector.c | 8 ++++++++ arch/x86/kernel/apic/x2apic_savic.c | 21 +++++++++++++++++++++ 3 files changed, 31 insertions(+) diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h index 3f70aa2f3aba..7970ead55f39 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -318,6 +318,8 @@ struct apic { /* wakeup secondary CPU using 64-bit wakeup point */ int (*wakeup_secondary_cpu_64)(u32 apicid, unsigned long start_eip); =20 + void (*update_vector)(unsigned int cpu, unsigned int vector, bool set); + char *name; }; =20 diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c index 72fa4bb78f0a..e0c9505e05f8 100644 --- a/arch/x86/kernel/apic/vector.c +++ b/arch/x86/kernel/apic/vector.c @@ -174,6 +174,8 @@ static void apic_update_vector(struct irq_data *irqd, u= nsigned int newvec, apicd->prev_cpu =3D apicd->cpu; WARN_ON_ONCE(apicd->cpu =3D=3D newcpu); } else { + if (apic->update_vector) + apic->update_vector(apicd->cpu, apicd->vector, false); irq_matrix_free(vector_matrix, apicd->cpu, apicd->vector, managed); } @@ -183,6 +185,8 @@ static void apic_update_vector(struct irq_data *irqd, u= nsigned int newvec, apicd->cpu =3D newcpu; BUG_ON(!IS_ERR_OR_NULL(per_cpu(vector_irq, newcpu)[newvec])); per_cpu(vector_irq, newcpu)[newvec] =3D desc; + if (apic->update_vector) + apic->update_vector(apicd->cpu, apicd->vector, true); } =20 static void vector_assign_managed_shutdown(struct irq_data *irqd) @@ -528,11 +532,15 @@ static bool vector_configure_legacy(unsigned int virq= , struct irq_data *irqd, if (irqd_is_activated(irqd)) { trace_vector_setup(virq, true, 0); apic_update_irq_cfg(irqd, apicd->vector, apicd->cpu); + if (apic->update_vector) + apic->update_vector(apicd->cpu, apicd->vector, true); } else { /* Release the vector */ apicd->can_reserve =3D true; irqd_set_can_reserve(irqd); clear_irq_vector(irqd); + if (apic->update_vector) + apic->update_vector(apicd->cpu, apicd->vector, false); realloc =3D true; } raw_spin_unlock_irqrestore(&vector_lock, flags); diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index 505ef2d29311..d912c53dec7a 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -19,6 +19,9 @@ =20 #include "local.h" =20 +#define VEC_POS(v) ((v) & (32 - 1)) +#define REG_POS(v) (((v) >> 5) << 4) + static DEFINE_PER_CPU(void *, apic_backing_page); =20 struct apic_id_node { @@ -192,6 +195,22 @@ static void x2apic_savic_send_IPI_mask_allbutself(cons= t struct cpumask *mask, in __send_IPI_mask(mask, vector, APIC_DEST_ALLBUT); } =20 +static void x2apic_savic_update_vector(unsigned int cpu, unsigned int vect= or, bool set) +{ + void *backing_page; + unsigned long *reg; + int reg_off; + + backing_page =3D per_cpu(apic_backing_page, cpu); + reg_off =3D SAVIC_ALLOWED_IRR_OFFSET + REG_POS(vector); + reg =3D (unsigned long *)((char *)backing_page + reg_off); + + if (set) + test_and_set_bit(VEC_POS(vector), reg); + else + test_and_clear_bit(VEC_POS(vector), reg); +} + static void init_backing_page(void *backing_page) { struct apic_id_node *next_node, *this_cpu_node; @@ -316,6 +335,8 @@ static struct apic apic_x2apic_savic __ro_after_init = =3D { .eoi =3D native_apic_msr_eoi, .icr_read =3D native_x2apic_icr_read, .icr_write =3D native_x2apic_icr_write, + + .update_vector =3D x2apic_savic_update_vector, }; =20 apic_driver(apic_x2apic_savic); --=20 2.34.1 From nobody Fri Dec 19 20:16:20 2025 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2066.outbound.protection.outlook.com [40.107.93.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 22746226CF8; Wed, 26 Feb 2025 09:07:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.66 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560856; cv=fail; b=clNsWELuPXqlABnGNGP+T4MByxtt5SqJPqiLMDxrpzXS+yiF7MMiBpZZlNSuTFp86eky0faKZYBvrWmAx0hA4CBBpKwUWybtmZbGSdaViP67K0TFM9cgyn1+FAzC5MyWBAIyg2LwCu9J6qGadNpomnlsofq/PFJ9H314ZlRgGqA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560856; c=relaxed/simple; bh=/Fs3O8wx28JzAtrV5lV9zhwh96GFYBatJyS1oEo3p/w=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=mlN7KcSp4WRgFHMpJvELHHt37UIz+z6P06yXLoUeqBEm8TkOfRnbIOer/yT+Ja2cFFR3f0RyxRnJtzbTd8BUs0fqJ0iD7IWE1ureEB46V1HkvaHocRRK22l6DuLnlSBJrvOE1WLsjWWKvSMy1lVzyc0W+vX/5Zmqu7vZ8ozgVBg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=se7ZZTWA; arc=fail smtp.client-ip=40.107.93.66 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="se7ZZTWA" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dKqh5J4P6657hy5V4qT0yB7l/ryYa+B91bssdgNohRgoH/e67tzZkGWaDUyZnl2BJpMgJfdK5NgznqDpwE1Xr3nkrqOFI8e8U6Xh79Ivu1cIZBeeFZ9/Z28Hdir7gW3qD60SfB/9m5w4ZBylqzDezQDwGdtxZitoDbNQd0uXBaZBV/AtwvS2pYco6xZ/8M4JvTEugcOYaUqPWORt5ID572zmY1KdY8Z0jxzo97KK7xI6Rg5terAAQiXyebTJuqNluNAebKFHt3tmWm8302UDm6ST52KHNgd4ZKM20q4fwH6PMAOwKEDL/KYPeJ64FwW+ecPuA7iydtkhQ39qAersyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vLHSDF6erOuUFpIkZ7qvHLje0eJX7WWL8XlUb0/rCDY=; b=m8oHtmc9tC2+2WMhDbd2mKV3gC507tMLWKMNocbUn/rfl9gPBB6s/LLnm//hF6iMSLvcRHZSZbVi+9ofBwmWqpFbH2jeFmfxQ7pWpznpq9hble2zAYZZY/BM5UVJTutEjduerDB+9JNqenSKw1gtPLhoiKfkNPn62WYSNMhi0N322PGRqJabwUl/0oLgjNojWksXXUeGhmJGjmPYBnDPIglszwD3G9fpqNQF1RknVlrWEJoKfT6yscTW3KNKRFrgN2UbHwA+70AhAmRmPgivtEeAwx+lgLgREoNGqY59ywPG/sxv+RqHIyuRVPwXz1G1FmgqDyWx34yw7ZwKIi198w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vLHSDF6erOuUFpIkZ7qvHLje0eJX7WWL8XlUb0/rCDY=; b=se7ZZTWA8rAa2rqWA+ZsFnKigUsBpr7iPVvOxKdrmpNcSAItqisnOsVCfsnyASrmIV7Gf5KElTmWey03F3rte3v2hG+1iM9tJknwmziS2/dnnwtsKOCqknEQ3zir+Cr8lPNAb7FazQhbNxnq2sQkIyrey4k9BHuyxtipTFef13Q= Received: from BYAPR05CA0044.namprd05.prod.outlook.com (2603:10b6:a03:74::21) by IA0PR12MB8930.namprd12.prod.outlook.com (2603:10b6:208:481::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.19; Wed, 26 Feb 2025 09:07:32 +0000 Received: from SJ1PEPF0000231D.namprd03.prod.outlook.com (2603:10b6:a03:74:cafe::8) by BYAPR05CA0044.outlook.office365.com (2603:10b6:a03:74::21) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.16 via Frontend Transport; Wed, 26 Feb 2025 09:07:32 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF0000231D.mail.protection.outlook.com (10.167.242.234) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Wed, 26 Feb 2025 09:07:31 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 26 Feb 2025 03:07:25 -0600 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , Subject: [RFC v2 06/17] x86/apic: Add support to send IPI for Secure AVIC Date: Wed, 26 Feb 2025 14:35:14 +0530 Message-ID: <20250226090525.231882-7-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> References: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF0000231D:EE_|IA0PR12MB8930:EE_ X-MS-Office365-Filtering-Correlation-Id: 59680397-ae78-4bb4-1e26-08dd564500ac X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|376014|7416014|1800799024|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?cQJjGOqHRoxp3xyRhJdFg60dHS5Xg9QHEfM2SL74xMbPXTByEvsvYYvFFmZj?= =?us-ascii?Q?2oMfRbeDSVzfeY98D+ca70zFWzP3kljmAXEirTMksCAJp13hrnRmsj5zxBiU?= =?us-ascii?Q?NYYZNYo6/7K8maui0uiqDMTGCtOFi+2Y3ScXdhCsI+QnjOpB/EJw+EWhdiql?= =?us-ascii?Q?7rkBJoBP9tHD83N2wHoWCdEU0oAuAHdl1MUkMflqfjCIuMOjLFh28Efx0DXw?= =?us-ascii?Q?22/2ZemK2hiUaU7chCCitQajZq0knD0LoFb0NqVthqC7s/UwLMuK3xwGL0Qh?= =?us-ascii?Q?vAXpN6/5LWGR2pVkXXg2vW9q7kUDYgbCClkLovvYs9bcfmXLrecsZ12JHiot?= =?us-ascii?Q?uJNCMOIKh7P55mYoCFUDmxAX4pYT/FRwAGmvRgErA8iehbN/B3uttw2zzpRs?= =?us-ascii?Q?NJlKIx5R3JF2x54wa4H27kvkpv83Yz68KO2dXM6Dkd+60AoUqVdR3Zkk3Nma?= =?us-ascii?Q?fdJI1RKM7FGFBA58tNtCat79LJy7VuYy99o0uY3axP1PRHNsqKIqeDba4uMQ?= =?us-ascii?Q?UFBI0KhsvSDcYIc+i8n9y4ST6dY2gKhTSR0Tqg4soneaWETKAOI+2Kwygvry?= =?us-ascii?Q?mYxXT4QyD/PbsWbI4IDIMkmUNpFvNSV1NK39gXRVxK2LB0QAM4FM+ATEyjMw?= =?us-ascii?Q?wt9awvoalpxHHg495SJwCGWrVWKioVt3mNErprpYOv7/TfttJjDzg6Z6AYi+?= =?us-ascii?Q?d3AgdTKhgJWZvdwDgrQdt12sq8CQ+K0WhMVrw9xETJyvWFGRORWM1Em9tnvM?= =?us-ascii?Q?LqW/RdNErjf6aBU3IOPeIkEPFmTA8Sk5HAgDzqwrlG3s+xibc9sD2EDTftND?= =?us-ascii?Q?EyduugufrWuA4ExBty8onDNsBXhaspGduCFRiKacAeHpwXQp9gXsTT8vQQQK?= =?us-ascii?Q?xDiTiK9oS2DGIkg7SxxEjEJeyars4mjA/B52r1vwX7YObyK/U0DwfTTyrlRc?= =?us-ascii?Q?rQe8g1n7X6BHJ4MAF/smJxnZKJQUL2SwnOiUYc+Yh8x8sc9i8Zvss0EwDVwJ?= =?us-ascii?Q?BMjIRbWyh7FUwgTKDe0Ywqy5QypOOtZJ7fxuY2trMekKQlpSxf9aLAqzAhUp?= =?us-ascii?Q?ylFQ+9ya9/vLEq44VNsF5aNCNfH3DXHFa0Zy05aUDBRBFOl2C8WwsIbsemcy?= =?us-ascii?Q?fOr8wqkutn9cLZwPPgqpb3c3EoZfu9tkLE1YQtBFmE1fGVvzmwOtOCnYiczR?= =?us-ascii?Q?/Kj/F0c6sttHqK8BEGBAMdoQLYPGnjROA1jr9EMf0gxgQATDetLppmntoELo?= =?us-ascii?Q?Pi3i8bInqoFYP3LZfIHqo3DIuFnQsk69x6K6w1yrFv+0O6mdl3a+5PY6LQro?= =?us-ascii?Q?JnNQJbEOfzpdp1Q/CyZbc4nK2rH7ZGM8dRzPfBBPJwpwQFVbJ1yubkFoprn3?= =?us-ascii?Q?mcm2auWNRsiEktLPVqluSuoDMIPl6Kq+a2reGG/Z4WG/IgUXJ9TkQJWAvk2/?= =?us-ascii?Q?GFG0I8N9BhZLK23Bvrb+55TpPfgSkQwIMVaWK7lkWeXuKNKKBxZ0aD18mlpQ?= =?us-ascii?Q?13XH4DkxbjaSzKQ=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(376014)(7416014)(1800799024)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2025 09:07:31.8771 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 59680397-ae78-4bb4-1e26-08dd564500ac X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF0000231D.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR12MB8930 Content-Type: text/plain; charset="utf-8" With Secure AVIC only Self-IPI is accelerated. To handle all the other IPIs, add new callbacks for sending IPI, which write to the IRR of the target guest vCPU's APIC backing page and then issue GHCB protocol MSR write event for the hypervisor to notify the target vCPU. Signed-off-by: Kishon Vijay Abraham I Co-developed-by: Neeraj Upadhyay Signed-off-by: Neeraj Upadhyay --- Changes since v1: - Remove write_msr_to_hv() and define savic_ghcb_msr_write() in sev/core.c. arch/x86/coco/sev/core.c | 40 +++++++- arch/x86/include/asm/sev.h | 2 + arch/x86/kernel/apic/x2apic_savic.c | 138 +++++++++++++++++++++++++--- 3 files changed, 162 insertions(+), 18 deletions(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 300bc8f6eb6f..4291cdeb5895 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1466,14 +1466,10 @@ static enum es_result __vc_handle_secure_tsc_msrs(s= truct pt_regs *regs, bool wri return ES_OK; } =20 -static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *= ctxt) +static enum es_result __vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt= *ctxt, bool write) { struct pt_regs *regs =3D ctxt->regs; enum es_result ret; - bool write; - - /* Is it a WRMSR? */ - write =3D ctxt->insn.opcode.bytes[1] =3D=3D 0x30; =20 switch (regs->cx) { case MSR_SVSM_CAA: @@ -1504,6 +1500,40 @@ static enum es_result vc_handle_msr(struct ghcb *ghc= b, struct es_em_ctxt *ctxt) return ret; } =20 +static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *= ctxt) +{ + return __vc_handle_msr(ghcb, ctxt, ctxt->insn.opcode.bytes[1] =3D=3D 0x30= ); +} + +void savic_ghcb_msr_write(u32 reg, u64 value) +{ + u64 msr =3D APIC_BASE_MSR + (reg >> 4); + struct pt_regs regs =3D { + .cx =3D msr, + .ax =3D lower_32_bits(value), + .dx =3D upper_32_bits(value) + }; + struct es_em_ctxt ctxt =3D { .regs =3D ®s }; + struct ghcb_state state; + unsigned long flags; + enum es_result ret; + struct ghcb *ghcb; + + local_irq_save(flags); + ghcb =3D __sev_get_ghcb(&state); + vc_ghcb_invalidate(ghcb); + + ret =3D __vc_handle_msr(ghcb, &ctxt, true); + if (ret !=3D ES_OK) { + pr_err("Secure AVIC msr (0x%llx) write returned error (%d)\n", msr, ret); + /* MSR writes should never fail. Any failure is fatal error for SNP gues= t */ + snp_abort(); + } + + __sev_put_ghcb(&state); + local_irq_restore(flags); +} + /* * Register GPA of the Secure AVIC backing page. * diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 626588386cf2..1beeb0daf9e6 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -484,6 +484,7 @@ int snp_send_guest_request(struct snp_msg_desc *mdesc, = struct snp_guest_req *req void __init snp_secure_tsc_prepare(void); void __init snp_secure_tsc_init(void); enum es_result savic_register_gpa(u64 apic_id, u64 gpa); +void savic_ghcb_msr_write(u32 reg, u64 value); =20 #else /* !CONFIG_AMD_MEM_ENCRYPT */ =20 @@ -529,6 +530,7 @@ static inline void __init snp_secure_tsc_prepare(void) = { } static inline void __init snp_secure_tsc_init(void) { } static inline enum es_result savic_register_gpa(u64 apic_id, u64 gpa) { return ES_UNSUPPORTED; } +static void savic_ghcb_msr_write(u32 reg, u64 value) { } =20 #endif /* CONFIG_AMD_MEM_ENCRYPT */ =20 diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index d912c53dec7a..7e3843154997 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -119,6 +119,7 @@ static u32 x2apic_savic_read(u32 reg) static void x2apic_savic_write(u32 reg, u32 data) { void *backing_page =3D this_cpu_read(apic_backing_page); + unsigned int cfg; =20 switch (reg) { case APIC_LVTT: @@ -126,7 +127,6 @@ static void x2apic_savic_write(u32 reg, u32 data) case APIC_LVT1: case APIC_TMICT: case APIC_TDCR: - case APIC_SELF_IPI: case APIC_TASKPRI: case APIC_EOI: case APIC_SPIV: @@ -142,6 +142,11 @@ static void x2apic_savic_write(u32 reg, u32 data) case APIC_EILVTn(0) ... APIC_EILVTn(3): set_reg(backing_page, reg, data); break; + /* Self IPIs are accelerated by hardware, use wrmsr */ + case APIC_SELF_IPI: + cfg =3D __prepare_ICR(APIC_DEST_SELF, data, 0); + native_x2apic_icr_write(cfg, 0); + break; /* ALLOWED_IRR offsets are writable */ case SAVIC_ALLOWED_IRR_OFFSET ... SAVIC_ALLOWED_IRR_OFFSET + 0x70: if (IS_ALIGNED(reg - SAVIC_ALLOWED_IRR_OFFSET, 16)) { @@ -154,13 +159,100 @@ static void x2apic_savic_write(u32 reg, u32 data) } } =20 +static void send_ipi(int cpu, int vector) +{ + void *backing_page; + int reg_off; + + backing_page =3D per_cpu(apic_backing_page, cpu); + reg_off =3D APIC_IRR + REG_POS(vector); + /* + * Use test_and_set_bit() to ensure that IRR updates are atomic w.r.t. ot= her + * IRR updates such as during VMRUN and during CPU interrupt handling flo= w. + */ + test_and_set_bit(VEC_POS(vector), (unsigned long *)((char *)backing_page = + reg_off)); +} + +static void send_ipi_dest(u64 icr_data) +{ + int vector, cpu; + + vector =3D icr_data & APIC_VECTOR_MASK; + cpu =3D icr_data >> 32; + + send_ipi(cpu, vector); +} + +static void send_ipi_target(u64 icr_data) +{ + if (icr_data & APIC_DEST_LOGICAL) { + pr_err("IPI target should be of PHYSICAL type\n"); + return; + } + + send_ipi_dest(icr_data); +} + +static void send_ipi_allbut(u64 icr_data) +{ + const struct cpumask *self_cpu_mask =3D get_cpu_mask(smp_processor_id()); + unsigned long flags; + int vector, cpu; + + vector =3D icr_data & APIC_VECTOR_MASK; + local_irq_save(flags); + for_each_cpu_andnot(cpu, cpu_present_mask, self_cpu_mask) + send_ipi(cpu, vector); + savic_ghcb_msr_write(APIC_ICR, icr_data); + local_irq_restore(flags); +} + +static void send_ipi_allinc(u64 icr_data) +{ + int vector; + + send_ipi_allbut(icr_data); + vector =3D icr_data & APIC_VECTOR_MASK; + native_x2apic_icr_write(APIC_DEST_SELF | vector, 0); +} + +static void x2apic_savic_icr_write(u32 icr_low, u32 icr_high) +{ + int dsh, vector; + u64 icr_data; + + icr_data =3D ((u64)icr_high) << 32 | icr_low; + dsh =3D icr_low & APIC_DEST_ALLBUT; + + switch (dsh) { + case APIC_DEST_SELF: + vector =3D icr_data & APIC_VECTOR_MASK; + x2apic_savic_write(APIC_SELF_IPI, vector); + break; + case APIC_DEST_ALLINC: + send_ipi_allinc(icr_data); + break; + case APIC_DEST_ALLBUT: + send_ipi_allbut(icr_data); + break; + default: + send_ipi_target(icr_data); + savic_ghcb_msr_write(APIC_ICR, icr_data); + } +} + +static void __send_IPI_dest(unsigned int apicid, int vector, unsigned int = dest) +{ + unsigned int cfg =3D __prepare_ICR(0, vector, dest); + + x2apic_savic_icr_write(cfg, apicid); +} + static void x2apic_savic_send_IPI(int cpu, int vector) { u32 dest =3D per_cpu(x86_cpu_to_apicid, cpu); =20 - /* x2apic MSRs are special and need a special fence: */ - weak_wrmsr_fence(); - __x2apic_send_IPI_dest(dest, vector, APIC_DEST_PHYSICAL); + __send_IPI_dest(dest, vector, APIC_DEST_PHYSICAL); } =20 static void @@ -170,18 +262,16 @@ __send_IPI_mask(const struct cpumask *mask, int vecto= r, int apic_dest) unsigned long this_cpu; unsigned long flags; =20 - /* x2apic MSRs are special and need a special fence: */ - weak_wrmsr_fence(); - local_irq_save(flags); =20 this_cpu =3D smp_processor_id(); for_each_cpu(query_cpu, mask) { if (apic_dest =3D=3D APIC_DEST_ALLBUT && this_cpu =3D=3D query_cpu) continue; - __x2apic_send_IPI_dest(per_cpu(x86_cpu_to_apicid, query_cpu), - vector, APIC_DEST_PHYSICAL); + __send_IPI_dest(per_cpu(x86_cpu_to_apicid, query_cpu), vector, + APIC_DEST_PHYSICAL); } + local_irq_restore(flags); } =20 @@ -195,6 +285,28 @@ static void x2apic_savic_send_IPI_mask_allbutself(cons= t struct cpumask *mask, in __send_IPI_mask(mask, vector, APIC_DEST_ALLBUT); } =20 +static void __send_IPI_shorthand(int vector, u32 which) +{ + unsigned int cfg =3D __prepare_ICR(which, vector, 0); + + x2apic_savic_icr_write(cfg, 0); +} + +static void x2apic_savic_send_IPI_allbutself(int vector) +{ + __send_IPI_shorthand(vector, APIC_DEST_ALLBUT); +} + +static void x2apic_savic_send_IPI_all(int vector) +{ + __send_IPI_shorthand(vector, APIC_DEST_ALLINC); +} + +static void x2apic_savic_send_IPI_self(int vector) +{ + __send_IPI_shorthand(vector, APIC_DEST_SELF); +} + static void x2apic_savic_update_vector(unsigned int cpu, unsigned int vect= or, bool set) { void *backing_page; @@ -325,16 +437,16 @@ static struct apic apic_x2apic_savic __ro_after_init = =3D { .send_IPI =3D x2apic_savic_send_IPI, .send_IPI_mask =3D x2apic_savic_send_IPI_mask, .send_IPI_mask_allbutself =3D x2apic_savic_send_IPI_mask_allbutself, - .send_IPI_allbutself =3D x2apic_send_IPI_allbutself, - .send_IPI_all =3D x2apic_send_IPI_all, - .send_IPI_self =3D x2apic_send_IPI_self, + .send_IPI_allbutself =3D x2apic_savic_send_IPI_allbutself, + .send_IPI_all =3D x2apic_savic_send_IPI_all, + .send_IPI_self =3D x2apic_savic_send_IPI_self, .nmi_to_offline_cpu =3D true, =20 .read =3D x2apic_savic_read, .write =3D x2apic_savic_write, .eoi =3D native_apic_msr_eoi, .icr_read =3D native_x2apic_icr_read, - .icr_write =3D native_x2apic_icr_write, + .icr_write =3D x2apic_savic_icr_write, =20 .update_vector =3D x2apic_savic_update_vector, }; --=20 2.34.1 From nobody Fri Dec 19 20:16:20 2025 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2069.outbound.protection.outlook.com [40.107.236.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6A84E224253; Wed, 26 Feb 2025 09:07:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.69 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560882; cv=fail; b=txBGgXxDVpIwiaTmG3G1e12iTkTupavdOSJ6xX+4NOVELlmkCEp3v9lHLVCXf0Chv4GuDvihqjUnCreHY5XmNfjpCjZqr6NgvfsvKi783B5KGGJNAKS3B3Rl4shV3rsvsQyXfNatsT3u7i6SLLbqc2JLz26MYsmReVf3rEGjrbA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560882; c=relaxed/simple; bh=/MMuvtDj8a8228sxBifHAJQ++0akJCRlkibauiRxvxA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=EFfA+d7QlrjIWjqmi6I6UZlIeA4fH6gMx6h+80TU0YBOUv5tvISvMPNbkTGJNqXhNszY48ZIhVo/VzGJUYx1uMpr+GCW4LVq2NLMMvmOadADj8AeXOr1u91Bzj6/ebXIONOXLqAEu3Sxpy+bG3oeJ+D44VAFQqQrIQc12t2dKsI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=5PeVDhOa; arc=fail smtp.client-ip=40.107.236.69 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="5PeVDhOa" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=DXffbvzQc5nnZR5wYQ2oaEtiBcL8fmkqu1vCqF0JGL4qhVmvH1PVFz96wg8nTn4cLufui5AElDivrKSt0H4+qg+8U94Bi46K1XIr6XG/mKJfCIH24xB3u842hrs3jKUxPTKR7/ngzfBvvIJNRif0MgwBf8H6BIbaLKOOjndpjTzPj3lepvcEtYm3Vun/wsymXazdd4SwK4mt+2tev9tjNUQiaFy5ug6v6dEOUPNx03zcu5lTWhQthWZDe7enuS47zEvSv87KCxXIQJbuzZzM9JNQrDXJNUMVOoU+Rwyth94T0XBql1QdTTCXryNqTh+JRBDkoFfRoipX661UZZ3inA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=e1a1vF59pbxo5bYwGCbzQVsQqlOZziLMDQYvEsx9bHw=; b=DRbgDThoX0UOWIFQUdmgkBYzn4rzQPB8TJ74g32D7nETq6VFj7TXZl9jQ8sa1KQz5/VyQhglkUnNfn0Iv7IHqSbC8u94FeiakYbiUVp5/EHGbhTC/nK32Mu6Asg8uUh32622OEApFPHCRpocAUvPv9WJ1GSGWug9goX4Z+sKQx4O1kp2seqR7bIvkkvjOYEaAuLrN0CgfYItwFJLQcIgUJqKPaqPdBvIZUiobKDfyRHlqhCNqtqeFTviQoJcXg+p/1gnch8/JO8Dwi1aRtWPruLP4+a28+1tybhmw0pFzDi5vDNA6h00IbTsPl6ijIwDwTUKIXyjeUGWT5iM3QOvyw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e1a1vF59pbxo5bYwGCbzQVsQqlOZziLMDQYvEsx9bHw=; b=5PeVDhOa7eaAiKoN9WRCNfh/bCen7fH5beiAwON3k7wbenOOI4rMPVjLB25rwZiytf87GIbpvENmgqCLUmFxnH7DT7kp0HlhfFsiExaGlDCLVjWucdbxnmWgaNX53jUZDaI/eiXEl+6vI3yYyKrqA4z2ClC0hpegchLSL1U58sc= Received: from MW4PR03CA0035.namprd03.prod.outlook.com (2603:10b6:303:8e::10) by DS7PR12MB8250.namprd12.prod.outlook.com (2603:10b6:8:db::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.18; Wed, 26 Feb 2025 09:07:56 +0000 Received: from SJ1PEPF00002319.namprd03.prod.outlook.com (2603:10b6:303:8e:cafe::b3) by MW4PR03CA0035.outlook.office365.com (2603:10b6:303:8e::10) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8466.20 via Frontend Transport; Wed, 26 Feb 2025 09:07:55 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002319.mail.protection.outlook.com (10.167.242.229) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Wed, 26 Feb 2025 09:07:55 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 26 Feb 2025 03:07:48 -0600 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , Subject: [RFC v2 07/17] x86/apic: Support LAPIC timer for Secure AVIC Date: Wed, 26 Feb 2025 14:35:15 +0530 Message-ID: <20250226090525.231882-8-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> References: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002319:EE_|DS7PR12MB8250:EE_ X-MS-Office365-Filtering-Correlation-Id: 6fefbd78-3b8b-4df6-9cb2-08dd56450ebb X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|376014|7416014|82310400026|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?HsqTN9rDvYcLqKWrSSro+HQM44b5ia3tQnHvZwZT6HnReEmxBtPEuhz0U6XK?= =?us-ascii?Q?lfYGYUzX7wDBoRmw+DR+cQsL3KSAvmjjLIVv/pqgThGJok5ERMAu5RSvR05e?= =?us-ascii?Q?wSntsLf2XztOokHNHYoNaOpucffhrTQSoLj9b7TeMBoypWRZ3vZyAcm3gB9n?= =?us-ascii?Q?WKuAHvpHxeOo+nLpXq36T2jD7jmWd8cmQHjuKKW04JFad9l4iTi2OlHMfsFa?= =?us-ascii?Q?LmWetyHfx6btp9pOymFIq17e4K6OdHqyIT2koo+2uLeFsJ2EXoHCtl68ws/0?= =?us-ascii?Q?UHizYidFbjjOAMSkEfhLJTdwkaWfXdyK9xeKc8RyyFYYv2QtrOR8gdSj4h3d?= =?us-ascii?Q?OjYXhFSQ2dAGa7gxoKL5Yk5HqDbEik8AXTIkT0iXSO4nqaLiA8h7Q7mGgeqf?= =?us-ascii?Q?GzQr7AW0zP4KMTyIK+Ss5Vy4RvDwxw5qBnxQ8J9EBczSuhXVv/mkuB5Zb5Ob?= =?us-ascii?Q?9TahOsdeKgfEOmjiyxOONHrsEbfMqFXtkJxf30K4WMGfGpKQRoDZilQJ8DcL?= =?us-ascii?Q?MLHrjohYIKlSdpJzJycdeZ+3X36687YWww2T70EbYBz7L3w82Hm5kz8KR8xC?= =?us-ascii?Q?cRQ2sPgML+aC8zRNEA/HhZQnZyrBoO9axFsAm22kyurEDwx39eQ4Iq4WKL7I?= =?us-ascii?Q?t2BcV/l5f0PqzsKpbOKuvv4prIPWRcbDg/a4bhxQon03lmGd5FB5UN/CuVaM?= =?us-ascii?Q?EWlAEc1yW9YQ+c2oEZ6db04cYW3VX1Qj1CgbJTzVUcGq3x00UIHSbIwAQnEd?= =?us-ascii?Q?K/cvAGA5hUDdEATna2I7UufXTCXR11pbaJhZ5o/RrtowJTb++GABFwlm+jyq?= =?us-ascii?Q?syjMVMvBHeLsq0MgGB4XXk3peZt0+xjAL3K0ZftRA30Tlz38oTHpuUMxPazE?= =?us-ascii?Q?N/1Nalg2HLbmNOyXPcgLyJueOyOCPoACRlQavieaLUDySA0+C8+WSuQBhDah?= =?us-ascii?Q?zTEzz9lCZXs7dRXHXcQ2x6y1BC488EzQ409xFYVQArQ4YYlliT/xCgr6biTK?= =?us-ascii?Q?BKxYMmGb3Y7Usx0Wl+mUMDdNG2rzO4xeIf0y54oEkqtWvDmhV0drW+UzcZM4?= =?us-ascii?Q?5bhd48u4Pgw1gHfXrNJiIBin7J4MSdYuxHSa9BnejJgLlz58A9fklveMtPcR?= =?us-ascii?Q?0xPublabMPkltWHuyVYOJkYsQ1c5+w9+/dVTXaPbr5YTP83lfXKPsL6TGLOQ?= =?us-ascii?Q?y4R03vfPP16c985g+3g734kIaFKlNCmEEoNfDIm5GVePU1r/cXPlijkqdwX/?= =?us-ascii?Q?cDnlB6fSayoUF9LEvDwH9HV8gOfK1t7fAHN/FOR4DPRbvr7ujKMsy37kbPhj?= =?us-ascii?Q?N+S2loVThV8QeYvsVgoFIoHDA9dggkkgizA59/gwI4HmP1k/BCof1FvREuvx?= =?us-ascii?Q?f3IPIo8Wf4TTI2soQLUbq7Tkkdvoa64YpQYP2EdwzKCenWK5reMs0ggIUAMW?= =?us-ascii?Q?p+tSdZIRbCfDMT9wKo585nxPzVwp1/KZWn6gVPYvlTzwz0+F/XN8YDnw3i2e?= =?us-ascii?Q?KebFvU/KPPSy7aM=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(376014)(7416014)(82310400026)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2025 09:07:55.4668 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6fefbd78-3b8b-4df6-9cb2-08dd56450ebb X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002319.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB8250 Content-Type: text/plain; charset="utf-8" From: Kishon Vijay Abraham I Secure AVIC requires LAPIC timer to be emulated by hypervisor. KVM already supports emulating LAPIC timer using hrtimers. In order to emulate LAPIC timer, APIC_LVTT, APIC_TMICT and APIC_TDCR register values need to be propagated to the hypervisor for arming the timer. APIC_TMCCT register value has to be read from the hypervisor, which is required for calibrating the APIC timer. So, read/write all APIC timer registers from/to the hypervisor. In addition, configure APIC_ALLOWED_IRR for the hypervisor to inject timer interrupt using LOCAL_TIMER_VECTOR. Signed-off-by: Kishon Vijay Abraham I Co-developed-by: Neeraj Upadhyay Signed-off-by: Neeraj Upadhyay --- Changes since v1: - Move savic_ghcb_msr_read() definition here. - Call update_vector() callback only when it is initialized. arch/x86/coco/sev/core.c | 27 +++++++++++++++++++++++++++ arch/x86/include/asm/sev.h | 2 ++ arch/x86/kernel/apic/apic.c | 4 ++++ arch/x86/kernel/apic/x2apic_savic.c | 7 +++++-- 4 files changed, 38 insertions(+), 2 deletions(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 4291cdeb5895..e4c20023e554 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1505,6 +1505,33 @@ static enum es_result vc_handle_msr(struct ghcb *ghc= b, struct es_em_ctxt *ctxt) return __vc_handle_msr(ghcb, ctxt, ctxt->insn.opcode.bytes[1] =3D=3D 0x30= ); } =20 +u64 savic_ghcb_msr_read(u32 reg) +{ + u64 msr =3D APIC_BASE_MSR + (reg >> 4); + struct pt_regs regs =3D { .cx =3D msr }; + struct es_em_ctxt ctxt =3D { .regs =3D ®s }; + struct ghcb_state state; + unsigned long flags; + enum es_result ret; + struct ghcb *ghcb; + + local_irq_save(flags); + ghcb =3D __sev_get_ghcb(&state); + vc_ghcb_invalidate(ghcb); + + ret =3D __vc_handle_msr(ghcb, &ctxt, false); + if (ret !=3D ES_OK) { + pr_err("Secure AVIC msr (0x%llx) read returned error (%d)\n", msr, ret); + /* MSR read failures are treated as fatal errors */ + snp_abort(); + } + + __sev_put_ghcb(&state); + local_irq_restore(flags); + + return regs.ax | regs.dx << 32; +} + void savic_ghcb_msr_write(u32 reg, u64 value) { u64 msr =3D APIC_BASE_MSR + (reg >> 4); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 1beeb0daf9e6..043fe8115ec7 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -484,6 +484,7 @@ int snp_send_guest_request(struct snp_msg_desc *mdesc, = struct snp_guest_req *req void __init snp_secure_tsc_prepare(void); void __init snp_secure_tsc_init(void); enum es_result savic_register_gpa(u64 apic_id, u64 gpa); +u64 savic_ghcb_msr_read(u32 reg); void savic_ghcb_msr_write(u32 reg, u64 value); =20 #else /* !CONFIG_AMD_MEM_ENCRYPT */ @@ -530,6 +531,7 @@ static inline void __init snp_secure_tsc_prepare(void) = { } static inline void __init snp_secure_tsc_init(void) { } static inline enum es_result savic_register_gpa(u64 apic_id, u64 gpa) { return ES_UNSUPPORTED; } +static inline u64 savic_ghcb_msr_read(u32 reg) { return 0; } static void savic_ghcb_msr_write(u32 reg, u64 value) { } =20 #endif /* CONFIG_AMD_MEM_ENCRYPT */ diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index 1c0b5f14435e..23a566a82084 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -591,6 +591,10 @@ static void setup_APIC_timer(void) 0xF, ~0UL); } else clockevents_register_device(levt); + + if (apic->update_vector) + apic->update_vector(smp_processor_id(), LOCAL_TIMER_VECTOR, + true); } =20 /* diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index 7e3843154997..af46e1b57017 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -71,6 +71,7 @@ static u32 x2apic_savic_read(u32 reg) case APIC_TMICT: case APIC_TMCCT: case APIC_TDCR: + return savic_ghcb_msr_read(reg); case APIC_ID: case APIC_LVR: case APIC_TASKPRI: @@ -123,10 +124,12 @@ static void x2apic_savic_write(u32 reg, u32 data) =20 switch (reg) { case APIC_LVTT: - case APIC_LVT0: - case APIC_LVT1: case APIC_TMICT: case APIC_TDCR: + savic_ghcb_msr_write(reg, data); + break; + case APIC_LVT0: + case APIC_LVT1: case APIC_TASKPRI: case APIC_EOI: case APIC_SPIV: --=20 2.34.1 From nobody Fri Dec 19 20:16:20 2025 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2075.outbound.protection.outlook.com [40.107.101.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4920F22423B; Wed, 26 Feb 2025 09:08:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.101.75 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560899; cv=fail; b=VeERX+uwxmeXlmgKrBYJWTMrvPxWqVJ/AYEyCVCUAONbwhZub08SsQuDFwkca3Eb0Ktb7QMpjQVieN6QD9nEdYJHCL8k/xdRw9SNM4vfBZ5eWWMXUEFq4UjelpMv4x8thIzd/GGZ50jraQlmKNT3abyWNrdxkPV4lO0TkhhUdLI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560899; c=relaxed/simple; bh=Q4ewJy+/b9emzrE86tyS01vedacOusRUYe+WkN3fdXY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=B/H6dVXDxET0WWeW7W1jJtD0QsxIKoQ97QAPYjI6u1NxUEuIf3RJ1dAMbqndDQA06JANGmCZoXiX+3rdZKsoVcQ0QY9/4O0TB547HU0rtuytZyq6HYksYvZj69EH71yz/PbZ92LTlfSMr4+5dOI6C3tlX9kNi8+oVT3ScKILtdw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=48C+m7WA; arc=fail smtp.client-ip=40.107.101.75 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="48C+m7WA" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=UJreW7oyQr3aoR604rugXb0nTSAhwAqejeLaEDm88c1t7KWxbN31e+v5lbWYNlLgnLSDOlxgkJDytKcKH5mSiJ+TMO5Ttl1e38PG0Kxo8EUjzBoPLj7+S5PYmzKu2+PrZ9vfpwmVCcMUSg9j34gsl0hAL35NtoAakWyAiJCBzZq4DtkRu4ibDcv1ns3igZv/OJmNxwDWgB+a6FFzn9EU3oJtsvq4URBdbfVSzL48WStNKSLP0/gz11X1ZY4/HX0jAuk3vj8DlGEH7k7jI9m9d3nz0Ist6H3M/0d2tYoPpUa5HJ+6G7/leZ0yQIMFcyUqbf1L0k1ZoXGY96+gtS51dQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Afvjz4oVA3db8RvCc5lQkmhYdl/GAm1UoLIki0a3j88=; b=ZPSSYrdzyM1hp2UeAaEd9itWB7pk+YbyVq/E1hxRCWM/RzHlq7Jy3K930cYMvwoGSyGv/WydIjImRMEjZqZjN1df/kuEESjw/e1bKub0ucBcsPmOFSd1KSDmPz8VulHqrtdr/RQ30LsLYvvTQTh6Zi/HI2jncRBXoDS/gZKDnrQt86XyS+FXJ1x1LW8I85nMcp3gyltKG/9p6pYpYglRk+Era7hk26TMHwD+e03kBC3KS2kdGf0Gx9dZ0Qac6ERPSxDzliipZSdqfVbjreTkX7FsrB+WcembCAJDjpE5df9/e2VfPazP6J5rjLQpisYss9sUI/xlzIfuBAG+Im/u3g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Afvjz4oVA3db8RvCc5lQkmhYdl/GAm1UoLIki0a3j88=; b=48C+m7WAQMwK3bh0kPILkkw+iuyUDByk2tKPkgUbwVjNN5WCTn8+ieovnxazcDcq30sjQtXUWUkBg4ijl1cNDmL743ivwsgK420oTwmFC9q3qGpNEH0+My8qPQaMwgkSHox+dB0klC6UeBmpDuRLeKtLwvsobpfOIOL96ze/kZA= Received: from BYAPR07CA0031.namprd07.prod.outlook.com (2603:10b6:a02:bc::44) by PH0PR12MB5678.namprd12.prod.outlook.com (2603:10b6:510:14e::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.19; Wed, 26 Feb 2025 09:08:13 +0000 Received: from SJ1PEPF00002320.namprd03.prod.outlook.com (2603:10b6:a02:bc:cafe::59) by BYAPR07CA0031.outlook.office365.com (2603:10b6:a02:bc::44) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8466.21 via Frontend Transport; Wed, 26 Feb 2025 09:08:13 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002320.mail.protection.outlook.com (10.167.242.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Wed, 26 Feb 2025 09:08:13 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 26 Feb 2025 03:08:06 -0600 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , Subject: [RFC v2 08/17] x86/sev: Initialize VGIF for secondary VCPUs for Secure AVIC Date: Wed, 26 Feb 2025 14:35:16 +0530 Message-ID: <20250226090525.231882-9-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> References: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002320:EE_|PH0PR12MB5678:EE_ X-MS-Office365-Filtering-Correlation-Id: f9c68cbe-497e-44bf-60d6-08dd56451951 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|1800799024|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?0emZNx6eklv0cx/64SnFCjrbaReilr4Zatwj8iTKK0K0pDnWh/r9OxRhrKwt?= =?us-ascii?Q?dYKDDjR1XZvIqzUHS3TX1KYCE/3kxhRb/E12acP0WuC6JJvXlmYlmIzzzSYn?= =?us-ascii?Q?GwAPpoNpnaKR0D1q8ZmqexOwzqf4gkd/iezgJElmZlsPrLHQdETT5/V0gXB6?= =?us-ascii?Q?ubhGLlNWvpQbaf9J0BmE1xRvsWs7rmDb5dFc6u+LSR/45mfX32xu8wtVmilC?= =?us-ascii?Q?fqjwCogBP0oa2kZRDls0ojtKiVOukllzFGgPv2cxJZEywZtfKJmkjAnI1ol9?= =?us-ascii?Q?VtDRJchMdx8Klmb65VWux815sGOff5ohguyuud5gsJ4isZqemuqnTiyPHBwb?= =?us-ascii?Q?w68+ZF33LvLEgU0096e07HvL7AS9hverqrEKYH20A1aJx+yznIRXmZsE0SuF?= =?us-ascii?Q?ThdUBs6VgRqtsy+V3rvDxGgqwsRsKrJ62wlNi2V1o29f/W0TXYi84SRMMzLK?= =?us-ascii?Q?mu43xiRhxd9jfWZWW+syf5mkBv8tjaHZK3scszWYUFqcopWoCCqKgoxWVEwb?= =?us-ascii?Q?M/TmFgvqbZUS/B1elfLG7c0JnD5wyMlGUInHJdYN//++B5UWJqnxi4H90A4X?= =?us-ascii?Q?rfTxd4+AZ0rtmzhXoWzZi4/mpAzU3i1rjRi7hvwjbHjHkcJezYzyjasnCYGj?= =?us-ascii?Q?xSPGOEOwvig3gsrLqzc6Z0s6dpxpD1W9m0GonBPHKFeN/Pj3fTFuXBTi2wvV?= =?us-ascii?Q?7yZokPNlBeT6lDdoc/yg7IV/UZUTpw9ConIOHAxva2dGr+ozL3BDfjGMnI0M?= =?us-ascii?Q?WAML2hvqRDwFQBjBj12kjgLt98hwozkV2LhT20CsoMCEy9wFI+KrD9CZZ6XM?= =?us-ascii?Q?PL33/2TxBpZTjgHVmGOLQVQhO8WXfPNblY5brjEK/oBzptE5uk1CohxMvsgZ?= =?us-ascii?Q?fexpD4qYxasYM/EwUgNEymjnNvElM6tp1z23NeE2ntKvvGSt4aNf6kaWk9Ih?= =?us-ascii?Q?eP0oPOw1AjqwzhmbABvo3Cb75nQUJGi0QkQTzipwW6+7OmLks9/1VYpbnKju?= =?us-ascii?Q?Hq6zrT+ZLDOLsubIB9VghUMqnhUPuXWUayB163BjmCi3ieaEGfFSvOhjrh8W?= =?us-ascii?Q?gEnKHQ49ExGpFWcyQ64jfZPiAWqrXyr/7QinjqUqnQ9HoyIjNMMmAwUKdF4n?= =?us-ascii?Q?JFwRg1BOgtJI8GRpmnXWPO0J9QwAgvhX6M4GI5Na4IxiFL7OTd1vvvk/OVY1?= =?us-ascii?Q?vjblJ19epqcGhGvbi59G2AU/6/mQflKwX65mNUa+qCeX03+VRkoDlYDOfXdb?= =?us-ascii?Q?UfXqd+BwIjopM2EDLBnsZx+VkEMpxDMvMfACwIPJk1MxHH1t2If9AkU2Q7kB?= =?us-ascii?Q?YQdLmK+uZlkoDvJYipumiZCXbBlcDsoEnCPjP6ZgiiOh2Sooe3LWF5+k1Aha?= =?us-ascii?Q?UuDwHJshFuZH0WldDypXDK6jiGtbjQpa4Ox9UcXEATC27mV6jv9OepN1Aahb?= =?us-ascii?Q?DAFhyyR8/VCUwbt1Xku1R9ULsKAiyNEScrF4GREKpZc2R0enI0o+1b0SUJzQ?= =?us-ascii?Q?qmDu6SkIRqXO1Fc=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(7416014)(1800799024)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2025 09:08:13.2411 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f9c68cbe-497e-44bf-60d6-08dd56451951 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002320.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB5678 Content-Type: text/plain; charset="utf-8" From: Kishon Vijay Abraham I Secure AVIC requires VGIF to be configured in VMSA. Configure for secondary vCPUs (the configuration for boot CPU is done in hypervisor). Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v1: - No change arch/x86/coco/sev/core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index e4c20023e554..8a4ad392d188 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1272,6 +1272,9 @@ static int wakeup_cpu_via_vmgexit(u32 apic_id, unsign= ed long start_ip) vmsa->x87_ftw =3D AP_INIT_X87_FTW_DEFAULT; vmsa->x87_fcw =3D AP_INIT_X87_FCW_DEFAULT; =20 + if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) + vmsa->vintr_ctrl |=3D V_GIF_MASK; + /* SVME must be set. */ vmsa->efer =3D EFER_SVME; =20 --=20 2.34.1 From nobody Fri Dec 19 20:16:20 2025 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2089.outbound.protection.outlook.com [40.107.95.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CAFE9213254; Wed, 26 Feb 2025 09:08:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.95.89 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560914; cv=fail; b=Y/SW7xvrwW+Ir2uPSCLKMlDjYFLNsYguSJaUkI0zpcS9aCvwnczOQPbVjQXOUFKilVZ+s5Gn7x9bY2hapKyXhTHDMlZxBziHG9KFgP3t8r6uC7V1ieOQkqM8iPSDCj4jUfhOMgTUbBKd1u5N1lrG+3Kv+mkBeqZ17JJSudjRm/8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560914; c=relaxed/simple; bh=jEEYbJT1L4Q7H7+5QdYLOETQ6pjG1djCiT6oT4IPceU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ZWXxG7tLaFG0YAgm3iH9r4g73ovVIRNMXgZiCj1wrrmgKyBbsH/H7CtmaJeUPbAiXMEGH8dtKfTOfZcdkwg07AhbZ/yUQogrVtDn1QNjEv6hTLYGK49ZsUCG6Eptq6a8TR775ZAciGr3uDn+EtJsSmsh40yMcfNkJlirohInev8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=aAWsJuv8; arc=fail smtp.client-ip=40.107.95.89 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="aAWsJuv8" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=LnzExZVLobnrWjAX3rtz4AQP7q8zTHnOIGXRvBsiiH0Y/WEJzFTP4DP3iUxaIuNHWJaPo/cClUToFfCWCRfRbdQ9hQqc4tVqHRS8HMO9ErE0i2N/dPoyvb/oyYhECAzKIU7N4DFxynI98G3aWaGvSGvtTULdJfV1EZFpHpMFFFnjUJ/AqjJtlEEMTSs+nASbq9W/TbtQ5s45JRJAgZKRHvnMmVqn2ONtudKcf2e/gKyJir7amGpLYHZHKYItxQWkDSro/UQAKQkp3HbYaslE76e2CQ1brgxQevdoE3hvaTvLSYTnOhB5xAhLaduaDLZeHmVWkGYRkF/f5CeSzHkoMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xx6cLOYHtbVoY76XeTmFPsaZCqRrn/lbLYfOgv6vwE0=; b=Oc1KdvLRZ6NycLaLcPlQiWB22J1VKM6CL+XZTdvWhwNN/NAsS4Gvx3bypVpftnsU3ixp5kukosGzfV4qXctPzqI0jhh/1YPHJLhGzjkKZvRA2vZxDsE4ebCpXfFr19X8djF4W+CF2bCOUlL+QZEJdhiamQwveeEolCipAPgw/Q4ZFE1XAhqa+8UW2dhgMAwwOT3y2fvDL/bfaGT86ucd0HYj3vQB400RrEHcPz6rqgHOE7knIJAlJ7aa7W5vjUBKY7Mu0ZknTtrcZ//B4BZ6x+RuKTVpbrbHx3+yfxaXTVpAMi+nb6W98/2g5hVvTWf6q/McAZ1fP6zz9Ls6NZb21g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xx6cLOYHtbVoY76XeTmFPsaZCqRrn/lbLYfOgv6vwE0=; b=aAWsJuv8vLToHPpBZQheOBY+y9T6L6jpHWlCH56+xZLsTbOfbMBal9F9yAai+5duScCxjoI9EEf21FqsT0gWsBmoqHPIFiS7gG7rqfbB4S/KBf4I2jT9LKRp1hxhoFU7BC9hXWo95f4fvkhHUE9T8ti4Jzsie8lmE7yFTCNOWvs= Received: from SJ0PR05CA0170.namprd05.prod.outlook.com (2603:10b6:a03:339::25) by CY8PR12MB7097.namprd12.prod.outlook.com (2603:10b6:930:51::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.18; Wed, 26 Feb 2025 09:08:30 +0000 Received: from SJ1PEPF00002322.namprd03.prod.outlook.com (2603:10b6:a03:339:cafe::c3) by SJ0PR05CA0170.outlook.office365.com (2603:10b6:a03:339::25) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.15 via Frontend Transport; Wed, 26 Feb 2025 09:08:30 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002322.mail.protection.outlook.com (10.167.242.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Wed, 26 Feb 2025 09:08:30 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 26 Feb 2025 03:08:24 -0600 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , Subject: [RFC v2 09/17] x86/apic: Add support to send NMI IPI for Secure AVIC Date: Wed, 26 Feb 2025 14:35:17 +0530 Message-ID: <20250226090525.231882-10-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> References: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002322:EE_|CY8PR12MB7097:EE_ X-MS-Office365-Filtering-Correlation-Id: fd322955-9315-4a07-536b-08dd564523b4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|82310400026|1800799024|7416014|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?p4jm1eupGXhXKFxWWZe2LBghdj590KQVAuoujwZII6uDdnTQlHOrENshFtzD?= =?us-ascii?Q?kdm/2R4ESne4EmAEALInr0evlvSE5+PDiA8rePnP7Fiob+pK9jkHX43ivJpB?= =?us-ascii?Q?FlDsRFyIklM9MsTyhKJ1Mp+dc36Gun/IS12LVa2mP7nn61rPVvkD2hXJiDrW?= =?us-ascii?Q?ADJMghVDzL96wOlXEJfg2snbrAql23zEQ5vvKeiPNj+IXUMnmbfq37Y5Tvej?= =?us-ascii?Q?vtAh9jR+rEEbWyR+5zFlI7N9LtJ1iPucuKkS6K0uAWkqNMDYP6NMOaX6XW9b?= =?us-ascii?Q?63WotkqvgQolHakbA3upjG6GV2ZmypnImW2s9CJOiadvU8+y4cYdNlZh0lLz?= =?us-ascii?Q?CmWTEbw1AYngRdUUEARIkDXHwlIn6WIemO1YB++KsI8udYsNsvH0w5uwiDYR?= =?us-ascii?Q?Nv7q9JiZom3g4dDB1QdWCZOsrQXWFj9rNJl2u/4wZTJP9eexShkqdEeuUAVs?= =?us-ascii?Q?87QC6cGAYanyhxZNmPxqqCt1rJC7dWAqkBnkgjlqs7NB2rPc2DLh66/X2jdQ?= =?us-ascii?Q?8InsYMJoAigt4XLCDkYJ1hgsVsgpqrnuUp6BsPnOAUtUo84NjJEmrLVYVBay?= =?us-ascii?Q?z5MkCwWFmbPBT+Db3ZzSAHFMM5iUH+9cgovMLr3T05ZLx+0Sx46+Zo4sTmAc?= =?us-ascii?Q?ssDDFxE3eMaP0TWIg5HLbkzC2B6LjKEO/I7vQNAYNKYJYLJG+FRgElnh8jh/?= =?us-ascii?Q?3gXFx/u9kwqfHHAkeevcfyHbN1DqIyNEaxsie2/Ovqg4Tjy4qoXYnqmN/mlE?= =?us-ascii?Q?ASK/jKkinukDjn+Lx2oyAJKgC8V/7NCXPZ5Ov3meLcS4kMRWqotXYt057f1t?= =?us-ascii?Q?SFOH7Wwh+CVH9kOY6NLD4A8OsZYsef9qK1qno/UC6nJpAE0PxpD7DanSTQq/?= =?us-ascii?Q?CBM7/VreP4Y96VounZedAPoK+tiObjoBxiCzx0OLia1o6Q1Rup1l/N2BjKjm?= =?us-ascii?Q?MzCOXJrzRWfn7LHXmnmdxCmF3Y5AMM6cKItJv+BEHj3TucjIQZ8qtV8NI2o8?= =?us-ascii?Q?YNoc2dbDqGavyx26EURpbH5B31JJGfOzti4p3rW6Sxx5qicxHqHTIJJZd0w+?= =?us-ascii?Q?tsRuhye1QOas40hGre8CWx/2NA5EOyUWC6OZAYBQ3dV0groPyNlquByWQZ6/?= =?us-ascii?Q?MBu59ZOawidwllTMQExP75nksQVuU5IJ5tfwwHkNwZu0BTPb3kYyp5bZchsm?= =?us-ascii?Q?fY+7n6KSYr9jQ+lExfhyBKkK5oEdgEGIwRyaizDdAHaTW1sbixTAuiy4HU6t?= =?us-ascii?Q?1hGs73koMyqeK62C7C26JoKAjdM8ayE6jjlmjsuBzSrQc99Eva42RCaVqS4D?= =?us-ascii?Q?AyihSuc3JFnUTCPwLo2Ga5CvdqXyBP4CKBFfmIPJscfTFoloe/gJbmsQOJvl?= =?us-ascii?Q?NliJz0289AdiMIypziJBqbevIXCGQ6PyiXxlcsQpp9ox9YeRMA3vpMArOwrj?= =?us-ascii?Q?iYjis8b2ZKP0RYZFUXt7vJO4b+iMGmX23Zyl6n8T8DJay0FrRwDjLMWBg1yK?= =?us-ascii?Q?dCfvr4vf7TmaMno=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(82310400026)(1800799024)(7416014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2025 09:08:30.6668 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fd322955-9315-4a07-536b-08dd564523b4 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002322.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB7097 Content-Type: text/plain; charset="utf-8" From: Kishon Vijay Abraham I Secure AVIC has introduced a new field in the APIC backing page "NmiReq" that has to be set by the guest to request a NMI IPI. Add support to set NmiReq appropriately to send NMI IPI. This also requires Virtual NMI feature to be enabled in VINTRL_CTRL field in the VMSA. However this would be added by a later commit after adding support for injecting NMI from the hypervisor. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v1: - Do not set APIC_IRR for NMI IPI. arch/x86/kernel/apic/x2apic_savic.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index af46e1b57017..0067fc5c4ef3 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -162,28 +162,34 @@ static void x2apic_savic_write(u32 reg, u32 data) } } =20 -static void send_ipi(int cpu, int vector) +static void send_ipi(int cpu, int vector, bool nmi) { void *backing_page; int reg_off; =20 backing_page =3D per_cpu(apic_backing_page, cpu); reg_off =3D APIC_IRR + REG_POS(vector); - /* - * Use test_and_set_bit() to ensure that IRR updates are atomic w.r.t. ot= her - * IRR updates such as during VMRUN and during CPU interrupt handling flo= w. - */ - test_and_set_bit(VEC_POS(vector), (unsigned long *)((char *)backing_page = + reg_off)); + if (!nmi) + /* + * Use test_and_set_bit() to ensure that IRR updates are atomic w.r.t. o= ther + * IRR updates such as during VMRUN and during CPU interrupt handling fl= ow. + * */ + test_and_set_bit(VEC_POS(vector), + (unsigned long *)((char *)backing_page + reg_off)); + else + set_reg(backing_page, SAVIC_NMI_REQ_OFFSET, nmi); } =20 static void send_ipi_dest(u64 icr_data) { int vector, cpu; + bool nmi; =20 vector =3D icr_data & APIC_VECTOR_MASK; cpu =3D icr_data >> 32; + nmi =3D ((icr_data & APIC_DM_FIXED_MASK) =3D=3D APIC_DM_NMI); =20 - send_ipi(cpu, vector); + send_ipi(cpu, vector, nmi); } =20 static void send_ipi_target(u64 icr_data) @@ -201,11 +207,13 @@ static void send_ipi_allbut(u64 icr_data) const struct cpumask *self_cpu_mask =3D get_cpu_mask(smp_processor_id()); unsigned long flags; int vector, cpu; + bool nmi; =20 vector =3D icr_data & APIC_VECTOR_MASK; + nmi =3D ((icr_data & APIC_DM_FIXED_MASK) =3D=3D APIC_DM_NMI); local_irq_save(flags); for_each_cpu_andnot(cpu, cpu_present_mask, self_cpu_mask) - send_ipi(cpu, vector); + send_ipi(cpu, vector, nmi); savic_ghcb_msr_write(APIC_ICR, icr_data); local_irq_restore(flags); } --=20 2.34.1 From nobody Fri Dec 19 20:16:20 2025 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2051.outbound.protection.outlook.com [40.107.243.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B1F0D22424B; Wed, 26 Feb 2025 09:08:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.51 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560933; cv=fail; b=rrcCItVCE6LXhBW8HPTia27FocAm03ZSzmnmSOGMHKqdhCkJUwvQG2urIg9NiASz8hAZeGFexGWwUVhxC9VEjiT7WVeRfRf/6a1wNX8ncOXZMNRHqmrTS9TdB5kCnQaBrXNN8+QZd9qFcbkARUxVOmGdmI+iOsG6KV/iDPYXnOM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560933; c=relaxed/simple; bh=sBl0RcMRuYeOw78Gx6dpREqRgNpOn9GE/YSds/XKWt4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=RqGEiz+Ntj3Awu9GLayl56fezctrrpboyFYeW+F33lOv6zfvN1L5QQRJGA5+SWkUvYNAf22TuGND38z96PsKw/htzAGmnSok3apYX8PzOCstXM1GccxDUubXyebf8L5VDWY3fvCCh6pkXDmSLa3/FFXazmqQjVM2jwezo00h78I= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=pi8WBhB4; arc=fail smtp.client-ip=40.107.243.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="pi8WBhB4" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=rFYpyPNpoPX1iIFH1x1VD7PueMOl4ijVquh0XNq93y9Jqcs2RNQUaBKJhHJTdRHCgoULuDv+04Z9o0JeUHW3WhTVBDTyiKBO4RPnrQcpfaXkjmrYmH6qieAQPOfBg1toBIO6xMhQ6JOUa78NYRUPj/a8pSnWFyj/Zis0To271hqjVx2HL2BcRzwkGP3Wvd61VBpJ20CARFi0NEwgjCRPCYI38WvyOL/D1406jOaLTOkNb3ZEE2NJCaPMpcaz/75d+a5mvfWLam0+vpqd+fDHsoymVVNIX9fLMMXYkiVpQ5L8R1CNTc2zV1EipgdsPpLT8u4wkcJ7OLFBvsKklGX3xg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Uer3ntKLa4e0LQw6pRKvjRqGZGL66TiybHLuDufDVuo=; b=AFRTEbrYRp/ZhnWxL6MNqAAFPbrHcdeR/rejkDDrT0qPhyKpxu7w6zCaukEyEVSVJeul0iM1Rlb/aCGYGdcLxfjr3kn6E9zn6NduEQjhqSfel7bCQTNZ/KaQ5HO8XNtON6Y8X6y0tLXvil96j9M1rtu0tCT0mJLFr0IvVJIJVZbxkiu2PP/GGE0slZb0Lqp3baCqcMuKf/B3qwb74in1qjDpvet9V44FI/S87PLT590mCRMX1eYD38Wwt2x06joz8BS5QAK/zpSYzNF5cmdOyBrCU3R400dEMtTRTl9fmfWDIdlcc0pK25H6HdXLT9nAUAnMMYyUTakLOHkDSrQ5lA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Uer3ntKLa4e0LQw6pRKvjRqGZGL66TiybHLuDufDVuo=; b=pi8WBhB4ZGnWnvxiTRfwyE9L4dNJHBHx5+F8GdjNGbZAgr1vAjitUJgQcOi45l/Wt+7VkPabqQQFi8vXRZbReRNJ81U0sAfwZ2MekvlWcyssvnAQNGMYNE6/WmS0kc8PasH+tOBUpYZ5DL1GIe7rpMaHgcHdNajkXW11bUvHEmE= Received: from SJ0PR13CA0045.namprd13.prod.outlook.com (2603:10b6:a03:2c2::20) by SA0PR12MB4415.namprd12.prod.outlook.com (2603:10b6:806:70::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.19; Wed, 26 Feb 2025 09:08:49 +0000 Received: from SJ1PEPF00002323.namprd03.prod.outlook.com (2603:10b6:a03:2c2:cafe::13) by SJ0PR13CA0045.outlook.office365.com (2603:10b6:a03:2c2::20) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.15 via Frontend Transport; Wed, 26 Feb 2025 09:08:48 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002323.mail.protection.outlook.com (10.167.242.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Wed, 26 Feb 2025 09:08:48 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 26 Feb 2025 03:08:42 -0600 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , Subject: [RFC v2 10/17] x86/apic: Allow NMI to be injected from hypervisor for Secure AVIC Date: Wed, 26 Feb 2025 14:35:18 +0530 Message-ID: <20250226090525.231882-11-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> References: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002323:EE_|SA0PR12MB4415:EE_ X-MS-Office365-Filtering-Correlation-Id: 2c494492-8721-4009-0254-08dd56452e67 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|376014|7416014|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?TZuQ/fv2UiZ8Nx0PY3U2nhjt7Q2VRcShzGE7FWvaNSYn9R9zXHDXSh46vGZ8?= =?us-ascii?Q?N9ZZ592+K1Dtm8Vq2STxZEp8P6LCU9SJwK0lYTg1B1pVgVPUJT1h7nj5jbhy?= =?us-ascii?Q?Jw+k1Fc76otwRUeDYwfTc0dXVsandQvxsRzvIBOJECoiVXnfXI/NeNUs+KqW?= =?us-ascii?Q?1jPd9N1rXaJ0BPhJlHKam24g72lVVynf6/6YhISUAO+C6TdxBmI6E47Dkhq7?= =?us-ascii?Q?YRmV+HMOsMrVqo3dF0MlcbQ0LD3RlSO5Hm5UL6d4vfUCrFd4xGOr65qL7OW+?= =?us-ascii?Q?XNBhAO3iRejf+h/Sre9hxr7XjmEw6isvr8NeSUv70y3H5dEYbO15KWan8Q0N?= =?us-ascii?Q?kM6OWQ0++8lkbwRnk+6SZVU2qztb/fT00m29URMzOm8BkTeAowro4I5ACXjG?= =?us-ascii?Q?sAhHsOyGjoAWwgxY3eAk07AB6cLvjw/7PgLmhhI79NcmKKEC5pvt6q4D26bh?= =?us-ascii?Q?Zw7wQxcUn028dPBFIh+xOkuA2W+FpycI/Triybk6oIfIr802WJkphrotCW0D?= =?us-ascii?Q?GlOn46GFpbg7xlmrFKDhWBOpXPRIC50fyUPEAIp740hNA6tOlfwgLcMgLC+G?= =?us-ascii?Q?D6RzN5dbD2IpjiB2TnuFg5SxfjNmcL2OC+dDZV+16YOu806RF0tmCZ8u6BE4?= =?us-ascii?Q?FNSe7jeGG5d4M1afAzd9MY0Qxm3ySN81lvja8O8ZApL/194mU/6dwXdSs2gv?= =?us-ascii?Q?65po9s11WamIxNIyoh/SzpqdvOLBZfnax2kc5x4YJKIQb9D5Q3q4uErTJ75R?= =?us-ascii?Q?MWLTw2VogNIz0+g3+K7tdtBJmwZH9Tmena2LsOPoOZR49Vzu2e5oHc0wGAIH?= =?us-ascii?Q?AuusUEbjcKzC/KoskVzXZD54uVjh4mq4aB+DnuyBA1aiHpg3ZxBpGL7chu8I?= =?us-ascii?Q?8sFwBo5yzc2Y3MOk1M3KbMrBLL1a25750Bc6IXEt/ZbFBoqo11JHy1nWSURM?= =?us-ascii?Q?snQ1wROpCcRwACs8SHW5s/BDM0v0sIWBdyVRApqkBSe0cKQxdBTsUu6/U8Ia?= =?us-ascii?Q?QIopGDkgWHQt9i9BHmZpoQ8QX+CHjykYiflGLbFAdDnswXyoZL5L+2cFykc+?= =?us-ascii?Q?j+j0NIz0vwPEJFCZN1wFE3s8y+NdsRw8hvsPXvS1KiRBbaPlEBUsuRwcuW3a?= =?us-ascii?Q?dIqzjfZ0cI77Qbk1vH5cekvq8BmiICjdBytgIecIQaklww0z9UpIk16adO2Z?= =?us-ascii?Q?vINW92iJApYkm1ibkf8g6GkaLU+jNDnrP6mRDFnGmgwVndxctI0sGBfmJN02?= =?us-ascii?Q?ugLsaJEXjeTCLElhc5JXBvnBCEqzpxNbWqfnTiPEG1TaU4n8W8iOMCRcf7I7?= =?us-ascii?Q?3Mw0VY8MjIF7XXZq43PcYdyf5dJqy7G5CNNPvCG1QNqR+O1k6M85FHA3e0Vi?= =?us-ascii?Q?R6z2u4AXISAzcM7ACO+rEz+9N/ZQcsOyA7EQaTUjtctAy/VoetTXlm4+CWAC?= =?us-ascii?Q?CCjWQaSJVCOQ8DxWfLQYt2LMuvOvS++8Ja9+47dHNIqXBLWybsP8+1+CDhWu?= =?us-ascii?Q?jHP1gRNBQY4b4bs=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(376014)(7416014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2025 09:08:48.5994 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2c494492-8721-4009-0254-08dd56452e67 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002323.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4415 Content-Type: text/plain; charset="utf-8" Secure AVIC requires "AllowedNmi" bit in the Secure AVIC Control MSR to be set for NMI to be injected from hypervisor. Set "AllowedNmi" bit in Secure AVIC Control MSR to allow NMI interrupts to be injected from hypervisor. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v1: - No change arch/x86/include/asm/msr-index.h | 5 +++++ arch/x86/kernel/apic/x2apic_savic.c | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-in= dex.h index a42d88e9def8..a2dabde0d50c 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -687,6 +687,11 @@ #define MSR_AMD64_SNP_SECURE_AVIC BIT_ULL(MSR_AMD64_SNP_SECURE_AVIC_BIT) #define MSR_AMD64_SNP_RESV_BIT 19 #define MSR_AMD64_SNP_RESERVED_MASK GENMASK_ULL(63, MSR_AMD64_SNP_RESV_BIT) +#define MSR_AMD64_SECURE_AVIC_CONTROL 0xc0010138 +#define MSR_AMD64_SECURE_AVIC_EN_BIT 0 +#define MSR_AMD64_SECURE_AVIC_EN BIT_ULL(MSR_AMD64_SECURE_AVIC_EN_BIT) +#define MSR_AMD64_SECURE_AVIC_ALLOWEDNMI_BIT 1 +#define MSR_AMD64_SECURE_AVIC_ALLOWEDNMI BIT_ULL(MSR_AMD64_SECURE_AVIC_ALL= OWEDNMI_BIT) #define MSR_AMD64_RMP_BASE 0xc0010132 #define MSR_AMD64_RMP_END 0xc0010133 #define MSR_AMD64_RMP_CFG 0xc0010136 diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index 0067fc5c4ef3..113d1b07a9e6 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -34,6 +34,11 @@ static DEFINE_PER_CPU(struct apic_id_node, apic_id_node); =20 static struct llist_head *apic_id_map; =20 +static inline void savic_wr_control_msr(u64 val) +{ + native_wrmsr(MSR_AMD64_SECURE_AVIC_CONTROL, lower_32_bits(val), upper_32_= bits(val)); +} + static int x2apic_savic_acpi_madt_oem_check(char *oem_id, char *oem_table_= id) { return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); @@ -401,6 +406,7 @@ static void x2apic_savic_setup(void) ret =3D savic_register_gpa(-1ULL, gpa); if (ret !=3D ES_OK) snp_abort(); + savic_wr_control_msr(gpa | MSR_AMD64_SECURE_AVIC_ALLOWEDNMI); } =20 static int x2apic_savic_probe(void) --=20 2.34.1 From nobody Fri Dec 19 20:16:20 2025 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2055.outbound.protection.outlook.com [40.107.223.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DCEC92135B7; Wed, 26 Feb 2025 09:09:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.55 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560952; cv=fail; b=lymTCHWJh4fEg/sYYzRIhDIBZJPzifYOSDC/oaCAeowB1XZB1ZYOXr7YRVO6W5E3Z//UABUOIJB4+Qg1DD7g8QJqjnJhGdOix1tWTBdTDGzQ4DCQXpJpTLaDFIeD4NyJQCV2qKAhV3+7bCOGrU2Tuh1P6XVsU4A1Scf4sqgCtiY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560952; c=relaxed/simple; bh=Adkc41nKKcUzv6S93hYXJBzmPxwEoPAjGiwiw4cb8Es=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=u9NNvehK4Y8uwNVlD4/krzKgxLfD6Xfki1DsTEnCY9coQZoUneE9BLBEE92I2bSRL4IRu6V/Uar/UNiep8+sSj+buIjOokm82PZ9s0Ln1/DCzPjD0AzejtnViQasgsZaotnW0pkruuttpk/hAPbvXjV5DcOMm94bIXZAQIz+9cU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=WW7iXPHG; arc=fail smtp.client-ip=40.107.223.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="WW7iXPHG" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=boHvPbbtpSYhGYAzo5kgO5sZTMh7b5D7W8h99MS8qucTmKJ1/jgcBxdBuZwNtkXGJOpmDXR85ER6Igo5QtLiYFrUSDC820nuT+Rk/9S01zd8VEuCZ9WuqB3UZ/FYwYdREJkt3Z2swGb9eJahf2o5XIIWkpNEoWRBCfJoRkMMoIsxISeRGoIpNDLArnwiobBJZTsNHJdBe1Gu8PWHPYgCDyoGOyKf9dLtNyCVQU9kwqsSx8XX4e0NyJ02BHI+7T+K7TxtqNOJ74B8GdCFqIIVD2uBuEknQ3zzsgeB3ENNaW2ycfxC+n9x8h1bu7QvEC8oeWmxYr7wUalhJi8FEzHVGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VbHN7887P5jV1fLbLmTagSeV1hOPIrcrTM8OzFtOvN4=; b=oa670cUFPRdPMwLZ2MDxt0HRp9PcYjJ+23BUfTy5rzFAqEscB01HQA1Fcu78dwLowG0J0qkYL3ytmr8Fvxo3ZEboly3GLtwMRaGy6EZJ1BnsfMEwQ4xGSWK5hBDwCj0obOnFeSf6Wbjsys33nKC/43YGJA7PqShhPaOZCET16kT4gxqyAlcL+Sl1EOqR/N1WJHarpHfwd6+NaebPCqnPY1ayUQgdYDohCCnmqKYi++dHahPWXziF3kgrlIlMqmOgPGlG8B7DLpINjWU9W+dem/Z3jpgJx6R8LeMguieeP/4ls6sxyoeF8FkCypilCPU/ytv5M6wgZvJ4lJuTHD8f1w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VbHN7887P5jV1fLbLmTagSeV1hOPIrcrTM8OzFtOvN4=; b=WW7iXPHGot9yqCe1r7PD7iCcjAxXb6dfmqBJXkVhugBrHaQqLUgQTVm8eq/yIuTsgsZoeuaMGFxVinhpkOPdFi6xGMtPcxWy29MdvfEmkI0rllFqjipcpts8Gy+3cGv2KhGgfSmcXrimEAgD84bq/aLBaZtkGdZkX3VFfLt1KQo= Received: from MW2PR2101CA0017.namprd21.prod.outlook.com (2603:10b6:302:1::30) by SJ0PR12MB6878.namprd12.prod.outlook.com (2603:10b6:a03:483::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.19; Wed, 26 Feb 2025 09:09:07 +0000 Received: from SJ1PEPF00002324.namprd03.prod.outlook.com (2603:10b6:302:1:cafe::4a) by MW2PR2101CA0017.outlook.office365.com (2603:10b6:302:1::30) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.11 via Frontend Transport; Wed, 26 Feb 2025 09:09:07 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002324.mail.protection.outlook.com (10.167.242.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Wed, 26 Feb 2025 09:09:06 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 26 Feb 2025 03:09:00 -0600 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , Subject: [RFC v2 11/17] x86/sev: Enable NMI support for Secure AVIC Date: Wed, 26 Feb 2025 14:35:19 +0530 Message-ID: <20250226090525.231882-12-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> References: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002324:EE_|SJ0PR12MB6878:EE_ X-MS-Office365-Filtering-Correlation-Id: 446779c4-aa1d-45df-7cdf-08dd56453939 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|7416014|82310400026|1800799024|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?VgsGhzKNXeUs9U85UOwusNUFgbxsBfK/e+ITxAL5IddX7vmA9YtQ75/FvpaU?= =?us-ascii?Q?cL8KN3wVesW7aCZqwWm+n/CHJ3YF0xtm6kxz+o6bdS1b97JK6Al8a00iqgbA?= =?us-ascii?Q?RdWAwDcwgDCYP4jjHyXEbow+2kCxLPRpoGPzsw6xM/AjnlQ36/oOtKY4eEDq?= =?us-ascii?Q?q6d2/zMXYzU3T6WqleMNMwIu2x4HEESz2YKfddwmGaPJ35yoPFUcvVrxO2kn?= =?us-ascii?Q?PCS87azYr00kYeq04n3TzXA/nQ1B2lkVrG4cgE/AFsd4WiYKLQ8FZyin0Jb0?= =?us-ascii?Q?/0mWwR4zjcVahl9zI3D2ruV0dU+8gids4Scu9Lj2JQwlulOZ9/k/XAf2H59y?= =?us-ascii?Q?R6z6x88VF8sogLJRFmmNMYUsZA9+iJ28ECq8GG1BJ2UYLkz/jxGnYggRUOGh?= =?us-ascii?Q?ccPrnMH0grnkaOtjJJy8d9Up/MDco+2PdiZeZp2c5Fh7bNMyIfvCh7UyXxxC?= =?us-ascii?Q?mPmontTNWF0sDsjBg+JE60qz/VVA83RwTSg2J7bNQyZHVZYJ2TcjeTxOC7hk?= =?us-ascii?Q?NI+9fM4yzI2yt8dKwfd8v3ZYcRy0+aE/EdtVNX5j3+CVpS16uvzB7euHtn1Q?= =?us-ascii?Q?YCpu6AWalyVX6z9wKFsG5lOsTd4xMT0HiGP0UrhuBab8eSO8lYXOLqsOcF9w?= =?us-ascii?Q?/bs023L4UBw+9uiECPwWII6ElvtiBfKBLekFcc1BQ78a9NlwH70nuQTpnusW?= =?us-ascii?Q?i6jY8K/g+uAy5speN7J46mu08X/cLXKnzvPWhFBoZYO6XjjVwQ2ArYzVxfSQ?= =?us-ascii?Q?sEPE4qLXISpvCVe4wgbggn0+uckS9MX92d5VZzmOFuWKBoA+1jfbbH4lgEbx?= =?us-ascii?Q?VRbEGIG89BWylPXAdGHl7UbrDjypPjU45bwo3QUK/LOOdZTIgdGq3hj9+fCP?= =?us-ascii?Q?ByHsy9dAaS44mIpkiqwmk7l6WTqUX+eECUjJnDeS6IdmNfK8eIaXIQe0SheV?= =?us-ascii?Q?f/95HfUjOfRtGQ2clFiVCAQKF4vGCbdF6yh4r64hYmLLAZDYhIu69ospb2Zo?= =?us-ascii?Q?IMXkGCNIbRj3ccu7bCtj6Ck/fVPW5Ge+ekIAI6aRqRTCVVn3qKgeZYyDfAjn?= =?us-ascii?Q?NDvLE6T0EARt5U2XvgoMob/KkB5gUT4VYv7zK8siS0Yt2Je1JpNIUVUcYt4f?= =?us-ascii?Q?wuzA+1C5PAfTp5ih8XUQ0I1tfAY+5Nq0TwSsZyaVz0mwTAzB5emxhC0Nvdaz?= =?us-ascii?Q?Lph8q/g3l31Mt09ktGyN9NR7LMbgq4SNs9FO9CeyVTAfO6UOwj6LK6RPobV8?= =?us-ascii?Q?dUY7RzytnbCtXMBK84506GmoB/1ZXYoHP8pENTy4zc3YdgNbNj8maeoXxd2u?= =?us-ascii?Q?rQBibUQjclKE1gVnyOGa73pKzZ8NLfCAGk5bmdBhb6SKz4jxCGaaLuV2f1M5?= =?us-ascii?Q?WuQSAkG+/sPel42xr7nTQPEl/E4EHmnxJW6tY2/cUctGwRqRI7GOlZot8WE0?= =?us-ascii?Q?1KppQ6106pYBLCsMJBKTYqD43XGCp7a48sG4HsMzQI/4Kfnc495Mlac5svzo?= =?us-ascii?Q?5+WjOnz/mYUuXZg=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(7416014)(82310400026)(1800799024)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2025 09:09:06.7716 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 446779c4-aa1d-45df-7cdf-08dd56453939 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002324.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR12MB6878 Content-Type: text/plain; charset="utf-8" From: Kishon Vijay Abraham I Now that support to send NMI IPI and support to inject NMI from hypervisor has been added, set V_NMI_ENABLE in VINTR_CTRL field of VMSA to enable NMI. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v1: - No change arch/x86/coco/sev/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 8a4ad392d188..248ffd593bc3 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1273,7 +1273,7 @@ static int wakeup_cpu_via_vmgexit(u32 apic_id, unsign= ed long start_ip) vmsa->x87_fcw =3D AP_INIT_X87_FCW_DEFAULT; =20 if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) - vmsa->vintr_ctrl |=3D V_GIF_MASK; + vmsa->vintr_ctrl |=3D (V_GIF_MASK | V_NMI_ENABLE_MASK); =20 /* SVME must be set. */ vmsa->efer =3D EFER_SVME; --=20 2.34.1 From nobody Fri Dec 19 20:16:20 2025 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2088.outbound.protection.outlook.com [40.107.96.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F824207A11; Wed, 26 Feb 2025 09:09:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.96.88 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560969; cv=fail; b=dDl9wC8tYUvg6OPJSVRFyuFrharu/YBzcWUQPs34EhLYzMqLmn4pp500+pf76Rma2ipUc7iecgP7xi4B7C0B6oSCobT/jr+CNp7cFqVj7zhziDLZaKox/64BekMNwOQpspPu/PVskq1xpl0FryOm3Jm5GNDpPHB9dBOGCuxSOQo= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560969; c=relaxed/simple; bh=h/pt1aHaHip5Kqqwlr73A9STFhfHL9DR6wZEVDuN+44=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=pO8SuE0LXaWT/tr4mLcTWD1keDNvOvHCFGjWPcwFgsG+zXFypJI+3QTei8iDilSKZ9LOwPcsbSQxl7JIC6JYFppYUS3PwIQTU+snNVlQun+ZegKwqlFrgHpRxpUpDFFN3/Of6QB89Wdt7AyLIpKi83Pz+sQpCeP5bPRZ6dlkGZA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=bz2P3nMs; arc=fail smtp.client-ip=40.107.96.88 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="bz2P3nMs" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dJTXM0gTE1qcfljjtNPty79GuDRlYVZTo5gEEapNihopDn0nFDEm8ILauhMZn30OQ/ykijmb0iAkKgFR1wIYDGSjav0IhAiV9Cv2u2XVSqOYEo8mtCzx4EbhRvcDA3ZtuAVQLik6eZ2kvEEeD/Absyz0TVPCKZJTlDlBTux/aWKbsIzdY5iJ33vsCG62ynKlO72EC5L3k/7pHgKdGaN3TTdP6qqvhT479hgxRoUJ0ASkpiJPUKm+GBUr5iOC2GbsFpD4PSPmKLKjVKpgC0myY9gty44nCouKYsiaL0KN6snbqt4vobl2X3wZ7YXIrWORDo3J3kd1M/5xewnfrmDwaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LT8TAtTvHnJKQYu5eVpuIzo0wqOku7EBcHxda85Dcjw=; b=AuVXzZYlXvRdr6r16KGDPSt/EE+UZjq99WtxgVbr5WcCxEatGnyOkxE6tf3PWJAQA6GKp3r4EUQimcvWI9oLZq4CowgaACn6GLEuZBs69FtDu9HndHE+r0EjkEDksOzK4dceee/69NbBMmEgqA2BTl+VgZoP8s54Vx8/0b8/JTWa726xDLJxbzsg2+KamfDTKymoT+xu4IC7ysg33M3D8D4KcYEvNyIrg9M6M1ptZ2zVLU2blEfdojOeth5dhK6/Fw0afxH+mmRnytWrtE0Yqzo8/BTDM61LW/60A9XrgOJQPjts98/ERg0jqw7mHiPpxBqBQ9XM8WDsdaij8uzwnQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LT8TAtTvHnJKQYu5eVpuIzo0wqOku7EBcHxda85Dcjw=; b=bz2P3nMsdKqRx6P9hgzPNIkcy9b12PRTBMRHQBUdBqdAKBPH9N/t4TdNXDIQwY7uFrpL46hjIB4K84PhVDdfulvJTrYeqAnnhY7VtRH01sBUJivvGJXtReT6Ay80R7h4eLStC7rN+J9juHhCRZfBTHkbGvxv5tdk9CwpNNbZNm4= Received: from SJ0PR13CA0060.namprd13.prod.outlook.com (2603:10b6:a03:2c2::35) by MN0PR12MB6197.namprd12.prod.outlook.com (2603:10b6:208:3c6::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.18; Wed, 26 Feb 2025 09:09:24 +0000 Received: from SJ1PEPF00002323.namprd03.prod.outlook.com (2603:10b6:a03:2c2:cafe::4b) by SJ0PR13CA0060.outlook.office365.com (2603:10b6:a03:2c2::35) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.14 via Frontend Transport; Wed, 26 Feb 2025 09:09:24 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002323.mail.protection.outlook.com (10.167.242.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Wed, 26 Feb 2025 09:09:24 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 26 Feb 2025 03:09:18 -0600 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , Subject: [RFC v2 12/17] x86/apic: Read and write LVT* APIC registers from HV for SAVIC guests Date: Wed, 26 Feb 2025 14:35:20 +0530 Message-ID: <20250226090525.231882-13-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> References: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002323:EE_|MN0PR12MB6197:EE_ X-MS-Office365-Filtering-Correlation-Id: e6974045-429b-4a7a-0413-08dd564543d5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|36860700013|82310400026|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?mLtoRA2fkwcyAtOAchqHuMNZ6NpPWNZA3r/FNyOSRyJqTvdETwsmMyMG263a?= =?us-ascii?Q?EE3J9uSRrS3iAsz0Qi0+X1a8MJiPP81e2xSHBsKHIZLD2+ql67amm21CgtPF?= =?us-ascii?Q?Hec9F8S+zNYgVLwvZG5H8h0QF2dSRruqQIiGLxPDbclllNhMZ99yuKf8eQdX?= =?us-ascii?Q?jxao8mAOzPUbpRXwXLfV3ts1hosuMJKHNqy9g3UnJTWkd+PMxD9QTcHpx0jf?= =?us-ascii?Q?1VsfxvC5N04RSeuZFMew9oRmHtQOYJISIv+YCf3wN+GM3ID5WRzQcXI7lchB?= =?us-ascii?Q?oeX11aSjcaGY8gmyfgMGODd/vOi4M5yXVbe4SnloYBnO08ywu7kC+hv3mO4u?= =?us-ascii?Q?em4eDbGwVqVLMhMbHesgCCsVmAUQ51bNam9mWwSotdlvRE74pZVzmbeNaxVz?= =?us-ascii?Q?SZA7shOYHpyZFYt8bsM7UEtJlvoV79HDIBjG/APfguM7rTvwpMRFOtAUFXXP?= =?us-ascii?Q?7xaIGMFpYqH8D5nAbdzl4eQ+OtA2cvbwtbfpTU0D5MuniHiHmJ+SspbXJ8Lf?= =?us-ascii?Q?4ymc4nXjXQ6u4HqAEwB7UumqzIKySxxptksXuMmPwGUSjg6OUWDRLLeFZ1dv?= =?us-ascii?Q?c5aK5cdL2+yLDURJuH9peEIrW9fjEt1Q2MfMqIWg5layocYlJn75dlORfk7S?= =?us-ascii?Q?kz2yQcs1MPGqWlX1PoZxl3R6hnR2xg7WpskAvcnnrzfx09Oh9SxchpbTK186?= =?us-ascii?Q?1XZxmKdraYz/4X5YccMOVmBESHZclxkTgcpoVcJ1orjytsnP8RNKPxzTSbDA?= =?us-ascii?Q?+S7RmJE6zMy/Gshh8I7Mv+BLplIVT3XJ7H6TunS6CzCyIBj0P8HZGX0tO/xM?= =?us-ascii?Q?sB5rk+9vg8fWz0lshE+1t4VKPDzkTPDau69e/LfkywwpvULD1H861dOfPrht?= =?us-ascii?Q?Gpx1VvVKE57RCtRMqVFRvhmeIp44RLt7ivHyM8GMsAASeg4bJn9wkxWLvMSB?= =?us-ascii?Q?xXDmfHpNbOwuTJUBSuI4C61euxO0pMyMR+7rCxv+6FASsSuAcouogpbIzcsl?= =?us-ascii?Q?V+OSYbFuAAxNy7XgKAJDH4MDapD1XSsZn4XYVWthhimNqDLAoBdYmm7e3m08?= =?us-ascii?Q?bSTvYjM8nlrZZztL7ql/cuNiiMOwYJaPfcFSEcUGK5t/wlzLT/b4nARHvn/t?= =?us-ascii?Q?g2s25H0ZI2TYDzxXgo8Zcs15ikedEprb2YY2o7wBNPr1V/egvlrGPX/IafLN?= =?us-ascii?Q?py8DVGyjChoLw0BXth/QfR22X+X04ZvGt74KPo186NGer0t+GXiRwxjy5+92?= =?us-ascii?Q?KjrkxQvL1XZ2fCl1mEy4fapVgsLonq9EASBZgrFVieBY91P3rEQBdBOE4GZo?= =?us-ascii?Q?y1aAwGg7OlZRw6VklDxPWyrKlPkHm4XB8Xccz2kMSPk93QUzDD/i+HO83szT?= =?us-ascii?Q?x80f9qRcDBYSRkLLjjwue2TYXiP21zHGxBTGvZ3nVf5UiMBkIZzhwtUKoAxc?= =?us-ascii?Q?sw6UcsoS3wis73y0XeL5eFGHl1esevB4XsHBj2QYU/0qigtqQLzI/bEMXYbN?= =?us-ascii?Q?4IsIw4CTRKjRiMQ=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(376014)(36860700013)(82310400026)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2025 09:09:24.5525 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e6974045-429b-4a7a-0413-08dd564543d5 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002323.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR12MB6197 Content-Type: text/plain; charset="utf-8" Hypervisor need information about the current state of LVT registers for device emulation and NMI. So, forward reads and write of these registers to the Hypervisor for Secure AVIC guests. Signed-off-by: Neeraj Upadhyay --- Changes since v1: - New change. arch/x86/kernel/apic/x2apic_savic.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index 113d1b07a9e6..f6c72518f6ac 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -76,6 +76,11 @@ static u32 x2apic_savic_read(u32 reg) case APIC_TMICT: case APIC_TMCCT: case APIC_TDCR: + case APIC_LVTTHMR: + case APIC_LVTPC: + case APIC_LVT0: + case APIC_LVT1: + case APIC_LVTERR: return savic_ghcb_msr_read(reg); case APIC_ID: case APIC_LVR: @@ -86,11 +91,6 @@ static u32 x2apic_savic_read(u32 reg) case APIC_SPIV: case APIC_ESR: case APIC_ICR: - case APIC_LVTTHMR: - case APIC_LVTPC: - case APIC_LVT0: - case APIC_LVT1: - case APIC_LVTERR: case APIC_EFEAT: case APIC_ECTRL: case APIC_SEOI: @@ -131,19 +131,19 @@ static void x2apic_savic_write(u32 reg, u32 data) case APIC_LVTT: case APIC_TMICT: case APIC_TDCR: - savic_ghcb_msr_write(reg, data); - break; case APIC_LVT0: case APIC_LVT1: + case APIC_LVTTHMR: + case APIC_LVTPC: + case APIC_LVTERR: + savic_ghcb_msr_write(reg, data); + break; case APIC_TASKPRI: case APIC_EOI: case APIC_SPIV: case SAVIC_NMI_REQ_OFFSET: case APIC_ESR: case APIC_ICR: - case APIC_LVTTHMR: - case APIC_LVTPC: - case APIC_LVTERR: case APIC_ECTRL: case APIC_SEOI: case APIC_IER: --=20 2.34.1 From nobody Fri Dec 19 20:16:20 2025 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2062.outbound.protection.outlook.com [40.107.236.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8865D207A11; Wed, 26 Feb 2025 09:09:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.62 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560988; cv=fail; b=qMxJASVMdMtdPkNStsSGYSrGIPFJZBnju44+bt1yxmNXIHcgMdLtUEsxT6fiqjsRMZbR7cL42RkpYT3iBdu4l/y/MWdJMxHHkFPuMjtbHNeIlhMeUQ9JIo8hi8nVrV3Pze2xXVifjDzXXPfmtHbA70yhDMgMhF+S7kNBbKdW61k= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740560988; c=relaxed/simple; bh=DKBuCP3bDCUZnZtF2OLDlb3BS9CCOfXehMyTyXb/fsQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=rqnEUGdyO8OZMjA+bJ6PSGfmDb5WqOJC6dhf2IgOHxiodwf1cSHZu6ilbyhYzY2HpvJVtCsB+FLyGBEdpG/QZwiY99aMLV2MEAs6X82HRzmBMlxWX2gXtxFbuV+w1Gn6M/qunzn9EDtjtU0k6N/tiNwSmJUmCXHDfYS9a1QLE2w= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=V+ptEsS8; arc=fail smtp.client-ip=40.107.236.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="V+ptEsS8" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=SjRywftBA8oWSeE62K+be+iNnMBuKWOfDdoyrrXh2xL4UoHuiebSuZ0Cx7StUqaoIJbLHDFv4WQ4oM87Dj3lbH3rnNALRwMTxtAVfYgnooPgrFmBLhmXkdBsTJKBpr5n1Owm14p9qjVu8TpShDFQ+hgjnKS+cXnUOSPMh9Mzc1RhEiJX1ZdRnTt/PFqpqGbcvkTsRCLFSweHk1lAvfADTFsFe2FSBbVkOkmiLykiMM6loSZblG/AT7t1ECZKk9YJN4iznv77xC6QD++8M0oITdALRiw1vjrnfXLGhkOKZfo1mVwR8/Vl4JWgiB0rP5yYEgkPGdzE0JF9BfmHYi6Qfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kzN3awGFI5/Gu3MmR9YvsgM3pFo1Ik1wa0tE3/yUwqI=; b=b0i0Ms8euc2Bmyj/esYnqbdq7Wxi82kB++kSoulvWJWPo8yVdNS0YpzDI6dodlgxaZpBZNjct+1XlgXS7D5GDmKq++yqiTqphrMzGwRFqReCoZ19+fmxfFSAy6krcHEOsUIa7veoJRE8ZmT60cs7G+n0nQ/+CGDK7Kp1W8hJcgMx6kIZmjW7jxnNvV4z8eyP1ceuZr6QYsEP8KBdX9sWEItT6kuEdpDA5dh7JA42sQLlRIJLcIa09bxVRKU8wOz8Si4PzbvS8chaRb+WRPK72xcsXF218qbdLHzXZzjqGnErCTvVMFkw3UprLPrdBLWMyBs2BNJAImN70ColMg3W5w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kzN3awGFI5/Gu3MmR9YvsgM3pFo1Ik1wa0tE3/yUwqI=; b=V+ptEsS8TezYhXxHEjTbqh9Uk6/bkEGeRa0ZTeNRqhghKmDhdVbl0X/KGOCzTt0DU9/pxVnZZlu+CRqxZ9fm1uweJZhr70Z+BG17JKJo+3J99jH17jH1dN6UeraOFWm00VVSSXcs0vdYnPdjU/fzz813gzYIz5rhNNFxpIKRhGc= Received: from BYAPR07CA0020.namprd07.prod.outlook.com (2603:10b6:a02:bc::33) by SN7PR12MB7854.namprd12.prod.outlook.com (2603:10b6:806:32b::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.20; Wed, 26 Feb 2025 09:09:42 +0000 Received: from SJ1PEPF00002320.namprd03.prod.outlook.com (2603:10b6:a02:bc:cafe::c9) by BYAPR07CA0020.outlook.office365.com (2603:10b6:a02:bc::33) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8466.20 via Frontend Transport; Wed, 26 Feb 2025 09:09:42 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002320.mail.protection.outlook.com (10.167.242.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Wed, 26 Feb 2025 09:09:42 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 26 Feb 2025 03:09:36 -0600 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , Subject: [RFC v2 13/17] x86/apic: Handle EOI writes for SAVIC guests Date: Wed, 26 Feb 2025 14:35:21 +0530 Message-ID: <20250226090525.231882-14-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> References: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002320:EE_|SN7PR12MB7854:EE_ X-MS-Office365-Filtering-Correlation-Id: de6c52a3-aad6-49bd-5790-08dd56454ea0 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|1800799024|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?9m/EGpEDQm+772382gtmkZC+rEL6GkB3galLZwk+BBxk+TvptoBAxOrt6oGG?= =?us-ascii?Q?xpz28XxMfp8u1EwYktv4YjTeIcjVyYx+5hyDCCVcPQ61NGp2edZEvQFabuyb?= =?us-ascii?Q?hYfcjXy9L59S3rGjko1VoXxIsM/JR//uI7N32PRLRGH7pyLci8MhZWe47ItJ?= =?us-ascii?Q?NWRIXQIzdHQRvPd8geHl2t/S2lPaYKCvgENIitU0HEH6r5hKK8s/JFHE5aUd?= =?us-ascii?Q?t4QgVNi7/bg59ycFjnEYmP721KEU9wQmKtUz12k/Kqym/AWV6IC5ofQNIsWZ?= =?us-ascii?Q?COgCG5Xev/e1JmxChK6slW7CC9fjoy+jZra+lQALv4M/VFJEW3SaqPSYGDxo?= =?us-ascii?Q?X4YyOil3NV1PRHfyxzgt788GBvML6xZApVmQ+6k9VyNhWbSbjl4GP2bZIm+/?= =?us-ascii?Q?r1CbYoyL6fPxApoU9MRS2j+gZmM8fa+Kgu76LF+58u5eppMiQ/fmpRCf8lBj?= =?us-ascii?Q?9IZb5bUZgT24afhCJiKM2Uw4DQjWeqWTLKNp/bSLX4nXp7zBAmjruy5mEO8t?= =?us-ascii?Q?7z3tvOjVjoqbtMIFjS7+JKpz6sJ81L73NwxL9vXwvsoOXvDn5KUq8reoNmWQ?= =?us-ascii?Q?TNpWJ4kxvTFnJYqERzH1u2MuGqODyh6UJcweMWNJvDlQL2GPkmSkO6tCkTyU?= =?us-ascii?Q?SuMRTYTxBiEIOOY375sL2qB+d/4B92f9WM20kHiVWzT7M5wMH5FxImjagkhQ?= =?us-ascii?Q?oqS8tHUtYSKOOgbczFjjIh0Ab6dtTah3xrY5Qj2uvLmQl+jORG7HOVqfGzfG?= =?us-ascii?Q?lUT00B18XbJIeZaVd7fwUrIgYM4lnolRpcVcWo96K3bH64uWK0qRKRpdmH/Q?= =?us-ascii?Q?6Ajj5pf+b2mpIvmyyaa3qWAJHBNVFPAj+ILBsSFjvOGSwfsiOvjVZhKSSMmS?= =?us-ascii?Q?dbciWPWAzAvvsc3+EwboSC9npyeqv1vIYvHVrPxn3/V3U8KZiuOrydG3Xc10?= =?us-ascii?Q?zFkPH2O9yvOYT8zxOdtFmAI+vIL8EK6u5eTJ3dvOf1TDY/S5cxkzFwkdRuUr?= =?us-ascii?Q?A9SmK0LMB7hbCTEqRcSa3vhj1e1hPnFB/UaTH9oZiLw6k4CnxcGnFh+iwsY9?= =?us-ascii?Q?zirL//BHN1nCC9se5axLHoncQgNrYJqRGgdUwENHIyX4ZkhLN5ZnbcG8cZw9?= =?us-ascii?Q?QjbqHD7vPrM1aYaEFSqRB9wWB69RmGgBHECf9n5AYC+Q8WJWMYrDw3V0czZM?= =?us-ascii?Q?YY1TNl2YDmnZZhl8aAd1Yk+6Hs0v8qGuBJduXWViqibYLT7qc9mmVsxu//Mr?= =?us-ascii?Q?ZAqeKQh96CaomwTv662iEoerhKAdLb6XAPmu8sQdDA8K9rSSK2wQhsw94HRn?= =?us-ascii?Q?iaPOMteFiTV4LxhQABtEOcj/NfUn/QFgsceyf7lH12Y0HyLCHeFOcH9DZnps?= =?us-ascii?Q?Tc9LFM/lrKCtQME23OkzLMjAEngLWQFVUuCY55B5kT5HP9fcPwSxOeQAAIoC?= =?us-ascii?Q?9CWPU+wMYz8+DXL/3+upW2AyAWsxyB5GPhGJ4yzJDkATa3vfUO5rj0eqbJnu?= =?us-ascii?Q?5cOpa1NtluobpT4=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(7416014)(1800799024)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2025 09:09:42.6779 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: de6c52a3-aad6-49bd-5790-08dd56454ea0 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002320.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7854 Content-Type: text/plain; charset="utf-8" Secure AVIC accelerates EOI msr writes for edge-triggered interrupts. For level-triggered interrupts, EOI msr writes trigger #VC exception with SVM_EXIT_AVIC_UNACCELERATED_ACCESS error code. The #VC handler would need to trigger a GHCB protocol MSR write event to the Hypervisor. As #VC handling adds extra overhead, directly do a GHCB protocol based EOI write from apic->eoi() callback for level-triggered interrupts. Use wrmsr for edge-triggered interrupts, so that hardware re-evaluates any pending interrupt which can be delivered to guest vCPU. For level- triggered interrupts, re-evaluation happens on return from VMGEXIT. Signed-off-by: Neeraj Upadhyay --- Changes since v1: - New change. arch/x86/kernel/apic/x2apic_savic.c | 53 ++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index f6c72518f6ac..1d6f30866b5b 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -432,6 +432,57 @@ static int x2apic_savic_probe(void) return 1; } =20 +static int find_highest_isr(void *backing_page) +{ + int vec_per_reg =3D 32; + int max_vec =3D 256; + u32 reg; + int vec; + + for (vec =3D max_vec - 32; vec >=3D 0; vec -=3D vec_per_reg) { + reg =3D get_reg(backing_page, APIC_ISR + REG_POS(vec)); + if (reg) + return __fls(reg) + vec; + } + + return -1; +} + +static void x2apic_savic_eoi(void) +{ + void *backing_page; + int reg_off; + int vec_pos; + u32 tmr; + int vec; + + backing_page =3D this_cpu_read(apic_backing_page); + + vec =3D find_highest_isr(backing_page); + if (WARN_ONCE(vec =3D=3D -1, "EOI write without any active interrupt in A= PIC_ISR")) + return; + + reg_off =3D REG_POS(vec); + vec_pos =3D VEC_POS(vec); + tmr =3D get_reg(backing_page, APIC_TMR + reg_off); + if (tmr & BIT(vec_pos)) { + clear_bit(vec_pos, backing_page + APIC_ISR + reg_off); + /* + * Propagate the EOI write to hv for level-triggered interrupts. + * Return to guest from GHCB protocol event takes care of + * re-evaluating interrupt state. + */ + savic_ghcb_msr_write(APIC_EOI, 0); + } else { + /* + * Hardware clears APIC_ISR and re-evaluates the interrupt state + * to determine if there is any pending interrupt which can be + * delivered to CPU. + */ + native_apic_msr_eoi(); + } +} + static struct apic apic_x2apic_savic __ro_after_init =3D { =20 .name =3D "secure avic x2apic", @@ -461,7 +512,7 @@ static struct apic apic_x2apic_savic __ro_after_init = =3D { =20 .read =3D x2apic_savic_read, .write =3D x2apic_savic_write, - .eoi =3D native_apic_msr_eoi, + .eoi =3D x2apic_savic_eoi, .icr_read =3D native_x2apic_icr_read, .icr_write =3D x2apic_savic_icr_write, =20 --=20 2.34.1 From nobody Fri Dec 19 20:16:20 2025 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2083.outbound.protection.outlook.com [40.107.244.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F309C210F49; Wed, 26 Feb 2025 09:10:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.83 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740561004; cv=fail; b=qgJDyHej6m3LGACDbXaYEeMCVkK2gnQ0S1lRwh+og6mIGsVBTUGG+ovboBJqDrJ9PhIVBcIRjag81PhNkOYRwlTjN8j83iT4S291/UBOXeRQu1b3LUrQJmseF1PKClelFbtAOn+Gp9G098cl3Ty7oZSsvsrunpXiHqauHjHJYpk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740561004; c=relaxed/simple; bh=1p7gkVUnVNZ5L9oMsrn4uiXFDo3euwLL0HjAjOZSI3I=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ss1yDwD6uAUiO9hwA/QbCrvCmRBYitUv1JagRCjY6ZZT01ZgzrYqFi1OqV+5FSnEs2oYhoOuB96fglDwjty8wuZDUUvphNVyOs7i9yTcD+ouRvbnmke33DcfNHbf9GSPcm/8Ii/V9eAl8qXqBk8yowdEsAGLHeHons5YvyXbdJs= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=KRz5u8Ts; arc=fail smtp.client-ip=40.107.244.83 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="KRz5u8Ts" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=LXVe7IcN5TekqdTKpclUry7o8zta6NfyvnOafMz26TMHaIBgPN2325H797ABbOR+K0oCYGfxBhqDvjDv5sK2Gtj+P7KbncN6NuQ2PQvLZ1w9EUm1TVGkhvDyuC15iAVMBPX27GEjmAw1dQGuKdFVQFrlTB2ngi7KIq2yS9rGiRR7DmD8MnyJgDX+Gh+DJRnnd+95B/YqB52PN1ONtLpKlQhdM+pUn7VljNd40D8sbblPIWl5sPA8DkdOAxt1gKvR4SHBb7IjIK6e7e56J+Caz0SWxzqFb4rNwDcZZUMkHzQQNlqQSwOdRPAAawHryakKXAM7v1+yuScq6ThlmYEnFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6GE7VzxV928GCdTH+EaA3oph6oLlypqMAo/uitgdwfc=; b=TC4WGI/2y790z0gE1dO1WmyhhNaHGFIDR/sBGqJqicp4iAaGHNVdgZf8mUEacwn8jot2cfoAKS5tghr3GypuLd5NL/b+1Z8LSnLVm+WCBRoL7nAKFBO1A1DmljVHGjlu7wyQNGNechgXkj390vcwX5OhhIKflHSshznY8SCIfNF0SNVh6EbE6rQtooZjzUMPfqIc5i+osLgPnBDuHwYKBmLEFbl5zuk1mJSaDpvKHdg1Ns5lnwX4rl75pov2Ddm7JYKrln0a6kddClyb03vx9hgz5GU6XfXOf4h7UKDmWMhmbYpCoA/qzZaNrMMxI6z5SZfPG00ZM+DDYesNrIGuyw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6GE7VzxV928GCdTH+EaA3oph6oLlypqMAo/uitgdwfc=; b=KRz5u8Tsfnjdf9PkX/+9xUlM3bTpn3SJYD4nC2k82MxqW6vwS4BIFbtj+HhwZFbpk+kkEmQ4mKp3mTXqTpxZxbqJQKoej+klny3MI+ykCyuUMuLy5HrYDXSFbn1pHQJDmokHajz1AuJ32yF20xtRPvDQxr6FqKCScDJcL0WfDOQ= Received: from SJ0PR05CA0052.namprd05.prod.outlook.com (2603:10b6:a03:33f::27) by SJ1PR12MB6244.namprd12.prod.outlook.com (2603:10b6:a03:455::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.19; Wed, 26 Feb 2025 09:10:00 +0000 Received: from SJ1PEPF00002321.namprd03.prod.outlook.com (2603:10b6:a03:33f:cafe::b7) by SJ0PR05CA0052.outlook.office365.com (2603:10b6:a03:33f::27) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8466.16 via Frontend Transport; Wed, 26 Feb 2025 09:10:00 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002321.mail.protection.outlook.com (10.167.242.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Wed, 26 Feb 2025 09:10:00 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 26 Feb 2025 03:09:54 -0600 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , Subject: [RFC v2 14/17] x86/apic: Add kexec support for Secure AVIC Date: Wed, 26 Feb 2025 14:35:22 +0530 Message-ID: <20250226090525.231882-15-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> References: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002321:EE_|SJ1PR12MB6244:EE_ X-MS-Office365-Filtering-Correlation-Id: cb8411e1-1f7f-44bc-a4ca-08dd56455952 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|82310400026|7416014|1800799024|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?cxEiqtAp26/Y95nOypq9oMqUQiaJmr6dQHGJBCX7utqqUsxUL1dNwEEiWxWG?= =?us-ascii?Q?oYUinSTryzgyPOsTiYzF64Y6MJcDzM+jB553mn7wn8zMb3JfGTIP/n9saZl5?= =?us-ascii?Q?Nm2KEGfnxWYYm9wrCn2l2IELCV8VJD4gOLnmsu31C+btaN16A1o9DItasXTW?= =?us-ascii?Q?kDezI9LiKn71+vSi5c88bWc4xpROdgbzso1Tp9Wzmenph00xmDntEArq65uc?= =?us-ascii?Q?IowHAq3/HiTBn/sSLtxQBPDv/OA9q/3j6yQApK1lou8IoH2L/brerokB7H2b?= =?us-ascii?Q?jt7T32RolrEWf5M0WXZQ69ugNb/VDc4Cy4L87mqLw2Nnt3XJ602ehkhiiGn1?= =?us-ascii?Q?bfR5MmLGdEn3i5bJW0Sl3tLrfxEVAtDMJk5FWqzLCSS49uL9OZ61r2ZpnZpC?= =?us-ascii?Q?sheyP/S/GHjTJsXT0AxilSOH44xRx29h6MsO/cMN30KPHNvWESJmYaG1pyEz?= =?us-ascii?Q?WUcFlRV/++L3hvl8fg3/AAPJ+76lcRwoqBo5diWjv6UPGe6hgH3bIVp+WBla?= =?us-ascii?Q?NiGPadBh2jRxklKnxM3+qqPjdOb1NIx5OYZAlC0J2OOGObiiYbTBatlgkRR1?= =?us-ascii?Q?hfAEJGHEywHXPTmduc+dpypp1FeEkmv6JROSUFhC+srbf9Um14t5K68dpOv4?= =?us-ascii?Q?rozXI3l/NOKE1PHag7x7STzTQxBvuM/YYk55xH1vBZO5puOkh7QW7bHnjr6Q?= =?us-ascii?Q?r1wOIt05APCA5Ho+M3Th1jD/3aCUUSxWAoPlxRhfSTXz3fe1uBKR0rTQOn/V?= =?us-ascii?Q?3t4SQlfVWG+ofsdOQcZWrQAWHt1bJTxvGcmFIfoX2W2JJw+dhiynduPAI9zB?= =?us-ascii?Q?A0TQawPP50TzLcgQZLo8BH/YhhXJq/kbKXM47lC2FHzQHBJ7qj0wXeX+oJX8?= =?us-ascii?Q?VZ/CdrWSKF16aOiNbzXoBjXTiAfzkXtMvMJLq69RfUNOQsQSAwuvr1VMfVmh?= =?us-ascii?Q?JKWQCVks6bfLgA8gtqb1OKgIBeUoE4l6NrtKny7JXyzGMHqGPOJnavgTZOLE?= =?us-ascii?Q?COgrVkfRukHt7dyR4dRExdFgf2LHX9Gp4SvhHbn+KeioahVnFMAYyhw66ikt?= =?us-ascii?Q?x6sBjvI4N68hEjeo2eku3gp5gCt1HvWcqalcAhTUKJIQMHlAVTf25Z0UsBwP?= =?us-ascii?Q?bXU3cRH7G+e4opX+uS1J5RNbT+zIm6gjHaIZmHpnbVnYKu7/31lQ5mEbDcik?= =?us-ascii?Q?G4mre1do08R0vAktV74Lzz8z+4dmXUWb2u9QNbybfL2d9UHraYXyqL02wv0A?= =?us-ascii?Q?a2pJF3RuJIXloHEsx/HSF1svoZ5Kvne7sppzdjPQmZBYhTV1OEhVxOYlFD7C?= =?us-ascii?Q?BaVZAABGHQkGO4aMm/imscaQx3Vdk+trKke80brDOW5vRUg7bioBQRfwlb7W?= =?us-ascii?Q?fTUBpyOjP+punqojZgmAAzFh5eImaW0umJrzjTVOICG0Yx3bFUn0CTtbrkhI?= =?us-ascii?Q?aWZlk6Uep5xHpGwG0J91S7HxIhUnP2ExhRQthEYeEK3QRQWFztT+2Q1EUCvB?= =?us-ascii?Q?dylpTpbfbsDGYeE=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(82310400026)(7416014)(1800799024)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2025 09:10:00.5923 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: cb8411e1-1f7f-44bc-a4ca-08dd56455952 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002321.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6244 Content-Type: text/plain; charset="utf-8" Add a ->teardown callback to disable Secure AVIC before rebooting into the new kernel. This ensures that the new kernel does not access the old APIC backing page which was allocated by the previous kernel. Such accesses can happen if there are any APIC accesses done during guest boot before Secure AVIC driver probe is done by the new kernel (as Secure AVIC remains enabled in control msr). Signed-off-by: Neeraj Upadhyay --- Changes since v1: - New change. arch/x86/coco/sev/core.c | 34 +++++++++++++++++++++++++++++ arch/x86/include/asm/apic.h | 1 + arch/x86/include/asm/sev.h | 3 +++ arch/x86/kernel/apic/apic.c | 3 +++ arch/x86/kernel/apic/x2apic_savic.c | 8 +++++++ 5 files changed, 49 insertions(+) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 248ffd593bc3..e48834d29518 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1596,6 +1596,40 @@ enum es_result savic_register_gpa(u64 apic_id, u64 g= pa) return ret; } =20 +/* + * Unregister GPA of the Secure AVIC backing page. + * + * @apic_id: APIC ID of the vCPU. Use -1ULL for the current vCPU + * doing the call. + * + * On success, returns previously registered GPA of the Secure AVIC + * backing page in gpa arg. + */ +enum es_result savic_unregister_gpa(u64 apic_id, u64 *gpa) +{ + struct ghcb_state state; + struct es_em_ctxt ctxt; + unsigned long flags; + struct ghcb *ghcb; + int ret =3D 0; + + local_irq_save(flags); + + ghcb =3D __sev_get_ghcb(&state); + + vc_ghcb_invalidate(ghcb); + + ghcb_set_rax(ghcb, apic_id); + ret =3D sev_es_ghcb_hv_call(ghcb, &ctxt, SVM_VMGEXIT_SECURE_AVIC, + SVM_VMGEXIT_SECURE_AVIC_UNREGISTER_GPA, 0); + if (gpa && ret =3D=3D ES_OK) + *gpa =3D ghcb->save.rbx; + __sev_put_ghcb(&state); + + local_irq_restore(flags); + return ret; +} + static void snp_register_per_cpu_ghcb(void) { struct sev_es_runtime_data *data; diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h index 7970ead55f39..3f129c66529e 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -306,6 +306,7 @@ struct apic { /* Probe, setup and smpboot functions */ int (*probe)(void); void (*setup)(void); + void (*teardown)(void); int (*acpi_madt_oem_check)(char *oem_id, char *oem_table_id); =20 void (*init_apic_ldr)(void); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 043fe8115ec7..e2b1d96b54e6 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -484,6 +484,7 @@ int snp_send_guest_request(struct snp_msg_desc *mdesc, = struct snp_guest_req *req void __init snp_secure_tsc_prepare(void); void __init snp_secure_tsc_init(void); enum es_result savic_register_gpa(u64 apic_id, u64 gpa); +enum es_result savic_unregister_gpa(u64 apic_id, u64 *gpa); u64 savic_ghcb_msr_read(u32 reg); void savic_ghcb_msr_write(u32 reg, u64 value); =20 @@ -531,6 +532,8 @@ static inline void __init snp_secure_tsc_prepare(void) = { } static inline void __init snp_secure_tsc_init(void) { } static inline enum es_result savic_register_gpa(u64 apic_id, u64 gpa) { return ES_UNSUPPORTED; } +static inline enum es_result savic_unregister_gpa(u64 apic_id, + u64 *gpa) { return ES_UNSUPPORTED; } static inline u64 savic_ghcb_msr_read(u32 reg) { return 0; } static void savic_ghcb_msr_write(u32 reg, u64 value) { } =20 diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index 23a566a82084..feb2671d1e46 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -1171,6 +1171,9 @@ void disable_local_APIC(void) if (!apic_accessible()) return; =20 + if (apic->teardown) + apic->teardown(); + apic_soft_disable(); =20 #ifdef CONFIG_X86_32 diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index 1d6f30866b5b..6290b9b1144e 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -377,6 +377,13 @@ static void init_backing_page(void *backing_page) } } =20 +static void x2apic_savic_teardown(void) +{ + /* Disable Secure AVIC */ + native_wrmsr(MSR_AMD64_SECURE_AVIC_CONTROL, 0, 0); + savic_unregister_gpa(-1ULL, NULL); +} + static void x2apic_savic_setup(void) { void *backing_page; @@ -489,6 +496,7 @@ static struct apic apic_x2apic_savic __ro_after_init = =3D { .probe =3D x2apic_savic_probe, .acpi_madt_oem_check =3D x2apic_savic_acpi_madt_oem_check, .setup =3D x2apic_savic_setup, + .teardown =3D x2apic_savic_teardown, =20 .dest_mode_logical =3D false, =20 --=20 2.34.1 From nobody Fri Dec 19 20:16:20 2025 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2054.outbound.protection.outlook.com [40.107.92.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C0FA920AF8E; Wed, 26 Feb 2025 09:10:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.54 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740561024; cv=fail; b=YRc3i5M53YoUo0saSmH+HPjPuk30PtAeez/bNwPHc9Us1lKwQjOZdhuF6wJT9+9wIRS3sEkbow/8SmHG8DzjAfENQwFLPmgwToa0rNuEtlybnmKE04W5zsGkfKX/pW1Fu74Hq9RwvXKdXgvq9s2ZeFjhJOIs1hSdD1MzPVLTXNs= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740561024; c=relaxed/simple; bh=UUiIkU37FyyX2UUqlU8a6dF35nRaBUV1AK21cu1a/9k=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=uyDIvQn+CXd1beTaUPY9EvcFrgyJUCLixeMiCbr39SAJuDloDsrF3EOLzNpKQfTd7fu0WEdfIcFRWq/YaW3rJW+dh3M5qV3dTxFNbbFzrwKwhPA/fzMFZP2G/cn+BhRf19RXFtCXFt7y5nJs/wK+chpjGNDL44Koj/vwWjOV51Y= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=TuwWpoav; arc=fail smtp.client-ip=40.107.92.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="TuwWpoav" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=MCbwvEk0Faa1+SG1xf8m80/s6cbT+RZE/OnKcMUAIgCFanoy2HrXBi6dTy4l5AORyBgpAnqCRlpwTss5BHr6/wMVaMDMQpYU2nmxYj6qvkpT49+UARPbiwXyTntik17HbMQcYivamOPyNZZDNfxPGdbnGjizi5BLDVpSTAEu1Q6mGJCokSfgKXhClispbTIRRAjfIs6Wyl/Efum94F/DWXZ7XiamRFChN970KjrPpWTRWmg9h0xhrzGOEPYPEtColg0SjDQ8Smn5XI29vkmMr612E0xciQt9M1iuj6optzMxhUZ3nd+WuZUplckSN8ttDGN/4wCPZUAk79x1KLEVDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kd18RLjve6SBH+2qK58fUwqhQjWkc3kFk8XEZH7+1Is=; b=G9qGXAiKoooCeciXV5wyg5MpWE/S3CpwsxDOijc7W6/opxZzlk1xKnDxN5BhyHOEFHmBa+yrhqOuqBpnapUZUvT+ZmBXCa7ZsnK+jKqSPPb7guJn3f/e6t0U7levDnyWsXoVHr+gPFWWA9cjO2s6OBSZaX8eQz9bZoNbFQnu9qJEz3hhnETws1XyB5W7iI7bReBugzT72A9/u0WStjrsu9AR1VvWsvIAew2IONXHF3aAhYrOtzNNDcjSZtkbRjQeJ6mzPH0TCt+8FfVhDGVpG9e3T40I65CSIORuSGUogQxK9Rnb9EkK60Eup64Td8hbwGMtKZzXAoELS9DKQQSLoQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kd18RLjve6SBH+2qK58fUwqhQjWkc3kFk8XEZH7+1Is=; b=TuwWpoavXxzwR04SpByqX7bbPTgrSJdAeAayx0mWDOcD2XITZeXsk6RMBFITP2tHp9fPfLS+LzKJln63d3AxkSE+19aK8hpgde/LwKEHcjsR/loPPsV8JOhNLkZEEh1GEfU+l2xJMQi8z2m7jVUnKuro7mjyBf1t+K+ndkg9v6k= Received: from BYAPR08CA0009.namprd08.prod.outlook.com (2603:10b6:a03:100::22) by BL1PR12MB5946.namprd12.prod.outlook.com (2603:10b6:208:399::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.20; Wed, 26 Feb 2025 09:10:19 +0000 Received: from SJ1PEPF00002322.namprd03.prod.outlook.com (2603:10b6:a03:100:cafe::80) by BYAPR08CA0009.outlook.office365.com (2603:10b6:a03:100::22) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8466.20 via Frontend Transport; Wed, 26 Feb 2025 09:10:18 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002322.mail.protection.outlook.com (10.167.242.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Wed, 26 Feb 2025 09:10:18 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 26 Feb 2025 03:10:12 -0600 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , Subject: [RFC v2 15/17] x86/apic: Enable Secure AVIC in Control MSR Date: Wed, 26 Feb 2025 14:35:23 +0530 Message-ID: <20250226090525.231882-16-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> References: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002322:EE_|BL1PR12MB5946:EE_ X-MS-Office365-Filtering-Correlation-Id: 7f98cdaf-60d2-4ea0-1ffe-08dd56456408 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|1800799024|36860700013|82310400026|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?5ggCTyAKvEr+2GjCaaqir+JortaPdK3Trxu/n8wYcI413SwpUydOQFLDFzoj?= =?us-ascii?Q?/JNL1B/ZDMRxHrbSlbcDxoVysHU5Vnz8TSm+NNhWbkqBY+777t9oyxX1RSs0?= =?us-ascii?Q?MGSJQHHw9Jd0J33Dlm+90eHlpESipovubh1eTznKlaWRufK9f6B9X8TexoGi?= =?us-ascii?Q?CMnuxGxG88bFxezt3XRGc0c0Gi3NA458xXKShIoGOyDJi1IBt0H9wjgaaLhk?= =?us-ascii?Q?P2TmcmdbgUN5dg9gsqbXQuYsn+xNMOcMCtfkHLNbXzaPiCGwTeIsw/pyvSGt?= =?us-ascii?Q?GcBA6AV6SGb7+jH0Nd+xMfAI2I1boEybsCFOwv2m6MsgiQkGsHaF7XHIhYEA?= =?us-ascii?Q?licepfndg0NKXMQKIIhF7UCMQQqysrG5wSS3LNTuv3HoV+/134ndge5LRB9Q?= =?us-ascii?Q?2CpAjD+EJkS8XB5GA25R3e+sis3mtpU0BD6Z/H+u7ZmokLG/f9k9YkLRFQOf?= =?us-ascii?Q?HeepCJkVf6/mpWFuepPbQWIkxQA1A5rakh5FDgIx0t0Ur72Av5U8sCu362b0?= =?us-ascii?Q?fWyo5dZaMtePGiAFBw7qGDmk5d/3nkPGkyJwT7UNZYAwHzDjLkacVAsAkYkl?= =?us-ascii?Q?swnyz0rSaF56n43GN4yaEu64bqJEyHHoAdGkwydtIDWPS2jqDMlDLVkFFHyX?= =?us-ascii?Q?9EAFeh/htw1L3fGEZI+qQfHyE/iAcSBOHtj2WoPYAD/H4tKZT3ktkDfTcFK7?= =?us-ascii?Q?w1exTMt5tjY1WSUHSpUeAgK9YtwiMrby5ZJmgStlkB/mSDtg/rmc7G0XIBK0?= =?us-ascii?Q?aCd4aWq9oPqcylfrM2edFnRGwOWIxWDpVc+ZCr7/3vWITk5F291w6zg8xkj+?= =?us-ascii?Q?Km+jL07hVe2PC2z07zP6xouWV61wIW+bi3YFkgKpwy4x3aaloi26TKPIme6A?= =?us-ascii?Q?FTNjdYYwhyjxSJcmcXnZodkTMRxCiL/Hb2E7PpsnZZlboXJmYJbkBRzSybGD?= =?us-ascii?Q?4Z6ual+NzwmX1iElEhacMYvldL9TJU1orUW00bVX4fq3xZNOXzgMWbS+OWDE?= =?us-ascii?Q?Z8880zIahSEtvuVCgMaxchaA8bR9aP6SVajy9DSQMUqsZgULT83LNyWuGKgk?= =?us-ascii?Q?wIdE4eMubMHD/s/77OwzNthMQGysO/3zvNB5yuhYN49E7H3D4XtWUFTUBfm0?= =?us-ascii?Q?oYzhEr4MJo4baNmls/3Fvk2vZgkTDA7ofuR2SDNv3TrC527SejNghugv2qB/?= =?us-ascii?Q?K9Nm0mOTY2BEVlOZJ9ZDKPRoqyU81h9vW+PxV3iqtJiaJGw1iGlhFYIt1H/2?= =?us-ascii?Q?uQCnLTKiKphtkSV1iyKwKNQQfnxGT0B5uifyfw/DJnU79+cMNp3falv7sHKb?= =?us-ascii?Q?CWw8Q9k0exGvKYIxugbejMNbBo1t96/03rxeqs0R4WtEZiAkpkM6lapvgWYo?= =?us-ascii?Q?oGJtZWg2aGwTz4y/Da8RGo/1gNXduCGqAXzYkg5jTVVK84YUC6yZfkL2oTcj?= =?us-ascii?Q?mGqHN3v/viYF+Dl/Oou6T1Aw8G9lefc/W2g/XPOWYvq6cL7ZEkL5r/lvKCqi?= =?us-ascii?Q?4r0aBKSN6Jm/J90=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(1800799024)(36860700013)(82310400026)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2025 09:10:18.5745 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7f98cdaf-60d2-4ea0-1ffe-08dd56456408 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002322.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR12MB5946 Content-Type: text/plain; charset="utf-8" With all the pieces in place now, enable Secure AVIC in Secure AVIC Control MSR. Any access to x2APIC MSRs are emulated by hypervisor before Secure AVIC is enabled in the Control MSR. Post Secure AVIC enablement, all x2APIC MSR accesses (whether accelerated by AVIC hardware or trapped as #VC exception) operate on guest APIC backing page. Signed-off-by: Neeraj Upadhyay --- Changes since v1: - No change. arch/x86/kernel/apic/x2apic_savic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index 6290b9b1144e..2f3482fdc117 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -413,7 +413,7 @@ static void x2apic_savic_setup(void) ret =3D savic_register_gpa(-1ULL, gpa); if (ret !=3D ES_OK) snp_abort(); - savic_wr_control_msr(gpa | MSR_AMD64_SECURE_AVIC_ALLOWEDNMI); + savic_wr_control_msr(gpa | MSR_AMD64_SECURE_AVIC_EN | MSR_AMD64_SECURE_AV= IC_ALLOWEDNMI); } =20 static int x2apic_savic_probe(void) --=20 2.34.1 From nobody Fri Dec 19 20:16:20 2025 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2062.outbound.protection.outlook.com [40.107.92.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 18F41238144; Wed, 26 Feb 2025 09:10:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.62 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740561042; cv=fail; b=azIvP4umhOvB1RrBPSd0lmb9X8EUAfuATNo6JtdVM5cDbVLbDb/3owF0wXkx+MZeRiiHG+xed5EGov/elyD0ENd/CqDa3gsZ5DJuyj8nf14UNlxt/XFj4YvCnTmuNh4JqP8BVdR9jEQzA1M8u7DjRT/HP4lLaMi70hnfjuWwWlc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740561042; c=relaxed/simple; bh=+Xfnr8MphZpO5UPasZrEyvdfar6bs/DjsXE0jSJEj7E=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=gG0o7Blcq3zF3zJGLP2bIYGtRoK20qkXAPT7Ad4eGg2wH6yJGtGljbaXpAXnmxes3YVlCXP4lezey3OcnK+c9XOzCc16ZPzA4dMqwm+pF5ywNvcHKu2JorTmi9VeAE/XWCrLl9ELW5l+q5bjYtpf9QNv28FfKRAGli70HKZq40M= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=c/pTMwIK; arc=fail smtp.client-ip=40.107.92.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="c/pTMwIK" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=XSRfFXn85JaTKiUX+7UJFIgKYbF9yrUKFZJ1kVlBpn0+qO0busxOpa6qhavkH7iYKFbmBGHQn0PVztE7tuMk8uEq1SvLJegUU6M1shtQPJ29rFEYsO4n1fsVZ4cvsTH00NxPEroZMV32zj8qlVEDZvaG2z40iB4xYgDeFBi4+VDgEAAqT6Z4gCnI0I+CifC2WLnJdJF2eqB0AR1amDJeCORnFjWH/NUwEeWwHuq+fjXVlRyvOAbjSdtcFBhrJoRfCSDCA1gDi7hKnwz3mqsq0vK4lNCV4GRCVV4C+yRc9ZJW5TGQ3jLs40ot/RgvKHEUB3gYBQ2XnoZl2r1e1UDl9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yBAORP36+LI/H8y1KciXv1sNQQQDjvx7jAtkOVOA/No=; b=fU/b1K4cTJI6LJ0FXGuNaee+Jd+qVnSrIZv7139wXasAAmap7ZXGZDHHHpQQDMeui8XB0Wu4Fi6sFrkZQ+kt8xAosT4E8M/XZLpfdn/XbPhkQ3+4y9iwsCH+rT68iJqLzgu6P+Ho62Gf4mcW+5iSBpCAPb1kQp48edy8oB5hr9NNd90iPxH1A0+cijGSRsZxdEOUkZjmXbp/8tJntlxU0Bwb7bLwkPv6bdjPH1WPVZN7fDLKGvFGCmNE1rpqxMK8l6rv41pCC7BUs7PAxO5hKXcre3gHgYU7TpYDdWbRnaNqXM6AY1O+VVDbgYPbaKjANWxV5DE0bg1wZNaCMRjfPA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yBAORP36+LI/H8y1KciXv1sNQQQDjvx7jAtkOVOA/No=; b=c/pTMwIKh1qs3qX+9TC6Z/YpoQlg2IaOEwvW1cnruDAYnip8F2qT4bhendvdaPP8D/Xnie/Zd4xMKJ+4tZnXu/2/1ctSD/xqnwvgcMeIbwQCMlfwA31edyVKXrei680ecfvBshOuNUY7YG8I6kZ8/4cEf/wuMZkw4LZJkxy8cfM= Received: from BYAPR06CA0055.namprd06.prod.outlook.com (2603:10b6:a03:14b::32) by DS7PR12MB9501.namprd12.prod.outlook.com (2603:10b6:8:250::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.18; Wed, 26 Feb 2025 09:10:37 +0000 Received: from SJ1PEPF00002325.namprd03.prod.outlook.com (2603:10b6:a03:14b:cafe::60) by BYAPR06CA0055.outlook.office365.com (2603:10b6:a03:14b::32) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8466.21 via Frontend Transport; Wed, 26 Feb 2025 09:10:36 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002325.mail.protection.outlook.com (10.167.242.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Wed, 26 Feb 2025 09:10:36 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 26 Feb 2025 03:10:30 -0600 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , Subject: [RFC v2 16/17] x86/sev: Prevent SECURE_AVIC_CONTROL MSR interception for Secure AVIC guests Date: Wed, 26 Feb 2025 14:35:24 +0530 Message-ID: <20250226090525.231882-17-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> References: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002325:EE_|DS7PR12MB9501:EE_ X-MS-Office365-Filtering-Correlation-Id: cc209ac2-03ce-4090-1978-08dd56456eb5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|7416014|376014|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?ARd/OCJOZlIee13PvjpqdGSIfm5FPwLJ1zb1NZP2LzOAlrQdnzVrY7OGVg5K?= =?us-ascii?Q?K+76/RQSkC6GcMEgNlFsFpcX8jB2fSTQNBlOtC7rReEfoXCRF7mh5SsZx3jC?= =?us-ascii?Q?TIcq4l+shVakGQj1UebXQZqDsCLO/Rlw6XftngsbIp2qlstkJqXhOoe46VJD?= =?us-ascii?Q?PvoMSL1IsizfG1K7+ldqEkbHcAggfn1JLDYDCU0E1jrfpih7OR1cLJgHXubr?= =?us-ascii?Q?oSqJyhUQCijtTEzrU9LibS6nwvYCyIPYRk4WyOqiUqOZjH54bESs0U7/Qvzh?= =?us-ascii?Q?t1sNQY6hjGXQZrteq9rJdnLQszF3NGjsr+BjcWMZoP58yZMxgGIzDmhuipto?= =?us-ascii?Q?39XDlDgHYNLhxA71vCQJfsJP+KP+PpUu7fq/sH4XlJEaBfaPfVoTOXCBjfJH?= =?us-ascii?Q?46t93WYxHFdglGih/rxFe9UVSnAJ8x1In7zpX/kdnD5vJ5fhHLXwOxnF6jXz?= =?us-ascii?Q?1+cdtBtNq5yzzXMRCjTXirJPbDfWGDvpgZEkuxjk0Doyzn7cSNV1cxBbOy/j?= =?us-ascii?Q?VA9UeAeUxr9BcDCxauUEMfFBY18Oa4a+faWRqCK+GWltvXbiJ/WeANeEIU5B?= =?us-ascii?Q?R5lAsD9H4R8pyDmRq90md4lVOO2zEDlEkBrGWCB2UGbKJb2JHMI6pCWQG6/X?= =?us-ascii?Q?xz+AQpCS6GHjaSdcsk73TBDPcr4crjUf5/AN7NtzviCOCstGzlnytsbIyoRh?= =?us-ascii?Q?xXMFy5lQ/EG5RosKzMgrShXC4OVMagS/H3hMjvVD4WNFV0SL+FtGIr2wCeh7?= =?us-ascii?Q?vpXXxSgkg2yIl5NazEF8WHNCOjm0LhKny98Bh7YSA6w7IkZgX4mJH+hrKrBy?= =?us-ascii?Q?INJB8gT9xDC9iREnIgpX5dJF7YAeZqB/at+2GchxRj5uNd/hBY+OwAtbhcim?= =?us-ascii?Q?tS4h7a9/8RwsP1QF7NQzUYaTWa4TLdVilwpq+IS3uyCX5+v8ApSC+e3KIXyw?= =?us-ascii?Q?q6P+i65lq3bLXR02YGBOyQ/YUtymrJZbaN4IgTQJ9mZ+GjQqs2bOBPiLqXEX?= =?us-ascii?Q?AtMUZfo3Fpg2MiLROEIEQH/sk0Oxp/n8ej1pd6Dqjb/9NjZivxoMCgkTjEyv?= =?us-ascii?Q?dwK4p7k4Z6xv78PM3vpaNQHgylFpuQjLM1aXrjeOPQz155f3pIfRpR/URWwx?= =?us-ascii?Q?u+jl6F0jSV76yLwQ7ksPl43BiSxB76+azjL9zXfbRlDXeoVQ3ri1St8fhhDO?= =?us-ascii?Q?6z8y5qIq5B7sYB2nZfCcD/qCa/vkE1CBiQcZ3mMEId+A0aOiH49g0SyKqQns?= =?us-ascii?Q?FKofoU4OUQc6wc7enU+6CoJAn9b2U+5HamSko+uMfTY6XCuNeX4MnJkZV9xb?= =?us-ascii?Q?UpGQdbPDscL4TMyXG7ndIqJPGJfW2lCkvOsZsbrcDSadYRQbh9/5x8WMUEQF?= =?us-ascii?Q?lcn96JR7F/sjxrVOAEvIPi9f6K8FTKU4mJsrw+A48GDW9k4R3QK+2kCLcnqA?= =?us-ascii?Q?s6rSTg7xgF2xyfCCjqo4Aem5NLWygyPo0BB+vecd5WBOdlSgXnB15yQNpmTq?= =?us-ascii?Q?JaZKIoPhjhXmHZE=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(7416014)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2025 09:10:36.5010 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: cc209ac2-03ce-4090-1978-08dd56456eb5 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002325.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB9501 Content-Type: text/plain; charset="utf-8" The SECURE_AVIC_CONTROL MSR (0xc0010138) holds the GPA of the guest APIC backing page and bitfields to enable Secure AVIC and NMI. This MSR is populated by the guest and the hypervisor should not intercept it. A #VC exception will be generated otherwise. If this should occur and Secure AVIC is enabled, terminate guest execution. Signed-off-by: Neeraj Upadhyay --- Changes since v1: - New change. arch/x86/coco/sev/core.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index e48834d29518..0372779dae70 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1483,6 +1483,15 @@ static enum es_result __vc_handle_msr(struct ghcb *g= hcb, struct es_em_ctxt *ctxt return __vc_handle_secure_tsc_msrs(regs, write); else break; + case MSR_AMD64_SECURE_AVIC_CONTROL: + /* + * AMD64_SECURE_AVIC_CONTROL should not be intercepted when + * Secure AVIC is enabled. Terminate the Secure AVIC guest + * if the interception is enabled. + */ + if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) + return ES_VMM_ERROR; + fallthrough; default: break; } --=20 2.34.1 From nobody Fri Dec 19 20:16:20 2025 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2071.outbound.protection.outlook.com [40.107.96.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A10752673A3; Wed, 26 Feb 2025 09:10:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.96.71 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740561059; cv=fail; b=e2P1hWwXIsZHwwmwdaLh1v79TyS+fjcx+CP38YZSLXjznowTqwpsFfN/2yS1iOcL+IyF7mOUK4VQqMZ2o8QN1zQhp8UFVDLGwYZebUpG1DzxSt0210GFzzaeLaUR/V609JW+T8F7+8K3nrZAj/cisa+z+n3jNicv6DOWG4Zkvzw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740561059; c=relaxed/simple; bh=Qd2CAg1kDIr4WaEMKrqyqazIy4kNu0LmdtSRqL9UmzM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=THy6AV9z9kMe08SfyuB1Utoam8qlTGNryM8CLvIehWj9O8vk/HavRCoD0nLym6RmUgCUMr15ZSdUj3Lggyb6GqZxi5Kbc6/ldtR7qnL6fw893Bar2h7713uMzwjSsAkwE668qvONVNr1DninmAJbLZTc/pOcsqTVoALSOhd3Ak8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=VZcQT/Zz; arc=fail smtp.client-ip=40.107.96.71 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="VZcQT/Zz" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=A3L8tkLN09BWWZYDmvqa1HcAkSKYckGoNsSeYxH/SibksjH4yp4zwmFNf1ydPRt02spDgVxCgzKlx4UgOMouDbgY4hEYYZ2Z3g5BucmIUo6Sp7hIWrJ5xZwZAg9L773fbt5+fUdadB/BeNsPAJOrdIptdy+57DpEujlWqvn79f33F6LTN5maAA1Q0mQysAFhxSILlaVZQPezfUchUzwHsyyWbO7+uDc9OYgPq30O52P49JpLh0AlovVaAd3NcR7tsa1+Gs/LsU8JypI0iNXoEKzKuD125g7v4t6SQU1vr9Qxg/poEe3NYOZcpdrNDI7F2uKSWPbpbYcs/xoRsMdEfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EtV/zMVgddxyg7y4DhrKjPKIm43cHyGIsZbCWAGiAi4=; b=I2Z4IkJYSYaW1bLAVNhWpex7GgfhwAmCLRNKkMYdNmvhDg6qWDgQVAVYW3oMG0YVot98vKpmaMxvyP68u+4RsE3i8IxDCjG544eZlwtDygIxhWteH9pzR06KAqesp4fzFto6LUIZwdMjdZuLW3jX25Q8vEB5OV9+6cSVaP7H32U8T5Th6XUB1bJ8KvdLmbL/e8LSQi3KT+2wUwu5NJ1WqFQ1SaeZLjgNVp5ok3Z0OzhwxBk93z7WLDEG5dMLLWdCLy7N0Xe5vh31xGqxbcdKtVSprNDSAKp9jlhBXCBzuSEM1AEVLs05QcQFeCpw65vlFo3nRcEutsQGYUTw56cWdw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EtV/zMVgddxyg7y4DhrKjPKIm43cHyGIsZbCWAGiAi4=; b=VZcQT/ZzfwfV0Ofcg2toGFleKcHQ1GF9kM3oXyQPcyG+VGfe00hPuzbw5Y+AJHNtSddFp1Ctxrol1TcL6szus7kOquWwCG/NQzDqr6wYVHm1i+8KIx+77pNDwhucxfkFvYG1s7HmFEI5IzJQLOwlmYhduFlyjUQvOO2Cda1wQ2c= Received: from BYAPR06CA0053.namprd06.prod.outlook.com (2603:10b6:a03:14b::30) by CYXPR12MB9426.namprd12.prod.outlook.com (2603:10b6:930:e3::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.18; Wed, 26 Feb 2025 09:10:54 +0000 Received: from SJ1PEPF00002320.namprd03.prod.outlook.com (2603:10b6:a03:14b:cafe::66) by BYAPR06CA0053.outlook.office365.com (2603:10b6:a03:14b::30) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8466.20 via Frontend Transport; Wed, 26 Feb 2025 09:10:54 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002320.mail.protection.outlook.com (10.167.242.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Wed, 26 Feb 2025 09:10:54 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Wed, 26 Feb 2025 03:10:48 -0600 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , Subject: [RFC v2 17/17] x86/sev: Indicate SEV-SNP guest supports Secure AVIC Date: Wed, 26 Feb 2025 14:35:25 +0530 Message-ID: <20250226090525.231882-18-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> References: <20250226090525.231882-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002320:EE_|CYXPR12MB9426:EE_ X-MS-Office365-Filtering-Correlation-Id: c84a7d4e-a05a-4a92-93c8-08dd5645798a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|36860700013|82310400026|1800799024|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?SGPFp9nnWp/FQStvN1ncpjddHXQNyCulGWFHPaxo1YTyxT93RpcdWX+Qvt19?= =?us-ascii?Q?/Wg29/o0OL2Q0yVTcgcMrBVT1djg0HBf7NK34eh9+oIVnYplLtMJ5uN1F2Un?= =?us-ascii?Q?rlYYi0yU26pjjQIDd+nbx833c9+uQFQlguGSMfbXmkc4CsBlUCm/RXf7C8qh?= =?us-ascii?Q?lgvk0zytXuc6uQGdzjkfoQNg0ECHtOCw6DGiaqopVfLzk1VOXPX1dK6M1Edp?= =?us-ascii?Q?0sQq+Xb+np6OcTL7mPZDdzpQqBJlR7B1Hw/ZM/wh19XE9ttjcqn856QELBw1?= =?us-ascii?Q?/28Ac1TOPWs9KK/oDM3tDmsHfPBKoNcMTGk0ieK+iC/IWEJgTxY62Uhpz5CV?= =?us-ascii?Q?RcRZlLV3uYdF+KlDhHcHhGWvivbaGNXlNKvFCdpPXJ/8gncUmdwSooSgtqYT?= =?us-ascii?Q?fngfX4cfynyf3w4NTCo20VtAQMoA53SYj0dgHK9S3KqmunP4JRiY/Et00mIU?= =?us-ascii?Q?RqsHIT3GJmVWIv+AJG/wYMM1ec3Pvrq89vkG9X98MkF0olhojkSy3kKlO4ec?= =?us-ascii?Q?hDaXHobmdQ6Eb2wKNWLUqMgmI7OAU4JDX8fKwuOMlmA/2mf0gXdj/DerQYkn?= =?us-ascii?Q?07R8QMrolB9seeIdI1R+SaV2PWqgvi0+6ZI5otmstFuqtlBYIc9bui/pJSOP?= =?us-ascii?Q?MtAhuoNycvSxpPrsFlqYgnPlNWq0cBpT+5hftUxadGU9cjO8eWrDUKV7rRZT?= =?us-ascii?Q?cxbKCC+2zphQsK4V9xgL1nV8Khj1YmIsI/lqOf2yi+TBi5Kud3Kw2HYgPWSm?= =?us-ascii?Q?O7+PiVFcKV9d1U9fG3x4OdRq0JFHxmRJGBVNdG+dIZyZiY+SCfEgc7tKVdvN?= =?us-ascii?Q?Mis/4Y3/Wj5njrk07lSV8WXPdQnI77X1o9zJ3hvDXLAuomeDrJNB3mfnoKly?= =?us-ascii?Q?oc/BvbPXPzSYA63O2/prBdbjwzHX3HOczwwz79PtrQ1qZcDarC5l/7sf5D9h?= =?us-ascii?Q?LeMSmHSHkuFk0GXHwI3LEuH0qd/NQV2o+wxo0bHKECAP7qqL4QFN6FcvBN9p?= =?us-ascii?Q?PhUM3fyeDp6ZCrmcJzb71aPkkaQ4dH3Zh6qLsBVhrtxRgbmI7e4Cu7pAjw8f?= =?us-ascii?Q?QBnVLwUlA8UT5PTSsjoI/ieb2pqV83J8lKD5X7u9EKRmdWhB/DgIuM/CSzib?= =?us-ascii?Q?Gz4QVGt5hK+X8tPl6ZEQKRmj6CzdZFY8wIbhYQXBZQOrR89S2ltyrCgMwyew?= =?us-ascii?Q?vneVvww6Jgq4u0eLZKCf7IJp8/LarloaYXQrorcTWjE8ayP5ZHieWYpFqTRj?= =?us-ascii?Q?pqXt1Pa6z+K2HafWvF/q72O9HTGnm/LuRzbvaAXKzpkmw88edyiXB/utG9bx?= =?us-ascii?Q?g94K2R62KCNnYz/qkQvCMgt66N19cmR91fup/yatpIxD8xoS1VpSgOFfV2P0?= =?us-ascii?Q?vgx7FTmLV+7QEUHFjQO7PVNEq7RrdDd7gBrI5OouC0CJOIAQJngw1i390h6u?= =?us-ascii?Q?dZWbf7T7sxQaQ2lgofuBBh6Hdk9yA5U1dt+b4N4SjzkBFjg1noa6xgNPiu7B?= =?us-ascii?Q?gPfbRc6UPeRXxtE=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(36860700013)(82310400026)(1800799024)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Feb 2025 09:10:54.6616 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c84a7d4e-a05a-4a92-93c8-08dd5645798a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002320.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CYXPR12MB9426 Content-Type: text/plain; charset="utf-8" From: Kishon Vijay Abraham I Now that Secure AVIC support is added in the guest, indicate SEV-SNP guest supports Secure AVIC. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v1: - No change. arch/x86/boot/compressed/sev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 798fdd3dbd1e..385063ceb89c 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -403,7 +403,8 @@ void do_boot_stage2_vc(struct pt_regs *regs, unsigned l= ong exit_code) * guest kernel, a corresponding bit should be added to the mask. */ #define SNP_FEATURES_PRESENT (MSR_AMD64_SNP_DEBUG_SWAP | \ - MSR_AMD64_SNP_SECURE_TSC) + MSR_AMD64_SNP_SECURE_TSC | \ + MSR_AMD64_SNP_SECURE_AVIC) =20 u64 snp_get_unsupported_features(u64 status) { --=20 2.34.1