From patchwork Fri Sep 13 11:36:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13803294 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2075.outbound.protection.outlook.com [40.107.93.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 394091D88B9; Fri, 13 Sep 2024 11:37:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.75 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227465; cv=fail; b=NfkcIWkreKU5ZdfLNe9NGiS1bX9cBSFVHFTkpuhZB232YlXGw4YEHnHOpc+WfOsZIEMD15hKIocoh3wW1/rcnx7T9wbExoOcAh/OYgeO2meGOl+LuFNr8aIopsXUqcKFxWgQlzi4c1ufZHg+QTtFs7Nh30mmCUhVPPhXFucuNRY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227465; c=relaxed/simple; bh=QVRVp+550Vrs47zoH2e9vARHcU9hi+lLUadP4vNR60s=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=G0F2DsORNgn0e8VGWmQuCyqXN6w1myZICH0k5koj4yPC2ptwpPFbjWkS2YkvDvlSLkGZJH93tf/D59CNeT6Yf2TUat1RguUnUMgqWBBKqnh5qo5sYLG4UMQA4CZLdbHn0hG9EePnkNtQfuf2cuKh9SP0+V6IrnhZUdH0Z9ryiaY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=zRd+xlQi; arc=fail smtp.client-ip=40.107.93.75 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="zRd+xlQi" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QXofbhfHWglRXO8y0fTQ6J6xgjtO/jNF19gsFQE7LzkyKP7Ot0PnDyNiA+aUbc9OZWXJgkOnsIHjvL9kKY+E9u0keCuzGB//SNT3lzFiZEQObLMGLbb96Vkxk8fxB9m9XnWfrThEOV0pt51ujnBd4lKW9z5pKpBawasgbSDe0imsK7IXLbj6gkbHFXmxqSO9xE+Sd81zdxUhe9lRSVOJ32lNtPjEf3cf4CCGLS021W7QudeRDBHFob4W7BVNc5TNQb+D4WcAUBJHUY9icbK0TbMdcoTP4pXWOoHc09DrRvPbzv1gYmENJYuImrdz3CvIIi3/yzLOmoShEg1g/RQXKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=aQ9caO4fzy3IrliaUJl+EpEQYxzb1FXu062SfsRKLuw=; b=ws3X94dRK6wfHD/CUciKjKmH6aLYjbTuIB4K6qtsUx305VtFhSYjpcpHozBlEATWsYiGhK4BOxvkGurJdEtEB5cW/B45VkcknNhuGxhRpdHlH/EmTiD1hyZchsDsodJ7w61mkqpwCK3wuZV6Ymrdey0fFg8rTBDYHvgbmcQZ+jzPUNC7CAApFgrHmw1MEF+y2y4x764XxNpk2Ipx8R0rICG35TMJLze8aYLVFvJT6jlw7Kc0JYUGUBgNL+QJCEC+MFBKiK6YVABzsRzPSSFZZNSxemTIlOcSYR1YGm7FJwyf9at40zp0QNeT7qVk5qgHlzAk2FKdQ4dZMfJAjxsC4g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aQ9caO4fzy3IrliaUJl+EpEQYxzb1FXu062SfsRKLuw=; b=zRd+xlQixJirzpl8cuFWze6SOqVwONvg7lkLwxhvEonggvq5YWT7gjO+OunCNLw80RBYmQu5GzC6rl/FS8mvkRWCq1ouVnIxPWUGpRtIQBj0gNUsbNqN7p8NRMZ2O6bRZd3DzHx09Tav0Bv8xfL+xpB7BtATZRt0ewpG34/T3Yc= Received: from DS7PR03CA0126.namprd03.prod.outlook.com (2603:10b6:5:3b4::11) by IA1PR12MB8264.namprd12.prod.outlook.com (2603:10b6:208:3f5::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25; Fri, 13 Sep 2024 11:37:36 +0000 Received: from DS3PEPF000099DE.namprd04.prod.outlook.com (2603:10b6:5:3b4:cafe::bb) by DS7PR03CA0126.outlook.office365.com (2603:10b6:5:3b4::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Fri, 13 Sep 2024 11:37:36 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DE.mail.protection.outlook.com (10.167.17.200) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Fri, 13 Sep 2024 11:37:36 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 13 Sep 2024 06:37:30 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , Subject: [RFC 01/14] x86/apic: Add new driver for Secure AVIC Date: Fri, 13 Sep 2024 17:06:52 +0530 Message-ID: <20240913113705.419146-2-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> References: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DE:EE_|IA1PR12MB8264:EE_ X-MS-Office365-Filtering-Correlation-Id: 3e59dd1a-b26e-46f0-8dac-08dcd3e876f9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|7416014|36860700013|376014; X-Microsoft-Antispam-Message-Info: BJXKPM3BT+wtPs1iFRmMVWghS8s7CjvwnkLNuZSW/acHuSer+bUxw7FOa4NKSTd60PtQLfeXJJ3zOLCrRYLM6GW6BP8kLFkBgFlgCegWfhOW5uvPYrcLNl4IfjoIawiP8YX/Pt3EXyxeBwFCH8KVjtRT92zZxZkJqVQA8zDByWzpF2M7Xg02ZlKPdQBLji8UkYuVXpCKZpIEMDgNQJ595wf/R2r0gkJqJpqUIO7noBUcU8z9OwrnC2l8ihM3OfEGTmxjFec1xD2c3CkJOQzIio3MeiNk7A/BjofCWAAwPeI2WYemtxQJ6AdGh6NReELirRxt9JS0Ks+tnfwLpv94huq5sDqS2DvQrBHHExiKE8vCZxEwJq9vsS0MuIajxiPPY2JN2/ZeJdgUPNNoaHYkrmuezEBe9nGGOnvlaBgJtxZOkJkz4guAiquK8OU86Ow8XRIftS6dg7yKsMHyoX9Aev76faHxp5FOZESPJMYIed5Odagv3vDU53gpGRO3JZN+gX07nYh+vzUXcBGWlUXC9+0FTYi5Im+YmLHtLdnShqQk4v20ozpdm3Zwq1Y7ZsUc82X+TNCoj/45EEqNFvbJEb5TS85X4da7RIHDeeXgnrhBB/n5LyiWti6yB/cTPs4qS2A/cHmCunWt6YTTZo7D9YjndxPt96cX9oOduQ8SdiMK7J4qcIL13caUL7I7iTn1J5FW3mectNZTsmnKW4b1dgCHh0dkS7HSb8zXuECpeCJwxvW6i+7qwyQnvv+vzx8En29+VqN0SeE34/VWMWam7zh04qnYWFttlzV+3I3EJA03cvRkjbceOF2vrKtgmvhK5OmUDvlfTTSdybk84n7snr7TJJsGc4OmfJEvIvNLA7LZvQxZtjxjIFsJqeP3zANi7gw/tXVH2eaz240jKTAzOG/L+2WOr6xnDigXZvrTon3ll6TR3gh0SP6FkS6goP/WlmseEviTK0+QlB8x0oXjNQPQEhx+dYVSmFsp8tWEef1kWJZtdamEIIxmwvSNsaSm+6mx9ChyxjCYpWOLRDGaOSWDSqREiYtyzIVd1aKVdc3Nx4m6GXRuLDq2p7LbK1uQT4PnHphfXoJ+aViIgr9cx87ZYc+kckwrAxanM8Se6I36DxBzaq/fkooCJu5Y//fK70Ue7L1O5s7mncGSNXpSsfvcqlbG49Z//gcciwJ0VAJAIrSmo1zf42mLV4RkztZxu9cM6N0VWQCcm0hCnUb5AWTorS/mHMhBM28jP0JJHo8nwpGCGA/L28ATUhOkMVgJngFLUfUl92Ra/w7abgO5atf5OOnt+1N5O4VIyAyiyQyEXunTqXlZZhIxIyU5o7LL8559w2Yf4BkdUaAe+LQJxcT+b2XaO9wTX2HwhFNMrfO0AGqi8PKRuqMkE/JOL5yhjaUCEU8Y9GYFzHeBLJS/W/l+0swvbju/kJ2igiBfQhcdFgyXojYAytwIpIE9WPWx X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(7416014)(36860700013)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2024 11:37:36.0769 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3e59dd1a-b26e-46f0-8dac-08dcd3e876f9 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DE.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB8264 From: Kishon Vijay Abraham I The Secure AVIC feature provides SEV-SNP guests hardware acceleration for performance sensitive APIC accesses while securely managing the guest-owned APIC state through the use of a private APIC backing page. This helps prevent malicious hypervisor from generating unexpected interrupts for a vCPU or otherwise violate architectural assumptions around APIC behavior. Add a new x2APIC driver that will serve as the base of the Secure AVIC support. It is initially the same as the x2APIC phys driver, but will be modified as features of Secure AVIC are implemented. Signed-off-by: Kishon Vijay Abraham I Co-developed-by: Neeraj Upadhyay Signed-off-by: Neeraj Upadhyay --- arch/x86/Kconfig | 12 +++ arch/x86/boot/compressed/sev.c | 1 + arch/x86/coco/core.c | 3 + arch/x86/include/asm/msr-index.h | 4 +- arch/x86/kernel/apic/Makefile | 1 + arch/x86/kernel/apic/x2apic_savic.c | 112 ++++++++++++++++++++++++++++ include/linux/cc_platform.h | 8 ++ 7 files changed, 140 insertions(+), 1 deletion(-) create mode 100644 arch/x86/kernel/apic/x2apic_savic.c diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 007bab9f2a0e..b05b4e9d2e49 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -469,6 +469,18 @@ config X86_X2APIC If you don't know what to do here, say N. +config AMD_SECURE_AVIC + bool "AMD Secure AVIC" + depends on X86_X2APIC && AMD_MEM_ENCRYPT + help + This enables AMD Secure AVIC support on guests that have this feature. + + AMD Secure AVIC provides hardware acceleration for performance sensitive + APIC accesses and support for managing guest owned APIC state for SEV-SNP + guests. + + If you don't know what to do here, say N. + config X86_POSTED_MSI bool "Enable MSI and MSI-x delivery by posted interrupts" depends on X86_64 && IRQ_REMAP diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index cd44e120fe53..ec038be0a048 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -394,6 +394,7 @@ void do_boot_stage2_vc(struct pt_regs *regs, unsigned long exit_code) MSR_AMD64_SNP_VMSA_REG_PROT | \ MSR_AMD64_SNP_RESERVED_BIT13 | \ MSR_AMD64_SNP_RESERVED_BIT15 | \ + MSR_AMD64_SNP_SECURE_AVIC_ENABLED | \ MSR_AMD64_SNP_RESERVED_MASK) /* diff --git a/arch/x86/coco/core.c b/arch/x86/coco/core.c index 0f81f70aca82..4c3bc031e9a9 100644 --- a/arch/x86/coco/core.c +++ b/arch/x86/coco/core.c @@ -100,6 +100,9 @@ static bool noinstr amd_cc_platform_has(enum cc_attr attr) case CC_ATTR_HOST_SEV_SNP: return cc_flags.host_sev_snp; + case CC_ATTR_SNP_SECURE_AVIC: + return sev_status & MSR_AMD64_SNP_SECURE_AVIC_ENABLED; + default: return false; } diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 82c6a4d350e0..d0583619c978 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -658,7 +658,9 @@ #define MSR_AMD64_SNP_VMSA_REG_PROT BIT_ULL(MSR_AMD64_SNP_VMSA_REG_PROT_BIT) #define MSR_AMD64_SNP_SMT_PROT_BIT 17 #define MSR_AMD64_SNP_SMT_PROT BIT_ULL(MSR_AMD64_SNP_SMT_PROT_BIT) -#define MSR_AMD64_SNP_RESV_BIT 18 +#define MSR_AMD64_SNP_SECURE_AVIC_BIT 18 +#define MSR_AMD64_SNP_SECURE_AVIC_ENABLED BIT_ULL(MSR_AMD64_SNP_SECURE_AVIC_BIT) +#define MSR_AMD64_SNP_RESV_BIT 19 #define MSR_AMD64_SNP_RESERVED_MASK GENMASK_ULL(63, MSR_AMD64_SNP_RESV_BIT) #define MSR_AMD64_VIRT_SPEC_CTRL 0xc001011f diff --git a/arch/x86/kernel/apic/Makefile b/arch/x86/kernel/apic/Makefile index 3bf0487cf3b7..12153993c12b 100644 --- a/arch/x86/kernel/apic/Makefile +++ b/arch/x86/kernel/apic/Makefile @@ -18,6 +18,7 @@ ifeq ($(CONFIG_X86_64),y) # APIC probe will depend on the listing order here obj-$(CONFIG_X86_NUMACHIP) += apic_numachip.o obj-$(CONFIG_X86_UV) += x2apic_uv_x.o +obj-$(CONFIG_AMD_SECURE_AVIC) += x2apic_savic.o obj-$(CONFIG_X86_X2APIC) += x2apic_phys.o obj-$(CONFIG_X86_X2APIC) += x2apic_cluster.o obj-y += apic_flat_64.o diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c new file mode 100644 index 000000000000..97dac09a7f42 --- /dev/null +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -0,0 +1,112 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * AMD Secure AVIC Support (SEV-SNP Guests) + * + * Copyright (C) 2024 Advanced Micro Devices, Inc. + * + * Author: Kishon Vijay Abraham I + */ + +#include +#include + +#include +#include + +#include "local.h" + +static int x2apic_savic_acpi_madt_oem_check(char *oem_id, char *oem_table_id) +{ + return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); +} + +static void x2apic_savic_send_IPI(int cpu, int vector) +{ + u32 dest = per_cpu(x86_cpu_to_apicid, cpu); + + /* x2apic MSRs are special and need a special fence: */ + weak_wrmsr_fence(); + __x2apic_send_IPI_dest(dest, vector, APIC_DEST_PHYSICAL); +} + +static void +__send_IPI_mask(const struct cpumask *mask, int vector, int apic_dest) +{ + unsigned long query_cpu; + unsigned long this_cpu; + unsigned long flags; + + /* x2apic MSRs are special and need a special fence: */ + weak_wrmsr_fence(); + + local_irq_save(flags); + + this_cpu = smp_processor_id(); + for_each_cpu(query_cpu, mask) { + if (apic_dest == APIC_DEST_ALLBUT && this_cpu == query_cpu) + continue; + __x2apic_send_IPI_dest(per_cpu(x86_cpu_to_apicid, query_cpu), + vector, APIC_DEST_PHYSICAL); + } + local_irq_restore(flags); +} + +static void x2apic_savic_send_IPI_mask(const struct cpumask *mask, int vector) +{ + __send_IPI_mask(mask, vector, APIC_DEST_ALLINC); +} + +static void x2apic_savic_send_IPI_mask_allbutself(const struct cpumask *mask, int vector) +{ + __send_IPI_mask(mask, vector, APIC_DEST_ALLBUT); +} + +static int x2apic_savic_probe(void) +{ + if (!cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) + return 0; + + if (!x2apic_mode) { + pr_err("Secure AVIC enabled in non x2APIC mode\n"); + snp_abort(); + } + + pr_info("Secure AVIC Enabled\n"); + + return 1; +} + +static struct apic apic_x2apic_savic __ro_after_init = { + + .name = "secure avic x2apic", + .probe = x2apic_savic_probe, + .acpi_madt_oem_check = x2apic_savic_acpi_madt_oem_check, + + .dest_mode_logical = false, + + .disable_esr = 0, + + .cpu_present_to_apicid = default_cpu_present_to_apicid, + + .max_apic_id = UINT_MAX, + .x2apic_set_max_apicid = true, + .get_apic_id = x2apic_get_apic_id, + + .calc_dest_apicid = apic_default_calc_apicid, + + .send_IPI = x2apic_savic_send_IPI, + .send_IPI_mask = x2apic_savic_send_IPI_mask, + .send_IPI_mask_allbutself = x2apic_savic_send_IPI_mask_allbutself, + .send_IPI_allbutself = x2apic_send_IPI_allbutself, + .send_IPI_all = x2apic_send_IPI_all, + .send_IPI_self = x2apic_send_IPI_self, + .nmi_to_offline_cpu = true, + + .read = native_apic_msr_read, + .write = native_apic_msr_write, + .eoi = native_apic_msr_eoi, + .icr_read = native_x2apic_icr_read, + .icr_write = native_x2apic_icr_write, +}; + +apic_driver(apic_x2apic_savic); diff --git a/include/linux/cc_platform.h b/include/linux/cc_platform.h index caa4b4430634..801208678450 100644 --- a/include/linux/cc_platform.h +++ b/include/linux/cc_platform.h @@ -88,6 +88,14 @@ enum cc_attr { * enabled to run SEV-SNP guests. */ CC_ATTR_HOST_SEV_SNP, + + /** + * @CC_ATTR_SNP_SECURE_AVIC: Secure AVIC mode is active. + * + * The host kernel is running with the necessary features enabled + * to run SEV-SNP guests with full Secure AVIC capabilities. + */ + CC_ATTR_SNP_SECURE_AVIC, }; #ifdef CONFIG_ARCH_HAS_CC_PLATFORM From patchwork Fri Sep 13 11:36:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13803295 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2072.outbound.protection.outlook.com [40.107.93.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2D6DB17BB3A; Fri, 13 Sep 2024 11:37:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.72 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227478; cv=fail; b=XRT5Rc6WNTCAbvj5SUTUkLZ6KRQYst3SG4hw5FwZS1ZG539lpmdwvoSiMd5boo1HpZKDtzMIY1SNFUOU7H/J2yX5fmXtql72HC4U0aZN56Yu/EdM7kXzGy0I97VNFBNjMP43InjIfp+CrGrVc8Sgu7pletnieziZj1n99KUONrk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227478; c=relaxed/simple; bh=0xsnjvDIv/12+5zoVq/Afcccu/xPSXU9ZpnWNWi1u0A=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Xo/OiPXVZcLX7N6iNK1iOfk3kf7q3zSNIJQbbHuF9Ef/JobqVCm9P7MVpBqZ+Mr9rJ75lojITHwgkj8PksaSO+3WUenmxdgysd2f1tDQrxoqcI62uqeyeNwvQRVcCzLhJ2D7GsUnFf0ZWe6P3U8zCeRAdtcRwg9CE12Q09uNhh0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=X8v69SmF; arc=fail smtp.client-ip=40.107.93.72 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="X8v69SmF" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=hopiPXYLQbD4r9Wp+FR5BejIyvdhlAO9ETFtiikczZopw8Sv6a9kwL/jbiiTp0+Zxdgtxe9KWep/TMz/XKiHhSy+/uwD72gmTSRqOG33b18OZhMCrW88iyU2xAVeNS7A2WnZF4isz1F47p0Tp1jLPGXn+m4+/lAxz5Z5LoFuzAUXNGs5s2STGdCvQSltXEuaWkHPOcEx/kOlVFEKXoY5DUWu6nwVIh7T44Kb1N7Xf7p/hysqeWjPad45b6G48fyKYRU9oU5aVLt84QmpN3Dr6aFhj1hLOwEfE0X76Ak//OyhsL9LW7eI7qjS11wT41kV3ojFfnBJ+lCX7xNf3ucuWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=swjGXse/Ut+mWjZc/Eh9N2QTR3ptXuYIqX+lhCvMcsA=; b=CP0Hc1IR5cub3D9Ut16FFpYXfu1lTD4k7wYo/c0ZKuRQVMJ7I0SATzXAfMJIGXqYJoY9ZbrAYwTIDB9jzqj3xwcI3sa3PUKcfdacNV+ptcEsI5qAKoXdw8VVfHVGD2pCpsAlZqK8HH8nTewwDDYYRaK0Zd+9NC1CoBe3sm/t9LSJDpu/l3eO6bZL4bM7Ym4tjrVgeED5E7xmPe+7/cNDPafL68h6yr263W35JRJUwBkepZsWK1GXT1LKC8EbK98XWuhwrcoNFFpXZonUUfRHs7vEdELdExmJb5oSmk9zryyBHs1qIrCFA0v/bPZxm6nL2+pKloK4c85DLpnOJwaPMw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=swjGXse/Ut+mWjZc/Eh9N2QTR3ptXuYIqX+lhCvMcsA=; b=X8v69SmFD2Wdy9XA/c8sr0HtaZCWAiYJbPM8Xb8tYuWkFESxCIe3CQ582u5sUO3/E+DFjbEjdrfgnkKVH74j6rAyreAN7NICxTS1+3pQ8AG9aVhwefrT90oOJx6n9oCbEBAp0IufPMKdeO9Z/JX1jIdzKKkFpyVSRsZpSkkrP/k= Received: from CH0PR03CA0259.namprd03.prod.outlook.com (2603:10b6:610:e5::24) by CY8PR12MB8067.namprd12.prod.outlook.com (2603:10b6:930:74::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25; Fri, 13 Sep 2024 11:37:54 +0000 Received: from DS3PEPF000099DD.namprd04.prod.outlook.com (2603:10b6:610:e5:cafe::aa) by CH0PR03CA0259.outlook.office365.com (2603:10b6:610:e5::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.27 via Frontend Transport; Fri, 13 Sep 2024 11:37:54 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DD.mail.protection.outlook.com (10.167.17.199) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Fri, 13 Sep 2024 11:37:53 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 13 Sep 2024 06:37:48 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , Subject: [RFC 02/14] x86/apic: Initialize Secure AVIC APIC backing page Date: Fri, 13 Sep 2024 17:06:53 +0530 Message-ID: <20240913113705.419146-3-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> References: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DD:EE_|CY8PR12MB8067:EE_ X-MS-Office365-Filtering-Correlation-Id: 36960c42-c19c-410b-de6f-08dcd3e88197 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|376014|7416014|1800799024|36860700013; X-Microsoft-Antispam-Message-Info: 553pfb+0ywB/wDSEw6cFzP7O8UpG1jD0BFxL397CNxlN/ek1Hllm1NF+/knmh3mynZgXxrtISrJOE6Tx3jJYYLGa9vNyywlZPS/40CduOAVZdYHJrpexDW/eBTeAxwApNGUoHDSoSmSt6p/0x/OcVLWqPSXTqPVjkZ+Lb0uW0L4vUnsTnq01f86T9kP3v9kgRp5hozEZYNkDGZ2FoRL64JH9I6V6OgKiYduvqKM92ZrJ7d8N6KipXhaow9edIsdUL/w8l0d+JVSvfEfOLbfc24NQKCvjJkY9dCAiaa/23BPe85RP/H8syFudcUqYhryxrWYDdUPTVKYXkBlNG4mS7BSJ5Sm+iCxewBdO5VJaI8KkAzPS1sAmTS7fmYVbDUdLLDzv5zyWLPJroG1IBCuQp3VbtOSN1qIGxfjaf3ntfskbFHxH6osVkQpI7HM07XNSgFoPIbBI6g/kNPwMcoISG2kzMw6J9Nb0oEJEhO/T/IO0Khf0q3MSvs0QueXJyozKkckm4aU87ECb1PcsusS+MuPkxj5of5M6Erasa0+iK7PZlLl4YHijQtwUMfBskK2PgsMP77ckjECJjR5Sa2r4I4FfeqrlJo6klndsJdxpBaDAE0tmUgUW6dqv+iP9oysWxb8mwlS1f7DEC3iVFI9ISPy70NCmRDMhx8WRip/8I4wtyRb3ELyLs+sWM71yBkK19YLG4Cj+WouEAk5oLzK/c9muFA+RVPP6RamdC36S6zH/USos8lAt7GJS+WTbdiseCHWrae4aJ6T93T52xXr3y0DtQtwV3dIbNcTljWub6XqOPPS7/zEveRkXa3Pcjx8BeX9D+Wa9UeJ30PYANH8Sm7ylp1aX345GSgkNQxoJRjBVP9AT96BC1QPcUgFXseA3pHvSF0xSsB0RvMs49POhM7GOPfQ0149M11Ew7nj60Atd+W3J+d0ZD853l1WTetGJf/sIGEI7gM+sPXStif0T5VzLI22RPdPA1HdgtAOZSYxCR8YzwGu/7xssTsl+ldDizoGj1BIxGU90jnoNGZhODcKmNkjfe6KNBrGrwQWr+OzIjTaqWD8Vm+dKafQcuWD23SoQRrwzXwjhRpYDn2WXdf6m6jtsVsSVfnvFyCeRJXuSug4Gbyfoj2rnDlSK4CQfoQtVIophKCI0DRXTPtgeUZMHw7pWB/2N+aBDVLHiDl5dT1zOHyeU3OSV10pMgbyaBGVdCC1Pf3oQX40/kC3ETjhn6Cra48GwsyD+W7E1mDe7DERJ9n3wexdzQQFVdQgdKV0viVE13C0kr1oHCbiwfsvfUDas+bNL7igGvMeUMM0iS75q9enHum9pG6Er0TQ9lVtaI0BZdaSmcnp3Sha2cQb4nSdkj67nFbgnzS1QCT9EgZ8ASpyaA8Tno2N4v5y8FB0f3MUsiEetLorkQZvFYg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(376014)(7416014)(1800799024)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2024 11:37:53.8604 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 36960c42-c19c-410b-de6f-08dcd3e88197 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DD.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB8067 From: Kishon Vijay Abraham I With Secure AVIC, the APIC backing page is owned and managed by guest. Allocate APIC backing page for all guest CPUs. In addition, add a setup() APIC callback. This callback is used by Secure AVIC driver to initialize APIC backing page area for each CPU. Allocate APIC backing page memory area in chunks of 2M, so that backing page memory is mapped using full huge pages. Without this, if there are private to shared page state conversions for any non-backing-page allocation which is part of the same huge page as the one containing a backing page, hypervisor splits the huge page into 4K pages. Splitting of APIC backing page area into individual 4K pages can result in performance impact, due to TLB pressure. Secure AVIC requires that vCPU's APIC backing page's NPT entry is always present while that vCPU is running. If APIC backing page's NPT entry is not present, a VMEXIT_BUSY is returned on VMRUN and the vCPU cannot be resumed after that point. To handle this, invoke sev_notify_savic_gpa() in Secure AVIC driver's setup() callback. This triggers SVM_VMGEXIT_SECURE_ AVIC_GPA exit for the hypervisor to note GPA of the vCPU's APIC backing page. Hypervisor uses this information to ensure that the APIC backing page is mapped in NPT before invoking VMRUN. Signed-off-by: Kishon Vijay Abraham I Co-developed-by: Neeraj Upadhyay Signed-off-by: Neeraj Upadhyay --- GHCB spec update for SVM_VMGEXIT_SECURE_AVIC_GPA NAE event is part of the draft spec: https://lore.kernel.org/linux-coco/3453675d-ca29-4715-9c17-10b56b3af17e@amd.com/T/#u arch/x86/coco/sev/core.c | 22 +++++++++++++++++ arch/x86/include/asm/apic.h | 1 + arch/x86/include/asm/sev.h | 2 ++ arch/x86/include/uapi/asm/svm.h | 1 + arch/x86/kernel/apic/apic.c | 2 ++ arch/x86/kernel/apic/x2apic_savic.c | 38 +++++++++++++++++++++++++++++ 6 files changed, 66 insertions(+) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index de1df0cb45da..93470538af5e 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1367,6 +1367,28 @@ static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt) return ret; } +enum es_result sev_notify_savic_gpa(u64 gpa) +{ + struct ghcb_state state; + struct es_em_ctxt ctxt; + unsigned long flags; + struct ghcb *ghcb; + int ret = 0; + + local_irq_save(flags); + + ghcb = __sev_get_ghcb(&state); + + vc_ghcb_invalidate(ghcb); + + ret = sev_es_ghcb_hv_call(ghcb, &ctxt, SVM_VMGEXIT_SECURE_AVIC_GPA, gpa, 0); + + __sev_put_ghcb(&state); + + local_irq_restore(flags); + return ret; +} + static void snp_register_per_cpu_ghcb(void) { struct sev_es_runtime_data *data; diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h index 9327eb00e96d..ca682c1e8748 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -302,6 +302,7 @@ struct apic { /* Probe, setup and smpboot functions */ int (*probe)(void); + void (*setup)(void); int (*acpi_madt_oem_check)(char *oem_id, char *oem_table_id); void (*init_apic_ldr)(void); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 79bbe2be900e..e84fc7fcc32a 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -399,6 +399,7 @@ u64 snp_get_unsupported_features(u64 status); u64 sev_get_status(void); void sev_show_status(void); void snp_update_svsm_ca(void); +enum es_result sev_notify_savic_gpa(u64 gpa); #else /* !CONFIG_AMD_MEM_ENCRYPT */ @@ -435,6 +436,7 @@ static inline u64 snp_get_unsupported_features(u64 status) { return 0; } static inline u64 sev_get_status(void) { return 0; } static inline void sev_show_status(void) { } static inline void snp_update_svsm_ca(void) { } +static inline enum es_result sev_notify_savic_gpa(u64 gpa) { return ES_UNSUPPORTED; } #endif /* CONFIG_AMD_MEM_ENCRYPT */ diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h index 1814b413fd57..0f21cea6d21c 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -116,6 +116,7 @@ #define SVM_VMGEXIT_AP_CREATE 1 #define SVM_VMGEXIT_AP_DESTROY 2 #define SVM_VMGEXIT_SNP_RUN_VMPL 0x80000018 +#define SVM_VMGEXIT_SECURE_AVIC_GPA 0x8000001a #define SVM_VMGEXIT_HV_FEATURES 0x8000fffd #define SVM_VMGEXIT_TERM_REQUEST 0x8000fffe #define SVM_VMGEXIT_TERM_REASON(reason_set, reason_code) \ diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index 373638691cd4..b47d1dc854c3 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -1499,6 +1499,8 @@ static void setup_local_APIC(void) return; } + if (apic->setup) + apic->setup(); /* * If this comes from kexec/kcrash the APIC might be enabled in * SPIV. Soft disable it before doing further initialization. diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index 97dac09a7f42..d903c35b8b64 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -9,12 +9,16 @@ #include #include +#include #include #include #include "local.h" +static DEFINE_PER_CPU(void *, apic_backing_page); +static DEFINE_PER_CPU(bool, savic_setup_done); + static int x2apic_savic_acpi_madt_oem_check(char *oem_id, char *oem_table_id) { return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); @@ -61,8 +65,30 @@ static void x2apic_savic_send_IPI_mask_allbutself(const struct cpumask *mask, in __send_IPI_mask(mask, vector, APIC_DEST_ALLBUT); } +static void x2apic_savic_setup(void) +{ + void *backing_page; + enum es_result ret; + unsigned long gpa; + + if (this_cpu_read(savic_setup_done)) + return; + + backing_page = this_cpu_read(apic_backing_page); + gpa = __pa(backing_page); + ret = sev_notify_savic_gpa(gpa); + if (ret != ES_OK) + snp_abort(); + this_cpu_write(savic_setup_done, true); +} + static int x2apic_savic_probe(void) { + void *backing_pages; + unsigned int cpu; + size_t sz; + int i; + if (!cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) return 0; @@ -71,6 +97,17 @@ static int x2apic_savic_probe(void) snp_abort(); } + sz = ALIGN(num_possible_cpus() * SZ_4K, SZ_2M); + backing_pages = kzalloc(sz, GFP_ATOMIC); + if (!backing_pages) + snp_abort(); + + i = 0; + for_each_possible_cpu(cpu) { + per_cpu(apic_backing_page, cpu) = backing_pages + i * SZ_4K; + i++; + } + pr_info("Secure AVIC Enabled\n"); return 1; @@ -81,6 +118,7 @@ static struct apic apic_x2apic_savic __ro_after_init = { .name = "secure avic x2apic", .probe = x2apic_savic_probe, .acpi_madt_oem_check = x2apic_savic_acpi_madt_oem_check, + .setup = x2apic_savic_setup, .dest_mode_logical = false, From patchwork Fri Sep 13 11:36:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13803296 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2044.outbound.protection.outlook.com [40.107.236.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1D5D11D86DC; Fri, 13 Sep 2024 11:38:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.44 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227497; cv=fail; b=MEuNtTZHLCqIFxLushft0eVnTeIhilfpyVRTacSKbyL1kcH0QUT7vDk0V6ZVbsWbMLWkBAcJgDgPwSghGE8EumqNsH0eAUerSC1GTdCD+MVPAgMRoZMaIcxol4js+eYpclCRwEwHiBUP7DbrYbA8YYv/9BdMpBWIc/Q0erGEa7c= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227497; c=relaxed/simple; bh=q8u3We2VLkPF/lz36iDTTedNi5w4bbEGcgaDaql0+y0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=td38eR9QlpVfLNUy0j/kQ0x3Yz3QQAenZtMTeAlKYxnoAms95kwaq+aq3VOVCmcoas6cuXVvI3RPsWxOSNEFZ47HF2buDcjeqoJwJTWCHOtnzqDj2CvJDQIL+PBy/jUESuFze2FjUZ/sKh/018GgwEalZxnw0OLMh6JGm5P+QBk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=bUUmJE8n; arc=fail smtp.client-ip=40.107.236.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="bUUmJE8n" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=xvo+vwwgwBJIeIU/SyZTVIr8zDttXCR9aekpfrp0hdPCbvkAtUP5bJb0Wfg7RBU1T2J4VfdM494lU5rBSFSez/CYuN/zMoH/L/j6MWDCaL5mjTsCO8elwCLhxpWAAvCMAWM5wGtv5lshSLJw3huQobL1+d49NG92LTQimm65Usm8T/VvB1ALb0uN6+wRR8CenXLwk8zHtSM9o50me2/4v/I3qsLumJUKlsvztMfyRrdEF24B0WQpbPrRcUCLFk98v9K7y+ORXI5OGwXTvwsFug9ZbQknCbI9FRRmrZoaLoqbz0iQH3zgvuN4UtVjchAAYIEv2B4j7khbvwWf0Loi+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dI4RnNYDa8AEATzqojqiA/fNQIL6jNQN7KLJKpDRQs0=; b=dcCUkFi6/ht5fVdDcelojGZiLnboKklgJD/ytWN5/OGQSot1lGYj8gYjpQn5zEcPPKY5Oi5dMJ2Yg52L9Mo0lvts4qcVx3+opMHOM2S51ck0/KOJyTcoiWJk5uRKCXExOZBUppFNp1TOxwcnpc2TpqSTCqtRPAUPqQgDIk6VNretIsgLTSRsH75mDCqpclxyhI/HOOomxI7LX5UiBgKJY/JWrro3fYTAaREK4P0QjHVTe+muYkfVzNnGcBq0iQOPZcLhnMDwwfAlmcwZ03BuPknHBoLtO4Cwyuw4t1F6db2TUF3oXNc/OhiNWFnvIfhz8KWSABn3WMrCJyOWrN7W5g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dI4RnNYDa8AEATzqojqiA/fNQIL6jNQN7KLJKpDRQs0=; b=bUUmJE8nuQttUrIyEqb4XNwFlp+7W7rExhPGnBc6M7lNxof0SlGiMNChkHRWB033zFhtPp4StyrXgxbHQ61WxdJnWHr51GyksputWV6nn/BPdUEDu9AsUqKC3Qn3j3sN34wVOQLuysrh8rMIuUWQJKvmnmMyFyrunmf5hJ4sELM= Received: from CH0PR04CA0056.namprd04.prod.outlook.com (2603:10b6:610:77::31) by SJ2PR12MB8160.namprd12.prod.outlook.com (2603:10b6:a03:4af::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25; Fri, 13 Sep 2024 11:38:12 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:610:77:cafe::c3) by CH0PR04CA0056.outlook.office365.com (2603:10b6:610:77::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.26 via Frontend Transport; Fri, 13 Sep 2024 11:38:11 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Fri, 13 Sep 2024 11:38:11 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 13 Sep 2024 06:38:06 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , Subject: [RFC 03/14] x86/apic: Populate .read()/.write() callbacks of Secure AVIC driver Date: Fri, 13 Sep 2024 17:06:54 +0530 Message-ID: <20240913113705.419146-4-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> References: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|SJ2PR12MB8160:EE_ X-MS-Office365-Filtering-Correlation-Id: e3272934-8d9f-4c34-6975-08dcd3e88c18 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|36860700013|82310400026|7416014|1800799024; X-Microsoft-Antispam-Message-Info: juJCZDOAHjyYhUSjDbqphNFJSRl5aBAsQUK2aVyxJ9r007SI7CnjdRV71SpW/5na2YOn2ElxganPBOi8bgOBzXY07imHVUjUsr5YKdms5BY86ESWvZwh0RqkYtGwF5rNDxj7KbzzotlvtGiHrd+0JZ6KXXuTflZMwRG0W/bT7TCmEq9W+mXHrEB/pbPDpo4WBoBXQ3FgkXGdBBi2lfvR+/Tv0n8W+Yqu+MSQxhiGoQDGnY0+Q7oI2Qo0NGJ260p84OQLYf+vQ5SYONTdPQ9aTdaTzNbb4ul0cpdlHTCB5e1ijSm2zlQmz90qgDEA9NyZmHtnXeMGb04Bo7SgLq10L+BNn69vf40VxFsgB/8d+hliMcuX8WKxuXxFex261G30b1pZa+g+5FyYRzduiur5BpJr0wk0GFPOZ8nJcwl6SwD0ZH7H1dKOuOkZW5eLSVuiFbpi+a007KJHcsu73gmd4nlpEkLt/K29euS6Wz6Uthm5EsDUAfu/3ToP4/tIPY5b3dn4YGWoZjqbAq120hzehRdQBnlRA3H05RgKt61pXlfN7g+J01UcmA+6gTxy26FOaXX/mq9E6nhmGkxymkqQ9FDIDXjZvqZodaXQRg3yRs+8vgWI8/cfftdQWi6x9O9U3d/Z6LNed58v80KurdQnxqievI6aQWTHKJ+BGXDE/ST65t1f+k+oOhuzeE8U/tY2r0igvHJVnzOSi7sghDrfXcGmzU6C9BVIg5+Qkufsxl1azijEnK+HJMJHCcMWn91SgLtfsZd6TAmOJ9RzPgbt0XdDaEsEGAptCvraCYyviIEtalApHLheyfQ7PGcCeF0QEriDVCXxflN0/+uGyk4pK3nLmqmpFHjcaVdlIMKxHw21HdVHq63yaRPYXs02HOaLc7wnbs4wtYwA1vByrNeZwJOe7P4dQvul0JwRCYu5EIzlljHuhQoI0NT+rshSv3i1jvi1wJQoJIXIDn+WCVclD9IiaA/gJP9WRE71gtsp/ZYH24YXsn850iUSHNelQLdXfcP5wflc/FoUa2jgrBP1jyjlvVEFYpZV1LngNKA2u4C4WFdYdo/GFSaunMJNiO39ADgqgxfNxtLsTwgtV3aXQlXGNY0gHnpCCAD9eJjKp2ki+R4OT9x2sGJKMKodcWynl5bKomw1XKuhnsGwrAJo+KdNkdKmcW5+IZCG1YTmNiCNxZSTYvfd8okrdEr2VhUupO1hGoiFTlxkKzs6t8fuALai+dRHh04YS16b/nJckZfyceU+UxaXA3gT3o9CiI4JR5e49yw9b2UrK/k0OoKqohVcdbhbQsfcENGVAu5ipEXMI6bKdqMn0hwB+v62xpc/5EufoAJqLiaM5Y/jAT5pEjSgXAGSTbVrcfLKYv3215nyd/nAcwY9NTaejkCfILw/7jQTLN5t0WHiHvhk0/cA6pHtSFlAWusYdkD+vHa3Wzk69MV4lcgROIfEjkh2eGhv X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(36860700013)(82310400026)(7416014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2024 11:38:11.4957 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e3272934-8d9f-4c34-6975-08dcd3e88c18 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB8160 The x2APIC registers are mapped at an offset within the guest APIC backing page which is same as their x2APIC MMIO offset. Secure AVIC adds new registers such as ALLOWED_IRRs (which are at 4-byte offset within the IRR register offset range) and NMI_REQ to the APIC register space. In addition, the APIC_ID register is writable and configured by guest. Add read() and write() APIC callback functions to read and write x2APIC registers directly from the guest APIC backing page. The default .read()/.write() callbacks of x2APIC drivers perform a rdmsr/wrmsr of the x2APIC registers. When Secure AVIC is enabled, these would result in #VC exception (for non-accelerated register accesses). The #VC exception handler reads/write the x2APIC register in the guest APIC backing page. Since this would increase the latency of accessing x2APIC registers, the read() and write() callbacks of Secure AVIC driver directly reads/writes to the guest APIC backing page. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- arch/x86/include/asm/apicdef.h | 2 + arch/x86/kernel/apic/x2apic_savic.c | 107 +++++++++++++++++++++++++++- 2 files changed, 107 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/apicdef.h b/arch/x86/include/asm/apicdef.h index 094106b6a538..be39a543fbe5 100644 --- a/arch/x86/include/asm/apicdef.h +++ b/arch/x86/include/asm/apicdef.h @@ -135,6 +135,8 @@ #define APIC_TDR_DIV_128 0xA #define APIC_EFEAT 0x400 #define APIC_ECTRL 0x410 +#define APIC_SEOI 0x420 +#define APIC_IER 0x480 #define APIC_EILVTn(n) (0x500 + 0x10 * n) #define APIC_EILVT_NR_AMD_K8 1 /* # of extended interrupts */ #define APIC_EILVT_NR_AMD_10H 4 diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index d903c35b8b64..6a471bbc3dba 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #include @@ -24,6 +25,108 @@ static int x2apic_savic_acpi_madt_oem_check(char *oem_id, char *oem_table_id) return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); } +static inline u32 get_reg(char *page, int reg_off) +{ + return READ_ONCE(*((u32 *)(page + reg_off))); +} + +static inline void set_reg(char *page, int reg_off, u32 val) +{ + WRITE_ONCE(*((u32 *)(page + reg_off)), val); +} + +#define SAVIC_ALLOWED_IRR_OFFSET 0x204 + +static u32 x2apic_savic_read(u32 reg) +{ + void *backing_page = this_cpu_read(apic_backing_page); + + switch (reg) { + case APIC_LVTT: + case APIC_TMICT: + case APIC_TMCCT: + case APIC_TDCR: + case APIC_ID: + case APIC_LVR: + case APIC_TASKPRI: + case APIC_ARBPRI: + case APIC_PROCPRI: + case APIC_LDR: + case APIC_SPIV: + case APIC_ESR: + case APIC_ICR: + case APIC_LVTTHMR: + case APIC_LVTPC: + case APIC_LVT0: + case APIC_LVT1: + case APIC_LVTERR: + case APIC_EFEAT: + case APIC_ECTRL: + case APIC_SEOI: + case APIC_IER: + case APIC_EILVTn(0) ... APIC_EILVTn(3): + return get_reg(backing_page, reg); + case APIC_ISR ... APIC_ISR + 0x70: + case APIC_TMR ... APIC_TMR + 0x70: + WARN_ONCE(!IS_ALIGNED(reg, 16), "Reg offset %#x not aligned at 16 bytes", reg); + return get_reg(backing_page, reg); + /* IRR and ALLOWED_IRR offset range */ + case APIC_IRR ... APIC_IRR + 0x74: + /* + * Either aligned at 16 bytes for valid IRR reg offset or a + * valid Secure AVIC ALLOWED_IRR offset. + */ + WARN_ONCE(!(IS_ALIGNED(reg, 16) || IS_ALIGNED(reg - SAVIC_ALLOWED_IRR_OFFSET, 16)), + "Misaligned IRR/ALLOWED_IRR reg offset %#x", reg); + return get_reg(backing_page, reg); + default: + pr_err("Permission denied: read of Secure AVIC reg offset %#x\n", reg); + return 0; + } +} + +#define SAVIC_NMI_REQ_OFFSET 0x278 + +static void x2apic_savic_write(u32 reg, u32 data) +{ + void *backing_page = this_cpu_read(apic_backing_page); + + switch (reg) { + case APIC_LVTT: + case APIC_LVT0: + case APIC_LVT1: + case APIC_TMICT: + case APIC_TDCR: + case APIC_SELF_IPI: + /* APIC_ID is writable and configured by guest for Secure AVIC */ + case APIC_ID: + case APIC_TASKPRI: + case APIC_EOI: + case APIC_SPIV: + case SAVIC_NMI_REQ_OFFSET: + case APIC_ESR: + case APIC_ICR: + case APIC_LVTTHMR: + case APIC_LVTPC: + case APIC_LVTERR: + case APIC_ECTRL: + case APIC_SEOI: + case APIC_IER: + case APIC_EILVTn(0) ... APIC_EILVTn(3): + set_reg(backing_page, reg, data); + break; + /* ALLOWED_IRR offsets are writable */ + case SAVIC_ALLOWED_IRR_OFFSET ... SAVIC_ALLOWED_IRR_OFFSET + 0x70: + if (IS_ALIGNED(reg - SAVIC_ALLOWED_IRR_OFFSET, 16)) { + set_reg(backing_page, reg, data); + break; + } + fallthrough; + default: + pr_err("Permission denied: write to Secure AVIC reg offset %#x\n", reg); + } +} + static void x2apic_savic_send_IPI(int cpu, int vector) { u32 dest = per_cpu(x86_cpu_to_apicid, cpu); @@ -140,8 +243,8 @@ static struct apic apic_x2apic_savic __ro_after_init = { .send_IPI_self = x2apic_send_IPI_self, .nmi_to_offline_cpu = true, - .read = native_apic_msr_read, - .write = native_apic_msr_write, + .read = x2apic_savic_read, + .write = x2apic_savic_write, .eoi = native_apic_msr_eoi, .icr_read = native_x2apic_icr_read, .icr_write = native_x2apic_icr_write, From patchwork Fri Sep 13 11:36:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13803297 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2063.outbound.protection.outlook.com [40.107.223.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 88C3A1D86D8; Fri, 13 Sep 2024 11:38:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.63 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227517; cv=fail; b=WNZ4NfYuhVinP4SCemJI7GqR+I0mK13zOMwvuckKpArmZHKg+BvSDROMYLJ+foo5Ym/6U5tk+yE3587HipHE7Aj1vBJgBV65wb95oj/awInj1GvZogttSED7T1GyWDkSd5c67awYfPm3lrv0AsTsOhGkSttcmjglabrIy/GOU/0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227517; c=relaxed/simple; bh=/g80h7m1trobD5qpOSBjyHmZTGda5QBtre431gxqujE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=MdzEBNR2s/G4WJCz3ATs4eS8Y+8UsybJ/itgAwd/BZVeNtZv3QS62BaL7jThQrcWgzVBylnQZ01bVeTzJ3ZtlP8hJ8giITSkh/NYC6e1LDFVqx/v82AdHdDFxJcCgL+rK37L+ppynmb97mm0FURDudCpdsA3bX1EaftyuP+O/zY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=j4lHiMo6; arc=fail smtp.client-ip=40.107.223.63 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="j4lHiMo6" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dI4sQtCMmb29l1FQqP0llQh+FGbJIiaxxLTIRvqoNEhwqnXSSm1K83wbIxTl856S1v3iVfzrA7IQRLRNiV8JlxHC+BSXw9mRSW5uUCxob/6A3ds/Le21c8fgMWCIb+hrNTcUly+++zLKCo6y4wYRtuafNoh1R8rpUYMHa4OmjRJjCgEXaqbYxuPFIh3KtDdaI1zkUXfJh0AxUZ3MmeoCuJwNKNYTi9f4E3NWwvgR5aXUea3YwQA07osFC7ZQGP6cWpF4uQH9uAAO6BbnDLi8EjdrsRj7/FBy79i2Q1g9vqteQDOuOK9z4XLjU8+zK1pnBhZ/TFmVenCcCO9wBO0FUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=p45UyZLAMepyQCNoiAwbVCYaoRz41qRisYaMzUm/ERc=; b=OFKPvdmEDZ+eHk4Cvw89Yr4FB9KJ2zXDFP1nvwtuXNwwKuSrFKoA1EvvgNMjozVhivKyoWi62pFVZuEy1kt/twlgRYpsCWkzZ1JupXQsMCU7dsjki1cgb7IZqCNIKwdzjsiDoUQ/mqZdWQTou3jTkVUMS/IZFSb6BHN7nk+/C2MXp/YELCvKc8Azv6RNIlHOsGS0VNJiWp6s/CenfdxEnOOeeJV/VhMapkPO9ajvMGKvtiNuMOAr7h/w0eM/ljSpdqiXBfM14rkBsBiirdJmu0wKhWXLAZ3KCakoCsZ/77gXoBkQOTLha2SX3xtercNbasx6PSQqMsAJQXDsfzlj4A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p45UyZLAMepyQCNoiAwbVCYaoRz41qRisYaMzUm/ERc=; b=j4lHiMo6VN0Gaoxt6YjqoGacXDAH1oabuSZjJh4H7XJ5IcPWMg/sK+27PA+Irg+8xbF2AHIv48LQJzFJqDZq9V8NHZ5BDDr+LoVRysofGdsqOMHVP9wgX+8WsWw7M1uJzOmMMo2uovu/KnDnGse8GnRRTLA+yKztdwnZCYmceTQ= Received: from CH2PR12CA0022.namprd12.prod.outlook.com (2603:10b6:610:57::32) by SJ0PR12MB5612.namprd12.prod.outlook.com (2603:10b6:a03:427::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.18; Fri, 13 Sep 2024 11:38:31 +0000 Received: from DS3PEPF000099DF.namprd04.prod.outlook.com (2603:10b6:610:57:cafe::46) by CH2PR12CA0022.outlook.office365.com (2603:10b6:610:57::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25 via Frontend Transport; Fri, 13 Sep 2024 11:38:30 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DF.mail.protection.outlook.com (10.167.17.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Fri, 13 Sep 2024 11:38:30 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 13 Sep 2024 06:38:24 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , Subject: [RFC 04/14] x86/apic: Initialize APIC backing page for Secure AVIC Date: Fri, 13 Sep 2024 17:06:55 +0530 Message-ID: <20240913113705.419146-5-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> References: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DF:EE_|SJ0PR12MB5612:EE_ X-MS-Office365-Filtering-Correlation-Id: 440f955e-b486-41b0-f0ea-08dcd3e8976c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|82310400026|376014|7416014; X-Microsoft-Antispam-Message-Info: WJadrVW48/os7KavrPYcLShiyHdxXrpEi0in1ZTyTAkW3jcVh9+9TIkAPKEEl/PG6LFsn719ax3IgB4jkfsIt+lSqxsclfB9ughhIIeatkPxWL0YO5JBMALovCcrHo+HZHPOZHV5FVgVtF2VsCkM97LFXXZfNwmVeNizV3vdgwYG8YDcwVOS79lRmzG6pz1lGqv+oJEZR8h1H7/1hieWobJ5mF+7C0Wd6qkuzXtvxXNiC3TG19LfxshJDcg8uTrwDh2gD3RiRSY1rxieYW86b6GpyUoNMzeJlXaDQcFLhL+P/3sJ2nlBwg+IWoB812KzhXD8NCaNXHVR4uYqVyUBY11lx24DBx/0DUHTfM7ZJNeo50jDlaMKaUHo+AZ+1loKCwdwNaSnGd2DNgsxBFzMSGt2aSk/nnREwBZhprUuFYUR63zVx1tG+HSp0PcwPsuW86QKDuacCes9vY0gvUnCKgHzJTvEtXWooYJQIcBYTKMKuYLyYFrOFOZOulyXNXz7x2AeQMeh7rjsIYaze0al60Q93C3bq3xH8/C4h0dEBFbTdpGZHcdBtlLRet0JPUbo+Ya6FFXQQVC9PoJlZYVxRf+zy0gABCUdbTa5WjQajcCW7vgPvVGMMSqcip1u+cOEAnOtDHqCV9qF2ix0KY0QFdweRPBB/cJ0zbMEw0wwJC0XdYoXblfd/nzJ/K+AVTf/CHrennUOeQQRuOcoYz1i3h/oOHLuWNCOgtsivKi40bRrnEZ/tqvxamfjmQBgxxSbdCY+n+MwbGMN8w7/lSeoSaVJUn3Div1HjkJyL1NYxceaEGAf0y8bDnZsYcMMqzXgVgeyDxpFI5mMrqbQAK4Bl93ypuBAtxJDUU7w7nrSESvuuJtvhNYIq7B6QU59wMhFWbXVy/xYna8uqyfFSNCLTuFqdxc1BN1TRte5EJqL5CTXHPMJOZihvY8Fc/iO8n7RewabctoAa6QUodGbAYREEDBD5XRBUKOHepy+b5NNAw29YOqI952jWnKUy/iTZAxSUBhBnjP6HlhRsFsLf3yA+q8sZxDuvGN/OoRE3hrsSYEDHypn1yq5VUpQvgc+k5PqLTv3Vg77VCELJmq6pQUhF1LjxZL2cFI4hlj+2md5+o1b4SRlKyIzXg5XpS12y6Y++daDcZFt5Br3OKp7B4crl0yavxNBEbAA7QZOSv0d4OSYJgblwNq4XzomJpJ/ndvtfVYZS1RDkw4MCnoSmncciyVCN1QKrkf+TVffKJLLVuoU6H3ZHl6Yer+Y8SSUtGa30scqeUM24HJyPiJQnS/0K7j1Vpf6O41xtoLseLkIgZYTfKtvuVANM+TGuzfMDj6JFlO9pgyhEv8vXHuAWRmn50dkN585B2A8AUMtUHZj7wY3VEQ6w8e7AeXg9zRprctNAZfSkQatiSOdgPLpBOnW1ZeonnTzIc3mfKaqGmaS8XHrfJS7JGb0fvEmna+szsUh X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(82310400026)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2024 11:38:30.4577 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 440f955e-b486-41b0-f0ea-08dcd3e8976c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DF.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR12MB5612 From: Kishon Vijay Abraham I Secure AVIC lets guest manage the APIC backing page (unlike emulated x2APIC or x2AVIC where the hypervisor manages the APIC backing page). However the introduced Secure AVIC Linux design still maintains the APIC backing page in the hypervisor to shadow the APIC backing page maintained by guest (It should be noted only subset of the registers are shadowed for specific usecases and registers like APIC_IRR, APIC_ISR are not shadowed). Add sev_ghcb_msr_read() to invoke "SVM_EXIT_MSR" VMGEXIT to read MSRs from hypervisor. Initialize the Secure AVIC's APIC backing page by copying the initial state of shadow APIC backing page in the hypervisor to the guest APIC backing page. Specifically copy APIC_LVR, APIC_LDR, and APIC_LVT MSRs from the shadow APIC backing page. Signed-off-by: Kishon Vijay Abraham I Co-developed-by: Neeraj Upadhyay Signed-off-by: Neeraj Upadhyay --- arch/x86/coco/sev/core.c | 41 ++++++++++++++++----- arch/x86/include/asm/sev.h | 2 ++ arch/x86/kernel/apic/x2apic_savic.c | 55 +++++++++++++++++++++++++++++ 3 files changed, 90 insertions(+), 8 deletions(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 93470538af5e..0e140f92cfef 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1331,18 +1331,15 @@ int __init sev_es_efi_map_ghcbs(pgd_t *pgd) return 0; } -static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt) +static enum es_result __vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt, bool write) { struct pt_regs *regs = ctxt->regs; + u64 exit_info_1 = write ? 1 : 0; enum es_result ret; - u64 exit_info_1; - - /* Is it a WRMSR? */ - exit_info_1 = (ctxt->insn.opcode.bytes[1] == 0x30) ? 1 : 0; if (regs->cx == MSR_SVSM_CAA) { /* Writes to the SVSM CAA msr are ignored */ - if (exit_info_1) + if (write) return ES_OK; regs->ax = lower_32_bits(this_cpu_read(svsm_caa_pa)); @@ -1352,14 +1349,14 @@ static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt) } ghcb_set_rcx(ghcb, regs->cx); - if (exit_info_1) { + if (write) { ghcb_set_rax(ghcb, regs->ax); ghcb_set_rdx(ghcb, regs->dx); } ret = sev_es_ghcb_hv_call(ghcb, ctxt, SVM_EXIT_MSR, exit_info_1, 0); - if ((ret == ES_OK) && (!exit_info_1)) { + if (ret == ES_OK && !write) { regs->ax = ghcb->save.rax; regs->dx = ghcb->save.rdx; } @@ -1367,6 +1364,34 @@ static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt) return ret; } +static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt) +{ + return __vc_handle_msr(ghcb, ctxt, ctxt->insn.opcode.bytes[1] == 0x30); +} + +enum es_result sev_ghcb_msr_read(u64 msr, u64 *value) +{ + struct pt_regs regs = { .cx = msr }; + struct es_em_ctxt ctxt = { .regs = ®s }; + struct ghcb_state state; + unsigned long flags; + enum es_result ret; + struct ghcb *ghcb; + + local_irq_save(flags); + ghcb = __sev_get_ghcb(&state); + vc_ghcb_invalidate(ghcb); + + ret = __vc_handle_msr(ghcb, &ctxt, false); + if (ret == ES_OK) + *value = regs.ax | regs.dx << 32; + + __sev_put_ghcb(&state); + local_irq_restore(flags); + + return ret; +} + enum es_result sev_notify_savic_gpa(u64 gpa) { struct ghcb_state state; diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index e84fc7fcc32a..5e6385bfb85a 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -400,6 +400,7 @@ u64 sev_get_status(void); void sev_show_status(void); void snp_update_svsm_ca(void); enum es_result sev_notify_savic_gpa(u64 gpa); +enum es_result sev_ghcb_msr_read(u64 msr, u64 *value); #else /* !CONFIG_AMD_MEM_ENCRYPT */ @@ -437,6 +438,7 @@ static inline u64 sev_get_status(void) { return 0; } static inline void sev_show_status(void) { } static inline void snp_update_svsm_ca(void) { } static inline enum es_result sev_notify_savic_gpa(u64 gpa) { return ES_UNSUPPORTED; } +static inline enum es_result sev_ghcb_msr_read(u64 msr, u64 *value) { return ES_UNSUPPORTED; } #endif /* CONFIG_AMD_MEM_ENCRYPT */ diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index 6a471bbc3dba..99151be4e173 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include @@ -20,6 +21,19 @@ static DEFINE_PER_CPU(void *, apic_backing_page); static DEFINE_PER_CPU(bool, savic_setup_done); +enum lapic_lvt_entry { + LVT_TIMER, + LVT_THERMAL_MONITOR, + LVT_PERFORMANCE_COUNTER, + LVT_LINT0, + LVT_LINT1, + LVT_ERROR, + + APIC_MAX_NR_LVT_ENTRIES, +}; + +#define APIC_LVTx(x) (APIC_LVTT + 0x10 * (x)) + static int x2apic_savic_acpi_madt_oem_check(char *oem_id, char *oem_table_id) { return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); @@ -35,6 +49,22 @@ static inline void set_reg(char *page, int reg_off, u32 val) WRITE_ONCE(*((u32 *)(page + reg_off)), val); } +static u32 read_msr_from_hv(u32 reg) +{ + u64 data, msr; + int ret; + + msr = APIC_BASE_MSR + (reg >> 4); + ret = sev_ghcb_msr_read(msr, &data); + if (ret != ES_OK) { + pr_err("Secure AVIC msr (%#llx) read returned error (%d)\n", msr, ret); + /* MSR read failures are treated as fatal errors */ + snp_abort(); + } + + return lower_32_bits(data); +} + #define SAVIC_ALLOWED_IRR_OFFSET 0x204 static u32 x2apic_savic_read(u32 reg) @@ -168,6 +198,30 @@ static void x2apic_savic_send_IPI_mask_allbutself(const struct cpumask *mask, in __send_IPI_mask(mask, vector, APIC_DEST_ALLBUT); } +static void init_backing_page(void *backing_page) +{ + u32 val; + int i; + + val = read_msr_from_hv(APIC_LVR); + set_reg(backing_page, APIC_LVR, val); + + /* + * Hypervisor is used for all timer related functions, + * so don't copy those values. + */ + for (i = LVT_THERMAL_MONITOR; i < APIC_MAX_NR_LVT_ENTRIES; i++) { + val = read_msr_from_hv(APIC_LVTx(i)); + set_reg(backing_page, APIC_LVTx(i), val); + } + + val = read_msr_from_hv(APIC_LVT0); + set_reg(backing_page, APIC_LVT0, val); + + val = read_msr_from_hv(APIC_LDR); + set_reg(backing_page, APIC_LDR, val); +} + static void x2apic_savic_setup(void) { void *backing_page; @@ -178,6 +232,7 @@ static void x2apic_savic_setup(void) return; backing_page = this_cpu_read(apic_backing_page); + init_backing_page(backing_page); gpa = __pa(backing_page); ret = sev_notify_savic_gpa(gpa); if (ret != ES_OK) From patchwork Fri Sep 13 11:36:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13803299 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2066.outbound.protection.outlook.com [40.107.212.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A37521D86F0; Fri, 13 Sep 2024 11:38:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.66 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227534; cv=fail; b=aO7lW1IiHJToVSrGGVQ7bQsjjFCngfEDSg/C4TdnOo6CuDtLxo+c6g8DxnAiqwh0MmoW/y2r1LsHpGyWRTEKSnzqv5KibtU6qta1B7MsjTN/Gm5vyYwsa6BmrMfILllTr1xhOioFtRIID5xeCBNrQN7yR+uOR1Ow/Qw90mCkEsE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227534; c=relaxed/simple; bh=688OwTuSKRUrr+niWsRX47KaQUr+at/gFIaoZaLdDIU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=LQFGi1LSF6A9niKnHOG/vybKT1eftJ/gH1uL9EDkAFdvvgxIporTkMwqw2AfsdUVFi3GhN//xiaNaVowTBQhPqZkxCGfDrSl3XIN06e8HBczyX0LwebphRURXorq+Fib9umkxngbYjU6tZ+iJUi/Q7miOYrnN6C8xj4+eFcFT04= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=IzsvzCL0; arc=fail smtp.client-ip=40.107.212.66 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="IzsvzCL0" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=VYqIFRWiw6SD5cgc0qVdvQ1aZxsFfuWQWXRg/3WLk+n6kRSuITikawAxSAYa42KH2rlsMcO2yMpLidYxn4Q9DZFUdGq6l2HA7fpL0WAy1CRhcDmctY30gAV9CJKccduO2Qazofq1qAS2YwtMQscFJUbseH4mTAtBuZo5Fs1Ts98MQ0y5R1JS27ANpbZpo3lbdxy5aS3I3jVVUiZevgq5he3mdGRfGEmnoHf34fLqSVEZfJRKyobxkRUNIZtUapZ+Bb1DfqSL0ngGL9Bu4dEyQupBjkNFvngS38PwyYRiYYg7JxRsEoQoClcwYqeaLAkUNggEuIy2OM8J5Lpgmbzlkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FSrkFnyDES4wibsgsbditU1xGjgk9SHYJpltoDLO7Ts=; b=tt09BnYMutR3U//EQh7UH5PbFq07MPv47C4YZaXL/W2TuFeuIn/cfPvpNe897/UDjQPwZpfa1SGWiwOX9wlxQ2xqKp6DYXCrXTPSFoxkHNX00d9QKrwgCl6NxACP+O0QIEce9ybt+Pl7+CdMJ97WWFcqCdak0Mkj+WzBqTnonEvdagS8n3CpN0f9byHJLm7Yqh0aETsRlv7zu18/9f3PJtZNA1xgGHozHm5tV473sLq9W9Q8Grr++GBnF7AOj3ECO8o+IjKyxrt9VVE1rvfhaxqbx3W8DPgGC6xW6UaP8xCWYXL5BDFr17uVKuhpinxNvW7tZbl4kiITPbJi2DWGgg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FSrkFnyDES4wibsgsbditU1xGjgk9SHYJpltoDLO7Ts=; b=IzsvzCL0XjeglSSvhxQsCla7Aeir6HEQsc6Ih3eb7sxnRLownmfZFo8/F/rP1YZFXvjgaUiYn8PiyfpRzedsaXPL95YBjFD9O4Pa42yR4/k+a8eTi+D1MekiPUoek6J8KzkI+XN4ZDRZx+m4YFW0ED+WzyaXszhCr5hHCHMi8LI= Received: from DS7PR05CA0060.namprd05.prod.outlook.com (2603:10b6:8:2f::13) by SA0PR12MB4432.namprd12.prod.outlook.com (2603:10b6:806:98::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.18; Fri, 13 Sep 2024 11:38:48 +0000 Received: from DS3PEPF000099E1.namprd04.prod.outlook.com (2603:10b6:8:2f:cafe::5) by DS7PR05CA0060.outlook.office365.com (2603:10b6:8:2f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Fri, 13 Sep 2024 11:38:47 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E1.mail.protection.outlook.com (10.167.17.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Fri, 13 Sep 2024 11:38:47 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 13 Sep 2024 06:38:42 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , Subject: [RFC 05/14] x86/apic: Initialize APIC ID for Secure AVIC Date: Fri, 13 Sep 2024 17:06:56 +0530 Message-ID: <20240913113705.419146-6-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> References: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E1:EE_|SA0PR12MB4432:EE_ X-MS-Office365-Filtering-Correlation-Id: 9dc23e07-6566-449a-f0c9-08dcd3e8a1bd X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|1800799024|36860700013|82310400026|376014; X-Microsoft-Antispam-Message-Info: Ddvp8ogxlUZrQYqr3WOVBKGUFPmiFhQyErXU3n14CGCjZCyr0ZO3iFzoQT6upPZRXFcv7H6zE6WTjKXnd1y9Z+sEivRM7ctTqJHnGi1sXzrI5jzft81X4k0b9CQ8WxXZC/PFUgmEHl82oIVt2oNHLbEk4nYc7w6PQaiQQ4fnKcZ2g9cZTaUg1jrm2SCNuyuEpC7Hh2bADLDHNyDV8XOFH0PRMZACRlYgrioC3kTjLP+FiGtDn88iZ+DsXK3shZV604yjjWVdVK3WQUaxiodsRdHR6op5wf+RBQ40oZFr61oWmjt9e7R99PWf0Rk7adLR+I4tm5u2rJYutW43N3HiuZPUMq9Oxxcyzx4DdXU+eUotHFq/OP3E2loQ4B3WIeIASTvVEY1f2Pz0eaJTLaDIEBoMlnlMAT9ggJFgZ0yi9TwqPUWjHlL6KU8Yc6PpMWOaFJI1U76Ov7IuT64/tIbAeKNJFdGsv4GwUhrMh51afYr6SFYdC1iVHi9T5xNGkjp7QB6ZIO5J4ZCbmtEKgbPjhUMxbSjDFyoFkNb/DodcMhwGJYy8OBpkN8YPr4ISx2MpBuWcaAv5KycQVm2q0+NBW7uDWo3G4t3aQFbjmXsz4e3jCgxV6+QPlmT8BcQxfac1ZeOmqMBX5wVpRkC8iY03qiQKQGGgJZzUljYbpAOS1R0qGIo0XPCdA3Oj0hB6iehjCgK+DfEVjRjyHZWBYzTfv7IgVMICZ24+QWT1DpbkY9ZPxWA2wnK8mNwgxDMketcbPTy3iufa7V9j9UtMOv5AEL+vrlA0nU37cjx/+X3evQj5f+BnBEh3T8s4apReF4GlyyUnpboMZlsoArAqDaT+GOAdPCk11BDdEqIhHnXYHUAmpquX6m6LbClS8lACt7hVArtAwlfXqVWgs045tvu/HNI2dpXo+tQEDIWqPQmXF7RMxQtm5kc0voJKYzT25k6m2KeHQfffuqqbyLiQY74zJ7IDaftY/KrVIak7gaLxl6BjCvQEB/Mgp4w1uWKqrNEn6lREaKxgVUZ6h+LTZGTKMwgyD/9GosFuvRs+ZWCYGk4b1zkTEuBJJ1d9Ahgj7tMD5oFa2IwJA9cr7IGE8d+VLBpBwdaWh5I70grV8Khwcmin2n2aogwznODra21quNJzLIJf53WXGx4YoKUAW5BekfAXGI8q0Ap/mQAwsiGUE7tBnnLEILZ/Tb7nIcha4kkZpR9m4pWls07N19uN5242fKGSTOtjp9WsMXMAD2jLWFWnl6uZlC1gtmqnptTpvikuQNSQHnDkfCWNgwqZ9ENjdCJVVZOnHY497JVbBft7+csrzzPm/RP/PPVzjsM8VnZDATckTqLPTPxxYjR5o83cKLZTYghe6KIIWsxGh4UWoHfCz+nBBYRw2NGXZ5gMrd5qCn0lPPFqKEXvN52kFjiIjQKNU2S3L3s6oZmhej+hrJcOxH5BrCZd1gfiAYaHGvHe X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(1800799024)(36860700013)(82310400026)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2024 11:38:47.8127 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9dc23e07-6566-449a-f0c9-08dcd3e8a1bd X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E1.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4432 Initialize the APIC ID in the APIC backing page with the CPUID function 0000_000bh_EDX (Extended Topology Enumeration), and ensure that APIC ID msr read from hypervisor is consistent with the value read from CPUID. Signed-off-by: Neeraj Upadhyay --- arch/x86/kernel/apic/x2apic_savic.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index 99151be4e173..09fbc1857bf3 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -14,6 +14,7 @@ #include #include +#include #include #include "local.h" @@ -200,6 +201,8 @@ static void x2apic_savic_send_IPI_mask_allbutself(const struct cpumask *mask, in static void init_backing_page(void *backing_page) { + u32 hv_apic_id; + u32 apic_id; u32 val; int i; @@ -220,6 +223,13 @@ static void init_backing_page(void *backing_page) val = read_msr_from_hv(APIC_LDR); set_reg(backing_page, APIC_LDR, val); + + /* Read APIC ID from Extended Topology Enumeration CPUID */ + apic_id = cpuid_edx(0x0000000b); + hv_apic_id = read_msr_from_hv(APIC_ID); + WARN_ONCE(hv_apic_id != apic_id, "Inconsistent APIC_ID values: %d (cpuid), %d (msr)", + apic_id, hv_apic_id); + set_reg(backing_page, APIC_ID, apic_id); } static void x2apic_savic_setup(void) From patchwork Fri Sep 13 11:36:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13803300 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2078.outbound.protection.outlook.com [40.107.92.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD72A1D86EB; Fri, 13 Sep 2024 11:39:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.78 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227552; cv=fail; b=B0o9SlfNL0/AuOMkraEAThz9imNQ3C2XCZ7Pi2NbMse8RaSVcWY/80hD2b7RWe6ERiLTyMFSZGbHZllCGMY8OxlU+5JfG3VjWPksXuRlwUUNHzGFwUBPt4/aml2gsw9HJ0XSdpUaY/BkBg9+HpL//DzQXGvyKVeJHXl2StLfPDo= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227552; c=relaxed/simple; bh=tJbvzSSRKhS9PL3f/UFbtIBGX+D4lbmX65DyCvIlVms=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=rw6PoRk03g0RbAwCbfed2iw1HY0Fp3UtwMT4vOtgptRC2Gbj8ZqAgjtdoTk/e08DQrIuevf/O2fgbiA3wqcB6zUkrZvkeV9j34Oi6VfaPj7pfbzmNq3F3AK8cRelZFTXmP5NWB/bA+s6VVq/H7c/FmdwTeTV6k9eIkMaXZst2nY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=ej62a/xs; arc=fail smtp.client-ip=40.107.92.78 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="ej62a/xs" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Wflk+S1vfZ1nPt5zgZ4yWSE45rpdzcRC7SLAYytYnu4iixX5ilJBVZlEBnqcrleFZ+8RfRWZ3O8fTDjh+AMtJFr7PUrggkVPSHP0wzZXH0jtxI1iBT0EAA1ewwmaJPYjmBBn0D4fAm3pjXhV1QhiPFDSS77rdm0uYb1WhIjJed5gKunMH+AzKB8sEI7fCOIdkrggCmidhmaZHXrh/iuN17mdDkMlLD5A8u0Zlsp7jNXW14Sj6C0tiPUFILYaiDl3cZu770b0/EA4NcVmN9uWjrcDzSiOmc0FN9YUNyn40n0suYHOeKRCzoNZVD3ME1/0HImpV3Lzee2ZcdqVXVdkcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2UeH7j7k8K/P4com9m60nPj+9OI1JYn2VXg0OoORKvM=; b=xcScfQTX/Zorm2Imn57QqTxBRyDtWqa7H7uhk1wPDVU6FoKQhwFacEk8ZzRkUqlxUvIMNKE3jq+54WQfJMZ8MU14JbIf93p3gKM2VjsfYUD52lM3UT9/qvcZ3vSoCHIq6jyt6nj6xRGHWKK/QkF0E9JXE+hMMB+/Yc30h9vjZSYYjTKvQPPKd9jVL2WZ/oxTxGwnaoXiZP9xfJ5gL56uySkdj2wqCcdSI7/ZSEdEoujwWHgrQ1zQizgCZKCVZW58XQrIVRuIOjLeR+6msy7tGBJoIrB5zCqnaJjCW/9LoxfDTRg+MAN+a95rgoPHeJBsLFSkx7PGWqqcO7DYueCgZg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2UeH7j7k8K/P4com9m60nPj+9OI1JYn2VXg0OoORKvM=; b=ej62a/xsDhR5kPy76+KRJdf+4QkXDZ2r8SLceF6P3GKsOKjP80il+eKzbGLGnWtGWdJeMxxxziLDn6pHg1C/+JpzbjfzqbrFgc9QJMhmonhfK6XcqIMtKX9maSjiJ+nSNbmpk7msWqmRpzQEreglu5Swgilaeh5thib/6WCLD4s= Received: from DS7PR03CA0150.namprd03.prod.outlook.com (2603:10b6:5:3b4::35) by LV2PR12MB5727.namprd12.prod.outlook.com (2603:10b6:408:17d::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24; Fri, 13 Sep 2024 11:39:06 +0000 Received: from DS3PEPF000099DE.namprd04.prod.outlook.com (2603:10b6:5:3b4:cafe::c7) by DS7PR03CA0150.outlook.office365.com (2603:10b6:5:3b4::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Fri, 13 Sep 2024 11:39:06 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DE.mail.protection.outlook.com (10.167.17.200) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Fri, 13 Sep 2024 11:39:06 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 13 Sep 2024 06:39:00 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , Subject: [RFC 06/14] x86/apic: Add update_vector callback for Secure AVIC Date: Fri, 13 Sep 2024 17:06:57 +0530 Message-ID: <20240913113705.419146-7-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> References: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DE:EE_|LV2PR12MB5727:EE_ X-MS-Office365-Filtering-Correlation-Id: 43860ea3-5e98-4371-68a3-08dcd3e8acd5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|82310400026|36860700013|1800799024|376014; X-Microsoft-Antispam-Message-Info: /ScEjPUyfP5gJNslmIxuydkYHuPmXhtZRBygZJNC/EjP3XkDCycYg0c8oW5OMhqZc7NBEd7oU68BeoWjmWrsDvh2FgTJUufcprKPRyLkNIUJ/vk7IZuavBfcLMUnPfPYbkeo40P+qEqu8ai/l/XlPYL4jwOFjMOtElg4y7swVU7nC1XuCFNRYt19kCFCFTOOuuh8UBtnQCihgNRyHsQf22P1hcMTOyRBND4xoLl0mBFmlv+nPLbINg0RvStDyABuCkrJwFBiXXLrlUPv71ntENaGqh6pz4u2Tg680fXCk8ViBGYp7HRmnOdoB53e0WjkpOcIl/kvfVjDU7EwSHJ+ffWzj6+ZTvDCdLSXXn8CHFlrPUBky0hdQMspBbJLDARbpwp7yxqsQ57OmhnC9+/asLsb4OM2kyqaZXfzJgsEEOKHhsXIR1qHyYAX7v2FBgYfipy1CrRU7c0/l9GhReD0yWmTJ6uKMq9AllndHcLQgHFKaGEDxjIPZ2AFepm0HW+FLJw8YdJ7bKSDCcyFMK2oXR9O43+0FDkDgS9Sf9wDTx2oJ4ILy8bhU5dDbPp0ko8b+k8cbhHivjbm8zPVsBPy2Nfhepp0RPKhLBuzU1XW3tsS8uTdw6/S62UNnd5OURIVhsTFDEWeL9ExDfLKmHzXhgzBUDG6YEGi5000u1eshfn9bsLW86+UJZpHs9SLkIzxXIvayfjTQ7buLgIOrwGvLnE5kXQCId5j8R0Sm9nSysPTmI5v5isJwrSfmBxUcBXwEYnyof5xnwOxSfxk4191suKJvbqoY0CaSdoF2S8rtZxUyA6LIpV29OURa9KsLpnqnkz/ZpB5CG6SUJC2F2IpvSW+oigeTDBKdH27bjYYKT5s55ljjDElUirBnh4rk/nvA/SfGaqTKHbIFa5ow6Ttgca2ZfqtjfHfmbCbeY+ZFu9IyUfEOvz9xYqQ+SADb+sw7H4rVQnWjcCDIAp3VZ1ZCfsvMo5Z9Xv9kpgiH572mbbqvurz5C0gkbiz/qYOyXqRq1HMZEW1TO3lkVTnWdWpF45XDjnrr5ON4fv4yKrHDH+l/d0/aiNtVvyrJcDqu/Jak+p8oG40iAzfhfwD8lJiIYZvsFP36hmJBkknSchfntLIGux4q9izn4Dw+opITvrl6fN8PtIV0lDnTRn90hGFc5QAZ+zj4SDio5ffMqdEQgTuIOKedV2xZt0VRBMsHkIy6MYpOpUvD/ldzUseF2CPr8EjjEEi0utdvYYdKH1/yCYyrY8evI+OLGIb2FvxngA3S8sMVn1lsRpexcfwIySoBtuWVmDf8HL8ZM/0/XaJ+MliL7YU9aiKnfm1UHL4t9Nm8SyV7ominX2tFQkeOY1+lVUXZB/bT6B5fgDzCgOGD1ZExRjnD7+O5p6yJgDB+fEXLrCyWIi7MBO5EMzBcaFJ7Toi+H1iHN1ZVcUulGvwnqwwgjVceBsYC6I/AuCkrExh X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(82310400026)(36860700013)(1800799024)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2024 11:39:06.4214 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 43860ea3-5e98-4371-68a3-08dcd3e8acd5 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DE.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV2PR12MB5727 From: Kishon Vijay Abraham I Add update_vector callback to set/clear ALLOWED_IRR field in the APIC backing page. The allowed IRR vector indicates the interrupt vectors which the guest allows the hypervisor to send (typically for emulated devices). ALLOWED_IRR is meant to be used specifically for vectors that the hypervisor is allowed to inject, such as device interrupts. Interrupt vectors used exclusively by the guest itself (like IPI vectors) should not be allowed to be injected into the guest for security reasons. The update_vector callback is invoked from APIC vector domain whenever a vector is allocated, freed or moved. Signed-off-by: Kishon Vijay Abraham I Co-developed-by: Neeraj Upadhyay Signed-off-by: Neeraj Upadhyay --- arch/x86/include/asm/apic.h | 2 ++ arch/x86/kernel/apic/vector.c | 8 ++++++++ arch/x86/kernel/apic/x2apic_savic.c | 21 +++++++++++++++++++++ 3 files changed, 31 insertions(+) diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h index ca682c1e8748..2d5400372470 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -315,6 +315,8 @@ struct apic { /* wakeup secondary CPU using 64-bit wakeup point */ int (*wakeup_secondary_cpu_64)(u32 apicid, unsigned long start_eip); + void (*update_vector)(unsigned int cpu, unsigned int vector, bool set); + char *name; }; diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c index 557318145038..5aa65a732b05 100644 --- a/arch/x86/kernel/apic/vector.c +++ b/arch/x86/kernel/apic/vector.c @@ -174,6 +174,8 @@ static void apic_update_vector(struct irq_data *irqd, unsigned int newvec, apicd->prev_cpu = apicd->cpu; WARN_ON_ONCE(apicd->cpu == newcpu); } else { + if (apic->update_vector) + apic->update_vector(apicd->cpu, apicd->vector, false); irq_matrix_free(vector_matrix, apicd->cpu, apicd->vector, managed); } @@ -183,6 +185,8 @@ static void apic_update_vector(struct irq_data *irqd, unsigned int newvec, apicd->cpu = newcpu; BUG_ON(!IS_ERR_OR_NULL(per_cpu(vector_irq, newcpu)[newvec])); per_cpu(vector_irq, newcpu)[newvec] = desc; + if (apic->update_vector) + apic->update_vector(apicd->cpu, apicd->vector, true); } static void vector_assign_managed_shutdown(struct irq_data *irqd) @@ -528,11 +532,15 @@ static bool vector_configure_legacy(unsigned int virq, struct irq_data *irqd, if (irqd_is_activated(irqd)) { trace_vector_setup(virq, true, 0); apic_update_irq_cfg(irqd, apicd->vector, apicd->cpu); + if (apic->update_vector) + apic->update_vector(apicd->cpu, apicd->vector, true); } else { /* Release the vector */ apicd->can_reserve = true; irqd_set_can_reserve(irqd); clear_irq_vector(irqd); + if (apic->update_vector) + apic->update_vector(apicd->cpu, apicd->vector, false); realloc = true; } raw_spin_unlock_irqrestore(&vector_lock, flags); diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index 09fbc1857bf3..a9e54c1c6446 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -19,6 +19,9 @@ #include "local.h" +#define VEC_POS(v) ((v) & (32 - 1)) +#define REG_POS(v) (((v) >> 5) << 4) + static DEFINE_PER_CPU(void *, apic_backing_page); static DEFINE_PER_CPU(bool, savic_setup_done); @@ -199,6 +202,22 @@ static void x2apic_savic_send_IPI_mask_allbutself(const struct cpumask *mask, in __send_IPI_mask(mask, vector, APIC_DEST_ALLBUT); } +static void x2apic_savic_update_vector(unsigned int cpu, unsigned int vector, bool set) +{ + void *backing_page; + unsigned long *reg; + int reg_off; + + backing_page = per_cpu(apic_backing_page, cpu); + reg_off = SAVIC_ALLOWED_IRR_OFFSET + REG_POS(vector); + reg = (unsigned long *)((char *)backing_page + reg_off); + + if (set) + test_and_set_bit(VEC_POS(vector), reg); + else + test_and_clear_bit(VEC_POS(vector), reg); +} + static void init_backing_page(void *backing_page) { u32 hv_apic_id; @@ -313,6 +332,8 @@ static struct apic apic_x2apic_savic __ro_after_init = { .eoi = native_apic_msr_eoi, .icr_read = native_x2apic_icr_read, .icr_write = native_x2apic_icr_write, + + .update_vector = x2apic_savic_update_vector, }; apic_driver(apic_x2apic_savic); From patchwork Fri Sep 13 11:36:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13803301 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2052.outbound.protection.outlook.com [40.107.237.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 012CC1D7E3F; Fri, 13 Sep 2024 11:39:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.52 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227575; cv=fail; b=Z/FQdbSaAp8/FtE5kyK1COd8BI8Rds07nv9lhEVPE50datC7DYgm4R9zD1sfV55b+IMdVBjCN5fucIwqNNrjAGXEzrycoqWyvmDeUpAlMedZLUBPVN5sBkEFf/l7mDSSoxVTJJUdAhZacjQfB7Gnph2eV2Y+A+TjWD+UlEtTo1I= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227575; c=relaxed/simple; bh=VRzS48gKThwjY6CcF8oSngmtwgeY2853m1MjnydV/PM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ga/FoHbVCGMbLujBUS9AZ4W8iSshC3m0x8M1l6pGWMhF+dac7+HbZBOl8Z1gsiHDLiSkX9gTvCr1Ei6yXHLxN/98OjGBOrlQx+4vDTibBGvaw2D1S5G9gLshudtV36VTusePT9uhZURLeZg3lpYNJREVc1Pd8gaAucB3qSNuijs= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=D450a0YX; arc=fail smtp.client-ip=40.107.237.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="D450a0YX" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=bf/cIp36mMOdZpwUPnPKs9+RHGrCoU8QovHXPW5CimbGxriHf1zwGdhKTYtfTx5q9km3fYacpL+LrYMLSuqSIIHF8qYnvPXh3XnHV8Ib71mL+ya53XG3N92WXjh42dT91gnCeOkw2U3KoywQs4LYjX+Ld1qrKNpgaH/1IHPIWrYmnoS1b8mb1m73sFt4Xf2PBnT0bbMhlX1qrk1SMlj2NpNiG/HddQoFXaFd7QjWsFfHmmGtCvtGBTM5UnprZG9u7BVjFVFwjvBVVxQFMIYB6L8lesPQIFTC2TNwF7NYcc8y7pdHRJexxuAQ2PGet15VxD15dGXgTk6dYevX2NG0hw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=o5/bscksYkaxWOQ5jJW5pRwaSTz+EUzgYIbAgJ6gveY=; b=Y3nS6cza0uh9rid8vkAhGCOElHRT4DZEvaTL9Rpvs5d32bfLfH9rYAhOSoXNAZ8BJuZCNN9mNTxZydC8g6XT+gO6szrKO7v3RQrNmtAzJeh0RtfgGpSlshN1DXpNMnqA3fP5Qd1FcaY6/x0PR0kKFnVzsNCy8k1f9rBBZClaNaA4tQNdpffg6QA+sx+tutRnQQjCLdnW7pKHoIIm74OuFo8oxUyGmw+FNVHpC7sWCu2lgWInQIiJ14zIv3BfhsVvkY3zovmsBnxQU450z1NDoupxKk/L2hoV/KDMyPWl3TiPll+bFVtBAxyGzrzR1VM6KmhC3YVazjj6bXQGpplr7g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=o5/bscksYkaxWOQ5jJW5pRwaSTz+EUzgYIbAgJ6gveY=; b=D450a0YXyfhGyukkC6P4WJ5rLpw+i6evUNiUbNdRsGPZTVD4RKAWRZnAYB1GHksjQB9TKEV0OW1m5j+ZD9upWE91oIlEZPFv6z/MdJ1ysbIhZ3YhGQslbvgHTV19Gyu2Eu2NmCuRdXXxULCW5u9JnYGKJz9tCxiXGWMouvyPUPQ= Received: from CH0PR04CA0048.namprd04.prod.outlook.com (2603:10b6:610:77::23) by SA1PR12MB7294.namprd12.prod.outlook.com (2603:10b6:806:2b8::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.18; Fri, 13 Sep 2024 11:39:24 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:610:77:cafe::d1) by CH0PR04CA0048.outlook.office365.com (2603:10b6:610:77::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.25 via Frontend Transport; Fri, 13 Sep 2024 11:39:24 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Fri, 13 Sep 2024 11:39:24 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 13 Sep 2024 06:39:18 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , Subject: [RFC 07/14] x86/apic: Add support to send IPI for Secure AVIC Date: Fri, 13 Sep 2024 17:06:58 +0530 Message-ID: <20240913113705.419146-8-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> References: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|SA1PR12MB7294:EE_ X-MS-Office365-Filtering-Correlation-Id: 39357a88-c67e-4a5d-322a-08dcd3e8b7b3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|36860700013|376014|82310400026; X-Microsoft-Antispam-Message-Info: nkzo+8sOMu3N9mGKMU3hXq12S5fzA+ZuS+8xTLUObX/g6DpEImpeHnZdre7Ls/NRW1LJoHb7g4Nfo7ldpyUzwz3zYxKxmlK+enfr7vZBTw4iDG1q2uORKe0ONUhWcx6bbBmxreGNVvJIreUVtnnLuAZavZDB4Ddm9o32CxtVAgPWj8xqg+n6q31sRJGoSV8SQC5VuuXdZRh+J1OgsvqcewwRrwYAeekYdYcAtS3djF3TVHy71kYzUhJbVZGy/fd6cTGH2E+J5H1vmUm/hgeyPrO4VuMHdyLCmzsXdTXXzPDqANC4/hXorumFNp+MYYot/eAtNxB59nbSpnSWjhrT260oOCAaqOyxiFV4V1vVSKu6L8H9Nya0X2JnV1Ww0mg4ojUM1jCLAN0Tyu/f6m//s8bcyC+vzC5b31L9l3+H6s0uY1ZhdQdPU/nurz59qUJ2WD1pNh+OHybvjJx42WorS6coDhJums7GrVFjk2Pp+4jdg/Qz8hY9WJjt6oyXUHIiS9wqm2+Sd7k45cRBGczSnXAVCUPZ6dDdrlOvGPyPDYVSDKzx5aljBBWfmS7kjACErHuZ9//4Y4jQAQXgHPEdiuIccDeksnAudnCgZeIyjHXxXcNhDArObnG/B8dIGL4BXhMANpXK4FReAx4aQmbAppaZQYKpk6OJZSbeoWH9ux8eCfbSI3WFiisrymnyHVwjGfpb7ILlAJ0JHkJ++9ut4hEVjLZMRwiQcDESGJwULV+Hu10rYbPI6F0JlxS2SlxmNBgUZVwOYomMhmXFhUOiSPHuStq8cSWzHfdGWn3/BhtyrX/bHyZBn6XrFN7c/BzYge4cSH1VORjTlWfAsiwKabwkirFzZfu3WR9FXuG0Sjq6qbzHr+uH+UcB5ND158UBsqe+nUnFXCEJ9EQOXApl9+UnFTmySOhHaDf0gSdkjkArYElveffbtcRX3NvAJ8FwbMurxnWRa8i5EX2DMLTmPW03fLDQNd/DzO0wwDiwzDHAaIM0csGlwQwebwuv2r4fYe8jETx3L8m3I1h5EbtzlRMx61DNoykhyERnpyoIEDn5zNgIt5bgg4qHpHD84Tj+v5O/8HYns4GQeRHBw5ypF80x1MtVoqQ23+Wa58dd4zWQ5slgJoVV16zW1CJ8vo+BkNG8ESA0zuKgt43dfxCHCSODvUi8+aJlvAtA3VhqXL/9cucXPiogPGO09J8aYVP6AKIR6y6ReTbLw+RsM10on7eBXPN1XdQdXgWf5UBui+GGBKbR0HiuppEU0JSIao+Hm1ivbXl4ZENQc4yhSgpEwA3UfZ9Sk9ocE4CcibFyIwW2OPGVuq3KoYuVjzLxegAUyHaZcPwLQz3Oo8QbFl4BFks0knJRTg7Yg9c7AexNGeSuC2kPYJB6WsNSP0ciwbdDLFuy8O5xWP2+tpI/LXPesdwXjq/tmK7XC4EtZjXktgyCfaSalVXwbXlYHO4bEJwM X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(36860700013)(376014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2024 11:39:24.6365 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 39357a88-c67e-4a5d-322a-08dcd3e8b7b3 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB7294 From: Kishon Vijay Abraham I With Secure AVIC only Self-IPI is accelerated. To handle all the other IPIs, add new callbacks for sending IPI, which write to the IRR of the target guest APIC backing page (after decoding the ICR register) and then issue VMGEXIT for the hypervisor to notify the target vCPU. Signed-off-by: Kishon Vijay Abraham I Co-developed-by: Neeraj Upadhyay Signed-off-by: Neeraj Upadhyay --- arch/x86/coco/sev/core.c | 25 +++++ arch/x86/include/asm/sev.h | 2 + arch/x86/kernel/apic/x2apic_savic.c | 152 +++++++++++++++++++++++++--- 3 files changed, 166 insertions(+), 13 deletions(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 0e140f92cfef..63ecab60cab7 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1392,6 +1392,31 @@ enum es_result sev_ghcb_msr_read(u64 msr, u64 *value) return ret; } +enum es_result sev_ghcb_msr_write(u64 msr, u64 value) +{ + struct pt_regs regs = { + .cx = msr, + .ax = lower_32_bits(value), + .dx = upper_32_bits(value) + }; + struct es_em_ctxt ctxt = { .regs = ®s }; + struct ghcb_state state; + unsigned long flags; + enum es_result ret; + struct ghcb *ghcb; + + local_irq_save(flags); + ghcb = __sev_get_ghcb(&state); + vc_ghcb_invalidate(ghcb); + + ret = __vc_handle_msr(ghcb, &ctxt, true); + + __sev_put_ghcb(&state); + local_irq_restore(flags); + + return ret; +} + enum es_result sev_notify_savic_gpa(u64 gpa) { struct ghcb_state state; diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 5e6385bfb85a..1e55e3f1b7da 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -401,6 +401,7 @@ void sev_show_status(void); void snp_update_svsm_ca(void); enum es_result sev_notify_savic_gpa(u64 gpa); enum es_result sev_ghcb_msr_read(u64 msr, u64 *value); +enum es_result sev_ghcb_msr_write(u64 msr, u64 value); #else /* !CONFIG_AMD_MEM_ENCRYPT */ @@ -439,6 +440,7 @@ static inline void sev_show_status(void) { } static inline void snp_update_svsm_ca(void) { } static inline enum es_result sev_notify_savic_gpa(u64 gpa) { return ES_UNSUPPORTED; } static inline enum es_result sev_ghcb_msr_read(u64 msr, u64 *value) { return ES_UNSUPPORTED; } +static inline enum es_result sev_ghcb_msr_write(u64 msr, u64 value) { return ES_UNSUPPORTED; } #endif /* CONFIG_AMD_MEM_ENCRYPT */ diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index a9e54c1c6446..30a24b70e5cb 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -69,6 +69,20 @@ static u32 read_msr_from_hv(u32 reg) return lower_32_bits(data); } +static void write_msr_to_hv(u32 reg, u64 data) +{ + u64 msr; + int ret; + + msr = APIC_BASE_MSR + (reg >> 4); + ret = sev_ghcb_msr_write(msr, data); + if (ret != ES_OK) { + pr_err("Secure AVIC msr (%#llx) write returned error (%d)\n", msr, ret); + /* MSR writes should never fail. Any failure is fatal error for SNP guest */ + snp_abort(); + } +} + #define SAVIC_ALLOWED_IRR_OFFSET 0x204 static u32 x2apic_savic_read(u32 reg) @@ -124,6 +138,7 @@ static u32 x2apic_savic_read(u32 reg) static void x2apic_savic_write(u32 reg, u32 data) { void *backing_page = this_cpu_read(apic_backing_page); + unsigned int cfg; switch (reg) { case APIC_LVTT: @@ -131,7 +146,6 @@ static void x2apic_savic_write(u32 reg, u32 data) case APIC_LVT1: case APIC_TMICT: case APIC_TDCR: - case APIC_SELF_IPI: /* APIC_ID is writable and configured by guest for Secure AVIC */ case APIC_ID: case APIC_TASKPRI: @@ -149,6 +163,11 @@ static void x2apic_savic_write(u32 reg, u32 data) case APIC_EILVTn(0) ... APIC_EILVTn(3): set_reg(backing_page, reg, data); break; + /* Self IPIs are accelerated by hardware, use wrmsr */ + case APIC_SELF_IPI: + cfg = __prepare_ICR(APIC_DEST_SELF, data, 0); + native_x2apic_icr_write(cfg, 0); + break; /* ALLOWED_IRR offsets are writable */ case SAVIC_ALLOWED_IRR_OFFSET ... SAVIC_ALLOWED_IRR_OFFSET + 0x70: if (IS_ALIGNED(reg - SAVIC_ALLOWED_IRR_OFFSET, 16)) { @@ -161,13 +180,100 @@ static void x2apic_savic_write(u32 reg, u32 data) } } +static void send_ipi(int cpu, int vector) +{ + void *backing_page; + int reg_off; + + backing_page = per_cpu(apic_backing_page, cpu); + reg_off = APIC_IRR + REG_POS(vector); + /* + * Use test_and_set_bit() to ensure that IRR updates are atomic w.r.t. other + * IRR updates such as during VMRUN and during CPU interrupt handling flow. + */ + test_and_set_bit(VEC_POS(vector), (unsigned long *)((char *)backing_page + reg_off)); +} + +static void send_ipi_dest(u64 icr_data) +{ + int vector, cpu; + + vector = icr_data & APIC_VECTOR_MASK; + cpu = icr_data >> 32; + + send_ipi(cpu, vector); +} + +static void send_ipi_target(u64 icr_data) +{ + if (icr_data & APIC_DEST_LOGICAL) { + pr_err("IPI target should be of PHYSICAL type\n"); + return; + } + + send_ipi_dest(icr_data); +} + +static void send_ipi_allbut(u64 icr_data) +{ + const struct cpumask *self_cpu_mask = get_cpu_mask(smp_processor_id()); + unsigned long flags; + int vector, cpu; + + vector = icr_data & APIC_VECTOR_MASK; + local_irq_save(flags); + for_each_cpu_andnot(cpu, cpu_present_mask, self_cpu_mask) + send_ipi(cpu, vector); + write_msr_to_hv(APIC_ICR, icr_data); + local_irq_restore(flags); +} + +static void send_ipi_allinc(u64 icr_data) +{ + int vector; + + send_ipi_allbut(icr_data); + vector = icr_data & APIC_VECTOR_MASK; + native_x2apic_icr_write(APIC_DEST_SELF | vector, 0); +} + +static void x2apic_savic_icr_write(u32 icr_low, u32 icr_high) +{ + int dsh, vector; + u64 icr_data; + + icr_data = ((u64)icr_high) << 32 | icr_low; + dsh = icr_low & APIC_DEST_ALLBUT; + + switch (dsh) { + case APIC_DEST_SELF: + vector = icr_data & APIC_VECTOR_MASK; + x2apic_savic_write(APIC_SELF_IPI, vector); + break; + case APIC_DEST_ALLINC: + send_ipi_allinc(icr_data); + break; + case APIC_DEST_ALLBUT: + send_ipi_allbut(icr_data); + break; + default: + send_ipi_target(icr_data); + write_msr_to_hv(APIC_ICR, icr_data); + } +} + +static void __send_IPI_dest(unsigned int apicid, int vector, unsigned int dest) +{ + unsigned int cfg = __prepare_ICR(0, vector, dest); + + x2apic_savic_icr_write(cfg, apicid); +} + static void x2apic_savic_send_IPI(int cpu, int vector) { u32 dest = per_cpu(x86_cpu_to_apicid, cpu); - /* x2apic MSRs are special and need a special fence: */ - weak_wrmsr_fence(); - __x2apic_send_IPI_dest(dest, vector, APIC_DEST_PHYSICAL); + __send_IPI_dest(dest, vector, APIC_DEST_PHYSICAL); } static void @@ -177,18 +283,16 @@ __send_IPI_mask(const struct cpumask *mask, int vector, int apic_dest) unsigned long this_cpu; unsigned long flags; - /* x2apic MSRs are special and need a special fence: */ - weak_wrmsr_fence(); - local_irq_save(flags); this_cpu = smp_processor_id(); for_each_cpu(query_cpu, mask) { if (apic_dest == APIC_DEST_ALLBUT && this_cpu == query_cpu) continue; - __x2apic_send_IPI_dest(per_cpu(x86_cpu_to_apicid, query_cpu), - vector, APIC_DEST_PHYSICAL); + __send_IPI_dest(per_cpu(x86_cpu_to_apicid, query_cpu), vector, + APIC_DEST_PHYSICAL); } + local_irq_restore(flags); } @@ -202,6 +306,28 @@ static void x2apic_savic_send_IPI_mask_allbutself(const struct cpumask *mask, in __send_IPI_mask(mask, vector, APIC_DEST_ALLBUT); } +static void __send_IPI_shorthand(int vector, u32 which) +{ + unsigned int cfg = __prepare_ICR(which, vector, 0); + + x2apic_savic_icr_write(cfg, 0); +} + +static void x2apic_savic_send_IPI_allbutself(int vector) +{ + __send_IPI_shorthand(vector, APIC_DEST_ALLBUT); +} + +static void x2apic_savic_send_IPI_all(int vector) +{ + __send_IPI_shorthand(vector, APIC_DEST_ALLINC); +} + +static void x2apic_savic_send_IPI_self(int vector) +{ + __send_IPI_shorthand(vector, APIC_DEST_SELF); +} + static void x2apic_savic_update_vector(unsigned int cpu, unsigned int vector, bool set) { void *backing_page; @@ -322,16 +448,16 @@ static struct apic apic_x2apic_savic __ro_after_init = { .send_IPI = x2apic_savic_send_IPI, .send_IPI_mask = x2apic_savic_send_IPI_mask, .send_IPI_mask_allbutself = x2apic_savic_send_IPI_mask_allbutself, - .send_IPI_allbutself = x2apic_send_IPI_allbutself, - .send_IPI_all = x2apic_send_IPI_all, - .send_IPI_self = x2apic_send_IPI_self, + .send_IPI_allbutself = x2apic_savic_send_IPI_allbutself, + .send_IPI_all = x2apic_savic_send_IPI_all, + .send_IPI_self = x2apic_savic_send_IPI_self, .nmi_to_offline_cpu = true, .read = x2apic_savic_read, .write = x2apic_savic_write, .eoi = native_apic_msr_eoi, .icr_read = native_x2apic_icr_read, - .icr_write = native_x2apic_icr_write, + .icr_write = x2apic_savic_icr_write, .update_vector = x2apic_savic_update_vector, }; From patchwork Fri Sep 13 11:36:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13803302 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2083.outbound.protection.outlook.com [40.107.95.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1F0AF1D7E3F; Fri, 13 Sep 2024 11:39:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.95.83 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227588; cv=fail; b=S/2RObrsDSe3BnjiCiIYmkVdlazCZ/nFvb/fOwfRE8d7a+MOv6ifrI99lleBzUfXRCXAkWsPAsruOmmp/gh5m/3p/tlMuzYMzPGt3jorp+YgDE/+Jw1UyrexeSjnQdVVI3qTXcP2ZtkHT3K5WW54Tl/fmADpdGugI5Sirw7TSBQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227588; c=relaxed/simple; bh=qPS2UKcXpWFapAZDS0TrZ1R28NMnEMGQa5KRNQXQEFM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=WcHhB+46msek8TYpz2zxdPU++Th2DNTETLKzwpe4UZkvue6xbRTkEsMEnKyhTXwtjqPkOFP6X/NQTcSHLzYBBxTu+XSmM5fl6sPIN01aomS4y9cCepQIDPH0Ca6bLpVB4aBaNcADVIyZP1SztU92zcOcGwhtFQ0mfWtGleWX9Jw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=iDy3JP42; arc=fail smtp.client-ip=40.107.95.83 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="iDy3JP42" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=LejDpnz/hH+q3opYBIpWSY7bdKZDrz2YXX6OTmE6s+FaSV1KWjghRVMSSRqd3BhB0cgu41I87ybo3faTglyq4YCxr4cfcNjEECK0u4dOwytVxhYGEI/A+qiKr9lhYVQRocFPWAlqV3N73vcpJgS7tLWHucX+WDblrMNZ/0SfAWxjHCU9IMcMa1AkoxNToryhW08ytZlYp80225E2FdZDEpMAjribizEcnXjeisEoS12FbK7dtJpbey5hYf7YEKgRK4AE6D11+OkccF4+3AiKd8OTkvFfCpRd3YdXuwt+QT5k7blqCQcy8glqUkqLp/zWlEe/rmBGnu7EYTZpad4+ag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+ccrGtcravS2b69ecuyF8dTeUkQAbnHDqFr8wMofnE8=; b=aRPgueqSoQIYqbsookEdXB/lj4QAKLIWMEGT+949UcyqgOcgUKeVWfjRnenyMZxyhvYo/aqpjd/QXQ+ZjplhlwhigMsBaReLDTJ9zNb2qBJ42zMlvZp5mxwkDNW+axOY18mGh2rlYBKRg5IkWG/pgBEx9Sr8n7fUm/LU4t19LdfiLUU/vCrq8JY7xrFjDEV6SrPJuko4C+DjIpKscn4ClYnEg/wI0TERa7BT7GQnQ/Mq5LiOXSpxIuSWcJQvqnDWMG4SusBUlGBwo1Oebg9wY4earHIqxryjHAYgGWbUGuvll6tOU7bEZyzBlaRgKS4Xf9F7ik13sidNG29a61juXw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+ccrGtcravS2b69ecuyF8dTeUkQAbnHDqFr8wMofnE8=; b=iDy3JP42tKEGHKPK/cJzwVo3h4JnaWWOODYHYLhdRNI4NmwJhVE1owX4ogu31nBTl8HoodatAUes+56xqdLHFeejtlowaBXibxK3nK7pnXYrv6yHm0fpZLKcYeu74GHBLVoE1gJbQkJtcFHq53qGigM/WlxYZ+m6xtECczeiW4U= Received: from DS7PR05CA0050.namprd05.prod.outlook.com (2603:10b6:8:2f::9) by CY8PR12MB7416.namprd12.prod.outlook.com (2603:10b6:930:5c::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.18; Fri, 13 Sep 2024 11:39:42 +0000 Received: from DS3PEPF000099E1.namprd04.prod.outlook.com (2603:10b6:8:2f:cafe::40) by DS7PR05CA0050.outlook.office365.com (2603:10b6:8:2f::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Fri, 13 Sep 2024 11:39:42 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E1.mail.protection.outlook.com (10.167.17.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Fri, 13 Sep 2024 11:39:42 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 13 Sep 2024 06:39:36 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , Subject: [RFC 08/14] x86/apic: Support LAPIC timer for Secure AVIC Date: Fri, 13 Sep 2024 17:06:59 +0530 Message-ID: <20240913113705.419146-9-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> References: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E1:EE_|CY8PR12MB7416:EE_ X-MS-Office365-Filtering-Correlation-Id: 27386697-c622-4cf9-142a-08dcd3e8c22e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|7416014|1800799024|376014|36860700013; X-Microsoft-Antispam-Message-Info: y/klL495o2Jcql9xSdO9+vl3E7uXkIPPEBJFV4dSgwyPFWfs77XzKM7UmLhaD2ufDdxbAGCmpNEwVFfPSMcioW7J8FLPZG6H/DPQ2mfYmj93y4ax3bbEYWIetSZj8taSJEIv3NjcH4NNUUjQI4KhLG1Rm1iHb6hDhfy1o50rvTNJgjA+RVbRUOrUlvCtmK6wkxJxgrZWdBw2YoMQjTErQsKasIHRFhVoetrqWsI7N9x/iMXKyU6w765gfmQMSHZl3PmPiNRZlfkTCNmcJ4Uv/nfpx7thbEAaJGYwzutZWJjR022QzbH9Gb2d2sJYbVoKlBM+CRcaW4FrmkwY6youz+3DaLkz35EpAHUd/85+RkDljlt9LJYX69hGfE3M+bU/tJ3tPAB3Pn7u33LkMMVQbFkfzy7SBLde2h62YJ7pjfK9VnbpV4UzuvJT0h7cm03dWRRgiDQ2Ee2R84yQm1P9ioBGSRGQ23JPxK/XKUnHuRPNGzYCHOITi1+GPJC7S2I7/kyreb8k46kIAHIg+nL05DDZMV7x4bzSm5Ci43XWfcPa8Cml6nsuDaPSqXicgH/eeiER5aTjGdiWWFjU7LBHSzFYhqNuq1ldc4UyrrdSHOvRK8fRLBcMm/hCw1l+e07a8jSoNfOUkN3EUkFaNzjgXROKOjwZ/h7kJLSBV8pTLIQdhq4EEtzQScyguaFHSWhfJZo1ywtV5DZZHEL0P2oYpTONQn07EN2ovfgXXxL5gzhK3GKWmI2XAPDtpVQv+XYOIfneS0jnJkw1rv/qlEa+DjYxM6Dh7SIS9vZOLR2qytPJCjX8nKsFVMrbp4Z2tCJLQbD3KTW4HlqKYgNWH8qETEu3dIzIu5rzHTo+IQnGAk8ZtoJh4g8KGv1M2svqK6d0VGh7AI8ULyKKaVKuPiYxVx55ujCFVD1e8OsQvPalTcWbSxjpDfo3Pbc0MSTE6wchiHVlggUs3zkYhiPjdwWRVu4gfdkbfUM1c9oU3XYmrsvpJsV/IkrsVeNrNR8ocSiNMe+uqk2FmnTIoTltSTdxAqlLhg2ej4rWRPA3t3rImt8AspPFo1/rvVrmbKwLm3OuDPpbbx1IwDOP0GWKe0qF5YWQ5Ph9nSx+Xeq74cF890ThxPZ9mDjEhWAXnJgdjoceRTnnvV6Y9anhyLup/QxKA5DAuMXYIDFu57e0Dkq4C7TwHMZ2Y8fx4aj+2a2gzgVrRGeGlFRvHmXm88OqxYY5SKl3EUVwQ/T5VsqJy00+c3OU1DaTOjI/4Q9vJxNToGW0UmJyTgoprKzNPVuvCmI7lbcOqVMmupuYCBXDL43WAdh2eSfoLObAXOd+Xybvp1xcZoMCGKWz+pI+DVflmMh2Vr7NBG/jyUr5PMRnNtzLPMX7LZQflraVD93n3f9KH15tKoLCrGlVJNC/r+s7GrBNFrC95hiq4lEkJkOvlZaiYaw/+ha4eN5JLHVCzfJ+0Fq/ X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(7416014)(1800799024)(376014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2024 11:39:42.2503 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 27386697-c622-4cf9-142a-08dcd3e8c22e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E1.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB7416 From: Kishon Vijay Abraham I Secure AVIC requires LAPIC timer to be emulated by hypervisor. KVM already supports emulating LAPIC timer using hrtimers. In order to emulate LAPIC timer, APIC_LVTT, APIC_TMICT and APIC_TDCR register values need to be propagated to the hypervisor for arming the timer. APIC_TMCCT register value has to be read from the hypervisor, which is required for calibrating the APIC timer. So, read/write all APIC timer registers from/to the hypervisor. In addition, configure APIC_ALLOWED_IRR for the hypervisor to inject timer interrupt using LOCAL_TIMER_VECTOR. Signed-off-by: Kishon Vijay Abraham I Co-developed-by: Neeraj Upadhyay Signed-off-by: Neeraj Upadhyay --- arch/x86/kernel/apic/apic.c | 2 ++ arch/x86/kernel/apic/x2apic_savic.c | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index b47d1dc854c3..aeda74bf15e6 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -579,6 +579,8 @@ static void setup_APIC_timer(void) 0xF, ~0UL); } else clockevents_register_device(levt); + + apic->update_vector(smp_processor_id(), LOCAL_TIMER_VECTOR, true); } /* diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index 30a24b70e5cb..2eab9a773005 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -94,6 +94,7 @@ static u32 x2apic_savic_read(u32 reg) case APIC_TMICT: case APIC_TMCCT: case APIC_TDCR: + return read_msr_from_hv(reg); case APIC_ID: case APIC_LVR: case APIC_TASKPRI: @@ -142,10 +143,12 @@ static void x2apic_savic_write(u32 reg, u32 data) switch (reg) { case APIC_LVTT: - case APIC_LVT0: - case APIC_LVT1: case APIC_TMICT: case APIC_TDCR: + write_msr_to_hv(reg, data); + break; + case APIC_LVT0: + case APIC_LVT1: /* APIC_ID is writable and configured by guest for Secure AVIC */ case APIC_ID: case APIC_TASKPRI: From patchwork Fri Sep 13 11:37:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13803303 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2055.outbound.protection.outlook.com [40.107.236.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ADA3A1D86C3; Fri, 13 Sep 2024 11:40:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.55 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227612; cv=fail; b=BK2vuylyB08hnaZvxQUaKJ1wu5pI75GY45LtYQ3+dFS5ILoZ4p0SC5QyPlqu9U3Kpuw/PlHA/7fbzSQq+Ym23ebrt2HySRZc1C2nTXgjylx7w1aAGA5RtFH/c3AnW9NpsjNWPJaf7+0nENzn/S++Dhg4Y+6rAOOfUcfhrNnmRHE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227612; c=relaxed/simple; bh=Zj1ZBS0eXXTzwbVm2MXTXm6E9RomlWBOIUf05rVN4TY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=CxsYyXllCEms+aTdIRDLq8TjnBhObHoclGpIbq7108hwfcFJwWx2mUuTRyWRiDGFP83szjYOrRQPME+YyKIWrB2pG1JtOsQ3pqUrrBhKxkwMsM8mJhvwp14CQN8BVRRR14INH6+vuZGj2KI0FRsqxk7qjUYSadnO01ldd2h8b9s= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=HsKGJXaS; arc=fail smtp.client-ip=40.107.236.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="HsKGJXaS" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GqI2XztLpncQYKnvir4tbYKTC14i3T39ft2Zu8Kr9VRG02hBW5wuXDQKUxkZOWIoPTBlXTzuBruvnxsaO0nTPYlpVTw0q68ODk3LW5xpKM4FjZqT520Lrfb0yzw0rrfksuv+2NYqhHNBgaSxZ1yl7SVkiaL1G+EtkaBySeQqb2lhLn8wOh/E6WYFHEKnJ/NFtnv8lkZaZHZavo6juaqza6tLf0CU4kRGvZBTFimjKWhrkKr9SOE2rpZRfAdnXGMZSWkp5bjOcFbpU5McVQ1Tvh+6OIF0Byjiuv60uyVU99HViv4zVpAG6l7qQBZseawRc/5euYVy7C8T/on7CYmwsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=b/3y3SrFaMbSPi/DyhjhO3RvzLtokkl0cGjXwzwLaFI=; b=DDz5DJTEYO05XmjG8DGh1EZjsImMO4ZBjUhKRstmtXHVMs4RRTr3ps9qWL/628TMy9RahvWYsMgCriY+/ZNyYyle0fUxgX+O0oozwoe6j4pdxkWO/SDWo8ELAfsritCfY+rilLW5HYjMr+IAoddeJRfzGrreKHGww+Y9vkVsmRidYCF1pUde6ahn+9S/Yy1Pv3fUvwC/dDQli4m/QL2IPkpQkSIvEvsQvb75UYirbPX+LeuoC+ODLPx8v8DOreUlm4oBga+1okmIZb7LvxhJcDdoD87A9PLogtg4zr/hLUHGAuFQaP2cyP5NW/9YCbk+HnGZoS/sFnp8AR/siRLF8w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=b/3y3SrFaMbSPi/DyhjhO3RvzLtokkl0cGjXwzwLaFI=; b=HsKGJXaSgBjJfFAHafYi0ehr6pzkvqUSqkdqUBeZgI4NaC76CRwvhvmJF1+zlRMttsned2PAYAA8U3DTYUuvOMlpvBYWFNAAMBI4EzQxa0cppFj5q9cC5uGf+x51lIeXtQUtwA6ulG7ZXavmX/rl4AnGGemy1CAlVddnuOqPoek= Received: from BL0PR1501CA0021.namprd15.prod.outlook.com (2603:10b6:207:17::34) by IA0PR12MB8929.namprd12.prod.outlook.com (2603:10b6:208:484::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.26; Fri, 13 Sep 2024 11:40:07 +0000 Received: from DS3PEPF000099E2.namprd04.prod.outlook.com (2603:10b6:207:17:cafe::6d) by BL0PR1501CA0021.outlook.office365.com (2603:10b6:207:17::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.27 via Frontend Transport; Fri, 13 Sep 2024 11:40:07 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099E2.mail.protection.outlook.com (10.167.17.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Fri, 13 Sep 2024 11:40:07 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 13 Sep 2024 06:39:59 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , Subject: [RFC 09/14] x86/sev: Initialize VGIF for secondary VCPUs for Secure AVIC Date: Fri, 13 Sep 2024 17:07:00 +0530 Message-ID: <20240913113705.419146-10-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> References: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099E2:EE_|IA0PR12MB8929:EE_ X-MS-Office365-Filtering-Correlation-Id: 6332868d-7f2d-440b-ccd5-08dcd3e8d143 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|7416014|376014|1800799024|36860700013; X-Microsoft-Antispam-Message-Info: annqvCskbHoq49ZMH+OoRM0MVZ8CHTgSuQdV/3c0RvYY3h/LL/hgjyPiW7N93YYD78Zm7Ukm6Uw/uBcY0GRm3iZCv03xUQSTSyOz+yNO8snRTwdW/UiEnR07TmBOYn3qXTm4QR/OnfJUitDaHYQAXWIh+28VZbVttkbhtHI1TPjhya0XK2X7Ff+3O44OwrZaeHRT75KXQjXd0ZNQNgv+EzFmf1cEmseDTwK+iH+7FVrnZ8Mk00LKpJlIeq5Vv3mM9shELJKyUHzlRFFN3dXEptJFhX1oYV7W8FRbZjiZnrtzklIxlHEAx+EfucaYkM3V8cRZs3ZwLmaNeHBquOHcABH13z09WkN3fjpwwDpzv0dZoyFBxzOExqpv84Uy16C80pHo55aFvuyvZaCgeofyQjyW2A7QY8+PplYQUH9i0DlJmCmXhS/sbl4GTa2PiM79t0lB8IPXyt5lggn59w9t3kI2jBjUN1u4DdudPVOyRQaoaabggYuNYiPStlU6vfhXiZggPau3KCqQ2+clvtmJ95xIB4rAnxz065zijSJHTFPUlrbLh7tCL1ddszuvO81ihgo+m/vIqzYYt6unhZyFfVqzMlwyVLNLpw1eFaqRuGZNgQ4eGv/UdemX202dlI0UiTe4XzIkqqCz5gI0NY//LZrQoyX0p8xznAuy+CuqJVYxUv8DJ/tloZYFdRzVb/JitBIfXwTWBhUJeXDNwlk7/phWfU6sAmx2q7SFFJVvr0WmNVHp/jnQ28P9BhJDLmWV9PA2nefhr19JuM5ppIu/Gmo2CfVEFZNKWtL+iCp5tgjpNgcrWCxnrgo1dVApEptaxKKlVc7g1g+aLADu8Gz9EyNt9QPFdWpGQR0OjwFU7K7qx6XCyNJqfTLTHWDUd4OWNvcLc5+y5iw0D8/GkAst92ttZ4FmoFzBBYD2cHaYkXE9sDL5W7XXCcUhFbh59TgXtTor0GMSU+aWpmhOOKrL8COXEKuqffoYNxtPRuIr5mWrRzfDMO46oKj8UgVXPdoPCrS6nQafpkEZ9YPzo+z3t2lyLnZx7q4Fw+6Ucf1DohIuk4Z/0UWjahCl5GUsKPriaGOB8z5pC4Jjcpky+ZIZypYqaJpNYqIuxpP6iZrPtHAdGTqBDYmrEkuqSTLBt+vle+q/FJCHa2mJlISfN33BDgzfDUJdgXG71j5vyDBsbMb3CGWEj0uMki3HQ35K8rUWYReVfqaH5Q/gYPdokB6WAwfee+t7PFSyCK647ZXFbZs5M+zsOfdljDL5YAed07FaAv8UxwatKyZB3dYMQoZDn1gdVi7aBJ+WAE65crNv9LyZdBQ8Dkgv22j1u/Ig1wdpa715NTSv95rjtbyrtAeKc1Y0780z35E6D36ZXTUyIfFong5xNy1wf/5VgfmwgNYfUNMrGuqNMjmMvb0WuVfRg165FcUZfNrRC31Y6rkZ/lAUsH0bUm29ScvZeeT3hPIZ X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(7416014)(376014)(1800799024)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2024 11:40:07.5428 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6332868d-7f2d-440b-ccd5-08dcd3e8d143 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099E2.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR12MB8929 From: Kishon Vijay Abraham I VINTR_CTRL in VMSA should be configured for Secure AVIC. Configure for secondary vCPUs (the configuration for boot CPU is done in hypervisor). Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- arch/x86/coco/sev/core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 63ecab60cab7..3c832c9befab 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1190,6 +1190,9 @@ static int wakeup_cpu_via_vmgexit(u32 apic_id, unsigned long start_ip) vmsa->x87_ftw = AP_INIT_X87_FTW_DEFAULT; vmsa->x87_fcw = AP_INIT_X87_FCW_DEFAULT; + if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) + vmsa->vintr_ctrl |= V_GIF_MASK; + /* SVME must be set. */ vmsa->efer = EFER_SVME; From patchwork Fri Sep 13 11:37:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13803304 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2045.outbound.protection.outlook.com [40.107.212.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 221BD1BD4E4; Fri, 13 Sep 2024 11:40:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.45 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227631; cv=fail; b=MUKC4JgOCVCxEXrcf3qQW1NbvUptZGZOz14yg4SDvFzLPLw2/IZNNolCerC0D/VlzLcwErO2QmUqvYxBu+c6kR6t/y70+Tk6qAHpG/0IBLJimuki8iyjZEmj0yEnhuFiBI2mM/oNVeE0Vx7aIA8rzrpLGuVP6z9Q+b45VdO7rLg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227631; c=relaxed/simple; bh=Lm303iIpSlsyRQFSsuUSxbebtBZYSEw58wdB6HeeDag=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=un56KH543v7hME9b6+U/VtN2AhJBpkIfrtphu7ejHDWEMMCXOlQ/mVkyxEotI7NjOFfWgO9lob+U4ZOAkMMod66ElR8Vm3jv/kXqG8j0Jx9Mb/ZmSWy634N432sp26Of8dq4lFrrtHR8ABwcG3DeVu+gYNk+Mc/XHObgaBdq8T4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Z0hSw2jZ; arc=fail smtp.client-ip=40.107.212.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Z0hSw2jZ" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=s3ICy69xVRTfmIVkdgYND6jzvwAD/tUUcmbONWGYb3fsaQEUMU8XkbxgepOrPecl9eUw1Ei6MJw2rZVVcIf3flZYzkdiE2xLkzQ1EflcWMpxh3Uc9XxXEZlNLjDJnFjCck0fzgEbOU5P/Qw5VYz5iOVXtIEQbXNhRPoUsVIZnXYWFsbqpU1klT/JA83nUTZ+QEEtmrQtNICJv4iaY/knP1sxyoSIJ3/200B91qqjfrH8HCiSGin2CD62Jtnizn6tAlLE3NoBpX4Uc7QKuTbUMStC1fK5n1hYgyaT6HmQH6kZoBpBuZrjPMrxpR6F5MQg/Q3RWxZQGbMhVt+AcuUvSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uvdWJjQzd0CYe7M5dkzRNUvdNB/HNjQ7sjGkmwfx9Jg=; b=h9ZFoeTFp/qsRQ8a8+8xnpov6AkwjapwwBu7g6teklN722iWtPoGIYZH+x4TraqKpr5iXjfaTcfk5/R0eH/znY/gWGjj2N7ltZhkVMW5XopzQZIlAytaBKhiRjrKREg3z46kqVDXzpXXFr/OTEyGrRBaxa2BoMyBS0IUbP7c30OkHDLI4+C+t47pGOXFVkxVK48KlFsDUflRmJxh75ly/E7waCO8p88wScsieRKRhNStKcSX9eKSNOBNK9x0h+LMR1KebSK93qxLYqVCavdG2tT670r433lfSIgFqkmAjueXUekI5tpI2wsxWafUpiNbkgCCJNEHpqCVXjXq0mykag== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uvdWJjQzd0CYe7M5dkzRNUvdNB/HNjQ7sjGkmwfx9Jg=; b=Z0hSw2jZ23anl7s89yCAncQUj92Y6xTigtXevBteF6kVMxFMInzzkSCOFOnKl7Nj0VIciTCA6ie0R34UJpV+J3XgRpoJ2tyXBT8vnLJiy8jgaBy5B5CRAg0K5QTh1/RNFb0Z3SSd2Re8q+PjinAO7b9quFWhTIyCgAkUAew/JP4= Received: from DS7PR03CA0195.namprd03.prod.outlook.com (2603:10b6:5:3b6::20) by SA1PR12MB8093.namprd12.prod.outlook.com (2603:10b6:806:335::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.27; Fri, 13 Sep 2024 11:40:26 +0000 Received: from DS3PEPF000099DF.namprd04.prod.outlook.com (2603:10b6:5:3b6:cafe::71) by DS7PR03CA0195.outlook.office365.com (2603:10b6:5:3b6::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Fri, 13 Sep 2024 11:40:26 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DF.mail.protection.outlook.com (10.167.17.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Fri, 13 Sep 2024 11:40:26 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 13 Sep 2024 06:40:18 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , Subject: [RFC 10/14] x86/apic: Add support to send NMI IPI for Secure AVIC Date: Fri, 13 Sep 2024 17:07:01 +0530 Message-ID: <20240913113705.419146-11-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> References: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DF:EE_|SA1PR12MB8093:EE_ X-MS-Office365-Filtering-Correlation-Id: b8aab8c8-a45b-48a5-7acb-08dcd3e8dc61 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|82310400026|7416014|36860700013|1800799024; X-Microsoft-Antispam-Message-Info: K8eADU8DjFIsswyqh+IBdPPIbyA3103ZeOf+i54mXwG+6bj4bH4GXTJmdCHIT2hYyV2p2mx1qdUhbLD1kw7b50hb/W1EEO3Lqler6qxc6AeNhCzct+o6na8kq553Npk+MF47yldgoSh1YTdM6VwKK1nnFg2fDiQms5eOB149mB6W7MlFUrWNJ1k0f+svLQnDmyKwqH/204cq9KS6DgygVGVjXpi5JWZLyGFR/rgcPtAZeRaZcPM6gvNRl8VZFX5uaeaycbQGvib9v9YO4NewfJm/RR4r4nciwwN1v104beci1Sa8M/hUcSKnhGNm2R2cWzD4/KpQW7XXweHNBRucZRJWOUmqZYeQeLazbpa7BHkAFr2F5NJkR/klKMbm6eNc3q1CQ9B+T94wZqO94C2wEJzmqKi6/xxbiPo/gFWhqcK+V04W8O8/7Beooo5q+4jK4vzegMrU6QPpsf3+SO7uGtF9D0k+mxv1tDKr0e8hGa1PPd+0Efygaur4KB7MjsUMywcjL+uZNhkikkEPaWi4G6cEHsnq9z8oLdVqRdVyvthz/BomXByhvwTXd5jlXmmyn8lMg7WD3gbOdhm60gdR2AdIjRrNrDyyG/YZvNrXeWvti0ArE8L/7xLdGHQasNk4Dn+4NS3tx5pxsoDgsd9MDEOL1cX2yGgb8XiaerghNlCuSHhpiK0JSsbiq4pCqkypwiwBF1zMx1SNNtZBMq/po9pizsSPSvyPcRqu2FKDUn5KF7AWYdPnQc4Afo7DZ8fkj/6HFlG3E2VI5KmlaEXJZaYbw605QLduKa9XzOHJBnWYtViK+i8eMj78Z2f5seCi+brCzmjUKONK5haEEqDil0nFv3rImgMaRC1eEIWspTFeyzrDtHtX11fdb3Mrc5B1MCa8d3nI3GupLTJUiwTlQSYBxPZQ3zpq0BB0IG4C9B9XjJbQX84qeW+RqjbiximGf+gxYk/4wT+piF6KkNCgPLvqNL9c2ZQzh5fvNprOqG2iSrvgbNZmxMmUmrplAc57qhbISR0io0zvlkWQQlrBB3mxmdJb+WyfGUSlFPGBMYvL6rArSDmY+aft1Z/Ai0XyHmlX6VItyT7jCZvUQ99B56wlV84NzIHmP1SvxeLwoom5B+i4Tm1a6IW5Ba5Xew/vh0kultWUeZBt1M4K3SKI64lZVIl3sfp2fcxW/7gEpsPhWlsPVla2E3i21/gP8xvNtF3Q/ljPdM7+h1TcsGaIf0ZkOEGnP+oDW4y4SgOqKPydD0gD6B06cD+ZwwtVAvGGAWu13wwyoyasgD7OBNs1elisAURh/c1rAsr+bHXGJCUY2MQbkwwAAnGDBGDd8z1KQUISzU+Nq865PEpruwKuEni+p2BSKbLjQMfJpuvqOAwpCAwJNSAUVwXqe1Ntrcu3uslkkEuzIEJ3y5LQ0hOfZ1m16Vc9SjaqUnaA2ZHSjBtu1yZ9BTgUNCuQh2T8brf1 X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(82310400026)(7416014)(36860700013)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2024 11:40:26.1923 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b8aab8c8-a45b-48a5-7acb-08dcd3e8dc61 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DF.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB8093 From: Kishon Vijay Abraham I Secure AVIC has introduced a new field in the APIC backing page "NmiReq" that has to be set by the guest to request a NMI IPI. Add support to set NmiReq appropriately to send NMI IPI. This also requires Virtual NMI feature to be enabled in VINTRL_CTRL field in the VMSA. However this would be added by a later commit after adding support for injecting NMI from the hypervisor. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- arch/x86/kernel/apic/x2apic_savic.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index 2eab9a773005..5502a828a795 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -183,7 +183,7 @@ static void x2apic_savic_write(u32 reg, u32 data) } } -static void send_ipi(int cpu, int vector) +static void send_ipi(int cpu, int vector, bool nmi) { void *backing_page; int reg_off; @@ -195,16 +195,20 @@ static void send_ipi(int cpu, int vector) * IRR updates such as during VMRUN and during CPU interrupt handling flow. */ test_and_set_bit(VEC_POS(vector), (unsigned long *)((char *)backing_page + reg_off)); + if (nmi) + set_reg(backing_page, SAVIC_NMI_REQ_OFFSET, nmi); } static void send_ipi_dest(u64 icr_data) { int vector, cpu; + bool nmi; vector = icr_data & APIC_VECTOR_MASK; cpu = icr_data >> 32; + nmi = ((icr_data & APIC_DM_FIXED_MASK) == APIC_DM_NMI); - send_ipi(cpu, vector); + send_ipi(cpu, vector, nmi); } static void send_ipi_target(u64 icr_data) @@ -222,11 +226,13 @@ static void send_ipi_allbut(u64 icr_data) const struct cpumask *self_cpu_mask = get_cpu_mask(smp_processor_id()); unsigned long flags; int vector, cpu; + bool nmi; vector = icr_data & APIC_VECTOR_MASK; + nmi = ((icr_data & APIC_DM_FIXED_MASK) == APIC_DM_NMI); local_irq_save(flags); for_each_cpu_andnot(cpu, cpu_present_mask, self_cpu_mask) - send_ipi(cpu, vector); + send_ipi(cpu, vector, nmi); write_msr_to_hv(APIC_ICR, icr_data); local_irq_restore(flags); } From patchwork Fri Sep 13 11:37:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13803305 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2072.outbound.protection.outlook.com [40.107.93.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 557C21BD4E4; Fri, 13 Sep 2024 11:40:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.72 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227649; cv=fail; b=F0NJVyV+h88LVumReSekX8koHzq3AEnbYDwitXsQ4RrK2b0wnFz1mN0Q13CSrjARDphEWRoOOI2/XpkXrG0reA9o8/IBdKvfPO8MpOBiU2ADiEICZ5c9sy4jk+fAYd3xB7HOP6LUy4Hk7JLg/XDK0hAli554irDZkz8VRe7H0GY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227649; c=relaxed/simple; bh=D0B79X5HcChX+2P2MP4NS3uAqFEbg0hh1+PxKNfi/e4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=le+0ifxAPjhzscXt2o3xgxSZGQNqg1OCLgVXHVq08fc1xayyZKWU4jrbK1fAPHCJHft3BUI+P8ebemRbLVNKBH/MavtULfFBrdeEk1FBTyfRkEBQQgkuVVmr4TSJn3HHu6WjOZByCgoHb7ivyBtaIyqfIyAwJMF7fQDBBuPSYpA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=UnpmaMC9; arc=fail smtp.client-ip=40.107.93.72 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="UnpmaMC9" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=cvIur5uuvhRTT5muKHfAULmxucdKAIdAtNe9oG8X5RsXxPy5sFkMLyy8DzyEORDZwRoiRkvPMDq7THVnDQNU0RouA04CDSxrbvVx58KVZzCuZEFnVF7fOaIUIABblBoxq+bBsWXdfdVqSuMXDjOwRe0p5wyh8WmY7g0pc19fDGsOoYPugctziMO9x+YxNfs9W950PwG0ztgKqdXcML7yOsq1qZyZqTLb/2LzIlHWGs2J6hs3nDLATLUZHQzAio52ad30Qk8JLlXPi/ky6/ldfasbTxiObCPSi+x4DhZE0T1pMiuBJoPLhita/h92IYBXtFKzTEgXl7pEhEqzNadqIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=67n+BTqwxp57PDdD+mi5AMGlWG9UFY7IcjDKz73TOAE=; b=md/69RtgeE4WGF7KSXNpqULfVde3pqQhnUlf+wGPdMv/NpJC1DynHby3lFFR//4HuhJJjL7G7YDydmZJQpROu5j0tXYUkynRumL6j98+xS0S64NKi8lLt0kGdxN6v10nGPj6g4cPddQNNpvtimBvFhmQLu/joAn/XT3yW8zFO48Rq1ZB57ECItRnQxexSnGSRXrkGS9VKw0Vm7iAR06zw5NgLf2wM0FSDSMpp6Vpwl6+MLPTV2eJ4dmWj/bxYQNwPPxEE+3nJUuJcIO8/rtKtfL+w5y4FWzuoz9OOyviwf359KSR8sS/b6RbkqidRzOyzJ1R3lx3BHJwIPfpHwuEEw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=67n+BTqwxp57PDdD+mi5AMGlWG9UFY7IcjDKz73TOAE=; b=UnpmaMC9obmpYhTO/ymzq5KPEn5VivLCiTdMw0Lo14vF6td3q+nHKUuQ44QrM7mWFue0DmO2ZtX3u3OvgOZIjubd5KtsUHx9OtgxAWtWm3ZBP/MuAMfhNi+hl2TKymTsevr9KRBvb1JENm877F8j5YEiGgXAiQBMtvTv5oc8luA= Received: from DS7PR03CA0192.namprd03.prod.outlook.com (2603:10b6:5:3b6::17) by IA0PR12MB7603.namprd12.prod.outlook.com (2603:10b6:208:439::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.17; Fri, 13 Sep 2024 11:40:44 +0000 Received: from DS3PEPF000099DF.namprd04.prod.outlook.com (2603:10b6:5:3b6:cafe::d9) by DS7PR03CA0192.outlook.office365.com (2603:10b6:5:3b6::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Fri, 13 Sep 2024 11:40:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099DF.mail.protection.outlook.com (10.167.17.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Fri, 13 Sep 2024 11:40:44 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 13 Sep 2024 06:40:38 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , Subject: [RFC 11/14] x86/apic: Allow NMI to be injected from hypervisor for Secure AVIC Date: Fri, 13 Sep 2024 17:07:02 +0530 Message-ID: <20240913113705.419146-12-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> References: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099DF:EE_|IA0PR12MB7603:EE_ X-MS-Office365-Filtering-Correlation-Id: 47fc3429-54d5-4a7f-2233-08dcd3e8e74e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|82310400026|7416014|36860700013; X-Microsoft-Antispam-Message-Info: qAHoYYZDBayc8O6N3Zet5+jOPdigtJmP8o6JqnglR3kzm+qa+08pHLb+tx3RTJbKbsQEGF5XDWs/x+h0cMy8sZd5bcH8ELTpq4J1iApArk3becVrzCaGdJ7o3gfLNcBlBDOqQEaEHjYwPvHkRzqGWwQ9mIcGxyf54Wl0dOPP36LDm53on0vLdx6u83HeIuowIxekr+UHQjBbl5ONzqNDh3Nva/+n/lUK/0SlRD75/yID4457LozbCJ9lDNlmcvtghsxd/8aoWABApVnCM2ZbPTTEpy2rA0GVncIiv6B3vRGq7fXGPyqSazHD2UFvYnwrYPdqnpTqgn0BKg23arX1FtUE0ORlf6EBdrIuZ37JJ6In+l+PWJvMUOdqjWwXB3KS/TiLQFHaO4pvDW+AIzwe/3SxOdrGJBkRaMD6CbtFc+qQqCaL/9dMw8jtKVo4NHOEwvMma8yyiFmhWbDQUgjGnXpMNGIj+1uZwTacsut7dxckZNFKplF8doBFPclsGlKc2nPWAOyQVrVC8r1Sf/FmaZO4C8i4PtrLo3QuuJciqeO+/hRYkgMuBFKBmj1fpS7+WyITNT00ln+jG+U+V9gRO9C6q2iBad8ha2WNvvQpDX6eBzTfpS+q1tFPa+ygMWCqmtS/cdrZaD5YbNZaihcpeofstuXk3BwxMcyz6Q/+8BM/VOqlvRrIVX1q5WWQ510MSb4oV/xZEGExf0MNWXPJYi1rdeEAUwPaQym780ITMo2bTdJDC/h1R9macHf43m6Xm8p1LvbYWqJjevM1jRPR/9u3d/RoeM1tvCAZubUWUa8qpA1EZx2wbMRtfE9SvMj6/PHmY+5hpiy/KtUXmtoOmqbG0K3nkpeuMRynD4dmWfpBfU5Adnf8GB5SJmITKpNveHqtnm23DX2j6LFteNunW6IP5moLv0MDaXbIrhBCPRlzEpbgeDZcI128M1HKT7xmqbUgfsD/KylOPycozyP0SDI1+22SvWsX71lQddqmEhGSa78S8L3v0VS/seCa6CQc4O+bXXiuP8JZrmaimk91V4pma5NfYuUmZF+5cOXMBWjoK/73q40fR9lcEpT2BF4dYTArBahQ2cK8WZJJXEzbxdiAqXIpybaI2gn/IpNE2ep65Dkjvld6AAq5yv4S2kmvVle6/sm2hHnD1y9ig0BadmTtynZkCqp+NsksvPWh9lj8A0CU84EkrubTAoDffx5ROTog7HZ6ErLmFiiGQOI1ju8vre8w7kctlY0vGmaBaSXRe2ROkZ3LlLux2PZCKqf2JdvuePoxBBBOJesyWLzx5Q1RmPXfJsJQITQ1SsHXok2rXl9EUGMXbQiYIGC0pApJZZRPL4MsNmjfDQvBJZD+tIypMRI3kZO4d6Sz6dFLHg8MOZiuVX+s79GgPTGQrVkR6Ee7r80Cxe6HrB8zEaGTLqJI4VGHa+OVHGTSoX7g7yC/tC0kkiM+ysfCGK3DAJ7m X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(1800799024)(82310400026)(7416014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2024 11:40:44.5204 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 47fc3429-54d5-4a7f-2233-08dcd3e8e74e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099DF.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR12MB7603 From: Kishon Vijay Abraham I Secure AVIC requires "AllowedNmi" bit in the Secure AVIC Control MSR to be set for NMI to be injected from hypervisor. Set "AllowedNmi" bit in Secure AVIC Control MSR here to allow NMI interrupts to be injected from hypervisor. While at that, also propagate APIC_LVT0 and APIC_LVT1 register values to the hypervisor required for injecting NMI interrupts from hypervisor. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- arch/x86/include/asm/msr-index.h | 5 +++++ arch/x86/kernel/apic/x2apic_savic.c | 10 ++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index d0583619c978..0b7454ed7b39 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -662,6 +662,11 @@ #define MSR_AMD64_SNP_SECURE_AVIC_ENABLED BIT_ULL(MSR_AMD64_SNP_SECURE_AVIC_BIT) #define MSR_AMD64_SNP_RESV_BIT 19 #define MSR_AMD64_SNP_RESERVED_MASK GENMASK_ULL(63, MSR_AMD64_SNP_RESV_BIT) +#define MSR_AMD64_SECURE_AVIC_CONTROL 0xc0010138 +#define MSR_AMD64_SECURE_AVIC_EN_BIT 0 +#define MSR_AMD64_SECURE_AVIC_EN BIT_ULL(MSR_AMD64_SECURE_AVIC_EN_BIT) +#define MSR_AMD64_SECURE_AVIC_ALLOWEDNMI_BIT 1 +#define MSR_AMD64_SECURE_AVIC_ALLOWEDNMI BIT_ULL(MSR_AMD64_SECURE_AVIC_ALLOWEDNMI_BIT) #define MSR_AMD64_VIRT_SPEC_CTRL 0xc001011f diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index 5502a828a795..321b3678e26f 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -38,6 +38,11 @@ enum lapic_lvt_entry { #define APIC_LVTx(x) (APIC_LVTT + 0x10 * (x)) +static inline void savic_wr_control_msr(u64 val) +{ + native_wrmsr(MSR_AMD64_SECURE_AVIC_CONTROL, lower_32_bits(val), upper_32_bits(val)); +} + static int x2apic_savic_acpi_madt_oem_check(char *oem_id, char *oem_table_id) { return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); @@ -143,12 +148,12 @@ static void x2apic_savic_write(u32 reg, u32 data) switch (reg) { case APIC_LVTT: + case APIC_LVT0: + case APIC_LVT1: case APIC_TMICT: case APIC_TDCR: write_msr_to_hv(reg, data); break; - case APIC_LVT0: - case APIC_LVT1: /* APIC_ID is writable and configured by guest for Secure AVIC */ case APIC_ID: case APIC_TASKPRI: @@ -401,6 +406,7 @@ static void x2apic_savic_setup(void) ret = sev_notify_savic_gpa(gpa); if (ret != ES_OK) snp_abort(); + savic_wr_control_msr(gpa | MSR_AMD64_SECURE_AVIC_ALLOWEDNMI); this_cpu_write(savic_setup_done, true); } From patchwork Fri Sep 13 11:37:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13803306 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2058.outbound.protection.outlook.com [40.107.92.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E9DC21D7E31; Fri, 13 Sep 2024 11:41:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.58 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227670; cv=fail; b=e3BB++DgtEJfKqcfPJoBwjG4oDyxRFfsaqRO/VJ8EJCiItoka3tIkULXF62j0Ju1MeityYoVIbVZBybqCapZlaR77qVnLNsrTxnQXLqGjFkmRA2Lf5yvvCE4CMk+/V4Xxo/zrXDOPKg398j8vzPN2exAaaaczDstmxYijmCGLeI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227670; c=relaxed/simple; bh=5XbAyGasawBq3CFiIArCmeBuFfEABQDsf7m3Dqdpq/I=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=F2hSdVxfWZ0AKvEzTPV7duqNIXyZMkNshGveWeLn4h7VgEA9tRcMGOxrNX0XWXx7fur11ZfWI6+UZiTD0p6TtnOJVopGBW8Ix0L6DM4GoCqERgQunkqv6TOQ52WQK3LFpPhgS9F29uKCuSPRp15wACAO4XFB1lmjE2Rjg3YhTMA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=u7vIAIfy; arc=fail smtp.client-ip=40.107.92.58 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="u7vIAIfy" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=WC0TQ7eLwfNvzahKKLUej9P2L3nEXZk8rjL6+f20uGCxrDAMpRHsKlcL6A1uurFTkIF1ZUVrTKPYRvwoEIYrp5ESoC+gXYD2BTvF10+DCXBTelTpRiShtBgSZAB/0YbAMbSaz1tMVitOEWGaVXyhAoqt9R9DVGMnSBM2o2V1p6PP+MBEjJ2OoekHWOm6WqObwzRIYWrcyvRAfzvgunhMSfLOvxF8SH10c13LFyHMKocP+FzOcUMNdKakaSHQ37/IcHDaSYv3UvrzSp4rTrONi0q4px1z1omi8QwBr+4Dhw+aKW7LHHtCrL0PCKv9L9HXqy8gSp9sSbuCXZKIz2bOKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NCQ5bYcHhcYRjFlhO7mE2Ggwr9FkFGgXxrKcwYmC7VU=; b=JdARpX1hpvgnpH/f748+Xur/TeE7uwLm8ILmtGvaZwToX2OY0P4rE7ZIVqZjq8jSdHuJ2FWN0iKKzgAE9rfo0f0zRJ6AC6y3rRKclcZJNXzQYURr2xJpNxxJcN4Aiyk4WdhqsmklodCIERltk1dMYhTZjzbWdz5W0hbRb9h+5AcpTJjuFRRrv9K1ZB6wA2w2PdqPbvPZqpMU6vK1UCCMAMGgWFLS1q0M/1mLDt5wP455+5lb9sDu22DLdD+WWT1jsRiKxve/3rjNrq6dIuq4Qbxvcgwrjy78e5cx9dVmvcO1dgdawvkFc59VzcV13+lufeoVeTjlR+bKMTkFOAJNfA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NCQ5bYcHhcYRjFlhO7mE2Ggwr9FkFGgXxrKcwYmC7VU=; b=u7vIAIfyVSL3h06kEUdZ9PmOKbKsQh38Z2U7ZbhPcz1JC4NBKOT1RgtRYC0FjUyfDMjuLSL6Aix6ncFCjHtiClmNYawmruJTLIwkqQKApGlhxTJiCEQiJWwQsUdLsW/ImzlwFCwJR7dAkrnMXftD6P5/tnNg6hhyxoRj+S0jCkU= Received: from BN9P223CA0018.NAMP223.PROD.OUTLOOK.COM (2603:10b6:408:10b::23) by BL3PR12MB6476.namprd12.prod.outlook.com (2603:10b6:208:3bc::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.18; Fri, 13 Sep 2024 11:41:05 +0000 Received: from BN1PEPF00004685.namprd03.prod.outlook.com (2603:10b6:408:10b:cafe::b5) by BN9P223CA0018.outlook.office365.com (2603:10b6:408:10b::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.27 via Frontend Transport; Fri, 13 Sep 2024 11:41:05 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN1PEPF00004685.mail.protection.outlook.com (10.167.243.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Fri, 13 Sep 2024 11:41:05 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 13 Sep 2024 06:41:00 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , Subject: [RFC 12/14] x86/sev: Enable NMI support for Secure AVIC Date: Fri, 13 Sep 2024 17:07:03 +0530 Message-ID: <20240913113705.419146-13-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> References: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF00004685:EE_|BL3PR12MB6476:EE_ X-MS-Office365-Filtering-Correlation-Id: 8e0fe1ab-eeee-45fb-3568-08dcd3e8f394 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|7416014|82310400026|1800799024|376014; X-Microsoft-Antispam-Message-Info: M91/ig967k8bu5+WUs2nkABnY4Z+meWlW5xv7nF2sYFhoV6Mc2xDnalrFp9t+tOS8rmT/j5qlSW/6oXVGccHSb9UanyA7U0AkI75jvdyIMY92q8zbDggwb/fRNLuyCuUuoqdJEMnkWHzcqqXw8hwDYWNR7albBIPcvamF9avEFpW557YxFKVqE5AFMm9hx02LOWFpsOQezErly6ad2cePw3upne2KxP58WzAm0BzAwVlifmUpvLGxDAjHUXOJXe8QlbLWFQKge6bVUgCo/aiNcIutnTrltIWO/GBbFVu21Vr1IP4u7XIcYO7OZlDaz6n94Dy4cvwwsRB0ZgPXzjVRLvg75hTABL3QXpG/kgNTqG799ZSAr9xBGO68oRrqrRM2FwS3S8pfbrewP3TJsOmm5G51gDTgkdeoz+OThIT2+COjx2rAsgQn0Yg79hbHIif0VREw44Nm/t2ECSV4TgPubIDPOFLIvI4nzZ0LBPVc5h63A6b8E/KwKZyTqlTrnsKGhybKtSeIhOcymEnZ4DUhRBdHV6o7b6b6Ne9QTGxHnJ9hlLTrtAxmbB7nd6yEfDocWsyrZjRZ7mxeFMWJXLujKVSp6AsOTpy1Stl3x2edqMzKLaDqX+Uk3S98LmGReYw29uay+/jVsV+adDOvlNjF/v8qcfp3LwYnEfqPCz3j6NFBCdyLBLthRwF+85FtzcsPvl6diD1f+Zp4dk/ETl6lCuigdBLvI0MHoDzOnOgs4Puzk3ocwqqIYNiZNDt9Z6nAlthixbngFMZlwPMvfaZeiJ5rsULQFVDu72FeyBgt0SWtnyY579sOOIxVMfiHfIjA8tCARaegUHiDqpipI2RxcxF2QbCbkiDNURRPNd34egLwhU6MMYcZGWppuQdPlBlcDbOUIWOQauIy2gzvUaibS1YaWdO5dOn6jAlSDGXE17XYVeiedeyKGI/bHKmIithGYmxrAblwRSo9XXfi1wDezjrHvZMPS9Jt5hOpC6r0FAQsmyPlbSx4lsdmq1CNHotg38TjQy1lnJfl4U6PGkHw0D60X34mRP6VsheM39PhrDXIoUhMQzGlKpHHz/bDsF9zGeq3WlizV83ACbNgzJSxGXCRaImU6w7xcBrAy1rR0t+FDLJiSAlAhFZYM/+HRiOa+Ya2AwJjWnwP+Ozh2tOEONZDDBAIKYd1UkLvr/yFZyPJaYJNa/nOAXmGKwV7C3Ph8gX7IB6nOYv7mJ4D5rExd2wLr7hwapFwtZ5ieeDuzGG5R5JoIvcEFKiw1lnH0cK7TGOzRxVGOUGVRlXj2cpnIiNMsv5kYdOID+f5tXyIKwpLs1ZDYUW89bKY7GEX2jcAngZYTp3hEIW+2mmI3u1CD/VxjOtDiXamxMidf83SIZGp8p/TErgRzlzH7F8tMMlNJFZcxCbKM0wYDmatpg56jTcKX0Q7wMrP0fMYBDCCKQwNWCzI610fvWM/9WsG6Tr X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(7416014)(82310400026)(1800799024)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2024 11:41:05.1436 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8e0fe1ab-eeee-45fb-3568-08dcd3e8f394 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00004685.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL3PR12MB6476 From: Kishon Vijay Abraham I Now that support to send NMI IPI and support to inject NMI from hypervisor has been added, set V_NMI_ENABLE in VINTR_CTRL field of VMSA to enable NMI. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- arch/x86/coco/sev/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 3c832c9befab..d0057a2a7d4a 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1191,7 +1191,7 @@ static int wakeup_cpu_via_vmgexit(u32 apic_id, unsigned long start_ip) vmsa->x87_fcw = AP_INIT_X87_FCW_DEFAULT; if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) - vmsa->vintr_ctrl |= V_GIF_MASK; + vmsa->vintr_ctrl |= (V_GIF_MASK | V_NMI_ENABLE_MASK); /* SVME must be set. */ vmsa->efer = EFER_SVME; From patchwork Fri Sep 13 11:37:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13803307 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2043.outbound.protection.outlook.com [40.107.94.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D80171BD4E4; Fri, 13 Sep 2024 11:41:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.43 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227688; cv=fail; b=vFDSLYeEiFwj00eHLdEqNoKWPc8soXkm/OUKB1TtQx1/DmIebhxNUbYj0SE7naxO/93zuWpdAeQLpb6bHSKJVfRK6xBu9xnZTBYvusrT2+qtYvKFmusKvBYhalcY99MgeC2PoF0ozfv8Ut0uZS8GdCLvI+mQN7n675/GhE1Maes= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227688; c=relaxed/simple; bh=8Mcz+5leVEI+VilMdHvDbtI/tTJXdTDD4wJoOOMHwok=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=czLGDnlL2m/35k+EJCnjwqcEVO5+rOw09Ww6XStlNtvJk0CfIbHwiWWqHV5gN0/ie8Dm75703GkmdT2sw4UiSGF4HjP2HcVGfpfkXYO/fXwcni7N3jn9E0njB7n1E1rzSSoT1OJWqgczjeL5o81JnaVtnAlxvxWUJcYS+M8KXoc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=cmFo6HZf; arc=fail smtp.client-ip=40.107.94.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="cmFo6HZf" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=vLKKhKz8aF/NBWFXqD5Lilt8BX73yhSiL6B3sgcVEW5Ls9UPULDINLF5E968htD8zD4pevFWXFuaEnAX+LJIApca3BPXOAbZ85Z2/KAcbjdWCI8UQ45+Bevq07EuFF6e0EBVXkhZu+2Mlnch9ffAVOKHKjASZgc8xBagh8vLKbA7uv9OXNS037SvNP2UnvDrNGldoQiMx3fqcABfLe1kXHUWhwm4SF9D9UGkfmmkK4xr0rIokjrFp6HtxgrOC5WvzrpBKe4ne85Z670xdeB/bFiBOEF+K1goUjNbh4611825QIKRitVq4YxtrxK15Wo6g/J8UGtI1i/GJNiZ7vYRAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RMLJIL4pJ05aQB58YH5KPPKkwNNsYGwDxwQNaoUh6uw=; b=woyUvD1AoUaJFdh3FOI3VS5MmVbDwne2zQsU4Q23gYqOKHf5JWvnVNfVVNZcj4oGpgjcgrB+ljWRKQKwgucaVjqS0GA3ER+ejhxI7suECGWeU2gf5gQ9GmP3P+tlicFPTgcyLr17JfojZVkdFOOF9YxFnk5xAEKzKa3v4b1zWGOs5iPQ/XjA35pYvK/YmV0J4BAAVjRsliNH3QSSbYehtSUWY7KctgXqHSVjw1AIV4eO/EKbyChRjtkW82CpEalwsvNKa23JTW1B4n5ZNc/6Srh9qLg01LyB/DW7rtSy8CBcKOSv5w2RZ9Oerh794ElZqfPXl7smPE9RXz6Zb69jgQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RMLJIL4pJ05aQB58YH5KPPKkwNNsYGwDxwQNaoUh6uw=; b=cmFo6HZfIdlBD8ZAs9zDa8m6r+YMhByn1gGgHjDZ2697fKmt9+VIXkMETMefhYxFWTeNwUNScl7Q3UtYepK6iwRitk06vgQuKlNF183Kua2m/kUTxmWxPmpwewgMAr3g9i8fWzZJsXO/pHN+1Sc5zijc/JWCBwFCjiUQ0LFLHqs= Received: from BN9PR03CA0692.namprd03.prod.outlook.com (2603:10b6:408:ef::7) by PH0PR12MB8006.namprd12.prod.outlook.com (2603:10b6:510:28d::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24; Fri, 13 Sep 2024 11:41:24 +0000 Received: from BN1PEPF00004686.namprd03.prod.outlook.com (2603:10b6:408:ef:cafe::f2) by BN9PR03CA0692.outlook.office365.com (2603:10b6:408:ef::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.26 via Frontend Transport; Fri, 13 Sep 2024 11:41:23 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN1PEPF00004686.mail.protection.outlook.com (10.167.243.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Fri, 13 Sep 2024 11:41:23 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 13 Sep 2024 06:41:17 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , Subject: [RFC 13/14] x86/apic: Enable Secure AVIC in Control MSR Date: Fri, 13 Sep 2024 17:07:04 +0530 Message-ID: <20240913113705.419146-14-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> References: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF00004686:EE_|PH0PR12MB8006:EE_ X-MS-Office365-Filtering-Correlation-Id: 720f9802-26c0-444e-225a-08dcd3e8fe64 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|36860700013|7416014|82310400026; X-Microsoft-Antispam-Message-Info: zliZrrBl/h9Otv9b4aYQUlyt2x0F9N9NpjUnwCiW7XmfUqX8kGxmIjOSd3Hltx8MuL1vhdA10WVimMh574omYu3lPm6N5FpwiqUrTMP9PJKVZ1aB7WKPGdp9AKAws98yu02C5D0pNlyxEqD2anvgFQRkAW6NONe6xiTKFZDoDa3FG05blqJ3F0kRihwKBL9EuI5ylcODne+WWwth2o9i04c5V34ffylC7aHyQYPD8/BNKtPH0WT/JMWwYTYFMJfLNGrEikJ92KzBzpaMjikc/cS7NP5hgXHWE7RL2KtM5bB/wKQbFQ6WndVbxLCtL5QoovbAHQqYIb+gDjZ3sEJZpx//t3h4TAoDTq0+cciJUJx6Y/BGkqlZCfmwFR/k0SZh2B48zonD+Fq1qsNwrE+FDMIyRY9kyOh7TWON5hHBaq8PVJ9tDCSGjp8tl+hZ7AC4U5TSVfF4wgsAcgiNRZAH+UprazilrtcIihGyf5J9+y0PgR1Kw4U3fRp0ZaiatwUxpxf7w+Zdu3q6jKAJ+TaRzhu5Nh0tG1V6FS22sTIokoppKUE3rPCsEshfapPn51NgZsp3Lv2DxpzI2O1bOyMSJQf8H63KmVhJDdDMc+5Z7YL6VmKRoeQ7K9BFM5lGq31CjhZObuhLWLgFcKFpVYBsCw4s24K59BLlTfVzywPpny6M/alt+eT7P9kpMdj5wZrAO2hZAyJPI2y3q/v2ZF26j7ZQVc5pev0LsfMVYF8CaKHnl3zSFayPX8ojfBKEe/QFqRUGVXgiTv9hCj1Af+r++jfGvOQaTxJSMEWB4nATGxJOJ2ZfKLZO5FqS6Ezsxbyz4ciin41OqK5dtgZ7RVBENTiYBGM0pvDwizm73Rrj70qxmipOTx1vHAbb1+Zr87HF6bClQgJMCiZewZu8wo9FeR7N2c+r+LTbuAHEaJlJA3HQu01WpSMZZKogJDqwvddzAtXqpS5dloelC4xk8jTOnezG3pfrX30T91DxZ3PZeIWnuwJQjHrFQVoHBafO0Qnp7ZoxO5zpF40xc9yLxozovgfQaGYvaTrwvDmcUQTH2H0aFEN7p+nN673sz3OiTNQr00y92bmf6004kKAKX/lManLGuu6M5djs26qYL33g6VN4y2Uk9gUOF3O0dJU02ZtF9m29XZMQE0ig25Svu3wHZjIn4Y58GzorlFKHgyFKN0eTRtFlGTb/0MOkKd2ooxScslQVmMCpTN9pwaH3ObQ+myaJBGp/dFisG26J0ts989dseBrH4k4AS8ANqySfECxR1uBsOOsDBjyuCX6XRx/4EjTSiX/8PdMxEXyYxZL4P/epfwmFzrQkhS4WD/LlEmacjnSKaIF9nXAd3+5KpLKuxqooByVOjUp+1XbKQ54diwylyJkbVhir+kaxgKW8WIPyxLNdp+b8P1sTjzEs1xwoO8RYUX7Pt+6inZUhigw4fmG2N7qzQz3ozTu2oRPuBLaV X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(376014)(36860700013)(7416014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2024 11:41:23.2835 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 720f9802-26c0-444e-225a-08dcd3e8fe64 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF00004686.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB8006 With all the pieces in place now, enable Secure AVIC in Secure AVIC Control MSR. Any access to x2APIC MSRs are emulated by hypervisor before Secure AVIC is enabled in the Control MSR. Post Secure AVIC enablement, all x2APIC MSR accesses (whether accelerated by AVIC hardware or trapped as #VC exception) operate on guest APIC backing page. Signed-off-by: Neeraj Upadhyay --- arch/x86/kernel/apic/x2apic_savic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index 321b3678e26f..a3f0ddc6b5b6 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -406,7 +406,7 @@ static void x2apic_savic_setup(void) ret = sev_notify_savic_gpa(gpa); if (ret != ES_OK) snp_abort(); - savic_wr_control_msr(gpa | MSR_AMD64_SECURE_AVIC_ALLOWEDNMI); + savic_wr_control_msr(gpa | MSR_AMD64_SECURE_AVIC_EN | MSR_AMD64_SECURE_AVIC_ALLOWEDNMI); this_cpu_write(savic_setup_done, true); } From patchwork Fri Sep 13 11:37:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13803308 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2077.outbound.protection.outlook.com [40.107.237.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 041A81D88C1; Fri, 13 Sep 2024 11:41:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.77 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227706; cv=fail; b=uVCNuZ2c7ZZgYBeCx1JJqkKe7/seOohq3PyLbbPy2BCiXdlEkwQ4B43IvooALaJB0dlcbIpZq65/+htDuSTKjEkf41woiP5t3eWH+bPPBfLOocLTFvpUYTPioc7S0ZWbn47vTlBLnqgLk1nxyGR/7EZcezEoy+mI2idYN4ixdkc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726227706; c=relaxed/simple; bh=24Dyrgs4MCvn687dRMkmhZDqzozRLzvpCXHVWNpOwFw=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=E3z7iYAJypz4HYarXZ1b0FWirQ4kC8UcTSaycsbpHUTMuZnrWEuRuqHKLEEOIhftHFnjVW9gs93aaw93DJ3US/69JwKE991eojaAA/+g2Ww5FEVY6iS3apaxI89O+DJDJIsmc0X2tYdR5ZmyRuq8UK/x9OAxe6hF6GzgBFW3s0w= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=U793wdS3; arc=fail smtp.client-ip=40.107.237.77 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="U793wdS3" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QZpB1ZUtd4h+E9OlRtdwJbQ35aZOuPK/ZGO1wt4WYeJERhBhMbP4vS9fcCRxD0n/CJbUNllIrKvOuOqtWNInoDd7E7rMrG0SOsOT8aQNHakWJ1m3EI76jE2iKtkg+bAsOrR1+cYyZ1cX9WUe7BsbEvNn3AqnOwe1I3hnTB2fMu8Oti4wtD8Y1e9VuaYMTCosOVP+U3i3UvcMovLcDAmrO/CXDA76bXySXD1z6EBuU70OTlflT3i5+wZzXFg2WM6Ng6rLCvo0sVQkuzuaCZwBkLgFP5yr8/Ctse2728O93kxrGSxB0RN5J18/dyquzICrJ1SGqg/EXxkJU0/XusBN/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=v1KpV7nmNR/O98BSTyWcSRz2cmOxmsrvJOTtk/1fLhQ=; b=GY16h8u8Tpxb+c4eXaSmUMMvelrpQkgKt2a5rNCI0mryDPWSboc1NYpSWbdfQaBbsjMhKEzfOKastwA1smwUvQ+oprR61q+5vlGq8mg+P9q9Bgcl8k8g7SvviLW7hf75fBkiWv9jVKps7PSQp767s8g5xgh+1MDnSypP8VN70uXfy5TtdSaM9KJYlzonJoSxl+HN5H/3hG7fr8f2YYp0Ij7yxiQs9yp4V35pi4PM0DS6Ox369rm0Bzp/l7TtsjtW3d70/80fj00gS3kbrmSqjbwnCmxGyM+eRMffi/5YR4Lei0ZkKXF1z44EKx6xLR3mGtHOzFlJ7nRHMZ5JnNlbWw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=v1KpV7nmNR/O98BSTyWcSRz2cmOxmsrvJOTtk/1fLhQ=; b=U793wdS3vfUScGUfC6w3S8m4W1cWxtJDWVl5kDUMCNROf6YpyJyVwiZ0fOrQh4aGBqNRNmEMOnt4Zv21F3waCqwFXbxy5qvkxRIA6MvuaWwF/Z17ir9o1YbwY7H9E7i46yaPCXvNBrBu2uJB8QdkSjDZZ0FgehTPVPgb/iEytEo= Received: from BN0PR04CA0160.namprd04.prod.outlook.com (2603:10b6:408:eb::15) by SA1PR12MB7410.namprd12.prod.outlook.com (2603:10b6:806:2b4::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.20; Fri, 13 Sep 2024 11:41:41 +0000 Received: from BN1PEPF0000467F.namprd03.prod.outlook.com (2603:10b6:408:eb:cafe::f5) by BN0PR04CA0160.outlook.office365.com (2603:10b6:408:eb::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.24 via Frontend Transport; Fri, 13 Sep 2024 11:41:41 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN1PEPF0000467F.mail.protection.outlook.com (10.167.243.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7918.13 via Frontend Transport; Fri, 13 Sep 2024 11:41:41 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 13 Sep 2024 06:41:36 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , Subject: [RFC 14/14] x86/sev: Indicate SEV-SNP guest supports Secure AVIC Date: Fri, 13 Sep 2024 17:07:05 +0530 Message-ID: <20240913113705.419146-15-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> References: <20240913113705.419146-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN1PEPF0000467F:EE_|SA1PR12MB7410:EE_ X-MS-Office365-Filtering-Correlation-Id: d414d01d-2781-40fe-9bb6-08dcd3e90902 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|1800799024|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: cDZ+wJqiMA6gOxxBYObFvCZtnFVO8a8d18wIxbxrnPIWUPSZmRRsf2C9TQHxq8Rk/t2MmDHY910oQN+lJtw7xT7egIO46KB3Ax5EoeU8plgMlHy5kWjMkzzPGtpAIEHrX2refuApvMWKH1hLxE0j9AgSTr56gCPVVzdV12PkHLB+z6Y3mkgm9Lp6TNZGQlqu7Ka5InTIyWHkHNX09YOn/W32DfJJrIa0EhWhI0ObLGugl8MRol2nupusJOF/yPGa6tWVn0s2cMaj3IYcDXGjTJKq/WKij5A6zswPkTjkg/kRNrjo6Dh+yX3fomz4N41rIC9hZEt7K7XNn2w4yQsWPDdbgUa00Yy5V4B5hopQT9FEm/SQKMZV5Fh3SefoonMwomf82kGrkVZSlNlLzT5q23PGNeAsaofoFQZzO3+Cd9GB7WakzdAjdThxrvgf0KoGHspWu8XMN25xfODLz5LRQ7yj33+5jpl8KbJyIVXXY0w4tTz/7cd2ebFMAb4Q1D722VlbLtFezeZsZVsUuaY3bHzYPWDHe79+fB4ujh1BSPPh3tZQL1W+YkmxB8dXtwQUwIKQWWDk2LTpvGMTApmIC5baKIwwMkSqH4uLbfkX6OlM1e9akkY24Jqg4BQrYMbctoDgzTBSTDScBsB8STS3XfLmUOsMkkdHERsPniHbM4MBrtx+hKkvCj4QkX+FQ0aUfven79UArkHrmIH8O4cEg+NI5rOARihEr55FWyce8QMedgAbcQ/scXVH0jo4483lihzfh9k3Zs1uI3UWv/OMRzUqVQWET1B7PeD6qpFsHnWUJGlsTCAzUZLXbUJO4d+OOObm3DJfhcUZN2Ow22C+nuqhz/ojNoWDnDf0HbbSc3dNsA6CVKDx97GbF6CVWffMy3gqjBDd/7PrcM/xsKEwG75VE4Ux+VSbWOsulJJztdJPq8rqmhDc2Mp3Mqk1dLr76fzJQbIDysnQxV6gwWBacHqpFKYYv02lsd6UoJMDVmV7PDfQh65viLRPhCBM1NIzzPuPQsRe2FD6o0TaUmeZOzJ6Qu3WcAAi/j5bxZSgZylsF56uI31k7MnKAJonRhQ3dWpQTwi31wTqnqp6DA4Cqssbln5nYnIZ3RQL/yL2dJmbwuVM7ogJRipZ6XhcMF4WY8HF+r/I7Yep0JWx15aMvrU7UBpmVuERC6vjBGT/HQCQrDErn924SAFCQ+d8D4paR4EeJQenIJloVHPf7WeylFVEg6SRYlXlHR4NR7uc3FPZjfmIdXT1rO6fciYINtEN17QUEWsDY3pvucZbjr3U0sNiMpG11uJuCypFuVm45meIGYBm1B9leSTnAt9cJ+elu7O1Q8ZxUC1UZBEehDyf6VqsRhfRL8VJqJdjZ+beE28+wVWIOEHbARmgOhhZZoNOtSm9fEB3VIjTL9E64z9vC9Uc62E7CcyAYcmnzP3csUyvH458b5Bj/m7M259UV32D X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(7416014)(1800799024)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Sep 2024 11:41:41.1149 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d414d01d-2781-40fe-9bb6-08dcd3e90902 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN1PEPF0000467F.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB7410 From: Kishon Vijay Abraham I Now that Secure AVIC support is added in the guest, indicate SEV-SNP guest supports Secure AVIC. Without this, the guest terminates booting with Non-Automatic Exit(NAE) termination request event. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- arch/x86/boot/compressed/sev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index ec038be0a048..fa5f1dc94e2b 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -402,7 +402,7 @@ void do_boot_stage2_vc(struct pt_regs *regs, unsigned long exit_code) * by the guest kernel. As and when a new feature is implemented in the * guest kernel, a corresponding bit should be added to the mask. */ -#define SNP_FEATURES_PRESENT MSR_AMD64_SNP_DEBUG_SWAP +#define SNP_FEATURES_PRESENT (MSR_AMD64_SNP_DEBUG_SWAP | MSR_AMD64_SNP_SECURE_AVIC_ENABLED) u64 snp_get_unsupported_features(u64 status) {