From nobody Tue May 13 07:19:50 2025
Received: from NAM12-DM6-obe.outbound.protection.outlook.com
(mail-dm6nam12on2065.outbound.protection.outlook.com [40.107.243.65])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3A9DD1F03C1;
Tue, 1 Apr 2025 11:36:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=fail smtp.client-ip=40.107.243.65
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1743507415; cv=fail;
b=BSJdAfWq6tj89lIzTZUTVCyXtifnFegMMInWKQ5GrdLF8sM32PXoZFbuf9oLRNkaTyPXkZh8U2g2WIPoQ34keqUwoz1elJ+sEUeUhsVgyt5xaJxqR8eqK3mPvPVgQ2aEKXFjg28gPJXJUaHu9Ty/Q32F64dO0aB5sFRCVWpV9K8=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1743507415; c=relaxed/simple;
bh=gn/KRJBi0dQtReCqlw76RAw6dKub2WBlEX+Sb9KxbVk=;
h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version:Content-Type;
b=WhyiBiWbMQH4I8b+wCQH6BaSPQqzacHFPwUbFcbpdCUcPtWx1NRKNf6pVP385SGUBPEyoHMXF6OFoL2rATS+r3yDYHrvTfkUWwAlNEkamcLb9o39d/x6cdRdz1Sf3tiV9vy9zpV68sHvaqemw7Pz/k67KvhhDnKJjnKHyyqiX3s=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com;
spf=fail smtp.mailfrom=amd.com;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b=Tgyu+/da; arc=fail smtp.client-ip=40.107.243.65
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com
Authentication-Results: smtp.subspace.kernel.org;
spf=fail smtp.mailfrom=amd.com
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b="Tgyu+/da"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=G0fbd1zGWA/12S5yN30204fCgX/s10A5k8xX3EGWHlRX8TfeKubXEYdgAlkNHEJNWbYlSd62lC5WG4sOD/ZkH9ggn9DoA0f4ySBEzvtdnoK/eXw2h1PSUYPgJSy3NPO9iXrGGIDCrmozEyK0H0Ux4KDYrLb1ssD4lxudFgWlXfmyssXbS/f48DtfM/fHlssI/RzQ556Sb3kuSHnhLgItsk8tktXCgcJPDwyu4DKpXIaWSboqWa8CYIvMIFHv6PPPR8tJ5cpjFr+Hwu2Tc+mfMApO6TFLhVKSTvBdGl40H9OIi3rsuNxPykSnNNP5YdHIHHLVv600F9znjDUQeflLUA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=yliu0McHsU7z6pSWaXqb/jXJz/r2hKiFQOpxxkwTJ0M=;
b=aHrVszWIZ8PTwXs98lS13oXLlO8cVwJWWiFYnfVppoW/okDqlYI0p+2k8FX3AjVPw4Agai8QSBAMwVH0YQJX8Cu7zm32sXPSGFKOcuRXipfK33KhK2pmCP5qmbjQVPGtQ5Ix2yCjLmPMvdLqXnwEzP9BwFIanRdHtwLdxsQxKYs6tKjWzZoGOP5BiqZmonI9SLHFAEwXX1KzNHGFw3pyQg/z9ybTJs+eXFnBPS5v87aJpyF3U+vbSRt/EBSEpgOo/tFg5FqnO4Ym164oDAhY5j3klQl1T9lsrXSBqJ6WORJDVs0MdWtb84QLqZw6oobaNCMRKYnulUIFvC/pN624/Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=amd.com; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=yliu0McHsU7z6pSWaXqb/jXJz/r2hKiFQOpxxkwTJ0M=;
b=Tgyu+/dae18oIW67YAZOOvlZJeF2N9RwBjfGiAloum4o+z45M9B2KDBfts24roRWf2IlqbjIIygntODPVfzMvADqqPeVfN0zzswp72Kb4CLpi4cZLHYbfntoU6USRu1s6yjTHlfY875OAoiZdZmq0L6TpFj8rdFZ/p/Mo2/zVYE=
Received: from MW4PR02CA0018.namprd02.prod.outlook.com (2603:10b6:303:16d::17)
by LV8PR12MB9154.namprd12.prod.outlook.com (2603:10b6:408:190::18) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.44; Tue, 1 Apr
2025 11:36:49 +0000
Received: from MWH0EPF000989EB.namprd02.prod.outlook.com
(2603:10b6:303:16d:cafe::30) by MW4PR02CA0018.outlook.office365.com
(2603:10b6:303:16d::17) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8534.54 via Frontend Transport; Tue,
1 Apr 2025 11:36:48 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
smtp.mailfrom=amd.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
165.204.84.17 as permitted sender) receiver=protection.outlook.com;
client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
MWH0EPF000989EB.mail.protection.outlook.com (10.167.241.138) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.8606.22 via Frontend Transport; Tue, 1 Apr 2025 11:36:48 +0000
Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com
(10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 1 Apr
2025 06:36:42 -0500
From: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
To: <linux-kernel@vger.kernel.org>
CC: <bp@alien8.de>, <tglx@linutronix.de>, <mingo@redhat.com>,
<dave.hansen@linux.intel.com>, <Thomas.Lendacky@amd.com>, <nikunj@amd.com>,
<Santosh.Shukla@amd.com>, <Vasant.Hegde@amd.com>,
<Suravee.Suthikulpanit@amd.com>, <David.Kaplan@amd.com>, <x86@kernel.org>,
<hpa@zytor.com>, <peterz@infradead.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <kvm@vger.kernel.org>,
<kirill.shutemov@linux.intel.com>, <huibo.wang@amd.com>,
<naveen.rao@amd.com>, <francescolavra.fl@gmail.com>
Subject: [PATCH v3 01/17] x86/apic: Add new driver for Secure AVIC
Date: Tue, 1 Apr 2025 17:06:00 +0530
Message-ID: <20250401113616.204203-2-Neeraj.Upadhyay@amd.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
References: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
(10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MWH0EPF000989EB:EE_|LV8PR12MB9154:EE_
X-MS-Office365-Filtering-Correlation-Id: b3df1e53-07ca-48be-4e72-08dd71117d2e
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|7416014|36860700013|82310400026|376014|1800799024;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?nLNKkrfkt3QY4CfeJp7v5okqnHYtnjye4uh8iSi/N1RDkcOVVt9zgqiOULYZ?=
=?us-ascii?Q?yNhSJ6sfRMjwWBy3VXWLIv8sgfxvGsr9EOKD+WAx3e/3CzTLI8yh3hvp7KNA?=
=?us-ascii?Q?sHonuGuIubiLn/VhlUU9sdheAi1Ldrt5yao4u6iiP/VmovZUh1rqf4v4upfU?=
=?us-ascii?Q?dj9OpD30AX7hf7xPeI7IBxwP8EWnUXmpNq1nDIKMc1Vp05HwbVnG34+PNzMW?=
=?us-ascii?Q?JYXk5YKQlPFdzqwP+2Ez962siC2nekPlYeqijFaFZgsgO1xd3LkzBGGmpNZP?=
=?us-ascii?Q?DNNbHglIzi1HTHgAS4c94h6fY8/951zocjYOikuL+tSb28WXwPtXd+4z7K5X?=
=?us-ascii?Q?Ih4mrJZHw+qd7QTE2IQuZYP9SRSM+PX4IoXVhXsbn8nBiybkKg91cne4r/HR?=
=?us-ascii?Q?vsweNH6OE+92+W4Q+30ZYeV1a3kwMDBJ7Pdtc6zAV6w/HWDcBYEdTPx74/rp?=
=?us-ascii?Q?IcZdeKQOXSbcLvy1tHflwXWENr6eCmzH4EqMWkp+sG8TdMMCL33zeHobytmO?=
=?us-ascii?Q?fjsIspYfIwfsQoWczcJ3H+mJpNw9GkTL5CUygtg/OrofN27CGbKwi4pdvzPt?=
=?us-ascii?Q?IzvwyS4XK3nUmmRDNbpyzIkhoGzyXliTZOruwUh5+DZWizXXWYcxdoF7pjC+?=
=?us-ascii?Q?wUZVuIZB1cg91h8ChceBSIyjjoRD3/EADhNRLi1HVga8ZPJdd7UdGXgSKnlz?=
=?us-ascii?Q?50z9sWqwHIEvH7kblRlodMpZXCY5j8ML0Pox8xPB/AVhzXK0OxwclwgW+RXN?=
=?us-ascii?Q?g2TZNgSVgJi/2Ng2HXNMS0rdH+OxxsBfFefqWfQRdioVnd56/gHqdMvgGjKp?=
=?us-ascii?Q?JzUbt3HNdhoQIm9NfRtR+NT6EZgnozV8cSKb1jbd1ZbGzzV2wNm0YRJky/cX?=
=?us-ascii?Q?kRnI1C1ddusqFcaTFpecBluV87CetahlCyBxfwPPdtAnEYT21yM0uWwcFzD1?=
=?us-ascii?Q?upRdfdQSivNnEJHMZXHKOVDrcLI3EdYmZyE8VJf3/5Ksf2/x4cVcbuxat4I4?=
=?us-ascii?Q?cVzB6lHl5EJDEJS/Ru0kGzMDIi41bA7fkX1GeD49NMLuTq2YQKraZPXoZ0ih?=
=?us-ascii?Q?Ip1BbjihuftycETBqIADv2z57J2+x7zNT9q7ZIiXOSPc4ETJ8OeFb3zIEkzP?=
=?us-ascii?Q?ERwj4Q8yPlQaT8hFsxOoc6XF6lRvWkbionANKLi/tFVN/sgM4dO3BSzBcJ1c?=
=?us-ascii?Q?RyYZV+g2cXmq2F6ThNuWlx+465vWcM7arKNU+wDWQ80s/KdEt/lpC1l3AiRX?=
=?us-ascii?Q?XVN03Lzzp6/iEU2wyE04Dek3IcKWJtVvI2AAVzrFerCTDhVahh22a5UTnaqk?=
=?us-ascii?Q?gri51asXtB5h7MLsoeXhITtAFqJMHTR9P9tpDMEQEhljLLv/GtqwEQ0RXqnI?=
=?us-ascii?Q?55xZGfAtZAhlAMCE9oVN7v1asOYFjVxSf9nzbii1HrbBszDp7onWeDkb+IkS?=
=?us-ascii?Q?H8V5FiNRPprZ3AlMobQv5TTQdy3gpiAv802PgxTELGAEHUfz3E/8vQ=3D=3D?=
X-Forefront-Antispam-Report:
CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(36860700013)(82310400026)(376014)(1800799024);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2025 11:36:48.3641
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
b3df1e53-07ca-48be-4e72-08dd71117d2e
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
MWH0EPF000989EB.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV8PR12MB9154
Content-Type: text/plain; charset="utf-8"
The Secure AVIC feature provides SEV-SNP guests hardware acceleration
for performance sensitive APIC accesses while securely managing the
guest-owned APIC state through the use of a private APIC backing page.
This helps prevent hypervisor from generating unexpected interrupts for
a vCPU or otherwise violate architectural assumptions around APIC
behavior.
Add a new x2APIC driver that will serve as the base of the Secure AVIC
support. It is initially the same as the x2APIC phys driver, but will be
modified as features of Secure AVIC are implemented.
If the hypervisor sets the Secure AVIC bit in SEV_STATUS and the bit is
not set in SNP_FEATURES_PRESENT, maintain the current behavior to
enforce the guest termination.
Co-developed-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
Changes since v2:
- Do not autoselect AMD_SECURE_AVIC config when AMD_MEM_ENCRYPT config
is enabled. Make AMD_SECURE_AVIC depend on AMD_MEM_ENCRYPT.
- Misc cleanups.
arch/x86/Kconfig | 13 ++++
arch/x86/boot/compressed/sev.c | 1 +
arch/x86/coco/core.c | 3 +
arch/x86/include/asm/msr-index.h | 4 +-
arch/x86/kernel/apic/Makefile | 1 +
arch/x86/kernel/apic/x2apic_savic.c | 109 ++++++++++++++++++++++++++++
include/linux/cc_platform.h | 8 ++
7 files changed, 138 insertions(+), 1 deletion(-)
create mode 100644 arch/x86/kernel/apic/x2apic_savic.c
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 6db2e925eb35..3695a6cd0d4e 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -483,6 +483,19 @@ config X86_X2APIC
=20
If in doubt, say Y.
=20
+config AMD_SECURE_AVIC
+ bool "AMD Secure AVIC"
+ depends on AMD_MEM_ENCRYPT && X86_X2APIC
+ help
+ Enable this to get AMD Secure AVIC support on guests that have this fea=
ture.
+
+ AMD Secure AVIC provides hardware acceleration for performance sensitive
+ APIC accesses and support for managing guest owned APIC state for SEV-S=
NP
+ guests. Secure AVIC does not support xapic mode. It has functional
+ dependency on x2apic being enabled in the guest.
+
+ If you don't know what to do here, say N.
+
config X86_POSTED_MSI
bool "Enable MSI and MSI-x delivery by posted interrupts"
depends on X86_64 && IRQ_REMAP
diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c
index bb55934c1cee..798fdd3dbd1e 100644
--- a/arch/x86/boot/compressed/sev.c
+++ b/arch/x86/boot/compressed/sev.c
@@ -394,6 +394,7 @@ void do_boot_stage2_vc(struct pt_regs *regs, unsigned l=
ong exit_code)
MSR_AMD64_SNP_VMSA_REG_PROT | \
MSR_AMD64_SNP_RESERVED_BIT13 | \
MSR_AMD64_SNP_RESERVED_BIT15 | \
+ MSR_AMD64_SNP_SECURE_AVIC | \
MSR_AMD64_SNP_RESERVED_MASK)
=20
/*
diff --git a/arch/x86/coco/core.c b/arch/x86/coco/core.c
index 9a0ddda3aa69..3d7bf37e2155 100644
--- a/arch/x86/coco/core.c
+++ b/arch/x86/coco/core.c
@@ -102,6 +102,9 @@ static bool noinstr amd_cc_platform_has(enum cc_attr at=
tr)
case CC_ATTR_HOST_SEV_SNP:
return cc_flags.host_sev_snp;
=20
+ case CC_ATTR_SNP_SECURE_AVIC:
+ return sev_status & MSR_AMD64_SNP_SECURE_AVIC;
+
default:
return false;
}
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-in=
dex.h
index e6134ef2263d..0090b6f1d6f9 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -685,7 +685,9 @@
#define MSR_AMD64_SNP_VMSA_REG_PROT BIT_ULL(MSR_AMD64_SNP_VMSA_REG_PROT_BI=
T)
#define MSR_AMD64_SNP_SMT_PROT_BIT 17
#define MSR_AMD64_SNP_SMT_PROT BIT_ULL(MSR_AMD64_SNP_SMT_PROT_BIT)
-#define MSR_AMD64_SNP_RESV_BIT 18
+#define MSR_AMD64_SNP_SECURE_AVIC_BIT 18
+#define MSR_AMD64_SNP_SECURE_AVIC BIT_ULL(MSR_AMD64_SNP_SECURE_AVIC_BIT)
+#define MSR_AMD64_SNP_RESV_BIT 19
#define MSR_AMD64_SNP_RESERVED_MASK GENMASK_ULL(63, MSR_AMD64_SNP_RESV_BIT)
#define MSR_AMD64_RMP_BASE 0xc0010132
#define MSR_AMD64_RMP_END 0xc0010133
diff --git a/arch/x86/kernel/apic/Makefile b/arch/x86/kernel/apic/Makefile
index 52d1808ee360..581db89477f9 100644
--- a/arch/x86/kernel/apic/Makefile
+++ b/arch/x86/kernel/apic/Makefile
@@ -18,6 +18,7 @@ ifeq ($(CONFIG_X86_64),y)
# APIC probe will depend on the listing order here
obj-$(CONFIG_X86_NUMACHIP) +=3D apic_numachip.o
obj-$(CONFIG_X86_UV) +=3D x2apic_uv_x.o
+obj-$(CONFIG_AMD_SECURE_AVIC) +=3D x2apic_savic.o
obj-$(CONFIG_X86_X2APIC) +=3D x2apic_phys.o
obj-$(CONFIG_X86_X2APIC) +=3D x2apic_cluster.o
obj-y +=3D apic_flat_64.o
diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a=
pic_savic.c
new file mode 100644
index 000000000000..28cb32e3d803
--- /dev/null
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -0,0 +1,109 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * AMD Secure AVIC Support (SEV-SNP Guests)
+ *
+ * Copyright (C) 2024 Advanced Micro Devices, Inc.
+ *
+ * Author: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
+ */
+
+#include <linux/cpumask.h>
+#include <linux/cc_platform.h>
+
+#include <asm/apic.h>
+#include <asm/sev.h>
+
+#include "local.h"
+
+static int x2apic_savic_acpi_madt_oem_check(char *oem_id, char *oem_table_=
id)
+{
+ return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC);
+}
+
+static void x2apic_savic_send_ipi(int cpu, int vector)
+{
+ u32 dest =3D per_cpu(x86_cpu_to_apicid, cpu);
+
+ /* x2apic MSRs are special and need a special fence: */
+ weak_wrmsr_fence();
+ __x2apic_send_IPI_dest(dest, vector, APIC_DEST_PHYSICAL);
+}
+
+static void __send_ipi_mask(const struct cpumask *mask, int vector, bool e=
xcl_self)
+{
+ unsigned long query_cpu;
+ unsigned long this_cpu;
+ unsigned long flags;
+
+ /* x2apic MSRs are special and need a special fence: */
+ weak_wrmsr_fence();
+
+ local_irq_save(flags);
+
+ this_cpu =3D smp_processor_id();
+ for_each_cpu(query_cpu, mask) {
+ if (excl_self && this_cpu =3D=3D query_cpu)
+ continue;
+ __x2apic_send_IPI_dest(per_cpu(x86_cpu_to_apicid, query_cpu),
+ vector, APIC_DEST_PHYSICAL);
+ }
+ local_irq_restore(flags);
+}
+
+static void x2apic_savic_send_ipi_mask(const struct cpumask *mask, int vec=
tor)
+{
+ __send_ipi_mask(mask, vector, false);
+}
+
+static void x2apic_savic_send_ipi_mask_allbutself(const struct cpumask *ma=
sk, int vector)
+{
+ __send_ipi_mask(mask, vector, true);
+}
+
+static int x2apic_savic_probe(void)
+{
+ if (!cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
+ return 0;
+
+ if (!x2apic_mode) {
+ pr_err("Secure AVIC enabled in non x2APIC mode\n");
+ snp_abort();
+ }
+
+ return 1;
+}
+
+static struct apic apic_x2apic_savic __ro_after_init =3D {
+
+ .name =3D "secure avic x2apic",
+ .probe =3D x2apic_savic_probe,
+ .acpi_madt_oem_check =3D x2apic_savic_acpi_madt_oem_check,
+
+ .dest_mode_logical =3D false,
+
+ .disable_esr =3D 0,
+
+ .cpu_present_to_apicid =3D default_cpu_present_to_apicid,
+
+ .max_apic_id =3D UINT_MAX,
+ .x2apic_set_max_apicid =3D true,
+ .get_apic_id =3D x2apic_get_apic_id,
+
+ .calc_dest_apicid =3D apic_default_calc_apicid,
+
+ .send_IPI =3D x2apic_savic_send_ipi,
+ .send_IPI_mask =3D x2apic_savic_send_ipi_mask,
+ .send_IPI_mask_allbutself =3D x2apic_savic_send_ipi_mask_allbutself,
+ .send_IPI_allbutself =3D x2apic_send_IPI_allbutself,
+ .send_IPI_all =3D x2apic_send_IPI_all,
+ .send_IPI_self =3D x2apic_send_IPI_self,
+ .nmi_to_offline_cpu =3D true,
+
+ .read =3D native_apic_msr_read,
+ .write =3D native_apic_msr_write,
+ .eoi =3D native_apic_msr_eoi,
+ .icr_read =3D native_x2apic_icr_read,
+ .icr_write =3D native_x2apic_icr_write,
+};
+
+apic_driver(apic_x2apic_savic);
diff --git a/include/linux/cc_platform.h b/include/linux/cc_platform.h
index 0bf7d33a1048..7fcec025c5e0 100644
--- a/include/linux/cc_platform.h
+++ b/include/linux/cc_platform.h
@@ -96,6 +96,14 @@ enum cc_attr {
* enabled to run SEV-SNP guests.
*/
CC_ATTR_HOST_SEV_SNP,
+
+ /**
+ * @CC_ATTR_SNP_SECURE_AVIC: Secure AVIC mode is active.
+ *
+ * The host kernel is running with the necessary features enabled
+ * to run SEV-SNP guests with full Secure AVIC capabilities.
+ */
+ CC_ATTR_SNP_SECURE_AVIC,
};
=20
#ifdef CONFIG_ARCH_HAS_CC_PLATFORM
--=20
2.34.1
From nobody Tue May 13 07:19:50 2025
Received: from NAM04-BN8-obe.outbound.protection.outlook.com
(mail-bn8nam04on2068.outbound.protection.outlook.com [40.107.100.68])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id D88191FA26C;
Tue, 1 Apr 2025 11:37:10 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=fail smtp.client-ip=40.107.100.68
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1743507433; cv=fail;
b=LDe24cmeJBydFmsTAKXB4ZQJcQe9BhY8tmGx48zfTGgI9zjCschuslbdkd4h0xI61VMIeWJgS1+tFRZC0kYYw6EPr6Cr8sABpY4Uxcx56kEv+Vs1Wca629LHKdiWbFoVXxyu2BPUUYRNN3R+7BNmTANRfZQqFi5OHlsTAynrb1s=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1743507433; c=relaxed/simple;
bh=FdS+W6jNuLsELa1oovaLQuixpQOyjpvYU1ywH7iKHMg=;
h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version:Content-Type;
b=ikZet/iNXtsZK/7Je/aMmEoc7tWKjKN6wfAAWl6RSvol4jy5OC6Scywz9w/qeIykoKIXzAazEOPuu44TrQ0O6Fd+2OvaYWglIs5vFcfu9spKyWoRddgg8T3yiWP6ZFxpHAiLnfZWM8yGmmPdOL5qtCHot9zXcyiSkFkTAIICMXQ=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com;
spf=fail smtp.mailfrom=amd.com;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b=ZNy0LTSW; arc=fail smtp.client-ip=40.107.100.68
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com
Authentication-Results: smtp.subspace.kernel.org;
spf=fail smtp.mailfrom=amd.com
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b="ZNy0LTSW"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=IMgbnyjVJE3cp+9OBVPNLcqoMv90k6fHpZKLM16hMRD+dTiOOJnAUWhnzOUDNYPH+sbZCUFy+QNvtH8Erun7riULBIGKnhCnqIdJ24Zsss6XgHb5sbhU9DsN72/Nl2/INzOwEQj3olFab4c6IgyN5YZqVwzXFJB3SjL7cXqxj1SRz6NZBaRWNX2lsnAsYlwIeLpSaQM47zDlnCfZnI3OtCI9uS10K1UfSCB0jEF7qe8c+Rl5Kyy7y7cYCMM9h5+6j/qgoWejRVXpoigP+EsuBkK9lCopQOT0hsSOGDb+AetSrPYJv2fe8K2SQFRgoABjNDcppzak9yUJu+wzwW9P6A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=34fcyjYEUipDQ01X335EP6qTWkgf/ZJe8uwJI2IK2yg=;
b=gSakkceDLzwcoxR/qoiPd3kyuFiUaBbhOpphnedeKVZJf2fniFYbQexK1PFomXWbYzKrdLZgW+Kce6m0SzUtc8D8H5eemE7D5zwgB7yjx6gtfnzkzAYj6E0zASR5gGqLmpWtD0Gtm7W6WX2CqAGl8aAS3v4BKBlf0FJHMU7pRszueiZsW/ZSk+iJgypaaGzVtmPb/d186NNc70h2C4h0Wyu4rfvbb34D+wq+DrPDZQ4He9JTUkDOqydRMBWGjgWsLPiq/PXApI4xEviZ0TL3a7vGqhPBfUlvZvMPMco5TmWSJ0MhK118DvBL4kVoe+7eIq/4sv5JQcuzB9ttOvQlrQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=amd.com; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=34fcyjYEUipDQ01X335EP6qTWkgf/ZJe8uwJI2IK2yg=;
b=ZNy0LTSW6P2D14Ngp1FiLrGFRP15STu4iN46ShQmQVUxJRJUNJkg79HUQPrt+CGMk4U0swgQu5qYyYIFlCaGp6HjL0iYYo+qmIB+jcsmkpR1qh1NHzOg+h7poiNWVTagIyi+Kzw6RiKuXo5myz7WUryzLFREvtHyl5J80Vzx1Dk=
Received: from MW4PR03CA0026.namprd03.prod.outlook.com (2603:10b6:303:8f::31)
by DS7PR12MB9504.namprd12.prod.outlook.com (2603:10b6:8:252::8) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.50; Tue, 1 Apr
2025 11:37:07 +0000
Received: from MWH0EPF000989E6.namprd02.prod.outlook.com
(2603:10b6:303:8f:cafe::6) by MW4PR03CA0026.outlook.office365.com
(2603:10b6:303:8f::31) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8534.54 via Frontend Transport; Tue,
1 Apr 2025 11:37:06 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
smtp.mailfrom=amd.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
165.204.84.17 as permitted sender) receiver=protection.outlook.com;
client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
MWH0EPF000989E6.mail.protection.outlook.com (10.167.241.133) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.8606.22 via Frontend Transport; Tue, 1 Apr 2025 11:37:06 +0000
Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com
(10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 1 Apr
2025 06:37:00 -0500
From: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
To: <linux-kernel@vger.kernel.org>
CC: <bp@alien8.de>, <tglx@linutronix.de>, <mingo@redhat.com>,
<dave.hansen@linux.intel.com>, <Thomas.Lendacky@amd.com>, <nikunj@amd.com>,
<Santosh.Shukla@amd.com>, <Vasant.Hegde@amd.com>,
<Suravee.Suthikulpanit@amd.com>, <David.Kaplan@amd.com>, <x86@kernel.org>,
<hpa@zytor.com>, <peterz@infradead.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <kvm@vger.kernel.org>,
<kirill.shutemov@linux.intel.com>, <huibo.wang@amd.com>,
<naveen.rao@amd.com>, <francescolavra.fl@gmail.com>
Subject: [PATCH v3 02/17] x86/apic: Initialize Secure AVIC APIC backing page
Date: Tue, 1 Apr 2025 17:06:01 +0530
Message-ID: <20250401113616.204203-3-Neeraj.Upadhyay@amd.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
References: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
(10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MWH0EPF000989E6:EE_|DS7PR12MB9504:EE_
X-MS-Office365-Filtering-Correlation-Id: 9ea7053a-cf16-49b3-5a0d-08dd71118821
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|82310400026|36860700013|1800799024|7416014|376014;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?mCoJu+yv7QZNQkNcpccbFFyIJTCU+8za27uTaI+pGCgwDMFd2XYlOlw8nzOt?=
=?us-ascii?Q?4/I+lulV1DFQbcn5sdlMPoF4lUwKDFi/SeRYN6kn2kCcUM6sxyzpNFXbufCM?=
=?us-ascii?Q?zPdfmBavoE63e9f+SV0SI3DJMawiqOPaN5Q59Pbwcu9/7SI9lc9kTS7DKvPl?=
=?us-ascii?Q?q9nIWjdcGCdU3PAg6dLz6LqCcUqZ90QuGLO09oG6jx/boR5K0aux2YBv6Mh8?=
=?us-ascii?Q?q2jCZw9NPXkb32VtWXiscdboMaX57Km5vjXlghs/oMMGvxj5Ous3C8SJT1Ph?=
=?us-ascii?Q?4VaZL4Knyf/uPy/klo3JS82/pB+i38PnoZNiBcRvMjfYL25ixhrY1NIVDJ+z?=
=?us-ascii?Q?fJwCIhp+xeg98Luln7sTva0kgVhbxsr06s16lrNX6etfIvYfceRxX58jDynn?=
=?us-ascii?Q?UmKGwEYru4A7iyQnOgxYJYaaJDUX7PSFklNFJcsfO5Ac9pAeXzqIsdzYEM8Q?=
=?us-ascii?Q?xGgCOmB72HvV0CRJEExEnpM5KIItdAmjPmHhdHR3SIKqqPYao4nWiLgmhYy3?=
=?us-ascii?Q?LKDl/5/XN2SwynTCNiF9xiaFQ//+KGXYlp+pKshtHHCo2j8Td+xDHndG0l8o?=
=?us-ascii?Q?Ktenb39eiwkkBboyiV5iMa+dHXcIzs35Olqdm8P2xzuTCPLqtreWYJqe4hSx?=
=?us-ascii?Q?GRnA6hGoHaj4HLEcTIVv5kXR0SY6rbHrU1Vil73FZe2fkhjVo87elNL3dNLj?=
=?us-ascii?Q?PzOw/ubPoESO9I6ypuhBmT37jSZIFZo+mbQF9uOAZhQ7xK98iqcXboLBNiFR?=
=?us-ascii?Q?CDM6dxhmogJHeQe0GHozMxcbE0/+sh6O1KoUQZIx9fOgrVCRxaACADzOcgE7?=
=?us-ascii?Q?zqBeWw0Z5AYVnjXuiYjtlhL0H5A486pAh5JxYVZmkNLZ/Vn69xePLuiloykb?=
=?us-ascii?Q?+/qq6/p+KRchWTEFAdlmUTy0lkWVJA9kNzXa+WFfxCb5yU1fhnoZSaIztOMY?=
=?us-ascii?Q?Mc6m5sEG965s4R2pJB5WThDrCYsfJtXAzK2At04mYddDPxnTvYB2UKDA/Uki?=
=?us-ascii?Q?fw/LWfrz07M3q7wj3OFQ5GV94XQS6WavQlQE5B6XNJ50BEo7Boqk4ZaF96HG?=
=?us-ascii?Q?nrZKhGv08oBjLV6Fm6AiARwXcOVohIkCyGRsDxTpW9pS5jXhVrKQKPlDL9gu?=
=?us-ascii?Q?ocrMqxg5ujQE13w7saJgHE+4RGX4jGirMjcloISi+zRaIcu5lPYVqyz73VGv?=
=?us-ascii?Q?Ah5YzAPoUQ3ttEowp3NMHips1FBH0IF69EU0Fa6dJemRPHEanfApU/CfGEVA?=
=?us-ascii?Q?aor2hCoJNb7zO/tgUqixFhXx1fZj//NpVD5lLcWYBLfkwDf4UK8K2B1rRw+x?=
=?us-ascii?Q?vlIT7dKtH8LlsgfLcUS6boz+vHvf3s5vXfPmbDpGd8AySR1JhuanfaBzodi+?=
=?us-ascii?Q?PwQxTiSEK9XapAFZBQknE5XjXw1Tew8A2Z1c6czlHnz/LTGk8ZQeq3p2+94X?=
=?us-ascii?Q?claniPpJQbND8P0myINZ6Y3JtTcf1yuyiwpHl58hGRthWoCSvte3aTBn3MIi?=
=?us-ascii?Q?4rIADYC+rxjjGKo=3D?=
X-Forefront-Antispam-Report:
CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(1800799024)(7416014)(376014);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2025 11:37:06.7342
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
9ea7053a-cf16-49b3-5a0d-08dd71118821
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
MWH0EPF000989E6.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB9504
Content-Type: text/plain; charset="utf-8"
With Secure AVIC, the APIC backing page is owned and managed by guest.
Allocate and initialize APIC backing page for all guest CPUs.
The NPT entry for a vCPU's APIC backing page must always be present
when the vCPU is running in order for Secure AVIC to function. A
VMEXIT_BUSY is returned on VMRUN and the vCPU cannot be resumed if
the NPT entry for the APIC backing page is not present. Notify GPA of
the vCPU's APIC backing page to the hypervisor by using the
SVM_VMGEXIT_SECURE_AVIC GHCB protocol event. Before executing VMRUN,
the hypervisor makes use of this information to make sure the APIC backing
page is mapped in NPT.
Co-developed-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
Changes since v2:
- Fix broken AP bringup due to GFP_KERNEL allocation in setup()
callback.
- Define apic_page struct and allocate per CPU API backing pages
for all CPUs in Secure AVIC driver probe.
- Change savic_register_gpa() to only allow local CPU GPA
registration.
- Misc cleanups.
arch/x86/coco/sev/core.c | 27 +++++++++++++++++++
arch/x86/coco/sev/core.c | 27 +++++++++++++++++++
arch/x86/include/asm/apic.h | 1 +
arch/x86/include/asm/sev.h | 2 ++
arch/x86/include/uapi/asm/svm.h | 3 +++
arch/x86/kernel/apic/apic.c | 2 ++
arch/x86/kernel/apic/x2apic_savic.c | 42 +++++++++++++++++++++++++++++
6 files changed, 77 insertions(+)
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index b0c1a7a57497..036833ac17e1 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -1501,6 +1501,33 @@ static enum es_result vc_handle_msr(struct ghcb *ghc=
b, struct es_em_ctxt *ctxt)
return ret;
}
=20
+enum es_result savic_register_gpa(u64 gpa)
+{
+ struct ghcb_state state;
+ struct es_em_ctxt ctxt;
+ unsigned long flags;
+ enum es_result res;
+ struct ghcb *ghcb;
+
+ local_irq_save(flags);
+
+ ghcb =3D __sev_get_ghcb(&state);
+
+ vc_ghcb_invalidate(ghcb);
+
+ /* Register GPA for the local CPU */
+ ghcb_set_rax(ghcb, -1ULL);
+ ghcb_set_rbx(ghcb, gpa);
+ res =3D sev_es_ghcb_hv_call(ghcb, &ctxt, SVM_VMGEXIT_SECURE_AVIC,
+ SVM_VMGEXIT_SECURE_AVIC_REGISTER_GPA, 0);
+
+ __sev_put_ghcb(&state);
+
+ local_irq_restore(flags);
+
+ return res;
+}
+
static void snp_register_per_cpu_ghcb(void)
{
struct sev_es_runtime_data *data;
diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
index c903d358405d..e17c8cb810a2 100644
--- a/arch/x86/include/asm/apic.h
+++ b/arch/x86/include/asm/apic.h
@@ -305,6 +305,7 @@ struct apic {
=20
/* Probe, setup and smpboot functions */
int (*probe)(void);
+ void (*setup)(void);
int (*acpi_madt_oem_check)(char *oem_id, char *oem_table_id);
=20
void (*init_apic_ldr)(void);
diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index ba7999f66abe..3448032bae8c 100644
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -483,6 +483,7 @@ int snp_send_guest_request(struct snp_msg_desc *mdesc, =
struct snp_guest_req *req
=20
void __init snp_secure_tsc_prepare(void);
void __init snp_secure_tsc_init(void);
+enum es_result savic_register_gpa(u64 gpa);
=20
#else /* !CONFIG_AMD_MEM_ENCRYPT */
=20
@@ -526,6 +527,7 @@ static inline int snp_send_guest_request(struct snp_msg=
_desc *mdesc, struct snp_
struct snp_guest_request_ioctl *rio) { return -ENODEV; }
static inline void __init snp_secure_tsc_prepare(void) { }
static inline void __init snp_secure_tsc_init(void) { }
+static inline enum es_result savic_register_gpa(u64 gpa) { return ES_UNSUP=
PORTED; }
=20
#endif /* CONFIG_AMD_MEM_ENCRYPT */
=20
diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/sv=
m.h
index ec1321248dac..36fc87bdb859 100644
--- a/arch/x86/include/uapi/asm/svm.h
+++ b/arch/x86/include/uapi/asm/svm.h
@@ -117,6 +117,9 @@
#define SVM_VMGEXIT_AP_CREATE 1
#define SVM_VMGEXIT_AP_DESTROY 2
#define SVM_VMGEXIT_SNP_RUN_VMPL 0x80000018
+#define SVM_VMGEXIT_SECURE_AVIC 0x8000001a
+#define SVM_VMGEXIT_SECURE_AVIC_REGISTER_GPA 0
+#define SVM_VMGEXIT_SECURE_AVIC_UNREGISTER_GPA 1
#define SVM_VMGEXIT_HV_FEATURES 0x8000fffd
#define SVM_VMGEXIT_TERM_REQUEST 0x8000fffe
#define SVM_VMGEXIT_TERM_REASON(reason_set, reason_code) \
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index 62584a347931..f59ed284ec5b 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -1502,6 +1502,8 @@ static void setup_local_APIC(void)
return;
}
=20
+ if (apic->setup)
+ apic->setup();
/*
* If this comes from kexec/kcrash the APIC might be enabled in
* SPIV. Soft disable it before doing further initialization.
diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a=
pic_savic.c
index 28cb32e3d803..44a44fe242bf 100644
--- a/arch/x86/kernel/apic/x2apic_savic.c
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -9,12 +9,25 @@
=20
#include <linux/cpumask.h>
#include <linux/cc_platform.h>
+#include <linux/percpu-defs.h>
=20
#include <asm/apic.h>
#include <asm/sev.h>
=20
#include "local.h"
=20
+/* APIC_EILVTn(3) is the last defined APIC register. */
+#define NR_APIC_REGS (APIC_EILVTn(4) >> 2)
+
+struct apic_page {
+ union {
+ u32 regs[NR_APIC_REGS];
+ u8 bytes[PAGE_SIZE];
+ };
+} __aligned(PAGE_SIZE);
+
+static struct apic_page __percpu *apic_page __ro_after_init;
+
static int x2apic_savic_acpi_madt_oem_check(char *oem_id, char *oem_table_=
id)
{
return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC);
@@ -60,6 +73,30 @@ static void x2apic_savic_send_ipi_mask_allbutself(const =
struct cpumask *mask, in
__send_ipi_mask(mask, vector, true);
}
=20
+static void x2apic_savic_setup(void)
+{
+ void *backing_page;
+ enum es_result ret;
+ unsigned long gpa;
+
+ backing_page =3D this_cpu_ptr(apic_page);
+ gpa =3D __pa(backing_page);
+
+ /*
+ * The NPT entry for a vCPU's APIC backing page must always be
+ * present when the vCPU is running in order for Secure AVIC to
+ * function. A VMEXIT_BUSY is returned on VMRUN and the vCPU cannot
+ * be resumed if the NPT entry for the APIC backing page is not
+ * present. Notify GPA of the vCPU's APIC backing page to the
+ * hypervisor by calling savic_register_gpa(). Before executing
+ * VMRUN, the hypervisor makes use of this information to make sure
+ * the APIC backing page is mapped in NPT.
+ */
+ ret =3D savic_register_gpa(gpa);
+ if (ret !=3D ES_OK)
+ snp_abort();
+}
+
static int x2apic_savic_probe(void)
{
if (!cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
@@ -70,6 +107,10 @@ static int x2apic_savic_probe(void)
snp_abort();
}
=20
+ apic_page =3D alloc_percpu(struct apic_page);
+ if (!apic_page)
+ snp_abort();
+
return 1;
}
=20
@@ -78,6 +119,7 @@ static struct apic apic_x2apic_savic __ro_after_init =3D=
{
.name =3D "secure avic x2apic",
.probe =3D x2apic_savic_probe,
.acpi_madt_oem_check =3D x2apic_savic_acpi_madt_oem_check,
+ .setup =3D x2apic_savic_setup,
=20
.dest_mode_logical =3D false,
=20
--=20
2.34.1
From nobody Tue May 13 07:19:50 2025
Received: from NAM11-CO1-obe.outbound.protection.outlook.com
(mail-co1nam11on2078.outbound.protection.outlook.com [40.107.220.78])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 422031FAC4B;
Tue, 1 Apr 2025 11:37:27 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=fail smtp.client-ip=40.107.220.78
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1743507450; cv=fail;
b=L7AYBqYQYj8VOyr3i0t3n50Z/G1EjAMOkJ1rnAUqYa8I+Q8uV6Gn7LOulVzGKIuKEeQ1cSJNlhhBcBjI7D+sNb8OPx2EcSkEcjlY/xqdA14UgwZKG3wIX1BU4JK0594GEEyF2gVURgBqGcaqHh6YXV4voWoeNi4VNI0xEKon2ts=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1743507450; c=relaxed/simple;
bh=buAPPxnR5ltY4moHHmzFJdL3RlP7VfG6PimeMB9F5b4=;
h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version:Content-Type;
b=hUkugvKvtlRme4Q3qJ3ZQ7LfYmt3emoz5fMQzt/u4lStFeYKcAtySjDB7GUWMrOX3rRebNA2SxZ/jOOBOg1g7iX3KxE3cH5RagE4Sr0fDa8/I8DMBRB9M2aA97XYa8gX+RSFs/E2dgvrMkhKDI+94Y8bn+g+QyjYUVYNgljxzDQ=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com;
spf=fail smtp.mailfrom=amd.com;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b=um3vIW2z; arc=fail smtp.client-ip=40.107.220.78
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com
Authentication-Results: smtp.subspace.kernel.org;
spf=fail smtp.mailfrom=amd.com
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b="um3vIW2z"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=OK45RC6/u6DFldDIWWryMeaETmph8l3fKbUPz6ZW53XMMKteqb2mQND4AJYpQDgf89uhkAdBp4tkLRxYO/R25ka/RxeAGd9vddZ/1SOZb18m9AhkrLXARVXLXNqovOfLvy60udoQPoGNPwqqbIj9sNpUTduNA7asy/RQDZ/LePaC0hNJ99FyUG8LHgnWGmwGzIP/gOvSq4WWXW22Mxkt/8gVJYDxnj1FXJ3Hi33vu6Ha9AT2DUwviNviQ2TSVtY6gV0FztGF1nsiDhzzf5oDTzGE39NH9czE2SX9fEFdBvOr5LeReVRUD6e8FRjL8Gza0u9yCCZlZBRf8/+l7S0N8w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=dniIq7l5ASxMpqaOqFnXHj0AvOZ2M9HmXy7NiqVxLzw=;
b=UNozzfHCFnRaVCQy6Fbv4GY3Rz+94aGP0XZ9EPsrgrVWQdKKQW+zTkFGWRyHLiczJZUaaPH2SyjEXiHeOinVd1NRltS1iPRCfAe0YLWRiQ6CB2P7CRw8CAK2hDVAGxZ45NhXIRVpuyx4xtRsQ9CdV+8d4omr8Lny/745M7ao4vJ6aMw1ZjW8ddxZExx0BC8G8ij8zb7qkpKmUdhz65/VNZ1vvg2FfjV2fTO1Y0yREDBJTgxW6Uyu/BCqMZyJkpnIrFRE4L7Qx+fz0jGpfz1PQhuxS3EGrrkQFPNdCNsOk4Az54GCfYM1pJE9/f9Ec5BGujseQq1M98fLZGCmiricCg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=amd.com; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=dniIq7l5ASxMpqaOqFnXHj0AvOZ2M9HmXy7NiqVxLzw=;
b=um3vIW2zJVSGRW6lhLh7mMemroAchR4XWu2pEAn+9Q/9dYZotvdn/YA9heNlICjA4m1VfZlHFIaKjxpjg9UwRUCRArs9fOETr8RNFmy83ZLtOzflpHk46RthE7txsyuA6alOJtbBk0Rbq9YDrA+/qVVyn9quO8OhW1tH6Skt7gQ=
Received: from SJ0PR13CA0074.namprd13.prod.outlook.com (2603:10b6:a03:2c4::19)
by DM4PR12MB6183.namprd12.prod.outlook.com (2603:10b6:8:a7::16) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.44; Tue, 1 Apr
2025 11:37:25 +0000
Received: from CO1PEPF000044FD.namprd21.prod.outlook.com
(2603:10b6:a03:2c4:cafe::91) by SJ0PR13CA0074.outlook.office365.com
(2603:10b6:a03:2c4::19) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8606.20 via Frontend Transport; Tue,
1 Apr 2025 11:37:25 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
smtp.mailfrom=amd.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
165.204.84.17 as permitted sender) receiver=protection.outlook.com;
client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
CO1PEPF000044FD.mail.protection.outlook.com (10.167.241.203) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.8632.2 via Frontend Transport; Tue, 1 Apr 2025 11:37:25 +0000
Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com
(10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 1 Apr
2025 06:37:19 -0500
From: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
To: <linux-kernel@vger.kernel.org>
CC: <bp@alien8.de>, <tglx@linutronix.de>, <mingo@redhat.com>,
<dave.hansen@linux.intel.com>, <Thomas.Lendacky@amd.com>, <nikunj@amd.com>,
<Santosh.Shukla@amd.com>, <Vasant.Hegde@amd.com>,
<Suravee.Suthikulpanit@amd.com>, <David.Kaplan@amd.com>, <x86@kernel.org>,
<hpa@zytor.com>, <peterz@infradead.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <kvm@vger.kernel.org>,
<kirill.shutemov@linux.intel.com>, <huibo.wang@amd.com>,
<naveen.rao@amd.com>, <francescolavra.fl@gmail.com>
Subject: [PATCH v3 03/17] x86/apic: Populate .read()/.write() callbacks of
Secure AVIC driver
Date: Tue, 1 Apr 2025 17:06:02 +0530
Message-ID: <20250401113616.204203-4-Neeraj.Upadhyay@amd.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
References: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
(10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1PEPF000044FD:EE_|DM4PR12MB6183:EE_
X-MS-Office365-Filtering-Correlation-Id: dbddda17-e6f2-4bee-4270-08dd71119309
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|82310400026|7416014|1800799024|376014|36860700013;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?JYN1sb6n5hB08LVhtNby1vq+R245GtkpqgTEyZq807GV20TDgkrgRDEy19f2?=
=?us-ascii?Q?KF4T0xDX5TriiMfXk+N7a/e+HFZvlt7YamYlCkgBJmBOol6dQ6Xx1FGWvN6P?=
=?us-ascii?Q?LmfmCERgMRv1/4L5pBmZ9J1NW+1LwWC20QRoyF91QP1hT2Cvq+ax6PJtRSGk?=
=?us-ascii?Q?bmaf9tNFR3c7ZWNIoCHGUFQlFbYZ7QzIz2vIfKTzo6QNI2nggQ4fbpDnFVPg?=
=?us-ascii?Q?1TJXEozrE3cBSL7nofbOFgn+cH6fq3ab/o2uI+PMCpFmk8R7Kl78fywnMgS5?=
=?us-ascii?Q?+Mefx4ShrpaRM3yUMaHblv0RZJDPyE5IHFRRJ7hrzrE8XAoE+xRdCKBcqdL2?=
=?us-ascii?Q?Ud3H9PIaksoYv4lH1hYpPCT7qSRh27NiAmvfBeD7C8v6wpAXQ1Che/+58aj2?=
=?us-ascii?Q?VxBNUwuJ2NJxzOU7hEAFVDm9enk2SVWIihva3wkspbCF2UUMdYyKmeYpSsVv?=
=?us-ascii?Q?BONW3nEsHxbCoJ/wla63rDBgfOfpSbbViMM6CUkXvZO0JCeF9H5/3oqGCI2J?=
=?us-ascii?Q?wE0IAI7S7isdKDwnlbAzzLVlwX5EmEii4t2EKLgUouPUvYA/i8kcYQKCxkzz?=
=?us-ascii?Q?HT0V3c3YEWNQqrxXtulGpo1i4nDYVo7O6byoPZYF2cgnrMLm12gg4YTgIEkx?=
=?us-ascii?Q?e9e99jOofmUWboY/0KfVRNf3jvjKiXLcJdh8/IfFzK57i/4aG+sN0Kss9hw4?=
=?us-ascii?Q?SFUB4+lnX4SjnmaRUePa7O/cZKgu0VJQWMOjiyVZRIp0EucD+54u+XHyBFfC?=
=?us-ascii?Q?OjjG7cC/bIPIU6LtcRGE8B2RJ4R3OsPYciXzVXjb1w98QdkpEf0cst7AGbSz?=
=?us-ascii?Q?3kw5MCoDTijuU2+0Wf6hXVnLKKdbUPDyPovazHWoqecAPIMRFfncUbGqDrMC?=
=?us-ascii?Q?sjNWrBcm7NJCp6VgM913RDO1RqNaKIVAwqXp7aH+ZDgjE9xBQB4jMLBl7UAE?=
=?us-ascii?Q?oszhBn7T6PzjhmjmmG6kxQfO3uBgc/99A2MyzkPe75TM0zyurZE+BpEDuriz?=
=?us-ascii?Q?P6JOTVuBs7siuwjzfci8JHsoUPTUZwdnlwPX0C5bkZ0YnjB4Rc4fuMtx7GW8?=
=?us-ascii?Q?W8DoCQgeUrkOgoJNJ0qWmf7jrNcsyIXigvwTuLhJxuvmnQnis5aWIao5ZNu8?=
=?us-ascii?Q?ErFyCMm2eACEw+J7cBJEYDGmSD8scRwDTUY4bkZWxd4SSwoPNNYBOHDOENPc?=
=?us-ascii?Q?HRJE7XN1/Djn9C5eqvbmChUL3s1e08Uup7ozcZEqbdRZYoOR3Kb3dCGMFo4W?=
=?us-ascii?Q?tIZYKQzkXlmXHDEgEq+L1YtU6cb32BW9DIMqlh9G15QK+BLY0Au6kIBqZQ4K?=
=?us-ascii?Q?vsh6X9g07KCHpwEvEUNe4ZCYrmho5pnbqU7F6DFgCaYnRukTKaKu0R+qs/VE?=
=?us-ascii?Q?3CF3EE/YMczvwyhBqzM0B5aiMFFDp2GfK61weRrUR6TEdAc1Jmzn/AnNPiYc?=
=?us-ascii?Q?STskGJ1NUdpt4dgPRZvKLfsY/KBCryj8alxiGv5F3YTjCuTJCije2uwVLaj4?=
=?us-ascii?Q?+JO0/MCHvZ8/tG8=3D?=
X-Forefront-Antispam-Report:
CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(7416014)(1800799024)(376014)(36860700013);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2025 11:37:25.0163
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
dbddda17-e6f2-4bee-4270-08dd71119309
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
CO1PEPF000044FD.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6183
Content-Type: text/plain; charset="utf-8"
Add read() and write() APIC callback functions to read and write x2APIC
registers directly from the guest APIC backing page of a vCPU.
The x2APIC registers are mapped at an offset within the guest APIC
backing page which is same as their x2APIC MMIO offset. Secure AVIC
adds new registers such as ALLOWED_IRRs (which are at 4-byte offset
within the IRR register offset range) and NMI_REQ to the APIC register
space.
When Secure AVIC is enabled, guest's rdmsr/wrmsr of APIC registers
result in VC exception (for non-accelerated register accesses) with
error code VMEXIT_AVIC_NOACCEL. The VC exception handler can read/write
the x2APIC register in the guest APIC backing page to complete the
rdmsr/wrmsr. Since doing this would increase the latency of accessing
x2APIC registers, instead of doing rdmsr/wrmsr based reg accesses
and handling reads/writes in VC exception, directly read/write APIC
registers from/to the guest APIC backing page of the vCPU in read()
and write() callbacks of the Secure AVIC APIC driver.
Co-developed-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
Changes since v2:
- Use this_cpu_ptr() instead of type casting in get_reg() and
set_reg().
arch/x86/include/asm/apicdef.h | 2 +
arch/x86/kernel/apic/x2apic_savic.c | 116 +++++++++++++++++++++++++++-
2 files changed, 116 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/asm/apicdef.h b/arch/x86/include/asm/apicdef.h
index 094106b6a538..be39a543fbe5 100644
--- a/arch/x86/include/asm/apicdef.h
+++ b/arch/x86/include/asm/apicdef.h
@@ -135,6 +135,8 @@
#define APIC_TDR_DIV_128 0xA
#define APIC_EFEAT 0x400
#define APIC_ECTRL 0x410
+#define APIC_SEOI 0x420
+#define APIC_IER 0x480
#define APIC_EILVTn(n) (0x500 + 0x10 * n)
#define APIC_EILVT_NR_AMD_K8 1 /* # of extended interrupts */
#define APIC_EILVT_NR_AMD_10H 4
diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a=
pic_savic.c
index 44a44fe242bf..f1dd74724769 100644
--- a/arch/x86/kernel/apic/x2apic_savic.c
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -10,6 +10,7 @@
#include <linux/cpumask.h>
#include <linux/cc_platform.h>
#include <linux/percpu-defs.h>
+#include <linux/align.h>
=20
#include <asm/apic.h>
#include <asm/sev.h>
@@ -33,6 +34,117 @@ static int x2apic_savic_acpi_madt_oem_check(char *oem_i=
d, char *oem_table_id)
return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC);
}
=20
+static __always_inline u32 get_reg(unsigned int offset)
+{
+ return READ_ONCE(this_cpu_ptr(apic_page)->regs[offset >> 2]);
+}
+
+static __always_inline void set_reg(unsigned int offset, u32 val)
+{
+ WRITE_ONCE(this_cpu_ptr(apic_page)->regs[offset >> 2], val);
+}
+
+#define SAVIC_ALLOWED_IRR 0x204
+
+static u32 x2apic_savic_read(u32 reg)
+{
+ /*
+ * When Secure AVIC is enabled, rdmsr/wrmsr of APIC registers
+ * result in VC exception (for non-accelerated register accesses)
+ * with VMEXIT_AVIC_NOACCEL error code. The VC exception handler
+ * can read/write the x2APIC register in the guest APIC backing page.
+ * Since doing this would increase the latency of accessing x2APIC
+ * registers, instead of doing rdmsr/wrmsr based accesses and
+ * handling apic register reads/writes in VC exception, the read()
+ * and write() callbacks directly read/write APIC register from/to
+ * the vCPU APIC backing page.
+ */
+ switch (reg) {
+ case APIC_LVTT:
+ case APIC_TMICT:
+ case APIC_TMCCT:
+ case APIC_TDCR:
+ case APIC_ID:
+ case APIC_LVR:
+ case APIC_TASKPRI:
+ case APIC_ARBPRI:
+ case APIC_PROCPRI:
+ case APIC_LDR:
+ case APIC_SPIV:
+ case APIC_ESR:
+ case APIC_ICR:
+ case APIC_LVTTHMR:
+ case APIC_LVTPC:
+ case APIC_LVT0:
+ case APIC_LVT1:
+ case APIC_LVTERR:
+ case APIC_EFEAT:
+ case APIC_ECTRL:
+ case APIC_SEOI:
+ case APIC_IER:
+ case APIC_EILVTn(0) ... APIC_EILVTn(3):
+ return get_reg(reg);
+ case APIC_ISR ... APIC_ISR + 0x70:
+ case APIC_TMR ... APIC_TMR + 0x70:
+ if (WARN_ONCE(!IS_ALIGNED(reg, 16),
+ "APIC reg read offset 0x%x not aligned at 16 bytes", reg))
+ return 0;
+ return get_reg(reg);
+ /* IRR and ALLOWED_IRR offset range */
+ case APIC_IRR ... APIC_IRR + 0x74:
+ /*
+ * Either aligned at 16 bytes for valid IRR reg offset or a
+ * valid Secure AVIC ALLOWED_IRR offset.
+ */
+ if (WARN_ONCE(!(IS_ALIGNED(reg, 16) ||
+ IS_ALIGNED(reg - SAVIC_ALLOWED_IRR, 16)),
+ "Misaligned IRR/ALLOWED_IRR APIC reg read offset 0x%x", reg))
+ return 0;
+ return get_reg(reg);
+ default:
+ pr_err("Permission denied: read of Secure AVIC reg offset 0x%x\n", reg);
+ return 0;
+ }
+}
+
+#define SAVIC_NMI_REQ 0x278
+
+static void x2apic_savic_write(u32 reg, u32 data)
+{
+ switch (reg) {
+ case APIC_LVTT:
+ case APIC_LVT0:
+ case APIC_LVT1:
+ case APIC_TMICT:
+ case APIC_TDCR:
+ case APIC_SELF_IPI:
+ case APIC_TASKPRI:
+ case APIC_EOI:
+ case APIC_SPIV:
+ case SAVIC_NMI_REQ:
+ case APIC_ESR:
+ case APIC_ICR:
+ case APIC_LVTTHMR:
+ case APIC_LVTPC:
+ case APIC_LVTERR:
+ case APIC_ECTRL:
+ case APIC_SEOI:
+ case APIC_IER:
+ case APIC_EILVTn(0) ... APIC_EILVTn(3):
+ set_reg(reg, data);
+ break;
+ /* ALLOWED_IRR offsets are writable */
+ case SAVIC_ALLOWED_IRR ... SAVIC_ALLOWED_IRR + 0x70:
+ if (IS_ALIGNED(reg - SAVIC_ALLOWED_IRR, 16)) {
+ set_reg(reg, data);
+ break;
+ }
+ fallthrough;
+ default:
+ pr_err("Permission denied: write to Secure AVIC reg offset 0x%x\n", reg);
+ }
+}
+
static void x2apic_savic_send_ipi(int cpu, int vector)
{
u32 dest =3D per_cpu(x86_cpu_to_apicid, cpu);
@@ -141,8 +253,8 @@ static struct apic apic_x2apic_savic __ro_after_init =
=3D {
.send_IPI_self =3D x2apic_send_IPI_self,
.nmi_to_offline_cpu =3D true,
=20
- .read =3D native_apic_msr_read,
- .write =3D native_apic_msr_write,
+ .read =3D x2apic_savic_read,
+ .write =3D x2apic_savic_write,
.eoi =3D native_apic_msr_eoi,
.icr_read =3D native_x2apic_icr_read,
.icr_write =3D native_x2apic_icr_write,
--=20
2.34.1
From nobody Tue May 13 07:19:50 2025
Received: from NAM10-MW2-obe.outbound.protection.outlook.com
(mail-mw2nam10on2084.outbound.protection.outlook.com [40.107.94.84])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id A44DA1FAC42;
Tue, 1 Apr 2025 11:37:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=fail smtp.client-ip=40.107.94.84
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1743507474; cv=fail;
b=X3ZA++k5t05lr5viVQOQPpbnWNym+T+zwa0hQF8uQiJkonh2VBn+ObJK0d9dyJOn9XHNgpM7FjkTjiKS2PWaNTj9BFXKR7yAK+FtXdIkjRJxS0I1leEJW6DSWkCjeNnDEu7viLYi7U8AEWREAkcZwBuuw0Lcqj5/0rbmF4lOiHQ=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1743507474; c=relaxed/simple;
bh=koXRG5KMO6EsJ1OiTAuOlpVrXtHs0HXT34+wMDFiXY4=;
h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version:Content-Type;
b=BKH8sAV6pV5vHQb+H7XzBabh+esUSVl+nZno8YhM7moe1LxclyT/t0TvlkxLG0NpMx6fNyHI52AmkqJ2DrzKhthAeqnZ2sHrHedg7YaXg+Bmcr5DVipdzQHqmc/kHox0v4N3SW1EYY4k1yQidgDqsYCGfmVm1r2rpYb5Gxy9n40=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com;
spf=fail smtp.mailfrom=amd.com;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b=wPnXQf8a; arc=fail smtp.client-ip=40.107.94.84
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com
Authentication-Results: smtp.subspace.kernel.org;
spf=fail smtp.mailfrom=amd.com
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b="wPnXQf8a"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=zKLAuwMl59wl/JCS7s9aS+fkL+dgG48Dg0EnWfx6YlQOUioa1fdaSgDNq5tDHtvb3PoWfdFeCiZk7JSeGo6nwVZ+JqA2nRFnhiYI9K46AGNxuIW2TblUaMMB93f0OD4PnOUHXUakigWnXGgW+d5InQ6LlRTw019vU3TFZwKwPLZLbH6zhHTdg8MQIQUKSic2+aLrzcH1hv4HSWGEukitgagOUx8b0TMHPmmC9H9cVeG6NGndwTsMHWIacaoFQGmk0UJI6q42IDa3wDZRTkS0ovkU6PExMNWE0me1eqdVgSdilV5qOcDuq1SOnx4QRGFkrFjYU+JPj4dOIaMokteFnw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=yltuD29W1pRYgbgxSW01ff36nkdtJizex5B52GIFR98=;
b=nHie/S3LctCvP6m2nVBlJr6065t6yLul1hnGkugIJeKIr0VGLO1WXllsQCK1DO0UdiTUiDJHKFWE3u0kB1w4yU3JAXFXIqHHKmVLVsea+e92ayqW9oSlzlvI1tN5WdbyxE9y1hT+4xLZVZAGpI3LsHG5W9EgqFSF+IrSgQUr1wSjSRCFbjiaqAoFYn83Rr7GTL4F2YA9K3Dz3+abn8388BooO+jTuxpkbChmiBc4W+4SyNluV/+48HdV/wG5v1PIYJ5REhmndMvHYo9G4ewkT94eObcfeAfo9lekt8Q6pCAxPGgLmnlzUl1Fkz7nMM9L/o/r9a6Z5ana/tBSKqHucw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=amd.com; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=yltuD29W1pRYgbgxSW01ff36nkdtJizex5B52GIFR98=;
b=wPnXQf8a//krBLL8NRkdYtE683WYVRkii2wmR4TeX0yYy0Mt89O8OUpoAglh+Zqwc+65r9Y93SMi9JK2hjLUcSAVFb5F3xhBFGXg5EZV8ZLlasJxi001QECxQPfOO5nnhaC9d41Ku8bsZ4C1s9DvxKA5Z4IbW+7mJEpgIthYO90=
Received: from PH8PR21CA0004.namprd21.prod.outlook.com (2603:10b6:510:2ce::11)
by IA1PR12MB9061.namprd12.prod.outlook.com (2603:10b6:208:3ab::6) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.44; Tue, 1 Apr
2025 11:37:49 +0000
Received: from CO1PEPF000044F7.namprd21.prod.outlook.com
(2603:10b6:510:2ce:cafe::bf) by PH8PR21CA0004.outlook.office365.com
(2603:10b6:510:2ce::11) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8632.5 via Frontend Transport; Tue, 1
Apr 2025 11:37:48 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
smtp.mailfrom=amd.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
165.204.84.17 as permitted sender) receiver=protection.outlook.com;
client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
CO1PEPF000044F7.mail.protection.outlook.com (10.167.241.197) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.8632.2 via Frontend Transport; Tue, 1 Apr 2025 11:37:48 +0000
Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com
(10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 1 Apr
2025 06:37:42 -0500
From: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
To: <linux-kernel@vger.kernel.org>
CC: <bp@alien8.de>, <tglx@linutronix.de>, <mingo@redhat.com>,
<dave.hansen@linux.intel.com>, <Thomas.Lendacky@amd.com>, <nikunj@amd.com>,
<Santosh.Shukla@amd.com>, <Vasant.Hegde@amd.com>,
<Suravee.Suthikulpanit@amd.com>, <David.Kaplan@amd.com>, <x86@kernel.org>,
<hpa@zytor.com>, <peterz@infradead.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <kvm@vger.kernel.org>,
<kirill.shutemov@linux.intel.com>, <huibo.wang@amd.com>,
<naveen.rao@amd.com>, <francescolavra.fl@gmail.com>
Subject: [PATCH v3 04/17] x86/apic: Initialize APIC ID for Secure AVIC
Date: Tue, 1 Apr 2025 17:06:03 +0530
Message-ID: <20250401113616.204203-5-Neeraj.Upadhyay@amd.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
References: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
(10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1PEPF000044F7:EE_|IA1PR12MB9061:EE_
X-MS-Office365-Filtering-Correlation-Id: 950f4fc9-f800-446c-80d1-08dd7111a104
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|1800799024|36860700013|376014|82310400026|7416014;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?qBfi97WdumdgGUs66vfQpI+sxOtsLxQu7t6np8np3wecCEllv8CVw8+sWpNv?=
=?us-ascii?Q?H+jVlAVRMt7ESoPigmTcaTc/E2GI3s+jfwOQpeRSkIGogcUSYXijU6EvBSM/?=
=?us-ascii?Q?oHkHGIvWi+fUEX8dtoznjDYseRP/AHDkhgEDVW47KvLhb9Wk1iZjdyRYCeEg?=
=?us-ascii?Q?rK4bsy8dICPCEA+H5WiOrQT2OEAzzYhBqF2YWMtrWgs1RtmYfZiTJIaz/fhl?=
=?us-ascii?Q?Jr/HcE3ngfvCB0SLUXwmyKWt6sb6nk6zCWjBAsjNzmSZCd1F9kjJzMomuTkq?=
=?us-ascii?Q?jA79l691jUktgtlHOx+osjzmuFa64/4WkM0Sp+jEwQcD3LV/wwWkZRMK2sCo?=
=?us-ascii?Q?NNbtIUgoS8KiyW7G6IPuePh7aoW7iSfGc/0l365zdwJnr8gH4D7GQ2esYi3o?=
=?us-ascii?Q?y9jV+pRxzL7fJ7Erw2ZUGASmM3k350EApwg59kD6OvTKk6GkqBpqS4xIMY+1?=
=?us-ascii?Q?lZVva1oUtPc4rfjRy9KHO6SlEN6GBrO66ZGg/zAyctP73dh4aEtvxVUMbgIU?=
=?us-ascii?Q?jyLkDrVaX/rvM2ZG+wZES5HUSQfOCNnQNZrw/Ag9yV+ggFgMDOBIn2GD0ONN?=
=?us-ascii?Q?GqRh4YxqedN4fc3AUwyQkTx7xZbuxSKGfYfQlYf22tnbSTms+NHKxnT4FSER?=
=?us-ascii?Q?pmRQ/K+n8Zr4zrdyCbo6v/J7mgRhk2yJM9u/TADscN7BQIuhjGJgOvg6yxL2?=
=?us-ascii?Q?1TkzDAFzqF/XlccVCA61L4qNYSgTTDbCujW9lo6RhBj7Q5oIS+PFDM9OT/VK?=
=?us-ascii?Q?2ON+oZDFpCOvC98dlvpilziYZMxtGiebAoTKR8gbk0mIr1uqc9x/avotSP0a?=
=?us-ascii?Q?R8Aui+18g9quYVHPe93qUXr4cYMynqif1d3qUTo7XRWIdNNlUZXdwvwE5jFJ?=
=?us-ascii?Q?RG9GavCrmwmXYypdL+7ioLl38PG3CC28xZvkKz8Be49v1o32LoPjunU0j5lP?=
=?us-ascii?Q?m8jn3uKERRQAiVGcTEAD6RSKly7w3zIekv1o0AqanVtDygEAP5UqulS1elLg?=
=?us-ascii?Q?cXr04cfTag8MGVotTdA2v1zQMs/Ng4jnXBbV1TrYhB8BVO8i31SRK8Aw/BZY?=
=?us-ascii?Q?u6wIwcEpAOVkpBUrvAlelrp1VeEk+yKUC73i49pMXBpLWNBp/nUAG31Nchf1?=
=?us-ascii?Q?bU17kSDiYvC72oB1SzrFA4MJg5QZs0Mg5Fhr8S7GcCkK0UsjQ/kJ+ld1Y/Ae?=
=?us-ascii?Q?vDewC8dZIf3N2YLSiJpYOjaZLOqaZ1Y8SJpif4KxbsIUdv8X0Xj4croCSfsr?=
=?us-ascii?Q?gKJc/N+WplPWLIwEe+khtstJ/alA54ijJrwSHrJD3ZfBVhBcNlQ28Wi9IAkt?=
=?us-ascii?Q?mCDmXS0mtMAAzu8grj+c0ppmfXJU5XurGO03wjslRoeOHqGig6Ef0+9WcCSi?=
=?us-ascii?Q?mlzbNaqq/9ZU1suzJONc6NMeOzNQf3hQqhLqoI2TKxpdyiYRUEGjsZhoQz8m?=
=?us-ascii?Q?seoQExZTgbGVwbOYEKaHFD+JKbTyEvsdvjdDCzrN2qFyYAH2E2r+Aw=3D=3D?=
X-Forefront-Antispam-Report:
CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(36860700013)(376014)(82310400026)(7416014);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2025 11:37:48.4741
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
950f4fc9-f800-446c-80d1-08dd7111a104
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
CO1PEPF000044F7.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB9061
Content-Type: text/plain; charset="utf-8"
Initialize the APIC ID in the Secure AVIC APIC backing page with
the APIC_ID msr value read from Hypervisor. CPU topology evaluation
later during boot would catch and report any duplicate APIC ID for
two CPUs.
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
Changes since v2:
- Drop duplicate APIC ID checks.
arch/x86/kernel/apic/x2apic_savic.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a=
pic_savic.c
index f1dd74724769..21f7c055995e 100644
--- a/arch/x86/kernel/apic/x2apic_savic.c
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -185,12 +185,25 @@ static void x2apic_savic_send_ipi_mask_allbutself(con=
st struct cpumask *mask, in
__send_ipi_mask(mask, vector, true);
}
=20
+static void init_apic_page(void)
+{
+ u32 apic_id;
+
+ /*
+ * Before Secure AVIC is enabled, APIC msr reads are intercepted.
+ * APIC_ID msr read returns the value from the Hypervisor.
+ */
+ apic_id =3D native_apic_msr_read(APIC_ID);
+ set_reg(APIC_ID, apic_id);
+}
+
static void x2apic_savic_setup(void)
{
void *backing_page;
enum es_result ret;
unsigned long gpa;
=20
+ init_apic_page();
backing_page =3D this_cpu_ptr(apic_page);
gpa =3D __pa(backing_page);
=20
--=20
2.34.1
From nobody Tue May 13 07:19:50 2025
Received: from NAM11-CO1-obe.outbound.protection.outlook.com
(mail-co1nam11on2082.outbound.protection.outlook.com [40.107.220.82])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5EAE81F03C1;
Tue, 1 Apr 2025 11:38:08 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=fail smtp.client-ip=40.107.220.82
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1743507491; cv=fail;
b=pqAM5duhs7E2CgAgkiuSfn7S4dLJaKUh/5Dzb+b+xji+Y6XNS7HEJnXA0/3zsJFTaTdtN8jXKlwhfZi9QoZif7er7A4gSk8M3+gZSI8hZAdq2WNwuRFojRb+T6XMjW6ieMvgf/mKvqRs0kjxAlGQWhqKChDnvXob5wYKbrtDy0I=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1743507491; c=relaxed/simple;
bh=lA3R67kYElVSZkoqYl9RjJSjlFW4H+eLByAeLeniPZk=;
h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version:Content-Type;
b=QIMr/w+gPCpGuy3bqMIVy353iupX2MHfU6srv2txt+3IchJr5vbl3TpRGpHiSHq3tZqtfs90SMGNo5I38u8T4wrC7kzZ7zlycIn9mmZbtPMq6MpaJXVG133tkujKD9andjMH8kAVUCDGR2BhffQO+M+xUPdsg7IFsLDegbjfh1o=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com;
spf=fail smtp.mailfrom=amd.com;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b=wytVjymD; arc=fail smtp.client-ip=40.107.220.82
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com
Authentication-Results: smtp.subspace.kernel.org;
spf=fail smtp.mailfrom=amd.com
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b="wytVjymD"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=Zqfc1+4NNUMugbEPPvSV6PeHuVMlWCHJYjzYNcX6ob6Om3vAe5STEfeMWlWAzTujzHtYrB1tih9nWU9cA+Ei76X7CfSIM+RfcOkv0weND216wVsFUp42oXZZPDy/3+O4NkWGz0hXZn1rLJezglJ7xQYbuzjQV1MKif7xfbN0pGSLDxOTvL7s+Apy9QdMxuNrvD/UjquOhFJYOgIaNxwuN0ng9LziLIYy3VMlXsRYLTeUKUMv5ttrstPWUmYVs/3+OtTcNUNDnZ+j2PxHqEn2LRQvDV2fIImhbUhYl3lzCzRHtjsoDDerpOnLssRo0f7S9o8LjFlV5asqyTRBQuoqPg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=D2P9M4wzkHH1pCo8KCjWMNMngJMUaN9GNP/gXw1wXNY=;
b=bgaYO59d7GnPxiBRw39e582DYBWueCkobVYG9GgKSu6/Yw5V7m/lymfxF5RgDT/2HnJONzyL1Q94c9SG8+iuSA+zpqSbcoJq+NgffR639r5pLORDuKnBlNQF8eiuP2mKEU0Q2AQZmN7ZWO1JQ/zady2+2MHFRvD5RJHbwPhMyjhYLRJMISjLWYE7F/uhwQV1Fd3jmRvBHP877Wu+1VVmtLGB/3aYobkypQaVeFZjQ9eo4uRkfsAQVTmtTLngYKoUfdrLGPwxeH+h6xGbSSxYnpvakErZq0LVlnwhpIvwqzheARO9NCqWNn0pkPDDkdV5Y4+8OVS/JM90atH5fpug5Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=amd.com; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=D2P9M4wzkHH1pCo8KCjWMNMngJMUaN9GNP/gXw1wXNY=;
b=wytVjymDHNErRuv5/pmxVeh69XHbA0SPSFSRIcvTHHMSjNxsbX8+FFqhIdNCrYpItNPbedBrR0q2XEpHlehcuVS5+dlo0zORTtrbMqfjvmjC7b7PrOjeSem8lQaMZBg3aCx/SNUgPHPFsafRRXOxPmTiJ61NAzYgwTaje/Va/+w=
Received: from BYAPR01CA0021.prod.exchangelabs.com (2603:10b6:a02:80::34) by
SJ1PR12MB6075.namprd12.prod.outlook.com (2603:10b6:a03:45e::8) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.8534.54; Tue, 1 Apr 2025 11:38:06 +0000
Received: from CO1PEPF000044FA.namprd21.prod.outlook.com
(2603:10b6:a02:80:cafe::9) by BYAPR01CA0021.outlook.office365.com
(2603:10b6:a02:80::34) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8534.52 via Frontend Transport; Tue,
1 Apr 2025 11:38:07 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
smtp.mailfrom=amd.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
165.204.84.17 as permitted sender) receiver=protection.outlook.com;
client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
CO1PEPF000044FA.mail.protection.outlook.com (10.167.241.200) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.8632.2 via Frontend Transport; Tue, 1 Apr 2025 11:38:06 +0000
Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com
(10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 1 Apr
2025 06:38:00 -0500
From: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
To: <linux-kernel@vger.kernel.org>
CC: <bp@alien8.de>, <tglx@linutronix.de>, <mingo@redhat.com>,
<dave.hansen@linux.intel.com>, <Thomas.Lendacky@amd.com>, <nikunj@amd.com>,
<Santosh.Shukla@amd.com>, <Vasant.Hegde@amd.com>,
<Suravee.Suthikulpanit@amd.com>, <David.Kaplan@amd.com>, <x86@kernel.org>,
<hpa@zytor.com>, <peterz@infradead.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <kvm@vger.kernel.org>,
<kirill.shutemov@linux.intel.com>, <huibo.wang@amd.com>,
<naveen.rao@amd.com>, <francescolavra.fl@gmail.com>
Subject: [PATCH v3 05/17] x86/apic: Add update_vector callback for Secure AVIC
Date: Tue, 1 Apr 2025 17:06:04 +0530
Message-ID: <20250401113616.204203-6-Neeraj.Upadhyay@amd.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
References: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
(10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1PEPF000044FA:EE_|SJ1PR12MB6075:EE_
X-MS-Office365-Filtering-Correlation-Id: 915877db-3c48-4d09-a304-08dd7111ab83
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|82310400026|36860700013|1800799024|376014|7416014;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?HqIDChtyAuPrEd4COsRBDSpcRL9CLhaJG1T33+S2XebZP9ntuvDZfM0vCRKS?=
=?us-ascii?Q?jmMQG/7/PxwVvWa4baLvtRsIP8AyyQ6mnkaSgtcnRIHtj1C6SmaDa8GhPg8r?=
=?us-ascii?Q?HrVYZ6mqugPKabR5SQ4mnUE9PaILs0OvvZtmdnrFXwVXUadGwPdhbo9lJWAI?=
=?us-ascii?Q?Y0l1VWGZndJoCAbBeI4w6GAI41uxE5MKbacthp8GCwEipYLTW5Hz9fCudcRd?=
=?us-ascii?Q?BQ5E70wuAWtAxSAAkGyxiWbcd4q7r3sZBzAOj8VvDqNva/vPb1F8NJza6DRW?=
=?us-ascii?Q?uoeryHeklVZD/qEQlXCNJ3T77MJ+af6kk0bfahx0S5RkdmGDVj7X9tjCD5sS?=
=?us-ascii?Q?6ZFLwux0IUQbgNJdw+nUBN081VuktAqiSx89mEFDTf76aweomMVRSnx0Jpj8?=
=?us-ascii?Q?4WRozxNvJpNXtiOho/n1/PnJp8S6yxs/IK9BQYljXITIwaofLfMaPGbA5xmw?=
=?us-ascii?Q?nhh06jFqmgfQ5gzEJJ1h7DmjK3IDz8paKKS5923MRUChguy3cQHlZaz4lZx7?=
=?us-ascii?Q?mb2xKuw7aX9hklt5tgTaIHYnrI7wmfhXD4vXzWHxwnfJ7w6VUR3kQQ4TH5uG?=
=?us-ascii?Q?mXRDekdwLplEo+9SepXW7xnJesRYfF7mtql/C4Q1/gpYhi8MoPjB4Lb2oMrw?=
=?us-ascii?Q?MxnzJbdBF2qtxIjRGwkF62KzpY4NOoXavY03hzXra8aTOzntlsINn6yXX/tX?=
=?us-ascii?Q?QVA4HX6LGVK2w3Hnf8pPfccxil2fuwH2r5DUaYG6DNuCY+cl/zx9yabY8TnW?=
=?us-ascii?Q?GfEHVQWvZU3A/28+TipjfcstR3cBEE66HePehZR6PdKn5+WTjxhR8iJU6eOA?=
=?us-ascii?Q?+jzJtFChs7eSPk0ygsuP4+f3JCXkOskF2vuUW7AX4v5jr7LTbHL3FenXXg1p?=
=?us-ascii?Q?agB60mfoUz5X35pknKruXo3ADYnYatv9nyjY1eTMz7joJb6bhlmFebSMYPJW?=
=?us-ascii?Q?uSQp5BE9dpHBXgI/BYVJoeFY3zsQ2xWyQO1Gowipadgb3VAiWuiMjJ8tllCN?=
=?us-ascii?Q?GJjR470r6Y4q8IO16qDMXClJOSjCI8/L6XHAdyQkBuAZOpQ8nmwUs2YgDVph?=
=?us-ascii?Q?u4BuFej1MN1x5m8oSGWNo6d4qWoeXsSMNMNE+ZgVP/Gaj4YqNcG7/yQlbMgZ?=
=?us-ascii?Q?nKiNqOMQQ/Vjt9y/bfhbMD4kLjLB0Y8fdddrlt3LRB7DYJIxlGiWm0T3zg4Z?=
=?us-ascii?Q?EMfmzzV1h3uQDcD43XFnaJxKF7wuXnSWq7zHvboO+lbSMYHpTUWQjCYp1AO1?=
=?us-ascii?Q?jTQFq18dHGq8bQtN8s7peMVw+D5T1OG95nDSP8KYPkoYiWa6boAPYjpickk7?=
=?us-ascii?Q?0snHmAd+vXPmbQA9Shl1mrh+HP21bnU/B9hkrJ6vmgD3jkDz25lEycYhfVgw?=
=?us-ascii?Q?AN2RA/dXBGJXaztCUXH1F+76zgSm8NqVBJe6FPY0ERyzpmy1NQZsSolgsD9L?=
=?us-ascii?Q?dlQtxTUm3Ckk8GKYlxFpHzWd6RrLLHP4qyAD3JZcfH9epadYXlGqscVoWvQO?=
=?us-ascii?Q?LViApCbE+YhGAhQ=3D?=
X-Forefront-Antispam-Report:
CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(1800799024)(376014)(7416014);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2025 11:38:06.0830
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
915877db-3c48-4d09-a304-08dd7111ab83
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
CO1PEPF000044FA.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6075
Content-Type: text/plain; charset="utf-8"
Add update_vector callback to set/clear ALLOWED_IRR field in
a vCPU's APIC backing page for external vectors. The ALLOWED_IRR
field indicates the interrupt vectors which the guest allows the
hypervisor to send (typically for emulated devices). Interrupt
vectors used exclusively by the guest itself and the vectors which
are not emulated by the hypervisor, such as IPI vectors, are part
of system vectors and are not set in the ALLOWED_IRR.
Co-developed-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
Changes since v2:
- Associate update_vector() invocation with vector allocation/free
calls.
- Cleanup and simplify vector bitmap calculation for ALLOWED_IRR.
arch/x86/include/asm/apic.h | 2 +
arch/x86/include/asm/apic.h | 2 +
arch/x86/kernel/apic/vector.c | 59 +++++++++++++++++++++++------
arch/x86/kernel/apic/x2apic_savic.c | 20 ++++++++++
3 files changed, 69 insertions(+), 12 deletions(-)
diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
index e17c8cb810a2..b510008c586f 100644
--- a/arch/x86/include/asm/apic.h
+++ b/arch/x86/include/asm/apic.h
@@ -318,6 +318,8 @@ struct apic {
/* wakeup secondary CPU using 64-bit wakeup point */
int (*wakeup_secondary_cpu_64)(u32 apicid, unsigned long start_eip);
=20
+ void (*update_vector)(unsigned int cpu, unsigned int vector, bool set);
+
char *name;
};
=20
diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c
index 72fa4bb78f0a..897e85e58139 100644
--- a/arch/x86/kernel/apic/vector.c
+++ b/arch/x86/kernel/apic/vector.c
@@ -139,8 +139,44 @@ static void apic_update_irq_cfg(struct irq_data *irqd,=
unsigned int vector,
apicd->hw_irq_cfg.dest_apicid);
}
=20
-static void apic_update_vector(struct irq_data *irqd, unsigned int newvec,
- unsigned int newcpu)
+static inline void apic_update_vector(unsigned int cpu, unsigned int vecto=
r, bool set)
+{
+ if (apic->update_vector)
+ apic->update_vector(cpu, vector, set);
+}
+
+static int irq_alloc_vector(const struct cpumask *dest, bool resvd, unsign=
ed int *cpu)
+{
+ int vector;
+
+ vector =3D irq_matrix_alloc(vector_matrix, dest, resvd, cpu);
+
+ if (vector >=3D 0)
+ apic_update_vector(*cpu, vector, true);
+
+ return vector;
+}
+
+static int irq_alloc_managed_vector(unsigned int *cpu)
+{
+ int vector;
+
+ vector =3D irq_matrix_alloc_managed(vector_matrix, vector_searchmask, cpu=
);
+
+ if (vector >=3D 0)
+ apic_update_vector(*cpu, vector, true);
+
+ return vector;
+}
+
+static void irq_free_vector(unsigned int cpu, unsigned int vector, bool ma=
naged)
+{
+ apic_update_vector(cpu, vector, false);
+ irq_matrix_free(vector_matrix, cpu, vector, managed);
+}
+
+static void apic_chipd_update_vector(struct irq_data *irqd, unsigned int n=
ewvec,
+ unsigned int newcpu)
{
struct apic_chip_data *apicd =3D apic_chip_data(irqd);
struct irq_desc *desc =3D irq_data_to_desc(irqd);
@@ -174,8 +210,7 @@ static void apic_update_vector(struct irq_data *irqd, u=
nsigned int newvec,
apicd->prev_cpu =3D apicd->cpu;
WARN_ON_ONCE(apicd->cpu =3D=3D newcpu);
} else {
- irq_matrix_free(vector_matrix, apicd->cpu, apicd->vector,
- managed);
+ irq_free_vector(apicd->cpu, apicd->vector, managed);
}
=20
setnew:
@@ -256,11 +291,11 @@ assign_vector_locked(struct irq_data *irqd, const str=
uct cpumask *dest)
if (apicd->move_in_progress || !hlist_unhashed(&apicd->clist))
return -EBUSY;
=20
- vector =3D irq_matrix_alloc(vector_matrix, dest, resvd, &cpu);
+ vector =3D irq_alloc_vector(dest, resvd, &cpu);
trace_vector_alloc(irqd->irq, vector, resvd, vector);
if (vector < 0)
return vector;
- apic_update_vector(irqd, vector, cpu);
+ apic_chipd_update_vector(irqd, vector, cpu);
apic_update_irq_cfg(irqd, vector, cpu);
=20
return 0;
@@ -332,12 +367,11 @@ assign_managed_vector(struct irq_data *irqd, const st=
ruct cpumask *dest)
/* set_affinity might call here for nothing */
if (apicd->vector && cpumask_test_cpu(apicd->cpu, vector_searchmask))
return 0;
- vector =3D irq_matrix_alloc_managed(vector_matrix, vector_searchmask,
- &cpu);
+ vector =3D irq_alloc_managed_vector(&cpu);
trace_vector_alloc_managed(irqd->irq, vector, vector);
if (vector < 0)
return vector;
- apic_update_vector(irqd, vector, cpu);
+ apic_chipd_update_vector(irqd, vector, cpu);
apic_update_irq_cfg(irqd, vector, cpu);
return 0;
}
@@ -357,7 +391,7 @@ static void clear_irq_vector(struct irq_data *irqd)
apicd->prev_cpu);
=20
per_cpu(vector_irq, apicd->cpu)[vector] =3D VECTOR_SHUTDOWN;
- irq_matrix_free(vector_matrix, apicd->cpu, vector, managed);
+ irq_free_vector(apicd->cpu, vector, managed);
apicd->vector =3D 0;
=20
/* Clean up move in progress */
@@ -366,7 +400,7 @@ static void clear_irq_vector(struct irq_data *irqd)
return;
=20
per_cpu(vector_irq, apicd->prev_cpu)[vector] =3D VECTOR_SHUTDOWN;
- irq_matrix_free(vector_matrix, apicd->prev_cpu, vector, managed);
+ irq_free_vector(apicd->prev_cpu, vector, managed);
apicd->prev_vector =3D 0;
apicd->move_in_progress =3D 0;
hlist_del_init(&apicd->clist);
@@ -528,6 +562,7 @@ static bool vector_configure_legacy(unsigned int virq, =
struct irq_data *irqd,
if (irqd_is_activated(irqd)) {
trace_vector_setup(virq, true, 0);
apic_update_irq_cfg(irqd, apicd->vector, apicd->cpu);
+ apic_update_vector(apicd->cpu, apicd->vector, true);
} else {
/* Release the vector */
apicd->can_reserve =3D true;
@@ -905,7 +940,7 @@ static void free_moved_vector(struct apic_chip_data *ap=
icd)
* affinity mask comes online.
*/
trace_vector_free_moved(apicd->irq, cpu, vector, managed);
- irq_matrix_free(vector_matrix, cpu, vector, managed);
+ irq_free_vector(cpu, vector, managed);
per_cpu(vector_irq, cpu)[vector] =3D VECTOR_UNUSED;
hlist_del_init(&apicd->clist);
apicd->prev_vector =3D 0;
diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a=
pic_savic.c
index 21f7c055995e..0bb649e3527d 100644
--- a/arch/x86/kernel/apic/x2apic_savic.c
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -185,6 +185,24 @@ static void x2apic_savic_send_ipi_mask_allbutself(cons=
t struct cpumask *mask, in
__send_ipi_mask(mask, vector, true);
}
=20
+static void x2apic_savic_update_vector(unsigned int cpu, unsigned int vect=
or, bool set)
+{
+ struct apic_page *ap =3D per_cpu_ptr(apic_page, cpu);
+ unsigned long *sirr =3D (unsigned long *) &ap->bytes[SAVIC_ALLOWED_IRR];
+ unsigned int bit;
+
+ /*
+ * The registers are 32-bit wide and 16-byte aligned.
+ * Compensate for the resulting bit number spacing.
+ */
+ bit =3D vector + 96 * (vector / 32);
+
+ if (set)
+ set_bit(bit, sirr);
+ else
+ clear_bit(bit, sirr);
+}
+
static void init_apic_page(void)
{
u32 apic_id;
@@ -271,6 +289,8 @@ static struct apic apic_x2apic_savic __ro_after_init =
=3D {
.eoi =3D native_apic_msr_eoi,
.icr_read =3D native_x2apic_icr_read,
.icr_write =3D native_x2apic_icr_write,
+
+ .update_vector =3D x2apic_savic_update_vector,
};
=20
apic_driver(apic_x2apic_savic);
--=20
2.34.1
From nobody Tue May 13 07:19:50 2025
Received: from NAM11-CO1-obe.outbound.protection.outlook.com
(mail-co1nam11on2044.outbound.protection.outlook.com [40.107.220.44])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id DCECD1E766E;
Tue, 1 Apr 2025 11:38:31 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=fail smtp.client-ip=40.107.220.44
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1743507514; cv=fail;
b=IyDqvJOK6DZ//6f560zwHiqgrLYoCXI2rsh1PgF1Zp9YuS3iKNXCha+VGo0efYSW5jhNVIFE3O4OGbkvSPCdllk2lx7OpApsFqvjNhlxTwwJm0rBeeIqisxHMdJvSHXkmoNZpAuGSZqmsaKVKtkwpMq3lkjATafHcQUNE/MiEl4=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1743507514; c=relaxed/simple;
bh=WnzMDg2ZaFvKiN/JiuMw8cG/zWrczoZOnaf+9SSIi1U=;
h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version:Content-Type;
b=Mt8DGPeBcujK1w2kZNLp0gwn8KR2QeGbQC9t+3+It+EDgtzhUFO7ydaD5FohokkcVHFK/XMEG2eIYE8YR3Md6S3H+DoiKbV/SVvtDG2HSryxvF7nzMkiFfAFKcv/Tu5FlqYqLDnLymsRxJNE1R6uAiy89Fn2wRjPJyaOraBvrLk=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com;
spf=fail smtp.mailfrom=amd.com;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b=4hMj2vvv; arc=fail smtp.client-ip=40.107.220.44
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com
Authentication-Results: smtp.subspace.kernel.org;
spf=fail smtp.mailfrom=amd.com
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b="4hMj2vvv"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=VQab0t5J9urDqzetZ8Eh+a2QNHV16vnXls/IwIfIV9l6SsXjjidWYcsUICcaxa7EHnnOZrv/238leUrVUCL4pNKrw0p7Mdphl7XZuYojMexf0zRfmIRnWn+HDRspc61ZMxTULtO1DDgmX6rARcCdFVTNuKqXHyC1zTN1LdWedJMem36xVHFSnwG1MGSY89WP1GitBUPSiIGXNbyTsoLZ4wynSloglFHjZNAxmraSTuG7u54yicxi2X+LPjaZep+T+UE1f0zZHliG1R7H7D5lSHHk29GGZvkrZTtZ8BONeVuIkedvstuueSAc2Ea6+4DN8ZUBI2hnmUzujRU6VQ7CkA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=aIz2UHWXgcSm1AU0rtiPp18/2WQXK1VZUvxsQmA+0uc=;
b=FDmcyLXhBl966fXYMv1e2kj+dJyLts3Ei1LaY8s4g0LM+SgV92x5+07baAeYrCr05UUrM25C8iRKr63hg2IRyg9XuYAaDTSk0FcqLMTI4FufCxLBSoxaRe+8KYvvRC00jzHgSyRBsJ9XJJn0PB97CSzrGnw+on4RSVcP9jqHxNliIvn+GzAvVhvjUIdEIO/CXbyhFfclTNGM/KYUw2u4B/442L9HTwLPCMGwMIAnt9sTcwUrz82gCoCx3TefPkgnC0KZJTd2ya1G7b4pfg7W2nrOBL/Hd7k3ZPvY1Orflcry7iY+/RGFhjDnXR/f8ctdefnMOQs51/CetM/8hcpyYw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=amd.com; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=aIz2UHWXgcSm1AU0rtiPp18/2WQXK1VZUvxsQmA+0uc=;
b=4hMj2vvvNBAySLHkx6yMBkH1p9Zgo2gZW/1XNBgVTQCx+iHGwvU4/1Qyw9l4Yc0HQmQQ/iTAKWMYWb+6j6z0ziQhTEk0+1fPwxMhdipw6WGfTBHFkqdyy82nKxy/odKZ9duuTE3aujRoJdJfkeRijUltO/NBB9QPczyS2ly4wFo=
Received: from PH8PR21CA0003.namprd21.prod.outlook.com (2603:10b6:510:2ce::14)
by LV8PR12MB9111.namprd12.prod.outlook.com (2603:10b6:408:189::18) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.44; Tue, 1 Apr
2025 11:38:26 +0000
Received: from CO1PEPF000044F7.namprd21.prod.outlook.com
(2603:10b6:510:2ce:cafe::12) by PH8PR21CA0003.outlook.office365.com
(2603:10b6:510:2ce::14) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8632.4 via Frontend Transport; Tue, 1
Apr 2025 11:38:25 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
smtp.mailfrom=amd.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
165.204.84.17 as permitted sender) receiver=protection.outlook.com;
client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
CO1PEPF000044F7.mail.protection.outlook.com (10.167.241.197) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.8632.2 via Frontend Transport; Tue, 1 Apr 2025 11:38:25 +0000
Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com
(10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 1 Apr
2025 06:38:18 -0500
From: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
To: <linux-kernel@vger.kernel.org>
CC: <bp@alien8.de>, <tglx@linutronix.de>, <mingo@redhat.com>,
<dave.hansen@linux.intel.com>, <Thomas.Lendacky@amd.com>, <nikunj@amd.com>,
<Santosh.Shukla@amd.com>, <Vasant.Hegde@amd.com>,
<Suravee.Suthikulpanit@amd.com>, <David.Kaplan@amd.com>, <x86@kernel.org>,
<hpa@zytor.com>, <peterz@infradead.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <kvm@vger.kernel.org>,
<kirill.shutemov@linux.intel.com>, <huibo.wang@amd.com>,
<naveen.rao@amd.com>, <francescolavra.fl@gmail.com>
Subject: [PATCH v3 06/17] x86/apic: Add support to send IPI for Secure AVIC
Date: Tue, 1 Apr 2025 17:06:05 +0530
Message-ID: <20250401113616.204203-7-Neeraj.Upadhyay@amd.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
References: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
(10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1PEPF000044F7:EE_|LV8PR12MB9111:EE_
X-MS-Office365-Filtering-Correlation-Id: 33bfcd42-ff81-4e87-d839-08dd7111b6d6
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|36860700013|1800799024|82310400026|376014|7416014;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?bTOk2UhP4xGneUhmbF26tPyQYFpM2g2fRUPMQHSBcFrr4zggojJLgPWA21Zm?=
=?us-ascii?Q?hXpi2zfDgNjT2WhF2GDiE0SmDgdZxAOR/WmiRPRouKKaYovCMtqoy6dk7/Ia?=
=?us-ascii?Q?jy9+nFd8PSrYGJDZzfbECbfW24M35OQqTx34XTwLxGKNn1uwxESZ6Iwbkrhh?=
=?us-ascii?Q?UkJdgtPZkGyI3Dd6ui+jS25MXBsbxTRgvGAvYtOUjJwlQE0+4kJjpSniebiY?=
=?us-ascii?Q?zHjTrneCPLcoovhJXD5MqORqY+I5KyNlXrcoDZ8An0zet+JgJHLEhs6OvSuE?=
=?us-ascii?Q?uKE7e2FtLuQC4qlQ57PB9jT7/fvx5SkW33S/fogHz04jNpZdcd/i99cvzUuz?=
=?us-ascii?Q?NVULYBmQMs01UnUUtbBl32peDsy3srvBOu1LQGTMhE4KPCNkBMpFyOtRSd/U?=
=?us-ascii?Q?p67uFBWxxiEKht2p16OXEhCIexwsBm6iHnsSypyb0CgKohktmm/cEiBWf1zu?=
=?us-ascii?Q?oniDk86/woWKJE97uxfO3j0mMl/rClr/trDGrQZK1Mm28BBW7c8meLNWwDCp?=
=?us-ascii?Q?E7nWea68dspH4hjmmhBQk5TFwVIUOl4Oo3AuFodCLDBXZXwiU8+z6AC9yg1b?=
=?us-ascii?Q?SWcg2EuHrtg5lBSbjrjGTNz1WD8p1e0LEdSTJGKZuC0FfgDi+in4sUmVkrv7?=
=?us-ascii?Q?QUtVjMXTFjio4U0lBMMAnsHf2JybOUCsltGuJNIf7OMmZtGEIV+zrz2WtXUB?=
=?us-ascii?Q?AiLCm9qQsyvspPgJrwY8Y71FMX0A/Ni0h9yCbndTZ/yOlYmogqWBAVCqLfBV?=
=?us-ascii?Q?OC7PYYhGa5MEZDEJnnKX2l+d/ow7fG2w/oQODnt5Vshr9wbqVzwxS0kFhAQH?=
=?us-ascii?Q?G4eG+6v+44vaJqDjnhm68aRYBXP8tzk4nXz8FmbNbO2TiJxMjS9n3c8R+KCH?=
=?us-ascii?Q?pyFg7HbTQa/Mu8iRfcDKtIg+gD1/lmGSJ0werKauQQ9JZbNTWY3vY7s0jtNN?=
=?us-ascii?Q?0soCWAFFqWCF7d6UVjfg472pwA08qeLXvjv7++HeWW/yNa4Ff2CZ3IHVQz25?=
=?us-ascii?Q?O6ENUpj7RjKCyP1+Y4q5qc42ys0FptIuN3KxyTRF+RxZQwdbycUECs1YVEXO?=
=?us-ascii?Q?pGQTm1O8EHcwTYhl/F9eAFQcgjlBAl0tKWZ6IhmZ17PZ1Cwaf4IOX2HkTscO?=
=?us-ascii?Q?EPg5BGhrmBLEtEEBRJBV1DDYQQ561k88sc0Q+4rFW05gH7387qK1jM5qdpnv?=
=?us-ascii?Q?H+GQltJAEz8Rxp2L9a7xSgbeD6wGOSTJ7MM9HDD7KwWRa0iHoprDkFd6lTrP?=
=?us-ascii?Q?ieKDIdDbVNUUBhhFFPbB1CI0mXtWTedqErAJdeYHfswJx+j9HyJa2mcs2jYV?=
=?us-ascii?Q?3lQF9+g7UcPQY01FROWHssar/g87CpGbUVE6n/Ld0y+bdMrX/hb26zgiOSAR?=
=?us-ascii?Q?sd+5uOCBz5ttps7504GuzdHZu1SDM/5QCNZL4ZWdsAWvdQmoTK7dcdygRPp5?=
=?us-ascii?Q?wUlCP5+VAKNOY9lSGwUr+iqahFU47WgX8eKblzTCSTzVNFUPVpJGC3s3d+Oh?=
=?us-ascii?Q?t2R/7LgRyt6gMgU=3D?=
X-Forefront-Antispam-Report:
CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(82310400026)(376014)(7416014);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2025 11:38:25.0905
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
33bfcd42-ff81-4e87-d839-08dd7111b6d6
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
CO1PEPF000044F7.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV8PR12MB9111
Content-Type: text/plain; charset="utf-8"
With Secure AVIC only Self-IPI is accelerated. To handle all the
other IPIs, add new callbacks for sending IPI, which write to the
IRR of the target guest vCPU's APIC backing page and then issue
GHCB protocol MSR write event for the hypervisor to notify the
target vCPU.
Co-developed-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
Changes since v2:
- Simplify vector updates in bitmap.
- Cleanup icr_data parcelling and unparcelling.
- Misc cleanups.
- Fix warning reported by kernel test robot.
arch/x86/coco/sev/core.c | 40 ++++++-
arch/x86/include/asm/sev.h | 2 +
arch/x86/kernel/apic/x2apic_savic.c | 164 ++++++++++++++++++++++------
3 files changed, 167 insertions(+), 39 deletions(-)
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index 036833ac17e1..e53147a630c3 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -1464,14 +1464,10 @@ static enum es_result __vc_handle_secure_tsc_msrs(s=
truct pt_regs *regs, bool wri
return ES_OK;
}
=20
-static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *=
ctxt)
+static enum es_result __vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt=
*ctxt, bool write)
{
struct pt_regs *regs =3D ctxt->regs;
enum es_result ret;
- bool write;
-
- /* Is it a WRMSR? */
- write =3D ctxt->insn.opcode.bytes[1] =3D=3D 0x30;
=20
switch (regs->cx) {
case MSR_SVSM_CAA:
@@ -1501,6 +1497,40 @@ static enum es_result vc_handle_msr(struct ghcb *ghc=
b, struct es_em_ctxt *ctxt)
return ret;
}
=20
+static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *=
ctxt)
+{
+ return __vc_handle_msr(ghcb, ctxt, ctxt->insn.opcode.bytes[1] =3D=3D 0x30=
);
+}
+
+void savic_ghcb_msr_write(u32 reg, u64 value)
+{
+ u64 msr =3D APIC_BASE_MSR + (reg >> 4);
+ struct pt_regs regs =3D {
+ .cx =3D msr,
+ .ax =3D lower_32_bits(value),
+ .dx =3D upper_32_bits(value)
+ };
+ struct es_em_ctxt ctxt =3D { .regs =3D ®s };
+ struct ghcb_state state;
+ unsigned long flags;
+ enum es_result ret;
+ struct ghcb *ghcb;
+
+ local_irq_save(flags);
+ ghcb =3D __sev_get_ghcb(&state);
+ vc_ghcb_invalidate(ghcb);
+
+ ret =3D __vc_handle_msr(ghcb, &ctxt, true);
+ if (ret !=3D ES_OK) {
+ pr_err("Secure AVIC msr (0x%llx) write returned error (%d)\n", msr, ret);
+ /* MSR writes should never fail. Any failure is fatal error for SNP gues=
t */
+ snp_abort();
+ }
+
+ __sev_put_ghcb(&state);
+ local_irq_restore(flags);
+}
+
enum es_result savic_register_gpa(u64 gpa)
{
struct ghcb_state state;
diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index 3448032bae8c..855c705ee074 100644
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -484,6 +484,7 @@ int snp_send_guest_request(struct snp_msg_desc *mdesc, =
struct snp_guest_req *req
void __init snp_secure_tsc_prepare(void);
void __init snp_secure_tsc_init(void);
enum es_result savic_register_gpa(u64 gpa);
+void savic_ghcb_msr_write(u32 reg, u64 value);
=20
#else /* !CONFIG_AMD_MEM_ENCRYPT */
=20
@@ -528,6 +529,7 @@ static inline int snp_send_guest_request(struct snp_msg=
_desc *mdesc, struct snp_
static inline void __init snp_secure_tsc_prepare(void) { }
static inline void __init snp_secure_tsc_init(void) { }
static inline enum es_result savic_register_gpa(u64 gpa) { return ES_UNSUP=
PORTED; }
+static inline void savic_ghcb_msr_write(u32 reg, u64 value) { }
=20
#endif /* CONFIG_AMD_MEM_ENCRYPT */
=20
diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a=
pic_savic.c
index 0bb649e3527d..657e560978e7 100644
--- a/arch/x86/kernel/apic/x2apic_savic.c
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -46,6 +46,25 @@ static __always_inline void set_reg(unsigned int offset,=
u32 val)
=20
#define SAVIC_ALLOWED_IRR 0x204
=20
+static inline void update_vector(unsigned int cpu, unsigned int offset,
+ unsigned int vector, bool set)
+{
+ struct apic_page *ap =3D per_cpu_ptr(apic_page, cpu);
+ unsigned long *reg =3D (unsigned long *) &ap->bytes[offset];
+ unsigned int bit;
+
+ /*
+ * The registers are 32-bit wide and 16-byte aligned.
+ * Compensate for the resulting bit number spacing.
+ */
+ bit =3D vector + 96 * (vector / 32);
+
+ if (set)
+ set_bit(bit, reg);
+ else
+ clear_bit(bit, reg);
+}
+
static u32 x2apic_savic_read(u32 reg)
{
/*
@@ -109,6 +128,17 @@ static u32 x2apic_savic_read(u32 reg)
=20
#define SAVIC_NMI_REQ 0x278
=20
+static inline void self_ipi_reg_write(unsigned int vector)
+{
+ /*
+ * Secure AVIC hardware accelerates guest's MSR write to SELF_IPI
+ * register. It updates the IRR in the APIC backing page, evaluates
+ * the new IRR for interrupt injection and continues with guest
+ * code execution.
+ */
+ native_apic_msr_write(APIC_SELF_IPI, vector);
+}
+
static void x2apic_savic_write(u32 reg, u32 data)
{
switch (reg) {
@@ -117,7 +147,6 @@ static void x2apic_savic_write(u32 reg, u32 data)
case APIC_LVT1:
case APIC_TMICT:
case APIC_TDCR:
- case APIC_SELF_IPI:
case APIC_TASKPRI:
case APIC_EOI:
case APIC_SPIV:
@@ -133,6 +162,9 @@ static void x2apic_savic_write(u32 reg, u32 data)
case APIC_EILVTn(0) ... APIC_EILVTn(3):
set_reg(reg, data);
break;
+ case APIC_SELF_IPI:
+ self_ipi_reg_write(data);
+ break;
/* ALLOWED_IRR offsets are writable */
case SAVIC_ALLOWED_IRR ... SAVIC_ALLOWED_IRR + 0x70:
if (IS_ALIGNED(reg - SAVIC_ALLOWED_IRR, 16)) {
@@ -145,62 +177,126 @@ static void x2apic_savic_write(u32 reg, u32 data)
}
}
=20
+static inline void send_ipi_dest(unsigned int cpu, unsigned int vector)
+{
+ update_vector(cpu, APIC_IRR, vector, true);
+}
+
+static void send_ipi_allbut(unsigned int vector)
+{
+ unsigned int cpu, src_cpu;
+ unsigned long flags;
+
+ local_irq_save(flags);
+
+ src_cpu =3D raw_smp_processor_id();
+
+ for_each_cpu(cpu, cpu_online_mask) {
+ if (cpu =3D=3D src_cpu)
+ continue;
+ send_ipi_dest(cpu, vector);
+ }
+
+ local_irq_restore(flags);
+}
+
+static inline void self_ipi(unsigned int vector)
+{
+ u32 icr_low =3D APIC_SELF_IPI | vector;
+
+ native_x2apic_icr_write(icr_low, 0);
+}
+
+static void x2apic_savic_icr_write(u32 icr_low, u32 icr_high)
+{
+ unsigned int dsh, vector;
+ u64 icr_data;
+
+ dsh =3D icr_low & APIC_DEST_ALLBUT;
+ vector =3D icr_low & APIC_VECTOR_MASK;
+
+ switch (dsh) {
+ case APIC_DEST_SELF:
+ self_ipi(vector);
+ break;
+ case APIC_DEST_ALLINC:
+ self_ipi(vector);
+ fallthrough;
+ case APIC_DEST_ALLBUT:
+ send_ipi_allbut(vector);
+ break;
+ default:
+ send_ipi_dest(icr_high, vector);
+ break;
+ }
+
+ icr_data =3D ((u64)icr_high) << 32 | icr_low;
+ if (dsh !=3D APIC_DEST_SELF)
+ savic_ghcb_msr_write(APIC_ICR, icr_data);
+}
+
+static void send_ipi(u32 dest, unsigned int vector, unsigned int dsh)
+{
+ unsigned int icr_low;
+
+ icr_low =3D __prepare_ICR(dsh, vector, APIC_DEST_PHYSICAL);
+ x2apic_savic_icr_write(icr_low, dest);
+}
+
static void x2apic_savic_send_ipi(int cpu, int vector)
{
u32 dest =3D per_cpu(x86_cpu_to_apicid, cpu);
=20
- /* x2apic MSRs are special and need a special fence: */
- weak_wrmsr_fence();
- __x2apic_send_IPI_dest(dest, vector, APIC_DEST_PHYSICAL);
+ send_ipi(dest, vector, 0);
}
=20
-static void __send_ipi_mask(const struct cpumask *mask, int vector, bool e=
xcl_self)
+static void send_ipi_mask(const struct cpumask *mask, unsigned int vector,=
bool excl_self)
{
- unsigned long query_cpu;
- unsigned long this_cpu;
+ unsigned int this_cpu;
+ unsigned int cpu;
unsigned long flags;
=20
- /* x2apic MSRs are special and need a special fence: */
- weak_wrmsr_fence();
-
local_irq_save(flags);
=20
- this_cpu =3D smp_processor_id();
- for_each_cpu(query_cpu, mask) {
- if (excl_self && this_cpu =3D=3D query_cpu)
+ this_cpu =3D raw_smp_processor_id();
+
+ for_each_cpu(cpu, mask) {
+ if (excl_self && cpu =3D=3D this_cpu)
continue;
- __x2apic_send_IPI_dest(per_cpu(x86_cpu_to_apicid, query_cpu),
- vector, APIC_DEST_PHYSICAL);
+ send_ipi(per_cpu(x86_cpu_to_apicid, cpu), vector, 0);
}
+
local_irq_restore(flags);
}
=20
static void x2apic_savic_send_ipi_mask(const struct cpumask *mask, int vec=
tor)
{
- __send_ipi_mask(mask, vector, false);
+ send_ipi_mask(mask, vector, false);
}
=20
static void x2apic_savic_send_ipi_mask_allbutself(const struct cpumask *ma=
sk, int vector)
{
- __send_ipi_mask(mask, vector, true);
+ send_ipi_mask(mask, vector, true);
}
=20
-static void x2apic_savic_update_vector(unsigned int cpu, unsigned int vect=
or, bool set)
+static void x2apic_savic_send_ipi_allbutself(int vector)
{
- struct apic_page *ap =3D per_cpu_ptr(apic_page, cpu);
- unsigned long *sirr =3D (unsigned long *) &ap->bytes[SAVIC_ALLOWED_IRR];
- unsigned int bit;
+ send_ipi(0, vector, APIC_DEST_ALLBUT);
+}
=20
- /*
- * The registers are 32-bit wide and 16-byte aligned.
- * Compensate for the resulting bit number spacing.
- */
- bit =3D vector + 96 * (vector / 32);
+static void x2apic_savic_send_ipi_all(int vector)
+{
+ send_ipi(0, vector, APIC_DEST_ALLINC);
+}
=20
- if (set)
- set_bit(bit, sirr);
- else
- clear_bit(bit, sirr);
+static void x2apic_savic_send_ipi_self(int vector)
+{
+ self_ipi_reg_write(vector);
+}
+
+static void x2apic_savic_update_vector(unsigned int cpu, unsigned int vect=
or, bool set)
+{
+ update_vector(cpu, SAVIC_ALLOWED_IRR, vector, set);
}
=20
static void init_apic_page(void)
@@ -279,16 +375,16 @@ static struct apic apic_x2apic_savic __ro_after_init =
=3D {
.send_IPI =3D x2apic_savic_send_ipi,
.send_IPI_mask =3D x2apic_savic_send_ipi_mask,
.send_IPI_mask_allbutself =3D x2apic_savic_send_ipi_mask_allbutself,
- .send_IPI_allbutself =3D x2apic_send_IPI_allbutself,
- .send_IPI_all =3D x2apic_send_IPI_all,
- .send_IPI_self =3D x2apic_send_IPI_self,
+ .send_IPI_allbutself =3D x2apic_savic_send_ipi_allbutself,
+ .send_IPI_all =3D x2apic_savic_send_ipi_all,
+ .send_IPI_self =3D x2apic_savic_send_ipi_self,
.nmi_to_offline_cpu =3D true,
=20
.read =3D x2apic_savic_read,
.write =3D x2apic_savic_write,
.eoi =3D native_apic_msr_eoi,
.icr_read =3D native_x2apic_icr_read,
- .icr_write =3D native_x2apic_icr_write,
+ .icr_write =3D x2apic_savic_icr_write,
=20
.update_vector =3D x2apic_savic_update_vector,
};
--=20
2.34.1
From nobody Tue May 13 07:19:50 2025
Received: from NAM11-BN8-obe.outbound.protection.outlook.com
(mail-bn8nam11on2084.outbound.protection.outlook.com [40.107.236.84])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 84A121E1C22;
Tue, 1 Apr 2025 11:38:48 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=fail smtp.client-ip=40.107.236.84
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1743507530; cv=fail;
b=Zi0uKw1cN1S2QrU/yiKaglpmaWYSiRxKuNDiTK3/my7HK2VWsYOp833S37FJw6dx4+ESt5ngeH7H4TL1io3cdQRuf+VG9Xj0iM9LPpm4n2TeJaWNdukLeInSI7ezZaVuCiH2fCX3ZuPkgKh3GHIJDccD0O3wJA4LvakhqeWBRpo=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1743507530; c=relaxed/simple;
bh=R3Walva4TvYHCeoDX87PEfGddguC0Jc9EfENorDylUk=;
h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version:Content-Type;
b=eQSuWrEdB6HtLqs4n5MKW2WBdSiDW4Jdu9jofP/CXba1U+K26S1QeAgjuO3Jb7dgqfWZ0MLawX8m9LT/Trck1xk4b7JDN7Ja9X2rd4voQEhkvOIobZqllctj78k7CHCSOuoJqmahjuIB9FzON7HZu4bYWStu2uIB9icWt5wXe0M=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com;
spf=fail smtp.mailfrom=amd.com;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b=p6q/3OkI; arc=fail smtp.client-ip=40.107.236.84
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com
Authentication-Results: smtp.subspace.kernel.org;
spf=fail smtp.mailfrom=amd.com
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b="p6q/3OkI"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=eP21b6WVzMyiXHRsiwoYGqXIEQ9NATrZyTAsP4ir+aDY/QGl7SUG83ssBF58Z1ghhJlJrxG6B2xPxDfpzStD+jDxnEZVWPVBSwYkspnoNsWgQZ7WqBTQB4kP5AqkfM4w9ILcyANhKMwLONjgbljt3r6djon2a2iBMXNB6EZKLSkhxRTeJiB+rVIGBilmD6Ss5vhJk23IsN545Tk/y3Py2Qb9mG83w81WjGY/2GP0h/S4HYjsoHP0YXUH/m7Ld9lSxoDcm0hn18svGE7wrUlANVv85QW8prAat5sy8OxloEa4VFxN3698BZmV1lsY5FwzxPZ2vmyAME2TpoZNl+pKQQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=94U1IXp2DQDZznDtEb05nXOBV9doTs9pWgcKZFdBi6M=;
b=YnBvDtYLOtYoc0SGo6awLdso7bklVNKyNcO2g62mQ5vpkgQQg4/mdKFRO16fQ0xrtclBSZ1j9PKmZRR3Li+unHTWpDRjc4cTgvQf6Gysk9P5uWZ1os31TA99TNCHi0xAZQ4nPXe1IHpb/4aDR2N4k9i/oTiGFSmiucnTEevRPmlBGwAnD6CPNHWrpBrPZExwTgJ5Y6IviBPArDWvU25MTzkOWRCW/nSjQZzzdydGw7pgsFaEbgO8ve1q06B/CVKWJuvgF2VvNHDhKMveGSY7yUluTe1WRYF31sPmWi7MTNJnZejyCwio238ukqwbgob1Cm2AKeqjstq5eV81kakUoQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=amd.com; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=94U1IXp2DQDZznDtEb05nXOBV9doTs9pWgcKZFdBi6M=;
b=p6q/3OkIbx5P5VhGWOMfDcxZYL9EUv1z5m6zhcCGvzQ1pTpOCWmyZkq7t678BSbDYC30KDlWpelWvSsfm2sEKRWftgeG8IySMabUcvY8Uqos9aoPoZF9t9fq1khkTu6eBWghJgjMjHRG4Nla0K3pmiv+PtopKSpaN2lUmpDQWa0=
Received: from PH7P220CA0120.NAMP220.PROD.OUTLOOK.COM (2603:10b6:510:32d::22)
by PH0PR12MB7958.namprd12.prod.outlook.com (2603:10b6:510:285::14) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.50; Tue, 1 Apr
2025 11:38:44 +0000
Received: from CO1PEPF000044FC.namprd21.prod.outlook.com
(2603:10b6:510:32d:cafe::95) by PH7P220CA0120.outlook.office365.com
(2603:10b6:510:32d::22) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8583.39 via Frontend Transport; Tue,
1 Apr 2025 11:38:43 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
smtp.mailfrom=amd.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
165.204.84.17 as permitted sender) receiver=protection.outlook.com;
client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
CO1PEPF000044FC.mail.protection.outlook.com (10.167.241.202) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.8632.2 via Frontend Transport; Tue, 1 Apr 2025 11:38:43 +0000
Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com
(10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 1 Apr
2025 06:38:37 -0500
From: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
To: <linux-kernel@vger.kernel.org>
CC: <bp@alien8.de>, <tglx@linutronix.de>, <mingo@redhat.com>,
<dave.hansen@linux.intel.com>, <Thomas.Lendacky@amd.com>, <nikunj@amd.com>,
<Santosh.Shukla@amd.com>, <Vasant.Hegde@amd.com>,
<Suravee.Suthikulpanit@amd.com>, <David.Kaplan@amd.com>, <x86@kernel.org>,
<hpa@zytor.com>, <peterz@infradead.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <kvm@vger.kernel.org>,
<kirill.shutemov@linux.intel.com>, <huibo.wang@amd.com>,
<naveen.rao@amd.com>, <francescolavra.fl@gmail.com>
Subject: [PATCH v3 07/17] x86/apic: Support LAPIC timer for Secure AVIC
Date: Tue, 1 Apr 2025 17:06:06 +0530
Message-ID: <20250401113616.204203-8-Neeraj.Upadhyay@amd.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
References: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
(10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1PEPF000044FC:EE_|PH0PR12MB7958:EE_
X-MS-Office365-Filtering-Correlation-Id: 8383f1dd-a88c-46e1-baa2-08dd7111c1c4
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|7416014|36860700013|376014|1800799024|82310400026;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?/dWKusUEqU89Vpb6qAp4rvacU4KaDgg1+ZLXVgLUpmiO0SvnGTLGymnubKTG?=
=?us-ascii?Q?m/9gLwxkaggPxv4+rxoLMMQK0Vg3tm2bIW5014a19cxLrm9ZwWxkjKmy8id5?=
=?us-ascii?Q?dCHGsCkBvV0oDXDLyBsEv0vBQO187JXl4gtCfezDkGCl4wCNoCU2Uy8icSh2?=
=?us-ascii?Q?100H/6ijLk6PD8niaP92UMIsE9fyFaIakSR8TwXIbUF4PJjT8xkBju/OtCwP?=
=?us-ascii?Q?vLnREMyBU5S9NDz+xIoanrWVAHZ/uOcqpjI4XyS0GYoG3TqLYheybePdFGA5?=
=?us-ascii?Q?0WccuitKLo32ZV9aQrVMzAMdJ9DF+K++4sAbkx+BA8QaG/uj2EiDChd5m+cd?=
=?us-ascii?Q?TcQEYzsJ2EWyIbsp2qgdbW3Wu83wpJbJ1016qRRuo8/9zifTDzvadGaM8823?=
=?us-ascii?Q?/BOzxKNKpHHtoTHhP33D47yia/oMNQMHV37DzvG2/4YoLSqxNXyYlZmwr1QG?=
=?us-ascii?Q?Te69PI7O8diakyemPt5Q6l4x/vq++Wp16K8PzI8ZZKOmW4SaEUyAbncxZWfy?=
=?us-ascii?Q?ISyHvRrM1wQN9dLYhIMSfmAS62FG/fkfYAIPWgeRoIN4xd0sp9z/laPlrOMI?=
=?us-ascii?Q?+sJK/yHN2vfEU3IaWUxXQ1+o3PGwsaLFeYb77e+yU+kdTRupM32j6dWAFMXN?=
=?us-ascii?Q?yYtCO2KYuIO/VqYXlCkPSiRFfrcMNB0iFQ3MWxYvChwzvlz4rRRHysMGreeq?=
=?us-ascii?Q?VUoNxVhlqCKuQH6FKOxSNVW1lJ1qnlruOlqJH7FKjrj2hM4deuwJmvvV+Cqu?=
=?us-ascii?Q?MrfdUIDnFQ2N1JDtTNkkgZXlrPhT7j42u8U1ahNmiARR42ULL99mi4OPofIr?=
=?us-ascii?Q?apc015f0cj6WLm6wmLEnlFTOVBsfw53+/Uco5X71qqmz1hinHTgIdMq1YzGw?=
=?us-ascii?Q?7mvF9ODWpdJQAtPVYu46pnwyOstjk0FZMUSI2EsbJt90Gl6zHJ45balZxqQV?=
=?us-ascii?Q?fbwTCwQ771bN4sEw6sAZ6Zr5eF4WIVDYkPSum89rUVO0LdcHF3E/n5ujI6lY?=
=?us-ascii?Q?p1dtinQizzHaleCOp5gVDN9yMprxB7RrKy2yimhUpgPn0U/qLUB2zw2GVqdv?=
=?us-ascii?Q?xCeJx1VC8+dBUQTQ2x4G6Zt8X9f+vPOVOM6K/koC19t1vFXzOnl87oeeOjEj?=
=?us-ascii?Q?5P8n1Yf0wFB3VAK2URfY0WUeAm7Y3+wT6kN66PZ9UJ1GV5HyB8d03ipQtNxN?=
=?us-ascii?Q?l2UHNWTZd/YUlQpBIwqG90ZLKNy4yUy3PvGyOKReLIMtW72tyZpS2c2MA34G?=
=?us-ascii?Q?+5i16/QzfE4roN2AxnjmjOtufb02FG8s3dUb9pDVbEbd8ULL0CYSp9s5SalP?=
=?us-ascii?Q?3TiSmj182Xp2CiqwQ/t7uh47JY0zGO3x02aPuDiaHpU8POmexPtYQsf3nF6u?=
=?us-ascii?Q?w9pilhRDChkFombSNXUFv9twykEhJv1/UhMq/AdJeZcuuVXzihbbJrYyerrm?=
=?us-ascii?Q?MSpmmZO9MUXm3n+/jQKUKNQu54aOat3uybqdAEkGiL/M8QeAXYYnZrSoY6+3?=
=?us-ascii?Q?1OU1yO0sFSMOhYw=3D?=
X-Forefront-Antispam-Report:
CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(36860700013)(376014)(1800799024)(82310400026);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2025 11:38:43.4204
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
8383f1dd-a88c-46e1-baa2-08dd7111c1c4
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
CO1PEPF000044FC.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB7958
Content-Type: text/plain; charset="utf-8"
Secure AVIC requires LAPIC timer to be emulated by the hypervisor.
KVM already supports emulating LAPIC timer using hrtimers. In order
to emulate LAPIC timer, APIC_LVTT, APIC_TMICT and APIC_TDCR register
values need to be propagated to the hypervisor for arming the timer.
APIC_TMCCT register value has to be read from the hypervisor, which
is required for calibrating the APIC timer. So, read/write all APIC
timer registers from/to the hypervisor.
In addition, add a static call for apic's update_vector() callback,
to configure ALLOWED_IRR for the hypervisor to inject timer interrupt
using LOCAL_TIMER_VECTOR.
Co-developed-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
Changes since v2:
- Add static call for apic_update_vector()
arch/x86/coco/sev/core.c | 27 +++++++++++++++++++++++++++
arch/x86/include/asm/apic.h | 8 ++++++++
arch/x86/include/asm/sev.h | 2 ++
arch/x86/kernel/apic/apic.c | 2 ++
arch/x86/kernel/apic/init.c | 3 +++
arch/x86/kernel/apic/vector.c | 6 ------
arch/x86/kernel/apic/x2apic_savic.c | 7 +++++--
7 files changed, 47 insertions(+), 8 deletions(-)
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index e53147a630c3..1122cf93983d 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -1502,6 +1502,33 @@ static enum es_result vc_handle_msr(struct ghcb *ghc=
b, struct es_em_ctxt *ctxt)
return __vc_handle_msr(ghcb, ctxt, ctxt->insn.opcode.bytes[1] =3D=3D 0x30=
);
}
=20
+u64 savic_ghcb_msr_read(u32 reg)
+{
+ u64 msr =3D APIC_BASE_MSR + (reg >> 4);
+ struct pt_regs regs =3D { .cx =3D msr };
+ struct es_em_ctxt ctxt =3D { .regs =3D ®s };
+ struct ghcb_state state;
+ unsigned long flags;
+ enum es_result ret;
+ struct ghcb *ghcb;
+
+ local_irq_save(flags);
+ ghcb =3D __sev_get_ghcb(&state);
+ vc_ghcb_invalidate(ghcb);
+
+ ret =3D __vc_handle_msr(ghcb, &ctxt, false);
+ if (ret !=3D ES_OK) {
+ pr_err("Secure AVIC msr (0x%llx) read returned error (%d)\n", msr, ret);
+ /* MSR read failures are treated as fatal errors */
+ snp_abort();
+ }
+
+ __sev_put_ghcb(&state);
+ local_irq_restore(flags);
+
+ return regs.ax | regs.dx << 32;
+}
+
void savic_ghcb_msr_write(u32 reg, u64 value)
{
u64 msr =3D APIC_BASE_MSR + (reg >> 4);
diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
index b510008c586f..7616a622248c 100644
--- a/arch/x86/include/asm/apic.h
+++ b/arch/x86/include/asm/apic.h
@@ -338,6 +338,7 @@ struct apic_override {
void (*icr_write)(u32 low, u32 high);
int (*wakeup_secondary_cpu)(u32 apicid, unsigned long start_eip);
int (*wakeup_secondary_cpu_64)(u32 apicid, unsigned long start_eip);
+ void (*update_vector)(unsigned int cpu, unsigned int vector, bool set);
};
=20
/*
@@ -397,6 +398,7 @@ DECLARE_APIC_CALL(wait_icr_idle);
DECLARE_APIC_CALL(wakeup_secondary_cpu);
DECLARE_APIC_CALL(wakeup_secondary_cpu_64);
DECLARE_APIC_CALL(write);
+DECLARE_APIC_CALL(update_vector);
=20
static __always_inline u32 apic_read(u32 reg)
{
@@ -473,6 +475,11 @@ static __always_inline bool apic_id_valid(u32 apic_id)
return apic_id <=3D apic->max_apic_id;
}
=20
+static __always_inline void apic_update_vector(unsigned int cpu, unsigned =
int vector, bool set)
+{
+ static_call(apic_call_update_vector)(cpu, vector, set);
+}
+
#else /* CONFIG_X86_LOCAL_APIC */
=20
static inline u32 apic_read(u32 reg) { return 0; }
@@ -484,6 +491,7 @@ static inline void apic_wait_icr_idle(void) { }
static inline u32 safe_apic_wait_icr_idle(void) { return 0; }
static inline void apic_native_eoi(void) { WARN_ON_ONCE(1); }
static inline void apic_setup_apic_calls(void) { }
+static inline void apic_update_vector(unsigned int cpu, unsigned int vecto=
r, bool set) { }
=20
#define apic_update_callback(_callback, _fn) do { } while (0)
=20
diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index 855c705ee074..7c942b9c593a 100644
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -484,6 +484,7 @@ int snp_send_guest_request(struct snp_msg_desc *mdesc, =
struct snp_guest_req *req
void __init snp_secure_tsc_prepare(void);
void __init snp_secure_tsc_init(void);
enum es_result savic_register_gpa(u64 gpa);
+u64 savic_ghcb_msr_read(u32 reg);
void savic_ghcb_msr_write(u32 reg, u64 value);
=20
#else /* !CONFIG_AMD_MEM_ENCRYPT */
@@ -530,6 +531,7 @@ static inline void __init snp_secure_tsc_prepare(void) =
{ }
static inline void __init snp_secure_tsc_init(void) { }
static inline enum es_result savic_register_gpa(u64 gpa) { return ES_UNSUP=
PORTED; }
static inline void savic_ghcb_msr_write(u32 reg, u64 value) { }
+static inline u64 savic_ghcb_msr_read(u32 reg) { return 0; }
=20
#endif /* CONFIG_AMD_MEM_ENCRYPT */
=20
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index f59ed284ec5b..86f9c3c7df1c 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -591,6 +591,8 @@ static void setup_APIC_timer(void)
0xF, ~0UL);
} else
clockevents_register_device(levt);
+
+ apic_update_vector(smp_processor_id(), LOCAL_TIMER_VECTOR, true);
}
=20
/*
diff --git a/arch/x86/kernel/apic/init.c b/arch/x86/kernel/apic/init.c
index 821e2e536f19..b420f9cd0ddb 100644
--- a/arch/x86/kernel/apic/init.c
+++ b/arch/x86/kernel/apic/init.c
@@ -29,6 +29,7 @@ DEFINE_APIC_CALL(wait_icr_idle);
DEFINE_APIC_CALL(wakeup_secondary_cpu);
DEFINE_APIC_CALL(wakeup_secondary_cpu_64);
DEFINE_APIC_CALL(write);
+DEFINE_APIC_CALL(update_vector);
=20
EXPORT_STATIC_CALL_TRAMP_GPL(apic_call_send_IPI_mask);
EXPORT_STATIC_CALL_TRAMP_GPL(apic_call_send_IPI_self);
@@ -56,6 +57,7 @@ static __init void restore_override_callbacks(void)
apply_override(icr_write);
apply_override(wakeup_secondary_cpu);
apply_override(wakeup_secondary_cpu_64);
+ apply_override(update_vector);
}
=20
#define update_call(__cb) \
@@ -78,6 +80,7 @@ static __init void update_static_calls(void)
update_call(wait_icr_idle);
update_call(wakeup_secondary_cpu);
update_call(wakeup_secondary_cpu_64);
+ update_call(update_vector);
}
=20
void __init apic_setup_apic_calls(void)
diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c
index 897e85e58139..09eb553269b8 100644
--- a/arch/x86/kernel/apic/vector.c
+++ b/arch/x86/kernel/apic/vector.c
@@ -139,12 +139,6 @@ static void apic_update_irq_cfg(struct irq_data *irqd,=
unsigned int vector,
apicd->hw_irq_cfg.dest_apicid);
}
=20
-static inline void apic_update_vector(unsigned int cpu, unsigned int vecto=
r, bool set)
-{
- if (apic->update_vector)
- apic->update_vector(cpu, vector, set);
-}
-
static int irq_alloc_vector(const struct cpumask *dest, bool resvd, unsign=
ed int *cpu)
{
int vector;
diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a=
pic_savic.c
index 657e560978e7..1088d82e3adb 100644
--- a/arch/x86/kernel/apic/x2apic_savic.c
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -83,6 +83,7 @@ static u32 x2apic_savic_read(u32 reg)
case APIC_TMICT:
case APIC_TMCCT:
case APIC_TDCR:
+ return savic_ghcb_msr_read(reg);
case APIC_ID:
case APIC_LVR:
case APIC_TASKPRI:
@@ -143,10 +144,12 @@ static void x2apic_savic_write(u32 reg, u32 data)
{
switch (reg) {
case APIC_LVTT:
- case APIC_LVT0:
- case APIC_LVT1:
case APIC_TMICT:
case APIC_TDCR:
+ savic_ghcb_msr_write(reg, data);
+ break;
+ case APIC_LVT0:
+ case APIC_LVT1:
case APIC_TASKPRI:
case APIC_EOI:
case APIC_SPIV:
--=20
2.34.1
From nobody Tue May 13 07:19:50 2025
Received: from NAM11-BN8-obe.outbound.protection.outlook.com
(mail-bn8nam11on2068.outbound.protection.outlook.com [40.107.236.68])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6EB101FAC48;
Tue, 1 Apr 2025 11:39:10 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=fail smtp.client-ip=40.107.236.68
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1743507553; cv=fail;
b=Q05P6/uG0PbeWGmYLjP/X3MRoSxI9hOUgVOndQNw9DW/3cLiAt042osG/emIcCzz78pf0y0Jp6oKCd2AYeUjb9dfLLJOjsqd2DCk3I+AwDr697ujDvCmhqJsA20JO0d3Vq45NQaogbiEpBo5UIYxvwLu0V7eGsJEXdN+Ynt0x60=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1743507553; c=relaxed/simple;
bh=51ZUXKP3AmfBCznIxBo2B5KLs3HtlaS/Jv7jIp1LAao=;
h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version:Content-Type;
b=ZdJYiMlABgRB6COL1jc1p+mqaor39WXeI3hbB6XZegZFA7PHV+icEPdzTfkbXnds4y2G+XycNI2fgjxYCqtNyuaOiXDNc4LSVTzW7hNx5bfsyXTT4qUVKlstplp4piBXfzHj9a75s0/PVeyvHqzTdc1pemAhJ7xitMCSV28Gbm8=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com;
spf=fail smtp.mailfrom=amd.com;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b=N0OvwbBt; arc=fail smtp.client-ip=40.107.236.68
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com
Authentication-Results: smtp.subspace.kernel.org;
spf=fail smtp.mailfrom=amd.com
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b="N0OvwbBt"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=TzQfz8sRNeRcrepd0JQnc10mIeOZmABk84QD4lQ4s9T3PT7Sfe488QWFI/nnOaZ4Z2GSbpKuA7sMp76vuJC3ESBfL5amn9EE5Fn34S6M+soDQzlTAeqVU2WMChdaVU9CTETuWFWwrtKEB3ndgN5LX6BZn0LGztj+He4CDRQj0ed1iDHFxiDsteAK91U1PYybl7Eq5y+Ebo/z7pLkDGUmwxx3qrWC9vnemI7036RTP2yU1NVVw8O0+DlrvaR581Djk5/ALt5EYbFz4BlUZ1sCIBBFVnwngXwbiVNUkeIOVddXZdlrCk+vm2VC/EQYateDz1wdlSLGv711WOUTVRw//Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=XFbvPfyXbCcgjq+6/f1aLS+MnqrF759eJP3fL3AAl1I=;
b=QDZin8/lCtnUsfN7ZdQ8kpv5JrbXsLCJFfsYrqeX+laT4z1qJG6miNf2AVjoDRpk3xicGId5j7wG/qhaIQ9KvpmenH9YCLMpPSdC/tqatwxrkJ/1562JYmMZF4+3R7rL48kV5xtZnhEEqofZruDTU8PIiJfHY0NZYFVmE8oaPmUedPaH7PysbkammDNHPdPAagBra9TM/hwydVDqvFV3TXiuG/uyIoZ+1dZ2e4MfIZTw+r0BjMOebb23yFQC5dZ3xSzlNhwx1E2BBcvf2UIsEhed9t3MkbsOc4dCiFcmLFuweyu2FIMQIKnF4KygztFRoRq03U+LD2HKZEYdB4y4Vw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=amd.com; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=XFbvPfyXbCcgjq+6/f1aLS+MnqrF759eJP3fL3AAl1I=;
b=N0OvwbBt1Jmu0F2SrIZxLaY4sHe2BAyg7IAzeaXvoy0zkew09KiS45Ghh1W1KNxAQixHaNh20VpVVQtzkCTuh4XQneEwieywdljZGEs/mfZ75JPO5eq3xvpvEAZZ7C+nr83OfhvUxCeagX7FgEWbZ0T7RDzugmJuqvBmslieqps=
Received: from MW4PR04CA0312.namprd04.prod.outlook.com (2603:10b6:303:82::17)
by MW6PR12MB8898.namprd12.prod.outlook.com (2603:10b6:303:246::8) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.44; Tue, 1 Apr
2025 11:39:07 +0000
Received: from CO1PEPF000044F9.namprd21.prod.outlook.com
(2603:10b6:303:82:cafe::cc) by MW4PR04CA0312.outlook.office365.com
(2603:10b6:303:82::17) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8534.53 via Frontend Transport; Tue,
1 Apr 2025 11:39:07 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
smtp.mailfrom=amd.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
165.204.84.17 as permitted sender) receiver=protection.outlook.com;
client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
CO1PEPF000044F9.mail.protection.outlook.com (10.167.241.199) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.8632.2 via Frontend Transport; Tue, 1 Apr 2025 11:39:06 +0000
Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com
(10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 1 Apr
2025 06:39:00 -0500
From: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
To: <linux-kernel@vger.kernel.org>
CC: <bp@alien8.de>, <tglx@linutronix.de>, <mingo@redhat.com>,
<dave.hansen@linux.intel.com>, <Thomas.Lendacky@amd.com>, <nikunj@amd.com>,
<Santosh.Shukla@amd.com>, <Vasant.Hegde@amd.com>,
<Suravee.Suthikulpanit@amd.com>, <David.Kaplan@amd.com>, <x86@kernel.org>,
<hpa@zytor.com>, <peterz@infradead.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <kvm@vger.kernel.org>,
<kirill.shutemov@linux.intel.com>, <huibo.wang@amd.com>,
<naveen.rao@amd.com>, <francescolavra.fl@gmail.com>
Subject: [PATCH v3 08/17] x86/sev: Initialize VGIF for secondary VCPUs for
Secure AVIC
Date: Tue, 1 Apr 2025 17:06:07 +0530
Message-ID: <20250401113616.204203-9-Neeraj.Upadhyay@amd.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
References: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
(10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1PEPF000044F9:EE_|MW6PR12MB8898:EE_
X-MS-Office365-Filtering-Correlation-Id: 7c332fb1-067c-468a-5a95-08dd7111cfbd
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|1800799024|82310400026|376014|7416014|36860700013;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?xD7ajO9UGRQ2AIlrR5VQvG/4+0rOS1CeY4TM7ef3XZi2I/Ozkr+wsfhqFSGo?=
=?us-ascii?Q?5/opQ/jDmCZLFO1dqlmFVTcNJloVciKFEg6fVJ66kWrToV+yb9zhHvEL+PIX?=
=?us-ascii?Q?ntks5zPJYt+7KYYGhAjoxBqpdqe18MSdUp/msisRZ8nXqYC+7B/eAVdNA6t0?=
=?us-ascii?Q?5BzxKanYKxiTVz7LxCC0R4Dry99ELrWurx+rDKKImZapdRa/l83qJqzVXrZ2?=
=?us-ascii?Q?5jDqaQoOTiI/r+JmmasYI1Psccg8znakj7QvLvf3NnWA6HFfdPXsodNkzYiV?=
=?us-ascii?Q?Y2a1XIWHBGHcIcPfTmjehvKaxYTFuZFvf+wfIqx+QtioaRLSkVFSGVtBXqqg?=
=?us-ascii?Q?aOokkfYw4lll5GdpqcvGKuPiS4DVotNk7MVdEysmZwrlyyRp8josHghUagY3?=
=?us-ascii?Q?OCuhTLpvlz3qQAEmgD5X5j/04ynS5RD3o0TtyS5P3bkiUWY1WetkkmSQRgXO?=
=?us-ascii?Q?vajIasqu8ndjws4TiBznkjnUxnv7jQ9DPw1o9f1uA2mhdb/Y+qBfQl2Ez33H?=
=?us-ascii?Q?F/1dQ4Sr7sgOgcfxhEBK1xFADgOH0djl9KtiggQZLKdmlJacN985DMkPz33L?=
=?us-ascii?Q?OMfMMozSL1Gl9lSKOy19U4U98To81Q0WnlaDttPBXgqrZ0SJCiTcfkvX6Evy?=
=?us-ascii?Q?gtD+ic0Bwz1O0CMfcvIqiP732eqcUuMLDoWUAa/NHhOo2LNNFYOPOvBR3Lzr?=
=?us-ascii?Q?MByQvw7wldGMYZ9eWyn5TUACqSP4Peae4ICpCrsfyDc8iV2STCKEjP22C2fk?=
=?us-ascii?Q?iiBpgJ9iWs6uTVrMnjCe9y8paEg6Bd0VaxGQ5IG87T+ylXdJWkgMz1jw/9k3?=
=?us-ascii?Q?L8lPjWRgpoUxtgG6hP4v37cpGfXxhJgy/MX8JZnmT18uWt24/cVlNQAIWKDz?=
=?us-ascii?Q?U/dWpLPg6LMRhI7XZIKgsg9mC5crNoZEnLMO8tOsXDuUFn1Q53kZGscliacr?=
=?us-ascii?Q?9Ao+nV8mWANnTbYZBT7V5k32CySe1O/jwWtrv1Z3Y4HxPmFtGYWag8E7LFKt?=
=?us-ascii?Q?2KJYNVygK/mbZ2d4BNWEFaQnIdqK/owlHHJ+MILL+qtFBjPF+zyBYJzfuVsu?=
=?us-ascii?Q?m9E+XD12glqP64kymbJTt6K2Uf1M7cyLJBECQISWROQl25aETbEqX4LV3kjK?=
=?us-ascii?Q?cPD7l5t6D8gfy6AOSmAFlwRB7VSv8/K7XJ5MVDUeFYNaf/o9WxGk3qbwnpue?=
=?us-ascii?Q?8anx8XnDgCobSfkTeH2zMArFBk0vBWSFSOaujgb6acm65jKwclhpnp3ab/UL?=
=?us-ascii?Q?EG0nj4fz/Nh5oa4e7mRpUa1BDSE4U//mbbzwAXM5s/alQZHEzQIkd6g2m+b7?=
=?us-ascii?Q?1xWoDYxCvnBTSOa6wdN/qicyx+jIqf9dc/rbAj3XSK7S6nB+J+71RsTuU9u8?=
=?us-ascii?Q?BIa9lG0EgdZMl/Y7su8q4oJ391GgyU4WWF/6Me+7zE6veitmJYJz354Ci0Rh?=
=?us-ascii?Q?tU8VuFEFAp8MfMiWVkS3XvVUatXs++92Ow5aBuGvku3vZx0FU2Y9HKRTk7pL?=
=?us-ascii?Q?wUDJrk7Pxtsn1fk=3D?=
X-Forefront-Antispam-Report:
CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(376014)(7416014)(36860700013);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2025 11:39:06.8608
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
7c332fb1-067c-468a-5a95-08dd7111cfbd
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
CO1PEPF000044F9.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR12MB8898
Content-Type: text/plain; charset="utf-8"
From: Kishon Vijay Abraham I <kvijayab@amd.com>
Secure AVIC requires VGIF to be configured in VMSA. Configure
for secondary vCPUs (the configuration for boot CPU is done by
the hypervisor).
Signed-off-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
Changes since v2:
- No change
arch/x86/coco/sev/core.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index 1122cf93983d..bc8c3b596dd1 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -1270,6 +1270,9 @@ static int wakeup_cpu_via_vmgexit(u32 apic_id, unsign=
ed long start_ip)
vmsa->x87_ftw =3D AP_INIT_X87_FTW_DEFAULT;
vmsa->x87_fcw =3D AP_INIT_X87_FCW_DEFAULT;
=20
+ if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
+ vmsa->vintr_ctrl |=3D V_GIF_MASK;
+
/* SVME must be set. */
vmsa->efer =3D EFER_SVME;
=20
--=20
2.34.1
From nobody Tue May 13 07:19:50 2025
Received: from NAM12-BN8-obe.outbound.protection.outlook.com
(mail-bn8nam12on2070.outbound.protection.outlook.com [40.107.237.70])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id A7DD322338;
Tue, 1 Apr 2025 11:39:28 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=fail smtp.client-ip=40.107.237.70
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1743507570; cv=fail;
b=Vdu6QoGRZQceSQloP9hmV6boeF3lXDRQmbaUGZ2zmJTHPKyilhnPKApyUSts3NN4kyYe4hV2oKljE46aVGB+kQ3yJ56bMXWgxtM5w7t/uF9Reg9N3O6gv5WlJyCDOWS69oY7Vxe60DEc4IIoxnBb+HVwxDiVc8kEIX+P8XaLqhw=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1743507570; c=relaxed/simple;
bh=mzDeMhiBUT80pUXFMZNyXsfAowEEG03sqB1Vjh9A2BY=;
h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version:Content-Type;
b=DgiDiCFzTAzrq4EqX4h02CCiI3/tkKkErcBhOwa3Y2oVhJheqDrlxGPC9Cdcq0xRSy15HfHEVviPYRiW4g6DqCK9I4T9nUntROED+4Qe3MnBTZGqWSeZwe3esnFHkDjxobqzhySSvEBgHq/vgFmeGab1FBl+Dbu6WLzHg3GZed8=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com;
spf=fail smtp.mailfrom=amd.com;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b=siJ4OHYd; arc=fail smtp.client-ip=40.107.237.70
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com
Authentication-Results: smtp.subspace.kernel.org;
spf=fail smtp.mailfrom=amd.com
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b="siJ4OHYd"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=MXfckLmnWGB9ponOVsb1n0Ih2LgVR6ajhSZqz9JpZZUbZEBBvOawMrqkihL9UBxlJ5qOWE+kIU1J5S8fP5NySS6r23qKZYrougLT/kd9w9TYrswNJx7tqxHtVX+Lvkh+32zjpIav8YcW86Wd3d+6llLpXQHFjlDquujDTiWD16v61eub0+7ZLLa4sxFURdwUYZT40qb/JdVX2lfcVSZAKWMsOIjUKE/xWCk3mHyml12joqImGnaVrrloIeId3TKeID6KYoVfuG0B51xn6TLYdmlhi51UqqZrHniMBNWznspzA+fUFQXQjyQlihF8j+6vyWCjQEoB9dMbEIF8aZ0kHw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=JOmHFF2yrqnPBWF+5CikR6htvVnRxk2D4iMCRdwa8T4=;
b=m/ygrowWwR4rhsihNxmFZmMA9hUOntRiOY2vv/y76EHiezdR1oo8Gz8rAwoPVbwJOhF49lePbvfdoxmU4BuZVZs9oebgBdY9jIv4zkt5FdsMS4PeQcbw81o36+wF7qZwtIsNrm5ZX0p7Q6ANGoyc23oEXIJhPDKVxoJyG4PMNsMkU6Zzy1XcChi1/dHN1ORrjPZDdCq6a9QVpvRfZdZ7KlyscVZTytrU2PhNPaQWQGvVXEV+PL/bVxiBxJ/1xjyl+lWgYqjPd5yv8bz7Ven3Cg4yDbK7/NuoKahqj5DwYA63SVhTbXrFi6a8r4AKmY3SiGUMjKi3YaPtS7ew8nHARw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=amd.com; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=JOmHFF2yrqnPBWF+5CikR6htvVnRxk2D4iMCRdwa8T4=;
b=siJ4OHYdZHD6UvMhrBielUHujxmU/oJ24G0N5/acoY2dZ9hyBkOksiRJwgfNNl+G4dOc7kjpOq2DuuK0vHwaVK8OyR4t4fkvTt0BRCKI2d9IQiLCSgW19OaJzrkVS/GgY32nHC4rzSt73XaRTg+brlkGFVGjSAYHgK2TISQVFIk=
Received: from PH8PR21CA0008.namprd21.prod.outlook.com (2603:10b6:510:2ce::29)
by SJ0PR12MB6830.namprd12.prod.outlook.com (2603:10b6:a03:47c::22) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.49; Tue, 1 Apr
2025 11:39:25 +0000
Received: from CO1PEPF000044F7.namprd21.prod.outlook.com
(2603:10b6:510:2ce:cafe::9c) by PH8PR21CA0008.outlook.office365.com
(2603:10b6:510:2ce::29) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8632.6 via Frontend Transport; Tue, 1
Apr 2025 11:39:25 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
smtp.mailfrom=amd.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
165.204.84.17 as permitted sender) receiver=protection.outlook.com;
client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
CO1PEPF000044F7.mail.protection.outlook.com (10.167.241.197) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.8632.2 via Frontend Transport; Tue, 1 Apr 2025 11:39:24 +0000
Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com
(10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 1 Apr
2025 06:39:19 -0500
From: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
To: <linux-kernel@vger.kernel.org>
CC: <bp@alien8.de>, <tglx@linutronix.de>, <mingo@redhat.com>,
<dave.hansen@linux.intel.com>, <Thomas.Lendacky@amd.com>, <nikunj@amd.com>,
<Santosh.Shukla@amd.com>, <Vasant.Hegde@amd.com>,
<Suravee.Suthikulpanit@amd.com>, <David.Kaplan@amd.com>, <x86@kernel.org>,
<hpa@zytor.com>, <peterz@infradead.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <kvm@vger.kernel.org>,
<kirill.shutemov@linux.intel.com>, <huibo.wang@amd.com>,
<naveen.rao@amd.com>, <francescolavra.fl@gmail.com>
Subject: [PATCH v3 09/17] x86/apic: Add support to send NMI IPI for Secure
AVIC
Date: Tue, 1 Apr 2025 17:06:08 +0530
Message-ID: <20250401113616.204203-10-Neeraj.Upadhyay@amd.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
References: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
(10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1PEPF000044F7:EE_|SJ0PR12MB6830:EE_
X-MS-Office365-Filtering-Correlation-Id: ea3de6fa-4b5f-467c-d26d-08dd7111da89
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|1800799024|36860700013|7416014|376014|82310400026;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?JLIRUOqCYuWlhahxKF04g3g92Glt8YRAyhCGXb/K++Ducc6YdLvaR1gjT7wC?=
=?us-ascii?Q?VGsk4tDoyODEWMP8dnmXNNWGwg5O34sj9RkaNYyrjDHeVwARX7hWhj7Q9BzV?=
=?us-ascii?Q?V9c38oWrypCzpQdcFjwqdOc26zLCGqXiwgmS/s0JbAARptivxy/+GzkbPIwM?=
=?us-ascii?Q?b3gnxXW4ofjWIdnfmVlgXLAMIGnkvxhZHncD2mk/jyF4kHrTf4xvgGuH8sL8?=
=?us-ascii?Q?LVSng3PQxZBsdE+7zW50xYVHe9BeaRMZ4zO9g2G5XVMODcuO7uByB2ujjyaB?=
=?us-ascii?Q?dZx6bm778qwWpZhza4gDmSTyXiPF9YFxECLNjlzaTr/NutldHnDRw3JjgSvP?=
=?us-ascii?Q?BQGZGD5f0Bag7BAgFbbUrZEBvZ22o649PScFXeru2OE6WmR7oc/yY9AojIG0?=
=?us-ascii?Q?Z+qQGCyu3zfq39+6GuBXHByNWJlGRv6Awz4F5gay4712Es8lVAj7B0+NBI5Y?=
=?us-ascii?Q?NxibFhlTv4+MJ9h2oc6nQ0UxcZlnSJLuqde4ufi58uAjE1VaJMSwA6CFoZ3V?=
=?us-ascii?Q?7MlinYxajTXVpjiUvGn9SJJseYD7UMAwUjJQes7bDqjKcL4RftlAlO5EfKVk?=
=?us-ascii?Q?HnH3TNIeLP01AaP1Cbie4UsYAMW7ntQF1XDxRz9NrxRBemeC/xtMJuYjiuJw?=
=?us-ascii?Q?l454BD+HTLMZqg0hHdp6tpnfx6znWqM2b1L6d049jakOZxcj6TO5ebC5R8Y+?=
=?us-ascii?Q?6fUZqQ/rO5QcecOW7hB1OinbnzF2b81DAN90hRA/XoTBvgnUWrwyq36D30yK?=
=?us-ascii?Q?M3/pqEDvaJ8XEyByUsfqrkMTBcE9ZPqNH8JLKG2rB5AhMBVSnFPeDakowHMa?=
=?us-ascii?Q?bftLT1U+iy9jamh8F1ByH717rRBrhbfG2TTLDu5PtHIdPCI0WcYf6mq3GW6Y?=
=?us-ascii?Q?XtS3UCPzXYzQPrVd8eXZZ2fehb8daZIF/Wl1LXGkrAjXJVaIcBJUuQlZhpRP?=
=?us-ascii?Q?2so/PZX2uWH6Lc5uJEZfvgc7Y7TuD9rveAA5isiu1rnYhmOzSS9nPiHx0KbS?=
=?us-ascii?Q?euQfyORNM2t/n+g3ByRtC5sz5VqLP898+aXGn72nPdkIIlgoUzt8QaGcmTbC?=
=?us-ascii?Q?8YI7ZxiytTD4L6oBM2oynkokg6XzRTxuZ6CqyhWXsg8CZd6+CRaO63p7JrC6?=
=?us-ascii?Q?koI3cMU1i3eUCQ1IbeGHQEgMLwNsEKGaB1MNOTcSJvrH+i8+atjxVY8iSOkk?=
=?us-ascii?Q?QpC8ak7n4dvN/LLT7XnJnRDZFVxWNEyni+j4JrvAsZOB8olmkCol+4UqSbAn?=
=?us-ascii?Q?BX+svXHTOQtfbCm9NJh7KXPrtunYVtKhQ5/oM3CQnszWzdTAfC1W5JSLPY9X?=
=?us-ascii?Q?20nW7m4wk417ocuQ6gl8uhuvLY1VDK5P8+T2mpqewBOzG1n6jKb7Uw1geOkw?=
=?us-ascii?Q?ZFM6N2GwEwhbjdc5YgQizgO34Lwg2h2OjEZsI5EaYrKTbz5aD0h40bY8YGYB?=
=?us-ascii?Q?lLCRpNc0Rys+5QXTgJWlcO7vK8QHKGJFwQqRHjz1VqHq8xbsWzvNW5d0WMCE?=
=?us-ascii?Q?lC+KP1FKvMGhHyo=3D?=
X-Forefront-Antispam-Report:
CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(36860700013)(7416014)(376014)(82310400026);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2025 11:39:24.9841
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
ea3de6fa-4b5f-467c-d26d-08dd7111da89
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
CO1PEPF000044F7.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR12MB6830
Content-Type: text/plain; charset="utf-8"
Secure AVIC has introduced a new field in the APIC backing page
"NmiReq" that has to be set by the guest to request a NMI IPI
through APIC_ICR write.
Add support to set NmiReq appropriately to send NMI IPI.
This also requires Virtual NMI feature to be enabled in VINTRL_CTRL
field in the VMSA. However this would be added by a later commit
after adding support for injecting NMI from the hypervisor.
Co-developed-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
Changes since v2:
- Updates to use per_cpu_ptr() on apic_page struct.
arch/x86/kernel/apic/x2apic_savic.c | 28 ++++++++++++++++++++--------
1 file changed, 20 insertions(+), 8 deletions(-)
diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a=
pic_savic.c
index 1088d82e3adb..f2310d90443d 100644
--- a/arch/x86/kernel/apic/x2apic_savic.c
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -180,12 +180,19 @@ static void x2apic_savic_write(u32 reg, u32 data)
}
}
=20
-static inline void send_ipi_dest(unsigned int cpu, unsigned int vector)
+static void send_ipi_dest(unsigned int cpu, unsigned int vector, bool nmi)
{
+ if (nmi) {
+ struct apic_page *ap =3D per_cpu_ptr(apic_page, cpu);
+
+ WRITE_ONCE(ap->regs[SAVIC_NMI_REQ >> 2], 1);
+ return;
+ }
+
update_vector(cpu, APIC_IRR, vector, true);
}
=20
-static void send_ipi_allbut(unsigned int vector)
+static void send_ipi_allbut(unsigned int vector, bool nmi)
{
unsigned int cpu, src_cpu;
unsigned long flags;
@@ -197,16 +204,19 @@ static void send_ipi_allbut(unsigned int vector)
for_each_cpu(cpu, cpu_online_mask) {
if (cpu =3D=3D src_cpu)
continue;
- send_ipi_dest(cpu, vector);
+ send_ipi_dest(cpu, vector, nmi);
}
=20
local_irq_restore(flags);
}
=20
-static inline void self_ipi(unsigned int vector)
+static inline void self_ipi(unsigned int vector, bool nmi)
{
u32 icr_low =3D APIC_SELF_IPI | vector;
=20
+ if (nmi)
+ icr_low |=3D APIC_DM_NMI;
+
native_x2apic_icr_write(icr_low, 0);
}
=20
@@ -214,22 +224,24 @@ static void x2apic_savic_icr_write(u32 icr_low, u32 i=
cr_high)
{
unsigned int dsh, vector;
u64 icr_data;
+ bool nmi;
=20
dsh =3D icr_low & APIC_DEST_ALLBUT;
vector =3D icr_low & APIC_VECTOR_MASK;
+ nmi =3D ((icr_low & APIC_DM_FIXED_MASK) =3D=3D APIC_DM_NMI);
=20
switch (dsh) {
case APIC_DEST_SELF:
- self_ipi(vector);
+ self_ipi(vector, nmi);
break;
case APIC_DEST_ALLINC:
- self_ipi(vector);
+ self_ipi(vector, nmi);
fallthrough;
case APIC_DEST_ALLBUT:
- send_ipi_allbut(vector);
+ send_ipi_allbut(vector, nmi);
break;
default:
- send_ipi_dest(icr_high, vector);
+ send_ipi_dest(icr_high, vector, nmi);
break;
}
=20
--=20
2.34.1
From nobody Tue May 13 07:19:50 2025
Received: from NAM12-MW2-obe.outbound.protection.outlook.com
(mail-mw2nam12on2045.outbound.protection.outlook.com [40.107.244.45])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id AABAF22338;
Tue, 1 Apr 2025 11:39:46 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=fail smtp.client-ip=40.107.244.45
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1743507591; cv=fail;
b=Ubc6UYyUGRM08oTYc1LlG/rS5o31nJDOtKO0g1Y5BVhb7YzNftfHOGTlvTA7enOoLgx/11PVt4MjOjsXBdXxfn2Ro12l7JVouATp/6zjkh3AWK7nDu69V8GC7vmcvizpCjkAs/pPm06zXpEQLP1NKx3c5ENlPCXN905xGVPx7gU=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1743507591; c=relaxed/simple;
bh=/856IKy5YYwRfAHyhKCAH1XB2KfgKx2c8k/nPq4YhfQ=;
h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version:Content-Type;
b=UW/8kvKHmB0IuPEYEEAimCTRId+4hI0NEhKqXhpF5sRVmwBq1Crd/+cbz7JM0+LehiKNZTyWEc7tGBl/D7nF3wEp4+nsv3toc/3WL5z4QBRz4DEyllrLjGJy6w05Hkrge9LAOOfcsUFaZWOt+vJLmgMN1okya2oDG7K8IyL8MkY=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com;
spf=fail smtp.mailfrom=amd.com;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b=3as81OQs; arc=fail smtp.client-ip=40.107.244.45
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com
Authentication-Results: smtp.subspace.kernel.org;
spf=fail smtp.mailfrom=amd.com
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b="3as81OQs"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=NF1OzSyODKOGCynEm/2ZUYyLPT+8RN6XOwDCvk8cL3zBbB8U7tAYAcd6T2D5W6kpWBnTAv/qp5dUHxIAboCGskmbsUgDxDDnIxmNax3X0CFfehEHJJoRksgHu5V/wZAIa6vzkiUkByQEdvHtoMCSiN6wiPrOg5vaSu53tqO8qxmrZmx7guge4fMOvPUcQ1qFyudKY/VklKLhWnu/Xj/8kSGD3Um7q9xWECudScI6RLLxUw6pEQZdjvVYAJsbheQ33PMStWYdUViJekues9A6Um0R5aE2dummXqTrQj1o3EP/qlHigMjVWfu3ytDm+7xlsZiUmdvUaxcxkMd15yDVJg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=fjHOPdk1N/YuL1BNYLcbP3Gbx5Vvam3omQ5tMBiO1DY=;
b=R9YKQx2vmGUFhlaHfjBT3h24LPuwE8oQhFCC9KccumYr7rd/rbcSXLdCQr0SE8nfFhC8aCX57aSkPWcCFRgjVdCgv4hll0jEFaA/LfkTsdWi2NwzfM4NzYFgZOWcWJ9K+28GYPs+S6bSAbtmVkKcHs38wah6BHwM43/dHekcx/GRflVYTrA4uD6Pi1lMaXu6SXR/1TjWz4kcRExLFuu2VhjF44GGV/FAesqsoZjpuvGV1NUJpd5dWpvjFRjSAS1WqFnYE+Ry3hJRplFu/K+yRNgMwuKR0tb4el8xh5BUhVkKPWAzmqgpdsZrhe5kxt9LgTduZ7dg65VvEQepA250zw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=amd.com; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=fjHOPdk1N/YuL1BNYLcbP3Gbx5Vvam3omQ5tMBiO1DY=;
b=3as81OQspGlDqFO08PAPI5ILUKmlmjtusE9HloiKBI40IPYQl7qyJl+RzmKqK+tyEiVzmr457kUKfmewa6YPJ6urRhVekMTZs38M3YuY3STcF4toNydBccyL9XHJ6N75PcV3w6NzBNwH6mQO6MXAqIWw7VPxkDc2LpesvqZpoDU=
Received: from MW4PR03CA0167.namprd03.prod.outlook.com (2603:10b6:303:8d::22)
by MW4PR12MB5665.namprd12.prod.outlook.com (2603:10b6:303:187::17) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.54; Tue, 1 Apr
2025 11:39:43 +0000
Received: from CO1PEPF000044FC.namprd21.prod.outlook.com
(2603:10b6:303:8d:cafe::77) by MW4PR03CA0167.outlook.office365.com
(2603:10b6:303:8d::22) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8534.42 via Frontend Transport; Tue,
1 Apr 2025 11:39:43 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
smtp.mailfrom=amd.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
165.204.84.17 as permitted sender) receiver=protection.outlook.com;
client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
CO1PEPF000044FC.mail.protection.outlook.com (10.167.241.202) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.8632.2 via Frontend Transport; Tue, 1 Apr 2025 11:39:43 +0000
Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com
(10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 1 Apr
2025 06:39:37 -0500
From: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
To: <linux-kernel@vger.kernel.org>
CC: <bp@alien8.de>, <tglx@linutronix.de>, <mingo@redhat.com>,
<dave.hansen@linux.intel.com>, <Thomas.Lendacky@amd.com>, <nikunj@amd.com>,
<Santosh.Shukla@amd.com>, <Vasant.Hegde@amd.com>,
<Suravee.Suthikulpanit@amd.com>, <David.Kaplan@amd.com>, <x86@kernel.org>,
<hpa@zytor.com>, <peterz@infradead.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <kvm@vger.kernel.org>,
<kirill.shutemov@linux.intel.com>, <huibo.wang@amd.com>,
<naveen.rao@amd.com>, <francescolavra.fl@gmail.com>
Subject: [PATCH v3 10/17] x86/apic: Allow NMI to be injected from hypervisor
for Secure AVIC
Date: Tue, 1 Apr 2025 17:06:09 +0530
Message-ID: <20250401113616.204203-11-Neeraj.Upadhyay@amd.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
References: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
(10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1PEPF000044FC:EE_|MW4PR12MB5665:EE_
X-MS-Office365-Filtering-Correlation-Id: 0b8fb8bc-c682-4419-cda7-08dd7111e599
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|376014|7416014|82310400026|1800799024|36860700013;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?JUakAc//bJBwfpcV6DdOvdludl25QdBDfGci8N8EB3bB7/waWj5Iwj59VGQj?=
=?us-ascii?Q?QnFq70osrRa3DxM1DET9eVVYcLWoV927wCFQMGWlSiLZFV8Ov8riGk185cg9?=
=?us-ascii?Q?bxjq5tgLehSSDcze1j+owjqCag2wAGyfLgKh/nXuiAUnqeKoUysWKyAIrTeu?=
=?us-ascii?Q?gfyYrEAD/8HRmgx+WAoANKgxK897oGkGt8zGfb9cUAeKWbfh7uJfYSCKbx/l?=
=?us-ascii?Q?qcOX/UJKbHb9zcavqxX2cpfNU3JxCC13gaW0xD1fMc0xV5rMKVL45KE0lmij?=
=?us-ascii?Q?sPWuzEKglGg1gRlcgU0wjJ4Bq+SvGVj1TRlls43s3FofrwB6FfUq/uAyCq7O?=
=?us-ascii?Q?+yN8T2MdJtCFT/HqPXNIaQoB8srBFVj6hubJcmYtsbyZylTGhTyrbS0Y2+KI?=
=?us-ascii?Q?kKZbwVL1A+WpADZz0vkJE5wwHCEAXFb3yoAOMeaV2IGARIuViD8in4b/7qOg?=
=?us-ascii?Q?I6mbyGth/GNXRNVFpsj7Vb4FixGMZZmpj61fv1F3GDgk+S1YZSBmhoOgh3hA?=
=?us-ascii?Q?xqwiDzwTz+8Rn8STmfq2u5yizXMnvKWZ08oMAXfZe4SZZxhVHhfROnlG2lha?=
=?us-ascii?Q?fCm5jwmFCYWQwJX4STz7bUbOVJkFRPEOVvaIotgEb6AbObuSJIi22cmCh98o?=
=?us-ascii?Q?WHO0SLm7hGozv8SANgRtNsdx+XaWoEmttgWV7dWm9ROcaqtQJydMns965A0j?=
=?us-ascii?Q?lrXUhgGZIXBFlPFjeev1mkYFlC32RjozkJyTUA1I3CVZCOW2cyg+b699axDp?=
=?us-ascii?Q?hXWLoW37ecO/W+1FjkEG5Uwnh+2JnzSmBMfgIx/6bL0QunV0lqvfxlbTC4Wk?=
=?us-ascii?Q?IS0bvPxYfyDSMMEoRilPSHvoU5jHYc9u4PSt0Ts/YYPfv4AYejD7FTsOk/eI?=
=?us-ascii?Q?YCw7K6bP/o6Ykg2tei0BBOUOGzoTXkGbT7/kJQFdmoFBmRALx3Qid3P6VHzw?=
=?us-ascii?Q?zZoL8gQ5m17/B0jMqljzRj/hhoogD+SWCI6nFsPndLRCh+GP3MgLLFiC0uGv?=
=?us-ascii?Q?l9nDLAjdBAGNso16eM1n879z7F/tnX3MtgzoxDHW8w8pCIQiktk42xmjYtYX?=
=?us-ascii?Q?1ELcCsp4xlDyuc9zLlRcu0MFz6CUnjo3nda3gq4Zt5haE6Oom7U3HTF3DoVb?=
=?us-ascii?Q?Q1hPsptVN/JaOre6kXmWz9RfqRvkF4NQPDJxBznlUkmOJU/fHuXjuVnoeejY?=
=?us-ascii?Q?3Xfr53s7e3NB+bMismIRLKlbQ8WH+cRbRYZ96vSp/LqkyeqYZp7TE6S2eof9?=
=?us-ascii?Q?ykNEXyJN+6PNVCPcLNBAL+J4Pfh8VNvxt2EHwil0DjiuetHhAboIFLrKYQZD?=
=?us-ascii?Q?e0oFSWuhiFnt/xmGeWm6vWIJ71ivei1R+t5XGCPmxQ1ke8BHZMr0TqfD2u0S?=
=?us-ascii?Q?ro85viKufhXCaCpJO+zpstWS3O4cCo9chPrViIDVR1y/NCEZ5nFkkGM6/Tui?=
=?us-ascii?Q?IwBK85KGsBKUT+F6GypKxsvF9KAABnLLlmu8s2GOHomvrcNuvj6KIOoPvAYG?=
=?us-ascii?Q?L+IiA7u8stvVybM=3D?=
X-Forefront-Antispam-Report:
CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(7416014)(82310400026)(1800799024)(36860700013);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2025 11:39:43.5445
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
0b8fb8bc-c682-4419-cda7-08dd7111e599
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
CO1PEPF000044FC.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB5665
Content-Type: text/plain; charset="utf-8"
Secure AVIC requires "AllowedNmi" bit in the Secure AVIC Control MSR
to be set for NMI to be injected from hypervisor. Set "AllowedNmi"
bit in Secure AVIC Control MSR to allow NMI interrupts to be injected
from hypervisor.
Signed-off-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
Changes since v2:
- Remove MSR_AMD64_SECURE_AVIC_EN macros from this patch.
arch/x86/include/asm/msr-index.h | 3 +++
arch/x86/kernel/apic/x2apic_savic.c | 6 ++++++
2 files changed, 9 insertions(+)
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-in=
dex.h
index 0090b6f1d6f9..28cec4460918 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -689,6 +689,9 @@
#define MSR_AMD64_SNP_SECURE_AVIC BIT_ULL(MSR_AMD64_SNP_SECURE_AVIC_BIT)
#define MSR_AMD64_SNP_RESV_BIT 19
#define MSR_AMD64_SNP_RESERVED_MASK GENMASK_ULL(63, MSR_AMD64_SNP_RESV_BIT)
+#define MSR_AMD64_SECURE_AVIC_CONTROL 0xc0010138
+#define MSR_AMD64_SECURE_AVIC_ALLOWEDNMI_BIT 1
+#define MSR_AMD64_SECURE_AVIC_ALLOWEDNMI BIT_ULL(MSR_AMD64_SECURE_AVIC_ALL=
OWEDNMI_BIT)
#define MSR_AMD64_RMP_BASE 0xc0010132
#define MSR_AMD64_RMP_END 0xc0010133
#define MSR_AMD64_RMP_CFG 0xc0010136
diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a=
pic_savic.c
index f2310d90443d..845d90cbdcdf 100644
--- a/arch/x86/kernel/apic/x2apic_savic.c
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -29,6 +29,11 @@ struct apic_page {
=20
static struct apic_page __percpu *apic_page __ro_after_init;
=20
+static inline void savic_wr_control_msr(u64 val)
+{
+ native_wrmsr(MSR_AMD64_SECURE_AVIC_CONTROL, lower_32_bits(val), upper_32_=
bits(val));
+}
+
static int x2apic_savic_acpi_madt_oem_check(char *oem_id, char *oem_table_=
id)
{
return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC);
@@ -349,6 +354,7 @@ static void x2apic_savic_setup(void)
ret =3D savic_register_gpa(gpa);
if (ret !=3D ES_OK)
snp_abort();
+ savic_wr_control_msr(gpa | MSR_AMD64_SECURE_AVIC_ALLOWEDNMI);
}
=20
static int x2apic_savic_probe(void)
--=20
2.34.1
From nobody Tue May 13 07:19:50 2025
Received: from NAM12-MW2-obe.outbound.protection.outlook.com
(mail-mw2nam12on2049.outbound.protection.outlook.com [40.107.244.49])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6BE1D1EF395;
Tue, 1 Apr 2025 11:40:08 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=fail smtp.client-ip=40.107.244.49
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1743507609; cv=fail;
b=JQytbNvxsDpn1QJcOjVumjwyKcxbyaMs/dw0WffHESKDuxU5B0+OqMiPh6eYIMqOfzrqTFDrpXa3tM46XHGNLN+6MJCER7XH+O1fKtUaPVd9u/Ne5w35eM1vo0dLXjCCjPidOWKab1sqaUkexpalixB3ZVKE1PTUS3piRxDC8Ig=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1743507609; c=relaxed/simple;
bh=rnJ3uHkek6YCNu0HufrgGTVLa3+HIHV/kCfVlf7wo24=;
h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version:Content-Type;
b=ulE3S8WIriQ+dXnfyxn8FS1+dAZ7mQPsVpytDmMNrbg3PmTPa3wboI+oowwcZfjAJh6ODRnbcpDnPWrI09eqIOcCsxmisS7D91wLdDlW+dnsejf2IYFnjKchtl6Xz5fiQJCYEjuunBPvbMuq9vgFssKeVBTmL4O3YnOUJDC2ZsE=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com;
spf=fail smtp.mailfrom=amd.com;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b=WxE0z0vQ; arc=fail smtp.client-ip=40.107.244.49
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com
Authentication-Results: smtp.subspace.kernel.org;
spf=fail smtp.mailfrom=amd.com
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b="WxE0z0vQ"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=vU3NpuMM5nM4BFbchQ+JZZ+YJaIppcQvFUHKuL25oUxhIIKU36Ai7o9XCyaaoAjdbvAh0GvQkhqrEEwJCfOV+hiZ59y0Ixe/I7zgBATvUy5BbOSGgz3JribIjKz8VheHUOgje1Pu1joyRojhOCJoIcOtcJ8sCjQ3hzbubGVBJmjG19STuw3ViPEnK8jGoxnyA9zXWc/QzSI1TyIQ3ua/uvYe0ux+x9aq1ApFTEPvRAO88wUpIV722bp5Am7yAj+r4gsyxxNwzW1ZakNM4+9uL/492k4Y5BbDtIr/WKZ65rkQh32ITVdAUgRAjISzPaOdpL4e2vgvssp/na9adcw6fA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=ynjG5hX/apCf8xGpWnwVDuZzJnKio/266tn80B9kAGk=;
b=Zm41gMtmP/SX1C3pQid4ozTi3HGarTx8/lf9LQbikGakJDNlmD/JdGG2w3jKoNhjclYuXcMii20MGlvJGDwvPLJne2sfquXPjCXXlZINVEjTLjsuSE3Q2OGj23sWVMsNdBtiaN6YP4cJdqzKW4kCF+JeMIXtc28+rdQ3MpEsq3ekA31FnzvfpOpWJ4pVdEtbG6simhykHBAWmfb1PTAAsSVZmtDw66U8EJr9uKCLtXCW6xkIoYH60CfE9wHuaZv0kkJT4by3y0amf4k1dP6BsXCf/plQ4rZYR/T535/tLg6048tztE0yPmmaO3ILji7hm+hXlCwZc0wO0NiofQc0dA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=amd.com; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=ynjG5hX/apCf8xGpWnwVDuZzJnKio/266tn80B9kAGk=;
b=WxE0z0vQmnh0scUZq32FNqmCUcHRARuoAMuSlCd9Cfo1wz26MFQ9FZsp5oOzCVT/ZWtCqO/Knz9nWIVq53u3NrrnYxC2QDwq8cr2ywJMVXwVF9o2fN8XoJzcMkEFtO6MqB85MAIEOQuN/7Xr9CRW5Zl/1QjXelYRO1sadTqXlQU=
Received: from MW4P220CA0026.NAMP220.PROD.OUTLOOK.COM (2603:10b6:303:115::31)
by MN2PR12MB4317.namprd12.prod.outlook.com (2603:10b6:208:1d0::16) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.47; Tue, 1 Apr
2025 11:40:02 +0000
Received: from CO1PEPF000044FB.namprd21.prod.outlook.com
(2603:10b6:303:115:cafe::cd) by MW4P220CA0026.outlook.office365.com
(2603:10b6:303:115::31) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8583.38 via Frontend Transport; Tue,
1 Apr 2025 11:40:02 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
smtp.mailfrom=amd.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
165.204.84.17 as permitted sender) receiver=protection.outlook.com;
client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
CO1PEPF000044FB.mail.protection.outlook.com (10.167.241.201) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.8632.2 via Frontend Transport; Tue, 1 Apr 2025 11:40:02 +0000
Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com
(10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 1 Apr
2025 06:39:56 -0500
From: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
To: <linux-kernel@vger.kernel.org>
CC: <bp@alien8.de>, <tglx@linutronix.de>, <mingo@redhat.com>,
<dave.hansen@linux.intel.com>, <Thomas.Lendacky@amd.com>, <nikunj@amd.com>,
<Santosh.Shukla@amd.com>, <Vasant.Hegde@amd.com>,
<Suravee.Suthikulpanit@amd.com>, <David.Kaplan@amd.com>, <x86@kernel.org>,
<hpa@zytor.com>, <peterz@infradead.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <kvm@vger.kernel.org>,
<kirill.shutemov@linux.intel.com>, <huibo.wang@amd.com>,
<naveen.rao@amd.com>, <francescolavra.fl@gmail.com>
Subject: [PATCH v3 11/17] x86/sev: Enable NMI support for Secure AVIC
Date: Tue, 1 Apr 2025 17:06:10 +0530
Message-ID: <20250401113616.204203-12-Neeraj.Upadhyay@amd.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
References: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
(10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1PEPF000044FB:EE_|MN2PR12MB4317:EE_
X-MS-Office365-Filtering-Correlation-Id: 51ced0ff-1d17-43b1-54ec-08dd7111f0a3
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|7416014|1800799024|376014|36860700013|82310400026;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?Fip+Ko9YNAQbM/hCMBuVYbZ5ko1Cw9Y71m6Dw3wJ6DiYA0OhPNBgL69CizFQ?=
=?us-ascii?Q?+1JA33e49DxrUM+MM1lPGCEcZihI94uTU4qcp3AaA2/+xSSm0SnrfF4go7DP?=
=?us-ascii?Q?0EYKyjXSBYTny6WgQvdqDy/3ztbAp18McfYYEGyo4GYVdueWk2ba8xglvAuY?=
=?us-ascii?Q?QM9pzUk7cz+BLe3v3ojJm7NNbVbjqDklylBqenefuzPg438gcPE6K33faLDL?=
=?us-ascii?Q?e8zZJM5IFpjNaJlb0oylMHmVoAbBsDuKLNBKAZ/HcXWoJ0FJWhV6fd3lnlGf?=
=?us-ascii?Q?Skr8s0B/bimWFALjJxGiQnbkT+3nPlpohMX0dzzvVlD7/0hwRjlVkua2QtIu?=
=?us-ascii?Q?t3PanMQobARFtkHCnXlOtEdsuBcbcyG/vz6NxMm+AtyWnNacn+ntMA34WB97?=
=?us-ascii?Q?bgTvEXFfQyZ066bSyPhYZZEoe0ewiEeJxihf3paFS/l3lMOMunXkkZyyg/9z?=
=?us-ascii?Q?s4ceFDv5rskSWJIztY8VBEjm3ZgrkuXAQOAAJl0F6VovLBvPH8tInPssUzBr?=
=?us-ascii?Q?AIkzQbFJpEXaGySNJSIa3j9sVX2F8gQcdQdhqGBvRTwl9A5+wow5gkg8KIKD?=
=?us-ascii?Q?0Ddboeeo+gYlgCgS3h1AxezUeXX2QorpJskgDyuOGDrPK4Guhc4ZHIgbkw3+?=
=?us-ascii?Q?EB0vF9wP3rtW6gTeul7IaZByB2QhGnrai7w/Zvsv5MpHx5YvSsgjSlS0N8kE?=
=?us-ascii?Q?ryKhOTqEhNdZeOVb1VpdCv3UxtBqPr/L8f+NKzEEAAdHe8TR79jDmMfUbHVl?=
=?us-ascii?Q?j0NvsstV0F41NNtMiamQIvdhZmSuWipw592MFytBe+CizKWa4SgYW4w1PBJM?=
=?us-ascii?Q?7KxnV7L5PbNOXxKgw8wfk6ADkIXwrYp92AmqJcLr5ktJGWFn97rjobByWfxW?=
=?us-ascii?Q?1nSW4lwrbUggqtyHzp8OsKgsRWe6N2pbsnDF8OEcR4XmADcymadVvPMERfms?=
=?us-ascii?Q?VwqjFdVg9frfBhbPsVgERhTPhPBelPa9i+HCr25KxIakh4xAeO5mlwKFV+PK?=
=?us-ascii?Q?NzI4IjF4aNAjcmBy8lUc3CbXLvhrsu7O4/Z52AXw+pF832vjlkXg61qM24+4?=
=?us-ascii?Q?WBoajmF8E/1JnMS1zufNvmFtPzPbL0lWRSKv+vmB5p9CYxRYBi4d/RT3ZC1j?=
=?us-ascii?Q?cSK/7YKEUJpHvXyUXKbY7catoC3FfxD7Y3rlGiTi5MHDCdcnUEFSb+Y9vbgl?=
=?us-ascii?Q?q1hH0nPvSFZFq0eIfahW6Lh/V7Ap5Je4nQ9MPAGbmhehSwzd7GVzUDb26iB9?=
=?us-ascii?Q?1+aaL2bMNaZZljxtGU/i8uKA4U5s4gsXmL8OOmlC8jTQdBntEHE5kpWHzS7M?=
=?us-ascii?Q?IJtS4DVb9mrqBgQXoqN30e37q7Yvw7a0U5/72q9cybE+/+5RoFrU5OlLLgTn?=
=?us-ascii?Q?6xy2r63w6DjIMPoxXy4uiSXtfGnVYNiTFOwT7pVhg1mnpKvxZLtG+yYe5EgD?=
=?us-ascii?Q?D9HiX4dZs0tMjaKGkQWXCxmOL5NEkqJ8MxUjCy3qFK2yi7ZK6n+FkfqtpAWB?=
=?us-ascii?Q?aT7fGZOVShgd8Dc=3D?=
X-Forefront-Antispam-Report:
CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(1800799024)(376014)(36860700013)(82310400026);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2025 11:40:02.0470
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
51ced0ff-1d17-43b1-54ec-08dd7111f0a3
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
CO1PEPF000044FB.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4317
Content-Type: text/plain; charset="utf-8"
From: Kishon Vijay Abraham I <kvijayab@amd.com>
Now that support to send NMI IPI and support to inject NMI from
the hypervisor has been added, set V_NMI_ENABLE in VINTR_CTRL
field of VMSA to enable NMI for Secure AVIC guests.
Signed-off-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
Changes since v2:
- No change.
arch/x86/coco/sev/core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index bc8c3b596dd1..9ade2b1993ad 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -1271,7 +1271,7 @@ static int wakeup_cpu_via_vmgexit(u32 apic_id, unsign=
ed long start_ip)
vmsa->x87_fcw =3D AP_INIT_X87_FCW_DEFAULT;
=20
if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
- vmsa->vintr_ctrl |=3D V_GIF_MASK;
+ vmsa->vintr_ctrl |=3D (V_GIF_MASK | V_NMI_ENABLE_MASK);
=20
/* SVME must be set. */
vmsa->efer =3D EFER_SVME;
--=20
2.34.1
From nobody Tue May 13 07:19:50 2025
Received: from NAM12-BN8-obe.outbound.protection.outlook.com
(mail-bn8nam12on2056.outbound.protection.outlook.com [40.107.237.56])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id A013C1F12F1;
Tue, 1 Apr 2025 11:40:23 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=fail smtp.client-ip=40.107.237.56
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1743507625; cv=fail;
b=SWoA8ILpslcZXJB/KxKra71IjArBmzi8N4Cln1Z/iIm5IwaOFo0tXE91/YGFFgXN9pFPYkC/vgED6bBIXz8HNw10yxT5kigCsE+aThtMv1vIep3G5OImK4ADrgqiTCqXlGuI5oKdvwQ/EDQ1Pd1+CnQpirMYGn2Y+YJYCD0aheI=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1743507625; c=relaxed/simple;
bh=8/ELsWybgnIXv1i47c4RGxmxeYQBD0td+EUnalRhJ/E=;
h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version:Content-Type;
b=JJoGtFf19ESqfJ9eCvo92/8W5X4R4fDR9tjMNKY8wWHxy3rG0aUm5lLFy5XMe8pOlx1umI+vZhNzb6Sikpl9kS0IwEbxJjUKXYtKWSaYI9Az5pp24TKksElql1SWPmPT6WILr0K8lIM4DuaaKlBdmh3zrC6QhnktxpEu75WmrZ0=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com;
spf=fail smtp.mailfrom=amd.com;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b=ZRMpJXyM; arc=fail smtp.client-ip=40.107.237.56
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com
Authentication-Results: smtp.subspace.kernel.org;
spf=fail smtp.mailfrom=amd.com
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b="ZRMpJXyM"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=Iao6F5wZ8kJjveSKMz+QvgMKTHlYYYOCkzj3TW9q0WJ3gqLbiIc0kbPgkZmre9vvfntclB4rbjf/3fBpZS2IWz4lFbnG3SqoM5kDb3Ip76snsXyGtZkBZl4HOIUCus8AkmBU7TQPmL7W7ReePAzRZs/QTNpM35EdYxTLli5Das/bjUxSanV9VpfuPEA891Ct0ZxVLFv8uD63CkFt9XSheX/CD6HyRDKr95I1F4FW5shDCVxI3qF9NqyfTC6nU7MvNUpVKjzp3VgnTTLdSSuEzEEJNjo3LTgjrwBkgq1g6iqiNkAtzEP+I5h+0qkynyGDg6dqth8ALDUmBm+t6sef3g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=TromaWv4bDLiiKQovDaBmEqVp8ucnrTwr3wb8/61/mI=;
b=XtJ/dL2yMiJP1/0uCNBqI6ezLbtzkGt2S9YhmAwFsC/fqnq/mjbiqPOQYwdPIYQcBAzgm2TUx9w4RFJ4yZZUD1J5HaDI8W0UTjYXGdGJ/52zvSLBzRzC52KuzBLCd+zuWr4WDx4/2jQy7mnNUZCOBqhygwXR25fNtjIu7AW2F4gr2quqWRQnv6/Dn8GUCL6WrSiZbBgP+Pe/LY39zT5meZZ+HZqCt6t8mLHMCgorTakRjXkTZbgMimUoT1kC+GvjnhYK2KrjBzaqqA/B3m3dCrXLlJL7Iz2Xsz7eAre6P5EuHeiD7C/8bUjPvR5Tdg5s6UMzQ2IMm6rDSoASKfyl5A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=amd.com; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=TromaWv4bDLiiKQovDaBmEqVp8ucnrTwr3wb8/61/mI=;
b=ZRMpJXyMin7E5M8zQK6HzebkiPhnHZ4SbPkbQ2Uni9/IksFHfNc0vv4ez0S2S/Y2fNEP2BXkgsMEuzWV7IRZmDLznAKBFqcKfJLpIX8OkcNQsHmbBebdB7pgEbkzVXffaWgsw6tz3iuEBaUl35dDLVKfG44rYoOUpzJCq5Cyax0=
Received: from PH8PR07CA0020.namprd07.prod.outlook.com (2603:10b6:510:2cd::12)
by CY3PR12MB9577.namprd12.prod.outlook.com (2603:10b6:930:109::10) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.45; Tue, 1 Apr
2025 11:40:21 +0000
Received: from CO1PEPF000044FD.namprd21.prod.outlook.com
(2603:10b6:510:2cd:cafe::cb) by PH8PR07CA0020.outlook.office365.com
(2603:10b6:510:2cd::12) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8534.54 via Frontend Transport; Tue,
1 Apr 2025 11:40:20 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
smtp.mailfrom=amd.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
165.204.84.17 as permitted sender) receiver=protection.outlook.com;
client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
CO1PEPF000044FD.mail.protection.outlook.com (10.167.241.203) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.8632.2 via Frontend Transport; Tue, 1 Apr 2025 11:40:20 +0000
Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com
(10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 1 Apr
2025 06:40:14 -0500
From: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
To: <linux-kernel@vger.kernel.org>
CC: <bp@alien8.de>, <tglx@linutronix.de>, <mingo@redhat.com>,
<dave.hansen@linux.intel.com>, <Thomas.Lendacky@amd.com>, <nikunj@amd.com>,
<Santosh.Shukla@amd.com>, <Vasant.Hegde@amd.com>,
<Suravee.Suthikulpanit@amd.com>, <David.Kaplan@amd.com>, <x86@kernel.org>,
<hpa@zytor.com>, <peterz@infradead.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <kvm@vger.kernel.org>,
<kirill.shutemov@linux.intel.com>, <huibo.wang@amd.com>,
<naveen.rao@amd.com>, <francescolavra.fl@gmail.com>
Subject: [PATCH v3 12/17] x86/apic: Read and write LVT* APIC registers from HV
for SAVIC guests
Date: Tue, 1 Apr 2025 17:06:11 +0530
Message-ID: <20250401113616.204203-13-Neeraj.Upadhyay@amd.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
References: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
(10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1PEPF000044FD:EE_|CY3PR12MB9577:EE_
X-MS-Office365-Filtering-Correlation-Id: ddb42be8-cb45-47f0-ee2b-08dd7111fb8c
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|36860700013|82310400026|1800799024|376014|7416014;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?dHVCNbUPCu6g8a8K+viC4XaWzos1cO4XGzxCcroPSssfns8dSTw7Pe+5CeuD?=
=?us-ascii?Q?tNNaEOuEKksbuxv8EgC8gEJF9H6BSABkfereYCH4/GfLqAzRiHeWC/f8ZvHA?=
=?us-ascii?Q?4TEG8aJLOfwfW15mLji9/pr2lJ2Hl4zDeW7Cucc3DSx2sFzkqrV3ah5bl+aH?=
=?us-ascii?Q?PnaqT8l/nd5LgUZ8PdN3V3mKQzqq7ZLar1UCbIqqoVmEMcBeVMP6yCXdHgBp?=
=?us-ascii?Q?sIB+0SZOg8es7tbyxsm23syZ5QeLxyWqyRNiCxRABte9T40VPxb4ZoNL6l7j?=
=?us-ascii?Q?iLzsxIBFNvA5ZPCMNTpG8tVLgBXu+9SWj859uuZ/6Zxhz/DrgJ06PS+/N8bG?=
=?us-ascii?Q?JG8CRaghJuijKE9JdkxyCOeCOwJ8GBOCuzUTu7eIP3lr1aVsxvC9y5k4XN0D?=
=?us-ascii?Q?eQP4TVeNtIEqW1K1cgfd0y/KG7h3UvmXGu8eycqbg2xSf37S4JbRJ9W9pT1K?=
=?us-ascii?Q?gzWAYTT1rnfeL/F5XyGab9WJGyr4N8oPykRNbSGmU/Yl7RIV0FtYt170shMt?=
=?us-ascii?Q?ESLiU5vwHF8L/LiS+GGEjCXPBYyer/xaRXDDhNO9R56V7RTzRGAUkFGLiUcx?=
=?us-ascii?Q?qdIRUfPgTamMCuZf3UFkV4iU8ZNauHaf3D3Uqtcm2MmFDA9y2Yhp502Yewo5?=
=?us-ascii?Q?QMwSE3w0VBeC/sIxZlYMPk9Nlk51nzjuXOBLmaMmmgjMYAk9M1wH/9S+4/sh?=
=?us-ascii?Q?5hz3+Ay96NBeMtw6hvD7kUJ1PZNvOSD75Qbtb1AkLD7KK4ykyEyBD0USUIaQ?=
=?us-ascii?Q?MdS+vwA5FSy3hSKN6HIcwlqMeRVdzciFn73xs2dikmT56fdkBoQ3JgEOoRSb?=
=?us-ascii?Q?R9GvuuIBz51ztSG0dLfjJrCPMD8CdHeYGfwwHYd5t/1jMNR7YYggZeKwt/f5?=
=?us-ascii?Q?iODrJZzPc2AwoRVxjFPeLSbceeUXn0Ch37Gr2jvc4ISJoeIzHK/CPkPcM7Hc?=
=?us-ascii?Q?RMue7kQIoBPsGrvkrhc53qs+9bsNsmo/JcSdJh/AXkCAf61OMIXecdqxmb9B?=
=?us-ascii?Q?GzdYXdXSETrnduKq/F/OGoqp1vJTqMa4gtMRYmorgcbPhhVj3LNm9XlVfsDh?=
=?us-ascii?Q?JEhKcsA7LsOabHDXxpe+J8OCDlJd0U/7v2zCef0vZZmHuzokbsVlbM7E1eTY?=
=?us-ascii?Q?mawNnjfvPhuHdK/9a9NDniJhBv/MoM7ZfwKggNAOd+neaWQsVhsESB985gHB?=
=?us-ascii?Q?TBrNkzHcGcAEP4h2vZyNSdczqSFWlpmN4vTR8e1bE8LL1A7G/3gi6qbQkkep?=
=?us-ascii?Q?I476av9ZX0pvt9eCtMgsxVCT0hFlU7UQBz83ZLvBseSQoQIKxI/j1yunKd/R?=
=?us-ascii?Q?oi+NdUfGW5slPfSujRypSs7Ef9sGqw7kaINSugyj4pk9NFySkv7G/yGKDd/Q?=
=?us-ascii?Q?/VkUkNX4vqaqE7hQOMly9Olp/u/tLwxOY2G7PhTE4YJG/WA9WVV6bFWP0sRM?=
=?us-ascii?Q?k2Vxt9Di7AFPUtkZ3rNn/E7HfAfna0VSEEExwzdirhvoKH+mPtR8g9QhoUDI?=
=?us-ascii?Q?TcxFNiD9VjWkrrY=3D?=
X-Forefront-Antispam-Report:
CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(1800799024)(376014)(7416014);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2025 11:40:20.3600
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
ddb42be8-cb45-47f0-ee2b-08dd7111fb8c
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
CO1PEPF000044FD.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY3PR12MB9577
Content-Type: text/plain; charset="utf-8"
Hypervisor need information about the current state of LVT registers
for device emulation and NMI. So, forward reads and write of these
registers to the Hypervisor for Secure AVIC guests.
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
Changes since v2:
- No change.
arch/x86/kernel/apic/x2apic_savic.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a=
pic_savic.c
index 845d90cbdcdf..4adb9cad0a0c 100644
--- a/arch/x86/kernel/apic/x2apic_savic.c
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -88,6 +88,11 @@ static u32 x2apic_savic_read(u32 reg)
case APIC_TMICT:
case APIC_TMCCT:
case APIC_TDCR:
+ case APIC_LVTTHMR:
+ case APIC_LVTPC:
+ case APIC_LVT0:
+ case APIC_LVT1:
+ case APIC_LVTERR:
return savic_ghcb_msr_read(reg);
case APIC_ID:
case APIC_LVR:
@@ -98,11 +103,6 @@ static u32 x2apic_savic_read(u32 reg)
case APIC_SPIV:
case APIC_ESR:
case APIC_ICR:
- case APIC_LVTTHMR:
- case APIC_LVTPC:
- case APIC_LVT0:
- case APIC_LVT1:
- case APIC_LVTERR:
case APIC_EFEAT:
case APIC_ECTRL:
case APIC_SEOI:
@@ -151,19 +151,19 @@ static void x2apic_savic_write(u32 reg, u32 data)
case APIC_LVTT:
case APIC_TMICT:
case APIC_TDCR:
- savic_ghcb_msr_write(reg, data);
- break;
case APIC_LVT0:
case APIC_LVT1:
+ case APIC_LVTTHMR:
+ case APIC_LVTPC:
+ case APIC_LVTERR:
+ savic_ghcb_msr_write(reg, data);
+ break;
case APIC_TASKPRI:
case APIC_EOI:
case APIC_SPIV:
case SAVIC_NMI_REQ:
case APIC_ESR:
case APIC_ICR:
- case APIC_LVTTHMR:
- case APIC_LVTPC:
- case APIC_LVTERR:
case APIC_ECTRL:
case APIC_SEOI:
case APIC_IER:
--=20
2.34.1
From nobody Tue May 13 07:19:50 2025
Received: from NAM10-BN7-obe.outbound.protection.outlook.com
(mail-bn7nam10on2086.outbound.protection.outlook.com [40.107.92.86])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 59C181F03EC;
Tue, 1 Apr 2025 11:40:45 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=fail smtp.client-ip=40.107.92.86
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1743507648; cv=fail;
b=QIWE8bJ85MwQx9HSZBNuk8cB5SyuNZXLqaMZ6eDlZN1K4LQ2pHkCr0b2JWTGyy09SOsMiHkyU4SLrps8Evj8cHBGe6SG44r8C2qZt1/TT8Dyq9rqGKHIXr8mFEE2eXeSW72bxc+t2EDxpghzXHi1x+gphX43DDiDLMeVbs7vFH4=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1743507648; c=relaxed/simple;
bh=j45KukHnrCXDwEqZwIHp0LT592etLkeFjJo1Cv23Uss=;
h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version:Content-Type;
b=B9NxEWws26QjGegcnZ7HLQlUqrUXPklYVi9gTyE7iXnvX0e5hXrSDukv3sM596sO2oB65+r27EcUqMA1P56k4//cYuaU2sk4ReTuPtigDhgWWmmdhL4cr5oeOmglvRb1BGQTs4/HZ5lArjf5OfXeoe21ksOW4eGxKowI47jDLlE=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com;
spf=fail smtp.mailfrom=amd.com;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b=U0J+MBZi; arc=fail smtp.client-ip=40.107.92.86
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com
Authentication-Results: smtp.subspace.kernel.org;
spf=fail smtp.mailfrom=amd.com
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b="U0J+MBZi"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=IlhByEGqRBrFJxnJA8lOmubGIH0TvBJJnuvyMRC1+Ay0hi+SsFjfsmihRFD6BKA0YVeX8i3bkBhYMgJrPeQXhQEyL6+VwBj91Fn5HA9bf5CuBLcUlKzA5OVZdDDFoTZuAzoztbvZ5D67Gpj8+WquotaQry4SS9skq3N0FsaCkNxJZUX3e4MtWeJo4kT4szUa873YIjKDpVnWQn25US9AY7WIqG4XJIU3vkD9cc449aUKIMlRsYMwW9UnKYm/wrQBRH1G2Q3+5Lvs5R6zpS1YkKByIpxvDrdJOdvACWCGwaGcZN3jmaa0DHMgWcZKAr4koE0p+MsrBX+FmCScdYI1EA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=OqYeoKzXKpg0THxeVdKhgK0yotvM5Eyjv4tZOKTQ9to=;
b=CrAmITfy8BBZJfCNB2A/PnzI0+w42lWkdILzKwMTTKompTgyEeBUhHrST/J2obwLGYDWEIA9cs9k75v4XY+NIq/04OHsztV20M5+m/4KIw/q0yIlGbwYbr7Qa48yypw0NrCKG7dPynMy7QNag872zFEwguK5FRLS7KG1cDqHjMppmb07YE+fgIa/MdMO0ulqgluMWnpLc5bmr0XXNVd+CONRMxVpiEnnkTTwbpRERKextt9pLjgnUcjbF+1TrmaTvpmv57uCmRL/+CeqmzZ/TQePxM5z0IsvgLvd4S0X+rdcNGpXgluXleX8RGt8RxktWvVljRAmWABwe6oRhZp8ow==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=amd.com; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=OqYeoKzXKpg0THxeVdKhgK0yotvM5Eyjv4tZOKTQ9to=;
b=U0J+MBZiwJuwGw6d7/vlEHLm0tegETIDzLE3VtFJrAsLMz3ezhJBLzvNc9i9vntr7XSUmhoLKW6mm+9lUHgi09yHQC+VC6qO9Y7HCNdVMN47VNxabdAQae3K/9Wd2n0jGdFnlVeIY9/4oJAPtB8y1MAdBIKPaUMFoju0QwS1N+Q=
Received: from MW4P220CA0022.NAMP220.PROD.OUTLOOK.COM (2603:10b6:303:115::27)
by PH7PR12MB6417.namprd12.prod.outlook.com (2603:10b6:510:1ff::14) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.44; Tue, 1 Apr
2025 11:40:38 +0000
Received: from CO1PEPF000044FB.namprd21.prod.outlook.com
(2603:10b6:303:115:cafe::d9) by MW4P220CA0022.outlook.office365.com
(2603:10b6:303:115::27) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8583.37 via Frontend Transport; Tue,
1 Apr 2025 11:40:38 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
smtp.mailfrom=amd.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
165.204.84.17 as permitted sender) receiver=protection.outlook.com;
client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
CO1PEPF000044FB.mail.protection.outlook.com (10.167.241.201) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.8632.2 via Frontend Transport; Tue, 1 Apr 2025 11:40:38 +0000
Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com
(10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 1 Apr
2025 06:40:32 -0500
From: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
To: <linux-kernel@vger.kernel.org>
CC: <bp@alien8.de>, <tglx@linutronix.de>, <mingo@redhat.com>,
<dave.hansen@linux.intel.com>, <Thomas.Lendacky@amd.com>, <nikunj@amd.com>,
<Santosh.Shukla@amd.com>, <Vasant.Hegde@amd.com>,
<Suravee.Suthikulpanit@amd.com>, <David.Kaplan@amd.com>, <x86@kernel.org>,
<hpa@zytor.com>, <peterz@infradead.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <kvm@vger.kernel.org>,
<kirill.shutemov@linux.intel.com>, <huibo.wang@amd.com>,
<naveen.rao@amd.com>, <francescolavra.fl@gmail.com>
Subject: [PATCH v3 13/17] x86/apic: Handle EOI writes for SAVIC guests
Date: Tue, 1 Apr 2025 17:06:12 +0530
Message-ID: <20250401113616.204203-14-Neeraj.Upadhyay@amd.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
References: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
(10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1PEPF000044FB:EE_|PH7PR12MB6417:EE_
X-MS-Office365-Filtering-Correlation-Id: 739254bd-ccba-4a5f-b81c-08dd71120674
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|82310400026|36860700013|1800799024|376014|7416014;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?MhbJEm0DCQb6jQTWH0bzGp8izchTDFbjMs99TGlaNB//LXMBYpAhiabGBFvL?=
=?us-ascii?Q?AiIlZUWQJuCuk5Ey9dEbQi7D3n9F+Lu9JWwY1QeOs3T3ADYvvLmOWFCyliCh?=
=?us-ascii?Q?iKzgNDpIZVqmGSBDDUOqqDgOad7bnmfYjjEsx+JuzX8/EoO2OQ4v0bwP+GOT?=
=?us-ascii?Q?W/w1HpcjnN4+iM7/L93H57LIHmgpyOYNS8q3P0uWoCuURpGbE5WrTFC7Ywto?=
=?us-ascii?Q?T2jZoP45DOYSveKsNaGFYOJw1TmQM21zmqB159TsDO3u4IGuK9WbcTUWJJwO?=
=?us-ascii?Q?CheZFHKPltSHZB4DC4VsZ0LSsnylLwSCDEqOc5/m6qslkkVV+dvn9QBvZ5rE?=
=?us-ascii?Q?bOf/ITXK3YTcGlevml1KchYiyrVx2IwG7pa61edsMsKJrqKmbqPYd+zdVxo8?=
=?us-ascii?Q?8Kj6mjktNA72I91LpPzipNBemEYYgYLvhA+YoOTeOcnreQO5av/zVPFdjFEa?=
=?us-ascii?Q?P64G9/8rPL9UFQHq6d5dSNnPDBuo9cBa4JywLG2YKziq9RkDarLxHKiHM34H?=
=?us-ascii?Q?VnI/czreygo5mEUrvLsUe8O+8bGDv0tq+Rnhk8ychLG2CQVDMc6dBHnAJqfy?=
=?us-ascii?Q?8IoYXqmxwBqZKlfgvOF43NK3yZzMUE8Wz6tjZHMpc+9+5iGEjsMuYRPbnKLq?=
=?us-ascii?Q?km3bWCI/Hij24JQZXe+GlIQlArM52yPmsDoNF4HAysWDJKWNyGFbD5TRu/OF?=
=?us-ascii?Q?FO9Xtcrm2e6KCStSomjkoT83yGsJN1Z2F7H1wktyTdtSuxGX3cx2B6UgUdBM?=
=?us-ascii?Q?L2y/y83MgMgUcbp/J6knLKFFRD8Ep+ae8mqeZ3jKUkTJSF/slAmMbXyJbSXL?=
=?us-ascii?Q?fGvi0NF11tX3IbsvcqLLS6ZMuaROXJQWU3fqasjOmf2VNy96D749M58v/bKS?=
=?us-ascii?Q?F9tF4FlC/fa0dKU0+LBoWxR8HDBkgc18haYoBpMR24SXZFlgdXz14BCak1jz?=
=?us-ascii?Q?23S5VmtWgYj3QlP3wQZvYdaskIKMdeRzxZwVhrtTI5p7kYqBoQ+9CeeyXeca?=
=?us-ascii?Q?yGlPTxbLRGEWZiRPUx8VRWfJgSquzDU/maU56CTDkuvdCEPPBDr7+lzq+BOh?=
=?us-ascii?Q?cDEFL+98kszUnWq56wlf4BGE2wHB9GE3fJmrEcyuLeDI4yjQbvGvpV0sYlO0?=
=?us-ascii?Q?oIKB8MNnc0aPM1PmZ4VRW3QHz2DgBiwiC+RsZC0uV9YSVpyw6qylRXXy0aMD?=
=?us-ascii?Q?zu4ndNWZJbdYhRLet2DmX242bpdH9srL59mLzqLVyj+5ljIpeEjXdMh3YcIE?=
=?us-ascii?Q?+7AaNEKUolhBLMGpwJtUwYnPQOAAwTj+DU+lG9FdGBDvr6lPWw9Y08PrB3Zb?=
=?us-ascii?Q?KcZn/U6q5RvvJR0Rf+P9SahejgUcDwOxxK1EIZATqbzRwGNBdA5/vmGGCndR?=
=?us-ascii?Q?QQnObCXwtfq14mxt5dA77n9yDN3g0fz439fFO6yXAPv0xUiFC8UUl6Q6cXFp?=
=?us-ascii?Q?wHz5YmBQxaZs/D5NopTwqx5ObAojUKrvvhn5kWwnmaj8h0UIS9X6El4PK4Ci?=
=?us-ascii?Q?ztB2cC23r3SqhSo=3D?=
X-Forefront-Antispam-Report:
CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(1800799024)(376014)(7416014);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2025 11:40:38.6569
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
739254bd-ccba-4a5f-b81c-08dd71120674
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
CO1PEPF000044FB.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB6417
Content-Type: text/plain; charset="utf-8"
Secure AVIC accelerates guest's EOI msr writes for edge-triggered
interrupts. For level-triggered interrupts, EOI msr writes trigger
VC exception with SVM_EXIT_AVIC_UNACCELERATED_ACCESS error code. The
VC handler would need to trigger a GHCB protocol MSR write event to
to notify the Hypervisor about completion of the level-triggered
interrupt. This is required for cases like emulated IOAPIC. VC exception
handling adds extra performance overhead for APIC register write. In
addition, some unaccelerated APIC register msr writes are trapped,
whereas others are faulted. This results in additional complexity in
VC exception handling for unacclerated accesses. So, directly do a GHCB
protocol based EOI write from apic->eoi() callback for level-triggered
interrupts. Use wrmsr for edge-triggered interrupts, so that hardware
re-evaluates any pending interrupt which can be delivered to guest vCPU.
For level-triggered interrupts, re-evaluation happens on return from
VMGEXIT corresponding to the GHCB event for EOI msr write.
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
Changes since v2:
- Reuse find_highest_vector() from kvm/lapic.c
- Misc cleanups.
arch/x86/include/asm/apic-emul.h | 28 +++++++++++++
arch/x86/kernel/apic/x2apic_savic.c | 62 +++++++++++++++++++++++++----
arch/x86/kvm/lapic.c | 23 ++---------
3 files changed, 85 insertions(+), 28 deletions(-)
create mode 100644 arch/x86/include/asm/apic-emul.h
diff --git a/arch/x86/include/asm/apic-emul.h b/arch/x86/include/asm/apic-e=
mul.h
new file mode 100644
index 000000000000..60d9e88fefc6
--- /dev/null
+++ b/arch/x86/include/asm/apic-emul.h
@@ -0,0 +1,28 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+#ifndef _ASM_X86_APIC_EMUL_H
+#define _ASM_X86_APIC_EMUL_H
+
+#define MAX_APIC_VECTOR 256
+#define APIC_VECTORS_PER_REG 32
+
+static inline int apic_find_highest_vector(void *bitmap)
+{
+ unsigned int regno;
+ unsigned int vec;
+ u32 *reg;
+
+ /*
+ * The registers int the bitmap are 32-bit wide and 16-byte
+ * aligned. State of a vector is stored in a single bit.
+ */
+ for (regno =3D MAX_APIC_VECTOR / APIC_VECTORS_PER_REG - 1; regno >=3D 0; =
regno--) {
+ vec =3D regno * APIC_VECTORS_PER_REG;
+ reg =3D bitmap + regno * 16;
+ if (*reg)
+ return __fls(*reg) + vec;
+ }
+
+ return -1;
+}
+
+#endif /* _ASM_X86_APIC_EMUL_H */
diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a=
pic_savic.c
index 4adb9cad0a0c..9e2a9bdb0762 100644
--- a/arch/x86/kernel/apic/x2apic_savic.c
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -13,6 +13,7 @@
#include <linux/align.h>
=20
#include <asm/apic.h>
+#include <asm/apic-emul.h>
#include <asm/sev.h>
=20
#include "local.h"
@@ -49,20 +50,27 @@ static __always_inline void set_reg(unsigned int offset=
, u32 val)
WRITE_ONCE(this_cpu_ptr(apic_page)->regs[offset >> 2], val);
}
=20
-#define SAVIC_ALLOWED_IRR 0x204
-
-static inline void update_vector(unsigned int cpu, unsigned int offset,
- unsigned int vector, bool set)
+static inline unsigned long *get_reg_bitmap(unsigned int cpu, unsigned int=
offset)
{
struct apic_page *ap =3D per_cpu_ptr(apic_page, cpu);
- unsigned long *reg =3D (unsigned long *) &ap->bytes[offset];
- unsigned int bit;
=20
+ return (unsigned long *) &ap->bytes[offset];
+}
+
+static inline unsigned int get_vec_bit(unsigned int vector)
+{
/*
* The registers are 32-bit wide and 16-byte aligned.
* Compensate for the resulting bit number spacing.
*/
- bit =3D vector + 96 * (vector / 32);
+ return vector + 96 * (vector / 32);
+}
+
+static inline void update_vector(unsigned int cpu, unsigned int offset,
+ unsigned int vector, bool set)
+{
+ unsigned long *reg =3D get_reg_bitmap(cpu, offset);
+ unsigned int bit =3D get_vec_bit(vector);
=20
if (set)
set_bit(bit, reg);
@@ -70,6 +78,16 @@ static inline void update_vector(unsigned int cpu, unsig=
ned int offset,
clear_bit(bit, reg);
}
=20
+static inline bool test_vector(unsigned int cpu, unsigned int offset, unsi=
gned int vector)
+{
+ unsigned long *reg =3D get_reg_bitmap(cpu, offset);
+ unsigned int bit =3D get_vec_bit(vector);
+
+ return test_bit(bit, reg);
+}
+
+#define SAVIC_ALLOWED_IRR 0x204
+
static u32 x2apic_savic_read(u32 reg)
{
/*
@@ -374,6 +392,34 @@ static int x2apic_savic_probe(void)
return 1;
}
=20
+static void x2apic_savic_eoi(void)
+{
+ unsigned int cpu;
+ int vec;
+
+ cpu =3D raw_smp_processor_id();
+ vec =3D apic_find_highest_vector(get_reg_bitmap(cpu, APIC_ISR));
+ if (WARN_ONCE(vec =3D=3D -1, "EOI write while no active interrupt in APIC=
_ISR"))
+ return;
+
+ if (test_vector(cpu, APIC_TMR, vec)) {
+ update_vector(cpu, APIC_ISR, vec, false);
+ /*
+ * Propagate the EOI write to hv for level-triggered interrupts.
+ * Return to guest from GHCB protocol event takes care of
+ * re-evaluating interrupt state.
+ */
+ savic_ghcb_msr_write(APIC_EOI, 0);
+ } else {
+ /*
+ * Hardware clears APIC_ISR and re-evaluates the interrupt state
+ * to determine if there is any pending interrupt which can be
+ * delivered to CPU.
+ */
+ native_apic_msr_eoi();
+ }
+}
+
static struct apic apic_x2apic_savic __ro_after_init =3D {
=20
.name =3D "secure avic x2apic",
@@ -403,7 +449,7 @@ static struct apic apic_x2apic_savic __ro_after_init =
=3D {
=20
.read =3D x2apic_savic_read,
.write =3D x2apic_savic_write,
- .eoi =3D native_apic_msr_eoi,
+ .eoi =3D x2apic_savic_eoi,
.icr_read =3D native_x2apic_icr_read,
.icr_write =3D x2apic_savic_icr_write,
=20
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 28e3317124fd..8269af8666b8 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -27,6 +27,7 @@
#include <linux/export.h>
#include <linux/math64.h>
#include <linux/slab.h>
+#include <asm/apic-emul.h>
#include <asm/processor.h>
#include <asm/mce.h>
#include <asm/msr.h>
@@ -55,9 +56,6 @@
/* 14 is the version for Xeon and Pentium 8.4.8*/
#define APIC_VERSION 0x14UL
#define LAPIC_MMIO_LENGTH (1 << 12)
-/* followed define is not in apicdef.h */
-#define MAX_APIC_VECTOR 256
-#define APIC_VECTORS_PER_REG 32
=20
/*
* Enable local APIC timer advancement (tscdeadline mode only) with adapti=
ve
@@ -626,21 +624,6 @@ static const unsigned int apic_lvt_mask[KVM_APIC_MAX_N=
R_LVT_ENTRIES] =3D {
[LVT_CMCI] =3D LVT_MASK | APIC_MODE_MASK
};
=20
-static int find_highest_vector(void *bitmap)
-{
- int vec;
- u32 *reg;
-
- for (vec =3D MAX_APIC_VECTOR - APIC_VECTORS_PER_REG;
- vec >=3D 0; vec -=3D APIC_VECTORS_PER_REG) {
- reg =3D bitmap + REG_POS(vec);
- if (*reg)
- return __fls(*reg) + vec;
- }
-
- return -1;
-}
-
static u8 count_vectors(void *bitmap)
{
int vec;
@@ -704,7 +687,7 @@ EXPORT_SYMBOL_GPL(kvm_apic_update_irr);
=20
static inline int apic_search_irr(struct kvm_lapic *apic)
{
- return find_highest_vector(apic->regs + APIC_IRR);
+ return apic_find_highest_vector(apic->regs + APIC_IRR);
}
=20
static inline int apic_find_highest_irr(struct kvm_lapic *apic)
@@ -779,7 +762,7 @@ static inline int apic_find_highest_isr(struct kvm_lapi=
c *apic)
if (likely(apic->highest_isr_cache !=3D -1))
return apic->highest_isr_cache;
=20
- result =3D find_highest_vector(apic->regs + APIC_ISR);
+ result =3D apic_find_highest_vector(apic->regs + APIC_ISR);
ASSERT(result =3D=3D -1 || result >=3D 16);
=20
return result;
--=20
2.34.1
From nobody Tue May 13 07:19:50 2025
Received: from NAM04-BN8-obe.outbound.protection.outlook.com
(mail-bn8nam04on2062.outbound.protection.outlook.com [40.107.100.62])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id B1E701FBC87;
Tue, 1 Apr 2025 11:41:01 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=fail smtp.client-ip=40.107.100.62
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1743507664; cv=fail;
b=LxQUdrPwYZIVRoYoy5ligDGHVrd+F54SU/5GBSlsGQ9W3AGuEe4eQBzgJQkm3BaU7CWL0WrwQug7o4B8JOLTO9datE7KLs80mHN1rV8bAc8PbU1TdC7EnOg9S3LjUs3GHZg07yFv26HDc/vDqgfMXafA6/mBJ7G1ENhKPnmt4Uc=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1743507664; c=relaxed/simple;
bh=J+foIHVLTfp6k7crsleO1XiGt/6+s97ST7gWKX/kIzE=;
h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version:Content-Type;
b=OwooStf49j0cUcApzd9AEuXX3pRs5jpeuv9LO40oxYZolVId2PgHLYoUiYhLPIXuV4+dLd4JMF4j6TzTNOtu7f+GmgdOxTKFjjoQGPzCfu1S64Sf0yxdsFk7RSom8Jiq4srQkLYrpwqx4Bpxd+T2e8zFb9MhrMibG9Vslepi88E=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com;
spf=fail smtp.mailfrom=amd.com;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b=SN4MOQs1; arc=fail smtp.client-ip=40.107.100.62
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com
Authentication-Results: smtp.subspace.kernel.org;
spf=fail smtp.mailfrom=amd.com
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b="SN4MOQs1"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=XAzdPANUzI4mhj+80k8g1HXxwpuqZiTEey6bpl/omzrbvhQmWYEyYUs8N+7nHHAcTbsSqsT8HP1rrA5jiRvogFGPLyCfBwc+/LaIpwSmveIdO/Ov+HAbOOr/wRVAlU3TXiEgf7J4JsfI6N0EpKxBRM1IBviZdwCDUdt0Xf3oD5I4cVF+FVTFLuTu17RzP64IuGcvTjFTNg422MxLIuPOxcngktLDvFdY0yalPr0qECiC77DqzWAfJrKB22eON4RDWRwwefl6CoMlZYpDKHsUAtdr0vfmcEZsnuGuR2Ix+oFcdE1NSghVee2BI45wdTqXqTgo95NBCPw9aYxFsZSwCQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=RS4sxldrG+K+gQZwT3+DSbuX6TczT41ZqBH+CxQQoXo=;
b=Pz9QZ2cY7odWl9rd3lYW3bt6IqoSx0q7ORvaJIFDtPXPmOdcOMQ+fDrdounVKHUBafB9hs6u5k+epud9ZByDSCq5QbwDpeEizir3oKaSw6zkPaSmVgmE5X4npF2Cm911VrkX28AGgRe5AiQjRWn3mtsZIJdZ3/iHzNSj81SJwCm10Uk+5N2f+gVDvBRHqt3wUm2rK+HxiFoq9695FrCckEUrzJALT6Aqh9kJ67auckQ2Eg4NgiM4TVGv5ggxEQFs9Dek+Ly5B0bdiEgOcBhQxF/3LEG320wPvTdSfICzsDhNXEN4yKkDHJMcHwQNO6lkhwjMcABBjcZyN7AXgx++Zg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=amd.com; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=RS4sxldrG+K+gQZwT3+DSbuX6TczT41ZqBH+CxQQoXo=;
b=SN4MOQs1sT1vK2+LJ5g3XQbVUOI77LriS7GBzw8zIPAUkLr1J5IzR08FYRK86F7vz91Ac6BGuiA/PyuZThuAhxBEu4LE5dtyIWUWXAthuorUXtOjupiwqhiMHAxl6qvVY/fH1mRKOmiWyMR8xXBtfeolBs9ZhS1tHn3GWqQQt84=
Received: from PH8PR07CA0022.namprd07.prod.outlook.com (2603:10b6:510:2cd::21)
by CY5PR12MB6299.namprd12.prod.outlook.com (2603:10b6:930:20::21) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.47; Tue, 1 Apr
2025 11:40:57 +0000
Received: from CO1PEPF000044FD.namprd21.prod.outlook.com
(2603:10b6:510:2cd:cafe::94) by PH8PR07CA0022.outlook.office365.com
(2603:10b6:510:2cd::21) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8534.54 via Frontend Transport; Tue,
1 Apr 2025 11:40:57 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
smtp.mailfrom=amd.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
165.204.84.17 as permitted sender) receiver=protection.outlook.com;
client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
CO1PEPF000044FD.mail.protection.outlook.com (10.167.241.203) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.8632.2 via Frontend Transport; Tue, 1 Apr 2025 11:40:57 +0000
Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com
(10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 1 Apr
2025 06:40:51 -0500
From: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
To: <linux-kernel@vger.kernel.org>
CC: <bp@alien8.de>, <tglx@linutronix.de>, <mingo@redhat.com>,
<dave.hansen@linux.intel.com>, <Thomas.Lendacky@amd.com>, <nikunj@amd.com>,
<Santosh.Shukla@amd.com>, <Vasant.Hegde@amd.com>,
<Suravee.Suthikulpanit@amd.com>, <David.Kaplan@amd.com>, <x86@kernel.org>,
<hpa@zytor.com>, <peterz@infradead.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <kvm@vger.kernel.org>,
<kirill.shutemov@linux.intel.com>, <huibo.wang@amd.com>,
<naveen.rao@amd.com>, <francescolavra.fl@gmail.com>
Subject: [PATCH v3 14/17] x86/apic: Add kexec support for Secure AVIC
Date: Tue, 1 Apr 2025 17:06:13 +0530
Message-ID: <20250401113616.204203-15-Neeraj.Upadhyay@amd.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
References: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
(10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1PEPF000044FD:EE_|CY5PR12MB6299:EE_
X-MS-Office365-Filtering-Correlation-Id: 63f9005a-6e92-463c-1166-08dd71121186
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|82310400026|376014|7416014|36860700013|1800799024;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?1AZMmMNNW8u7OWwH+okKRisIQ90c4wKxGWOeNnR8c/J/GqlU98TJ3OsPl+uH?=
=?us-ascii?Q?/ns2tJJ5o8sk7cYqsEQN+CUuMydKJShrIJWNrNmEhXeXRP7GE5jnDUBG1mrI?=
=?us-ascii?Q?cLI3Rw8coP8eOdNCCrM1oYvs0PbzC2j7E3JVcPcCdBHF/UySo5Y7Pt5bYvrd?=
=?us-ascii?Q?PU2DKxe58Oghfur/zxBffKeV5YrSEgxwz6HGGlDHdayQnC0IKVlOQWNsxev+?=
=?us-ascii?Q?dfiCCbYUJ3U877ZM6kbxRuV9idwOQUBeG6LmeoXsYljKVHfs7LpYd8cKdINo?=
=?us-ascii?Q?Stvh3o1JlngWjV0SxwbBUss+Oo3Rpg0YJveg0n9oH9mhhfvoEvKPLl61YlN3?=
=?us-ascii?Q?6KKDuAPOSC5BklsxA/xd44CRdyP4zvT9qpb4mJuUrYWuLfKbtIRlizVMUPB0?=
=?us-ascii?Q?8SLXVf4zpmYi3X7nluvTaRbkApfESaOXgGZK5Euj25WulRyD3Fhgm9NpiqOJ?=
=?us-ascii?Q?zkUDKPI9KHwzhy1NAUw0YuoUtAUapQtaJAt0ZTVSNU2gH2Eyw1FW9jqnQ2qm?=
=?us-ascii?Q?fkY5QbPPLfBc+HT7RDz2jhOKv5tdBu/3IYDPhQz7AIWa4BfJuDA4+2IuAOaQ?=
=?us-ascii?Q?ost+6sHNEtbu2w06EmOk9HN8Ipziz6EnCF5GZerfWuj3ZUx+SLFzqkePHUL9?=
=?us-ascii?Q?VHH49Kd5MVJILB11BRKOTFeoi3++vO2ZDoN+cTJRSwSEeXW5ZwHajtBoZ8Ha?=
=?us-ascii?Q?qkC1J8lGOLaUrXWz5zL7jjwEbgqjA+xrAHYrwVYbqHZj3o7h3Wev0IDZob+M?=
=?us-ascii?Q?WKXIZuExfPfT9d9OXXjL7H4a1TCDyqOAQFfjh5U6cfZiHokyTEpv8fE30Dfv?=
=?us-ascii?Q?6SaRzbrRMbro8bJiMXDkbSqCdLZHs+kMJCa7P7WVDFk5UfbSoAZP0pZghHGG?=
=?us-ascii?Q?4Va81IalcYo4+I8x4ZJBg0pml8h4rjtK+zSDO+7bzoQa+vtcTf2Z8jn8eSkt?=
=?us-ascii?Q?a8/cZjk2Ju7z4l+0PmShOCZz1nBjVsQVcYSFTMNgVvlgq3dxh/xhv/Xhoh8B?=
=?us-ascii?Q?1YLbqig6J5h1t+p92Xd4kBpdBmBS0L5WtLmE2U1fbaCoQG1gH4ZnfRrrqEbp?=
=?us-ascii?Q?BqCW0//K0TLOX7E5AJzU2tvy9AxRjRMCXuSS9RbNsxExFrjWSSWKTunwbmja?=
=?us-ascii?Q?9Ce2EdII/DP4Na9cfh+y1zG4cKzA6lPGESepT1pO7UyWFfzPB6HKbcpbIuhK?=
=?us-ascii?Q?GbZ2n8aUmaoUW+1WGw7k+tNKKG7LvUgOoSu7aVzjsSY5NC7IFOe5r281dXRS?=
=?us-ascii?Q?DAU/qOLFiMAyDGtEnAlkrx2kFU7C+sjGsAfuBNjU3QdzCOQoKA8euEhCpCgY?=
=?us-ascii?Q?KcYNgChx2ZYbqbjTk/bpXTBNx4mGm/+qWuCXtDwQ5ok4V7mRNpXScvYH+JAx?=
=?us-ascii?Q?1nzVDoPBDbxjs/wmp+IUXru5I6Pz7NlWczQFjLby/TEQW1LC09O518Wx4AnY?=
=?us-ascii?Q?obPGCgxbWtLLNkDt8IVNKhDmDju81pQazWbOjrEP4meePjVeQVTeJPmDP1dX?=
=?us-ascii?Q?hQ4EaHO7HrNJuZw=3D?=
X-Forefront-Antispam-Report:
CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(376014)(7416014)(36860700013)(1800799024);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2025 11:40:57.2349
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
63f9005a-6e92-463c-1166-08dd71121186
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
CO1PEPF000044FD.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR12MB6299
Content-Type: text/plain; charset="utf-8"
Add a apic->teardown() callback to disable Secure AVIC before
rebooting into the new kernel. This ensures that the new
kernel does not access the old APIC backing page which was
allocated by the previous kernel. Such accesses can happen
if there are any APIC accesses done during guest boot before
Secure AVIC driver probe is done by the new kernel (as Secure
AVIC would have remained enabled in the Secure AVIC control
msr).
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
Changes since v2:
- Change savic_unregister_gpa() interface to allow GPA unregistration
only for local CPU.
arch/x86/coco/sev/core.c | 25 +++++++++++++++++++++++++
arch/x86/include/asm/apic.h | 1 +
arch/x86/include/asm/sev.h | 2 ++
arch/x86/kernel/apic/apic.c | 3 +++
arch/x86/kernel/apic/x2apic_savic.c | 8 ++++++++
5 files changed, 39 insertions(+)
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index 9ade2b1993ad..2381859491db 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -1588,6 +1588,31 @@ enum es_result savic_register_gpa(u64 gpa)
return res;
}
=20
+enum es_result savic_unregister_gpa(u64 *gpa)
+{
+ struct ghcb_state state;
+ struct es_em_ctxt ctxt;
+ unsigned long flags;
+ struct ghcb *ghcb;
+ int ret =3D 0;
+
+ local_irq_save(flags);
+
+ ghcb =3D __sev_get_ghcb(&state);
+
+ vc_ghcb_invalidate(ghcb);
+
+ ghcb_set_rax(ghcb, -1ULL);
+ ret =3D sev_es_ghcb_hv_call(ghcb, &ctxt, SVM_VMGEXIT_SECURE_AVIC,
+ SVM_VMGEXIT_SECURE_AVIC_UNREGISTER_GPA, 0);
+ if (gpa && ret =3D=3D ES_OK)
+ *gpa =3D ghcb->save.rbx;
+ __sev_put_ghcb(&state);
+
+ local_irq_restore(flags);
+ return ret;
+}
+
static void snp_register_per_cpu_ghcb(void)
{
struct sev_es_runtime_data *data;
diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
index 7616a622248c..0cd9315226d2 100644
--- a/arch/x86/include/asm/apic.h
+++ b/arch/x86/include/asm/apic.h
@@ -306,6 +306,7 @@ struct apic {
/* Probe, setup and smpboot functions */
int (*probe)(void);
void (*setup)(void);
+ void (*teardown)(void);
int (*acpi_madt_oem_check)(char *oem_id, char *oem_table_id);
=20
void (*init_apic_ldr)(void);
diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index 7c942b9c593a..8a08a03183b4 100644
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -484,6 +484,7 @@ int snp_send_guest_request(struct snp_msg_desc *mdesc, =
struct snp_guest_req *req
void __init snp_secure_tsc_prepare(void);
void __init snp_secure_tsc_init(void);
enum es_result savic_register_gpa(u64 gpa);
+enum es_result savic_unregister_gpa(u64 *gpa);
u64 savic_ghcb_msr_read(u32 reg);
void savic_ghcb_msr_write(u32 reg, u64 value);
=20
@@ -530,6 +531,7 @@ static inline int snp_send_guest_request(struct snp_msg=
_desc *mdesc, struct snp_
static inline void __init snp_secure_tsc_prepare(void) { }
static inline void __init snp_secure_tsc_init(void) { }
static inline enum es_result savic_register_gpa(u64 gpa) { return ES_UNSUP=
PORTED; }
+static inline enum es_result savic_unregister_gpa(u64 *gpa) { return ES_UN=
SUPPORTED; }
static inline void savic_ghcb_msr_write(u32 reg, u64 value) { }
static inline u64 savic_ghcb_msr_read(u32 reg) { return 0; }
=20
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index 86f9c3c7df1c..b5236c8c3032 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -1169,6 +1169,9 @@ void disable_local_APIC(void)
if (!apic_accessible())
return;
=20
+ if (apic->teardown)
+ apic->teardown();
+
apic_soft_disable();
=20
#ifdef CONFIG_X86_32
diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a=
pic_savic.c
index 9e2a9bdb0762..8cfffdc4cf8b 100644
--- a/arch/x86/kernel/apic/x2apic_savic.c
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -349,6 +349,13 @@ static void init_apic_page(void)
set_reg(APIC_ID, apic_id);
}
=20
+static void x2apic_savic_teardown(void)
+{
+ /* Disable Secure AVIC */
+ native_wrmsr(MSR_AMD64_SECURE_AVIC_CONTROL, 0, 0);
+ savic_unregister_gpa(NULL);
+}
+
static void x2apic_savic_setup(void)
{
void *backing_page;
@@ -426,6 +433,7 @@ static struct apic apic_x2apic_savic __ro_after_init =
=3D {
.probe =3D x2apic_savic_probe,
.acpi_madt_oem_check =3D x2apic_savic_acpi_madt_oem_check,
.setup =3D x2apic_savic_setup,
+ .teardown =3D x2apic_savic_teardown,
=20
.dest_mode_logical =3D false,
=20
--=20
2.34.1
From nobody Tue May 13 07:19:50 2025
Received: from NAM10-DM6-obe.outbound.protection.outlook.com
(mail-dm6nam10on2062.outbound.protection.outlook.com [40.107.93.62])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0534D1F12F1;
Tue, 1 Apr 2025 11:41:19 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=fail smtp.client-ip=40.107.93.62
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1743507681; cv=fail;
b=qSWjYcjlt//IHO6cdmn9b+UTABPAdhvALzPeXtHS9wIf1jl+HoOqsDfT7mm8X4h1vnEqCqQ7VYYTZkOsjGKonAO85k17BOaJC7ukZ9JzRSx8YpZ+JMn3nhE83Bp72ATgLip7XLQzVrdA06wYJGtT3Pa1+jwiau9O+ottzXt1Ieo=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1743507681; c=relaxed/simple;
bh=3dh1TYDNjv48/0HB8LQG2QdnDmn04+2dsOkRECTcARw=;
h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version:Content-Type;
b=dPzWUcCRRgxyNeRycS6+0bolF5eFthxsps4cBEmSKKkj2S15WIXQFSk9JFfjtc698aBwHKuSGi0N9EO72gxzQUHjjwm0r5DSP1zw63ofZf5Ee6wF7a0WhrJXfDl+Hzv/bb8gKfL27zCOykvkVowtd8zBZyLwd7ZBuaCHbhL1dv8=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com;
spf=fail smtp.mailfrom=amd.com;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b=ReLP3WvM; arc=fail smtp.client-ip=40.107.93.62
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com
Authentication-Results: smtp.subspace.kernel.org;
spf=fail smtp.mailfrom=amd.com
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b="ReLP3WvM"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=RQ4wM2bFPkBUZgxUu+8BEZtGIRz6T5iK2mvj0d9J+r+5MA5R4JKT3OfEzTryNVBt+xCYMgFcgF6rTiIvzUbymyvyy5bfc25cf7hRZDet/BMu8wDinqw3lmFvjJqkJZw61WuysxHGTnEdCYfROFI2srK2o2VIbmI1a2Arec++PwBlq9Krlc46OZPEoEG836if8DIS+TYsDFG9ywI45c8Fgk9CDxEeTToZoaBVGvuEccjmZYHfwREOc9XfifgtACcFLw2VP4HFpdCH6IYXS3defH3tRjmDNZEePCPtw8ZyZsQ9kCZ65TVNRcGuKI298H7DEKJanGOLd8yjIpJphVAIow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=3t6o1YDsXd61KxmXE0lxQcDVynF7zwuu+69D+1D9ZZI=;
b=uWzxkcPyMv1TwY8D06ISVO/9cXkPlSTYeCZKyKqr/UZfHOoLjRFPKaIIsqjb4Tm9hAjOrQ+3AwSGLlpFgW6M32E97/XeSrjPQR5NIpmi/WcIeMwXHr2hFH2lGZc0MtuxvZvlDpFkJ15CyfMifjpnp+fGY6W8v2Q5g04gF2UwTbStdaSmH9JaLGNpvUqXMlQY62b4WiRYJrtNF/nRSQkUenngv97jzADuCEGO63b7vcq73F0C468IDuAcwOHPvsmAGBiJ8dTOw+c2jVbXFkbQEA7oYUN51OsYmJkVp2YLY60P2Gk0qp8PRWuZX0jmUP4Qg/dKsvXE+M7M30ZNHiWmaA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=amd.com; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=3t6o1YDsXd61KxmXE0lxQcDVynF7zwuu+69D+1D9ZZI=;
b=ReLP3WvMFnaOkdbd9l+P/Ext9dICjk2SdfRGseerUKesZNK3jSiNwK+Gq/eA89mgrm0vrixPPjRMsEeM0DLacwoUvf+u8bAYw8vNIPVkf2H88NvXFTfeGr/FR+mO8Nomb55cB6DXXLngG7QL7Tl3z6b+3OV3WO1EobpR8CtRWX0=
Received: from PH7P223CA0021.NAMP223.PROD.OUTLOOK.COM (2603:10b6:510:338::16)
by MW6PR12MB8958.namprd12.prod.outlook.com (2603:10b6:303:240::15) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.49; Tue, 1 Apr
2025 11:41:16 +0000
Received: from CO1PEPF000044F7.namprd21.prod.outlook.com
(2603:10b6:510:338:cafe::92) by PH7P223CA0021.outlook.office365.com
(2603:10b6:510:338::16) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8583.39 via Frontend Transport; Tue,
1 Apr 2025 11:41:16 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
smtp.mailfrom=amd.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
165.204.84.17 as permitted sender) receiver=protection.outlook.com;
client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
CO1PEPF000044F7.mail.protection.outlook.com (10.167.241.197) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.8632.2 via Frontend Transport; Tue, 1 Apr 2025 11:41:15 +0000
Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com
(10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 1 Apr
2025 06:41:09 -0500
From: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
To: <linux-kernel@vger.kernel.org>
CC: <bp@alien8.de>, <tglx@linutronix.de>, <mingo@redhat.com>,
<dave.hansen@linux.intel.com>, <Thomas.Lendacky@amd.com>, <nikunj@amd.com>,
<Santosh.Shukla@amd.com>, <Vasant.Hegde@amd.com>,
<Suravee.Suthikulpanit@amd.com>, <David.Kaplan@amd.com>, <x86@kernel.org>,
<hpa@zytor.com>, <peterz@infradead.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <kvm@vger.kernel.org>,
<kirill.shutemov@linux.intel.com>, <huibo.wang@amd.com>,
<naveen.rao@amd.com>, <francescolavra.fl@gmail.com>
Subject: [PATCH v3 15/17] x86/apic: Enable Secure AVIC in Control MSR
Date: Tue, 1 Apr 2025 17:06:14 +0530
Message-ID: <20250401113616.204203-16-Neeraj.Upadhyay@amd.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
References: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
(10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1PEPF000044F7:EE_|MW6PR12MB8958:EE_
X-MS-Office365-Filtering-Correlation-Id: fd505f88-373d-4a59-8331-08dd71121ca5
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|82310400026|7416014|376014|1800799024|36860700013;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?fwa2OdUOweVsY+j7bujRnFlL4xN1FnOJ7yLiL6CSHvX2PVZ5mLXN5dZ1knUs?=
=?us-ascii?Q?OyjCD2oo13gBt/AUe7tZj2yl/MZ/OX4WNGxfEABDztR1EAvJACCjAGTLkQSV?=
=?us-ascii?Q?rKMXhU/cPYW8sn6zwswG6gH1hymXU0pOXzJUoDMZ+Na9Vw/3awbuJvbCyS6z?=
=?us-ascii?Q?ogiW+ZnHwM3hmB1y8Ffm4GJF2dSnHOR83f9bt0Hbx/iEo4b+fPGcMmjRwk4R?=
=?us-ascii?Q?Ki5dtwgEp1yoegxDpHrIavHn08kc23UxzE1ys2RofE5GlDE8DlMCmny7rOCs?=
=?us-ascii?Q?T3hjgiRA4AMPaQ5lUzdrAtY8ZrZD+XVfnGPzbG0bv0aDvT1leNQAAcgu/I1O?=
=?us-ascii?Q?ieJlFW/9buEAImYzMSN2SB7VlKcp3fUP9BYEYKjYPAJQLV9i7BwIWQntgAJS?=
=?us-ascii?Q?Q5DvsBs47TDPhevnduinngmduKY2IB6YbNW++mRr8Fl6sX60dQJHZwvEXjG2?=
=?us-ascii?Q?+nOPiofkgxPNRf5NF2YUGBdY4pBcTPcAo8MG21mohSXPMyiRnToWcy95sTBE?=
=?us-ascii?Q?yTHQ8P7E8PV2FguYjDe0ij9ow4odIS4ZE59qNzIoy1uHv9cBXIX6ceEzJ3jJ?=
=?us-ascii?Q?enlG1enS50gX9JgP5IFnignNitAed5O4VvnJjYX3WJkqUpJN63qDjfT4Sb7V?=
=?us-ascii?Q?EZ5O3MeZFsroWehCXEHZ5Hwux/PEwmQlxOGi6x5q4Pezi94l7Gi1n9W7qQRg?=
=?us-ascii?Q?8/MSZlzAr2sRPSWw7XKh+3coBpfMZq6QhZiyWvqpZ80feDPkGQJSxCktf7mV?=
=?us-ascii?Q?z0zN+vkSbMeDwdgYkD9bb7HHrGTkjEeLkgDmpL+xeocrmllqkw22NRGoawg7?=
=?us-ascii?Q?R5XsSQMGlf6cPUBCr4mBaVb/f+DpGu/apGvkQADzUrjtLB+x3QmiUkP9zCU5?=
=?us-ascii?Q?sR2JjJv8Bxko2UTgWERjcc3HL13jnwfTjNKTmudfY90LCRzLdE8kr24SAO0M?=
=?us-ascii?Q?ojlWPZNlS7ad3da5DkdkxoiVmvJmTx8zOcblTvJAKMIkefbpk1cZSElz8/p8?=
=?us-ascii?Q?JpMZcUjPBuyJbWLlBsW17Wy2yA1qQkksoXzDVeGUR4LqCnKab7ct37+xRdbd?=
=?us-ascii?Q?TFjXHIp9yUOLX7sez4C7I7UhItM4Tw9R+Iab5jwSojOm1s2Roge1Wfxu26Pb?=
=?us-ascii?Q?EdX4KECC/7gtrYJFpcE5+n8nmN/0x2u+TyJY1IHa/4c2pOZWJ/nVU7JeHscH?=
=?us-ascii?Q?F+ExNXdR4kYpN8Zpr3B9wSzbHMyLzDwpRkCn33yQI5PR+PCsf/23ochtYoEZ?=
=?us-ascii?Q?Uz3ZE95sV2ktvgdgezU4OTPCXEADo88laG6E5/YDnNqJIfM8GYf/iZ61Dfau?=
=?us-ascii?Q?scWh0J0XP5O/sx04AUrFk9KMQBNfrJNAjX8tD/kw0SficPEYEy0QmWHJvzjL?=
=?us-ascii?Q?QKJbpRniKzDt0C57Vz8xAaSIY+YmeC8uJV/FXtp715Yr8De9dzlGxk+L68pm?=
=?us-ascii?Q?4chZMpdvYahSFNQkf7jjQ8msnywJSaFFIEIRGJGoT226YbVHcq0L1Vz3vTDB?=
=?us-ascii?Q?jXq1VlL5LPJYNgbsQ4UWa71C/wq0KESNBF/7?=
X-Forefront-Antispam-Report:
CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(7416014)(376014)(1800799024)(36860700013);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2025 11:41:15.8955
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
fd505f88-373d-4a59-8331-08dd71121ca5
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
CO1PEPF000044F7.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR12MB8958
Content-Type: text/plain; charset="utf-8"
With all the pieces in place now, enable Secure AVIC in Secure
AVIC Control MSR. Any access to x2APIC MSRs are emulated by
the hypervisor before Secure AVIC is enabled in the control MSR.
Post Secure AVIC enablement, all x2APIC MSR accesses (whether
accelerated by AVIC hardware or trapped as VC exception) operate
on vCPU's APIC backing page.
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
Changes since v2:
- Move MSR_AMD64_SECURE_AVIC_EN* macros to this patch.
arch/x86/include/asm/msr-index.h | 2 ++
arch/x86/kernel/apic/x2apic_savic.c | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-in=
dex.h
index 28cec4460918..16745040f5f8 100644
--- a/arch/x86/include/asm/msr-index.h
+++ b/arch/x86/include/asm/msr-index.h
@@ -690,6 +690,8 @@
#define MSR_AMD64_SNP_RESV_BIT 19
#define MSR_AMD64_SNP_RESERVED_MASK GENMASK_ULL(63, MSR_AMD64_SNP_RESV_BIT)
#define MSR_AMD64_SECURE_AVIC_CONTROL 0xc0010138
+#define MSR_AMD64_SECURE_AVIC_EN_BIT 0
+#define MSR_AMD64_SECURE_AVIC_EN BIT_ULL(MSR_AMD64_SECURE_AVIC_EN_BIT)
#define MSR_AMD64_SECURE_AVIC_ALLOWEDNMI_BIT 1
#define MSR_AMD64_SECURE_AVIC_ALLOWEDNMI BIT_ULL(MSR_AMD64_SECURE_AVIC_ALL=
OWEDNMI_BIT)
#define MSR_AMD64_RMP_BASE 0xc0010132
diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a=
pic_savic.c
index 8cfffdc4cf8b..5b6fd08f2c2e 100644
--- a/arch/x86/kernel/apic/x2apic_savic.c
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -379,7 +379,7 @@ static void x2apic_savic_setup(void)
ret =3D savic_register_gpa(gpa);
if (ret !=3D ES_OK)
snp_abort();
- savic_wr_control_msr(gpa | MSR_AMD64_SECURE_AVIC_ALLOWEDNMI);
+ savic_wr_control_msr(gpa | MSR_AMD64_SECURE_AVIC_EN | MSR_AMD64_SECURE_AV=
IC_ALLOWEDNMI);
}
=20
static int x2apic_savic_probe(void)
--=20
2.34.1
From nobody Tue May 13 07:19:50 2025
Received: from NAM12-MW2-obe.outbound.protection.outlook.com
(mail-mw2nam12on2056.outbound.protection.outlook.com [40.107.244.56])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id F23421FBCAF;
Tue, 1 Apr 2025 11:41:42 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=fail smtp.client-ip=40.107.244.56
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1743507704; cv=fail;
b=lSR6jA+dMX0gfMq0OKT0IEDwdurZJy0tbIfahrav+8AMgah11FDtnAka3WoaERrq+vY7OIUGhwpmkG62HdtiKzOgorl7n4oXLFuP4OHEvYlKder4NMPfVpQd9R0TaHmghW7GFiY7KttH0EGhEjBzSHH91A6qQC03k5wiEN1PEkU=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1743507704; c=relaxed/simple;
bh=kUAjmdky3xyTMHyKTE83Mnl6VoFcJIGYp5plMgPpudI=;
h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version:Content-Type;
b=Jep4X2kvuS15sn6YjmMHZGZS1tSvTOcbnn4GgpMTtRhgCkInzCLAIpMBrlrsZKDSaSnl3Cm0pmgiOHP63XldCxJEvV2g9pT8/Jv5pmhdKEnpG+udp6y+O7TorMausNe1lGLUGYOz/zn0+SEmNGZ10W+q0U7iKA+I5EWgsitaZyE=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com;
spf=fail smtp.mailfrom=amd.com;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b=tFUoQ+Ao; arc=fail smtp.client-ip=40.107.244.56
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com
Authentication-Results: smtp.subspace.kernel.org;
spf=fail smtp.mailfrom=amd.com
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b="tFUoQ+Ao"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=r2bGVcx4sxDQph/GCmDmVhW/3OCHon62rbxgNss1GIVAzF6S6Gbb6CvS1oW/YFGchEYpyfX+I0QXtOvWdlB3vDevwFJCcKZ2bTNYtdoqlHToaP/60nxZd/Jwy0hlYEOWh6GuwWCEA3g8elJZsI+8vU5bMrse7hYK+lsmYnFoqh8L5pXzjCyU8k4wzU+XnoRmolAGAwTYuE/3bHSTkJEoDGj0gpZ+mpyyGe3QIL9ny+w2hhJtBR/EIaw5Yz4SouoRkBJnZjOp+S9H9T5lnvKFDlkCfAX2qM2XZ+U5Ayu/FOZJrZpt72T/8rUDCa4Why5bTkow+dcb+JeLcjrXaITWxQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=WSQUUrGbLToxq/x6nMFEWuq+5HjuQNNEefgrGItHWA4=;
b=TWkumQ7b0c/5dsf2glc9jRSlaULGKpq0mAuc+GJeUvnTzuZgSg8a5CDxpigu2zEMvGExPGXujRDqFkMAq6RRp5uzdYjFAtdKUjLUo1eheVinXx+UZlQziCW0aEXcs8ogSlbhYpYnQolOhBc/wmNZo5o+ICjCbNBUQKCCvnUwb0qRlPxaPiXno4osj30F3Zygb2qFx8f3F8mN1K8KI6jPvVrNHCxQ3HTmh8U+7BADM81j4GUNOQYilYFYwh+VlQIVA0iKf2+DzvzrG5K2MsOnn8C2bvb6ElZJ6erb7XGfx/J5hOv+CIPQjpAdoxLJNbO9CknSc1a/dKNGMVyTvyMB0w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=amd.com; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=WSQUUrGbLToxq/x6nMFEWuq+5HjuQNNEefgrGItHWA4=;
b=tFUoQ+Aoi+1V0VycQuiKc/6NqiyYSJ/Uknf0mKBSqk04tD1E1GE7Ybx/R9EbGAsboGk6f5KeZ3zXyE4595t6ZcC7ILaP4NEu9753IbG33Gui7vgQSlsgnRu8JmkciiExFPN4Bmi6z37VuL+32DtPpAGjoPisybW1WsMVKpcgX5c=
Received: from PH5P222CA0007.NAMP222.PROD.OUTLOOK.COM (2603:10b6:510:34b::13)
by LV2PR12MB5845.namprd12.prod.outlook.com (2603:10b6:408:176::13) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.45; Tue, 1 Apr
2025 11:41:40 +0000
Received: from CO1PEPF000044F8.namprd21.prod.outlook.com
(2603:10b6:510:34b:cafe::32) by PH5P222CA0007.outlook.office365.com
(2603:10b6:510:34b::13) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8583.41 via Frontend Transport; Tue,
1 Apr 2025 11:41:40 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
smtp.mailfrom=amd.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
165.204.84.17 as permitted sender) receiver=protection.outlook.com;
client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
CO1PEPF000044F8.mail.protection.outlook.com (10.167.241.198) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.8632.2 via Frontend Transport; Tue, 1 Apr 2025 11:41:39 +0000
Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com
(10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 1 Apr
2025 06:41:28 -0500
From: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
To: <linux-kernel@vger.kernel.org>
CC: <bp@alien8.de>, <tglx@linutronix.de>, <mingo@redhat.com>,
<dave.hansen@linux.intel.com>, <Thomas.Lendacky@amd.com>, <nikunj@amd.com>,
<Santosh.Shukla@amd.com>, <Vasant.Hegde@amd.com>,
<Suravee.Suthikulpanit@amd.com>, <David.Kaplan@amd.com>, <x86@kernel.org>,
<hpa@zytor.com>, <peterz@infradead.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <kvm@vger.kernel.org>,
<kirill.shutemov@linux.intel.com>, <huibo.wang@amd.com>,
<naveen.rao@amd.com>, <francescolavra.fl@gmail.com>
Subject: [PATCH v3 16/17] x86/sev: Prevent SECURE_AVIC_CONTROL MSR
interception for Secure AVIC guests
Date: Tue, 1 Apr 2025 17:06:15 +0530
Message-ID: <20250401113616.204203-17-Neeraj.Upadhyay@amd.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
References: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
(10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1PEPF000044F8:EE_|LV2PR12MB5845:EE_
X-MS-Office365-Filtering-Correlation-Id: e17845c4-796a-4cce-d285-08dd71122aee
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|36860700013|82310400026|1800799024|376014|7416014;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?YjBI3jgYP8NFsiCUpt9ouVlatoWjPdLhkK+SEARFUK7gOukObtG3InidJST8?=
=?us-ascii?Q?7fJZK3CkDwGz4Kn0m18sa9IbI4Ds50zr9lmE2CG5VEzF4yIdxU1dhm4O+oAg?=
=?us-ascii?Q?qitqH8gtblfQvlaSP9Xah0EoS8qCrSwA9PFXq8CvZlCJBp18QifgUiDjnCeb?=
=?us-ascii?Q?yUt2GsHX4v/zoSp1bm4GNAebakPuhs5mhrr9xkyDoQsBy5lzk1xQX5sIbELD?=
=?us-ascii?Q?zUChdXZOdJfth2XD3Mmo9jwSu8p/Glx9PbYjohmFa9eqsJJDNIzU82UtUe5r?=
=?us-ascii?Q?IMW+vpCA3eV4IGflrGffzCt1lHbFuCTCw890KXQGWVWsbXVt7QxGCNJ2rgpJ?=
=?us-ascii?Q?/m759YUh7AoofmVlqTi5k3EnVk8shGioQXLvlvPFovbqae1//kuNoptj0Qx0?=
=?us-ascii?Q?SuTx3qTgnt15ZFWcYOSvAOwJlvV8JK5/3xt1cdrF28SI6i85/pGpANHiPrwb?=
=?us-ascii?Q?+fn8DhZYx58dBwONtjPDq9SQCLgJbYhUi8ibR7DF+kXgSWyfl3EKnDAY7XOI?=
=?us-ascii?Q?QOIqErF5hBHNySJFPQOPoJtNRCK4wZHP1RxMtN3eNU40Gk4C9aXXFWVpmFoP?=
=?us-ascii?Q?baBtaViEh+W/4HG53iE915gEDglDRD25wfoCiUkfCop9BzdY3DAcYGWOQWmG?=
=?us-ascii?Q?098B++lsWNUuBiwmfKtG+2fxGdnQZTx8pbl8tWripODd3iJR4Sbj4giPAa5Z?=
=?us-ascii?Q?eGflbp3lrBr5cxVHQzYQJd3OgNcOCLq9Zglnk3i1XEonO1f5mr7kTFu9FL/7?=
=?us-ascii?Q?n6XfCSa2v/glD/EBeXX7SP4JJqiJzAmy/EDWYCqATFFPq4lXO39D5YIJ0p+o?=
=?us-ascii?Q?2TwY0tuxYF5kwEarpBYL77Ng2SEJX33AWJv7mwXn5aTNS5OYjXO4kqdhUT72?=
=?us-ascii?Q?3R6xcvdqLhh2XlkajiCbjLlB2ewTHZ9gz2TsWKOJevbWHqJiyrH/n7ObH1ik?=
=?us-ascii?Q?1XbwDQhcgRt76CrsMb9Y1C7OF1JYRT2wVXJW5mvI5lDN3l28ACh4jui8Pbbf?=
=?us-ascii?Q?w/WdFUgUBmql0iAoY3pk2/EmHqTUTTvK3JGyMH2J1abYi8kZRfV1hK03XcMh?=
=?us-ascii?Q?E+7pIYRiVa8NnYKK/VDl0S0Hsgwa/SONxUl2sWWfI0PiEfu6BYHi4R+Ld4jB?=
=?us-ascii?Q?N3SCrztnmcX5HJPDxthfAc/dGQzhp+G5L4hCRjw39A8b57ne/ONi8nrjNgJj?=
=?us-ascii?Q?lEnjU4MFmWtLFXl8QaiI5h43PnU85MknBBP4NHhwtvYtDDvP+ZG00Y/NO71j?=
=?us-ascii?Q?Z8PJUQVW3buf+pzKofbAZzPHxiQ2ytn8eiDH0h1ntGKr1rhlaqOGg3OjZ51B?=
=?us-ascii?Q?e416hlOmeGBLQi9GKf691RaLqWnkxpk1jFJ2so0eG8IOCvjSFYCOg5R1WPX2?=
=?us-ascii?Q?tmNHU4D0LnbC4ycyPpgcIGE/LQJ4awgpAl3EuZ5VE9FGG7DXxNRWlsVwnlH7?=
=?us-ascii?Q?eKXN2Vr7lkj9UasSHXlZSADaHlYnFN6HSmObda7kr95nBa1kKKEXJQ=3D=3D?=
X-Forefront-Antispam-Report:
CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(1800799024)(376014)(7416014);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2025 11:41:39.8635
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
e17845c4-796a-4cce-d285-08dd71122aee
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
CO1PEPF000044F8.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV2PR12MB5845
Content-Type: text/plain; charset="utf-8"
The SECURE_AVIC_CONTROL MSR holds the GPA of the guest APIC backing
page and bitfields to control enablement of Secure AVIC and NMI by
guest vCPUs. This MSR is populated by the guest and the hypervisor
should not intercept it. A #VC exception will be generated otherwise.
If this occurs and Secure AVIC is enabled, terminate guest execution.
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
Changes since v2:
- No change
arch/x86/coco/sev/core.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index 2381859491db..3707813c421e 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -1480,6 +1480,15 @@ static enum es_result __vc_handle_msr(struct ghcb *g=
hcb, struct es_em_ctxt *ctxt
if (sev_status & MSR_AMD64_SNP_SECURE_TSC)
return __vc_handle_secure_tsc_msrs(regs, write);
break;
+ case MSR_AMD64_SECURE_AVIC_CONTROL:
+ /*
+ * AMD64_SECURE_AVIC_CONTROL should not be intercepted when
+ * Secure AVIC is enabled. Terminate the Secure AVIC guest
+ * if the interception is enabled.
+ */
+ if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
+ return ES_VMM_ERROR;
+ fallthrough;
default:
break;
}
--=20
2.34.1
From nobody Tue May 13 07:19:50 2025
Received: from NAM11-DM6-obe.outbound.protection.outlook.com
(mail-dm6nam11on2069.outbound.protection.outlook.com [40.107.223.69])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 332601FC7D0;
Tue, 1 Apr 2025 11:42:01 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=fail smtp.client-ip=40.107.223.69
ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1743507723; cv=fail;
b=pgR8fpwnTX7KRRzcDeHLDvvl0KEMeofyObclq1mIqlpDXm4ZPTb7PBVYUMaG4GUN1rDygFS++DECj7Wmxmt/MrZVcYU7kYqxgfyp3jS7Bd8y80o43UUqP7T/JzsYvtRBczomFMoUb1ndZ+k72I/IZAoQSwhwgVB3fMCBGSwpstM=
ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1743507723; c=relaxed/simple;
bh=+N7E6kGKHfYQRiKdPD83+PzRlzt/Ro9fWIF1xVfY58c=;
h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:
MIME-Version:Content-Type;
b=W7q0sKHKZ1Qe3hdTClTGoIm09Qur+UV1x5gJz+jXVkGGEzuNDDj/UXKPNjqXwWgQcm9eIwuvXEb6egOCU2+AleUenFm1Ny2lmhrEulvCOOL14mqxyYrsp8rDT1/lnrj4HM6xmCsEvuIPpKyPCar8wy2uRNYWVNQikY9XnDHLNA0=
ARC-Authentication-Results: i=2; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com;
spf=fail smtp.mailfrom=amd.com;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b=iS4izuTP; arc=fail smtp.client-ip=40.107.223.69
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=amd.com
Authentication-Results: smtp.subspace.kernel.org;
spf=fail smtp.mailfrom=amd.com
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com
header.b="iS4izuTP"
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=C5or0T/qMuO/NMSYendNkrbOH0L/6UIDJjZCLk9oNltOakaneYDskya14kctghLb0LJTIPbqUSZHsXKi8rUEVO9usVmo35pStF+bekBvbmPfWyYLrNLegfp4SI5RO+DoJWlAjp2E3IlOc3111Se5vgaIT3HdM9T4XmqxLvxKTGREu2nSQsGBXHn/8FuomJaSiP+Y+ao/zKBJcrhzS7dARK1g1Ia1nPykUiwotGZsCLvx/JZIwBgE7JOlAypAeVXZPL/CtwBCiVcbA3Dceqbdxd+3CEOiz+ns7rM5Fozp/RA4vli5vLV77pl4kdSFiHzVeOYhxVcuKUWq1ZX+abw9VA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=XETBELVtjbgvPRmQF7xDKdaKIKkUgqxWSzBdcguTZqs=;
b=ZSM9H/N/7Nmf1Ol5A9J/Uax7V6d4e3E5HvXpt0kC2wJOrC3Wk1QvlzzGVXJ5XCRHycmOqkjedjeDhjOOHwiMV9+bC25j6jdJc0cLjk5r6INZUiX8bO4mDE+F+p+bWyg9+0hU46Gg2OqV6hrcdIjZmCsS72H+w9JFNMZ5UYxxxDngnjzqynOWGLbVCKb66PPOtCh4nkLio9dC6+dOReukAXBZQi9v0DacrM/V9uohzM6rOjc3+eYH43BqTNz4YIUCUAb8987hVE4CuZMHQY2Iht9o/hIlBX8Ya2oCpXt1vXtv0g94zhylGzsqJnWXMEo5k/ZwlP9qQ/r4IPJokuZq9Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com;
dmarc=pass (p=quarantine sp=quarantine pct=100) action=none
header.from=amd.com; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=XETBELVtjbgvPRmQF7xDKdaKIKkUgqxWSzBdcguTZqs=;
b=iS4izuTPc6n3voVBWWAr63tGE59KtaQeppaPIEF+ev1kVEnXk2ZWmAyFWqMMEZQ7bzL6SwnuB/ro2lxS1NAiY+eXy2DXS51JQbxc1JBnNrtmqmYynBMpfKfNRFrghDOCDnp+oJRmD4mr19Wob2/TCoaQ3kj5JW2fi7bzw2IBlXc=
Received: from PH5P222CA0004.NAMP222.PROD.OUTLOOK.COM (2603:10b6:510:34b::7)
by LV3PR12MB9213.namprd12.prod.outlook.com (2603:10b6:408:1a6::20) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.44; Tue, 1 Apr
2025 11:41:58 +0000
Received: from CO1PEPF000044F8.namprd21.prod.outlook.com
(2603:10b6:510:34b:cafe::9d) by PH5P222CA0004.outlook.office365.com
(2603:10b6:510:34b::7) with Microsoft SMTP Server (version=TLS1_3,
cipher=TLS_AES_256_GCM_SHA384) id 15.20.8583.41 via Frontend Transport; Tue,
1 Apr 2025 11:41:58 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
smtp.mailfrom=amd.com; dkim=none (message not signed)
header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
165.204.84.17 as permitted sender) receiver=protection.outlook.com;
client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
Received: from SATLEXMB04.amd.com (165.204.84.17) by
CO1PEPF000044F8.mail.protection.outlook.com (10.167.241.198) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.8632.2 via Frontend Transport; Tue, 1 Apr 2025 11:41:57 +0000
Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com
(10.181.40.145) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Tue, 1 Apr
2025 06:41:51 -0500
From: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
To: <linux-kernel@vger.kernel.org>
CC: <bp@alien8.de>, <tglx@linutronix.de>, <mingo@redhat.com>,
<dave.hansen@linux.intel.com>, <Thomas.Lendacky@amd.com>, <nikunj@amd.com>,
<Santosh.Shukla@amd.com>, <Vasant.Hegde@amd.com>,
<Suravee.Suthikulpanit@amd.com>, <David.Kaplan@amd.com>, <x86@kernel.org>,
<hpa@zytor.com>, <peterz@infradead.org>, <seanjc@google.com>,
<pbonzini@redhat.com>, <kvm@vger.kernel.org>,
<kirill.shutemov@linux.intel.com>, <huibo.wang@amd.com>,
<naveen.rao@amd.com>, <francescolavra.fl@gmail.com>
Subject: [PATCH v3 17/17] x86/sev: Indicate SEV-SNP guest supports Secure AVIC
Date: Tue, 1 Apr 2025 17:06:16 +0530
Message-ID: <20250401113616.204203-18-Neeraj.Upadhyay@amd.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
References: <20250401113616.204203-1-Neeraj.Upadhyay@amd.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com
(10.181.40.145)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CO1PEPF000044F8:EE_|LV3PR12MB9213:EE_
X-MS-Office365-Filtering-Correlation-Id: 5e432181-8bb7-4d9c-72bd-08dd711235b7
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam:
BCL:0;ARA:13230040|82310400026|7416014|376014|1800799024|36860700013;
X-Microsoft-Antispam-Message-Info:
=?us-ascii?Q?62wG2K8mi+cQyKDEJGQSZcOGLAum1y0lVK8cnxOymZOSvxS+tq3xMo6s91dZ?=
=?us-ascii?Q?DeEKpUqaBEduDOwh7owcppYSU1hOl2IQ6wQoWW+AuSoCCdci9AEDkToZdT2j?=
=?us-ascii?Q?nGszfeVryYm4Lzf6/Cz3etiqxnXoOXXRx8sbx1GzJXCOhjo/1C6Dizl3T73t?=
=?us-ascii?Q?87ciqz3hP4LdxZ957c4vpweSUgvDjJLKSNTdxICs9V1PCcjMBkebo/B0UXxj?=
=?us-ascii?Q?gLycF4zyO5Gu9ebj9VnDeFM806BpBXKyoVVGgl4q1BwpqEKbzSBRzrleOTOU?=
=?us-ascii?Q?C3TORJ9icfcHhMPd82zp7surdY3I929/1ASHOrKuA2FEpoCGKh4KVxwFOBYZ?=
=?us-ascii?Q?heyiVqg3dimjdfxk1wsil9LjVPhBpbB+cepArNZ5L7150EM6q7v173ZuzcP4?=
=?us-ascii?Q?Myblh0kjOhA0zNVkC15paJZUPzxWJVzPIqlfNyvAc3L/91DNE/kXtXULI3T3?=
=?us-ascii?Q?H6HP0290FezebyUqUxwZ4wlS4hl3OEC9uYmEyArYSPxzumQK43PwlQdUYjn6?=
=?us-ascii?Q?X6ys/PQ9P3//Pg2Ccv/zh5gbne3uk6qJofzj/eiRvEIqWL6T6l9nu7LjGOrh?=
=?us-ascii?Q?gRtbFOuUsEYWxJplhNHE8qTTAaInv6e80DsXP/BfKxrw/a4iO82ryl5QVdyE?=
=?us-ascii?Q?pSxDH8nXCPkBu5DTYRvo5b0+PvUtF0id46zj9CBCB3cPV2Lzn9qIN74anLTw?=
=?us-ascii?Q?nCBG/DlBtjq3mvjwh73ORnBbeCsHUgkJNtbZzw0c9sgUa/e7UeFY3qYv1gJP?=
=?us-ascii?Q?Y3yK3VfP2gt0mZMpvuSlKNNBndOlkJe3Kp3mfB8ubkAksH21luFh0b55fdl2?=
=?us-ascii?Q?k85hox4MrGzejoXxrbhRVZdiqOeovrxix71Cyqk8ybBEqlAwJmylXQ+WBmeB?=
=?us-ascii?Q?CTG+zunxfaYQTYRhHCcDiWRVUdoZojjL2rQsu+q7XMOkKA54JR2RsxFtYY5e?=
=?us-ascii?Q?E4Pahkpdx8lsrB3di9S8eAWOXyI2DOfsbk1HdTWU+EeXcGWWqLBRO60XbNFe?=
=?us-ascii?Q?HPlrlEu7UL8HvgxKNfNAQOp7W1Rz2tKjO6KnQy/faGV183wDpCZS6CpOyUnN?=
=?us-ascii?Q?6dsE32yEHcNQoyTgAQVJdUp6cRTQ6mLwrUtzjaqksQOAV5hixnae9Nw1+VsI?=
=?us-ascii?Q?ZQEImCJpju0BJWllqhwN3tXBZS/SeuqloIimxxH7Ehs4jxucLyT+UmMUHxBc?=
=?us-ascii?Q?PSGFGm4qBqIJ7tAWk+9241BZv7szyoRp7vxJhhtb2N37RsvYk5Z4ujxuOWHC?=
=?us-ascii?Q?TFxdSkdX0Vzag5s+Hull7xQnZkj67UZ3ylgkuXYqYMeIkc1pEbp2GoEEQ//G?=
=?us-ascii?Q?nXZgBYWwpf97o0pSBMD8wZHftQvXX7/yZKQOfLwUr8RXYVvfTfwACnn/YJzS?=
=?us-ascii?Q?bEKRave/tgraPZcb61T14dy/DWFnuYZnsTc06Thjo6iNsj7jT5yhLMZlolI6?=
=?us-ascii?Q?HqOgX3txBb0kl0WT8gtFYqmlr9cMCE932SlGKSqiVIA6a0XHgo4YV20wc5wW?=
=?us-ascii?Q?w+V84mvxRuzt6nc=3D?=
X-Forefront-Antispam-Report:
CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(7416014)(376014)(1800799024)(36860700013);DIR:OUT;SFP:1101;
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2025 11:41:57.9574
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
5e432181-8bb7-4d9c-72bd-08dd711235b7
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource:
CO1PEPF000044F8.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV3PR12MB9213
Content-Type: text/plain; charset="utf-8"
Now that Secure AVIC support is added in the guest, indicate SEV-SNP
guest supports Secure AVIC feature if CONFIG_AMD_SECURE_AVIC is
enabled.
Co-developed-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
Changes since v2:
- Set SNP_FEATURE_SECURE_AVIC in SNP_FEATURES_PRESENT only when
CONFIG_AMD_SECURE_AVIC is enabled.
arch/x86/boot/compressed/sev.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c
index 798fdd3dbd1e..adcbf53ad50d 100644
--- a/arch/x86/boot/compressed/sev.c
+++ b/arch/x86/boot/compressed/sev.c
@@ -397,13 +397,20 @@ void do_boot_stage2_vc(struct pt_regs *regs, unsigned=
long exit_code)
MSR_AMD64_SNP_SECURE_AVIC | \
MSR_AMD64_SNP_RESERVED_MASK)
=20
+#ifdef CONFIG_AMD_SECURE_AVIC
+#define SNP_FEATURE_SECURE_AVIC MSR_AMD64_SNP_SECURE_AVIC
+#else
+#define SNP_FEATURE_SECURE_AVIC 0
+#endif
+
/*
* SNP_FEATURES_PRESENT is the mask of SNP features that are implemented
* by the guest kernel. As and when a new feature is implemented in the
* guest kernel, a corresponding bit should be added to the mask.
*/
#define SNP_FEATURES_PRESENT (MSR_AMD64_SNP_DEBUG_SWAP | \
- MSR_AMD64_SNP_SECURE_TSC)
+ MSR_AMD64_SNP_SECURE_TSC | \
+ SNP_FEATURE_SECURE_AVIC)
=20
u64 snp_get_unsupported_features(u64 status)
{
--=20
2.34.1