[v5] x86/Hyper-V: Add AMD Secure AVIC for Hyper-V platform

[RFC PATCH V5 0/4] x86/Hyper-V: Add AMD Secure AVIC for Hyper-V platform

Posted by Tianyu Lan 2 months ago

From: Tianyu Lan <tiala@microsoft.com>

Secure AVIC is a new hardware feature in the AMD64
architecture to allow SEV-SNP guests to prevent the
hypervisor from generating unexpected interrupts to
a vCPU or otherwise violate architectural assumptions
around APIC behavior.

Each vCPU has a guest-allocated APIC backing page of
size 4K, which maintains APIC state for that vCPU.
APIC backing page's ALLOWED_IRR field indicates the
interrupt vectors which the guest allows the hypervisor
to send.

This patchset is to enable the feature for Hyper-V
platform. Patch "Drivers: hv: Allow vmbus message
synic interrupt injected from Hyper-V" is to expose
new fucntion hv_enable_coco_interrupt() and device
driver and arch code may update AVIC backing page
ALLOWED_IRR field to allow Hyper-V inject associated
vector.

This patchset is based on the AMD patchset "AMD: Add
Secure AVIC Guest Support"
https://lkml.org/lkml/2025/6/10/1579

Change since v4:
        - Change the order to call hv_enable_coco_interrupt()
	  in the hv_synic_enable/disable_regs().
	- Update commit title "Drivers/hv:" to "Drivers: hv:"

Change since v3:
        - Disable VMBus Message interrupt via hv_enable_
          coco_interrupt() in the hv_synic_disable_regs().
        - Fix coding style issue and update change log.

Change since v2:
       - Add hv_enable_coco_interrupt() as wrapper
        of apic_update_vector()
       - Re-work change logs

Change since v1:
       - Remove the check of Secure AVIC when set APIC backing page
       - Use apic_update_vector() instead of exposing new interface
       from Secure AVIC driver to update APIC backing page and allow
       associated interrupt to be injected by hypervisor.

Tianyu Lan (4):
  x86/hyperv: Don't use hv apic driver when Secure AVIC is available
  Drivers: hv: Allow vmbus message synic interrupt injected from Hyper-V
  x86/hyperv: Don't use auto-eoi when Secure AVIC is available
  x86/hyperv: Allow Hyper-V to inject STIMER0 interrupts

 arch/x86/hyperv/hv_apic.c      | 8 ++++++++
 arch/x86/hyperv/hv_init.c      | 7 +++++++
 arch/x86/kernel/cpu/mshyperv.c | 2 ++
 drivers/hv/hv.c                | 7 ++++++-
 drivers/hv/hv_common.c         | 5 +++++
 include/asm-generic/mshyperv.h | 1 +
 6 files changed, 29 insertions(+), 1 deletion(-)

-- 
2.25.1

Re: [RFC PATCH V5 0/4] x86/Hyper-V: Add AMD Secure AVIC for Hyper-V platform

Posted by Naman Jain 2 months ago


On 8/4/2025 11:35 PM, Tianyu Lan wrote:
> From: Tianyu Lan <tiala@microsoft.com>
> 
> Secure AVIC is a new hardware feature in the AMD64
> architecture to allow SEV-SNP guests to prevent the
> hypervisor from generating unexpected interrupts to
> a vCPU or otherwise violate architectural assumptions
> around APIC behavior.
> 
> Each vCPU has a guest-allocated APIC backing page of
> size 4K, which maintains APIC state for that vCPU.
> APIC backing page's ALLOWED_IRR field indicates the
> interrupt vectors which the guest allows the hypervisor
> to send.
> 
> This patchset is to enable the feature for Hyper-V
> platform. Patch "Drivers: hv: Allow vmbus message
> synic interrupt injected from Hyper-V" is to expose
> new fucntion hv_enable_coco_interrupt() and device
> driver and arch code may update AVIC backing page
> ALLOWED_IRR field to allow Hyper-V inject associated
> vector.
> 
> This patchset is based on the AMD patchset "AMD: Add
> Secure AVIC Guest Support"
> 


NIT:
Generally RFC tag is meant to be used for the patches which are probably 
not ready for merging, and is mostly intended for having a discussion 
around your changes. Since this is now reviewed by multiple people and 
have gone through multiple versions already, if you feel this can be 
merged, you can remove RFC tags in next version, if you are planning to 
send it.

Regards,
Naman

Re: [RFC PATCH V5 0/4] x86/Hyper-V: Add AMD Secure AVIC for Hyper-V platform

Posted by Tianyu Lan 2 months ago

On Wed, Aug 6, 2025 at 1:42 PM Naman Jain <namjain@linux.microsoft.com> wrote:
>
>
>
> On 8/4/2025 11:35 PM, Tianyu Lan wrote:
> > From: Tianyu Lan <tiala@microsoft.com>
> >
> > Secure AVIC is a new hardware feature in the AMD64
> > architecture to allow SEV-SNP guests to prevent the
> > hypervisor from generating unexpected interrupts to
> > a vCPU or otherwise violate architectural assumptions
> > around APIC behavior.
> >
> > Each vCPU has a guest-allocated APIC backing page of
> > size 4K, which maintains APIC state for that vCPU.
> > APIC backing page's ALLOWED_IRR field indicates the
> > interrupt vectors which the guest allows the hypervisor
> > to send.
> >
> > This patchset is to enable the feature for Hyper-V
> > platform. Patch "Drivers: hv: Allow vmbus message
> > synic interrupt injected from Hyper-V" is to expose
> > new fucntion hv_enable_coco_interrupt() and device
> > driver and arch code may update AVIC backing page
> > ALLOWED_IRR field to allow Hyper-V inject associated
> > vector.
> >
> > This patchset is based on the AMD patchset "AMD: Add
> > Secure AVIC Guest Support"
> >
>
>
> NIT:
> Generally RFC tag is meant to be used for the patches which are probably
> not ready for merging, and is mostly intended for having a discussion
> around your changes. Since this is now reviewed by multiple people and
> have gone through multiple versions already, if you feel this can be
> merged, you can remove RFC tags in next version, if you are planning to
> send it.
>
Hi Naman:
     Thanks for your review and suggestion. This patchset is based on
the AMD Secure AVIC
driver patchset.which is still with RFC tag. I will remove the RFC tag
of this patchset after AMD
patchset merged.
.
...
Thanks
Tianyu Lan