From nobody Sun Oct 5 01:49:21 2025 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2070.outbound.protection.outlook.com [40.107.220.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D77122135B9; Mon, 11 Aug 2025 09:45:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.70 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905530; cv=fail; b=n7Xr7AwQcx0BWGcbonDPdLKn23g3Kk8OHLk99NMd5os1mzZFP7Ikqw4e4Sycsa+03ZrrQeGFJeezw0NgHfRwR512xZHqEIZAnECVePToR/oj4TdoN6qdUfsXSu5rZ24pp9KdP0XXCeIA589Bi+g26cvdxsQ6afmSjXBq1lZbjsQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905530; c=relaxed/simple; bh=GnxOXz3UPszb0HbrmadTEH71buNcoGwZWzLkvXTL1mQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=sD0wXv+rs9XwzlDxhhFo+SL47KpgLPJ6syjfMnV7fIo9gRrNO26HvuYRkBLc8D52f4yaGozYbaflacBA/iOOusVHa8cNn3DhoV9XG6kKJFQ9jbzFNh7gQfrkqv5goEzqOx4Zk5cQOteftZRkVa19UFU1IzPjpumiYGiOrSkgHcI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=rAW6aDNi; arc=fail smtp.client-ip=40.107.220.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="rAW6aDNi" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=LXPdjmsbPkNXLU3r5CGKw2xV4M+Ps9zjYFFvTlkqGH6dSILJSEb7BnbkGojbmRyYSR3WfpUHYHGwAUBRxX5dR+TOKyVfL9BSRcMvi/TQvzJUu+8Qt3fgMPbqx7kLi+kMTGiaE8OPmysbgxU9pnt5dxt6Qg+MXFdk9xNsXTuUf33Y6jxcxQZqB3IC0KbyktnCOzCTbxeUnb8NWwJ19WTl0TNz0/yX9zJNhl/ut/9tanBLd/8GjjWDPfbjbn/lqCT2cPmqzcMwtdd3FTL2F9Qrh19h7LySPYbaxr5kaSznwlpbQKPnOZdOqVgF6ecWcJ05J/Mys/sxL2gFkKeyt+S1yw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BKH006ZAMItBEGlpnvTF1I95rE/W/mHAGCcRBsgSCNQ=; b=ZExaAyoWvsTcfw8MhFJApi3WogbGn1+j7ugvuKwOs4XSBYR9ryQbfgdnKJuHAle4YEo+hOtDJfp88HvocdD52BmbFKKl80KuojmWHY1oa/XnKsTnMd6bAwLszkHc2z5njnjd5ohZY77ryn3w/6OdecIkXU1sN+BMbc4mhumpUWrfL0YzGsWk1hztFrairfVhjpNUEUxrD/ZXUin3QqlRB0c0Z1xmTThF0aLP0ca1R9NdAby5JP/UdbIcPdzzxu5rW4ldqscB9tyhYOgl3bnGuPSy/ezRTo10c29bPOHmnaMZW2yHUeR5O04nJnWDBHE6YwuAAf2YMl23J9CpdJ7oOA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BKH006ZAMItBEGlpnvTF1I95rE/W/mHAGCcRBsgSCNQ=; b=rAW6aDNi4d+xMWocYP/IK9SiDZz7TCAvktH4zddXy9qNuHD/gtlFhcCPcoUk802zCUlsAOL0SQBghFRIRb2fh7tB80Z06hQCxj3rpcoc2eMhHQJxSyv4OOd4Rkc0e7q/ZnB74wGyTqCi0gmyG8u3CdxU+yyBGdPFQmH4gY9uOn4= Received: from CH0PR03CA0264.namprd03.prod.outlook.com (2603:10b6:610:e5::29) by IA1PR12MB6044.namprd12.prod.outlook.com (2603:10b6:208:3d4::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.20; Mon, 11 Aug 2025 09:45:24 +0000 Received: from CH2PEPF00000142.namprd02.prod.outlook.com (2603:10b6:610:e5:cafe::29) by CH0PR03CA0264.outlook.office365.com (2603:10b6:610:e5::29) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9009.22 via Frontend Transport; Mon, 11 Aug 2025 09:45:24 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH2PEPF00000142.mail.protection.outlook.com (10.167.244.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9031.11 via Frontend Transport; Mon, 11 Aug 2025 09:45:24 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 11 Aug 2025 04:45:17 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v9 01/18] x86/apic: Add new driver for Secure AVIC Date: Mon, 11 Aug 2025 15:14:27 +0530 Message-ID: <20250811094444.203161-2-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> References: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PEPF00000142:EE_|IA1PR12MB6044:EE_ X-MS-Office365-Filtering-Correlation-Id: 813acd71-1782-408b-afea-08ddd8bbcbd2 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|36860700013|82310400026|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?yFgcS1rLD0BJdJCBlxzxt0PZD8Jv+DQXBL0YoKNUDrn7OIds8S8R9C59Ihfa?= =?us-ascii?Q?FqVQMRfES8dRkayQdcyHobERWSIWCWVTHAH7w+/GKRVFElRYkNPiskZsT1Vt?= =?us-ascii?Q?azfVvM0oIM/3TvPElUpus/TQbprFvKhiYPQ72Nxr2W6ek4Y4lKJIKqSBGvUV?= =?us-ascii?Q?Qn8OGTyjDXy29JmAGsrEaY5VxmQOkPi40wN2PYx6T2bcIs5s/BA2aRjRIHvn?= =?us-ascii?Q?oxpNcCy2PTOGF1srCMYsCjfB6aETH86KwFTMh6kjqgqlAu9NbrfGGtvnjE41?= =?us-ascii?Q?YtQqPsX2WYJ9Hw0b13CYpPDeL4MbkA+52LqqDwRQqyvX8ZDUMZJdIJOxNzCH?= =?us-ascii?Q?NY9bJ0/L91dQZYfogfVeX8EesPhZbgQ4cNwWWxIZi8lCmp684eAu15f4HJN9?= =?us-ascii?Q?b875fYu4w3l78L/jYFD96Ve1PWOiLzQvEIJVEOGrGFYUEN4gSfnPkI66UrXi?= =?us-ascii?Q?CU9mV7oCB9afkLdwWNyyx0PT+Z897RVu3l6L4Q9huGrIcbvSMFB9QusiSuYl?= =?us-ascii?Q?mUnqgOK1boEjp60o80WV4+x6NWlJto8GfPnVawfwV79hExV4OSTi4Borhk62?= =?us-ascii?Q?LrGRKAAvb1Emfhe5Z4qIrCawCnJtj8mOFC1eU0XYRw9iPStO/m/H3GPG03mu?= =?us-ascii?Q?h0Iy0sR3rgr1/91skv4RW24GSbhbgM3Wb3b5i1R76M3frSmEq49J23u4iGIH?= =?us-ascii?Q?AwqqXgE2eNqJs8f8OV0xCnlODvQmzigDC0t5jfQZ4P8Cabz4lxuHQ9wrpL4e?= =?us-ascii?Q?QyhcpqOvBWCG3ngqzIARn8s14nMxJxpOYNdwrLFt8Jcydt1NTddsA8SPJ+dr?= =?us-ascii?Q?+3i+1d2h5Hh1PC/AF0tCBfl6d1hyu3HkLcm+HH2yuj4niomq1BLG/jaJ9QNh?= =?us-ascii?Q?fMo5VOXZdaYZ1AglBVW5L2oTYThssNgEvzkATnHKLpc9ymXMc14zwf1mshQQ?= =?us-ascii?Q?GUUU9LUsm4RqahNTALKaa1nqgrUuPT43IgK4VwrR27ju9/ct9UsovDH4MZMA?= =?us-ascii?Q?8eSiXSmF4QM2AZ48pgyhEn1YYBKWkIds55YOhe3HAdEdRraMBo1E8In4ab2B?= =?us-ascii?Q?34qkH9662AJpZntPPY64LcJrzpXsZ0M7kp9S0g3jaB+facmH5Wvne5L5ya1b?= =?us-ascii?Q?fa/jVQYv2LlT6kQwFJXPwjV7+gmLMWFyMZhX/z/Dn10YNGpVEPOwksNJHKlj?= =?us-ascii?Q?O2/J3hHCeDuhL8+LVNH/EXrGtnEgFTcVudfdFWEkfs1GviyBAp7petLaRMqU?= =?us-ascii?Q?cJvkx/LG2fbgTn9JOeTCukj2tXCvRPxuUwXsfcd0A7kX+Wxgl7pe/sHFzuNv?= =?us-ascii?Q?Z8ul+nUNtydNwWcCQS7L0Ji3DFUJWv8ZnVWCvRE7cx0maxqQSl1g5mcvRctn?= =?us-ascii?Q?OKiQvMtcy3CQWbSWLrp4zElnZ2O1+cZBpxy294xhBORh37oh4zhAsicp1sze?= =?us-ascii?Q?l7+yUGMI/+0ZzOptDRFVeYqK4vWti0W/3wJ0ySuYr5qlcpRyPinufR+49avm?= =?us-ascii?Q?XmQMxr5BNEb3rU8EN5WqXRC3AJ1r9JNIQ27I?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(36860700013)(82310400026)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2025 09:45:24.5992 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 813acd71-1782-408b-afea-08ddd8bbcbd2 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF00000142.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6044 Content-Type: text/plain; charset="utf-8" The Secure AVIC feature provides SEV-SNP guests hardware acceleration for performance sensitive APIC accesses while securely managing the guest-owned APIC state through the use of a private APIC backing page. This helps prevent hypervisor from generating unexpected interrupts for a vCPU or otherwise violate architectural assumptions around APIC behavior. Add a new x2APIC driver that will serve as the base of the Secure AVIC support. It is initially the same as the x2APIC phys driver (without IPI callbacks), but will be modified as features of Secure AVIC are implemented. As the new driver does not implement Secure AVIC features yet, if the hypervisor sets the Secure AVIC bit in SEV_STATUS, maintain the existing behavior to enforce the guest termination. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Reviewed-by: Tianyu Lan Signed-off-by: Neeraj Upadhyay --- Changes since v8: - No changes. arch/x86/Kconfig | 13 ++++++ arch/x86/boot/compressed/sev.c | 1 + arch/x86/coco/core.c | 3 ++ arch/x86/coco/sev/core.c | 1 + arch/x86/include/asm/msr-index.h | 4 +- arch/x86/kernel/apic/Makefile | 1 + arch/x86/kernel/apic/x2apic_savic.c | 63 +++++++++++++++++++++++++++++ include/linux/cc_platform.h | 8 ++++ 8 files changed, 93 insertions(+), 1 deletion(-) create mode 100644 arch/x86/kernel/apic/x2apic_savic.c diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 58d890fe2100..70ce4f7b2f69 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -483,6 +483,19 @@ config X86_X2APIC =20 If in doubt, say Y. =20 +config AMD_SECURE_AVIC + bool "AMD Secure AVIC" + depends on AMD_MEM_ENCRYPT && X86_X2APIC + help + Enable this to get AMD Secure AVIC support on guests that have this fea= ture. + + AMD Secure AVIC provides hardware acceleration for performance sensitive + APIC accesses and support for managing guest owned APIC state for SEV-S= NP + guests. Secure AVIC does not support xapic mode. It has functional + dependency on x2apic being enabled in the guest. + + If you don't know what to do here, say N. + config X86_POSTED_MSI bool "Enable MSI and MSI-x delivery by posted interrupts" depends on X86_64 && IRQ_REMAP diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index fd1b67dfea22..74e083feb2d9 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -235,6 +235,7 @@ bool sev_es_check_ghcb_fault(unsigned long address) MSR_AMD64_SNP_VMSA_REG_PROT | \ MSR_AMD64_SNP_RESERVED_BIT13 | \ MSR_AMD64_SNP_RESERVED_BIT15 | \ + MSR_AMD64_SNP_SECURE_AVIC | \ MSR_AMD64_SNP_RESERVED_MASK) =20 /* diff --git a/arch/x86/coco/core.c b/arch/x86/coco/core.c index d4610af68114..989ca9f72ba3 100644 --- a/arch/x86/coco/core.c +++ b/arch/x86/coco/core.c @@ -104,6 +104,9 @@ static bool noinstr amd_cc_platform_has(enum cc_attr at= tr) case CC_ATTR_HOST_SEV_SNP: return cc_flags.host_sev_snp; =20 + case CC_ATTR_SNP_SECURE_AVIC: + return sev_status & MSR_AMD64_SNP_SECURE_AVIC; + default: return false; } diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index fc59ce78c477..a19691436ea6 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -79,6 +79,7 @@ static const char * const sev_status_feat_names[] =3D { [MSR_AMD64_SNP_IBS_VIRT_BIT] =3D "IBSVirt", [MSR_AMD64_SNP_VMSA_REG_PROT_BIT] =3D "VMSARegProt", [MSR_AMD64_SNP_SMT_PROT_BIT] =3D "SMTProt", + [MSR_AMD64_SNP_SECURE_AVIC_BIT] =3D "SecureAVIC", }; =20 /* diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-in= dex.h index b65c3ba5fa14..2a6d4fd8659a 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -699,7 +699,9 @@ #define MSR_AMD64_SNP_VMSA_REG_PROT BIT_ULL(MSR_AMD64_SNP_VMSA_REG_PROT_BI= T) #define MSR_AMD64_SNP_SMT_PROT_BIT 17 #define MSR_AMD64_SNP_SMT_PROT BIT_ULL(MSR_AMD64_SNP_SMT_PROT_BIT) -#define MSR_AMD64_SNP_RESV_BIT 18 +#define MSR_AMD64_SNP_SECURE_AVIC_BIT 18 +#define MSR_AMD64_SNP_SECURE_AVIC BIT_ULL(MSR_AMD64_SNP_SECURE_AVIC_BIT) +#define MSR_AMD64_SNP_RESV_BIT 19 #define MSR_AMD64_SNP_RESERVED_MASK GENMASK_ULL(63, MSR_AMD64_SNP_RESV_BIT) #define MSR_AMD64_RMP_BASE 0xc0010132 #define MSR_AMD64_RMP_END 0xc0010133 diff --git a/arch/x86/kernel/apic/Makefile b/arch/x86/kernel/apic/Makefile index 52d1808ee360..581db89477f9 100644 --- a/arch/x86/kernel/apic/Makefile +++ b/arch/x86/kernel/apic/Makefile @@ -18,6 +18,7 @@ ifeq ($(CONFIG_X86_64),y) # APIC probe will depend on the listing order here obj-$(CONFIG_X86_NUMACHIP) +=3D apic_numachip.o obj-$(CONFIG_X86_UV) +=3D x2apic_uv_x.o +obj-$(CONFIG_AMD_SECURE_AVIC) +=3D x2apic_savic.o obj-$(CONFIG_X86_X2APIC) +=3D x2apic_phys.o obj-$(CONFIG_X86_X2APIC) +=3D x2apic_cluster.o obj-y +=3D apic_flat_64.o diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c new file mode 100644 index 000000000000..bea844f28192 --- /dev/null +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -0,0 +1,63 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * AMD Secure AVIC Support (SEV-SNP Guests) + * + * Copyright (C) 2024 Advanced Micro Devices, Inc. + * + * Author: Neeraj Upadhyay + */ + +#include + +#include +#include + +#include "local.h" + +static int savic_acpi_madt_oem_check(char *oem_id, char *oem_table_id) +{ + return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); +} + +static int savic_probe(void) +{ + if (!cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) + return 0; + + if (!x2apic_mode) { + pr_err("Secure AVIC enabled in non x2APIC mode\n"); + snp_abort(); + /* unreachable */ + } + + return 1; +} + +static struct apic apic_x2apic_savic __ro_after_init =3D { + + .name =3D "secure avic x2apic", + .probe =3D savic_probe, + .acpi_madt_oem_check =3D savic_acpi_madt_oem_check, + + .dest_mode_logical =3D false, + + .disable_esr =3D 0, + + .cpu_present_to_apicid =3D default_cpu_present_to_apicid, + + .max_apic_id =3D UINT_MAX, + .x2apic_set_max_apicid =3D true, + .get_apic_id =3D x2apic_get_apic_id, + + .calc_dest_apicid =3D apic_default_calc_apicid, + + .nmi_to_offline_cpu =3D true, + + .read =3D native_apic_msr_read, + .write =3D native_apic_msr_write, + .eoi =3D native_apic_msr_eoi, + .icr_read =3D native_x2apic_icr_read, + .icr_write =3D native_x2apic_icr_write, +}; + +apic_driver(apic_x2apic_savic); diff --git a/include/linux/cc_platform.h b/include/linux/cc_platform.h index 0bf7d33a1048..7fcec025c5e0 100644 --- a/include/linux/cc_platform.h +++ b/include/linux/cc_platform.h @@ -96,6 +96,14 @@ enum cc_attr { * enabled to run SEV-SNP guests. */ CC_ATTR_HOST_SEV_SNP, + + /** + * @CC_ATTR_SNP_SECURE_AVIC: Secure AVIC mode is active. + * + * The host kernel is running with the necessary features enabled + * to run SEV-SNP guests with full Secure AVIC capabilities. + */ + CC_ATTR_SNP_SECURE_AVIC, }; =20 #ifdef CONFIG_ARCH_HAS_CC_PLATFORM --=20 2.34.1 From nobody Sun Oct 5 01:49:21 2025 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2058.outbound.protection.outlook.com [40.107.212.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9BA083B29E; Mon, 11 Aug 2025 09:45:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.58 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905552; cv=fail; b=ocDleV+DoRrJvQc1TijBKuf1hQ3yLGZya+IZlGpBrIqRdJ1xqNbD1ERtNrf2y/+MWZskJuv97Gx8l7Hjb157bkFLsiuVcRG3ruCcSJcgnqT4O4dIJ6/3oD0DesrlPsthk8ZDiTPOAHj2UjJMXH1D/gN51y6GIYd0ByEU0EfcAow= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905552; c=relaxed/simple; bh=kImRWVR7YOxCMHz8U1aTtD2eXDWMLQs6cgZSMI1x10U=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=rH1tOwADt4Ifg6YqwmI2BQhQJwwD7q7ITcNqtH6kwMiaP/B2YmtWx3VW8FPmx7UilFyPs5k41yxw5rVQ356QHAVINxeApDohf/VQfEYqEJGRwRnsiMwEiLmW6tJfvNsVPT+fmYK7hIP/IDYMM6VgaVoyKlJHw/IUTYCQeE56yXI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=MAW+wAEt; arc=fail smtp.client-ip=40.107.212.58 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="MAW+wAEt" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=CrkJHC2fGIGdFYoIufaAqC5cM0zwzUAU2RIbHZP6jQ74t0F1+vL3OBm/q/0m9HqaltSV2gKANXpqqNScR0zT1w1H/7u7zVwDlX2H5ukXKKmeEblfW+0N2aUpyqWEsIglS3yJOPJv2EeWyLPnfMxGJ88/0vZhCSBwfrqMqiQ0c4Gu/IlQ1BkIijNBvbY2n80BTTUYqWR6CqkbWEXKD06H7XyR0Iym9RWlgcO5aPCQpB7NF5eh6r/wR8fxBeKXfGoHHB3rFUZUFRq/aXjzTrwtKQ4C/gg4F9aEOEGbohucZh4HXOyA8/wo61xPn2F8h9V9bK2HFm2+HvdFL31a3HUe4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=I84hFrpn+BJ8AMVREtxCvptVWCe+nj3NkH8LIQriHeE=; b=cReyAP9sV3wOFIlWDSiXaUeFV9GkI7Ne4YQ4kiIU2Y+/ZECFzAl7CKBQfapcZHqAFBkqx+jSiioUE5U6WR+6RPiKjnq7VoMUhuJoo2+OXqeuhEo26PMzs0g/AX3WHRp2Up0hd9aKbNqmx4G+P8t7brCOl11fLsjIaGYW3tzHcNaB2pYbsL1crZ7Zy64ZCoU4eKl7EzntB6g5dLz/O/f4FJ7CA8HEOHSPuULtFum5E1IjKUGnPjVxthI5LiDw6CmC91+G6SDEGpCL7k3nJrmCZaNc6UhHzsCKkqdXSuv+6iSgc8d+h7kb6/hpEGQuuQR7fz8k/GP05hbnPdPnafqXrA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I84hFrpn+BJ8AMVREtxCvptVWCe+nj3NkH8LIQriHeE=; b=MAW+wAEtDnOhzNqjwWVxprKJn+csauqCF5XJaB3/IyG3CTDjitAe8nSA12nKZyoxvHh+te+AqrdMYTJFM6FctAu23CCv8QuxqiGyrobZpNF7uIzL3bnpEgsyydB9LPngv66ah2Q/h8kPXKr/eXoWLFjzUsQYAYGHgALgsUsqHAA= Received: from CH5P222CA0018.NAMP222.PROD.OUTLOOK.COM (2603:10b6:610:1ee::29) by CH2PR12MB4294.namprd12.prod.outlook.com (2603:10b6:610:a9::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.22; Mon, 11 Aug 2025 09:45:44 +0000 Received: from CH2PEPF0000013C.namprd02.prod.outlook.com (2603:10b6:610:1ee:cafe::dc) by CH5P222CA0018.outlook.office365.com (2603:10b6:610:1ee::29) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9009.22 via Frontend Transport; Mon, 11 Aug 2025 09:45:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH2PEPF0000013C.mail.protection.outlook.com (10.167.244.73) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9031.11 via Frontend Transport; Mon, 11 Aug 2025 09:45:44 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 11 Aug 2025 04:45:37 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v9 02/18] x86/apic: Initialize Secure AVIC APIC backing page Date: Mon, 11 Aug 2025 15:14:28 +0530 Message-ID: <20250811094444.203161-3-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> References: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PEPF0000013C:EE_|CH2PR12MB4294:EE_ X-MS-Office365-Filtering-Correlation-Id: 7e7c8b8a-cd85-49e3-7e7d-08ddd8bbd7d5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|36860700013|7416014|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?cROMAcOC408pRcTxAi2xTai07FwuWSzdOs+uP0b3z86rQTV3bX3J7rKMWinr?= =?us-ascii?Q?RMITtU2uV5gqypz7YB122RY6PjIwCR0/eLIIpOXsNXfEDTr29OhmfUW4dyhI?= =?us-ascii?Q?RZklJTtu237sO1j1LzHKXkOt9C0CcF+ij4EBsW3EAfcgvhIM495GeW0Ts/5D?= =?us-ascii?Q?HaCfZNjtYB6rVpwct7Dn86rXpl0opdZdI0iU40PxMoyaWdX0OnSOr5vt/XRk?= =?us-ascii?Q?V9UJGfnLUZ/Huh/sQNDbo0lm0eZiLeTAVCiMeLgo6Y+kxAvCAAwOJvfo3TM4?= =?us-ascii?Q?hi+515/oGgv36blic4+LgSmNCczsp93yorQDv4PLqj+9Py3ObJBqKrB1JqmC?= =?us-ascii?Q?3LQkLS/ZXaCo66pCGJ6P+oR5LXU59JFCWHBxUFn97BYJfw+gEUBE7pf4Mg/r?= =?us-ascii?Q?yCYXOYne1BientaJgDjnZtUgpIkXRt7TJRXVnuufy9vihSiA+HQ7i4+OLDW1?= =?us-ascii?Q?Mi0o44w8RCC+rvWGoaUfIewymgENCupzQc5D+AmrsneS0K7Of4qBFk1SDZI+?= =?us-ascii?Q?1ZLhg1j75BssE23sarhe40kq4iebLvdesBGHg3Pza4h/qRzfKaKHwsajvWPN?= =?us-ascii?Q?0zdfx0iH0U5Zk3UxNcTU74kaULmdtfZV+lTzz6HdUWXQn82LnljmWR/QWD+3?= =?us-ascii?Q?FwVqaUb1HTzogRiz5emKO2uVc6LngrAPm/fk7sAEs0mP9FcOQMFTC1T+hQR+?= =?us-ascii?Q?sA0+XAfSK0BquLD8/gfxqJD7CMrp+VZ2RFj7bX8WmDI2VonFfNt9Vn3fK61P?= =?us-ascii?Q?oyr8+dZc6uCY7ly2G70vUWq+CZ18uHvcqbr3P1tqy2MRrDOwHvUL7QUMsn+w?= =?us-ascii?Q?5qINqcARJpPg2dEUU168vNgQ5WipYBe3EUY7b5NhbzpBSyat+eVvMQx0sfSP?= =?us-ascii?Q?UAKHye6dYlgP9vTWDIVhPg7BFS+VgHxVpKmwyo7ct8Sb65TiffA2oht05aQV?= =?us-ascii?Q?7T9vH7B3svV0vM2MWU84OMYro4ql9eV3KxjafO8DsRC4nd56KauNo5xGlrOg?= =?us-ascii?Q?VzLBC/46nfyECyKKPV6kddW4G/NC00iCnrL315cz9zhAYGgDra/I+lO3KmcZ?= =?us-ascii?Q?te5fZoLLyH8KfcWktTWoZlhVc8oP1RylE3qwWNHhZ+WPcweOFlyL1xsWMP2c?= =?us-ascii?Q?VGBs5qAROvNYPs6vr692CCj0/dbOocVCy0XE2h1E5QYSZeKF/4eLm+Lj4yzF?= =?us-ascii?Q?C0SecextBE63KO6iSYEZBLrzdsLjpDf4oEgH5JL3a3NJKOlCcxI6ShfT2mTl?= =?us-ascii?Q?lO0QmNV+sEoMIFKwUbKycLO4/Ycywovs2N+bvNunbaIYGSK80JSDLDAye+R9?= =?us-ascii?Q?dFg/AHM+eRoT9xZa4Tk2s39JF86tLUtyn/baV+tH4eVu8PjoV+qDM0+xCkJZ?= =?us-ascii?Q?Sr/0gTGV7YLMoe/nsTPUilEnewbKwOeEaIwkbDUaOw07QpnWtE4AtS2tQLuk?= =?us-ascii?Q?7nkQX0SAH3KjiSi5C+3A50un25Y3zQ1D5xKbqkd7Z+ejUgD3U7qOPK0LCJsY?= =?us-ascii?Q?AWGpagKo37Jp5rYL9zjUTcJ+qGWZ4ThcX/zX?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(36860700013)(7416014)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2025 09:45:44.7505 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7e7c8b8a-cd85-49e3-7e7d-08ddd8bbd7d5 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF0000013C.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4294 Content-Type: text/plain; charset="utf-8" With Secure AVIC, the APIC backing page is owned and managed by guest. Allocate and initialize APIC backing page for all guest CPUs. The NPT entry for a vCPU's APIC backing page must always be present when the vCPU is running, in order for Secure AVIC to function. A VMEXIT_BUSY is returned on VMRUN and the vCPU cannot be resumed if the NPT entry for the APIC backing page is not present. To handle this, notify GPA of the vCPU's APIC backing page to the hypervisor by using the SVM_VMGEXIT_SECURE_AVIC GHCB protocol event. Before executing VMRUN, the hypervisor makes use of this information to make sure the APIC backing page is mapped in NPT. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Reviewed-by: Tianyu Lan Signed-off-by: Neeraj Upadhyay --- Changes since v8: - Added Tianyu's Reviewed-by. - Use "struct secure_avic_page" instead of defining a common "struct apic_page". arch/x86/coco/sev/core.c | 22 ++++++++++++++++++ arch/x86/include/asm/apic.h | 1 + arch/x86/include/asm/sev.h | 2 ++ arch/x86/include/uapi/asm/svm.h | 4 ++++ arch/x86/kernel/apic/apic.c | 3 +++ arch/x86/kernel/apic/x2apic_savic.c | 35 +++++++++++++++++++++++++++++ 6 files changed, 67 insertions(+) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index a19691436ea6..0c59ea82fa99 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1085,6 +1085,28 @@ int __init sev_es_efi_map_ghcbs_cas(pgd_t *pgd) return 0; } =20 +enum es_result savic_register_gpa(u64 gpa) +{ + struct ghcb_state state; + struct es_em_ctxt ctxt; + enum es_result res; + struct ghcb *ghcb; + + guard(irqsave)(); + + ghcb =3D __sev_get_ghcb(&state); + vc_ghcb_invalidate(ghcb); + + ghcb_set_rax(ghcb, SVM_VMGEXIT_SAVIC_SELF_GPA); + ghcb_set_rbx(ghcb, gpa); + res =3D sev_es_ghcb_hv_call(ghcb, &ctxt, SVM_VMGEXIT_SAVIC, + SVM_VMGEXIT_SAVIC_REGISTER_GPA, 0); + + __sev_put_ghcb(&state); + + return res; +} + static void snp_register_per_cpu_ghcb(void) { struct sev_es_runtime_data *data; diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h index 07ba4935e873..44b4080721a6 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -305,6 +305,7 @@ struct apic { =20 /* Probe, setup and smpboot functions */ int (*probe)(void); + void (*setup)(void); int (*acpi_madt_oem_check)(char *oem_id, char *oem_table_id); =20 void (*init_apic_ldr)(void); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 89075ff19afa..8e5083b46607 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -533,6 +533,7 @@ int snp_svsm_vtpm_send_command(u8 *buffer); =20 void __init snp_secure_tsc_prepare(void); void __init snp_secure_tsc_init(void); +enum es_result savic_register_gpa(u64 gpa); =20 static __always_inline void vc_ghcb_invalidate(struct ghcb *ghcb) { @@ -605,6 +606,7 @@ static inline int snp_send_guest_request(struct snp_msg= _desc *mdesc, static inline int snp_svsm_vtpm_send_command(u8 *buffer) { return -ENODEV;= } static inline void __init snp_secure_tsc_prepare(void) { } static inline void __init snp_secure_tsc_init(void) { } +static inline enum es_result savic_register_gpa(u64 gpa) { return ES_UNSUP= PORTED; } =20 #endif /* CONFIG_AMD_MEM_ENCRYPT */ =20 diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/sv= m.h index 9c640a521a67..650e3256ea7d 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -118,6 +118,10 @@ #define SVM_VMGEXIT_AP_CREATE 1 #define SVM_VMGEXIT_AP_DESTROY 2 #define SVM_VMGEXIT_SNP_RUN_VMPL 0x80000018 +#define SVM_VMGEXIT_SAVIC 0x8000001a +#define SVM_VMGEXIT_SAVIC_REGISTER_GPA 0 +#define SVM_VMGEXIT_SAVIC_UNREGISTER_GPA 1 +#define SVM_VMGEXIT_SAVIC_SELF_GPA ~0ULL #define SVM_VMGEXIT_HV_FEATURES 0x8000fffd #define SVM_VMGEXIT_TERM_REQUEST 0x8000fffe #define SVM_VMGEXIT_TERM_REASON(reason_set, reason_code) \ diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index d73ba5a7b623..36f1326fea2e 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -1503,6 +1503,9 @@ static void setup_local_APIC(void) return; } =20 + if (apic->setup) + apic->setup(); + /* * If this comes from kexec/kcrash the APIC might be enabled in * SPIV. Soft disable it before doing further initialization. diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index bea844f28192..1c70b7c111f0 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -8,17 +8,47 @@ */ =20 #include +#include =20 #include #include =20 #include "local.h" =20 +struct secure_avic_page { + u8 regs[PAGE_SIZE]; +} __aligned(PAGE_SIZE); + +static struct secure_avic_page __percpu *secure_avic_page __ro_after_init; + static int savic_acpi_madt_oem_check(char *oem_id, char *oem_table_id) { return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); } =20 +static void savic_setup(void) +{ + void *ap =3D this_cpu_ptr(secure_avic_page); + enum es_result res; + unsigned long gpa; + + gpa =3D __pa(ap); + + /* + * The NPT entry for a vCPU's APIC backing page must always be + * present when the vCPU is running in order for Secure AVIC to + * function. A VMEXIT_BUSY is returned on VMRUN and the vCPU cannot + * be resumed if the NPT entry for the APIC backing page is not + * present. Notify GPA of the vCPU's APIC backing page to the + * hypervisor by calling savic_register_gpa(). Before executing + * VMRUN, the hypervisor makes use of this information to make sure + * the APIC backing page is mapped in NPT. + */ + res =3D savic_register_gpa(gpa); + if (res !=3D ES_OK) + snp_abort(); +} + static int savic_probe(void) { if (!cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) @@ -30,6 +60,10 @@ static int savic_probe(void) /* unreachable */ } =20 + secure_avic_page =3D alloc_percpu(struct secure_avic_page); + if (!secure_avic_page) + snp_abort(); + return 1; } =20 @@ -38,6 +72,7 @@ static struct apic apic_x2apic_savic __ro_after_init =3D { .name =3D "secure avic x2apic", .probe =3D savic_probe, .acpi_madt_oem_check =3D savic_acpi_madt_oem_check, + .setup =3D savic_setup, =20 .dest_mode_logical =3D false, =20 --=20 2.34.1 From nobody Sun Oct 5 01:49:21 2025 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2066.outbound.protection.outlook.com [40.107.237.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 334321D8DFB; Mon, 11 Aug 2025 09:46:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.66 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905574; cv=fail; b=gN2aFhutvuaYe7AFxddfYsCSEwBhNX/vT77vKna80SkANk5vvkY5A+93YK4lHj6xNBhKXcpF8CfzDEst5UHjGv1EpXWDnoVJje77bVVELBNeNWqOGK05YgPZQoTDCwB610474TBipyWBW/eguluATG6FNN2m70KBTJI/6gk/KK4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905574; c=relaxed/simple; bh=82WmLuDjr2EBjXEFHSsPnHV8UjiIFx77VcDHjcmV9GM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=D2FqcEzCig4XMTeH5EjcoXyeVBHESHaVRw/+o0Xpt7+3SqZiQbUbdCtb7AOwLuwIVLxMUGFjs4v6WwU+c+MQhS/bwkPch2Wd4a30Zh1lhYVkbbzmqwvw431tCaqz2wZJFAVkrjNEE9VMuZEoBQILkNQLkBi8XZ5sTiCf8/CKTmk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Jnwv0ZsZ; arc=fail smtp.client-ip=40.107.237.66 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Jnwv0ZsZ" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Arz5o7opadWERMRxWFzjKpuAUpaRYfxFzZdO1sMj5i2lpgpQRxa2Vm8Y9k5Q+tonSqD/g64Edd4C8AJ4Y2p/Rvv7HQVcSMnBvrCqADDZNBZkWowiN9RnNOmrSCWTsbz37Qm8nz+D42431zdsZbsCt97BXh0CN22zkwDHES5hl8uu473qGV0poLSwb78eLIhgjL3fubdmx5CB5GLp7bn4mwiVlab2LrwEC/nqMCUjRD9FpJkWsMZhtjmLkzfGvnqBl1Ar1Hs7L54btKSmV8B2Z83N81K5cwqXqClHydrgofZcpOXWD9C4w9cNqop3XzXP7hTrQyhE3DHX/t8QgPRr3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TQm1oLm+yqi6srvY8dOoW5RGgXDhTY5SnfegIdK3tSM=; b=an6e/DPDYVvieiqXg6A99FPPiif8UDqRHd0i7UuFztpyxRMv/UplugdunPc4jsub6GqyyA9bIidNApZvuVG4bsEsZeBcJUN1Zf2t7zRqxSK/bL4FVApuoj5aM3Z77vDkrlW2E9QG4D6CQclcOc87ZOcERmO37FLZGGnuq6TwGz6ToJ9/IXU55hng6ls2YtAEXIgsIwZ0wD77ngFxn4/8EKtbMLli6PdbfpIzYwzx97RlWfzl544K7Olh4KDjkxaRHH5UkVHRqOe8pfSfmE4bS5W3NjWrN/MwviWHtJuoFdIf5VrinG8uEHOmYrOvPwYvwOC2LGWaPyNQ+cJT8uMhfA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TQm1oLm+yqi6srvY8dOoW5RGgXDhTY5SnfegIdK3tSM=; b=Jnwv0ZsZLvdBzvAQcv/Q25hzbTtNr2RQ76trCwXi4ZE0H5vZ4DEqgX7jJ7aQS55yQLVT/mLABLjP+MrjimY09Vnd6V46Y7Jd861rhnJm4kXL2rYd5SwBlwfXRrvf/BN46CSozwCMJr4Vx/SckieBvGmQaKEUXuXUXzZNphsVFXE= Received: from CH5P222CA0021.NAMP222.PROD.OUTLOOK.COM (2603:10b6:610:1ee::10) by LV8PR12MB9668.namprd12.prod.outlook.com (2603:10b6:408:295::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.21; Mon, 11 Aug 2025 09:46:05 +0000 Received: from CH2PEPF0000013C.namprd02.prod.outlook.com (2603:10b6:610:1ee:cafe::41) by CH5P222CA0021.outlook.office365.com (2603:10b6:610:1ee::10) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9009.22 via Frontend Transport; Mon, 11 Aug 2025 09:46:04 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH2PEPF0000013C.mail.protection.outlook.com (10.167.244.73) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9031.11 via Frontend Transport; Mon, 11 Aug 2025 09:46:04 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 11 Aug 2025 04:45:57 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v9 03/18] x86/apic: Populate .read()/.write() callbacks of Secure AVIC driver Date: Mon, 11 Aug 2025 15:14:29 +0530 Message-ID: <20250811094444.203161-4-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> References: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PEPF0000013C:EE_|LV8PR12MB9668:EE_ X-MS-Office365-Filtering-Correlation-Id: c2af1fa9-9047-4e25-ca7c-08ddd8bbe3c8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|36860700013|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?M3O+dFQ9tCzk9bSKT01z/uE57jdRsnxsGEBkzcz1lLHJyMl+mczq6K5tb2mH?= =?us-ascii?Q?3kP9wiE7tmw/HwQn6DbVrhGwHXRqGs1vKUkuaZVvyjvWv0CfucVgWm7tUJcF?= =?us-ascii?Q?+NI8uxZZp3usq1kS8K53F37bGeMD0j9O1n+AtSXvCynCSXK9P89sgaYg4yvu?= =?us-ascii?Q?KXzkLC0FH7BCBAdA2qAfpy4Hzr6kCHC60AbKTZVL/npD/XHWALG+bGpK//Z4?= =?us-ascii?Q?JjIYnBAdBQ+6/DajtOzPDllDtcT5ekQYHceYD/KhRYvLShZfK/xLBDlNgxZL?= =?us-ascii?Q?i9O1nHlfERkzpkSotSYLRKG4ZeRZ/f/SRw/fim9rMxWS2RPlGvID7PHx7+YH?= =?us-ascii?Q?MrcYNtz7G9e0xV46MbzEtIaRhuhzeHNUObhNuZ/D1SRVqNh3gRgcqtDWLrO6?= =?us-ascii?Q?cesa5dpmTQKb8AKg+icg34cop+8BqeXZpHde10dQPB0nzAm/P56SHj8NxFAv?= =?us-ascii?Q?oxz2bl9Wgy/WTk03uz7X669sZVgvhdSg4TXYM20H/WBTohlaE9murH4heUm/?= =?us-ascii?Q?+oYGl/SOoEC+7seTyDKedY6f87cM1qRcKk32mYvfPo//DPNTxXEHY/t+957E?= =?us-ascii?Q?Lb3xM0l89bkdN4KyL7+9yIes+1I2n9Pd+EostodNdjKszl89JBq3ugblm6cs?= =?us-ascii?Q?ijysBt88dXP8GgmVpFFwjDCsQSS3K/za615N6cBsuo4CXh3TlO3qdqgZ9exf?= =?us-ascii?Q?y7TLfiLFZZB6Jn5eIDOCwmu2RanvMr3nyPIWqpQelshBNda4ZKi+feUmAE01?= =?us-ascii?Q?IY/Y63HxmnWfTYbJuXE3ojqMR7/d4mNLGeDmST4Aq8kyOwizfyKcpGOeCI1B?= =?us-ascii?Q?DotoTu6DmyMoyLZdjxFzjN/TrT/Cki2uRQIJMZgDln0LQDqCXhPWT/aMlvvT?= =?us-ascii?Q?x+bOb4++mp5jyvGosgArYtZ4i0n6eaj8ZGft3m5DJqdJU37xorAfBV7Yhzta?= =?us-ascii?Q?jQ/u94c2v0Yux4K7Pvey76EPNayUnm4cNZwV1YF4eB5dN639CU7/LC3Sngrh?= =?us-ascii?Q?ezSgSqd9ByIZgBGlK6+elMS2sebE0BEN8WbAnjP02M/krw6TUl6oz4+rfXBP?= =?us-ascii?Q?jUjdh58soVjbTIFcA2Sfr74znlcyNwetM7mEJOpQAiCb//7iNpmnK2T4JeZZ?= =?us-ascii?Q?Z/wXa7XUJKkPoeKZ8JWQgNftheaNydb4hxiKhzz9na5dnXBgSw+r/4VFWcqQ?= =?us-ascii?Q?O9W1PK8jBK7OjDN9asr3YOMIRdr3hjzH7fn9Lw10LWAIoWGajHBeoCjhNqO/?= =?us-ascii?Q?uUcjG4cZThZRJ/PhXYfo3pbqeJHfG8U+BnZO/crkYF5EqT6kR/YKqR1imiX9?= =?us-ascii?Q?oa6MYduDT/br3QjJrNFmookXLc1OSEinUB1q1Ke95PoezY9U1FSeCJaAhYdX?= =?us-ascii?Q?DbENkQFKoHezXVBj/8YgvzhROLTpCMb20NfiLrrxMu0/fcMz+TAGyU3JcWEM?= =?us-ascii?Q?EFTYX3koA+gcD901JECYxclbExkof87o8+nD1wNiCzk5hVGdJV4ijDzZAVZk?= =?us-ascii?Q?nSPagalncYQHf09OcbHPZnX/fUdPMjPfZaUT?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(36860700013)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2025 09:46:04.8007 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c2af1fa9-9047-4e25-ca7c-08ddd8bbe3c8 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF0000013C.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV8PR12MB9668 Content-Type: text/plain; charset="utf-8" Add read() and write() APIC callback functions to read and write x2APIC registers directly from the guest APIC backing page of a vCPU. The x2APIC registers are mapped at an offset within the guest APIC backing page which is same as their x2APIC MMIO offset. Secure AVIC adds new registers such as ALLOWED_IRRs (which are at 4-byte offset within the IRR register offset range) and NMI_REQ to the APIC register space. When Secure AVIC is enabled, guest's rdmsr/wrmsr of APIC registers result in VC exception (for non-accelerated register accesses) with error code VMEXIT_AVIC_NOACCEL. The VC exception handler can read/write the x2APIC register in the guest APIC backing page to complete the rdmsr/wrmsr. Since doing this would increase the latency of accessing x2APIC registers, instead of doing rdmsr/wrmsr based reg accesses and handling reads/writes in VC exception, directly read/write APIC registers from/to the guest APIC backing page of the vCPU in read() and write() callbacks of the Secure AVIC APIC driver. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Reviewed-by: Tianyu Lan Signed-off-by: Neeraj Upadhyay --- Changes since v8: - Added Tianyu's Reviewed-by. - Code cleanup to use struct secure_avic_page pointer. arch/x86/include/asm/apicdef.h | 2 + arch/x86/kernel/apic/x2apic_savic.c | 113 +++++++++++++++++++++++++++- 2 files changed, 113 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/apicdef.h b/arch/x86/include/asm/apicdef.h index 094106b6a538..be39a543fbe5 100644 --- a/arch/x86/include/asm/apicdef.h +++ b/arch/x86/include/asm/apicdef.h @@ -135,6 +135,8 @@ #define APIC_TDR_DIV_128 0xA #define APIC_EFEAT 0x400 #define APIC_ECTRL 0x410 +#define APIC_SEOI 0x420 +#define APIC_IER 0x480 #define APIC_EILVTn(n) (0x500 + 0x10 * n) #define APIC_EILVT_NR_AMD_K8 1 /* # of extended interrupts */ #define APIC_EILVT_NR_AMD_10H 4 diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index 1c70b7c111f0..86a522685230 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -9,6 +9,7 @@ =20 #include #include +#include =20 #include #include @@ -26,6 +27,114 @@ static int savic_acpi_madt_oem_check(char *oem_id, char= *oem_table_id) return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); } =20 +#define SAVIC_ALLOWED_IRR 0x204 + +static u32 savic_read(u32 reg) +{ + void *ap =3D this_cpu_ptr(secure_avic_page); + + /* + * When Secure AVIC is enabled, rdmsr/wrmsr of APIC registers + * result in VC exception (for non-accelerated register accesses) + * with VMEXIT_AVIC_NOACCEL error code. The VC exception handler + * can read/write the x2APIC register in the guest APIC backing page. + * Since doing this would increase the latency of accessing x2APIC + * registers, instead of doing rdmsr/wrmsr based accesses and + * handling apic register reads/writes in VC exception, the read() + * and write() callbacks directly read/write APIC register from/to + * the vCPU APIC backing page. + */ + switch (reg) { + case APIC_LVTT: + case APIC_TMICT: + case APIC_TMCCT: + case APIC_TDCR: + case APIC_ID: + case APIC_LVR: + case APIC_TASKPRI: + case APIC_ARBPRI: + case APIC_PROCPRI: + case APIC_LDR: + case APIC_SPIV: + case APIC_ESR: + case APIC_LVTTHMR: + case APIC_LVTPC: + case APIC_LVT0: + case APIC_LVT1: + case APIC_LVTERR: + case APIC_EFEAT: + case APIC_ECTRL: + case APIC_SEOI: + case APIC_IER: + case APIC_EILVTn(0) ... APIC_EILVTn(3): + return apic_get_reg(ap, reg); + case APIC_ICR: + return (u32) apic_get_reg64(ap, reg); + case APIC_ISR ... APIC_ISR + 0x70: + case APIC_TMR ... APIC_TMR + 0x70: + if (WARN_ONCE(!IS_ALIGNED(reg, 16), + "APIC reg read offset 0x%x not aligned at 16 bytes", reg)) + return 0; + return apic_get_reg(ap, reg); + /* IRR and ALLOWED_IRR offset range */ + case APIC_IRR ... APIC_IRR + 0x74: + /* + * Either aligned at 16 bytes for valid IRR reg offset or a + * valid Secure AVIC ALLOWED_IRR offset. + */ + if (WARN_ONCE(!(IS_ALIGNED(reg, 16) || + IS_ALIGNED(reg - SAVIC_ALLOWED_IRR, 16)), + "Misaligned IRR/ALLOWED_IRR APIC reg read offset 0x%x", reg)) + return 0; + return apic_get_reg(ap, reg); + default: + pr_err("Permission denied: read of Secure AVIC reg offset 0x%x\n", reg); + return 0; + } +} + +#define SAVIC_NMI_REQ 0x278 + +static void savic_write(u32 reg, u32 data) +{ + void *ap =3D this_cpu_ptr(secure_avic_page); + + switch (reg) { + case APIC_LVTT: + case APIC_LVT0: + case APIC_LVT1: + case APIC_TMICT: + case APIC_TDCR: + case APIC_SELF_IPI: + case APIC_TASKPRI: + case APIC_EOI: + case APIC_SPIV: + case SAVIC_NMI_REQ: + case APIC_ESR: + case APIC_LVTTHMR: + case APIC_LVTPC: + case APIC_LVTERR: + case APIC_ECTRL: + case APIC_SEOI: + case APIC_IER: + case APIC_EILVTn(0) ... APIC_EILVTn(3): + apic_set_reg(ap, reg, data); + break; + case APIC_ICR: + apic_set_reg64(ap, reg, (u64) data); + break; + /* ALLOWED_IRR offsets are writable */ + case SAVIC_ALLOWED_IRR ... SAVIC_ALLOWED_IRR + 0x70: + if (IS_ALIGNED(reg - SAVIC_ALLOWED_IRR, 16)) { + apic_set_reg(ap, reg, data); + break; + } + fallthrough; + default: + pr_err("Permission denied: write to Secure AVIC reg offset 0x%x\n", reg); + } +} + static void savic_setup(void) { void *ap =3D this_cpu_ptr(secure_avic_page); @@ -88,8 +197,8 @@ static struct apic apic_x2apic_savic __ro_after_init =3D= { =20 .nmi_to_offline_cpu =3D true, =20 - .read =3D native_apic_msr_read, - .write =3D native_apic_msr_write, + .read =3D savic_read, + .write =3D savic_write, .eoi =3D native_apic_msr_eoi, .icr_read =3D native_x2apic_icr_read, .icr_write =3D native_x2apic_icr_write, --=20 2.34.1 From nobody Sun Oct 5 01:49:21 2025 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2049.outbound.protection.outlook.com [40.107.95.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 35DA11C3C14; Mon, 11 Aug 2025 09:46:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.95.49 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905600; cv=fail; b=R01Og2OLIu76/pxhGbpLSmtGVJI61tiycvi20032YEHcyYlTr6L7ZoiQXelwJuvtgVHG6XkTtqbeUxzIYIzYwUzWePKyeg3dArwcPh0VOkWxsEN4d6us+MSLwyqzlBPDthWLFzSdOF3YbHjzKIDxykai5btVVCMTUFazoyKS3V8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905600; c=relaxed/simple; bh=JVzoSC2t+wn8suJnGOJOvZyBNQUZREdZGl4MFl1iv5U=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Od4Mp2ZGcS8RqzMYl3ebtWKVJUaAKyjnyNfzQjnJPge135OU2Z6Dl0QfKO1Vg28+llSw9WnRi1av+19+hYqA89b8EiTUiUQy09SShTViYfkfiFi59mQocLREQD37mKc0c5QqVuPTFMN8n9sVRy13qOCQ1M1TwoJy1DRP64CMZls= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=BFH2D9aX; arc=fail smtp.client-ip=40.107.95.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="BFH2D9aX" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Re4aCvVsE/Qnp9n4uaWacwlhXhgSuIDY0kPk6rba0ULyJbdHyQ6LwSPNFH/sVnEXNRKlxfKwTqNFgw5qPuB7nQOECnpNlybXBMXj3q5A2cMtlxmDH3cqDRfvBiwF2Ra8BoufLFCtSElAAOXIgNB8uPGRPVbpNadUlm8hWQ4LHP3PxX42tNOYETQ1+WsLwYIWIFBeQHZbZzlwRFKPfYE31oHdHeLCON+FoOCBqyG/KcZwpsRG7PhRYcxHz17peudSU6T10yiKRBz5ndGc0uii/BMh4M5PuG8nfKcm8SuqemfIA7NkpabJuOuw9fR0guH/LxbkU3l3ZBwZAOKp1W22YA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/UHz7TjjvKaiYPs3YIFTWuPFq3Ky2H+T9CXCLZSjZh8=; b=J7+xxrbiMUq9VPm+03TD8UxnTq/gyGMCBUwxvLIL/Wn3aaA1FfqnWDG6SW98pqAgoEscVJ6i1N4Y9EyYe7ygqKMQOn9hWUF4qaEkMncLJ5Mg5zC14+KRbt583AeugnIdQWpyZVTFPkjHm4OTiYIPVQrrn4gXKyn64VKapqW6AeyMXEq4XnZsi6QWvAaJAKub0rmQFDMkQORXJg9RcctjSWJsZd6jjuhuUy4+TiwLYFeDxLr0jkn6kJND5hU1jvm/lDBTWnn7WFYQevgVtr6cMeCm3k+X6vz1zs7gNSqo3GstkPXgoUnMutLjGZG/lVS3UcHwbGbGGycwtk+qhRvmEw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/UHz7TjjvKaiYPs3YIFTWuPFq3Ky2H+T9CXCLZSjZh8=; b=BFH2D9aXpX7S00+lXEl8npzN4nWGlH9sAq8zoqHAnbNDZCVcpB3vF4JpW92OrqTB0vc6y9WCXzPnaPDv4rv+yP99/pDQxUCVAa8/3ro6S6D5n7Z03xK62Mjyl8iajGggLG3G1no5lfmG56aChNgav4sK4poBJ1t/FSeEisqANUE= Received: from CH2PR14CA0048.namprd14.prod.outlook.com (2603:10b6:610:56::28) by MW6PR12MB8899.namprd12.prod.outlook.com (2603:10b6:303:248::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.18; Mon, 11 Aug 2025 09:46:26 +0000 Received: from CH2PEPF00000142.namprd02.prod.outlook.com (2603:10b6:610:56:cafe::ae) by CH2PR14CA0048.outlook.office365.com (2603:10b6:610:56::28) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9009.22 via Frontend Transport; Mon, 11 Aug 2025 09:46:25 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH2PEPF00000142.mail.protection.outlook.com (10.167.244.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9031.11 via Frontend Transport; Mon, 11 Aug 2025 09:46:25 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 11 Aug 2025 04:46:18 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v9 04/18] x86/apic: Initialize APIC ID for Secure AVIC Date: Mon, 11 Aug 2025 15:14:30 +0530 Message-ID: <20250811094444.203161-5-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> References: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PEPF00000142:EE_|MW6PR12MB8899:EE_ X-MS-Office365-Filtering-Correlation-Id: 3e77108c-03b8-4981-0a24-08ddd8bbf039 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|7416014|376014|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?ES/GsCK9RlywsSQMc1MRCg8TOwZhDde12HqPot8d0h9fDi3rq+LINvRKv+yy?= =?us-ascii?Q?089hVuULIC3MeQqtiWc++V2wso+Hnvv+sJEgUp7l4jFydY8XbtL0YjoLiq/k?= =?us-ascii?Q?MyHw2ifmlRozKdOol2XMqRItZ6uutbkbFzxZpABTEmJ+HubZfZBmi8vJr+VJ?= =?us-ascii?Q?XbmfMzf6qmE+qEtyy1k1WS/k0xHwQvJt+dgOeCSMHRehDMfp5Y5vaaG0GAOj?= =?us-ascii?Q?UV2wQd8dbUX25HF+LWOXTpL7QNkL18v6pvBWRbSGsk7KtSk7CPqzIQ3ysCrO?= =?us-ascii?Q?mMgO6EXmKv4lBcbpTMbMxSqyJBKUReBnT2AiDyBuFGEbjmK0vuh9+vLMsGKM?= =?us-ascii?Q?cCeut/i1qCVvPf5qBYB0OH03bdc9CkbmsZlUwkVxRw+nD1CScHahzl7qsN45?= =?us-ascii?Q?i+fx5j0DvuhR6wkTHPXxLaal8wZtS3DWtybYRnzKAke4sunCyEyzpn3I4Qey?= =?us-ascii?Q?J0ji48k1PcVfrdnJjnWX2w0EhlL69sCT8efZWzBcCQehOtDlAvqaJoT6T03w?= =?us-ascii?Q?FFZb1I+aivioRA+CZYU0HGoK0FAJCn4p91kKsfv6jp7UlIA5kPs/DMk5SM0g?= =?us-ascii?Q?U24UDW0LLwdxRBpvnk4rLjzvnxB/IOyHPnCJtyBMV8GzrX7pT9/huuR8YjfL?= =?us-ascii?Q?Q05/wWi7cQU1m0+J8bz77v3S5xU3dkiXqOqIHZFYAfRf9+a3GNvAbSwlao4X?= =?us-ascii?Q?lbOu450qwANZB3RTqkk9Lj/xhe+3ydGq6hp7pBQXJPv/btGzl2vUgRVJp2EV?= =?us-ascii?Q?LBpdv3Yj10spZ/6/YgaG5yCyhfd8WfYRBugmqRsowNIBHnJLsyGPkpQRLx7+?= =?us-ascii?Q?GHSaMWKZXogR3QI3p39yEEcCq6ggauGhwW9JQKifHWutE1AW0Z+BWVYVEDvo?= =?us-ascii?Q?uyKrEdYjAMpMcpTvk1lTnb7vm2M0LMbnZi4BPDHLgseH1MY14p2eljkRHO3a?= =?us-ascii?Q?OM9rzQCVKhErGRl4FoTwnhZgsAaQBc74RtH/hTAWR9HYV/Qkh2XaTHT9BMdS?= =?us-ascii?Q?3txEMxvbqMu8GDdYymbuOGQY+GUJg/AtMhgv1al9j59HA3KXMU7Wkb8YpkoM?= =?us-ascii?Q?eu75dRtxM9KVrD2cnfJTEvvaG7rPZDmAUjH4VYfFi8i5ehZCAzmHLcxnJ2xB?= =?us-ascii?Q?fI6C7ogj6eXTpojmqlNZApywXZrbRoa53N/f3LF8cTL/7SaSm2EAGJyAfPyr?= =?us-ascii?Q?3IgotA9MpPHGHT4gN+YQNEjdOzmujWmHmTgaqQgsVThOnTmb9OSJGU0UIaA6?= =?us-ascii?Q?Yt2rQaHtQkDwcsr9tgznqXwlHmWV4ZE1E1IMcXvJ00ww8KVH4fxP00RRXVjZ?= =?us-ascii?Q?9H8dVXZfJupojZ1muXOFS3+lriWu57aceLjOcyihtZ8qGFQPW/r2xMrz3U4u?= =?us-ascii?Q?FUnPYzDNZtRxBlfUmpzzwlGE6K2YpYmL6W5z3NUdaMwAVBR5TPrcGEr855Bn?= =?us-ascii?Q?ON9Ohq8g1YId5sV35SCUa76SAEmiDTocUzUBS4IGA9qnuSuM84V629d8a53N?= =?us-ascii?Q?PxBKcZBZtcDYfHHuL0N1eELu9TCB4zz2A2m6?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(7416014)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2025 09:46:25.6711 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3e77108c-03b8-4981-0a24-08ddd8bbf039 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF00000142.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW6PR12MB8899 Content-Type: text/plain; charset="utf-8" Initialize the APIC ID in the Secure AVIC APIC backing page with the APIC_ID msr value read from Hypervisor. CPU topology evaluation later during boot would catch and report any duplicate APIC ID for two CPUs. Reviewed-by: Tianyu Lan Signed-off-by: Neeraj Upadhyay --- Changes since v8: - Added Tianyu's Reviewed-by. - Code cleanup. arch/x86/kernel/apic/x2apic_savic.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index 86a522685230..55edc6c30ba4 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -141,6 +141,12 @@ static void savic_setup(void) enum es_result res; unsigned long gpa; =20 + /* + * Before Secure AVIC is enabled, APIC msr reads are intercepted. + * APIC_ID msr read returns the value from the Hypervisor. + */ + apic_set_reg(ap, APIC_ID, native_apic_msr_read(APIC_ID)); + gpa =3D __pa(ap); =20 /* --=20 2.34.1 From nobody Sun Oct 5 01:49:21 2025 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2075.outbound.protection.outlook.com [40.107.94.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 68CCC23D28C; Mon, 11 Aug 2025 09:46:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.75 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905612; cv=fail; b=tdAKaQEdENwkVWhQBKKhdjUco8BPGBJg/qRrQ2ZUH61P+SQCDVNPdyLB84FxTpCsnpwrt4kcanjjDsFj7/oHNXokynow77Lc4xZgubNeaeXJIWw7+hvNytFBM9vslo31pB7CahiqnvpW+Kj1Ut3Y4NFHCYT789di+Kd4gylyka0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905612; c=relaxed/simple; bh=F3XiC79rxgbgokerBwht6nYI71YdNS4LhA3mVP4GtK4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=q/0lK85gwGRpRs8pRjJZOKinIWgPZHZ176sBoi3jiAx9dOYOUhE4RpACxhqPmYaxapHltBeW+hGoNxXIV+GEUe55nlxNJcR+XQ/fP5247NPkF/EoUrH/9xRCZ5Mw9K56jZEioR1oA7e3ufrkRHvmsTRKVEXh00+ZhZVrBNRQbys= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=wiL/DCAB; arc=fail smtp.client-ip=40.107.94.75 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="wiL/DCAB" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=mflPM+dyx78rzqIYY9f3KShipKSizLKJEwkbe4zsamswl4EaEXqEhKSekL2pyt9rd/+bXbLhQ+5d0rTo0veIGmv8ez5yk45NPX2sviA3rEAsbHi//JKwOrICNDJeSBky1Wod+BsWOhJwEWlwQEfheZXx1ijEgy5Fhc6Db0NDkz0JmExzWXGPultgVFMsYCNVGlv1GsZhZMpDkRE89U1lO/byNvtnbC27Tf4xp/e1bIAIhNHk3G0WwRwFmRQ9hZUxhQU4bh/KIAC6Wg8XrcG0HY5fgOcW50iYTOJmChh1ZcuEQLew3mP5x6McAT4TUZ9eMZRLN/+fWCWBOV+fi2zO4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8x5kFyst8GRZWfMt9bAT8/V7H6bDoDmNjP6GfGbCEvA=; b=p2thkP1JLoScHJpoMO1ZGDwZvAf6uPjfc3XN15f55qQ8gE3FrhrjazIwyZX1cekOIzttIXj0K2VvMmxVc0xUpUq+sZUJo4nySu1R0/L9sLYFnqv/o/voldSOwKZFw43EsBYC+6k98/elZMbk1OuIjvy6A2PfEXvchHtHdZ0+EA+RV3jr7ws1LiZNYTVJf38TMkvX1C/Kwhp8HXItjzjuEpdpqV4Sun42zAUfsGvlf6zSEFvK2CQpadcBrLxaRRLObv0tFXrIoOolvjF1uhkHFXyopFWDFR29Fd+DOsPMMS2qED1lMZNdMY4w1fNP4LvsiKmm0g16Tbqw9N2nRe+A1w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8x5kFyst8GRZWfMt9bAT8/V7H6bDoDmNjP6GfGbCEvA=; b=wiL/DCABaWAxmz+iuWfzEkAsj8Tkv7ADQQjZwUKWAvtodJSK9ov37UBjd1KSLiQhXfYwyV3WBpdttj+vTNx6pxXsUHAP49ez7YYyHHKuhdanjbSFtMlrr88ICMuwybTijY8NBt9NJqIjHNNMH4RCfmOjaaM2I/y5sHy8ZNo9i2U= Received: from CH5PR03CA0016.namprd03.prod.outlook.com (2603:10b6:610:1f1::28) by SJ1PR12MB6027.namprd12.prod.outlook.com (2603:10b6:a03:48a::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.20; Mon, 11 Aug 2025 09:46:45 +0000 Received: from CH2PEPF0000013E.namprd02.prod.outlook.com (2603:10b6:610:1f1:cafe::eb) by CH5PR03CA0016.outlook.office365.com (2603:10b6:610:1f1::28) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9009.22 via Frontend Transport; Mon, 11 Aug 2025 09:46:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH2PEPF0000013E.mail.protection.outlook.com (10.167.244.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9031.11 via Frontend Transport; Mon, 11 Aug 2025 09:46:45 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 11 Aug 2025 04:46:38 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v9 05/18] x86/apic: Add update_vector() callback for apic drivers Date: Mon, 11 Aug 2025 15:14:31 +0530 Message-ID: <20250811094444.203161-6-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> References: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PEPF0000013E:EE_|SJ1PR12MB6027:EE_ X-MS-Office365-Filtering-Correlation-Id: 27ce8d1f-a7f7-4b55-8aae-08ddd8bbfbd8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|1800799024|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?SZ/c8IiZV5LdwBFvvIap5XEhNv2T8O8fs0+AEIVUGNnZrcmcflSp35BiTDTy?= =?us-ascii?Q?hfC3URrDqcdB1Y607JzbFGqsDa55XuP9hX66VDMakyO6fcGcDFRXap2V27ke?= =?us-ascii?Q?IfcO9O1m6gO+7bpCvfcvLG8IP0Oon0/xIFugarr7wLG09EjMrFnylVXbxGUI?= =?us-ascii?Q?HvmZXrGdb7wTdUx/kU3IzRB9IIdT0TBmkgkatUoVFX2b8Hjs3cNxzGrTMpp7?= =?us-ascii?Q?/ev0myI4FU3CWEaTa6bTSkrfHYaRnIBxnXdszQRDRc56CrB/IZdvDesA7w4S?= =?us-ascii?Q?dDrA7RyQoAPGjWAKjJGmzt7I8jat3pZmthjJFxDrfJkJjPKqrjLj2rMr/jIN?= =?us-ascii?Q?b+GXcsr6HbzeuF2wo+9bzNJdI1BMlBiyjViOdOIHYECFR3YltP4L7tks2tR+?= =?us-ascii?Q?YPpeinUJLe9HSJvZZrTQTE0PT/bHYpnfHnBN9rP/vZNpVvs6kbWw/G/bGkk9?= =?us-ascii?Q?1M9TBdX2k0h2JZg3VENmFLjaNHqhajDyVQSlnaQgrh4Er8U/sD0LsIHYXu0S?= =?us-ascii?Q?SY7OjMLEMI5jGx33jWcWrfIHFmVW97s7U1L+FyCXhIfZ5gMr4oKSrI/0bPw/?= =?us-ascii?Q?Sc7dKd2bOBM97ImIlB0MZ1PE/fk9Vekk/GXUJfR8sXgr8PkpCuvj9btcowVD?= =?us-ascii?Q?hhS7XBNSCfB8GyVc5VvXi+BqinL6rR9FQU4Jrt/coj4MVZ06LOrni/4GhbRU?= =?us-ascii?Q?Gkn0vQSNRhRroVh+fapbYyX2b0rDyukaiOU21ZfxBjuVkTw5DwOnMnIbySuD?= =?us-ascii?Q?d7Yht5XesqgoGGis4XoZhI9PoSNe9n9JWUY/WMhLbLcwe0C7PB54E2q+qgcy?= =?us-ascii?Q?H5hdFrivNoi1JtWZmj5UlVlEo1vYJtpAAUSTVgBLnRX0d7cAv3yy6nWxpqd8?= =?us-ascii?Q?RzTUQGAPyaHIBg8qr6TTnaXawyDQHmXlWKJpfDFol6HEJV7e/j8UifrP5y5U?= =?us-ascii?Q?JRweMHhBOVSB2l4MHdFtooU/u4kaMQh9UwqQIadbWcxD7YWmdmAFyKusfDcl?= =?us-ascii?Q?Lst7vJYb3fdVamyguiJBn9tSmWZht8T/8Jorx/hHJB4ktU/C2EhndSaNklkq?= =?us-ascii?Q?IPQn3gJrjz1Zq4/9Enkef7TG05thv+lhXX6oEdGagbkmN87H3BJ/fnzrJCi5?= =?us-ascii?Q?Z4+fT+nwZ1mVOf+1XJ1YKsAYV6xvcnKE8BRWDE0mc8oXLClCByS0o8mSRkBb?= =?us-ascii?Q?3UI7XIjxudZSujK4bRfPzV1ROZ4jOP14ORUX2qz1m6yfwaxpMBTeBbUHWxSg?= =?us-ascii?Q?zADW9gcPoTODe8NpDBxwsCBevxQl6g4OwGfI3NYG1RutRycF9fWWag0rzR3c?= =?us-ascii?Q?dOk5jQI99mXcDEJqA23XS5/CGiyez+2Thk8rw5VeECQPTZex6YN6rCKod9wT?= =?us-ascii?Q?IfhqqmfImwOIOXrSxTrxqjZLqYBjlUETYuia1L2zd8q+4ACpZax/UH94mA89?= =?us-ascii?Q?lpFrvxZxnowyruxziF4vUF/wcI+6xyRNgJbHhAUuQg2umIIkwGZi2KG8Jus4?= =?us-ascii?Q?df4onNd0fgI240//oXPNxYoR6iV5ZN3mROvo?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(7416014)(1800799024)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2025 09:46:45.1683 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 27ce8d1f-a7f7-4b55-8aae-08ddd8bbfbd8 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF0000013E.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6027 Content-Type: text/plain; charset="utf-8" Add an update_vector() callback to allow APIC drivers to perform driver specific operations on external vector allocation/teardown on a CPU. This callback will be used in subsequent commits by Secure AVIC APIC driver to configure the vectors which a guest vCPU allows the hypervisor to send to it. As system vectors have fixed vector assignments and are not dynamically allocated, add apic_update_vector() public api to facilitate update_vector() callback invocation for them. This will be used for Secure AVIC enabled guests to allow the hypervisor to inject system vectors which are emulated by the hypervisor such as APIC timer vector and HYPERVISOR_CALLBACK_VECTOR. While at it, cleanup line break in apic_update_irq_cfg(). Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v8: - No change. arch/x86/include/asm/apic.h | 9 +++++++++ arch/x86/kernel/apic/vector.c | 29 ++++++++++++++++++----------- 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h index 44b4080721a6..0683318470be 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -318,6 +318,8 @@ struct apic { /* wakeup secondary CPU using 64-bit wakeup point */ int (*wakeup_secondary_cpu_64)(u32 apicid, unsigned long start_eip, unsig= ned int cpu); =20 + void (*update_vector)(unsigned int cpu, unsigned int vector, bool set); + char *name; }; =20 @@ -471,6 +473,12 @@ static __always_inline bool apic_id_valid(u32 apic_id) return apic_id <=3D apic->max_apic_id; } =20 +static __always_inline void apic_update_vector(unsigned int cpu, unsigned = int vector, bool set) +{ + if (apic->update_vector) + apic->update_vector(cpu, vector, set); +} + #else /* CONFIG_X86_LOCAL_APIC */ =20 static inline u32 apic_read(u32 reg) { return 0; } @@ -482,6 +490,7 @@ static inline void apic_wait_icr_idle(void) { } static inline u32 safe_apic_wait_icr_idle(void) { return 0; } static inline void apic_native_eoi(void) { WARN_ON_ONCE(1); } static inline void apic_setup_apic_calls(void) { } +static inline void apic_update_vector(unsigned int cpu, unsigned int vecto= r, bool set) { } =20 #define apic_update_callback(_callback, _fn) do { } while (0) =20 diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c index a947b46a8b64..655eeb808ebc 100644 --- a/arch/x86/kernel/apic/vector.c +++ b/arch/x86/kernel/apic/vector.c @@ -134,13 +134,21 @@ static void apic_update_irq_cfg(struct irq_data *irqd= , unsigned int vector, =20 apicd->hw_irq_cfg.vector =3D vector; apicd->hw_irq_cfg.dest_apicid =3D apic->calc_dest_apicid(cpu); + + apic_update_vector(cpu, vector, true); + irq_data_update_effective_affinity(irqd, cpumask_of(cpu)); - trace_vector_config(irqd->irq, vector, cpu, - apicd->hw_irq_cfg.dest_apicid); + trace_vector_config(irqd->irq, vector, cpu, apicd->hw_irq_cfg.dest_apicid= ); } =20 -static void apic_update_vector(struct irq_data *irqd, unsigned int newvec, - unsigned int newcpu) +static void apic_free_vector(unsigned int cpu, unsigned int vector, bool m= anaged) +{ + apic_update_vector(cpu, vector, false); + irq_matrix_free(vector_matrix, cpu, vector, managed); +} + +static void apic_chipd_update_vector(struct irq_data *irqd, unsigned int n= ewvec, + unsigned int newcpu) { struct apic_chip_data *apicd =3D apic_chip_data(irqd); struct irq_desc *desc =3D irq_data_to_desc(irqd); @@ -174,8 +182,7 @@ static void apic_update_vector(struct irq_data *irqd, u= nsigned int newvec, apicd->prev_cpu =3D apicd->cpu; WARN_ON_ONCE(apicd->cpu =3D=3D newcpu); } else { - irq_matrix_free(vector_matrix, apicd->cpu, apicd->vector, - managed); + apic_free_vector(apicd->cpu, apicd->vector, managed); } =20 setnew: @@ -261,7 +268,7 @@ assign_vector_locked(struct irq_data *irqd, const struc= t cpumask *dest) trace_vector_alloc(irqd->irq, vector, resvd, vector); if (vector < 0) return vector; - apic_update_vector(irqd, vector, cpu); + apic_chipd_update_vector(irqd, vector, cpu); =20 return 0; } @@ -337,7 +344,7 @@ assign_managed_vector(struct irq_data *irqd, const stru= ct cpumask *dest) trace_vector_alloc_managed(irqd->irq, vector, vector); if (vector < 0) return vector; - apic_update_vector(irqd, vector, cpu); + apic_chipd_update_vector(irqd, vector, cpu); =20 return 0; } @@ -357,7 +364,7 @@ static void clear_irq_vector(struct irq_data *irqd) apicd->prev_cpu); =20 per_cpu(vector_irq, apicd->cpu)[vector] =3D VECTOR_SHUTDOWN; - irq_matrix_free(vector_matrix, apicd->cpu, vector, managed); + apic_free_vector(apicd->cpu, vector, managed); apicd->vector =3D 0; =20 /* Clean up move in progress */ @@ -366,7 +373,7 @@ static void clear_irq_vector(struct irq_data *irqd) return; =20 per_cpu(vector_irq, apicd->prev_cpu)[vector] =3D VECTOR_SHUTDOWN; - irq_matrix_free(vector_matrix, apicd->prev_cpu, vector, managed); + apic_free_vector(apicd->prev_cpu, vector, managed); apicd->prev_vector =3D 0; apicd->move_in_progress =3D 0; hlist_del_init(&apicd->clist); @@ -905,7 +912,7 @@ static void free_moved_vector(struct apic_chip_data *ap= icd) * affinity mask comes online. */ trace_vector_free_moved(apicd->irq, cpu, vector, managed); - irq_matrix_free(vector_matrix, cpu, vector, managed); + apic_free_vector(cpu, vector, managed); per_cpu(vector_irq, cpu)[vector] =3D VECTOR_UNUSED; hlist_del_init(&apicd->clist); apicd->prev_vector =3D 0; --=20 2.34.1 From nobody Sun Oct 5 01:49:21 2025 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2071.outbound.protection.outlook.com [40.107.244.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ADF691A5B86; Mon, 11 Aug 2025 09:47:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.71 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905632; cv=fail; b=O1YoGRv+igZTEmJXb7O1TSNKZi0HKLSDkpT3ww7H/aV+duJo+NYFVyQmraMShK8A1b0oi1vByd/84Uzm3zLDdO0iz2zAjMlmLTjJIzbrxmTk+XofvvE0hEtnMhcK3r27aEvUbq3ssd+MHlrNM4BgrlEKucevxPueAMYI7wa0a8g= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905632; c=relaxed/simple; bh=LDxN8+qMG0DM/UzQJkZ2HOEjyVp2ahWiqxY+AQWD8x0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Nfbut5MeCfeoO4FpLzT2PZ6XW/C+9XeOEtWvgU5BBhHt8YPWdkVCGMUjuFEpcNxiaDwm/cPLiTkH4uvg09JArqsxqGZjE1i8JmaCN6El162X3mEZwSrlndsHAzeNAl37LTnjJICHlZSSksicjUO2oZOwfe3mvVqtX4Q4Jdd8p1U= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=wfwvT+jS; arc=fail smtp.client-ip=40.107.244.71 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="wfwvT+jS" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=hcNPMltxa2MGcGSBCmr0L8DO2psOwIq3pbkIDALcrwXMm5vWQ3ebdSfh77ZvoppY62a6ehs+BtJkd3RxiAed/7J9w8cAr8/Y7nHIsV/o+hM9BELYJsb1gnH207J5SO2+OOlBHzqAbrIwZ6C02/g53pVBCMLVXUSpZ9Gl2DvkySA0ygEvF17S8mxldjG0khWHenZFyHP+jxJ46CgPNvaOTxmKXy4lSszwdxHUSmO12BrzHBehIArFanADy7oDp+Ob9thvK4EQ5ZozjNYZVCakND06rhgM3XZpB5QTs327JpCaQAA/UY9GrF82X2E4gwgDUzvmWCoi+kINen0o+sXJgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1Q1nAniE/KVslEmbW4azLjwl2kmdRXH3jEuJBf6ZoNM=; b=nsS7qlvPwPR+ZT8O+HKuWxQV2wHW05HObYjC4PBNymtHKEDOHr6QtCsckRu9+NJ9FhWACeTL2nY6khUKiDkKp+tzrUYShJx4cI0kYNcpHzNjb0epwRVdP7x6iSU425hqiB1uJc+xIyBmKsDOela+aiJ9ywOBg9opL4TSgfogXTB0FQVIZ9X/nTqeYN8sMmtuC95LkR/MoRFYALXcM2gpr6p0mWoR+fP7Gin+o7sGkyW4c7gCnY3AZp7Pjzm3HJ2BAlM0clkFyWtO8GAi5/LMOMxTy0m9cP7YaapeeYeM7k8svg5AYX8Tbogepuy0LpexHVP0TuDMzEYhrJHB8tEB3g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1Q1nAniE/KVslEmbW4azLjwl2kmdRXH3jEuJBf6ZoNM=; b=wfwvT+jSQlS2A8otfKcX8CMD50HVDusA5DDwzedajKiNXvhotYu5xqGflNlnOFodwVPlXFYgsEUvHL7tXa3X03IKRJkf8TK0h0Q2ezj/SumoGfN9qslie4dOCottQ7es16aLm1Ig7/QO9fQ+rRuy3rpdPE8VxK3z5JM7lY6Px3c= Received: from CH3P220CA0027.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:1e8::25) by DS2PR12MB9686.namprd12.prod.outlook.com (2603:10b6:8:27a::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.21; Mon, 11 Aug 2025 09:47:06 +0000 Received: from CH2PEPF0000013F.namprd02.prod.outlook.com (2603:10b6:610:1e8:cafe::a3) by CH3P220CA0027.outlook.office365.com (2603:10b6:610:1e8::25) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9009.22 via Frontend Transport; Mon, 11 Aug 2025 09:47:06 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH2PEPF0000013F.mail.protection.outlook.com (10.167.244.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9031.11 via Frontend Transport; Mon, 11 Aug 2025 09:47:06 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 11 Aug 2025 04:46:58 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v9 06/18] x86/apic: Add update_vector() callback for Secure AVIC Date: Mon, 11 Aug 2025 15:14:32 +0530 Message-ID: <20250811094444.203161-7-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> References: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PEPF0000013F:EE_|DS2PR12MB9686:EE_ X-MS-Office365-Filtering-Correlation-Id: 7abbce41-1ba1-4643-03f3-08ddd8bc0893 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|36860700013|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?JkEj7FYb8UXWuz0W+LFdNJchKNZpHt2qkbEwHS1vl7y0fU55MsqUc6lqVRbr?= =?us-ascii?Q?MPE6fcomNCvaF9z5GlPv3+FEeqy4mflsDKE5rt+56ktt43XMXNf9TboxrDEH?= =?us-ascii?Q?sh/f4VYY6Ey28+1fhUjtGJOk/+Nd9MlrpUXJTLCZPK2aTmw3zZCTj/5jKOky?= =?us-ascii?Q?foB3cwWbs2eo/U0KPfaVOwLNMledDaaa4wbL9yjSH3gY/6ZSZVdLCcbSG4oc?= =?us-ascii?Q?aIce84arNeiwMw2lx6Va2MZDckkGNJgLAxkZ0v4xSDSyrsXUbfcMsoCVIUPN?= =?us-ascii?Q?tgnFGRkJE5YIAjuEslJJ0ab2St4jexpEGOTpf8+mBNfAY6jqZ78nTl1Lw5HP?= =?us-ascii?Q?GB1l/68mh/JtmhX1OrF6i1U0EHc5Yj3ktpI9R6A28XOCt//8emm0Z8nFWWCy?= =?us-ascii?Q?FkQWY7+UBedNh8Kob3TXTvdJ6gemD0YrHGdQOlwhjqwWreXY7iQ19mj9rVbn?= =?us-ascii?Q?N5wIhIPhrmz1M+OGeLqWDc5juwDnZFN3aCupsveU1VHxmAFeOWOO5d9YuGJM?= =?us-ascii?Q?S2JJOWoG2gH5Nit732eUYJHsHMNkS/lTR+9cLWbIIK11TuCXwbov4ZPwQANX?= =?us-ascii?Q?9YnDBQ+G3IcSkQb93emr++Xt5m3ilRuXIzzSwJpbb7+ogP799UIew7BEmVWb?= =?us-ascii?Q?oNtbT5VcSROO3h2IZcf4SHqvBhbjqY33oXLfF9lIFH/Ngn3YUjdM+cUhSUcK?= =?us-ascii?Q?yExR+yIakP4NiNwXjzssMd7NB9tiV3ygfZuNaS4E43IqAH0mK6bQkyPQ+rXq?= =?us-ascii?Q?T5cYwDdngV70l1zGZuUFvnsHIT+rievl0EHL20jO8AUM3mD88SvqXZETZ1l3?= =?us-ascii?Q?Fr3ICo8TNDu4+MgHD3pAhJeAqkdgaZtI2GGP/ubCWFIXrJgCi09v6nGPCbLO?= =?us-ascii?Q?6E2w2a3jBmGM3ZlKWHn5e8eqTAago/xyDKfXu2QE2+QbunYck5oWeQNlattW?= =?us-ascii?Q?M0p8F0n7CzPosnB+q32Hg+mX8NRNB4o1fz90EMd29W+DVuwzU2+OW6bMyPKo?= =?us-ascii?Q?bdbd3Jm+cDNH2M/1G/3YD0B/AuN18+6epgfuvmeRfynUhi4Urs9fYvegYXii?= =?us-ascii?Q?DvFx4Nv6gFL17qxX3sD5xmZY5vYs+BTVt9eTXCbASeUBlXZqHsI3Ev7ljXvf?= =?us-ascii?Q?rPQS76k8C8vzRLbbshy8oVHKjCRCnI3EOGZGFrzMvBgArL2qAj0ycTYqqqYS?= =?us-ascii?Q?rkmuweH17W6qcSBsDJVZsl4wvrFEWgkya2+BQpRRmB8YsZkfVdziNXMjMmfi?= =?us-ascii?Q?+RU6tQWcAvUxgc8oaniQh7Oxnz1gcNVRPQs8Ax0SeJ/miWNQheVOKcL5gAYs?= =?us-ascii?Q?CTx5PXdg20vMWo0tnt6DhQWPQLCZ1vPGHhyuj2hr8Jv+dGIbFrUd2q1naeE0?= =?us-ascii?Q?yXCOzwUeVBpJG7cxVm2UDQKIayyf0hikBRRhHkH5dyX58qBeIuomSZpw3fHW?= =?us-ascii?Q?58HNgnQobPU1d7DOcDn0BbkG50f7pslItRsiE/F6PTp9+PK42+q7TSrpmn96?= =?us-ascii?Q?O/JjHi9AyUhuZEiPFcBOIOwC0bqpuZT2U4Ra?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(36860700013)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2025 09:47:06.5245 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7abbce41-1ba1-4643-03f3-08ddd8bc0893 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF0000013F.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS2PR12MB9686 Content-Type: text/plain; charset="utf-8" Add update_vector() callback to set/clear ALLOWED_IRR field in a vCPU's APIC backing page for vectors which are emulated by the hypervisor. The ALLOWED_IRR field indicates the interrupt vectors which the guest allows the hypervisor to inject (typically for emulated devices). Interrupt vectors used exclusively by the guest itself and the vectors which are not emulated by the hypervisor, such as IPI vectors, should not be set by the guest in the ALLOWED_IRR fields. As clearing/setting state of a vector will also be used in subsequent commits for other APIC regs (such as APIC_IRR update for sending IPI), add a common update_vector() in Secure AVIC driver. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Reviewed-by: Tianyu Lan Signed-off-by: Neeraj Upadhyay --- Changes since v8: - Added Tianyu's Reviewed-by. - Updates to use struce secure_avic_page. =20 arch/x86/kernel/apic/x2apic_savic.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index 55edc6c30ba4..cfe72473f843 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -27,6 +27,22 @@ static int savic_acpi_madt_oem_check(char *oem_id, char = *oem_table_id) return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); } =20 +static inline void *get_reg_bitmap(unsigned int cpu, unsigned int offset) +{ + return &per_cpu_ptr(secure_avic_page, cpu)->regs[offset]; +} + +static inline void update_vector(unsigned int cpu, unsigned int offset, + unsigned int vector, bool set) +{ + void *bitmap =3D get_reg_bitmap(cpu, offset); + + if (set) + apic_set_vector(vector, bitmap); + else + apic_clear_vector(vector, bitmap); +} + #define SAVIC_ALLOWED_IRR 0x204 =20 static u32 savic_read(u32 reg) @@ -135,6 +151,11 @@ static void savic_write(u32 reg, u32 data) } } =20 +static void savic_update_vector(unsigned int cpu, unsigned int vector, boo= l set) +{ + update_vector(cpu, SAVIC_ALLOWED_IRR, vector, set); +} + static void savic_setup(void) { void *ap =3D this_cpu_ptr(secure_avic_page); @@ -208,6 +229,8 @@ static struct apic apic_x2apic_savic __ro_after_init = =3D { .eoi =3D native_apic_msr_eoi, .icr_read =3D native_x2apic_icr_read, .icr_write =3D native_x2apic_icr_write, + + .update_vector =3D savic_update_vector, }; =20 apic_driver(apic_x2apic_savic); --=20 2.34.1 From nobody Sun Oct 5 01:49:21 2025 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2078.outbound.protection.outlook.com [40.107.244.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4FE8D20D50C; Mon, 11 Aug 2025 09:47:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.78 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905652; cv=fail; b=ddu8PE2oAKG7LFwNN9UG7BKmpJDKgM5YwiVoalBU+fRP7p2hY/vVygyxfd0CfECNRos5wSb4NwoSbUL3Eb9lha7dpeIo7wzddDLZa+0ErtzldDG+B9M66Z5flsRfUK9ErLZtAkKA4woUWchvUubir2G5iQ9htj/hBryGV7vVG1k= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905652; c=relaxed/simple; bh=ldg1/F0v9zbbEE6vI0AvHAmbwhvVohCtGbAN1IZbFxs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=HKUJiT4TZ1xeXaSEOCKRYFeI/9oVctzxk9lrDweiSblx98FWEjTS6TbSeh2w+uQwrqxIS4BayTi6Ndfl5SH5HbwefvPitx71lbkt678Jvb2b3UWl+Z0dAV7glsmEKjpjJPJ4nV+zvbTS8j3kSIsge9zAfPbwYuNuuLvOE6P49Lo= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=yObn8FQU; arc=fail smtp.client-ip=40.107.244.78 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="yObn8FQU" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=eX6cpzX4gCvcFDlu/PycYv6ZI4NLP867AUT8J89Xt0IuniMirvWsqIVl3EAZUp90xwskPreI4uEPGBkKqpmp2TRndG2quoWpSbIxwt5tv5OyNJ9wLHOEyY+jDc/38Mi0womfAgZDuqfOMcs+CwoXwerMlIYd9poF4z9wMHnvvkY8E8hQWdm0rioE8fsp6ueUejDFcBStXPeuoFDr3hc6lo0KIrBzs9+9ww2ygAfev62AqE2Bf674klSgKn5IG9738ikmZZTr8WV1Gx245bhFaz1eFIPK3eCam1JYCeRygUcEUIgTm+SBtXIN1cYBDHMttu0LW13aote/PAvt2ZvzPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=r5WsYXUrFFjeeCKFlLmbK66wPd9/mxxbliew4Uv3Wug=; b=JR/HC7hzp66sgJZ36jWY09QMvQ97jSorrmtfEDyO1UAxW8mRx2XLqhSk6w6ksBNKzJJmWJGPkEi8P24b/0r3WN2/K9fcPeMSzeCSEVa4errRMy3ZJya50i4qWvRz2cMguYCdo8zt09YxFLL+jT4FpMAGbi9bC3mmBq2Ajgz1yxQmoMyZveWGuD/rrWXnSUnSJIfJ2nCD2XGaAdFILSb/beYMI7bcMecTW7+yFxZ9JmIgcbr0XjS23bqJ3E7uKYKpEp+4j+tjb+4GTN9dMS5ozUcp6JGzAmyMiBkSLRnBO5hc1HGA2fhDJoGeVxsMnoTWmGjmmJ1TY8PzJTXr6M+DAw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r5WsYXUrFFjeeCKFlLmbK66wPd9/mxxbliew4Uv3Wug=; b=yObn8FQU16Ft4UOGEO93QWGbHpzZKGZ/3WJdXhk6c8xybkpTPt7w8mXrrsV5/7LJprAoYSrP0If0UBnhfmt//61+JqhAAQznDFeVz24tvJaWFJIu9te0N/lKPR3dtSvUxdciMnHH6mGPaRYJLqwcbTOdrHIG4e+h/IsRsu1YCUg= Received: from CH0PR03CA0221.namprd03.prod.outlook.com (2603:10b6:610:e7::16) by PH7PR12MB8106.namprd12.prod.outlook.com (2603:10b6:510:2ba::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.21; Mon, 11 Aug 2025 09:47:26 +0000 Received: from CH2PEPF0000013D.namprd02.prod.outlook.com (2603:10b6:610:e7:cafe::7b) by CH0PR03CA0221.outlook.office365.com (2603:10b6:610:e7::16) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9009.21 via Frontend Transport; Mon, 11 Aug 2025 09:47:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH2PEPF0000013D.mail.protection.outlook.com (10.167.244.69) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9031.11 via Frontend Transport; Mon, 11 Aug 2025 09:47:26 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 11 Aug 2025 04:47:18 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v9 07/18] x86/apic: Add support to send IPI for Secure AVIC Date: Mon, 11 Aug 2025 15:14:33 +0530 Message-ID: <20250811094444.203161-8-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> References: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PEPF0000013D:EE_|PH7PR12MB8106:EE_ X-MS-Office365-Filtering-Correlation-Id: 520f0bea-e645-4b3d-bfed-08ddd8bc1451 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|7416014|36860700013|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?i88LsNbRw+sGZSJWf0k+VsEnqt2YvpDj7U+uOUWcEIFbiVeLSuZJMFc3fJme?= =?us-ascii?Q?6IGj8xU0YUS0LoaZ2KuRxKR2rKxn2/47VhloammTHeuV11ueIDR3uNCqrH6t?= =?us-ascii?Q?wA7wefWbeJLfwk0HPlZs+KhNNjLb0+LOmNy4qikzR6zd+vx2Cf/fbTMbIQo/?= =?us-ascii?Q?AAqALBropQ6eDwUB8M0lpT5fnX4AHLchApl89nNnNfmS4Z9QpvjeW5d4hRM4?= =?us-ascii?Q?xUyUhj8bi+DYRLrBiZTlPLWIshv+6GjamqlTg95fWyiMXMoyDQkFMVvKQ5Cq?= =?us-ascii?Q?WoKnucVcYJEGI4EppdvxrEttR25uu32KmuJ2ABRU1lY+uspPtkdwK6aGICgx?= =?us-ascii?Q?I/KKRAWHVdaXcBHL5jH3Kh2g66oEQ5FaShrhtrmDXYPTe0cfkjz9J2PJJvoU?= =?us-ascii?Q?iVayJn+lgbZfafR9RUbqf8ZS9rbGN/lYlGZ1f54Xq+tZsJGMLg2qixdvCqp3?= =?us-ascii?Q?taGHqEJ4vQGxXXH9LP7g32M/6BYifMeFKBzZ9RVNFaQ91FOi4BKDhwG+Wh3k?= =?us-ascii?Q?mamZcj88HlEc+SbMx/JhCAYzVCm0uu3iHBn5eMYorMt3JmAkfWBptQC3G7kk?= =?us-ascii?Q?M4b+QBM6xxVjzNq1zOOLr74vVRwvgGLqUBL4PYRf1dozLPbVgAKwIQC3j5Bl?= =?us-ascii?Q?5rL3kQigj79Q1+R/WCDEAK6+TTu1CVFX0aWaZgsxTeBZYUE4w28R4qdZrnbO?= =?us-ascii?Q?hCrXs9etuvLc251yletkWh0Zs39PxFd0zGJ0QoAibUo2Y1YmPUP/8A4itPw7?= =?us-ascii?Q?rs8dk8WV0hkGRA5zbYGn8p0x0BNijv+SPV8m9QmzxBqN8Qq/B1PO01CTYi4f?= =?us-ascii?Q?/t70d0jP0Ij7VYNuRZBay8rTvRrJNVUJIGthN0kB8JaCXrWqKhdpKKbUtRiX?= =?us-ascii?Q?FYagDAXxQvlST7/XKV3W2ZNPIrbVu5j5pZRGYOqiQRwH53Tjr+plYYWpr9Da?= =?us-ascii?Q?PXxwyifEmuETee3WuvukSALRDBw65+LTl2pihuIO/u6VW0Qvd+uYeNoKk3wo?= =?us-ascii?Q?wdq6CnsP0FouNrYuqezIuc1pJCLVEBFha1xIVc42PzhEW+6OlVFdefXhIVtC?= =?us-ascii?Q?h5bvpV8qMMtmSdUDiJ99UMZWqVoTP/dV6lh2iBi3NZZcPkAfegnN+jHvyG4h?= =?us-ascii?Q?K0UtSphL5+mt1M2BcT+KzlBpbdMdyn2z68+RyUet+8URjeptzad9nsI92y3v?= =?us-ascii?Q?49JeuS4YG4XW2KaxN4XwKjG19+bPX+dfi4pyd0PN0klGCNPoc7jIl81Y0JzP?= =?us-ascii?Q?qIGA1y5yfTe41Kx/+B256d9ccSpC3no5BR1aXPtmu97f+gCL6W06vgGVNBz3?= =?us-ascii?Q?5foX7sHWPgP/Iv9jK2ig9ZL/xX7r4uaRsw2V8Lrn0UZN79cpPxHFvsYPgTrm?= =?us-ascii?Q?AQNplUY3FLZ/oiBs8kmJUWJScJrUDwRBq3cAjQsR5PtFDRhqqZln7PA1IOrX?= =?us-ascii?Q?t3so70Poh9ib1J59wovF6P79cVeFoGfVs8MoxGaJ/yaQc2ofc+f1IhJQKHp2?= =?us-ascii?Q?iA8VAQ9SPd+w6gKO38WhJxzUI/FqzGA7V3i2?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(7416014)(36860700013)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2025 09:47:26.2275 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 520f0bea-e645-4b3d-bfed-08ddd8bc1451 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF0000013D.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB8106 Content-Type: text/plain; charset="utf-8" With Secure AVIC only Self-IPI is accelerated. To handle all the other IPIs, add new callbacks for sending IPI. These callbacks write to the IRR of the target guest vCPU's APIC backing page and issue GHCB protocol MSR write event for the hypervisor to notify the target vCPU about the new interrupt request. For Secure AVIC GHCB APIC MSR writes, reuse GHCB msr handling code in vc_handle_msr() by exposing a sev-internal sev_es_ghcb_handle_msr(). Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Reviewed-by: Tianyu Lan Signed-off-by: Neeraj Upadhyay --- Changes since v8: - Added Tianyu's Reviewed-by. - Use struct secure_avic_page. =20 arch/x86/coco/sev/core.c | 28 ++++++ arch/x86/coco/sev/vc-handle.c | 11 ++- arch/x86/include/asm/sev-internal.h | 2 + arch/x86/include/asm/sev.h | 2 + arch/x86/kernel/apic/x2apic_savic.c | 138 +++++++++++++++++++++++++++- 5 files changed, 173 insertions(+), 8 deletions(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 0c59ea82fa99..221a0fc0c387 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1085,6 +1085,34 @@ int __init sev_es_efi_map_ghcbs_cas(pgd_t *pgd) return 0; } =20 +void savic_ghcb_msr_write(u32 reg, u64 value) +{ + u64 msr =3D APIC_BASE_MSR + (reg >> 4); + struct pt_regs regs =3D { + .cx =3D msr, + .ax =3D lower_32_bits(value), + .dx =3D upper_32_bits(value) + }; + struct es_em_ctxt ctxt =3D { .regs =3D ®s }; + struct ghcb_state state; + enum es_result res; + struct ghcb *ghcb; + + guard(irqsave)(); + + ghcb =3D __sev_get_ghcb(&state); + vc_ghcb_invalidate(ghcb); + + res =3D sev_es_ghcb_handle_msr(ghcb, &ctxt, true); + if (res !=3D ES_OK) { + pr_err("Secure AVIC msr (0x%llx) write returned error (%d)\n", msr, res); + /* MSR writes should never fail. Any failure is fatal error for SNP gues= t */ + snp_abort(); + } + + __sev_put_ghcb(&state); +} + enum es_result savic_register_gpa(u64 gpa) { struct ghcb_state state; diff --git a/arch/x86/coco/sev/vc-handle.c b/arch/x86/coco/sev/vc-handle.c index faf1fce89ed4..fc770cc9117d 100644 --- a/arch/x86/coco/sev/vc-handle.c +++ b/arch/x86/coco/sev/vc-handle.c @@ -401,14 +401,10 @@ static enum es_result __vc_handle_secure_tsc_msrs(str= uct pt_regs *regs, bool wri return ES_OK; } =20 -static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *= ctxt) +enum es_result sev_es_ghcb_handle_msr(struct ghcb *ghcb, struct es_em_ctxt= *ctxt, bool write) { struct pt_regs *regs =3D ctxt->regs; enum es_result ret; - bool write; - - /* Is it a WRMSR? */ - write =3D ctxt->insn.opcode.bytes[1] =3D=3D 0x30; =20 switch (regs->cx) { case MSR_SVSM_CAA: @@ -438,6 +434,11 @@ static enum es_result vc_handle_msr(struct ghcb *ghcb,= struct es_em_ctxt *ctxt) return ret; } =20 +static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *= ctxt) +{ + return sev_es_ghcb_handle_msr(ghcb, ctxt, ctxt->insn.opcode.bytes[1] =3D= =3D 0x30); +} + static void __init vc_early_forward_exception(struct es_em_ctxt *ctxt) { int trapnr =3D ctxt->fi.vector; diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev= -internal.h index 3dfd306d1c9e..6876655183a6 100644 --- a/arch/x86/include/asm/sev-internal.h +++ b/arch/x86/include/asm/sev-internal.h @@ -97,6 +97,8 @@ static __always_inline void sev_es_wr_ghcb_msr(u64 val) native_wrmsr(MSR_AMD64_SEV_ES_GHCB, low, high); } =20 +enum es_result sev_es_ghcb_handle_msr(struct ghcb *ghcb, struct es_em_ctxt= *ctxt, bool write); + void snp_register_ghcb_early(unsigned long paddr); bool sev_es_negotiate_protocol(void); bool sev_es_check_cpu_features(void); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 8e5083b46607..e849e616dd24 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -534,6 +534,7 @@ int snp_svsm_vtpm_send_command(u8 *buffer); void __init snp_secure_tsc_prepare(void); void __init snp_secure_tsc_init(void); enum es_result savic_register_gpa(u64 gpa); +void savic_ghcb_msr_write(u32 reg, u64 value); =20 static __always_inline void vc_ghcb_invalidate(struct ghcb *ghcb) { @@ -607,6 +608,7 @@ static inline int snp_svsm_vtpm_send_command(u8 *buffer= ) { return -ENODEV; } static inline void __init snp_secure_tsc_prepare(void) { } static inline void __init snp_secure_tsc_init(void) { } static inline enum es_result savic_register_gpa(u64 gpa) { return ES_UNSUP= PORTED; } +static inline void savic_ghcb_msr_write(u32 reg, u64 value) { } =20 #endif /* CONFIG_AMD_MEM_ENCRYPT */ =20 diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index cfe72473f843..dbd488191a16 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -8,6 +8,7 @@ */ =20 #include +#include #include #include =20 @@ -111,6 +112,73 @@ static u32 savic_read(u32 reg) =20 #define SAVIC_NMI_REQ 0x278 =20 +static inline void self_ipi_reg_write(unsigned int vector) +{ + /* + * Secure AVIC hardware accelerates guest's MSR write to SELF_IPI + * register. It updates the IRR in the APIC backing page, evaluates + * the new IRR for interrupt injection and continues with guest + * code execution. + */ + native_apic_msr_write(APIC_SELF_IPI, vector); +} + +static void send_ipi_dest(unsigned int cpu, unsigned int vector) +{ + update_vector(cpu, APIC_IRR, vector, true); +} + +static void send_ipi_allbut(unsigned int vector) +{ + unsigned int cpu, src_cpu; + + guard(irqsave)(); + + src_cpu =3D raw_smp_processor_id(); + + for_each_cpu(cpu, cpu_online_mask) { + if (cpu =3D=3D src_cpu) + continue; + send_ipi_dest(cpu, vector); + } +} + +static inline void self_ipi(unsigned int vector) +{ + u32 icr_low =3D APIC_SELF_IPI | vector; + + native_x2apic_icr_write(icr_low, 0); +} + +static void savic_icr_write(u32 icr_low, u32 icr_high) +{ + unsigned int dsh, vector; + u64 icr_data; + + dsh =3D icr_low & APIC_DEST_ALLBUT; + vector =3D icr_low & APIC_VECTOR_MASK; + + switch (dsh) { + case APIC_DEST_SELF: + self_ipi(vector); + break; + case APIC_DEST_ALLINC: + self_ipi(vector); + fallthrough; + case APIC_DEST_ALLBUT: + send_ipi_allbut(vector); + break; + default: + send_ipi_dest(icr_high, vector); + break; + } + + icr_data =3D ((u64)icr_high) << 32 | icr_low; + if (dsh !=3D APIC_DEST_SELF) + savic_ghcb_msr_write(APIC_ICR, icr_data); + apic_set_reg64(this_cpu_ptr(secure_avic_page), APIC_ICR, icr_data); +} + static void savic_write(u32 reg, u32 data) { void *ap =3D this_cpu_ptr(secure_avic_page); @@ -121,7 +189,6 @@ static void savic_write(u32 reg, u32 data) case APIC_LVT1: case APIC_TMICT: case APIC_TDCR: - case APIC_SELF_IPI: case APIC_TASKPRI: case APIC_EOI: case APIC_SPIV: @@ -137,7 +204,10 @@ static void savic_write(u32 reg, u32 data) apic_set_reg(ap, reg, data); break; case APIC_ICR: - apic_set_reg64(ap, reg, (u64) data); + savic_icr_write(data, 0); + break; + case APIC_SELF_IPI: + self_ipi_reg_write(data); break; /* ALLOWED_IRR offsets are writable */ case SAVIC_ALLOWED_IRR ... SAVIC_ALLOWED_IRR + 0x70: @@ -151,6 +221,61 @@ static void savic_write(u32 reg, u32 data) } } =20 +static void send_ipi(u32 dest, unsigned int vector, unsigned int dsh) +{ + unsigned int icr_low; + + icr_low =3D __prepare_ICR(dsh, vector, APIC_DEST_PHYSICAL); + savic_icr_write(icr_low, dest); +} + +static void savic_send_ipi(int cpu, int vector) +{ + u32 dest =3D per_cpu(x86_cpu_to_apicid, cpu); + + send_ipi(dest, vector, 0); +} + +static void send_ipi_mask(const struct cpumask *mask, unsigned int vector,= bool excl_self) +{ + unsigned int cpu, this_cpu; + + guard(irqsave)(); + + this_cpu =3D raw_smp_processor_id(); + + for_each_cpu(cpu, mask) { + if (excl_self && cpu =3D=3D this_cpu) + continue; + send_ipi(per_cpu(x86_cpu_to_apicid, cpu), vector, 0); + } +} + +static void savic_send_ipi_mask(const struct cpumask *mask, int vector) +{ + send_ipi_mask(mask, vector, false); +} + +static void savic_send_ipi_mask_allbutself(const struct cpumask *mask, int= vector) +{ + send_ipi_mask(mask, vector, true); +} + +static void savic_send_ipi_allbutself(int vector) +{ + send_ipi(0, vector, APIC_DEST_ALLBUT); +} + +static void savic_send_ipi_all(int vector) +{ + send_ipi(0, vector, APIC_DEST_ALLINC); +} + +static void savic_send_ipi_self(int vector) +{ + self_ipi_reg_write(vector); +} + static void savic_update_vector(unsigned int cpu, unsigned int vector, boo= l set) { update_vector(cpu, SAVIC_ALLOWED_IRR, vector, set); @@ -222,13 +347,20 @@ static struct apic apic_x2apic_savic __ro_after_init = =3D { =20 .calc_dest_apicid =3D apic_default_calc_apicid, =20 + .send_IPI =3D savic_send_ipi, + .send_IPI_mask =3D savic_send_ipi_mask, + .send_IPI_mask_allbutself =3D savic_send_ipi_mask_allbutself, + .send_IPI_allbutself =3D savic_send_ipi_allbutself, + .send_IPI_all =3D savic_send_ipi_all, + .send_IPI_self =3D savic_send_ipi_self, + .nmi_to_offline_cpu =3D true, =20 .read =3D savic_read, .write =3D savic_write, .eoi =3D native_apic_msr_eoi, .icr_read =3D native_x2apic_icr_read, - .icr_write =3D native_x2apic_icr_write, + .icr_write =3D savic_icr_write, =20 .update_vector =3D savic_update_vector, }; --=20 2.34.1 From nobody Sun Oct 5 01:49:21 2025 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04on2065.outbound.protection.outlook.com [40.107.102.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2760B1DF270; Mon, 11 Aug 2025 09:47:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.102.65 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905671; cv=fail; b=Zwkj0z0qxJ0Md3QbWHSH926DFyBhH/qAPFZ8ONobqM1RP7j9j3YtJ9o9mqyiW2B9+kzwXLYcTP+KY69mKHCyHErpIVh5Lvs7bqsNNheptBzOEhy3W5q05tThhjd9Dz7XC8ZDYNWecQK9fcfuHZPC9TF5GLVDXfTB5rp9YigMkfQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905671; c=relaxed/simple; bh=ZONVpSkm0Bu/5WXM9dVcIWdUhuOrpWEdcFhfaNQqWVI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=lgimLeYfkHXvDKZwPDgtmMZjKMzrVjGSOM+UqctqcQDR7Llp5+VV//0gUgV2pzbEmuq+eSK4LjUVplw7IfywBmWY+fdlrkfE69hRIvY3odfuh7kEvw5gbMBzDftyVA4SI72JFWFvth4IVMpLHAFVuGFUUJkeJ+8IybTOTebx7SE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=dmSKwJXe; arc=fail smtp.client-ip=40.107.102.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="dmSKwJXe" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dcTLVpbZJepYKGrQhec4mLZWprLZFopqGLo0mRvWdpI0w5A8oa1kRbhJSNgw3/WozVYMcUHVU3MYHchtELV5wDdsWgwkh1mO73PPRTYf0t4Y/zlOziMdOwfWWkVixa9g1Aaf0Hb9P7I8DcEw2/I9DKZZwsynumOblJJ/jW7rnHE92Rz34XZiM/qVk9KLYetrC3CkL98USD/d9LZrRHdt1E5A83HPGL46S2FPjFcEy3Q7gw68Q6cOIUdrL0ipEbxkem8J2K48yHSb+BXQ1HVd3zjPo4qxKOXiJuqrbGRlyauv0QwTzFiYU2+UwDxefThDOtYRBU40VjbkPLn5xQgdiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=N1/V5md7qa+MbVNjRDAV+2U78r+pHjy+WQ1bdv33MVw=; b=WnjS0bHRkY7EpGc7vRHZI2aWuKZbmsbamzFNqsnT+9wwj4boAE2KdOL2NvJ7ymUL8Sl/FU30j+tDdPs6hCnLxxfoRAFU4fPOMSaAtkSQAXtp5PJahj9MByywpkQdcGJzRT+Y707wvhQhKeh2TPsDn1QM5Tihg0oiNMJFwY9HPpuCZPY02/iIIwY2lWjsWNkvSGMtnwoG3ymUBoHW8HSOMZwY+pTZqjAe8kY5go4ba/0h2/10nIy3cgUu4IjokG1TtnBrd9slcVpmUWR5FGhbfNPBiMHUCW7fB/gfJIlN+txCVAxh7VWBKN+GGQ29hnDydA0rN0U8hZING2JChAkO+A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=N1/V5md7qa+MbVNjRDAV+2U78r+pHjy+WQ1bdv33MVw=; b=dmSKwJXeMAJiUJOzV+2YEsBISlwPaDk0zJqVqyCACEWAQPK2fUMQIN6RIBE80/Y4JeIpmQXH1q5rBKmENZ3Ucn3h0nsUDzPwecXx6AGohC/079vmxlOwCfiIafktHitBivoriuTxy3R5qs4urgIWmCy/d7Sf8ivYoz89Qqacz6I= Received: from CH2PR14CA0035.namprd14.prod.outlook.com (2603:10b6:610:56::15) by CY5PR12MB6479.namprd12.prod.outlook.com (2603:10b6:930:34::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.15; Mon, 11 Aug 2025 09:47:46 +0000 Received: from CH2PEPF00000142.namprd02.prod.outlook.com (2603:10b6:610:56:cafe::eb) by CH2PR14CA0035.outlook.office365.com (2603:10b6:610:56::15) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9009.21 via Frontend Transport; Mon, 11 Aug 2025 09:47:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH2PEPF00000142.mail.protection.outlook.com (10.167.244.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9031.11 via Frontend Transport; Mon, 11 Aug 2025 09:47:45 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 11 Aug 2025 04:47:38 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v9 08/18] x86/apic: Support LAPIC timer for Secure AVIC Date: Mon, 11 Aug 2025 15:14:34 +0530 Message-ID: <20250811094444.203161-9-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> References: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PEPF00000142:EE_|CY5PR12MB6479:EE_ X-MS-Office365-Filtering-Correlation-Id: e314e345-1dd3-4178-a982-08ddd8bc200f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|36860700013|7416014|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?dNFwxKRso61pY4oaYiiLhzFu5VrEfFm3bwo5LtO8wU9GRUoOyQSCW9HBbIte?= =?us-ascii?Q?FwH8Tyog9wk+vIumDVHuPqLQQG3fctApNTSKARYlBv8GuOJwhIlM+rP8HBGW?= =?us-ascii?Q?nr5AmnaakrGtScPgHnBZRrUDsQx5vZ+qm/owOJIt4jsvI51+bSglG96heKtH?= =?us-ascii?Q?WbJrVSc4Pdn0btk6KbVk9M1Bab0D1INFeub1BTiQp8O/vTFXPpqAhJ3gKgSC?= =?us-ascii?Q?F5rL50hZ4zDBmKOA25oNs5TsFB9nGxGAXxdlL/yvjEWRXEzyntKePNFLJ4PF?= =?us-ascii?Q?s51WHR/cm/N0nGdSDCiTi3eO6swTERoLskxl9ou1ma37uleqCKuZSwKoLhSY?= =?us-ascii?Q?+pqIoVk/A3mpZLXb9sTfnLOJieHlrluUZRoS85TUzUGVeMxBAYrKSLkNLhCw?= =?us-ascii?Q?BW/iOykuL59DULIyzuLbNhF72cmatWqo7cxS7JIt7SpCo7bZXGBEIWBY/LwF?= =?us-ascii?Q?E6r/tuv/jhKuVlS3he/MzVrL315RoRrFkVCjGU/7zlBOlJD5EK3C3A7a6SVH?= =?us-ascii?Q?KeQu/whchl2eQJ73NEbjHLvE6TzLHDIRReB39Jwsb0RMndUrppzNtWzfE8Ds?= =?us-ascii?Q?E2rVwIVNWIeCxm4Oae9OMFRJNbRrXfrIOpJ34gI7AYo4NsdazkV8FGgT+ffk?= =?us-ascii?Q?KWIlYs/ysJo08Kr6geGvk1b4DQJ5tFUlW3+OnJUtkeJXuwtQAq0WIfSBLjKJ?= =?us-ascii?Q?11i+9RC6Kyjgm8cQsMGvWdphKyZQyRRK74PyRASH09V7HKO51M52IZxNoBWZ?= =?us-ascii?Q?dbwGPe25rl+nArvKmMPnjp7cNLyYSZSGbXPonnvSTFvj+2cXvlPdhqkoAct/?= =?us-ascii?Q?r/Z9V2Q2SbxfBy3xkg+K1j2ixHHP3Y9TOor3Li1LtweXLVAdfZIL7yi6C+eC?= =?us-ascii?Q?HsAOGNbjyvxd3tnaPGyYjLZwtQBj4vTcxgelCzWUKpYFJJdOk+gBBsCTLXyQ?= =?us-ascii?Q?1pcu7kXtTDoV8Ww5ga4O/7YKyfDuMIIrZK7F4OVWIFBJ/wdPyIXM7HgmTQZG?= =?us-ascii?Q?pd/+dIi922PyT/uadyFlA8t7EeR+lRPz0u56I7SvvHvKP7tbCoX9k2mIKhkJ?= =?us-ascii?Q?T1eVYj3CYWYuzVUJhdYsfmnsF2/ocnVUaKyfpEAuwkEd5JFmNitrx0J3jcWx?= =?us-ascii?Q?ER3liZcrlJsTKQZr6Aklc77apAa6zxjaGCku9+GTNE1bhUs9ixpdhJPmPoEn?= =?us-ascii?Q?aaSj5dFF7yVAzhUsj5fzLK+bcgeekDCq9ENwn0ssYSZtpxhAzOWuGlz+DBqE?= =?us-ascii?Q?YIraVRFEtxumdEP7eG7xU7zQecsvO+hP2IUNhlIRrkZyQtuJrVTiSD+VfKKx?= =?us-ascii?Q?xufqyE981k72A7hJVOQKzQ3B2Upe6/cE+omF4eaCySINh7RMxg0br7sbapBo?= =?us-ascii?Q?2DEfULSdoUwq9zLWPxwcGpQceaNsadOBsB5ng7CfmzbcRbDhclyJ4CG8QC5s?= =?us-ascii?Q?NUIs5MWRdMWCPa63GP9eNQTefeOx8wjpnzUg2uKyMnMh7PbBQrA87QEWYy39?= =?us-ascii?Q?1Fwzt4TGxiu9y0wYczxyM/oQV4FAu0GCBCYx?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(36860700013)(7416014)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2025 09:47:45.9293 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e314e345-1dd3-4178-a982-08ddd8bc200f X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF00000142.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR12MB6479 Content-Type: text/plain; charset="utf-8" Secure AVIC requires LAPIC timer to be emulated by the hypervisor. KVM already supports emulating LAPIC timer using hrtimers. In order to emulate LAPIC timer, APIC_LVTT, APIC_TMICT and APIC_TDCR register values need to be propagated to the hypervisor for arming the timer. APIC_TMCCT register value has to be read from the hypervisor, which is required for calibrating the APIC timer. So, read/write all APIC timer registers from/to the hypervisor. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Reviewed-by: Tianyu Lan Signed-off-by: Neeraj Upadhyay --- Changes since v8: - Added Tianyu's Reviewed-by. =20 arch/x86/coco/sev/core.c | 26 ++++++++++++++++++++++++++ arch/x86/include/asm/sev.h | 2 ++ arch/x86/kernel/apic/apic.c | 2 ++ arch/x86/kernel/apic/x2apic_savic.c | 7 +++++-- 4 files changed, 35 insertions(+), 2 deletions(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 221a0fc0c387..3f64ed6bd1e6 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1085,6 +1085,32 @@ int __init sev_es_efi_map_ghcbs_cas(pgd_t *pgd) return 0; } =20 +u64 savic_ghcb_msr_read(u32 reg) +{ + u64 msr =3D APIC_BASE_MSR + (reg >> 4); + struct pt_regs regs =3D { .cx =3D msr }; + struct es_em_ctxt ctxt =3D { .regs =3D ®s }; + struct ghcb_state state; + enum es_result res; + struct ghcb *ghcb; + + guard(irqsave)(); + + ghcb =3D __sev_get_ghcb(&state); + vc_ghcb_invalidate(ghcb); + + res =3D sev_es_ghcb_handle_msr(ghcb, &ctxt, false); + if (res !=3D ES_OK) { + pr_err("Secure AVIC msr (0x%llx) read returned error (%d)\n", msr, res); + /* MSR read failures are treated as fatal errors */ + snp_abort(); + } + + __sev_put_ghcb(&state); + + return regs.ax | regs.dx << 32; +} + void savic_ghcb_msr_write(u32 reg, u64 value) { u64 msr =3D APIC_BASE_MSR + (reg >> 4); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index e849e616dd24..d10ca66aa684 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -534,6 +534,7 @@ int snp_svsm_vtpm_send_command(u8 *buffer); void __init snp_secure_tsc_prepare(void); void __init snp_secure_tsc_init(void); enum es_result savic_register_gpa(u64 gpa); +u64 savic_ghcb_msr_read(u32 reg); void savic_ghcb_msr_write(u32 reg, u64 value); =20 static __always_inline void vc_ghcb_invalidate(struct ghcb *ghcb) @@ -609,6 +610,7 @@ static inline void __init snp_secure_tsc_prepare(void) = { } static inline void __init snp_secure_tsc_init(void) { } static inline enum es_result savic_register_gpa(u64 gpa) { return ES_UNSUP= PORTED; } static inline void savic_ghcb_msr_write(u32 reg, u64 value) { } +static inline u64 savic_ghcb_msr_read(u32 reg) { return 0; } =20 #endif /* CONFIG_AMD_MEM_ENCRYPT */ =20 diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index 36f1326fea2e..69b1084da8f4 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -592,6 +592,8 @@ static void setup_APIC_timer(void) 0xF, ~0UL); } else clockevents_register_device(levt); + + apic_update_vector(smp_processor_id(), LOCAL_TIMER_VECTOR, true); } =20 /* diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index dbd488191a16..668912945d3b 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -66,6 +66,7 @@ static u32 savic_read(u32 reg) case APIC_TMICT: case APIC_TMCCT: case APIC_TDCR: + return savic_ghcb_msr_read(reg); case APIC_ID: case APIC_LVR: case APIC_TASKPRI: @@ -185,10 +186,12 @@ static void savic_write(u32 reg, u32 data) =20 switch (reg) { case APIC_LVTT: - case APIC_LVT0: - case APIC_LVT1: case APIC_TMICT: case APIC_TDCR: + savic_ghcb_msr_write(reg, data); + break; + case APIC_LVT0: + case APIC_LVT1: case APIC_TASKPRI: case APIC_EOI: case APIC_SPIV: --=20 2.34.1 From nobody Sun Oct 5 01:49:21 2025 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2055.outbound.protection.outlook.com [40.107.220.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2BCC822652D; Mon, 11 Aug 2025 09:48:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.55 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905695; cv=fail; b=LafR8rlDPLmH/+zSllxOAqcurtFMEGEv+BPV2N0oiyICWqRCPbR8jgzO0uSLVPi0bpcsT3CQBgTFmrCj57IwqaAdyfGhM/3ZI8Ejl9kVOs7c00XpDbSQVoPKw8cO2JCg6+lIUoKOj03RblS9dClG7cVSMomhVwt7yYSHh5kB9P4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905695; c=relaxed/simple; bh=aueaM9mKf4R6E0+Px1kCeA2GIe7XCHtgiAgT/f7emRA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Wr/DtFqrGhG7gfnyI5gNf8QtFlSkj0k52DhRsTjnT82DErhSQE6aOXdaMsbwWgFw0kX2r+LTbS0WL0OfzsMb0HbUhR7iA0ELMOdVCTKeuonMdZvSxMkPjJk5bRntv1OycPXK9MpCIzBcqE5FTpwPrUag/nb7xKOunWZkdcBrCss= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=iHcd2L0h; arc=fail smtp.client-ip=40.107.220.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="iHcd2L0h" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=B0Ug9H5XC6OvhwhRR76DCixuaAOji+ahUEOjBZ2rsH3Gr6ZNGYby3Gv/ipQL7XzaaXLJLwZT9qHEgawY6GY0mpaKOW0ocWnqqhUBNZf9t8iqYFZBwuaef+BQb9yhH7WCGccBdKiABe8ey17Yqgk/O+bV0h1z25ZJMS3C3VSMvYZp/DqQ3GB5ykaFRZU/QKmBPtcTjMMMLwil0lTa5sHZ7l6gVbzIKqe40miiy470Pd320lM58ier4pR4g6ybqtQ2LcTGNY66Sm5fhfRIV2bAkm7bG/kyX8Sc2uzq5ih6f6M96oqrhHYqBBqkM5Hg1yYev71PQnsKslisGb6jsnLvsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bU3FFKs1RBndYYCrHLCJvB4FLnudjz9msxgwvGiu/oM=; b=a5Ds4smR0TsxhAFDJaa8fv/MGCYgxAHi/5ZDJFreyN4eQLFLeLWLrH2WkVh+EIb4MfYU0hsKeggE961mYT9ImSI+nLkEG35MODom+DxHpPsFel7VGYlV9h9FtLLst7K1bEz4/lzLPc1UWEjEzKyPTLxqygDf1jc1WkpwMCgKq3mnTDsK/KuZnFrfkujVsMj/wwNJspCRr649JLRztnLAuMT3JPMgYNSccA+mDZ+bCM2X6iCoURhM2JBMF6r06D2braJYwGN4VJAtICeScvwNaSR3XKYYNF/7ri4aMSs/FT4ka+UxzD02+9MBpo6WSwJ5NPCrFgOUuxumqBHBH+06YA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bU3FFKs1RBndYYCrHLCJvB4FLnudjz9msxgwvGiu/oM=; b=iHcd2L0haX1J0MHPuQ/Wg8O5np/81Va86fWKCCLF2spOVowF1n7bvoz2J2iEs9jVJ6d2OZTda0qDeuQ7JIE0zDRMuPD2F28f07SHZYKwf7ADaJ+dnnF8LjLruUWDk3O8K7qGwci5MATTlzDMY7xBs2F7pYfhyFS70rVqDvy0BM0= Received: from CH5P222CA0023.NAMP222.PROD.OUTLOOK.COM (2603:10b6:610:1ee::11) by IA1PR12MB9529.namprd12.prod.outlook.com (2603:10b6:208:592::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.20; Mon, 11 Aug 2025 09:48:11 +0000 Received: from CH2PEPF0000013C.namprd02.prod.outlook.com (2603:10b6:610:1ee:cafe::fa) by CH5P222CA0023.outlook.office365.com (2603:10b6:610:1ee::11) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9009.22 via Frontend Transport; Mon, 11 Aug 2025 09:48:11 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH2PEPF0000013C.mail.protection.outlook.com (10.167.244.73) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9031.11 via Frontend Transport; Mon, 11 Aug 2025 09:48:10 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 11 Aug 2025 04:48:04 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v9 09/18] x86/sev: Initialize VGIF for secondary VCPUs for Secure AVIC Date: Mon, 11 Aug 2025 15:14:35 +0530 Message-ID: <20250811094444.203161-10-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> References: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PEPF0000013C:EE_|IA1PR12MB9529:EE_ X-MS-Office365-Filtering-Correlation-Id: fa5fe2ce-c853-4271-08ec-08ddd8bc2f01 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|36860700013|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?8ixn/clvGxW7QJQy+eCiF0Cq+garqPO+HmvxzUe93WEb9blzHzif+YYsmHkD?= =?us-ascii?Q?SI5pCm4S3NtuJBEZTjTfn98kI0i6kSmosY98gBoGRwXeeZq3t8HS/bS6Anl5?= =?us-ascii?Q?Qqb5H+pnNQI5h6FD1jyKuSLIc9fMvvbWd4RtNXKxgJJ/rUcgtpqEWJ5fs5ry?= =?us-ascii?Q?ZT0BwG56i345kPRYwtNEaHDq65LPyoWq8cPwxCU3xUS64PorG/XUlECWAgF2?= =?us-ascii?Q?5ha2z+iJcnQ44q5dJYRTH0KpLlzdqiuuVdQ+L8KLrlZdEmly1hKb7M0SUe99?= =?us-ascii?Q?mjo3CTeLQTnEQwSk4w8D98DW5WY/bzmLcXX9ivBwaSVURWuqZp4/NNS8vzoL?= =?us-ascii?Q?SsjTbbMlhz7Q5g/Olce0/zJV2eyToUrSpZmKmoDTnOz7lnOjw6RJusnstWDy?= =?us-ascii?Q?M5jprVYy0udA28A9VvOq3mC1E7hUwhBLgvF5J6jMWogBVQVgzCbjAuqeRGpl?= =?us-ascii?Q?1HWkFyKMkzVcKKNDzzc1KGouCVxJhC5oGH+dmzt/Q23hSiyaOU0WQmDtNH/U?= =?us-ascii?Q?PMPQJK3di/3HnYCDgSquUX+KupHSkTRSAReNPHBSJfbU9fgE6j4pGH/ErZhb?= =?us-ascii?Q?8FQt3+EV893Tym3O5rd2LeYrXiEG60oxANEBuL7gA5LIxjOaGzxh/GcpLiC0?= =?us-ascii?Q?+RuAOx54iNkDBfxvc7yOt9kW7eS5RgGJPfLGOGMo4uCoL/etgAQUFZ8K6Ujn?= =?us-ascii?Q?D2LX790VrbbuujKDWSD6ypZyQwLYMw3GOcfxe20chnJeJ4vcqedf8kH7K7Hl?= =?us-ascii?Q?EVVfGthgWk5TpfwFyNofnTiGRNCbJDGA7/xTlsDZbrvw2FR7/tn9s2MD+xub?= =?us-ascii?Q?If30mpHBga6gHHLDKgF5rrzdpCufXf9hF9YLtXjfmSO7mIQCQAJLGEyqkipP?= =?us-ascii?Q?hq9/7+w7DSPd90vqLcEXXg3jvxmmf8qXsfndhzuY2LWepMBvkwyR7pt4fMFA?= =?us-ascii?Q?F2rysB4c0xyOFtc4nGeI+hR4YYvxDnBS5X3V6LnjwDCwSwt/MZk5aYzDh0TX?= =?us-ascii?Q?uI+suVzMaB4HW5sJoqF6xo6nOVzTPa4alMf/XEWXS/9rjSN7ZCEQA50nhSZa?= =?us-ascii?Q?pLHfvzD6FRAjQfpLCI+ibnVmTu306Qe+iO69vRphLe3TufnrfVHzXv/k2MWM?= =?us-ascii?Q?3LtzOz0JIXlF4u3ZJS25abjA7uF+80n2vyxR6+a4/JewuS2hYFt45637cxmJ?= =?us-ascii?Q?GsFneVRhInwV6TK4wcXI29AvR2eqToZPSUK8uabZvQJnCR6ITS6Uf8MmZlX0?= =?us-ascii?Q?/49T3SKq+w2/Y1RB6mYfvU1H30S/RpDbkTUCIU0+wtRm3xPY644zb0kQGuXH?= =?us-ascii?Q?9k0e+MhoF2mS7zfKpwVYh6v+FE5ilbEyuBt6gJLGR/CZnAQOXbw5IcFatf88?= =?us-ascii?Q?GHbtgsDe/6YeGQD5GQUZL/zEq4tKvpOXnWVpmjRPgTRdekqOIyQc7opWrAe3?= =?us-ascii?Q?fNNy7+K4csJ0gn6kSyqYsAWQ66FvqUUE6S59sffH47sv+rSjufM2CRHI5/F+?= =?us-ascii?Q?h2ISxlYPVcET50jVjGDoaRCzWQxaapz/X/Nj?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(376014)(36860700013)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2025 09:48:10.9937 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fa5fe2ce-c853-4271-08ec-08ddd8bc2f01 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF0000013C.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB9529 Content-Type: text/plain; charset="utf-8" From: Kishon Vijay Abraham I Secure AVIC requires VGIF to be configured in VMSA. Configure for secondary CPUs (the configuration for boot CPU is done by the hypervisor). Signed-off-by: Kishon Vijay Abraham I Reviewed-by: Tianyu Lan Signed-off-by: Neeraj Upadhyay --- Changes since v8: - Added Tianyu's Reviewed-by. arch/x86/coco/sev/core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 3f64ed6bd1e6..e341d6239326 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -951,6 +951,9 @@ static int wakeup_cpu_via_vmgexit(u32 apic_id, unsigned= long start_ip, unsigned vmsa->x87_ftw =3D AP_INIT_X87_FTW_DEFAULT; vmsa->x87_fcw =3D AP_INIT_X87_FCW_DEFAULT; =20 + if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) + vmsa->vintr_ctrl |=3D V_GIF_MASK; + /* SVME must be set. */ vmsa->efer =3D EFER_SVME; =20 --=20 2.34.1 From nobody Sun Oct 5 01:49:21 2025 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2087.outbound.protection.outlook.com [40.107.101.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BCC161EF36B; Mon, 11 Aug 2025 09:48:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.101.87 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905723; cv=fail; b=mRxOrDEakf236hmPN0Kgv0MDBELS2JxdkbasgbpcN/klGJi2j7D1wB33jCStfryjJ0trCBRQXuB7isVU47qSeRUaW8seR9XKKTtzQOiT0AW86SvEtcKD9u1yuADQ/d94PH1aizAQ9ffBhbXezW11cjJ4HY0Qkgp+EbxEDA3lCvE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905723; c=relaxed/simple; bh=QcFW9X8PQvWF4S05pRTlu3olpeieYWhGn7EYhGhwzks=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=dC5u9M3S8ycbrEqoyg2CYPcnxa3PqKnRO3h8CxfgyYCCZ/mjAFxzbz47ViPN7ArT4d+KiDxzCxCFFLEctQeUHxcTytyeFtyXAUdvYZzWnfuxRoAohXoE85XpMgRJjgZCgFnhthkFy5o+xeRkACizdZ1WRYIXlTSjRDCbA41VJO8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=LllLQcyg; arc=fail smtp.client-ip=40.107.101.87 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="LllLQcyg" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HNdzcgoSX3OquSNDfP75NK4I1O6Sr/etM0Yec8neVoq60PS6kq0HLLosl/uTtFa1vXNVP1POQkBAGtKklvGSC2+aPuTDf1KEkiNk3lPQj8ew/GfTZwlz4o2iaUsmFsdBJeoqZcBBs3XitB4jKwBLu/tv5oIROv6O13Q+rzc2eKxgRzWTcdRC+M5Oh0DzKCsKNFKN6GI1k4lH9bqbvb1mjELu6LH8rf2WaumsYuJgQJvxZem/S9stvfbqHEyRbCpaOVgjPa0w4zwkxGsHg+kI0Mcr7Mh9FVd454RqUJeld5VuWm4re3DjtJce3UiULZCFTk8omaTUIQ6CC5sfL4tQnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6mlIhzD3WZX/SzWktFKkCc4iAdE/XDdlKNSoYBUR5R8=; b=cX+uLPiktahjsxt6foNNxwT5J/BtNKagUNk7WQnvoPvr0s9yyvRHkSImQQMmh3JLb6tEt2vF2NJHi+fK11TnyGmb4ThZQfza+vhuHR/Nv5MByhosPuggdord73btIRSZdrTW14wgcmGzER7dr1Eg5CvZsMOkyJm8P5ooqvio+p/YPzHm5FCDmXP0h2JEjgTR3dc/3GLIrZ2KzMBruMN/XgStPbaLuPPCemstpnq1Ibly3bKm6Q1f+xeDvKAhGurRxEalKjdfo3vxNmOhlTd1s4AYlIi2uVQdcXKNk/Ccm0RYz7MSFyEEuLCTZtiT0xyz+Ft1mIHABO8073X5oXeEsw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6mlIhzD3WZX/SzWktFKkCc4iAdE/XDdlKNSoYBUR5R8=; b=LllLQcygGTpPprcACp3CiVST6Fkh5G8poOs1aP4WwK1ehh70mXmdYHa0BS8SxsYVHJpHhzOj3fxCn0+KXo84e5EAYp2B9lajN4c8/kWmbNhdo5TCp5dMtlRfvY0ywl+M+3c+HGGNoEneRK2ge9KaiOC7JVzalSchjOysT9GN9Aw= Received: from CH5PR03CA0009.namprd03.prod.outlook.com (2603:10b6:610:1f1::22) by DS5PPF5A66AFD1C.namprd12.prod.outlook.com (2603:10b6:f:fc00::64d) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8922.39; Mon, 11 Aug 2025 09:48:36 +0000 Received: from CH2PEPF0000013E.namprd02.prod.outlook.com (2603:10b6:610:1f1:cafe::59) by CH5PR03CA0009.outlook.office365.com (2603:10b6:610:1f1::22) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9009.22 via Frontend Transport; Mon, 11 Aug 2025 09:48:36 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH2PEPF0000013E.mail.protection.outlook.com (10.167.244.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9031.11 via Frontend Transport; Mon, 11 Aug 2025 09:48:36 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 11 Aug 2025 04:48:29 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v9 10/18] x86/apic: Add support to send NMI IPI for Secure AVIC Date: Mon, 11 Aug 2025 15:14:36 +0530 Message-ID: <20250811094444.203161-11-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> References: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PEPF0000013E:EE_|DS5PPF5A66AFD1C:EE_ X-MS-Office365-Filtering-Correlation-Id: 545fbfdb-5c36-4602-434c-08ddd8bc3e53 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|82310400026|376014|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?+u+mXbH0IB8tGHUgITUr2S0Tvi0l27WUeLNEf8jptyB2UFX7vA7x45SL4MVY?= =?us-ascii?Q?sGO2IgAfpi55o2cR6nVa1+6lv0HU6Oyw2xhTMiH+yke8KkbBckrQ/vKhHbBn?= =?us-ascii?Q?4sazQnVZMJN+JrTSXzhP0EwlT6vtcoRQHWJLB4cjkpFaMS2/WnNW2pzFXu1k?= =?us-ascii?Q?PjRBWb2vZhXjnRoUJXymghH3X/BiYZScZXB2DmgwgJ1NHIGL3KCFFg28qgvL?= =?us-ascii?Q?5Q6ZjOkOaUa9I+FXsiCfW98N0dXUGgHq2KHsxo5Za2VP6p7hqt8es3bT6U/J?= =?us-ascii?Q?zbsDrmb475QwbaydGXX9NHBSeH6g6MF5+r2P2tm/lnnD4XTGuI+18J5bbtEe?= =?us-ascii?Q?o/SawUNSM02FWXYz9fklYIWGBXZGy4itU50XUPp5TIrL+iTA5LlpiUzSfUn+?= =?us-ascii?Q?JU/dvfszYpOyo/T7QeyCMi0D8hl6f8EG0Y9cMFMNGCOG29u5WLlmKNvpbs21?= =?us-ascii?Q?1Aa5viyU2+cSr7k8gQig7fSYXBMHUtn8qPhWMu5MKWPiOTniPL+bytO/kIgt?= =?us-ascii?Q?0NbRS0RIJf/VDF94xDNLJOJZd4J1d03CY9UWybjckP/t5n8GWJ/6Lg61uyTR?= =?us-ascii?Q?MadeNyQZqnKEHkA//HT81DkzeWlF6nDkeyRk64zRUSqyeVwdVR0fvfXMtyA8?= =?us-ascii?Q?Onn8VndE4Si0QQ1TuY8iK4nl1l8SAUj+6dTOFAiqguIcZwUB0NWQO2LYBned?= =?us-ascii?Q?J+rR/tljFNajRP6AzXhMsp4bQcxl9fxYe4GYWh6IkIVQtZtE/i0EX3BG+hW4?= =?us-ascii?Q?EhZ2wMC4YndZf+cTZGoriDjGLAzwZprK7l2g5iQpTN6aK4KceeResX6XYtHx?= =?us-ascii?Q?parvATGSu0G/dys7eN70u1uD13g4iIrUF7L0jjBLYxDgBthqxzO0caYXH3R6?= =?us-ascii?Q?uDMSHUSs3QbNWV6HTYruxYmEhN15H5HTub/qRblV/UOQa8Vfj6nN5EdZGGJb?= =?us-ascii?Q?EH9MaxCOCkj55O7rGG58lDV7WvC57cWTemCasCUXmAEvYzBg0KhrtBlg4C2g?= =?us-ascii?Q?DRNDtZt/umMBNd9m5uHChsHVf4iY+aM0lEveOQfZ9HXeITRixyZ4amZOy7Y6?= =?us-ascii?Q?GJQDcxQSTGkVVsSs85tYhgdjPSMBRvO6ZqjjIYOAEZWTpVz7Gu2G836IZhoo?= =?us-ascii?Q?45QMuOWO8TjzIz8j6nnDHoLaE69hqvwMD+8Upc1dv5D/Dkk4CVI+hG7nXvoK?= =?us-ascii?Q?pYI77PLLztn0A/8zRHYZPy4N6iT9HFAj6iejecIxq/n9KyejPuW4EHBGzlA5?= =?us-ascii?Q?AfU7vG6eHxdfu387w3vCGrjIsIT9/xrzP6y9twyjX5vNJXFQtjSPRj/PL+Jn?= =?us-ascii?Q?2lwZlPIt3BzGKxJ2XBzA03HzgzW9O4VOb+5ivl+KuJpftrAbtZTcivWuIq/O?= =?us-ascii?Q?28LJuATeMGldxKR0vIyUK4KynwNjIpdRQ5la07ASqQnlMFv2V95WmQocUWzI?= =?us-ascii?Q?cPGc+ItzVcngyy5E29MUzVNfL/lA8tXj56fbkRnQayfvYG4zTjklwdduLdKa?= =?us-ascii?Q?xHaWOfXtHbjSBhRJZVq4T/bgFHphewMZt6BB?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(82310400026)(376014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2025 09:48:36.7037 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 545fbfdb-5c36-4602-434c-08ddd8bc3e53 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF0000013E.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS5PPF5A66AFD1C Content-Type: text/plain; charset="utf-8" Secure AVIC has introduced a new field in the APIC backing page "NmiReq" that has to be set by the guest to request a NMI IPI through APIC_ICR write. Add support to set NmiReq appropriately to send NMI IPI. Sending NMI IPI also requires Virtual NMI feature to be enabled in VINTRL_CTRL field in the VMSA. However, this would be added by a later commit after adding support for injecting NMI from the hypervisor. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Reviewed-by: Tianyu Lan Signed-off-by: Neeraj Upadhyay --- Changes since v8: - Added Tianyu's Reviewed-by. arch/x86/kernel/apic/x2apic_savic.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index 668912945d3b..62681fa4f1a5 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -124,12 +124,15 @@ static inline void self_ipi_reg_write(unsigned int ve= ctor) native_apic_msr_write(APIC_SELF_IPI, vector); } =20 -static void send_ipi_dest(unsigned int cpu, unsigned int vector) +static void send_ipi_dest(unsigned int cpu, unsigned int vector, bool nmi) { - update_vector(cpu, APIC_IRR, vector, true); + if (nmi) + apic_set_reg(per_cpu_ptr(secure_avic_page, cpu), SAVIC_NMI_REQ, 1); + else + update_vector(cpu, APIC_IRR, vector, true); } =20 -static void send_ipi_allbut(unsigned int vector) +static void send_ipi_allbut(unsigned int vector, bool nmi) { unsigned int cpu, src_cpu; =20 @@ -140,14 +143,17 @@ static void send_ipi_allbut(unsigned int vector) for_each_cpu(cpu, cpu_online_mask) { if (cpu =3D=3D src_cpu) continue; - send_ipi_dest(cpu, vector); + send_ipi_dest(cpu, vector, nmi); } } =20 -static inline void self_ipi(unsigned int vector) +static inline void self_ipi(unsigned int vector, bool nmi) { u32 icr_low =3D APIC_SELF_IPI | vector; =20 + if (nmi) + icr_low |=3D APIC_DM_NMI; + native_x2apic_icr_write(icr_low, 0); } =20 @@ -155,22 +161,24 @@ static void savic_icr_write(u32 icr_low, u32 icr_high) { unsigned int dsh, vector; u64 icr_data; + bool nmi; =20 dsh =3D icr_low & APIC_DEST_ALLBUT; vector =3D icr_low & APIC_VECTOR_MASK; + nmi =3D ((icr_low & APIC_DM_FIXED_MASK) =3D=3D APIC_DM_NMI); =20 switch (dsh) { case APIC_DEST_SELF: - self_ipi(vector); + self_ipi(vector, nmi); break; case APIC_DEST_ALLINC: - self_ipi(vector); + self_ipi(vector, nmi); fallthrough; case APIC_DEST_ALLBUT: - send_ipi_allbut(vector); + send_ipi_allbut(vector, nmi); break; default: - send_ipi_dest(icr_high, vector); + send_ipi_dest(icr_high, vector, nmi); break; } =20 --=20 2.34.1 From nobody Sun Oct 5 01:49:21 2025 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2067.outbound.protection.outlook.com [40.107.236.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7708319D082; Mon, 11 Aug 2025 09:49:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.67 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905741; cv=fail; b=PWyUOqZqbJdtTFMjyJbPCMtuVOq1DzF+JYmugqTX99zr5g1eGdlNGtSu7GsEHH7BiWWgTCo24ilih1OOcF+M284qnWoZkCouGbC6CaRrHuKDxy0jtxG9cWMHQorDun/dkNbK+thZOgvYFS3QV20+O2Pe3/ohiYz5qQ5EjESD/+w= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905741; c=relaxed/simple; bh=7RJjBSDqZNwHP++GR2RO9WmruLECrpbdKHk3fax29hI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=lrsQuY4n/jhHy5efCaB/P97Id2sA/LDLaRXxjcR44jeAJTuWkusBtsZWtPRlKxONN7DCusAyJ9Ny2CdpwAcb/EXmvHCq8rMSxlMYwajaw+nKVvOznv+cCM/v6qaSb56uc+dMEbyZ8G//Q2w037czx0qZFoV7RheX8vcF30SdzXA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=tfTHhqEe; arc=fail smtp.client-ip=40.107.236.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="tfTHhqEe" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=P8499xzGk1tulIrdQP6XK69Uw4RIl5wZ/BeIgT0wq84qROEialCjImYPJ82n/4nuQ/oRx1D3jAbw9gK0cPjG2LEVtJl3IcR5UiwJdkTENHBPGerqCiALPHFZoaj+oKpTksvlJldGdjnm6ldupPmyBcHEdGVlOvXrInDw1KE0/O7NYLmNgh9AlLpINr37YrZf7L9T2gA01rFughciKr7x2/mqfjlZdb3m5ElP6Gt2L05PhMWP4z4HrJ+9mLHWM7kjhm9ohxXOHDkZPUPuSNf1Z1UYpk/UA9TnjWI8f5rygTbqqi2E6K0nO5g913NJYcgSSS1xGTIQx6Ud10a7dPRiZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RuYogog6JbpIVPp6V49ZigfOMDYWz8c5LkiZWN4rReU=; b=hYdmocpGcJLaNtp+fhNu72r1aABYUr/y1zG+mckJ50Qnwh1099t45r+FBU8W/qYhYWnZjje23Rqf9HX4e6Gub63j4VpjAn2LeOxmSNcsb50z0lD1STa5zAfKzEapREhueZjZaHqiMDLlymzAbfMgOYGJP/mtrsTaL28GlwnBYDJDaAHSxlqFLNk+oegMc8Zpg+XwJhEui/qXHnMECOy6z7Z8YEzVnjddefkV1kot1NSYnK00W272/AKcBFfHSfM+5KrWk68YgP+Ar68zf8vRXRgJy8x6K331KPJ5M66FuORo5C+PM8R1GVL4fhDCc7CfdFoEkIrkonYTGBoSN77vlQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RuYogog6JbpIVPp6V49ZigfOMDYWz8c5LkiZWN4rReU=; b=tfTHhqEe3FArfLV8fE8cEcHwR03Os2j0a/p2LlZPHrJS8p1i3RVYqKN09FGtEHMRfOM/E/jcG3AOqZuK3+fr+ZbMaE63OngH5BUAF+XEsXI+u4QfH+6Fsgi44K0k5w8Kx4d+MTOsHvlHG41sGqVU6NS9cikl5H3lY7FzBU7CaGc= Received: from CH3P220CA0023.NAMP220.PROD.OUTLOOK.COM (2603:10b6:610:1e8::29) by SA0PR12MB4431.namprd12.prod.outlook.com (2603:10b6:806:95::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.21; Mon, 11 Aug 2025 09:48:56 +0000 Received: from CH2PEPF0000013F.namprd02.prod.outlook.com (2603:10b6:610:1e8:cafe::db) by CH3P220CA0023.outlook.office365.com (2603:10b6:610:1e8::29) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9009.21 via Frontend Transport; Mon, 11 Aug 2025 09:48:56 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH2PEPF0000013F.mail.protection.outlook.com (10.167.244.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9031.11 via Frontend Transport; Mon, 11 Aug 2025 09:48:56 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 11 Aug 2025 04:48:49 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v9 11/18] x86/apic: Allow NMI to be injected from hypervisor for Secure AVIC Date: Mon, 11 Aug 2025 15:14:37 +0530 Message-ID: <20250811094444.203161-12-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> References: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PEPF0000013F:EE_|SA0PR12MB4431:EE_ X-MS-Office365-Filtering-Correlation-Id: 1c2efa8e-0f22-4201-df57-08ddd8bc4a0a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|36860700013|82310400026|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?gDguzmn5tmfWdCRFSi3y1tJeP1Cb6yO1kTMC6u/nUFCqs+8YEiBIPp9aYjMj?= =?us-ascii?Q?5oWfANON8QN2nlFIsXh3fIzbiX6CHgXP7nsysdcL1loMzZ4qTOQk6SrnJ5tl?= =?us-ascii?Q?UVu3LzNRc+/mwlRCbCxnX04GzlWz+GCe5AQUiaap/U4i9RNo+nbMrCtTnlr+?= =?us-ascii?Q?En4W3BRKwTqUOCXbRjDqLc6PJeko8qUvp5Bm/knUpZCoXbsH5F2/nH06vIPa?= =?us-ascii?Q?7Gy48FLIH4UrPliBnF3DxQA+UaiOwWF8OPP1f01LjEXi8BWj9/QnSaVxXjr7?= =?us-ascii?Q?GdHTbV3eHwpgK1dHBTs9s2Y0vlt1RN47mwwCX3RpjFDeJbSKDgp5A4rUdLkd?= =?us-ascii?Q?ZRtBO2jZrlQC7LMXUjNZI9+30uzXmnQJ9wdTUMnRceTDPHN+fHcL7K9GU4sB?= =?us-ascii?Q?/wnAFOgnylAH62JCcfzqMrKXCS1p9gP8ot3eOE0Hv+qZQq1ZWjux1Ltqoir8?= =?us-ascii?Q?BK/8fcccuMNedTo6XnBFUsHQZyts9Jjl8xpUBbxpQ16cJ5vfEqyh0OXkwGpg?= =?us-ascii?Q?hS8PAUiR9eRPx8YvUJDtAIE+07ZDqkZraqxTHtbrmBAFiXpzuUck8PyGjwGK?= =?us-ascii?Q?N+Q6PfYkINFBdAxhNItcWd6RVVlxGN+K0PkcPnBiCuvvB1ZkLJbyIDYHjUja?= =?us-ascii?Q?H6TcVuVuTgz1rP18vtMJ8JTqYr+GmAV+3c2hTFTZq/A8ra8XX19h9RzqR0EK?= =?us-ascii?Q?OcUqk97BpEVJ8I3z4xSA2CudT56/eyxXXpJ/PYO7AEWBwLxeTkYmKr5fd+9M?= =?us-ascii?Q?AJBrHlOQQYJSWeL02c12YfTP2Z/Ga0c3aplXUzbNVTzx99/nqIII/GOs38G6?= =?us-ascii?Q?DCixWGuWdEc8ZAL+iEd6UzMKUwTAw4/XNFwQjjxc302ia3UtibKCMDcAGbz3?= =?us-ascii?Q?ShehxEr2eUCtW3i8pShZmYIf7V8HC1AZo71SxwRkk6PPTSWknfx+eqE3XbOe?= =?us-ascii?Q?cJRoEBuGxQpLzTp06wsTYIXfsbH26thuz0K7ePt3X7PUva+A4sc/iIxerrtc?= =?us-ascii?Q?R1LvVo9QU//QqR1OHqeBNLZNuVZgXgcZz0xVayp8Qg/7f6Jb/vDUVvSHoOZC?= =?us-ascii?Q?+A8SeLs2CYyE2FQkwBro83NBKk/i3MfX49YbRrnTTMCmQGfjB97+/0w54FBs?= =?us-ascii?Q?yEPkSk6Np+L+NtBnqUDnlBn4kQha7Z40egRcLcDOwwpb4VeyUtJ33DO3LxGJ?= =?us-ascii?Q?E/RPKaGuGTexcUQvPWtIEb7uG9aFQn3EI8JjNNzheq7EDoITsn4CS6Yp52ob?= =?us-ascii?Q?pEkCm1NaiEWGEmlPoAfyREFEP4H9xdj/WthNEiDUTED0omd/i5XS78j+inrk?= =?us-ascii?Q?pU9Zlz4/4LyzAYR3/dc2+pXVyT0jLPn7XkcDf2uuogfrBAan2dg/99rIwbPh?= =?us-ascii?Q?w/ydsuQbYCU58NsTOCP/VU4ZYA6USMKOdvqDyVsWFu9d9rFxO1qjk6lKhQ37?= =?us-ascii?Q?y9DFa6rxtrh2aY+dknGZinWPVR8zAovy4TFmhj3Da7FpDkoUnKgz7/G2wyzf?= =?us-ascii?Q?f4tXoA2Mk7veP6KNemFLpyOkSBGql8CKaoAm?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(7416014)(36860700013)(82310400026)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2025 09:48:56.3608 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1c2efa8e-0f22-4201-df57-08ddd8bc4a0a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF0000013F.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4431 Content-Type: text/plain; charset="utf-8" Secure AVIC requires "AllowedNmi" bit in the Secure AVIC Control MSR to be set for NMI to be injected from hypervisor. Set "AllowedNmi" bit in Secure AVIC Control MSR to allow NMI interrupts to be injected from hypervisor. Signed-off-by: Kishon Vijay Abraham I Reviewed-by: Tianyu Lan Signed-off-by: Neeraj Upadhyay --- Changes since v8: - Added Tianyu's Reviewed-by. arch/x86/include/asm/msr-index.h | 3 +++ arch/x86/kernel/apic/x2apic_savic.c | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-in= dex.h index 2a6d4fd8659a..2efc03d324c0 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -703,6 +703,9 @@ #define MSR_AMD64_SNP_SECURE_AVIC BIT_ULL(MSR_AMD64_SNP_SECURE_AVIC_BIT) #define MSR_AMD64_SNP_RESV_BIT 19 #define MSR_AMD64_SNP_RESERVED_MASK GENMASK_ULL(63, MSR_AMD64_SNP_RESV_BIT) +#define MSR_AMD64_SECURE_AVIC_CONTROL 0xc0010138 +#define MSR_AMD64_SECURE_AVIC_ALLOWEDNMI_BIT 1 +#define MSR_AMD64_SECURE_AVIC_ALLOWEDNMI BIT_ULL(MSR_AMD64_SECURE_AVIC_ALL= OWEDNMI_BIT) #define MSR_AMD64_RMP_BASE 0xc0010132 #define MSR_AMD64_RMP_END 0xc0010133 #define MSR_AMD64_RMP_CFG 0xc0010136 diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index 62681fa4f1a5..2bae2f711959 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -23,6 +23,11 @@ struct secure_avic_page { =20 static struct secure_avic_page __percpu *secure_avic_page __ro_after_init; =20 +static inline void savic_wr_control_msr(u64 val) +{ + native_wrmsr(MSR_AMD64_SECURE_AVIC_CONTROL, lower_32_bits(val), upper_32_= bits(val)); +} + static int savic_acpi_madt_oem_check(char *oem_id, char *oem_table_id) { return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); @@ -319,6 +324,7 @@ static void savic_setup(void) res =3D savic_register_gpa(gpa); if (res !=3D ES_OK) snp_abort(); + savic_wr_control_msr(gpa | MSR_AMD64_SECURE_AVIC_ALLOWEDNMI); } =20 static int savic_probe(void) --=20 2.34.1 From nobody Sun Oct 5 01:49:21 2025 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2074.outbound.protection.outlook.com [40.107.223.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9DF8B19D082; Mon, 11 Aug 2025 09:49:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.74 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905764; cv=fail; b=p8swASRN+1CwiQgNE2812J7Nvt3q+FxfYrLhjHZyAhTAuxsuDAUIaVlHrbXYl1fh1r/aUrcHC6mDJRjPQAH62JXBWp1+ZmO0/LGgvYPD8tlkoWFyjQ3RRY/73bnkjrXLteVXjX4DF+itFyfIkDLksYekXvjoJszfONxL8VNKLNY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905764; c=relaxed/simple; bh=MZkmRk5jTeVJY9lb/9xUh4UXDEbWAcopE+3bc51OlgM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=li6eI+8gspxF+xOw88l8EOrV69nvt3lS30SpJyI8nEQaygxIALxyXMhr/8+KOZbi/7hY5K5L1upyo+Xhsfvcm3xA+HcNmvBJui+flU/lEEFrpaZl2dFy3N23GIHOwnPrRQAeNMjRt5J4WbBWGy/cvfmwVzCLG/KIFJch90jTqfM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=jwsX7R8O; arc=fail smtp.client-ip=40.107.223.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="jwsX7R8O" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=y14MaeIlUtlKvHZ5CXElWtp7oWYcCO0bCIlQC9Tmi5ZDkZt+9W+yzPi7Jhp2WYK0vHAZoVqcb7vkOS+ZMnJWzNippCJ3f5MU+r62UzrDm0l60uFiAmDX699FyqLNKX9+Ibb/qSYRhkkLr99iIrdl0MVl/7K3lFxokg/GHILJD1MLkC/XutZRScUmg2tHXvF5IOpxvMCPFQhzH10uo0Z0s0bUFvPy7w4l8++1IHK80N1fHZHjbHm1M3TB/yXxjpfOmsmQp+bMkBFBdTLs8uPqmNyjhMzvTHE55kJgi8rEEr3PQRssFOpyKGmK3hLSpxyr5kVueRiNFIXlwwT1kS3iQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=a9/EPmcDBDyaxk95Qznv70DiFqenoxrM0GksnLFkl7Y=; b=NRaFqn7Er+pLhKws7GNcyW7Emcdd8l4axgjoIWDL2inguqqBJ9yzpCcQE0RpzAOZYuTADWWcyfFjZrEIUT5k8d2k/laOZseb0/zIwblgPFXzqKbBVzvLIqGtJTXVXc3lNuhgWZvKLyq0lnUfVYN/CwJpjemZRldJoMkHMn4RfEDNZDxZmMerNe9COsbKC9YwUnAswm2vUW5CuFMgn9PYvB8oe8Vkx9fXj5LMbRWiTgZSXgc9SjEjGUIM2Z0v4DuIJukFxVD4Uy1yC6BFyxureaZ5j8pAOtEosv5zQXnRxsn9Nh8ltnILgXPpG1YKL2qxQ6a2woh+S7QlWW6szbzSbA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=a9/EPmcDBDyaxk95Qznv70DiFqenoxrM0GksnLFkl7Y=; b=jwsX7R8ONQxC0vHijQgCtvhXon636Zn4aLtItl8rDeFDdZjtRCEpOueyYMnPnu+GpucwhniuBywRFbPqb/2hYRV+jr7i1/qIVM2Ains2zz3wP7QWd1l7ekBEN5Jntujlmq9htYsByZJiQ72GFTi3gCyXSdOmWdVa92/5QYp0+1o= Received: from CH3P221CA0022.NAMP221.PROD.OUTLOOK.COM (2603:10b6:610:1e7::12) by DS0PR12MB8245.namprd12.prod.outlook.com (2603:10b6:8:f2::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.21; Mon, 11 Aug 2025 09:49:17 +0000 Received: from CH2PEPF00000140.namprd02.prod.outlook.com (2603:10b6:610:1e7:cafe::b6) by CH3P221CA0022.outlook.office365.com (2603:10b6:610:1e7::12) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9009.21 via Frontend Transport; Mon, 11 Aug 2025 09:49:17 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH2PEPF00000140.mail.protection.outlook.com (10.167.244.72) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9031.11 via Frontend Transport; Mon, 11 Aug 2025 09:49:17 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 11 Aug 2025 04:49:09 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v9 12/18] x86/sev: Enable NMI support for Secure AVIC Date: Mon, 11 Aug 2025 15:14:38 +0530 Message-ID: <20250811094444.203161-13-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> References: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PEPF00000140:EE_|DS0PR12MB8245:EE_ X-MS-Office365-Filtering-Correlation-Id: d89bc47f-76dc-4dbe-d211-08ddd8bc568b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|376014|7416014|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?HrRe+4m+qy1Zvb8h/EdzqOS822rQWLeX3+2SlSXRNWvo9I0pXgHsLR36dOUk?= =?us-ascii?Q?cjtSNDGUVD1QgeV7ni99MD8XZAsFCadTHEIFcB6iWhFM9V/O/4KYzXwVSEyv?= =?us-ascii?Q?faHkUlT53DJKsInZKevtnfCl1ONQHPWzctLy1wxhv7Hbmb4oLaVuS+bbVaby?= =?us-ascii?Q?tAQUimh3k5gccr2njpPADYoXm05VDNudqWFq2SX2weFYSPVhzdAVy1jvoLcJ?= =?us-ascii?Q?mEtpw0NCbO53ZbQRO9YhPSJdDum+jd+53KuAC123mZXc8eO+FV001vheBpxU?= =?us-ascii?Q?ml+PzAAOyFAaTPPFYP3RqbYwlgLvXdm/Q2Yt3yHpm1Hquurvvzf/W7hZT0o9?= =?us-ascii?Q?85m9C3j3avuCitNfHq8JAsw2hbOlfbLPWrmrhvg2oh2Jlw/p1cq9M+3mHEZJ?= =?us-ascii?Q?3fPe0PFmFt81gQDUob+oO7hkHPGTK2xPOd7VuMsrKUUjVownde7RC0iZ+AW9?= =?us-ascii?Q?AxiZizBns1QZIxh+ippYOkM05N2SOy2kntisGs1oBUdzQC0bYeVHCZL9DKVz?= =?us-ascii?Q?LZvojwuGxEiRCgXRBbcwyVWUW0d0+S2CUqqdvL6yJnKVC/88xVT3GrEiwW5E?= =?us-ascii?Q?0CltEbzRNJwjfzerAxajf2cM4i6qoeqUymN/ul42+mnUeRRuGE4817qc4jpf?= =?us-ascii?Q?AXw45ayrGOU0BU/gNeWkZZv2uoSSgfu2Nz1DxK0U4kGE+ZvDA37cRB1SgoyH?= =?us-ascii?Q?FtZOQG0acAdgo7DihmiJi3+zBljyk6yOKFVGDknC+vcPxyQe1q2lZd33ZHtH?= =?us-ascii?Q?9s+YRRV11jEyXT1XAlQ6VpbYIbgPbOzfGvIlzgoaJ7QTJRIuaP+emD+iihLE?= =?us-ascii?Q?oNe00gQJU0Zq5Mcg5fscCWoT1cqr/146K98LkYJToCfX1KCsC9LGbkQUIgS+?= =?us-ascii?Q?IuFBtyq/b13lweiShJk9T9/AfkTXI67PHavFlPPpM41PbkIM76e6sdPzIDR1?= =?us-ascii?Q?YoPJI7BsPpl6C9mdl3secK+Fyy1udYz401P6iPAAtg+aTw1osf9RkgT5N3ku?= =?us-ascii?Q?99E2GV8Fta4IjovhB3ctNx4k+ssTz5hkrF2V0syFkMOkuY7vJiS5czWgEUuX?= =?us-ascii?Q?uN7F4UM7fy4tbpvFYfKQFbKo4nFwL7jri+HVJy5pCbfyHka13pJMPYXIfqxN?= =?us-ascii?Q?8GdrJrpUy1RU0Ov/TP5gErLLH9SAHbfNSw2vMOXg+V/Cz5HRuhu8IgGybe+u?= =?us-ascii?Q?a/z1jcGquTUsv4hGzK1jN5q/hm9zLZpKpqeK5WMWEC4W9+Pcvfp+RYHamI2J?= =?us-ascii?Q?YQTZdOa5KXDqgAe0aw7ls654bNRN48mj9i+Pde3VQDxTnn627TJ+3pWbcupZ?= =?us-ascii?Q?mz92ogQf5dqAam7ygRDzMtJq7dkOU9cl/LMaa0akW2KuTjmFytFyxKe4g92R?= =?us-ascii?Q?UMzmeHiHlZRc9XQAtv7CgxtINZzmSXIzW/kDZoRGvS5Q7BEq1mh3PTOgmx86?= =?us-ascii?Q?2F7r1wnk9TBmHOtsHUj03mzBddnauXmTEIcbm/tmSIwF/keOENONETQE6Veo?= =?us-ascii?Q?2iLP2XQ5VRO0XKNtLvnd3ynO/lK2k5jAw50u?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(376014)(7416014)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2025 09:49:17.3374 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d89bc47f-76dc-4dbe-d211-08ddd8bc568b X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF00000140.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8245 Content-Type: text/plain; charset="utf-8" From: Kishon Vijay Abraham I Now that support to send NMI IPI and support to inject NMI from the hypervisor has been added, set V_NMI_ENABLE in VINTR_CTRL field of VMSA to enable NMI for Secure AVIC guests. Signed-off-by: Kishon Vijay Abraham I Reviewed-by: Tianyu Lan Signed-off-by: Neeraj Upadhyay --- Changes since v8: - Added Tianyu's Reviewed-by. arch/x86/coco/sev/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index e341d6239326..d7c53b3eeaa9 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -952,7 +952,7 @@ static int wakeup_cpu_via_vmgexit(u32 apic_id, unsigned= long start_ip, unsigned vmsa->x87_fcw =3D AP_INIT_X87_FCW_DEFAULT; =20 if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) - vmsa->vintr_ctrl |=3D V_GIF_MASK; + vmsa->vintr_ctrl |=3D (V_GIF_MASK | V_NMI_ENABLE_MASK); =20 /* SVME must be set. */ vmsa->efer =3D EFER_SVME; --=20 2.34.1 From nobody Sun Oct 5 01:49:21 2025 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2073.outbound.protection.outlook.com [40.107.243.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D6C6E3B29E; Mon, 11 Aug 2025 09:49:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.73 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905788; cv=fail; b=blynAqCUE84EFFv+Yo/kJgDBH1Fz+tpwn0OFk6R4bM7OErNrEvvjhS+VfYS1AgPLwRIg7utPQjuaLGLOBvjVXmFH85tlPGlt0D3tJMWXGWBG4ouLByBDvq5Tprs3K8cZbSI36Sls16ARiSzaMSMNzoKWUcz5US+G3L1qtMEBlII= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905788; c=relaxed/simple; bh=xU3PCyXN+KtMjQ4ke7W7xd9TW77clXw64Uj6s67um44=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=gHsf+MuXnsx5Hgnlw7HLQTaez+2X6AQ09u0SkAuJkxmWmo8FTymYXzRhBsUoBTwWmGaKba96MF8NHLklrFc7erEnNBy1V3bRrl9jIrRjJXKIa+QaBIqN2geZCog8K5bKwj5rcZU/KcbrJFZEQUNygVKjqRgh2D1WabxqkXWP+/Q= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=SfO+Lbsy; arc=fail smtp.client-ip=40.107.243.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="SfO+Lbsy" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jyRTxi6vC4e2csXTbCtSD6FC3QzyklRP1vSePPod30oen5uRnBp2jv+vAnuSPkzvsydH11sWfzeE0WGlB872TfNySgHZR/x9sXkEwtGZ5dHpropLHXCDTrEu8txUgejqPVm//Y0rHpej4EQEYlr0lZxKDYQcAcN+DpVe6X1hi+dHZMacxkJCvV6DHxX1huZeiKiWEfeWtGbZEcOhhnNp/HcK4KpLgANevB2Xg5JMh+ti7IXEeO+7kyzumuC3KTfOsrzPWo7TuLlgsasaW1xLTe45a/oRMqtOCI7P7ww1/k6VAa93XYGTVlvJNqoQDSUp/uWElBphjM1cL++bdl0r9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gOmlt8yz8he0rJDvlyeLxO/cu9fb63IVaNJqKEUAj+M=; b=a6QWKCRG/Pv71J2a7sZBo3VmRq3d6saHRnSB8HPiAP30MPgqCDRno4Y/CqTmWdaggIR0Q2oYsCn1jdFGuC59HsGxsJhbwh/5uoMBWzC5Gy7tCPJnlxBwDlypGwJBKgDyGZ8oHvbkhcrg7e16e/v9ZPLbcB5OgMcpLxUJaQhp28TXKG/tbU/8+7/jxyRRkjLtyPvcpruzYtFfBITqhgWxa+Emsoa4pckCioUmlv9op6yyXQWfUabbio+Vu9OnTOue5os4kM6eSKhraQ2Yey1koHIvxXLI/lyk6KfIIq11OTW+aMiqIWy3/AH11o25w59bhG7W1esZK4bzbDmIvK22xw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gOmlt8yz8he0rJDvlyeLxO/cu9fb63IVaNJqKEUAj+M=; b=SfO+LbsyssJOQhTkvzoEE0xHlYsTd0nMieoVRNxR9rQWJvnNuRmyhxT6bYgRn0ZOgdbCKF+RsScFEOf5tqNkCwDvuLwiy2BteuZBHMFtLjFPiPbxD6aanx3M/IE9h2hdZClHFwAfwVq6Jlh0mbnQo5OdfOhtr0IDK2cAVs3B8Mc= Received: from CH2PR05CA0069.namprd05.prod.outlook.com (2603:10b6:610:38::46) by DS7PR12MB6336.namprd12.prod.outlook.com (2603:10b6:8:93::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.21; Mon, 11 Aug 2025 09:49:41 +0000 Received: from CH2PEPF00000141.namprd02.prod.outlook.com (2603:10b6:610:38:cafe::5) by CH2PR05CA0069.outlook.office365.com (2603:10b6:610:38::46) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9031.13 via Frontend Transport; Mon, 11 Aug 2025 09:49:41 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CH2PEPF00000141.mail.protection.outlook.com (10.167.244.74) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9031.11 via Frontend Transport; Mon, 11 Aug 2025 09:49:41 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 11 Aug 2025 04:49:34 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v9 13/18] x86/apic: Read and write LVT* APIC registers from HV for SAVIC guests Date: Mon, 11 Aug 2025 15:14:39 +0530 Message-ID: <20250811094444.203161-14-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> References: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PEPF00000141:EE_|DS7PR12MB6336:EE_ X-MS-Office365-Filtering-Correlation-Id: 3d4d66fe-ea7c-4f7a-b395-08ddd8bc6512 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|36860700013|376014|7416014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?hjSJB6fYSYFdU/xnMJVTg3Ca9Zl+Gccg6UQRLiUKJ3l85uWrk3Dwc8VOrd6w?= =?us-ascii?Q?ktKktoDjiu1o4PLic3j6/tjMS5q0dy3EydAavh4EWo7SNmXQrxuq0GZ43/Px?= =?us-ascii?Q?bWEm2rtYD1xvs5jqS2nnI4SZR18N+kermwBFfRcECj0KhDgScBRTt9nlSygt?= =?us-ascii?Q?4TH6ET9KDSNw74bdbvFhePYpdsXcrTcDMlRhZsR78069amkCC1aEZJZEWXEJ?= =?us-ascii?Q?Y6lVomdlyJTDmb5i1DdWAgEDxkUFtVPbW2ZFdPd3MVBTwT4CztQONQvXA5nC?= =?us-ascii?Q?pWNhiGW0SignzDr2qQ3yBoPCJIdpimPRZv5xMjROVUWrpW+ZbrFHjmEbQuv4?= =?us-ascii?Q?OXnBwKum6dvWgxhwpPOcTLWFgmhePmK9khXCFW/DbzwtjMMdY0LCB6nCwb7h?= =?us-ascii?Q?TItO4nYYBZCDjv3dwjmAQ2B5sLJlUUCYkXzLG8jmAzALg7x/s9xoDh9P1oQd?= =?us-ascii?Q?6sEW4JZfGj6fhyVCovaS48GZsb2BOVNQP+q5v2AImOb3FO6EOF/rgeoWGruj?= =?us-ascii?Q?OsN5RLQwqPJ5VZCHorP5vUttyJIsn7GiYBsv/nMck0zNWPi6cOR0L8uem6Fm?= =?us-ascii?Q?tNWJazxUi5uaFMZg5Q1N4AJJ4x6YgAmZVxwCF2uZagtd/uZWHYRalFFYEDQR?= =?us-ascii?Q?IDeg3etwwCAt/BgY+vN8iQNzFH5fi+974AEYehdonzbpcyP6suFgc/uuNah/?= =?us-ascii?Q?rBIeErlQOtW2IUn+mbxM0gNPNCUDT4MEtG+KJeuvRqLbHdrbii25Wh1jmAy2?= =?us-ascii?Q?fcpx6DR8UqrLQb7yKKX4Qys+NLTT/MXj5YlWu0fCXQiREh+dgPcUJ8l0+MzS?= =?us-ascii?Q?r4pfBlSFpk5+H/Gu2q0ckJizkqtoEatoqBju1qoMK+HW+tdlUmaD+mdZcgJA?= =?us-ascii?Q?5mg4xEjtvBSAxYQTvNJsFOb2E7gJYYvWoGYCzhmAUr4AHWtm/ZuyEViMB09B?= =?us-ascii?Q?Nt7sn/yKjTJDW/WElc1yhW4rTD0UoxJzLmXQyuoV4izHJkpCqruBy02wQuoH?= =?us-ascii?Q?IMUVkpIy6M26XY2xz2b3lRqp4Eq3JORAVBBqE8Lfd+LTaQhwDX3Fa6IgNnHA?= =?us-ascii?Q?VW24vn66e2yrrI+E5jXFAV5F2B4lyP5Df6FLn6pGWoKjQi6q1BpjJwuFaeDa?= =?us-ascii?Q?qnpyXV1NbW9iC6kqeLmHXQIx1u+V/rf4Lj7HcrfTToMnqcOU1IGK43z6K+iw?= =?us-ascii?Q?DvegWF9+jOzvDR+n3m3TIuoK/UsB+fdJzrkkwCcZRitfHEyfIB1xEPSkedtf?= =?us-ascii?Q?FfKmxWdWDY0FPKtlQdXxItz2eAUMNZeOOR7fe1yFnjPxoGNntwY1yAZnLWl6?= =?us-ascii?Q?Rc5LX5XpJWkgFnTaGat5c20WHFlEetWoaGYVsSAU6xGHhShzcL+ydkg365AB?= =?us-ascii?Q?oE88jZ5KOerkwvmF3WiWnYBXE2BHtxDlC1/QlFnt/7KwphbgktMLifrXys5g?= =?us-ascii?Q?9abYuDr79fcErvlmObjCK7vmHOMjJYlJK6SGfMyBhpZexuja+SFAXRqLNJFB?= =?us-ascii?Q?P7/yfc76UGcsL04m7BraLTjHisOzW5Tv52ap?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(36860700013)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2025 09:49:41.7117 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3d4d66fe-ea7c-4f7a-b395-08ddd8bc6512 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CH2PEPF00000141.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB6336 Content-Type: text/plain; charset="utf-8" Hypervisor need information about the current state of LVT registers for device emulation and NMI. So, forward reads and write of these registers to the hypervisor for Secure AVIC enabled guests. Reviewed-by: Tianyu Lan Signed-off-by: Neeraj Upadhyay --- Changes since v8: - Added Tianyu's Reviewed-by. arch/x86/kernel/apic/x2apic_savic.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index 2bae2f711959..6012c83cbf09 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -71,6 +71,11 @@ static u32 savic_read(u32 reg) case APIC_TMICT: case APIC_TMCCT: case APIC_TDCR: + case APIC_LVTTHMR: + case APIC_LVTPC: + case APIC_LVT0: + case APIC_LVT1: + case APIC_LVTERR: return savic_ghcb_msr_read(reg); case APIC_ID: case APIC_LVR: @@ -80,11 +85,6 @@ static u32 savic_read(u32 reg) case APIC_LDR: case APIC_SPIV: case APIC_ESR: - case APIC_LVTTHMR: - case APIC_LVTPC: - case APIC_LVT0: - case APIC_LVT1: - case APIC_LVTERR: case APIC_EFEAT: case APIC_ECTRL: case APIC_SEOI: @@ -201,18 +201,18 @@ static void savic_write(u32 reg, u32 data) case APIC_LVTT: case APIC_TMICT: case APIC_TDCR: - savic_ghcb_msr_write(reg, data); - break; case APIC_LVT0: case APIC_LVT1: + case APIC_LVTTHMR: + case APIC_LVTPC: + case APIC_LVTERR: + savic_ghcb_msr_write(reg, data); + break; case APIC_TASKPRI: case APIC_EOI: case APIC_SPIV: case SAVIC_NMI_REQ: case APIC_ESR: - case APIC_LVTTHMR: - case APIC_LVTPC: - case APIC_LVTERR: case APIC_ECTRL: case APIC_SEOI: case APIC_IER: --=20 2.34.1 From nobody Sun Oct 5 01:49:21 2025 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04on2041.outbound.protection.outlook.com [40.107.102.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 03D5C25B1CE; Mon, 11 Aug 2025 09:50:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.102.41 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905812; cv=fail; b=UCNRXYnyucKfBjf3PPhcESUjGxrmIkJcOUe1lj28C0vDD/QuiiFZL6MgSMD5DHfTpPDO/6ko+T6vX/XtnFCiR5gvs0yPtlBGtI9Z5bZirp/AkJR5MR24Z0VFGFDxHrcj+BIykQrv1XQqH3YwmX55t9jCO7KAIMEVrREA9GI6WcM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905812; c=relaxed/simple; bh=V8yZZU+TRt0UYHDKlxlELiS0yreBExXqDIB5nLXWVs8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Xicghip+6MKTdGaIAPy8iSL1Y1gf4CzYtoy/t6nwWF7Rvy8yj96UAiG/z1px7oxEjIlffnb5BN1UCJNTCKH+ia5ZSCwd4agoe4qdxyaHalUih1h/pF0Xa8kV8lyur+5iATfGa8U63bq0w/skxIr6K3IgHNdJqp9mRUjuVk5ns1I= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=cype904B; arc=fail smtp.client-ip=40.107.102.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="cype904B" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=bKZ4JtBeShgQcX5AteafDdTd1eFwnCFW+1mE+9x13gr/X37zzPhxwV7H3XvsdrwpxNLEn0N43K08vD5G73KFfHPpLMPM5mhTm2UlDI5+cPoRW8VyKj8K2BSHcburRpV068uQkIsgBNZoO90HaYzux4nl0NrB2r7//ab6Sfd7ycERoZ5o2yPHVXzLLVegwaGSIU54t70DNLZWj/jdCbx+E5DxHy7RiPzpXqowqP7zsGwkb7UeiEA0ZEgdyty9cC5XFTygZfj6fTbENT9ha17bma1mUAFRdvxSPXfZkRTUjGLLhBhlBJ1eMIUeCJoBAPIeGSsSM7Rf5EiOQVchaQAp/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WbNtqqaRvXss1/okZ+oM+FcMUd4/3gyjv9xCbSUt13k=; b=Agz1gNxn2sNlLQoWLqTM3Uasj7mDE6eyQ79Ykxb67BUFb0IOQaiPFT6UWtmjHUquoZzu6fV8xqy4Pa4Vhlo7tdfvCyP5NQhF9f49RL1YI7hUc64lgw7MdW3xdb9yl8lTR6EGr1uyzsEaZ+XbqEa1oZba7+CHNvt4Slc8w9GsVh/8IUVAxtMELNGIH/8jU9Bge+BrSDVdm8JmHd/6pKdzNo6gWw+PL2jyvANkPSzsgWf/Zt20vIjMWYxiOZnmP5PRTvtdljHyBHlEHW1/p+4g4yuEHPyVjGQz2s6fmf1Ie/G/L/blZUohvyRtwxkLJCrjIfzRkeodwzii4MUe33hSVw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WbNtqqaRvXss1/okZ+oM+FcMUd4/3gyjv9xCbSUt13k=; b=cype904Bamo33g8LXbnHzjWOWlQfY287xUAriMgWSFcvmidLvmUC0WIowZPjz9FHDAyiS1ErM4LE6+jI1ZlS791sOHXr4VPnmRpBL95q63txmsSQ8fFUD5iy3nAxdo4mSuJjsCCB4KO6nl727Gm24n5UDao+A9M/YikKCsSFJAg= Received: from BYAPR02CA0002.namprd02.prod.outlook.com (2603:10b6:a02:ee::15) by BL1PR12MB5779.namprd12.prod.outlook.com (2603:10b6:208:392::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.18; Mon, 11 Aug 2025 09:50:05 +0000 Received: from SJ1PEPF000023D0.namprd02.prod.outlook.com (2603:10b6:a02:ee:cafe::63) by BYAPR02CA0002.outlook.office365.com (2603:10b6:a02:ee::15) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9009.22 via Frontend Transport; Mon, 11 Aug 2025 09:50:05 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF000023D0.mail.protection.outlook.com (10.167.244.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9031.11 via Frontend Transport; Mon, 11 Aug 2025 09:50:04 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 11 Aug 2025 04:49:54 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v9 14/18] x86/apic: Handle EOI writes for Secure AVIC guests Date: Mon, 11 Aug 2025 15:14:40 +0530 Message-ID: <20250811094444.203161-15-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> References: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF000023D0:EE_|BL1PR12MB5779:EE_ X-MS-Office365-Filtering-Correlation-Id: e4f35737-7250-40a8-dedd-08ddd8bc72c6 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|36860700013|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?QY9mezXOhyKN9KnKPjNjvl94lh0SjwQvZwe6v+RILjq1jRJT8XKgMh0HVxbC?= =?us-ascii?Q?J+qYEmPGNuEkhIox5ZNvKCR2LawX/0qj4K7ZA3m3h3pfe6+Kt1B69Hm6EMcl?= =?us-ascii?Q?Ej0G8BQodNijwI0oQk9bMXdxbxnyoxs7JiAu6V5ng6u6v3mej8HNu58D8Wnn?= =?us-ascii?Q?mQ6vMGrb9IkQgO4R9Wt1SMd+slIMvdos70KYv24K3l8p8ug670LQVSW/Pg8z?= =?us-ascii?Q?k4bK9zBmf6WLBYZLTTNpV4kp0oAZQsBQOERF6QP8oQcfNk63/WsGjVGEQMro?= =?us-ascii?Q?qC5Uu4C6gmNWlFDkQQ6YZ5p4MabkjHro08ySJ0/hTijWD4yZMUtOm6t25q1j?= =?us-ascii?Q?/FDqg7HRySfHFj36CiiWs7wsAllNSRupa9uwqH8+4Xiw7JCJH+0IjmbyEt78?= =?us-ascii?Q?9D9MYZHKaZmN78PYWZsgdP79ALsKV5KMizz9s5LALNRJOzeEh7QGAuFGrh4e?= =?us-ascii?Q?8Ts+YQI7h9+dZbq57D7ecniz44c8pHUst9eAwm1GuM3IzdOdE0DO2ZAz3ixG?= =?us-ascii?Q?+9xfZNYXtICZw3Vo5RN95r8VMe97RxmBmwgULZHQ9Jkq5c85vFJMgoGAElyO?= =?us-ascii?Q?Zu7VyMKB8cuo2TnV5aFKwjemPFzOyS3itOm4IN9uPBPfmq1iM8bHarNSyq+B?= =?us-ascii?Q?ufcc2BH635Dc8ahsWhqR799YNL2FBgdUym9+ENHL4r0+WaPGl7AzdgBAG8tL?= =?us-ascii?Q?eM6QngZea2W3txrhHLv5MCdBaYCkofHJwMFpj7iQgXiq1FQ7s8EXVLW2GgXO?= =?us-ascii?Q?O4vEJiquT9Boe7bepgJbQXiAjcTM54p/4SLgvAgU9fAca6fmYiLtiMZEhFGU?= =?us-ascii?Q?vspMaZSxIq0u0KNFOB6heIHqgGiZnbCNG5mYs8706zksRCaQga6kNAPIAa9l?= =?us-ascii?Q?tp1Ud0FNICmsnJ6MHkKwRHyIlNMBUtlbG/pjrxpsx70/k5GFmj+n2nWLhuVq?= =?us-ascii?Q?ABubpi2VLeHBN201EKA65p0lEBLov3QICpW1NlO6I1i73Wvhn0a9EhDPN389?= =?us-ascii?Q?BM/YSLq7iOL6oPyy74jCaO0/jacUfyNR6GWqAMJJSZe2m6m+pX32IXK4J9J0?= =?us-ascii?Q?ad6KZMsnzVBdM+g4z+5FspBiNli+0n9tf6+28Z6Lt9P1c7yDPU4svHD9pdf2?= =?us-ascii?Q?l7NUIpAo5eC/yozm9oCMtZKW0lNtALW9d5y9Z/nM7x5djWwzeekQR6dcG17C?= =?us-ascii?Q?nAPdPwv7k2dZX2VQUsgbZaWK/TLHYq4JJEFOd/LjfiMmaCbwfOOuemKV52vx?= =?us-ascii?Q?RHkOVLyZzo+4mdaeGKnRUIl6P9p21IFbsXGektsGtP3piwAD4gSC59F6BhNa?= =?us-ascii?Q?OGYk+GiA+B97zrZMPFX1232VAR30eKkPzXcMwmvvupr0u3sfXR2e4YqvjZxq?= =?us-ascii?Q?CgFsM8IQK36kDxma4LJmH3JEhFS51/Sz3s8TxWWzTuUpBqIeOr0ATY3+QJTI?= =?us-ascii?Q?MHUFeGVdEdIzQlIAvZtOq0qiWkK2I3cyN5xq1KWoYl/tFK77VIMa9UQN3NvQ?= =?us-ascii?Q?HGGHFmNc6zG899k9U8829NSyw51Zt3oHuJqu?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(7416014)(36860700013)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2025 09:50:04.6224 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e4f35737-7250-40a8-dedd-08ddd8bc72c6 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF000023D0.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR12MB5779 Content-Type: text/plain; charset="utf-8" Secure AVIC accelerates guest's EOI msr writes for edge-triggered interrupts. For level-triggered interrupts, EOI msr writes trigger VC exception with SVM_EXIT_AVIC_UNACCELERATED_ACCESS error code. To complete EOI handling, the VC exception handler would need to trigger a GHCB protocol MSR write event to notify the hypervisor about completion of the level-triggered interrupt. Hypervisor notification is required for cases like emulated IOAPIC, to complete and clear interrupt in the IOAPIC's interrupt state. However, VC exception handling adds extra performance overhead for APIC register writes. In addition, for Secure AVIC, some unaccelerated APIC register msr writes are trapped, whereas others are faulted. This results in additional complexity in VC exception handling for unacclerated APIC msr accesses. So, directly do a GHCB protocol based APIC EOI msr write from apic->eoi() callback for level-triggered interrupts. Use wrmsr for edge-triggered interrupts, so that hardware re-evaluates any pending interrupt which can be delivered to guest vCPU. For level- triggered interrupts, re-evaluation happens on return from VMGEXIT corresponding to the GHCB event for APIC EOI msr write. Reviewed-by: Tianyu Lan Signed-off-by: Neeraj Upadhyay --- Changes since v8: - Added Tianyu's Reviewed-by. - Refactored savic_eoi based on Sean's feedback. arch/x86/kernel/apic/x2apic_savic.c | 31 ++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index 6012c83cbf09..bef77283dd43 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -297,6 +297,35 @@ static void savic_update_vector(unsigned int cpu, unsi= gned int vector, bool set) update_vector(cpu, SAVIC_ALLOWED_IRR, vector, set); } =20 +static void savic_eoi(void) +{ + unsigned int cpu; + int vec; + + cpu =3D raw_smp_processor_id(); + vec =3D apic_find_highest_vector(get_reg_bitmap(cpu, APIC_ISR)); + if (WARN_ONCE(vec =3D=3D -1, "EOI write while no active interrupt in APIC= _ISR")) + return; + + /* Is level-triggered interrupt? */ + if (apic_test_vector(vec, get_reg_bitmap(cpu, APIC_TMR))) { + update_vector(cpu, APIC_ISR, vec, false); + /* + * Propagate the EOI write to hv for level-triggered interrupts. + * Return to guest from GHCB protocol event takes care of + * re-evaluating interrupt state. + */ + savic_ghcb_msr_write(APIC_EOI, 0); + } else { + /* + * Hardware clears APIC_ISR and re-evaluates the interrupt state + * to determine if there is any pending interrupt which can be + * delivered to CPU. + */ + native_apic_msr_eoi(); + } +} + static void savic_setup(void) { void *ap =3D this_cpu_ptr(secure_avic_page); @@ -375,7 +404,7 @@ static struct apic apic_x2apic_savic __ro_after_init = =3D { =20 .read =3D savic_read, .write =3D savic_write, - .eoi =3D native_apic_msr_eoi, + .eoi =3D savic_eoi, .icr_read =3D native_x2apic_icr_read, .icr_write =3D savic_icr_write, =20 --=20 2.34.1 From nobody Sun Oct 5 01:49:21 2025 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2066.outbound.protection.outlook.com [40.107.94.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9CA09214A91; Mon, 11 Aug 2025 09:50:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.66 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905831; cv=fail; b=tZE5ZNRAaw5qQzfce+sU0dLkHHr8r22CPRCJ89VFKvgNOHvwlCI5m1cahWcytAtaK4tSJStV7/xuXx8RtURbpwZKrgGExAZnjUNI8XqQTW/hHNHZ+Yl7MnxdOS1RgDPHF5vqpVcHAfpgx9hH8iQZIivLNQDjmNluo/fpD2RpOMU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905831; c=relaxed/simple; bh=PSx8QoX2BGM9HHTQcXk4GWxX7dtfqAwq2iH+Yxi6qgk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=au7e5q45zCHhyXAgjGHpTItibs7IfnGOYfqrjudihDP3GzMxaGZGnB0pYHcSO4ZLF/DFzeFfoUTFOOVJwbE2PKRsjtraKlDOSLkhYXSqoypaG9MlFFEIOjyGHR34XWZsunP55b8mMVEPhshgctkb+Jkjod79Zv6xEMpi7Af1iCA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=HQ86QRVX; arc=fail smtp.client-ip=40.107.94.66 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="HQ86QRVX" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=rC67Frtm6jGESYNOLcUGPw23Mz5gmAsLZl7isSYHdq6QV9XeDiICpVOcOF15o+r5t3iX5e0GF6BReRj/DBu57qZ/bY2vwExDMWA/p0u2fLHmBSubiQbY3yO4wPd+Czj9pH+JijYZDr+344Ae/L5bjPM5Zc1FBAFgNyU7la/E2Q4SA7dSlagxNfWdabt4CDuIeVkuVwNhH8O5GII9fUgZtFIe66LIYcukKaRfC1Djjp0ECR8eMkurJ+OrCwQhYcCUwmNAjy3wfYzSroKWEBYl7c1oUwtxhSMubghm3c6OkmnctFAXf7n60Mp7VFSU50OHVaOQwHYt7K3Ld/oMNNdabA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ago6Oup7qOxicul8bpZNVR8z+3rT6kN+OrqB7vMpg1c=; b=kSeb3P7ytL7RURyAV9DAA8bDGmKc3E2EO35Rbo0Z/qHursrvZmzMgnXlrZ/GKxD25zHR5WKGw09TFmwxiY5PMYBkKoj2HFZ6n9xjTLVR3Cug+8M5pQdSje1UtJaYOtpfBZyar6mz4txtsvKIQL/Rnqgd5BghVj+BsOVFjDqZTvhCgSzntPunIWalAFoJXTw/rZL1tIACZdaghh+xQxSOcUlrx4i2eXSI+/opYONxQZYwRJ2X+KhFfi/3KPspPjASNFbW+kKGkPUYe6kXbwi39yOdClVTzYz0cY/5SPGA7dc0qxuKfpcKUeOxL7rfoAXQIapLtK1r5Tl4ETpSNdMYdA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ago6Oup7qOxicul8bpZNVR8z+3rT6kN+OrqB7vMpg1c=; b=HQ86QRVXEd8XIeX/X+qQOFPvMlWInGQ3CBjOCWWFIvHpISEJ/Se5ygBhDYSPEKEj2EEtbWDkMmLEoNjugGebZJpmyhGf0wr0A8h8mWidaQ+CKLexY6ikUWFTxCaTdwnv+abKwNR6BIkZJMQ/WV+jo6byWyM8yGYCVWk1hPSJUpY= Received: from SJ0PR05CA0169.namprd05.prod.outlook.com (2603:10b6:a03:339::24) by CH3PR12MB8658.namprd12.prod.outlook.com (2603:10b6:610:175::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.21; Mon, 11 Aug 2025 09:50:22 +0000 Received: from SJ1PEPF000023CD.namprd02.prod.outlook.com (2603:10b6:a03:339:cafe::54) by SJ0PR05CA0169.outlook.office365.com (2603:10b6:a03:339::24) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9031.12 via Frontend Transport; Mon, 11 Aug 2025 09:50:22 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF000023CD.mail.protection.outlook.com (10.167.244.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9031.11 via Frontend Transport; Mon, 11 Aug 2025 09:50:22 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 11 Aug 2025 04:50:14 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v9 15/18] x86/apic: Add kexec support for Secure AVIC Date: Mon, 11 Aug 2025 15:14:41 +0530 Message-ID: <20250811094444.203161-16-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> References: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF000023CD:EE_|CH3PR12MB8658:EE_ X-MS-Office365-Filtering-Correlation-Id: 5729687b-0edb-4c5d-3699-08ddd8bc7d46 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|36860700013|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?KlH+ha9MLPPGf//m0k0G2GfyqEITDZHUrfwTnH7jfa6VoGACqZ7NqcOSwtDv?= =?us-ascii?Q?OEItWlwAnD9xmISBAypAcRhNhQ6T3+3O2q3xDgOitILcWbtih4TkAO7qFTu2?= =?us-ascii?Q?BOs/872CUXpM7cUpezlCs9RzQ78G9cEp3dY/A6SyqjodJo4+vU574YqEJYxi?= =?us-ascii?Q?87qObStvhhUQTBGrAx6d4R3U5xRFj4oZewybQN6vhwRhfIEAY3BgVBesN0at?= =?us-ascii?Q?bin5UnjHKmd49OjCK8xuz0KcmxkISOft1xihdc7SRiEzRwMPKj3GmDMk7Y8L?= =?us-ascii?Q?8x5OA5UGDW168ryQvW+JuxrbFeGcO9NEc1EZQPem7QXR1LzUBXIwqG7j3sNC?= =?us-ascii?Q?aY/xmijID4STr0xL62k8rR4xzSf2hFZ/iwZP0096myBS4nGup1pFXpt6RRyZ?= =?us-ascii?Q?gHTewvl917mpia7CiCRxOBGQAbSm3IPeJyl4fqVvb1Vv/CsJnh1yTEgllpx4?= =?us-ascii?Q?qbPbsAoSlCd2Zt8M2S9CTO8slMQNzAq0vWNINIrPm2Ya+ObLaMzHBlSLYBpL?= =?us-ascii?Q?v77WG+y6OV4Y2KebeqkQAusaVGo6C8DRwupHxxK5JeKrbCkrvsWEo8SR5QT5?= =?us-ascii?Q?eDmcDnmsf+2JpyT1OLS2HcK0cQlHYfsd4Gk1TSn9KfqSXrRm5kY7gBi4YYmT?= =?us-ascii?Q?CmaSCs1D3RCUUPf9xzRUsK0096adASym7NvyNzGk0OL4UOZtcJgFqtEo9ngX?= =?us-ascii?Q?lVbWYVkR1ep3zGY8QG7+D92Q8ldsIdyU29jYCz/vlmXHLo0fEk0caSi8kHdP?= =?us-ascii?Q?knaTJm9BffE+72/JZfoSIIYDx7ZjaxRecCoqx1yQlNkGL96x1t5uRWiiSmB1?= =?us-ascii?Q?pJjnwqgeC1ZhRGcNkK/okaA4MWDML6NBH5gMPe1ylC1VUgi9nEaeWaRRNebr?= =?us-ascii?Q?9wzh8/8YcSNAo60l8GIxGJAZfLebgsaTHLZuml2zox+s0eagJVZu8zbEmzWM?= =?us-ascii?Q?/dpHzJNpowkBoVUo7Pw4zXDS1DYX47Lj77k1n1be/1C3ZhZrLnEtSyH8YLlj?= =?us-ascii?Q?wFmUd3yVSiREGvruN3QfsZzkPH+T4Nh30yby24JmFaT4gPzDKG6ShLTMUsDB?= =?us-ascii?Q?C4n+Vsxj8EY+uK0//wW5EiTgeWnbmXHZBhkV4kPLwozxcD/IBSuTiB/edkmA?= =?us-ascii?Q?blQMAqTdlGgcp58qCgpm6B/rjU4Qa/izY1r+TCOOfi8rFd5Yd2UeOEqtI754?= =?us-ascii?Q?y3oid8k1GK9v1DH+ujWetpWmAnpBUOAQrGkInHkLwMjuGcYmFxrOjG4XcnmJ?= =?us-ascii?Q?skrwFvvDHNT6lK1Xf4OxmFilgT/bjupNckdxKBJbYbthjmkZHZU5yv5tmKRz?= =?us-ascii?Q?GOi0f6ALmwKZEVV6LCudvbpoIV22qrkhUKqbmlskuBC1brPCBtYClS597Nt/?= =?us-ascii?Q?j2DubSGlLNg/P/YIQXoRGtSVlmkAaQjYLeywAzW/l2m8/rrg55GQtR68wXAC?= =?us-ascii?Q?7Cz6RVErV2HCJ9qfLOdlv0rxV8Pa4UeO6EWfwnCSk1p96aAkCvtAfEr1RnjA?= =?us-ascii?Q?0oG1VTtzOfuQJ8ilbzkONEYczL49Me77yl/G?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(376014)(36860700013)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2025 09:50:22.2343 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5729687b-0edb-4c5d-3699-08ddd8bc7d46 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF000023CD.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB8658 Content-Type: text/plain; charset="utf-8" Add a apic->teardown() callback to disable Secure AVIC before rebooting into the new kernel. This ensures that the new kernel does not access the old APIC backing page which was allocated by the previous kernel. Such accesses can happen if there are any APIC accesses done during guest boot before Secure AVIC driver probe is done by the new kernel (as Secure AVIC would have remained enabled in the Secure AVIC control msr). Signed-off-by: Neeraj Upadhyay --- Changes since v8: - No change. arch/x86/coco/sev/core.c | 23 +++++++++++++++++++++++ arch/x86/include/asm/apic.h | 1 + arch/x86/include/asm/sev.h | 2 ++ arch/x86/kernel/apic/apic.c | 3 +++ arch/x86/kernel/apic/x2apic_savic.c | 8 ++++++++ 5 files changed, 37 insertions(+) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index d7c53b3eeaa9..da7fc7913a00 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1164,6 +1164,29 @@ enum es_result savic_register_gpa(u64 gpa) return res; } =20 +enum es_result savic_unregister_gpa(u64 *gpa) +{ + struct ghcb_state state; + struct es_em_ctxt ctxt; + enum es_result res; + struct ghcb *ghcb; + + guard(irqsave)(); + + ghcb =3D __sev_get_ghcb(&state); + vc_ghcb_invalidate(ghcb); + + ghcb_set_rax(ghcb, SVM_VMGEXIT_SAVIC_SELF_GPA); + res =3D sev_es_ghcb_hv_call(ghcb, &ctxt, SVM_VMGEXIT_SAVIC, + SVM_VMGEXIT_SAVIC_UNREGISTER_GPA, 0); + if (gpa && res =3D=3D ES_OK) + *gpa =3D ghcb->save.rbx; + + __sev_put_ghcb(&state); + + return res; +} + static void snp_register_per_cpu_ghcb(void) { struct sev_es_runtime_data *data; diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h index 0683318470be..a26e66d66444 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -306,6 +306,7 @@ struct apic { /* Probe, setup and smpboot functions */ int (*probe)(void); void (*setup)(void); + void (*teardown)(void); int (*acpi_madt_oem_check)(char *oem_id, char *oem_table_id); =20 void (*init_apic_ldr)(void); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index d10ca66aa684..35877c32b528 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -534,6 +534,7 @@ int snp_svsm_vtpm_send_command(u8 *buffer); void __init snp_secure_tsc_prepare(void); void __init snp_secure_tsc_init(void); enum es_result savic_register_gpa(u64 gpa); +enum es_result savic_unregister_gpa(u64 *gpa); u64 savic_ghcb_msr_read(u32 reg); void savic_ghcb_msr_write(u32 reg, u64 value); =20 @@ -609,6 +610,7 @@ static inline int snp_svsm_vtpm_send_command(u8 *buffer= ) { return -ENODEV; } static inline void __init snp_secure_tsc_prepare(void) { } static inline void __init snp_secure_tsc_init(void) { } static inline enum es_result savic_register_gpa(u64 gpa) { return ES_UNSUP= PORTED; } +static inline enum es_result savic_unregister_gpa(u64 *gpa) { return ES_UN= SUPPORTED; } static inline void savic_ghcb_msr_write(u32 reg, u64 value) { } static inline u64 savic_ghcb_msr_read(u32 reg) { return 0; } =20 diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index 69b1084da8f4..badd6a42bced 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -1170,6 +1170,9 @@ void disable_local_APIC(void) if (!apic_accessible()) return; =20 + if (apic->teardown) + apic->teardown(); + apic_soft_disable(); =20 #ifdef CONFIG_X86_32 diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index bef77283dd43..71775d6d8fbe 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -326,6 +326,13 @@ static void savic_eoi(void) } } =20 +static void savic_teardown(void) +{ + /* Disable Secure AVIC */ + native_wrmsr(MSR_AMD64_SECURE_AVIC_CONTROL, 0, 0); + savic_unregister_gpa(NULL); +} + static void savic_setup(void) { void *ap =3D this_cpu_ptr(secure_avic_page); @@ -380,6 +387,7 @@ static struct apic apic_x2apic_savic __ro_after_init = =3D { .probe =3D savic_probe, .acpi_madt_oem_check =3D savic_acpi_madt_oem_check, .setup =3D savic_setup, + .teardown =3D savic_teardown, =20 .dest_mode_logical =3D false, =20 --=20 2.34.1 From nobody Sun Oct 5 01:49:21 2025 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2080.outbound.protection.outlook.com [40.107.237.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 022312253F9; Mon, 11 Aug 2025 09:50:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.80 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905850; cv=fail; b=SzVj+QjGZCAkQCTwbau071eHrXedLJ7fPwhjwQPo2Vl+SnuO8iRHM1cj3eTl29HoChBYRMY7B2XOhLKnmCeggoQoSJRcX7b3IN+ua0VHD7Mtaj03+pIRehUzyr7ogKxbZM2HKfsgUdEoZTuHCRpuTGY3t6YGvUJc+6WPlXIfSBA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905850; c=relaxed/simple; bh=XLzyDEkbLW0bJKGJjNPJl9v+gOWFbW6gbhP0pJgvOHI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=JZkBJmqa+eV/Qcx1jjTNEDSGfK+X8wkQUNLHITHVPPrKvIKlnqGZS5zElS95opJIc8amerOsrKuiLuGNfSnzRhvqjTORzCN/4mnhDtcPEJwwqNfgzp3wlccf5190souXs0dEEjZATVjyV1cM3QkV+ZIgCinJDLPUNU+nVnkcWbw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=2G71mila; arc=fail smtp.client-ip=40.107.237.80 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="2G71mila" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=FP5kVH6istC/p4rUg/eMzZpwxbRb466x3RiXkiQcA7M1zmSy/9TQvYcSvDRYAHweWv2UAtf0hmG0oQpCk5/K4huDszsHDjJHRKCR1dmfo+lzCuR/KLChZhzNaqmTo8SQlwIivNAsxF8w2mJZlqB019BQE/G0g1Vu4Sd+CeJsM8iGHgwj9HzC7yDjO313Nag/IMXETFYseQQTeynl9Qv9fT/NU3yti2YpQHRckSTXaj1ITovLTCHpPnX0XCMjE+j45ZuomrUub4LrkZChkjJ+XhSv4kFtfhujwt4K3cz3fAzqkGyj6ZUp862iCvPTgj0T5bZwUFOHpIK6oQzMYQIxCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fyG6Y09JS0qF837apH9/bUHkBfgXk0zsnu6AvYu+PYc=; b=ttOnIDX2VbUetLwKHO9LiNrlG335Xpp04bLIaFPsHDz3a445jF00XsUf7jY5gkuy7FpD1z4WEM4mavppbGC1ZTBpvCXX8Cvi1rpc7iqTLWZsjV/P0sdEoFyB8bdXqEL0MHmydGDX4hjvH6NVquUox4mHQ1xe+CHQp3pl+oLyceIClwmEyFi3sATUtWcmUlr6+wtIf/dtMnK+YXt1bSTvpmSSimMZpoG6jcoJCe4N35n/8u14CxzN1ROqrm4m5WvBRCBbE3/MnFupLfuNV4ZVWnXH9oSzZ0X70Tzi/LcwpHwIjmIRyIIc/749KdZU14EVzKUvGe1lQoofIyEKT0Un+w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fyG6Y09JS0qF837apH9/bUHkBfgXk0zsnu6AvYu+PYc=; b=2G71milaxqspaxLliZnnzBMGaGyujDac/842gBK9bJUp/y7+6vxnw9/mYVFByImCjGOVUHTa0+p2GniDP7YcoO1FS2hrnZMUNmOkZWTUXSiS4PyF+rzkrddxekaTYCid0kNCw0Eq6uA5fljk/ivjnKEkZ8/Y2Rsqj1+HoKeLSLk= Received: from BYAPR02CA0031.namprd02.prod.outlook.com (2603:10b6:a02:ee::44) by SA1PR12MB7366.namprd12.prod.outlook.com (2603:10b6:806:2b3::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.20; Mon, 11 Aug 2025 09:50:42 +0000 Received: from SJ1PEPF000023D0.namprd02.prod.outlook.com (2603:10b6:a02:ee:cafe::6f) by BYAPR02CA0031.outlook.office365.com (2603:10b6:a02:ee::44) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9009.22 via Frontend Transport; Mon, 11 Aug 2025 09:50:42 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF000023D0.mail.protection.outlook.com (10.167.244.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9031.11 via Frontend Transport; Mon, 11 Aug 2025 09:50:42 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 11 Aug 2025 04:50:35 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v9 16/18] x86/apic: Enable Secure AVIC in Control MSR Date: Mon, 11 Aug 2025 15:14:42 +0530 Message-ID: <20250811094444.203161-17-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> References: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF000023D0:EE_|SA1PR12MB7366:EE_ X-MS-Office365-Filtering-Correlation-Id: 221af5d9-d494-4c31-f7a7-08ddd8bc8975 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|376014|7416014|82310400026|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?9wv/BDPHm3c9F4lVV2U1TsSlP9sqC3gd+9cnGLpWEiFGRfxVg/6syZt8HSrr?= =?us-ascii?Q?jF6XsiJOr9mIc91nMbXmQplI2gaxipO1xumeLSCG+HhiFc4fb5Uq+1EQldRJ?= =?us-ascii?Q?P/w38u1Lspf9hzTUAEgAtEvNv6gmBugcKZ5EWYcahMblduabx+wMWLiMHx5S?= =?us-ascii?Q?KgPCyAss7aD8Vw4zHV1+K/hbv5msH816+WiVGg6fuup84syQCrrIV0MCZtpe?= =?us-ascii?Q?ZEHA0eJQ8NqUIZD3MKcA8sFSRzR7OZYnvcoq1QXmNgjVOTipqWqtO28l1DqH?= =?us-ascii?Q?vp57YIh5dLzltSv/VxWnXcx1ePHgWxVzCbf5Go/CfM1dvbe7W6Bxo/N+0GOx?= =?us-ascii?Q?oFGwlC55mbq9V+aOgE2KrRKfnPD2bbRPy1NfVRXKUuGeXfF59GyecWfBitRp?= =?us-ascii?Q?6ZQHDMSsEYK339Y2gF2z0JN61BDaBQRdRpYW2QIpDpSXU3Vi2CDrBS2bX8CA?= =?us-ascii?Q?N5MSjRGgmmbfECdz/3CGeZ316Jk6+iM1mpf/5AZKxsu4XHUHgCqbmU/hf3uO?= =?us-ascii?Q?GMUQwLAGwPZ/kXa6L7adJ+SkQfdPyp6xjNblCrVcM9rclEfY9SIf72KXoHC7?= =?us-ascii?Q?uzDyiv8nf7Xycf9oXkPl07G4BRSrA3wcLC9tEWsSFoh8sQll1em5duLI2FUN?= =?us-ascii?Q?NsTOeTV+l/p38bTCj+L74TkZ/u/wESUh1WNqTWgfyZFTT7CGXXhG9Lcid+ml?= =?us-ascii?Q?yTrwmTJv78vgLUj41TLXGpXSn5lfkCFIbKr7wq0oQfWTKM7KceZ2nUwNCY3T?= =?us-ascii?Q?dUS891ZHwWaxz1opb8Eq870s3dXwjZxURTKYjkDBHqLl00YTYD8DQqlNk6AT?= =?us-ascii?Q?O+X/i/1a790LK4WKw60PnVhnunFlAoCfU7ozBm865gtx4dDiJNvybLPCxTEQ?= =?us-ascii?Q?J2ovePXbsxpcd0Y9MfTW4KdvS4z64mhtU2B1R7/iw84blOX1PNcuV/qV/1JY?= =?us-ascii?Q?pRKu98uGCsue5ngIIl7qnJ83XFXE8UpvAP8Gad4sQrMF0TzEHbXP2HCq7SY4?= =?us-ascii?Q?dbAU2w8YvaLMt379mdDOo63T0JFyVp/he3G5zUaSsXV0Lo2I7Vw7WLl3RDCX?= =?us-ascii?Q?ZM0jWHqMQpiYn5304Uj4kRuf2xIlkDPfQS7RvSFV4CjimSpxqaA/D3yjdLcb?= =?us-ascii?Q?Vx6XCGsyM1EjaAqzh6oSX8tCeZ0ZA1FCy0s/yfvNREdJIL0cH+mTas150IM0?= =?us-ascii?Q?0MzBIQWm/A46avA2ArILQHA+jDtxg6O3bk0tS0DcWrcHI9bWJg4fEnYIE8a4?= =?us-ascii?Q?NNbeZlaQh85KUn2Br1bjKt4zwn9mH1AxtGOCX2BYRNfks54gYz6kYHbEhZ1n?= =?us-ascii?Q?spxxv0++dyuW5xrjlXeTLy3liwVboMQarFXc00vD7KE6REK32pkyaKYlihi+?= =?us-ascii?Q?k3OSfi9Knq556hBw4+pIjVRCZlY02nhID6W8zxf/el1XQbqTcp5KA6dwnJdO?= =?us-ascii?Q?E5kt7pwSwiBT5xQ6ZLQhZN2LXdY7eO7nfSoF32Fjm8MXcOTTeOkfUFH1MD3I?= =?us-ascii?Q?dcEvNgI8SafBK/AJ8iSvO/ezjjmV+HmptlJ1?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(376014)(7416014)(82310400026)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2025 09:50:42.6792 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 221af5d9-d494-4c31-f7a7-08ddd8bc8975 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF000023D0.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB7366 Content-Type: text/plain; charset="utf-8" With all the pieces in place now, enable Secure AVIC in Secure AVIC Control MSR. Any access to x2APIC MSRs are emulated by the hypervisor before Secure AVIC is enabled in the control MSR. Post Secure AVIC enablement, all x2APIC MSR accesses (whether accelerated by AVIC hardware or trapped as VC exception) operate on vCPU's APIC backing page. Reviewed-by: Tianyu Lan Signed-off-by: Neeraj Upadhyay --- Changes since v8: - Added Tianyu's Reviewed-by. arch/x86/include/asm/msr-index.h | 2 ++ arch/x86/kernel/apic/x2apic_savic.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-in= dex.h index 2efc03d324c0..3d0688af2009 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -704,6 +704,8 @@ #define MSR_AMD64_SNP_RESV_BIT 19 #define MSR_AMD64_SNP_RESERVED_MASK GENMASK_ULL(63, MSR_AMD64_SNP_RESV_BIT) #define MSR_AMD64_SECURE_AVIC_CONTROL 0xc0010138 +#define MSR_AMD64_SECURE_AVIC_EN_BIT 0 +#define MSR_AMD64_SECURE_AVIC_EN BIT_ULL(MSR_AMD64_SECURE_AVIC_EN_BIT) #define MSR_AMD64_SECURE_AVIC_ALLOWEDNMI_BIT 1 #define MSR_AMD64_SECURE_AVIC_ALLOWEDNMI BIT_ULL(MSR_AMD64_SECURE_AVIC_ALL= OWEDNMI_BIT) #define MSR_AMD64_RMP_BASE 0xc0010132 diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2a= pic_savic.c index 71775d6d8fbe..e3d8a4302522 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -360,7 +360,7 @@ static void savic_setup(void) res =3D savic_register_gpa(gpa); if (res !=3D ES_OK) snp_abort(); - savic_wr_control_msr(gpa | MSR_AMD64_SECURE_AVIC_ALLOWEDNMI); + savic_wr_control_msr(gpa | MSR_AMD64_SECURE_AVIC_EN | MSR_AMD64_SECURE_AV= IC_ALLOWEDNMI); } =20 static int savic_probe(void) --=20 2.34.1 From nobody Sun Oct 5 01:49:21 2025 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2085.outbound.protection.outlook.com [40.107.100.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A168B1DC994; Mon, 11 Aug 2025 09:51:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.100.85 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905873; cv=fail; b=WyMMVTKpyg2aXz9TbmNTAVKNNnKubA393es/y1BNzOk/0aZrKIB6/jOG6/qppIYXxr7KENzyCCP/qAI2Ifykf38ZDr+N6IjEv2GvPmRApIRXFkJOLcTAzosdBPuNMVVEyfrRbWDW4xajT1OK8+4MncxK+GP08m6W3aK5NwbYbIo= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905873; c=relaxed/simple; bh=mOKJJw7QOdP7gPCUQ73slRa1si86zMH5ESzu+trOLUE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=SaFLReV/ER/8scdK5hUDuWYYYyrsvQCx6rXGj6SqXpWdfyxgONuqP+B6fwtw+JD2Te7JsGsN8eM+lTkyf7/lDzaXUyHCWa+JDEMJzZS264uWCAVcMD/yM2HuEumIu7OvAuBry38TMRyhJynirS16uDvNrCYp+ihtJA3eR40KXs8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=esGL8nrH; arc=fail smtp.client-ip=40.107.100.85 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="esGL8nrH" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=DFMW4yjm3Y+qI8MJ2daKg6noAms58mwfeEfINBWAcDpWlHgFdQeqqSbJG/wbNpELUCq0fjJYnPts3XIArFFom09yn+j57JqY8LXY/Dbb6lP/EgzzKVeT+G8Mz6OcsvCoVFrt6Bhp4CcY7Ch1j4ACdBLFnbLASmjlFpiNtOuCQTtzPuxA3z+zkstvImFMFNz/+1ZXeGfcwUt/YNJZV1emiB99cC6p8eQIzlnaVJaZk0p9uo0mWajVQH3U9ptU1jWVcaE3rvjnJyu4lkoJrppjocM1dgPZ5XcdnrOItKNEDBKeaj1Ie6Ird1ILKQbH5aWSkz7cTMMk9sUI9nz+xxh2Iw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3TI+X/xfOpYtOI+rY6A+qOe/y5REsbc7gwpLntLiVkU=; b=SvDCNnmoOh2zYiW9pLEm8qmODA74M4aWseaJxB8yf8u7G9h1B64dcXE0kHUt0yvxM7yNavp0Uc9+E4QNA7dRWneDR4J9jU56hc3QPIcBTlEMDl/IsKTUrJeSuk6kR46e9UbO4Xm8bf1XwQJ6yeQXabsQ+RBelsPLGy15QKdPr6tTNWgjSQ5Z7l1W+cUnASpz66cnke9w6yPWSzG3lQ+A+3MFOX7pG33h0Fy53HPYeb/zDrSARp5ALIuzv6LddeOpuAhW9evsSLBmhRNP8w3H+PF1Ih35FXvAj+z+i3noeE3gW2eV1n8t5WqDhvxB8L0bKyTqQ22QoM/xeFyrUdXjBQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3TI+X/xfOpYtOI+rY6A+qOe/y5REsbc7gwpLntLiVkU=; b=esGL8nrHe1qCuw60w/fF1CloVKqqVosjish69kR90SJvgNCvjCoNPmsHrDXFnnUXMCbSu9hGHJgFj50dRdI8a2jXrlfRQrr0rxnMzZJxL0hYRjfjR+hN5X0gsOAa37U59U8E6CLAeIicbX6vlx3kJNaFFQdIBLfCXk46s9wqKcY= Received: from BYAPR03CA0014.namprd03.prod.outlook.com (2603:10b6:a02:a8::27) by SJ2PR12MB9237.namprd12.prod.outlook.com (2603:10b6:a03:554::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.21; Mon, 11 Aug 2025 09:51:08 +0000 Received: from SJ1PEPF000023CE.namprd02.prod.outlook.com (2603:10b6:a02:a8:cafe::55) by BYAPR03CA0014.outlook.office365.com (2603:10b6:a02:a8::27) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9009.22 via Frontend Transport; Mon, 11 Aug 2025 09:51:08 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF000023CE.mail.protection.outlook.com (10.167.244.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9031.11 via Frontend Transport; Mon, 11 Aug 2025 09:51:08 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 11 Aug 2025 04:51:01 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v9 17/18] x86/sev: Prevent SECURE_AVIC_CONTROL MSR interception for Secure AVIC guests Date: Mon, 11 Aug 2025 15:14:43 +0530 Message-ID: <20250811094444.203161-18-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> References: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF000023CE:EE_|SJ2PR12MB9237:EE_ X-MS-Office365-Filtering-Correlation-Id: 9b95f2a5-a664-4e47-a167-08ddd8bc98b9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|7416014|376014|36860700013; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?qRExuyHnJuXIGWYAQi+CfLiv/OCVF736eyR6mFsydqNBEqfXI1+by1TtOlA2?= =?us-ascii?Q?Kh424rcdAzBVUUs57E/CQlfRjdmzn6cQq77TuQHDKsbIAFMYmlbda6VZUqHQ?= =?us-ascii?Q?S4XvlCwcIvECXqabtY7ZWpWCyHlPeQXr3tXNZi1ahMk9r7Rm59ukR/+3AxzM?= =?us-ascii?Q?dngHUaG1GELv9o94Kud3z/OmA+7nAbHHQQfNJ1Y3Yi9ekKi5tfMfbpuiUKGY?= =?us-ascii?Q?J01Ch66gJo5cyiIPq7TWrkB9VhAFuXONl3DzuoT4u48Euzz1MwS0b9OC3k/O?= =?us-ascii?Q?xd0sGpc1VaNRYb+G1tX4TVvhpsSoYbqmNmdDSS2RJMK+D53qGLG65qMpZGru?= =?us-ascii?Q?h6hznORwH8WmSuuO7AZg3bwHJBG6qba7zW2f19YHUuezYqvZuGXQNPZ4tae+?= =?us-ascii?Q?cRMW7LY8PtpaSflQMahbW7S7Txoy3jlRmdvJ+2xla9qOKClUeJXPF2LnsigO?= =?us-ascii?Q?ojco6OrXOIdODeXt0/8rzBO+5pSpOohtsYhLGVUoQEYM73488E1ybYGdjkfz?= =?us-ascii?Q?ThnfBqVViw14ZAILWX8e7UTCOXPcUhsIS2ZmOmNr/EXem/va8U3ahRYf8L5J?= =?us-ascii?Q?qg3CYJ9o+YJwSJutFg+1XJahqLJPmpjxPMFBGJdH6umCgPeEdsXk/uLHyibg?= =?us-ascii?Q?Tb4CKoGhbX4UkbDk8//7ApVI08Twtf9AxxSGcoxbSkoVUtQiN9EvxlX8sIyX?= =?us-ascii?Q?HJ8LsP09jc8vRG84J6L8M/tvO7lGOmJIvIn0yBqwD+OCHQIH6zFx3ZLICc9A?= =?us-ascii?Q?34ovfkbqiwHZYSsZAzHRcCi/2sDDMBlnC/PIgI5uZ8iIAMvjeEqPcYgoYwGx?= =?us-ascii?Q?OIQ+FtflQp6CkYGqgI7rJRvCg9F8MBnNZuAVhsNxX4yCK0+oRzj5y5wUQ+rm?= =?us-ascii?Q?JbzKMUIWCHh3G8O+GFJZd90rBTjwgmD/aZYKMtXKWHwoiyPO1p0E1uXnnRQc?= =?us-ascii?Q?BV+JOUA/fcS4He3Pm6YTLQqqP1DSNzDyPXXXi31nNPJ4ALgjdtg+lrEsec/T?= =?us-ascii?Q?OERxCRpEW4itTVJr5rUSVX3cZKnnTDU7+g+1lOjVijOCgKxrMEZz+9+3gGos?= =?us-ascii?Q?ajFB3BxDj3dnqaZwcfsjtIfVsb3ZXfowbOha8Nt5FLZ2CKVGfgC+dzOkvSPq?= =?us-ascii?Q?LDa9UaA19nS0vDsYorGlRRNhP73Txzu75tJ0AqNIzjyZFnoGgE7cNT3JiEKX?= =?us-ascii?Q?sV7hlhtYmkpD6sjl1gzpzd/szbmNIRgRkJTrponFa16iYwjsbh1v8BpMv5WX?= =?us-ascii?Q?sUTUOqigLYZ4mXI0ezw4Ep13eAZKX2H/IbPjSTGitpPK1fR+/IJjGemxITQQ?= =?us-ascii?Q?8astkKt8eEloNdErEwkzN7xK+0uKnIULHYPZ7k++jh+NDervFeRLbESkcE/T?= =?us-ascii?Q?4VIL1yfJ/lGWKShvcCXR4XtOXLAh8+G7sFhN4CjQrKPjWrDc95gPBhZ9+6hd?= =?us-ascii?Q?E0wHINET23zTBPP29K56aq2foc0FUe3FWnkxDJcsi7NEriWJWzKsd+35D8F8?= =?us-ascii?Q?zIPIpc0K42QL48LEfRS4NfjmIJfrNAYob9oZ?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(7416014)(376014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2025 09:51:08.2880 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9b95f2a5-a664-4e47-a167-08ddd8bc98b9 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF000023CE.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB9237 Content-Type: text/plain; charset="utf-8" The SECURE_AVIC_CONTROL MSR holds the GPA of the guest APIC backing page and bitfields to control enablement of Secure AVIC and NMI by guest vCPUs. This MSR is populated by the guest and the hypervisor should not intercept it. A #VC exception will be generated otherwise. If this occurs and Secure AVIC is enabled, terminate guest execution. Reviewed-by: Tianyu Lan Signed-off-by: Neeraj Upadhyay --- Changes since v8: - No change. arch/x86/coco/sev/vc-handle.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/x86/coco/sev/vc-handle.c b/arch/x86/coco/sev/vc-handle.c index fc770cc9117d..e856a5e18670 100644 --- a/arch/x86/coco/sev/vc-handle.c +++ b/arch/x86/coco/sev/vc-handle.c @@ -414,6 +414,15 @@ enum es_result sev_es_ghcb_handle_msr(struct ghcb *ghc= b, struct es_em_ctxt *ctxt if (sev_status & MSR_AMD64_SNP_SECURE_TSC) return __vc_handle_secure_tsc_msrs(regs, write); break; + case MSR_AMD64_SECURE_AVIC_CONTROL: + /* + * AMD64_SECURE_AVIC_CONTROL should not be intercepted when + * Secure AVIC is enabled. Terminate the Secure AVIC guest + * if the interception is enabled. + */ + if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) + return ES_VMM_ERROR; + break; default: break; } --=20 2.34.1 From nobody Sun Oct 5 01:49:21 2025 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2056.outbound.protection.outlook.com [40.107.93.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A95091A3BD7; Mon, 11 Aug 2025 09:51:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.56 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905899; cv=fail; b=mFF693UJ8EU3KCiUZPwSqxCq/bOmAw9jpmGLFkVKMovyJ3X5fMnCSdGvVOxoOmJgro1hGmSoJ238iNoWaAbGrlU5O7xwC/ZHIePDaOFIN37hUmu8XAAhxbTNDKWKA6p5OMqZkYu2jNKEHzEiCou9K5vKk2tkaqpAWsUBpbED5I4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754905899; c=relaxed/simple; bh=VSAb0bn4SyEMh4exzpeP5TEXbc/iDc7VRbj4HtyLBkI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=jgaxvqLlxvQ+4UVZgUGm3mLyCa/0yaMPH8KupDFCFFMdtbgLof16ZDU1WARfIzirXrSvy5e++l6GpVTQ1CDyeaSnCCzA1T+GP7kIzpSErwJO8QU+jnwT0CUw08iZCLH/9kGICLGv0Bdo1POH55xh1FMaTiedMM+mPfp9JNq0wa0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=yjXPR9ai; arc=fail smtp.client-ip=40.107.93.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="yjXPR9ai" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Dov6NKMbYOmpuK6BbTx9ok3VsxAeYMYH+pfWTa2XNgYI7nogsEmyqe57X0km2v61ffk4HT3zyaGgm4Lmc5TjTgiev/OCDo7OEjmiv0LBhZZ66ldrlBgUpMaFnOjZuiqBq3FIt037Zhze+FMbr+npsqzrIHxw7yxicPmozKgSsoE3bjq1/hx4GtDv8UxO0BHk2s+0YJOK0YhzyOasSv8NlLqfSTKHd52Y+O88Rxhq8N0V7kJHZZpW7QAoqJuXrKvD5CbsME9qDw138tZvJjqawg6eA+v6QGlbHzthCofj/bBzHXcpZsysoEhA9zYbpHccFcO2wDJQSHXklXOnUBaKgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OJPsBV/XfC3adQ0yO0Ptmve/rjtrCAkSXZmSEe1ZGQ0=; b=fvA/b9WAqMo+5DBsHHpFRzUlRpazdv1bOYGFhAzkgRMQ0HEgmbnooHyUHkxCGjI8Rq+SEy6leWdeu2Q+OhxbQmzaGbRmcymUwSL/9UIS0G06s5wQYSySjK6gwXoo1QsEa3lQz3+PjFfmR1kafxZ1Ven+09Dr0tNvbFCb61T6ZtXuIz2wkNwWiA7L7CKwxHX9yjNyCq3Sy9nbkmBdn7eE/gSpdothbcIRnURj142xd0lS4Lc/9/UDVIxfLtlrSDcuWS2nNM0YqASlki5y3rjuprru/QA+bKJtKXdHLwgtflKjX83zqWyShJLTnbTomvP1SscjSWRahwK3UrnSpi0baQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OJPsBV/XfC3adQ0yO0Ptmve/rjtrCAkSXZmSEe1ZGQ0=; b=yjXPR9aiiv+T86HCD5gZ7NcEpkRS6kXmnEDzWbEZHFpkQdoVMeDcQozQFQBtxJoxUHLTW6i4UQXwN7MdrspJuz2aKpkS7bAblcL2qFRedY/PbcKM4fjtTiWQp4I2t5KVY7XuxmVJw+iHzJF0FY8thWppHtKmUn/dU5wOJ2vdcHQ= Received: from SJ0PR05CA0160.namprd05.prod.outlook.com (2603:10b6:a03:339::15) by MW4PR12MB6683.namprd12.prod.outlook.com (2603:10b6:303:1e2::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9009.22; Mon, 11 Aug 2025 09:51:28 +0000 Received: from SJ1PEPF000023CD.namprd02.prod.outlook.com (2603:10b6:a03:339:cafe::6d) by SJ0PR05CA0160.outlook.office365.com (2603:10b6:a03:339::15) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9031.13 via Frontend Transport; Mon, 11 Aug 2025 09:51:28 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF000023CD.mail.protection.outlook.com (10.167.244.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.9031.11 via Frontend Transport; Mon, 11 Aug 2025 09:51:28 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Mon, 11 Aug 2025 04:51:21 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , , Subject: [PATCH v9 18/18] x86/sev: Indicate SEV-SNP guest supports Secure AVIC Date: Mon, 11 Aug 2025 15:14:44 +0530 Message-ID: <20250811094444.203161-19-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> References: <20250811094444.203161-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF000023CD:EE_|MW4PR12MB6683:EE_ X-MS-Office365-Filtering-Correlation-Id: 4fdd8a63-f1fc-4551-9ae1-08ddd8bca4c5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|82310400026|36860700013|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?G3oRQDbdbz7fvv3LniR26HJ4odlKJZpykJi1d+nThAHbO0/A7ylVBMX6kkG6?= =?us-ascii?Q?bd7eHjTcRTNV4iP2QF3hxOmxiW7r/SQT0u0ozqfldpZJzqJ/e9EAdKlyQkpL?= =?us-ascii?Q?6tyJKfo+OfHQsf9BmEeDSekh3JQvuKKV05iUZNM3bxVZ/5Q2JzWqj/0CzwGC?= =?us-ascii?Q?l6SxYQ430bxQsv3jy7+D5m2XRbYe9iWKqeeda2NGcK8Zm6foXG9VEYNHX5qF?= =?us-ascii?Q?ZOGHbA8LqH0LZQvvQvFJQC7TtqulprTS5iUdP2oHsMWF/WIVXaD3upqrJ7Hb?= =?us-ascii?Q?69zOIJ7nmbmHI3g2m5/c24ZUTwu47WXNnlzP8QoTfbgWVqkS1E7p5rvXwVcg?= =?us-ascii?Q?lqAS9QwLbTCySoBxLsmqlLqV79/B9Go2bxael+8uiYVl+8+Nbq/8W84AUh1V?= =?us-ascii?Q?ZiUF0aPWnFARvzgmcDddNE/0iH5gi3uHD6j/ADVHrJo5WFGmwHksiKHKCU0Q?= =?us-ascii?Q?dSXoLQtL1d7ZvvCfZBqWwWvEP+Pt/0PCCrzpy1kHNxlIN7DXLOdYEr2vSx8K?= =?us-ascii?Q?kb+TmAd03II9F6d1QUMWJy3qS1+wMPc4tktFaD9aiP1XRJgYn+G5Qe5f/9FQ?= =?us-ascii?Q?OGqF14E4en4oD1TGYhLfyZXicEKj5D60jQAi4cHB7a59UHMSygkFbhcYFPrm?= =?us-ascii?Q?dvpiR7v202eoWQTmB1/ngG6xCFALY4OWAbtMd6X9Cx3wyNfQwDwxvywn8xRN?= =?us-ascii?Q?Ge0Q+McEZqjTQMSGDucsAc0gDLlqWCKE+xDgQ6oegGFW+sFqyzddbU1OdYPF?= =?us-ascii?Q?fheLtvvDSYNkflCBMZ2TVYBNsojCqN2A4rTW7Q4sFMcygPoms08BQJhTGG7O?= =?us-ascii?Q?ls7QSel0+7jbr70GUOo02Dhto+Q+W9W39VA1HendsT/vNmMDdOZuJOjr2GQO?= =?us-ascii?Q?n8AiUXhA24Jqny2wgLDCI+Mj3yPvjuGgSBRUg1DBl9eH3jl+w3BBS975yNwB?= =?us-ascii?Q?/gdF66kHvN2Mc46Eh2vKYZIV+0U3KNU/CLkMQcyRrIX/t8G6VyewIlUGAU9+?= =?us-ascii?Q?brxGjBkf3/2qCcw6ICGDH8nDByCwNi6wsWkFUfRxFoLngHWhfEzGn4gTfEQb?= =?us-ascii?Q?2SwmiRj5BohymHPV74y7nfhfpfeSQ3Cay0J9giR5zTqhoaGNU3RhmLwtzc2U?= =?us-ascii?Q?/918q0rlDP3Yl5k04Hgn1i4+rg/QsATL81TmzviAMZqHLk7ixUhd44aFsnit?= =?us-ascii?Q?AIUHomsIyQkSqJjoF6UjvSM3rBMLgWjjgEaqg00SZZ9gs+RlKq01TUgGesm7?= =?us-ascii?Q?t4JsGVDVRVD+JJxeCDCajt7m9mozaONePxjmefMRGdAp8HA6VrrYll7b23pw?= =?us-ascii?Q?kVlsvQkCNWJAsnVlI8qKoLI82lnXtxm4W74VoKpe8/k/gp+nbS+ppAVgSOPZ?= =?us-ascii?Q?7v9QXOg0Yep+L7sEKqABLVE0U2ROVLczuTVayrOUo8m84NOyxRQxt1i+5BPx?= =?us-ascii?Q?9Suu/4tgg2INrVy6yprZU4Tep+T4DSRDp0bzqkPop5NAAIm34Owaa/7qsfa/?= =?us-ascii?Q?AM7AAs6rHumN0thy78EcBZCs3eG28KrdgYw2?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(376014)(82310400026)(36860700013)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Aug 2025 09:51:28.5002 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4fdd8a63-f1fc-4551-9ae1-08ddd8bca4c5 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF000023CD.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB6683 Content-Type: text/plain; charset="utf-8" Now that Secure AVIC support is added in the guest, indicate SEV-SNP guest supports Secure AVIC feature if AMD_SECURE_AVIC config is enabled. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Reviewed-by: Tianyu Lan Signed-off-by: Neeraj Upadhyay --- Changes since v8: Add Tianyu's Reviewed-by. arch/x86/boot/compressed/sev.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 74e083feb2d9..048d3e8839c3 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -238,13 +238,20 @@ bool sev_es_check_ghcb_fault(unsigned long address) MSR_AMD64_SNP_SECURE_AVIC | \ MSR_AMD64_SNP_RESERVED_MASK) =20 +#ifdef CONFIG_AMD_SECURE_AVIC +#define SNP_FEATURE_SECURE_AVIC MSR_AMD64_SNP_SECURE_AVIC +#else +#define SNP_FEATURE_SECURE_AVIC 0 +#endif + /* * SNP_FEATURES_PRESENT is the mask of SNP features that are implemented * by the guest kernel. As and when a new feature is implemented in the * guest kernel, a corresponding bit should be added to the mask. */ #define SNP_FEATURES_PRESENT (MSR_AMD64_SNP_DEBUG_SWAP | \ - MSR_AMD64_SNP_SECURE_TSC) + MSR_AMD64_SNP_SECURE_TSC | \ + SNP_FEATURE_SECURE_AVIC) =20 u64 snp_get_unsupported_features(u64 status) { --=20 2.34.1