From patchwork Thu Apr 17 09:16:51 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 14055163 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2052.outbound.protection.outlook.com [40.107.243.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C92B2226165; Thu, 17 Apr 2025 09:17:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.52 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881473; cv=fail; b=eFVitQWRde5YzDqLYySeYubJRnXE5BxCqNo4LvOEeevsbqdWfcDlwMIRuAgi3JTWwNAiEfELD0HPlVvwIU34m529rQ/MDTvzOo1z93WS1h+pXL1pA/pOrOrQNC4emOQadB7B1XieK/RBAMsgUn8d9wcnnycQWGz85hqc+D65+7I= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881473; c=relaxed/simple; bh=B/FF9SOSYKLnMNPG/kM5VG4ycGOuDVRCmnSkkVJJ0eE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=FvrDWd6PLxMKzhFoPNpMKBrzARUiz54aLSoGSTfSE19x9LXQwuyTK5TQRmmmUGrhdnUpq0YzIasEemW17EvSCDlGJUVbsx9ppIqha/vo/WiJRp0tNJiPb7fuD6iIV0jjwshpq+udP/mMCtNOE83WCrFl9WZ1ebIy81WMObySCyw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=3AbsUYaL; arc=fail smtp.client-ip=40.107.243.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="3AbsUYaL" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dSdcdaCEgjeaOMNImAkMgyE69Bt/VgHnlScvOBbsS8dMqCc4F8D3LuaStlngLDl8PVwutqOewyWOlhZrnSdEFcK/uUujjl60URy5l9R3klqBaXHcS46/UgVmXPrAHTObWUWyvRSxWx4Yn+s1YDtVdnTSnaAWEPCrp4OIKqxUCYnpZJZwCUlWayb06QuLyzKaJp/o7j4Da6d2IEbi3K2t9pDjtcGBYCedKT0RGivOPpxJUOtmrIhO5kJ7jYChIuNuBHz/tPIuSlxtbNrQ62XeXLJFM8aVZrZZ9l2FfwFVP9Hxme3sBPOdep+mRv2Z/iJyKml+LUz4u6oUdob+rg0uDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QrUfO7hz7A7LS8F2dEmr/AeyLBaz2a/e6zzXy528mpw=; b=uleMF7jKovedh90GlhkkySwHwCij82HvoIicCJBuUISY0XyC4hcs5z6wKwbaqyw0pZv/O3kIZgaEFUi97Idb4MwxJ3N9Ts/Lim/tVHUkTsRIkX0/uGCtDdqZPZ+hAjb0OOtGRYynIht9wOVyGPypg55p9ddE99lsLrAjlEbgzHB9hSXtDoO69kOTrDamiK1k4n9oWfAAstshOMUGrZ1n6aDLEyHxx3zdSauxowCYeFvRHQKmZr0ZSq4nZ8ArCb58HYQUltH6q/heyf+KIiggTxMYC7u+xjDvTa78ngMcmaCX0hdH5CDlsILlU2aW67xGlSmpaHQ4rabcLmMZJrtoGg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QrUfO7hz7A7LS8F2dEmr/AeyLBaz2a/e6zzXy528mpw=; b=3AbsUYaL1qJrI2lbEOfPIWZG44VOZDcECk/1klTTwLEaPF0spP2Ym7YafFMbA9pSenFLdDPSob32f5DXyJCZm/nJUBCbslu1TY2rrkZkhIUTBQ2+2iGf9nrCjFEKkgw80bzfEWRq1JipbT/vBJcwwMCWHIPsI8QeH+AfCCKggp8= Received: from MN2PR14CA0005.namprd14.prod.outlook.com (2603:10b6:208:23e::10) by SA5PPFE3F7EF2AE.namprd12.prod.outlook.com (2603:10b6:80f:fc04::8e6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8655.21; Thu, 17 Apr 2025 09:17:49 +0000 Received: from BN2PEPF000055E0.namprd21.prod.outlook.com (2603:10b6:208:23e:cafe::c4) by MN2PR14CA0005.outlook.office365.com (2603:10b6:208:23e::10) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8655.22 via Frontend Transport; Thu, 17 Apr 2025 09:17:48 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000055E0.mail.protection.outlook.com (10.167.245.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8678.4 via Frontend Transport; Thu, 17 Apr 2025 09:17:48 +0000 Received: from BLR-L-NUPADHYA.xilinx.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 04:17:40 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 01/18] KVM: x86: Move find_highest_vector() to a common header Date: Thu, 17 Apr 2025 14:46:51 +0530 Message-ID: <20250417091708.215826-2-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> References: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000055E0:EE_|SA5PPFE3F7EF2AE:EE_ X-MS-Office365-Filtering-Correlation-Id: 75d4d607-1c45-4f52-1b27-08dd7d90b90d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|36860700013|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: 1OV9SnQqqU+KUqGasnVRZ6fNWh2nsYsUiSbFz11mxHhxgd+rPcKcn/Rw6exBBBE9CDy4d1ruJVCOqWgO5TgpIXMrSLbl+QgmtrQxfJwY/wBvmqWcQAmOil43IgO/mO87x9aAYWNK50Q/pIk/6KWgg3cPIGvuhtHT68kwQG7oYzyFFlcjxHiXix+3426DKTs+K8i5JF/Fdrsx/pyoOFiy1hOXC1INz6xBvl7gwaucXbXOnv8gT+/NdRF5BGTjGivWdKTCsliWVYd2L/3i9x4cAGTuc4134A6uW1JnGSYqmUZF5Bhgf+AlcgDV68hasH7GbBPKAyCeLiXPP4Vc6okkHqT8sK/V+Ar2oftemZa/UKjNnnI7upTNt0xuafUxMXlnDmdSCr9WPRu3clyF/W5SjZ0rWQ7vRQhzpLwL8/EcnWHC5n/nv/vSyERntyz+qKM9xixnm3bWym6QQFF6/OsdQNpw1fn31eLi92Sxl0mQvAsxeEoffZjQem5HfaOhlwE9AbUfu65fptv+Y6vsYppi/TrAMVuc7Chjt/t1qtOYQIPn/1QSGpRYxKZYGc8l6Dqm/ecfG4UTbjf6Nfe9AK+4qQfaUOGUSvVTWKrVxZL9IuXq3cCXY0gwjeqo+TRkFoF5z8/J8+04ltsWCn2VSaZjahGK8az8ILdRKUq5nuINA7TVrK7sF+hO9SxTV/L171JRm0eec5d00TPE8EH2vMEyvsa6uZCgV5e6LbxSIb7Sbtv6gg6miUPTV/qVnsC7YVYhm3rKDvUkaj29IHY+CR0NZEn7OrHy7Edbsx+7qiDTsegVCMJjdbjyvpAnyDS7FMOcHp6z6bEKapYg+N99d2YbmaR8Q376e/TMxqU3b0bKQYEP8wnDXSLVxONKqndq8uTTk4l2RQfwVrLLShO4cx5r8UduqPKcn2HjAGljCfT+LXjQHe8dRwDmQmTva9fX5qtV9dIp6ZY9YpCihc75TnIpAMTZPcTG5TK9NRe7FCkTALfcstAJmflSLifPA9f7iDqVT5ka2LHjthm2EAfz8gkZH3dM9p/jMM4CoIpCctZBJ7GWoVrzAnQU8JW2GilfyCIuWe/XKn/DtyY6AmPQqXTbX3+zXUfqAmMAsBbUI3K2DaQ3bhMsuTInHxk2W2SovqE/c0mXqe9avkU649121c8sQAfK5c7M0O2qsDSULoee6TAViITVhxi5HrFRNZ8MKk0x4jF+2AUwk92Cb2tDi0pT26XHODwJwzX3FHtVAyZVIvHg51kQFE0uMj0+2o3zCq3p2yASkX5TGpdVYCZLdj81bhCGx3hHsr5oF2zGaWF6ZLeP6+KcmPq8k1F8TCenO02FKagzxvxYAhV30HhZPWGkUw5Elr6+zU5I95JguGKg70yyQpzUZAY2RRGrKa9dj4GuYj3DOHKGiypUNRGgsj2VI91/4zFzHz2u98wANvGrd0hP1soPJpMwmn2ohp5fkV/Vy05UH0wkbO+hLL1OOsOYx54vSbb2+sG7FexvE55FrRhc2Lx6H5rpAoBkBVnh6iWc X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(376014)(36860700013)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 09:17:48.9472 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 75d4d607-1c45-4f52-1b27-08dd7d90b90d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000055E0.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA5PPFE3F7EF2AE In preparation for using find_highest_vector() in Secure AVIC guest APIC driver, move (and rename) find_highest_vector() to apic.h. Signed-off-by: Neeraj Upadhyay --- Changes since v3: - New patch to move KVM updates to a separate patch. arch/x86/include/asm/apic.h | 23 +++++++++++++++++++++++ arch/x86/kvm/lapic.c | 23 +++-------------------- 2 files changed, 26 insertions(+), 20 deletions(-) diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h index 1c136f54651c..c63c2fe8ad13 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -500,6 +500,29 @@ static inline bool is_vector_pending(unsigned int vector) return lapic_vector_set_in_irr(vector) || pi_pending_this_cpu(vector); } +#define MAX_APIC_VECTOR 256 +#define APIC_VECTORS_PER_REG 32 + +static inline int apic_find_highest_vector(void *bitmap) +{ + unsigned int regno; + unsigned int vec; + u32 *reg; + + /* + * The registers in the bitmap are 32-bit wide and 16-byte + * aligned. State of a vector is stored in a single bit. + */ + for (regno = MAX_APIC_VECTOR / APIC_VECTORS_PER_REG - 1; regno >= 0; regno--) { + vec = regno * APIC_VECTORS_PER_REG; + reg = bitmap + regno * 16; + if (*reg) + return __fls(*reg) + vec; + } + + return -1; +} + /* * Warm reset vector position: */ diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 28e3317124fd..775eb742d110 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include #include @@ -55,9 +56,6 @@ /* 14 is the version for Xeon and Pentium 8.4.8*/ #define APIC_VERSION 0x14UL #define LAPIC_MMIO_LENGTH (1 << 12) -/* followed define is not in apicdef.h */ -#define MAX_APIC_VECTOR 256 -#define APIC_VECTORS_PER_REG 32 /* * Enable local APIC timer advancement (tscdeadline mode only) with adaptive @@ -626,21 +624,6 @@ static const unsigned int apic_lvt_mask[KVM_APIC_MAX_NR_LVT_ENTRIES] = { [LVT_CMCI] = LVT_MASK | APIC_MODE_MASK }; -static int find_highest_vector(void *bitmap) -{ - int vec; - u32 *reg; - - for (vec = MAX_APIC_VECTOR - APIC_VECTORS_PER_REG; - vec >= 0; vec -= APIC_VECTORS_PER_REG) { - reg = bitmap + REG_POS(vec); - if (*reg) - return __fls(*reg) + vec; - } - - return -1; -} - static u8 count_vectors(void *bitmap) { int vec; @@ -704,7 +687,7 @@ EXPORT_SYMBOL_GPL(kvm_apic_update_irr); static inline int apic_search_irr(struct kvm_lapic *apic) { - return find_highest_vector(apic->regs + APIC_IRR); + return apic_find_highest_vector(apic->regs + APIC_IRR); } static inline int apic_find_highest_irr(struct kvm_lapic *apic) @@ -779,7 +762,7 @@ static inline int apic_find_highest_isr(struct kvm_lapic *apic) if (likely(apic->highest_isr_cache != -1)) return apic->highest_isr_cache; - result = find_highest_vector(apic->regs + APIC_ISR); + result = apic_find_highest_vector(apic->regs + APIC_ISR); ASSERT(result == -1 || result >= 16); return result; From patchwork Thu Apr 17 09:16:52 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 14055164 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2052.outbound.protection.outlook.com [40.107.100.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BCE5C207DE3; Thu, 17 Apr 2025 09:18:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.100.52 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881500; cv=fail; b=FIar0WxbzbTD2TEaQvx6o4hxQOMUtqkTJwQzvoueVp0w8ZxZMISZwEnOgEtbWPILjr+arNaHnTatA3+OMs7I61MD3ABxG9qWc4SpKxzi5dlVXi5jaZ1rmED5OuPGlZzMy3c3V4XnkovXzet9iGnj4YPJXSxlRVRhAKuB6OIXteM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881500; c=relaxed/simple; bh=3J29uTJ3lylg7qpG7RdGPO8+sHtE9ITbyPnwOR4pZVQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=JSAt60lsbLBzx2u0B9uROPXQHeYx4kP5EHf8iWlhsDzqjmlyQVeC/J6ZU1whPTma/PPNlDGw6VYjL6UctPALyG3KvshIhHHLWJmM38RW0ivk00MVOdSrXPgMeo2SAJOwGciyr8h0r05Cah8wbLP+gtfp93whc+SzMUt50x8L1FU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=kODfM7Rw; arc=fail smtp.client-ip=40.107.100.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="kODfM7Rw" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=NY13VxGdwip0yB44KC9dkamaQGFp+4zzPtCRnPCGudykNMOorNz0p8VUYn9r6FknQB5+1OwiiX71xWPh9YVxArNrLN7m9aR47vdFDOOSHOW6ipuF0sHSC60sv5i6PP43rIrwWjg53bIKWgE9LJ0I61DS5EWJY9aG9pl8h+GVjb4WLtjVdOMYxdCDlVhdsNrMiIoMQLBJM6BtFGIk/dhlzzGTEUga0WiwXtY4GzWyAMfG/sSEV0JwGBQABcamS/ZgX3n+MTMpsws2jdo5Wzs34L2LlI3nThp+sWlOn133foBknrwalt360KejS9F4zStHIijJhQDteuJKnx40JYB4kg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oIetTAEo+OAsgsq1z78tYJOioTcVJuq8iyoRWEOMDtU=; b=QV7HIqJRh1HUaJUb7vEIW+kKvzXrLf11Ro0WKTA2GzVMWxFkDpxwE0LT0VCprLt6phUcx/MK1y++jh+nP5Z0sIELwBwUiNXcsT3sekH+25z4iDv0IT3a0/r6SlafGtr8gtF1uvmZuxXymwgBKV51JlU1DFXaK3WSyJi9S66xy99pLcN26uO41dItD9LvXdwX9FyXSZf1X9uAYT3Ly9c3VB4TsjOdlszNosuOp0cWWY4i1lLO6FYfojkNfwGcYaRDzu3i/G6dVv5jjrfjVa4CYSdaa595row3nFU3SZQQLfmLRBRmnLR4mSK7NE0DWpTjSH+7W7jEs4NPfZ0NpLwB3g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oIetTAEo+OAsgsq1z78tYJOioTcVJuq8iyoRWEOMDtU=; b=kODfM7Rwo124FRDcmxz6/Pgi0lNmHpe/pXA38yQMTLxMc9FkucobagmXiBG4z56eDo0QcmpN6vLcdmUCYcTX7LEl4ubl9/bXOhOFinBecRyamAy0gH7eGfdQ72yewrXwCskIgBJzgzrXuO0Kl/uNbThAWWSy5GElXns5RCXrdDA= Received: from MN0P221CA0005.NAMP221.PROD.OUTLOOK.COM (2603:10b6:208:52a::15) by IA1PR12MB9532.namprd12.prod.outlook.com (2603:10b6:208:595::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.33; Thu, 17 Apr 2025 09:18:13 +0000 Received: from BN2PEPF000055DF.namprd21.prod.outlook.com (2603:10b6:208:52a:cafe::a1) by MN0P221CA0005.outlook.office365.com (2603:10b6:208:52a::15) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8655.22 via Frontend Transport; Thu, 17 Apr 2025 09:18:13 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000055DF.mail.protection.outlook.com (10.167.245.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8678.4 via Frontend Transport; Thu, 17 Apr 2025 09:18:13 +0000 Received: from BLR-L-NUPADHYA.xilinx.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 04:18:02 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 02/18] x86/apic: Add new driver for Secure AVIC Date: Thu, 17 Apr 2025 14:46:52 +0530 Message-ID: <20250417091708.215826-3-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> References: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000055DF:EE_|IA1PR12MB9532:EE_ X-MS-Office365-Filtering-Correlation-Id: b443564d-67c3-4cf4-86ea-08dd7d90c7c9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|7416014|376014|82310400026; X-Microsoft-Antispam-Message-Info: e8u6fZtQ6z4aiB/EZnprkKIH3+Yb9ziXx/ZvM/rmM5o04JJDPyQbxP6tLmAD1SEvkZpsFO99DdvoVC43sChHdbr6M2aMDlEnOcre8AGIOPuSgKFN2+zX16eQ9MODvxjc3TgtDLTJblgLMiTJUjBIsznvqcIMua81DxBy7yxwEuQ8jf2xFb5pJ4J8AaQ42Zo+GRRWrJrXfB6QGMMdshqtB36VfmZN//IAC9JGEO07dzqcjqXm1qEf2RYmMOh/QrjuAKA9DMOhSpqLve8PrGsZzRlLBJXbUzITaAyRSG7cgd8sBg3auEqVzhmP0ECZ51Pjypz5sIIwVcpvDTcQzf503h/P+Rc5jnSQhT0TWbbuYziTybjf8VdqieapZ3FvNExOoK4Z9YXRYTOROApqg/TiQsDveNHfUcne3ut/bAWQwrAaYiWR55xuevssP0Yj5e1VvRAEhkTpEubHq8/tFGP7rLNZBZk4l5mNZOTwMHhuussaeBaJPRF7Tivl3Flrl7opsQGnnZ3S4gk+rGVxfl2hwc3zNGjJQRI0jro+pKfQ/LTbVWmngJ2474GyQV8i5xoDtGSNcOEY/ZKfB5Omfvw/gjEXVZagvMhXCjBefKIhqqwZE0TEV425H2Fc1294sUnfFb/efwyu4LyRUDcHuoR0GjifEFezPHvLhxHu69HuqLIMtWXhDmlXVHGnQvh+HcOsRPBP5g6w/tVflPG4VnvKfoGCQAsu/35w61zf+h9V3tNXD8bfXjeZ1ryI6nfv2QsXlhBc53g2uk2M2za/FodBbe2BdyBV7WDGFuj5Utt9CFSrChv4lQq1xwyi6+k++f0uEVy0qKn1pdopC4U4n6z7q1rhmuuK2HbFVhfwdFxLfMrT9vwbmOT1mLZkIFVhlvrBTdP6KlFxSFw7Yl38TjYn1yMGqEdJSYiupjeA5qoBeqcJ365ePRp4kkNFApc0a4Xe4U/IpxR+Upgj6/B0hRCkLUopr0DCVfcWRaL+UK8E0hK8x6GcdfPIB7rSNQWc6jDt2GDDCK8JKRFVRuRDp0qd3INMBtgI2llehEdVg+7m41yjetLJZhhuz3PC9/SknPPFpg5xvav+nAYLKOpTFZfg5tHzPHXMdEagULJ/BpwzRLFY2/TDqgxThBVbX9FvbbZBVPsjES/0HZt09+eP+GVHGhj5tjN9wdjal3OKgfPZfwlWbl5CFO/pCSY3s8ALuZC/uPVP2aEWDttALVSV9LztaTZkDQZNsgIv/M2nQArtGD5xD4o3rcxFc2Ftm0BtGrDlPTYLbAXfBX0Z1Epf+Yhcly3RkFO6rHj9WkGSL/kjOu6tgKebGLTa/yOcWtsWc7jjq+KdKLVqvtuVIIUuUt5JsjyyblR6V10LboJbGVJOj5WYTqBNvhmDBHfd0S9Lilao/JgEF9s4hn+Uys8E+hWMo/9pOwxcj6FzaZe8CdMg5qWd1Yos17phgWq40tmY/zyonIllVgnYAin9CjoBOXSis8eK+0DnYJlQIkVObgHlVakTJ5Ti9zLPhG+nP7cWtm4i X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(7416014)(376014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 09:18:13.6685 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b443564d-67c3-4cf4-86ea-08dd7d90c7c9 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000055DF.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB9532 The Secure AVIC feature provides SEV-SNP guests hardware acceleration for performance sensitive APIC accesses while securely managing the guest-owned APIC state through the use of a private APIC backing page. This helps prevent hypervisor from generating unexpected interrupts for a vCPU or otherwise violate architectural assumptions around APIC behavior. Add a new x2APIC driver that will serve as the base of the Secure AVIC support. It is initially the same as the x2APIC phys driver (without IPI callbacks), but will be modified as features of Secure AVIC are implemented. As the new driver does not implement Secure AVIC features yet, if the hypervisor sets the Secure AVIC bit in SEV_STATUS, maintain the existing behavior to enforce the guest termination. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v3: - Removed IPI callbacks which were copy of x2apic_phys.c. - Add a comment in savic_probe() to mention that code after snp_abort() is unreachable. - Removed "x2apic_" from apic callback func names. arch/x86/Kconfig | 13 ++++++ arch/x86/boot/compressed/sev.c | 1 + arch/x86/coco/core.c | 3 ++ arch/x86/include/asm/msr-index.h | 4 +- arch/x86/kernel/apic/Makefile | 1 + arch/x86/kernel/apic/x2apic_savic.c | 63 +++++++++++++++++++++++++++++ include/linux/cc_platform.h | 8 ++++ 7 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 arch/x86/kernel/apic/x2apic_savic.c diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index aeac63b11fc2..d2a505000a9b 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -486,6 +486,19 @@ config X86_X2APIC If in doubt, say Y. +config AMD_SECURE_AVIC + bool "AMD Secure AVIC" + depends on AMD_MEM_ENCRYPT && X86_X2APIC + help + Enable this to get AMD Secure AVIC support on guests that have this feature. + + AMD Secure AVIC provides hardware acceleration for performance sensitive + APIC accesses and support for managing guest owned APIC state for SEV-SNP + guests. Secure AVIC does not support xapic mode. It has functional + dependency on x2apic being enabled in the guest. + + If you don't know what to do here, say N. + config X86_POSTED_MSI bool "Enable MSI and MSI-x delivery by posted interrupts" depends on X86_64 && IRQ_REMAP diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 6eadd790f4e5..a418e80cfcf3 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -399,6 +399,7 @@ void do_boot_stage2_vc(struct pt_regs *regs, unsigned long exit_code) MSR_AMD64_SNP_VMSA_REG_PROT | \ MSR_AMD64_SNP_RESERVED_BIT13 | \ MSR_AMD64_SNP_RESERVED_BIT15 | \ + MSR_AMD64_SNP_SECURE_AVIC | \ MSR_AMD64_SNP_RESERVED_MASK) /* diff --git a/arch/x86/coco/core.c b/arch/x86/coco/core.c index 9a0ddda3aa69..3d7bf37e2155 100644 --- a/arch/x86/coco/core.c +++ b/arch/x86/coco/core.c @@ -102,6 +102,9 @@ static bool noinstr amd_cc_platform_has(enum cc_attr attr) case CC_ATTR_HOST_SEV_SNP: return cc_flags.host_sev_snp; + case CC_ATTR_SNP_SECURE_AVIC: + return sev_status & MSR_AMD64_SNP_SECURE_AVIC; + default: return false; } diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index ac21dc19dde2..d32908b93b30 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -689,7 +689,9 @@ #define MSR_AMD64_SNP_VMSA_REG_PROT BIT_ULL(MSR_AMD64_SNP_VMSA_REG_PROT_BIT) #define MSR_AMD64_SNP_SMT_PROT_BIT 17 #define MSR_AMD64_SNP_SMT_PROT BIT_ULL(MSR_AMD64_SNP_SMT_PROT_BIT) -#define MSR_AMD64_SNP_RESV_BIT 18 +#define MSR_AMD64_SNP_SECURE_AVIC_BIT 18 +#define MSR_AMD64_SNP_SECURE_AVIC BIT_ULL(MSR_AMD64_SNP_SECURE_AVIC_BIT) +#define MSR_AMD64_SNP_RESV_BIT 19 #define MSR_AMD64_SNP_RESERVED_MASK GENMASK_ULL(63, MSR_AMD64_SNP_RESV_BIT) #define MSR_AMD64_RMP_BASE 0xc0010132 #define MSR_AMD64_RMP_END 0xc0010133 diff --git a/arch/x86/kernel/apic/Makefile b/arch/x86/kernel/apic/Makefile index 52d1808ee360..581db89477f9 100644 --- a/arch/x86/kernel/apic/Makefile +++ b/arch/x86/kernel/apic/Makefile @@ -18,6 +18,7 @@ ifeq ($(CONFIG_X86_64),y) # APIC probe will depend on the listing order here obj-$(CONFIG_X86_NUMACHIP) += apic_numachip.o obj-$(CONFIG_X86_UV) += x2apic_uv_x.o +obj-$(CONFIG_AMD_SECURE_AVIC) += x2apic_savic.o obj-$(CONFIG_X86_X2APIC) += x2apic_phys.o obj-$(CONFIG_X86_X2APIC) += x2apic_cluster.o obj-y += apic_flat_64.o diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c new file mode 100644 index 000000000000..bea844f28192 --- /dev/null +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -0,0 +1,63 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * AMD Secure AVIC Support (SEV-SNP Guests) + * + * Copyright (C) 2024 Advanced Micro Devices, Inc. + * + * Author: Neeraj Upadhyay + */ + +#include + +#include +#include + +#include "local.h" + +static int savic_acpi_madt_oem_check(char *oem_id, char *oem_table_id) +{ + return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); +} + +static int savic_probe(void) +{ + if (!cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) + return 0; + + if (!x2apic_mode) { + pr_err("Secure AVIC enabled in non x2APIC mode\n"); + snp_abort(); + /* unreachable */ + } + + return 1; +} + +static struct apic apic_x2apic_savic __ro_after_init = { + + .name = "secure avic x2apic", + .probe = savic_probe, + .acpi_madt_oem_check = savic_acpi_madt_oem_check, + + .dest_mode_logical = false, + + .disable_esr = 0, + + .cpu_present_to_apicid = default_cpu_present_to_apicid, + + .max_apic_id = UINT_MAX, + .x2apic_set_max_apicid = true, + .get_apic_id = x2apic_get_apic_id, + + .calc_dest_apicid = apic_default_calc_apicid, + + .nmi_to_offline_cpu = true, + + .read = native_apic_msr_read, + .write = native_apic_msr_write, + .eoi = native_apic_msr_eoi, + .icr_read = native_x2apic_icr_read, + .icr_write = native_x2apic_icr_write, +}; + +apic_driver(apic_x2apic_savic); diff --git a/include/linux/cc_platform.h b/include/linux/cc_platform.h index 0bf7d33a1048..7fcec025c5e0 100644 --- a/include/linux/cc_platform.h +++ b/include/linux/cc_platform.h @@ -96,6 +96,14 @@ enum cc_attr { * enabled to run SEV-SNP guests. */ CC_ATTR_HOST_SEV_SNP, + + /** + * @CC_ATTR_SNP_SECURE_AVIC: Secure AVIC mode is active. + * + * The host kernel is running with the necessary features enabled + * to run SEV-SNP guests with full Secure AVIC capabilities. + */ + CC_ATTR_SNP_SECURE_AVIC, }; #ifdef CONFIG_ARCH_HAS_CC_PLATFORM From patchwork Thu Apr 17 09:16:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 14055165 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2056.outbound.protection.outlook.com [40.107.223.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 80D3C207DE3; Thu, 17 Apr 2025 09:18:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.56 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881527; cv=fail; b=j2QQjFpK47OJ8/JCPHlAg1Cqc0LL775H2oFG2FWm2CASBSKn062x6ZVJ4QZF/Zlyh9CPsScwYh0hb+P0tbbCtF5ynuRRdCH3cwDRGkkjl2MIZuWa0Yi3g+TLeop0udxvXkV9cilEHrMi4eIrXywr1aTwdWundIi+MR1Pzsjn/OE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881527; c=relaxed/simple; bh=YfthRmJD3btVb2DBS9eT5T1NVuwJlYCn6RISQ/K2jg0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=P8oGs+3JRk+ACpSACu5Gyu4sSvWMDAnXK6xhZVHWApHbz76yspgoCffeiqIyfx9OGxxIgEgkRKnVklvNo7MeiO7TgcQsuoSN4lE6pA1wj4U+ijZ6mWP47U+bvkDeHvE54obLbUyHLzlbgLcftO0SJ8MOKSwzjpYOI4FLoJ1SbYg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=vPEjGivv; arc=fail smtp.client-ip=40.107.223.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="vPEjGivv" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GDQL+gIugDZ2shR7VBRiQVXIog9u9gIMhy+H9IRrIMrzBUWCmEO2NdhI+0+w7xL2w3U/mh9wp8wCSc9XB9kw6VQ/i/dPhF/OLaX6pe69DRtJd4FzuMCs1suB2KAb3H354E2YXB9pbz31b+fSmo1gtdfTw7LYj1Reo0RaXErszK55a3GzeC64aDDn964oQX6+Wds7X2RGVg8c1FHiaNGAP8p60dXB1eGxOhVhzVCkxk2inxSWA7IRFMdwYK4X2IJT6iifqdfWDRgSEnMLqyy0SvEMXgHYvmQ8KEgPImvF0xqmFHF3xGmCr1WZ1y+DCeEkyybe/VEtPTDtXttGScK4AQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KqSJ/QoCPWDV4whhgc7+r7rLybWtNPTK5Src9rXOvcc=; b=CRvUMxZIAV5zX11DWHjkcMVUMZXW16tCPAQ16ozg9yw9YntkC3PXWFSMgB9lz3ITcvICYTTxmwtaQwhtXKVO8xKfwv8/ugY3xLH7LPVuHlYgMjhNW9iqne2r6E6g9IKRAnKTcdrcdY58nup6LfdQVt93QGmiYH818+PV8Wb+xDT35+pVtXmIR1mzxdl3SXNYPDM/VIcTXfKu7YEn5soy4BGY1JZ3gfiKdS7CRk2USztszrD20/g8AxfBAo5U79TxoFyY1c+JgaRLIinnQW9h+dAnk/Pc2r53XWmZtCcg7Pi31+2um5ivqmCE368Kk9S6E30mq8LdfeKwLYoRZvQBdQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KqSJ/QoCPWDV4whhgc7+r7rLybWtNPTK5Src9rXOvcc=; b=vPEjGivvnnzfRkGRl4ZkRhAhoVldqI92hwOiTd4mYQ5WTladphOgAeJEX6pAUkTwr5rYTuHmcyvKSjtkEP427HGlinOTIxj1utvGfTXXbhWh4DmDETRoiGOuJ9Nj0IIKT5cSmZJx8Wk2KnJXLFlBAMmoww01z6DKkeEU4q/Yyb8= Received: from MN0P221CA0026.NAMP221.PROD.OUTLOOK.COM (2603:10b6:208:52a::14) by MN0PR12MB5908.namprd12.prod.outlook.com (2603:10b6:208:37c::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.35; Thu, 17 Apr 2025 09:18:40 +0000 Received: from BN2PEPF000055DF.namprd21.prod.outlook.com (2603:10b6:208:52a:cafe::d3) by MN0P221CA0026.outlook.office365.com (2603:10b6:208:52a::14) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8655.15 via Frontend Transport; Thu, 17 Apr 2025 09:18:40 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000055DF.mail.protection.outlook.com (10.167.245.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8678.4 via Frontend Transport; Thu, 17 Apr 2025 09:18:40 +0000 Received: from BLR-L-NUPADHYA.xilinx.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 04:18:33 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 03/18] x86/apic: Initialize Secure AVIC APIC backing page Date: Thu, 17 Apr 2025 14:46:53 +0530 Message-ID: <20250417091708.215826-4-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> References: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000055DF:EE_|MN0PR12MB5908:EE_ X-MS-Office365-Filtering-Correlation-Id: 8a714bfc-1808-41d6-dce7-08dd7d90d7bc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|7416014|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: r4aM6sfMMKaDxk3K0zzCqP+e6+qHqieFqWNIdqOCsjVQhq4Pyx3u4iUFKX7dSOt7948++SHjM5eSZ3mD1sWD2zU+nhRAVDhadLL9KVnsH6jBKdGQQ+fDdB2bQaxmznvsYxBQqsoo1dxQ6ySmtGeoSd2CpBB7X1POJmdhMSJsp+psYF5EG3UdrvQtnjisSq0hX5OncRwL0oedFjzmbDKXF/Fu6t/dMWqNacnMcuQSjAs+bJ7HAR3aTqIITgvszD6F8kw+Xbo3QRY7GelkzeHERok/Fu0YzfWtLZWmsMcPLtPnK3mmaL6paZI0aEmi3lt78EcyMZRURrnMEXgs5M8L6dzghv16hhj3BSzC0JRdqZDj3WYUCWB+OSX1Gkz9dx/eWdLBRsSXEptX+wd6rxB1HlMue2vqjWGiQ/SNmVPCHyC37k9HMeZQh3tm+7OuE3QSXSzp/fDh68kcfsZmY79lu7jz42bvSENmn9/2/L47cdFEbkWEbOQJP5lyf3yIDAlZZ5WcpbjhS3PY6fN3qElMC5KVagjQqNzXkTLLip3wQHBCTs0yWFuHv/tqoXSAbedtXinXWpxi7hNqo5in8lqIGWNj1pnRV1VM4Cr4PBLfbpOis66ecDCxAfMgbyoFR1parkWpIrVLeGQ3K4WrBeiJ+xWpyka8f0bw/J+w1amLGMHCdR8kYM8akO3/OVK6as7lzsdRYKWndOYNiaFTkb1br2L+N9OlRq0YfcLqHjfuPgNY1ixI81cHKUJdEcnh69I6hw6klS3XPMBKjHjp91DVtwJueUcY0xvPqdurZ69UTm3+GLsJEgKKK9Q5RXiBL72+UIy6jPcLiHHMukpA+JJr0u/PeR0W3brPatd4+ERrEVg1lCv240qaGWQclv4VuVHtW4PdJbAWXkGQlRVTc9IaGL3Tm73Yh2eArgURHEa+GUK5PCdhJ5mRq0mBaF8VeR8g4tT+XDzSHT9nkAbO7TsdDAt4XKsZxhXlsVHTf2FqOgWjf09WhD4FDAO4ai2ircS0x/Mv6VN77dPZUJKYf/9YFSmFD+bH6P69oI7rfTFCi6r1jPsb/HvqpE40aeq6CzlCFU9XF2EgEjJL6PmdCmYlEX07r0XNnj93y+u0m9pZjFk/Bs0fJqdts1VLfgDfipAonDQ6P2scfLotrbTZzKHM4MdM63G05tyaXoSkcv2nqvYl7nCprbkXzXzobtmMI+4AE0HoZqY9bNuYQ+6gLXxVx3zupz6Ugdl1eZKs9TKOSuQSwGFgfn7G/b6yFrV3Lyxpckt95MPuvPZgyzMiUHNYO9BD5oSJ2rWbfKbPFe4acijTBb2T8id7UpruBGBZBjrr8yGcDQ7QWcdIMCdWedGthcao2rd2SX+XjACLPvIWLTCsZ4LXbhfSEtsSJViEh3/sBLAM3LZZDEWkDH+eaxdvrytvtM5oBpaOW5RoEPMZyvP6A2R/tLOU/+5+EMR2+Nll+ul/mPAxB8jYKnwzubLVTcDXnyovfjzUQQ2Oq9su3pHoko3v+lOr3JDOGeFlVMAo X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(1800799024)(7416014)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 09:18:40.4296 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8a714bfc-1808-41d6-dce7-08dd7d90d7bc X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000055DF.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR12MB5908 With Secure AVIC, the APIC backing page is owned and managed by guest. Allocate and initialize APIC backing page for all guest CPUs. The NPT entry for a vCPU's APIC backing page must always be present when the vCPU is running in order for Secure AVIC to function. A VMEXIT_BUSY is returned on VMRUN and the vCPU cannot be resumed if the NPT entry for the APIC backing page is not present. Notify GPA of the vCPU's APIC backing page to the hypervisor by using the SVM_VMGEXIT_SECURE_AVIC GHCB protocol event. Before executing VMRUN, the hypervisor makes use of this information to make sure the APIC backing page is mapped in NPT. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v3: - Use guard(irqsave) instead of local_irq_save()/local_irq_restore(). - Use ~0ULL in place of -1ULL for local CPU in savic_register_gpa(). Define SVM_VMGEXIT_SAVIC_SELF_GPA for this value. - s/x2apic_savic_setup/savic_setup/ - Other cleanups. arch/x86/coco/sev/core.c | 22 +++++++++++++++ arch/x86/include/asm/apic.h | 1 + arch/x86/include/asm/sev.h | 2 ++ arch/x86/include/uapi/asm/svm.h | 4 +++ arch/x86/kernel/apic/apic.c | 2 ++ arch/x86/kernel/apic/x2apic_savic.c | 42 +++++++++++++++++++++++++++++ 6 files changed, 73 insertions(+) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index dcfaa698d6cf..6046a325abd6 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1419,6 +1419,28 @@ static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt) return ret; } +enum es_result savic_register_gpa(u64 gpa) +{ + struct ghcb_state state; + struct es_em_ctxt ctxt; + enum es_result res; + struct ghcb *ghcb; + + guard(irqsave)(); + + ghcb = __sev_get_ghcb(&state); + vc_ghcb_invalidate(ghcb); + + ghcb_set_rax(ghcb, SVM_VMGEXIT_SAVIC_SELF_GPA); + ghcb_set_rbx(ghcb, gpa); + res = sev_es_ghcb_hv_call(ghcb, &ctxt, SVM_VMGEXIT_SAVIC, + SVM_VMGEXIT_SAVIC_REGISTER_GPA, 0); + + __sev_put_ghcb(&state); + + return res; +} + static void snp_register_per_cpu_ghcb(void) { struct sev_es_runtime_data *data; diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h index c63c2fe8ad13..562115100038 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -305,6 +305,7 @@ struct apic { /* Probe, setup and smpboot functions */ int (*probe)(void); + void (*setup)(void); int (*acpi_madt_oem_check)(char *oem_id, char *oem_table_id); void (*init_apic_ldr)(void); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 13a88a4b52a0..4246fdc31afa 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -520,6 +520,7 @@ int snp_svsm_vtpm_send_command(u8 *buffer); void __init snp_secure_tsc_prepare(void); void __init snp_secure_tsc_init(void); +enum es_result savic_register_gpa(u64 gpa); static __always_inline void vc_ghcb_invalidate(struct ghcb *ghcb) { @@ -570,6 +571,7 @@ static inline int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_ static inline int snp_svsm_vtpm_send_command(u8 *buffer) { return -ENODEV; } static inline void __init snp_secure_tsc_prepare(void) { } static inline void __init snp_secure_tsc_init(void) { } +static inline enum es_result savic_register_gpa(u64 gpa) { return ES_UNSUPPORTED; } #endif /* CONFIG_AMD_MEM_ENCRYPT */ diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h index ec1321248dac..436266183413 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -117,6 +117,10 @@ #define SVM_VMGEXIT_AP_CREATE 1 #define SVM_VMGEXIT_AP_DESTROY 2 #define SVM_VMGEXIT_SNP_RUN_VMPL 0x80000018 +#define SVM_VMGEXIT_SAVIC 0x8000001a +#define SVM_VMGEXIT_SAVIC_REGISTER_GPA 0 +#define SVM_VMGEXIT_SAVIC_UNREGISTER_GPA 1 +#define SVM_VMGEXIT_SAVIC_SELF_GPA ~0ULL #define SVM_VMGEXIT_HV_FEATURES 0x8000fffd #define SVM_VMGEXIT_TERM_REQUEST 0x8000fffe #define SVM_VMGEXIT_TERM_REASON(reason_set, reason_code) \ diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index a05871c85183..839397eab8fc 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -1502,6 +1502,8 @@ static void setup_local_APIC(void) return; } + if (apic->setup) + apic->setup(); /* * If this comes from kexec/kcrash the APIC might be enabled in * SPIV. Soft disable it before doing further initialization. diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index bea844f28192..0a2cb1c03d08 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -8,17 +8,54 @@ */ #include +#include #include #include #include "local.h" +/* APIC_EILVTn(3) is the last defined APIC register. */ +#define NR_APIC_REGS (APIC_EILVTn(4) >> 2) + +struct apic_page { + union { + u32 regs[NR_APIC_REGS]; + u8 bytes[PAGE_SIZE]; + }; +} __aligned(PAGE_SIZE); + +static struct apic_page __percpu *apic_page __ro_after_init; + static int savic_acpi_madt_oem_check(char *oem_id, char *oem_table_id) { return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); } +static void savic_setup(void) +{ + void *backing_page; + enum es_result res; + unsigned long gpa; + + backing_page = this_cpu_ptr(apic_page); + gpa = __pa(backing_page); + + /* + * The NPT entry for a vCPU's APIC backing page must always be + * present when the vCPU is running in order for Secure AVIC to + * function. A VMEXIT_BUSY is returned on VMRUN and the vCPU cannot + * be resumed if the NPT entry for the APIC backing page is not + * present. Notify GPA of the vCPU's APIC backing page to the + * hypervisor by calling savic_register_gpa(). Before executing + * VMRUN, the hypervisor makes use of this information to make sure + * the APIC backing page is mapped in NPT. + */ + res = savic_register_gpa(gpa); + if (res != ES_OK) + snp_abort(); +} + static int savic_probe(void) { if (!cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) @@ -30,6 +67,10 @@ static int savic_probe(void) /* unreachable */ } + apic_page = alloc_percpu(struct apic_page); + if (!apic_page) + snp_abort(); + return 1; } @@ -38,6 +79,7 @@ static struct apic apic_x2apic_savic __ro_after_init = { .name = "secure avic x2apic", .probe = savic_probe, .acpi_madt_oem_check = savic_acpi_madt_oem_check, + .setup = savic_setup, .dest_mode_logical = false, From patchwork Thu Apr 17 09:16:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 14055166 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2072.outbound.protection.outlook.com [40.107.237.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 87131226165; Thu, 17 Apr 2025 09:19:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.72 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881551; cv=fail; b=NQGXalTZ6BtMi3i4ADQTbEqUuu9KlnIQv6ewhAADhxxX9vF6pqR0RQcEnibO74uvldzyhEq2CVy/NmCuXoK+DyCbXrbqe/qua2KEpAhckVud8AAHrA7FadPGio0AoLmz6PWp1yA/5oywZCCFnM75C2W1WeSlSP18PN0rEfw3RTE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881551; c=relaxed/simple; bh=cTCmuX0OyDV9hwAMWR+gHDUscpihgKiRNKdAjjJhB70=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=GliLlYo2atbf+znBIGJkvMlXlFGxsX6Agw0o7y2GtceBnsnfD0dUazXaPUlQbHaXRrXR6Q8LT+VASwM+iOHmzr6cInQ958LPr1DaWWsA/sAjt0+qrRYhpdlo8RzKuQ0GxjE2hHqEikN73hi/C/WzjAwTn8TTGK0wQZIKS36+Z4Y= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=5YAQzRDx; arc=fail smtp.client-ip=40.107.237.72 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="5YAQzRDx" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=SPvfhUYnmBEONCOsZBDaYCWAWgKlT1MhSgVZtFTT0rDqP9nGTgdzqTC+iFvcHs7rz3Qm0sPbCVKFAkO3hKeLztQlmVaGutNCkrWjf18CBMq/FUPCGbtSuxJLSNBXkXHzLABr7zRgxguOkoXBeq3X+wgPr27n2WQ1i0LTH+u2aE/f6uRJupvxa7NciKpRxjZmD4ucY/J5G2eTVDTr/7CE385O9582NW4Zduyncw/1/D0PBrGvXGJTbBVv0pqEIRxbC1AXNtA4fiZxTXJFyLnH+aU6cuytATEavEVIDP3l2Sqs1ha+NFFcfbbarzuMZKfmlblsFHVtcewjH6hSQtpK5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mne2i8DZUuiNpzYapTqn4JRlks/rxlh9+K+gh5eoXYM=; b=JVXYgAAcSrQ8qOZImyOGFo+Tgl2bo/z4x8ly83uOGEHpq+ohsf/dI8u/1VB0a4UffYG//tAL4A6vFXMFvcMJTFCsQqgX0+pPD5Ch3LoaGipdGTpBQmFzUW8tEdk1wsm6xboG/C+axdLqLh4+ciHQHYImgIID59LewZmTXm0EN1FZxj7h/eFVwCrsdb3vN4HHWoxpHchu1TACkQfZsqZIaAhA2uWAmykon98ckW8mMJO6HUCxGit6pvxoVxc8cahf8pQyzAg6FhogJUt3bBvCvZYUkWJ/eIU2mXIvpNdXdOfsQcqExBdhmjDeTx9zU1VzecPV1nYAUpaOhvXxOe37JA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mne2i8DZUuiNpzYapTqn4JRlks/rxlh9+K+gh5eoXYM=; b=5YAQzRDxiIa74ZzRVsFqL0bXO31cpl4gW7GD20S6piCwZqSwldyGBsg49BO7/UiLy/aUkkDOHnndH5UJBvQevNWMxAnmgtrrJ7TufGk/bJf+BHe0L5sKb5CoPlN93RkCvlf+I2qEoKuk8KqMt1LoRgkXTon4XnVY2/qzn63nwOY= Received: from MN0P221CA0018.NAMP221.PROD.OUTLOOK.COM (2603:10b6:208:52a::29) by SA3PR12MB7974.namprd12.prod.outlook.com (2603:10b6:806:307::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.34; Thu, 17 Apr 2025 09:19:04 +0000 Received: from BN2PEPF000055DF.namprd21.prod.outlook.com (2603:10b6:208:52a:cafe::7b) by MN0P221CA0018.outlook.office365.com (2603:10b6:208:52a::29) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8655.15 via Frontend Transport; Thu, 17 Apr 2025 09:19:04 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000055DF.mail.protection.outlook.com (10.167.245.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8678.4 via Frontend Transport; Thu, 17 Apr 2025 09:19:04 +0000 Received: from BLR-L-NUPADHYA.xilinx.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 04:18:56 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 04/18] x86/apic: Populate .read()/.write() callbacks of Secure AVIC driver Date: Thu, 17 Apr 2025 14:46:54 +0530 Message-ID: <20250417091708.215826-5-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> References: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000055DF:EE_|SA3PR12MB7974:EE_ X-MS-Office365-Filtering-Correlation-Id: 005d6c41-c855-4364-c317-08dd7d90e611 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: gk9TFFUxshb3KT64QTHzZ11atBy8u92orJNeggsC41NaxsCZLvj+HPSbC+LVp2b6srdoim1kKsoqCnec9hK++jfD/QZy9aBGO8+l/81er3KCoR+Dvf0bIn89xjxQ8NznrFv2LpV40h2QCTk+2GHq3uxVmXjVpy0mgMkfQazyyLiItTUYSZFApBEYbdmiGMuwDKg6w7wylnFFMawYZsbyl904oFG6LbmAazURb74gF39oDC1+Xbsjw79h8/BaILYRZu5TBolNJomUl3LFZuhyUodubzmCFe686rhDop6+40TUXxQGozQUuffOllpHSTuNQ49Py7j8gkkwU3YyO+10cin8w/SFsvrsxg0vskTDT3DhYswVY7TUDid/chseijCn73d/Hm1Zmn4jgkU0afXDGpEJ2YlPGvsFNJgTCT8hdMcX8exBZ2ciP5cmx3vx7KJC3o33JE/c8K8Jnw7hQxuWzgdY4LPlg1eRliDYKCEMIU32OavHkrhmHOhhnZfm7l1iww/IUjndxbCl/GIwpNBoyr8lzQ46VdFUc0hOGNnG44yz0jzcTiuaZgsDpNRB5oK8ZvsMv9wfrG/WTreseqLONzRl92edybZ20bUD/4NvKrnXmgRF1bDoQ5K4sFI2SM84SOHAOjKN5UQLeRYjsAf8XlJ31wE+SCEa3sgOdwg+P8ajz3s0VpNnMj2g6rkdDqz+gD19BZIBgJcSSihO56xfjTqoMrsrFtBMn5ZbvRO2DIYNbUVGLpdciOadgY17pqiO7pwM9bxvRn3o5i8ZaH/fWpPyVplOC2zjffMnTuMFsiJQir9Vs2kgtQ51Fzobruom8pqHKHMmxrMYeTak3HWlF2yWXH1+VXudlpcyp66MZna78pHqUZNRaVmzokJ8lGXhD0VApL0DF6fJJdbvFKb6tPmTe767iiiPeSZjdz2/fZ2a9tSvkossQl5bW9x7q42qC8CF6YX11j7xaTfJCULAnrYsbzUA2pmhPbTKQcRFO3XiSP62QUjIeOoY//r3jYddRCWlIXYx+laYi4/gPBILEY0Au7z1vCp7WkB9QbHe505GXyZi5m7c8vRyKn/h3cAnAmTCe6M2X7YC8l621Bk1EEviE1ziUedFCegSczvJi7AhyYaH/PdkcOEW0IhfIPNBO/2Zzbu3hHfVt4Y/mleGSh3Dy5Y+f3aBQ+yVntnb/s1cyh10InNPHEBc9hlNBr/dXlY7ZSaNhirKFXDCcNugE2Fi2cvxJRKFowzi/dO7W4WIJRVYAvF9rqAImA9DExk/O8Q7NhhkdrWtB/jF9F5yOXSJ+cFPTN5R9D/wpdZi7Xz+dG9mNbKLNGBUsKufYepsO3vRxY5580Aiy9tbMuwL+BYOy/e+dPy7uHUixCT1BiQx5HYfctmV3ESJRQTom1im3i1qyiJ0EFAaXIk57MUXQR2qxuLYetV9AXUWSaS+eNAbcWcn3H5CPIxjJVdY6YiP7NROD+8pu/SlT1EAa8oL8KDiALxGBxvtA1o9dgvSTUz8k+kZJH8BOP5Kngql27tu X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 09:19:04.4739 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 005d6c41-c855-4364-c317-08dd7d90e611 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000055DF.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR12MB7974 Add read() and write() APIC callback functions to read and write x2APIC registers directly from the guest APIC backing page of a vCPU. The x2APIC registers are mapped at an offset within the guest APIC backing page which is same as their x2APIC MMIO offset. Secure AVIC adds new registers such as ALLOWED_IRRs (which are at 4-byte offset within the IRR register offset range) and NMI_REQ to the APIC register space. When Secure AVIC is enabled, guest's rdmsr/wrmsr of APIC registers result in VC exception (for non-accelerated register accesses) with error code VMEXIT_AVIC_NOACCEL. The VC exception handler can read/write the x2APIC register in the guest APIC backing page to complete the rdmsr/wrmsr. Since doing this would increase the latency of accessing x2APIC registers, instead of doing rdmsr/wrmsr based reg accesses and handling reads/writes in VC exception, directly read/write APIC registers from/to the guest APIC backing page of the vCPU in read() and write() callbacks of the Secure AVIC APIC driver. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v3: - Removed "x2apic_" from savic's apic cbs func names. arch/x86/include/asm/apicdef.h | 2 + arch/x86/kernel/apic/x2apic_savic.c | 116 +++++++++++++++++++++++++++- 2 files changed, 116 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/apicdef.h b/arch/x86/include/asm/apicdef.h index 094106b6a538..be39a543fbe5 100644 --- a/arch/x86/include/asm/apicdef.h +++ b/arch/x86/include/asm/apicdef.h @@ -135,6 +135,8 @@ #define APIC_TDR_DIV_128 0xA #define APIC_EFEAT 0x400 #define APIC_ECTRL 0x410 +#define APIC_SEOI 0x420 +#define APIC_IER 0x480 #define APIC_EILVTn(n) (0x500 + 0x10 * n) #define APIC_EILVT_NR_AMD_K8 1 /* # of extended interrupts */ #define APIC_EILVT_NR_AMD_10H 4 diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index 0a2cb1c03d08..4761afc7527d 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -9,6 +9,7 @@ #include #include +#include #include #include @@ -32,6 +33,117 @@ static int savic_acpi_madt_oem_check(char *oem_id, char *oem_table_id) return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); } +static __always_inline u32 get_reg(unsigned int offset) +{ + return READ_ONCE(this_cpu_ptr(apic_page)->regs[offset >> 2]); +} + +static __always_inline void set_reg(unsigned int offset, u32 val) +{ + WRITE_ONCE(this_cpu_ptr(apic_page)->regs[offset >> 2], val); +} + +#define SAVIC_ALLOWED_IRR 0x204 + +static u32 savic_read(u32 reg) +{ + /* + * When Secure AVIC is enabled, rdmsr/wrmsr of APIC registers + * result in VC exception (for non-accelerated register accesses) + * with VMEXIT_AVIC_NOACCEL error code. The VC exception handler + * can read/write the x2APIC register in the guest APIC backing page. + * Since doing this would increase the latency of accessing x2APIC + * registers, instead of doing rdmsr/wrmsr based accesses and + * handling apic register reads/writes in VC exception, the read() + * and write() callbacks directly read/write APIC register from/to + * the vCPU APIC backing page. + */ + switch (reg) { + case APIC_LVTT: + case APIC_TMICT: + case APIC_TMCCT: + case APIC_TDCR: + case APIC_ID: + case APIC_LVR: + case APIC_TASKPRI: + case APIC_ARBPRI: + case APIC_PROCPRI: + case APIC_LDR: + case APIC_SPIV: + case APIC_ESR: + case APIC_ICR: + case APIC_LVTTHMR: + case APIC_LVTPC: + case APIC_LVT0: + case APIC_LVT1: + case APIC_LVTERR: + case APIC_EFEAT: + case APIC_ECTRL: + case APIC_SEOI: + case APIC_IER: + case APIC_EILVTn(0) ... APIC_EILVTn(3): + return get_reg(reg); + case APIC_ISR ... APIC_ISR + 0x70: + case APIC_TMR ... APIC_TMR + 0x70: + if (WARN_ONCE(!IS_ALIGNED(reg, 16), + "APIC reg read offset 0x%x not aligned at 16 bytes", reg)) + return 0; + return get_reg(reg); + /* IRR and ALLOWED_IRR offset range */ + case APIC_IRR ... APIC_IRR + 0x74: + /* + * Either aligned at 16 bytes for valid IRR reg offset or a + * valid Secure AVIC ALLOWED_IRR offset. + */ + if (WARN_ONCE(!(IS_ALIGNED(reg, 16) || + IS_ALIGNED(reg - SAVIC_ALLOWED_IRR, 16)), + "Misaligned IRR/ALLOWED_IRR APIC reg read offset 0x%x", reg)) + return 0; + return get_reg(reg); + default: + pr_err("Permission denied: read of Secure AVIC reg offset 0x%x\n", reg); + return 0; + } +} + +#define SAVIC_NMI_REQ 0x278 + +static void savic_write(u32 reg, u32 data) +{ + switch (reg) { + case APIC_LVTT: + case APIC_LVT0: + case APIC_LVT1: + case APIC_TMICT: + case APIC_TDCR: + case APIC_SELF_IPI: + case APIC_TASKPRI: + case APIC_EOI: + case APIC_SPIV: + case SAVIC_NMI_REQ: + case APIC_ESR: + case APIC_ICR: + case APIC_LVTTHMR: + case APIC_LVTPC: + case APIC_LVTERR: + case APIC_ECTRL: + case APIC_SEOI: + case APIC_IER: + case APIC_EILVTn(0) ... APIC_EILVTn(3): + set_reg(reg, data); + break; + /* ALLOWED_IRR offsets are writable */ + case SAVIC_ALLOWED_IRR ... SAVIC_ALLOWED_IRR + 0x70: + if (IS_ALIGNED(reg - SAVIC_ALLOWED_IRR, 16)) { + set_reg(reg, data); + break; + } + fallthrough; + default: + pr_err("Permission denied: write to Secure AVIC reg offset 0x%x\n", reg); + } +} + static void savic_setup(void) { void *backing_page; @@ -95,8 +207,8 @@ static struct apic apic_x2apic_savic __ro_after_init = { .nmi_to_offline_cpu = true, - .read = native_apic_msr_read, - .write = native_apic_msr_write, + .read = savic_read, + .write = savic_write, .eoi = native_apic_msr_eoi, .icr_read = native_x2apic_icr_read, .icr_write = native_x2apic_icr_write, From patchwork Thu Apr 17 09:16:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 14055167 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2055.outbound.protection.outlook.com [40.107.95.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F372C1F8EF6; Thu, 17 Apr 2025 09:19:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.95.55 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881576; cv=fail; b=fs259cVpYedGfjyN61EmWdq458BKiTNgQt8ZMkGiU+2n/NCcNMkMqDUt+50MQ3CXdSFWJ5UwdDgL5O6y0tO2e68azK8r9ZAp20zlqTtYBe2NVv4lgWEPPDFg98vmw4SchZry2R/g0lIJOTlBpvRXVzLBERdtaXOwGSw821npLnM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881576; c=relaxed/simple; bh=fNWvREtw20UDRUDeaet1hyJW63o9ph+wDCxPj7HlkbE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=OgFdzzuIRxKgymXYUVn9/VaXmXnAdwxLofwAMd84QK/Xfx97yT/xiCo/M7c+sFGKDl6ADL1NIj7L2kZtIZfyP8H5qXYT5FVqbizdrUrdT9UkEsDqmlOsJ7GV6xzqA9WukV1O4xs3VEXDDlcqTMheudKHqV1kUd6/wBTGT+Mm24M= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=QV2toHP6; arc=fail smtp.client-ip=40.107.95.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="QV2toHP6" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ESZ19LPWPF5nMzzUNP40Fhn9esDxpvkBKRhGveN73Ju9LOxb6/4fsIQDlf1UPpHxtLjFnZKCvvBMvpDp04WRXdayzXIMrk+UQ63N1VeuXey5eWtFRY5+w6foLjrkxTzb/x9/KN5RuoIPGTR/q+EAZETMizvf5PvZ9R3H0cYj7O5rKPzeYhtJ9vudrkKSB7TyHs/yjV1uFsPFQu3Q+p8+wO4nLjFh2X7PNJ6ODlT9W0JXRdOZ96yrZQwqpjXsKvChOOf9QB4SlpD/IiN9gQHYv5FmIO3NJ4/vfIRkf71bPM/ng++kdlUmbjdJTimfCA1bP2gedh/YtYjLA3eDGBVLOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zQLaFtxVNJw6R7KICuzkF7I+xkXI00u1GIQfeQRlwWI=; b=pRG4F8AuYkMNjV8rCX+f/2NWjUFmgCg+Xb+p/qxVJ2rKyOY2DbtQgbpKEz/aYljWzuBVD74InPYzzNBA1m9DP3PVlJE8b2F/nYAurxtFAENPmiCAAOk22buyZ2k0zRDXd1BnBCGfVXRDET6OxgGQVngXotrKnK/eP5jnLrRRKxyXinsjlUvEq9V+2FtV8BEbux3ZdeXc5lJZc4/vfzbGeHdXXVL14DcvC7Xfss6XVVoEPp3duzj9vBhbYRtRmt+MbgC8LTzOwN9cWDUHSXWn2SRZBE9y3OUHttFimWSEf9sIA/W31FWw2BK4aoaP9Y5725VkrGo1vEBY8MsPw/pbEg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zQLaFtxVNJw6R7KICuzkF7I+xkXI00u1GIQfeQRlwWI=; b=QV2toHP6wygnshJugFaOqm6oXM6+xPg6e+XRlBgufRmDtgkysdqsyY4hfFV+eRlYnk5+IhmhrMZ/5fAyEPQl3xHMRGN+YyVhH0Ly+/1G67u9kgsW5Cx0Z78AmX3+vYOhrH1Kklxvq7B2jj3rdlMxUzdime6rdKcj6yL+esnUal0= Received: from BN8PR12CA0008.namprd12.prod.outlook.com (2603:10b6:408:60::21) by DS0PR12MB8217.namprd12.prod.outlook.com (2603:10b6:8:f1::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8606.47; Thu, 17 Apr 2025 09:19:31 +0000 Received: from BN2PEPF000055DA.namprd21.prod.outlook.com (2603:10b6:408:60:cafe::4b) by BN8PR12CA0008.outlook.office365.com (2603:10b6:408:60::21) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8632.34 via Frontend Transport; Thu, 17 Apr 2025 09:19:31 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000055DA.mail.protection.outlook.com (10.167.245.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8678.4 via Frontend Transport; Thu, 17 Apr 2025 09:19:31 +0000 Received: from BLR-L-NUPADHYA.xilinx.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 04:19:23 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 05/18] x86/apic: Initialize APIC ID for Secure AVIC Date: Thu, 17 Apr 2025 14:46:55 +0530 Message-ID: <20250417091708.215826-6-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> References: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000055DA:EE_|DS0PR12MB8217:EE_ X-MS-Office365-Filtering-Correlation-Id: 4db76b59-3b3f-43eb-464e-08dd7d90f603 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|7416014|1800799024|376014|82310400026; X-Microsoft-Antispam-Message-Info: 4mPr27xtO+2PTeUMT7fxSgZbKGXRlXb2eHv1A4u1zQq5pEusnYfvYEYVdPo4uTkxi5sRKM+z+o+AMZvNCEL6Xeu3TTkn0NHq2MVBluBTEiVxpbed2wNEUl0zAFRg9g0FavZPRQJ6a5IymNQcVUQUMhrSQ/Ac0V8O8/yA501rl42YTqVkW81VHJA+pJLhHrLuiu5liKOOQKSnSJi1zD4jPuZ0SBkaqH4i0Iy0pgbN5Sw+awbLXxAsbiNl1tG6w3eJkRVedph05LYlDWWaPLc6opS/PHSmm1cRAfs9DOvbykgCCO7O/2eHutvKDv7MDpYq7OwsDMhNf308gjZXXraxYRPusvtiVeuG14voAivrGSxsLi25twuaz0PBHzinutF3ICvtU8wT26nBRD+ZBO0gC7UCrRKPkf1dFrwuKXu1BX72Qqtu7qTi5uFWOhhAo3MKxVx2xU1D/RcO6yVCHYMr8Bckvj6FVF6L8UazRZ8tVTmeKmdlzzGGImxfx0vV8kCrB9bMbJVcqqEqCDImrfH/M99nk8A+c3+8GjyuKfRT3qaX9qHFe8rmaBmi6MLBRS2oudCH1DmVUO8Q35PYvlUWhUZWMildBmpz6DgTa2dhYHB9tLcx6A0iDN8VVckRu2e8/OSDdy89Oexpynxjj5gRvua+Cce/qqeOZ9cmCoZHudqtA8s6K3CMqu0kWSPrsAugdQk5O3sHfcUllG4Ofj2+U+WYyqhHhEpSLWFuCtyIrux2EIrENWuLotWcQWA0BimgB61QKNfDDYMvbROQn8jPC67v5vE2BOvB/9YNvhiskCWDuTHvjnDLbbYqoq9LJxEbZAAuQ+LRluYE6+csK7cZjwSBaz73jbKcEbFYXH+0SA94GOhMzIEDwuMcD1kd5OKVa99DbVsCqio4dZ1OBj2L1766TCXRnaLriMnG2/GxXe9jCdDcEq1YVDD/HiNMvUMg7rAsYVuA73BaX1Yc5iOCmT2tBfuYvmJNJ9AbtEE1VKYVU1D9iOqnvsIU0PSUUtSNew4MxSmvJDjsR+k8rkKa0tOIkwFpSbRX7ZGcVijgOZDWhVm2OHvooGuf5GkjXlJeCxW37X5DbNMLkC/VNK0RCjQFtsVJhxkUd9iY5jBfpGqbCx8k1upe3Q18wDJ5PBNhyNdteSfGSDHJfnddKe2DGCYYrNcRvpm+Qq3/7u0UjhGA4xN/exhAIaJdXMk48C4dA2xgQmZlaywTonrU+sRi9LDkgwu9XlRPlkyEBZDFdViKVmeJkperwkJo/1h3gMXHf+3CfKaRoHXCw32kP6l9e1n5XeR3TcGthzXyioH0R2cuiMS2+oa266NEXVlPCoJShA6ynpDLRUpSxeGroYZLnFkRRUWjtPmuhwkH3qhFcGiq+hfk+O3UbmOeuKdS8MhZj1XxNtMJai23CnwohqfDDMzGOdjx2GH8J+AiCcao18Cq0gsOVbirFHlvO+RRZb4LbBpC9GkocDKSO0qXmCQVQYF6RgKyIEV/vUlM5iG3s4KKlCZBzC/VmL573z+Q/Dwy X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(7416014)(1800799024)(376014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 09:19:31.2228 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4db76b59-3b3f-43eb-464e-08dd7d90f603 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000055DA.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8217 Initialize the APIC ID in the Secure AVIC APIC backing page with the APIC_ID msr value read from Hypervisor. CPU topology evaluation later during boot would catch and report any duplicate APIC ID for two CPUs. Signed-off-by: Neeraj Upadhyay --- Changes since v3: - No change. arch/x86/kernel/apic/x2apic_savic.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index 4761afc7527d..81d932061b7b 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -144,12 +144,25 @@ static void savic_write(u32 reg, u32 data) } } +static void init_apic_page(void) +{ + u32 apic_id; + + /* + * Before Secure AVIC is enabled, APIC msr reads are intercepted. + * APIC_ID msr read returns the value from the Hypervisor. + */ + apic_id = native_apic_msr_read(APIC_ID); + set_reg(APIC_ID, apic_id); +} + static void savic_setup(void) { void *backing_page; enum es_result res; unsigned long gpa; + init_apic_page(); backing_page = this_cpu_ptr(apic_page); gpa = __pa(backing_page); From patchwork Thu Apr 17 09:16:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 14055168 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2064.outbound.protection.outlook.com [40.107.220.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 69E702288C0; Thu, 17 Apr 2025 09:19:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.64 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881600; cv=fail; b=kPoQ8YkaRYq5ToyfKqmLmy+s3KfDdGt7JLzorQK438zfhQnze5YAjNRmJhfn8meVh0QkKZkT1E6gC0M8AWAdd68QbOb0UCvihUL4qRt8NWMgIiElwih0Q6xHuEN1eqBBvi0IFpVHE9Z1umE7tT5CxHaWFy/LhGBxpv5d1NxLFBE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881600; c=relaxed/simple; bh=l67hQth/B3jPiw4KCFmy8syFA5o4eXptYxdkTeBwTdU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=uSU7kbtfoywbYshrEOjyavPrfwnWffy1HKzYUBO5X7wlAeDoStnxllJwZfrelV4PaJDlKgvQUFEJmjat2PPejciWl+VPY4CnYCvP05c6amHhdZ8LrhensIevK36P1Nf5787SEr4vJT/tnJJHW7NCZS3e6ERn9QWCgoVzb5fMveA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=sEM5eo7A; arc=fail smtp.client-ip=40.107.220.64 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="sEM5eo7A" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HA0BDu8lTCrrdYT2dwzpvpaksf3ipAbb+2lo9lVGyTxKZrOWOB5x+DE3nhojhv+CnWTdWe3DwLsavKz93AkVXOGyiOmp+c20/em2lC8612HiyxK5W8+u3zFum9rxb1VwOUJCQEl7Y+1h+TmCHWwTfl6iXyNB+rlBGAXVTlVwkxqK1mFUpyVX0sfMYO46I0ORyOKuoJxsUkofjGHcT8HUHygCD7hcMULSASEwbhUhuavLUbgVIveE/+gtJ+mQmqa+7b9MG8Hg4Bt6RTqcxQFyiUEtoCV4vTgr+nb7Jo7BDwkh9u8R26joUqdZp1f2PYz1Zm8p7w6K6nJW6CGyloZACw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QNjHh9guEw8k0ouLW/Nngcjd3a8lLJLe4G8us86I4h4=; b=tUi+p17pmkVFNrDqgYD8PMr8LIhHl/1osjHtLD8Sk2SE2LA0xII31qBPdsc/7gjqsUe/NMEbKQ19zRYqSLcXfNPRP4koIrWZ1rKYxaxHXUhz7IJJfcgnzE5WAMQu0b3kunhveYsTTtva3zlyQUw6TSAWu9GT82CEyN8Pj6jTy0EmKzBbzBU8y9ssuaPKhunDOYnaziIbbusfoCJU8NRDobt1Y82qk9ftMa2/gMsCM8lxZyw7qWhm3f3HiKxH+8kqY/hYjn2XnYymTcbaw61rx1Yvdi+DxDcqMF79r1gYKrt+Pg3uCLQ+upSbNMiBcUFrUDncRgeHC0Ht7ZB45gy7tA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QNjHh9guEw8k0ouLW/Nngcjd3a8lLJLe4G8us86I4h4=; b=sEM5eo7ANwdGYYPnfFHBkPyt+MZkG4IZUvNSgzk9EWZ+/5aD6b5LbaclJbsHe8OVORmBFcDCCl69NMoSfznPh2Wc8nkjPWhq1o86oYZttlcMbObJs2Wp29d+CvbdBAySc90B11y8LsmECCVZs0DsjWizDrMcxgqw3clacHCCtpU= Received: from BN9PR03CA0313.namprd03.prod.outlook.com (2603:10b6:408:112::18) by BY5PR12MB4068.namprd12.prod.outlook.com (2603:10b6:a03:203::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.36; Thu, 17 Apr 2025 09:19:54 +0000 Received: from BN2PEPF000055DB.namprd21.prod.outlook.com (2603:10b6:408:112:cafe::f5) by BN9PR03CA0313.outlook.office365.com (2603:10b6:408:112::18) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8632.35 via Frontend Transport; Thu, 17 Apr 2025 09:19:53 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000055DB.mail.protection.outlook.com (10.167.245.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8678.4 via Frontend Transport; Thu, 17 Apr 2025 09:19:53 +0000 Received: from BLR-L-NUPADHYA.xilinx.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 04:19:46 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 06/18] x86/apic: Add update_vector callback for Secure AVIC Date: Thu, 17 Apr 2025 14:46:56 +0530 Message-ID: <20250417091708.215826-7-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> References: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000055DB:EE_|BY5PR12MB4068:EE_ X-MS-Office365-Filtering-Correlation-Id: 590c6f4f-4584-449f-1825-08dd7d910387 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|1800799024|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: /kf9wA9JpG7vuiUuAxA0tIxIXSCw1cSgri+S+lqYeTidmgKyRAfCHYrMuFtfi/9ATGBscsPlhhf7sBSzq0iCFghOk4D856jnA2aPJQ+kOxz1eTRHGTXl+W/8+eOr3pR35L8eEggpo9lquMgyopPlrqdejyzdr10QUd6F0WhJhbaXPIoT01nOUjebRGCKmNl5+vnmLPP/DS82UfOdnEKP5jD883D5zZzU9CC10NuTBUHYqETcK1DX/sbhikQ0rByP2uRBwDIYrVAWXQBCPiX5gX5m1Pxe/t8VLVKtwGayD4XQ3oAG00jNaUSOUGSNTHDll+/uTuF/yG1WMR0yCZw3iaLHA4A755UJYim6C3y5SYvddma1cF1nucLKct5uyFqPZPVoiPFt4JhOq/XNUuxBAPlmI7uX5SvcTFlr0iGID2tsknbnOFYIcBsvfc6KVJN47e1pJdAHMMLPPk0Ymot+jeY+KAdM0VziesvZUxy/4BjlTZhuUxyyF0V5x7aqoy87oMNUIAjHlyInunby0rYYRyFf4GWDpTuQTRdGveu77GvTUKJLHiEKxJbUU5qUT2tpNNbtR/1gTXxLX7i+W+EQ7pBEw5BEt7/B/9fh9fXimxMT6ZNn749ouT8B6ofNu09onUgoDAGT+PQlLfLQV68/+My546UmAyql5QgGepjCTobr9BWv4QXp9w1SPWF9ECt0c7CUxSqIptjLIyholsI0oufBLPY6jR0+a4WCkeb+X1Rnc/sktaseoWgkjkp8P/1FIIEK3xk2zqwgI1sGlVBBP+MYtPMvzh/Xz3aAAnT3uKAnpdhtsKB/5TsApL5HXmqpj0TVLFRoZzt+5MYrZoBFSZaEdWQGvbsFM+lIdMUOso7vBtsbqJa2VHkUal6qi97FtQyvbS9ua3RRAwdOUfs5DFmvCwgpVIysvCeNJMhJm6/9+Vs88Vplmx7XEGStAZq/nrf/I1YHmGxJm0TgTqZdHjbM1kFCeUX5S5+MG1pt25y+1md8mGZo5D+wR9tv1/PU/pJsUOjLW5wZGa7kb0tbuJrVl9LZ7jxnLApzdtf59OcAQBQp3iqZnUR3Gkq/F5EVDNS4gVu7YwryWQvpyzEDMx9cm27W7vJ1pszQtbxYuhStMhiuzh7iZoGLm+kSb9gCttvKxVZIQcgPwErpDxCgVz9EpOR5OQcBPX5ufWW377bOIKzhCzGRPdGgBgsC/Ydsv+TwORZrEusyoVaXFOu2DA/EftARrSrlyX3nKPw0fGXq9PDeNYCtVSMohFeuu9gneaE8dpsKucDucTmRWKsz4nU2MGlAdba0ZL6dmt6a/fUFI7ToDuJimIGu+ClbWQCZhrdvk66VqXoMizYILkx/7Xkl41cD7OCX57ALKNXmcUMdA+X4G/bot0OXzeUreWyvXO/S3RaQ2x1hBcQ9ucjw1/N+Q34rKq09pZAv7/jJm36CNJwLKzHaNHldlE4P3xk4gQk7ZvLzskqr0jCLwjcxTUh+o3DKn73GpgmFJRzzwWwdADnL3ZJnkCOpEyq8bZRB X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(7416014)(1800799024)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 09:19:53.8967 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 590c6f4f-4584-449f-1825-08dd7d910387 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000055DB.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4068 Add update_vector callback to set/clear ALLOWED_IRR field in a vCPU's APIC backing page for external vectors. The ALLOWED_IRR field indicates the interrupt vectors which the guest allows the hypervisor to send (typically for emulated devices). Interrupt vectors used exclusively by the guest itself and the vectors which are not emulated by the hypervisor, such as IPI vectors, are part of system vectors and are not set in the ALLOWED_IRR. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v3: - Moved apic_update_vector() to apic.h - Restructured update_vector() in x2apic_savic.c. arch/x86/include/asm/apic.h | 9 +++++ arch/x86/kernel/apic/vector.c | 53 ++++++++++++++++++++++------- arch/x86/kernel/apic/x2apic_savic.c | 35 +++++++++++++++++++ 3 files changed, 85 insertions(+), 12 deletions(-) diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h index 562115100038..c359cce60b22 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -318,6 +318,8 @@ struct apic { /* wakeup secondary CPU using 64-bit wakeup point */ int (*wakeup_secondary_cpu_64)(u32 apicid, unsigned long start_eip); + void (*update_vector)(unsigned int cpu, unsigned int vector, bool set); + char *name; }; @@ -471,6 +473,12 @@ static __always_inline bool apic_id_valid(u32 apic_id) return apic_id <= apic->max_apic_id; } +static __always_inline void apic_update_vector(unsigned int cpu, unsigned int vector, bool set) +{ + if (apic->update_vector) + apic->update_vector(cpu, vector, set); +} + #else /* CONFIG_X86_LOCAL_APIC */ static inline u32 apic_read(u32 reg) { return 0; } @@ -482,6 +490,7 @@ static inline void apic_wait_icr_idle(void) { } static inline u32 safe_apic_wait_icr_idle(void) { return 0; } static inline void apic_native_eoi(void) { WARN_ON_ONCE(1); } static inline void apic_setup_apic_calls(void) { } +static inline void apic_update_vector(unsigned int cpu, unsigned int vector, bool set) { } #define apic_update_callback(_callback, _fn) do { } while (0) diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c index fee42a73d64a..351db49b9975 100644 --- a/arch/x86/kernel/apic/vector.c +++ b/arch/x86/kernel/apic/vector.c @@ -139,8 +139,38 @@ static void apic_update_irq_cfg(struct irq_data *irqd, unsigned int vector, apicd->hw_irq_cfg.dest_apicid); } -static void apic_update_vector(struct irq_data *irqd, unsigned int newvec, - unsigned int newcpu) +static int irq_alloc_vector(const struct cpumask *dest, bool resvd, unsigned int *cpu) +{ + int vector; + + vector = irq_matrix_alloc(vector_matrix, dest, resvd, cpu); + + if (vector >= 0) + apic_update_vector(*cpu, vector, true); + + return vector; +} + +static int irq_alloc_managed_vector(unsigned int *cpu) +{ + int vector; + + vector = irq_matrix_alloc_managed(vector_matrix, vector_searchmask, cpu); + + if (vector >= 0) + apic_update_vector(*cpu, vector, true); + + return vector; +} + +static void irq_free_vector(unsigned int cpu, unsigned int vector, bool managed) +{ + apic_update_vector(cpu, vector, false); + irq_matrix_free(vector_matrix, cpu, vector, managed); +} + +static void apic_chipd_update_vector(struct irq_data *irqd, unsigned int newvec, + unsigned int newcpu) { struct apic_chip_data *apicd = apic_chip_data(irqd); struct irq_desc *desc = irq_data_to_desc(irqd); @@ -174,8 +204,7 @@ static void apic_update_vector(struct irq_data *irqd, unsigned int newvec, apicd->prev_cpu = apicd->cpu; WARN_ON_ONCE(apicd->cpu == newcpu); } else { - irq_matrix_free(vector_matrix, apicd->cpu, apicd->vector, - managed); + irq_free_vector(apicd->cpu, apicd->vector, managed); } setnew: @@ -256,11 +285,11 @@ assign_vector_locked(struct irq_data *irqd, const struct cpumask *dest) if (apicd->move_in_progress || !hlist_unhashed(&apicd->clist)) return -EBUSY; - vector = irq_matrix_alloc(vector_matrix, dest, resvd, &cpu); + vector = irq_alloc_vector(dest, resvd, &cpu); trace_vector_alloc(irqd->irq, vector, resvd, vector); if (vector < 0) return vector; - apic_update_vector(irqd, vector, cpu); + apic_chipd_update_vector(irqd, vector, cpu); apic_update_irq_cfg(irqd, vector, cpu); return 0; @@ -332,12 +361,11 @@ assign_managed_vector(struct irq_data *irqd, const struct cpumask *dest) /* set_affinity might call here for nothing */ if (apicd->vector && cpumask_test_cpu(apicd->cpu, vector_searchmask)) return 0; - vector = irq_matrix_alloc_managed(vector_matrix, vector_searchmask, - &cpu); + vector = irq_alloc_managed_vector(&cpu); trace_vector_alloc_managed(irqd->irq, vector, vector); if (vector < 0) return vector; - apic_update_vector(irqd, vector, cpu); + apic_chipd_update_vector(irqd, vector, cpu); apic_update_irq_cfg(irqd, vector, cpu); return 0; } @@ -357,7 +385,7 @@ static void clear_irq_vector(struct irq_data *irqd) apicd->prev_cpu); per_cpu(vector_irq, apicd->cpu)[vector] = VECTOR_SHUTDOWN; - irq_matrix_free(vector_matrix, apicd->cpu, vector, managed); + irq_free_vector(apicd->cpu, vector, managed); apicd->vector = 0; /* Clean up move in progress */ @@ -366,7 +394,7 @@ static void clear_irq_vector(struct irq_data *irqd) return; per_cpu(vector_irq, apicd->prev_cpu)[vector] = VECTOR_SHUTDOWN; - irq_matrix_free(vector_matrix, apicd->prev_cpu, vector, managed); + irq_free_vector(apicd->prev_cpu, vector, managed); apicd->prev_vector = 0; apicd->move_in_progress = 0; hlist_del_init(&apicd->clist); @@ -528,6 +556,7 @@ static bool vector_configure_legacy(unsigned int virq, struct irq_data *irqd, if (irqd_is_activated(irqd)) { trace_vector_setup(virq, true, 0); apic_update_irq_cfg(irqd, apicd->vector, apicd->cpu); + apic_update_vector(apicd->cpu, apicd->vector, true); } else { /* Release the vector */ apicd->can_reserve = true; @@ -905,7 +934,7 @@ static void free_moved_vector(struct apic_chip_data *apicd) * affinity mask comes online. */ trace_vector_free_moved(apicd->irq, cpu, vector, managed); - irq_matrix_free(vector_matrix, cpu, vector, managed); + irq_free_vector(cpu, vector, managed); per_cpu(vector_irq, cpu)[vector] = VECTOR_UNUSED; hlist_del_init(&apicd->clist); apicd->prev_vector = 0; diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index 81d932061b7b..9d2e93656037 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -43,6 +43,34 @@ static __always_inline void set_reg(unsigned int offset, u32 val) WRITE_ONCE(this_cpu_ptr(apic_page)->regs[offset >> 2], val); } +static inline unsigned long *get_reg_bitmap(unsigned int cpu, unsigned int offset) +{ + struct apic_page *ap = per_cpu_ptr(apic_page, cpu); + + return (unsigned long *) &ap->bytes[offset]; +} + +static inline unsigned int get_vec_bit(unsigned int vector) +{ + /* + * The registers are 32-bit wide and 16-byte aligned. + * Compensate for the resulting bit number spacing. + */ + return vector + 96 * (vector / 32); +} + +static inline void update_vector(unsigned int cpu, unsigned int offset, + unsigned int vector, bool set) +{ + unsigned long *reg = get_reg_bitmap(cpu, offset); + unsigned int bit = get_vec_bit(vector); + + if (set) + set_bit(bit, reg); + else + clear_bit(bit, reg); +} + #define SAVIC_ALLOWED_IRR 0x204 static u32 savic_read(u32 reg) @@ -144,6 +172,11 @@ static void savic_write(u32 reg, u32 data) } } +static void savic_update_vector(unsigned int cpu, unsigned int vector, bool set) +{ + update_vector(cpu, SAVIC_ALLOWED_IRR, vector, set); +} + static void init_apic_page(void) { u32 apic_id; @@ -225,6 +258,8 @@ static struct apic apic_x2apic_savic __ro_after_init = { .eoi = native_apic_msr_eoi, .icr_read = native_x2apic_icr_read, .icr_write = native_x2apic_icr_write, + + .update_vector = savic_update_vector, }; apic_driver(apic_x2apic_savic); From patchwork Thu Apr 17 09:16:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 14055169 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2082.outbound.protection.outlook.com [40.107.223.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 779BE207E0C; Thu, 17 Apr 2025 09:20:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.82 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881628; cv=fail; b=uEwzvRKY3kARR6dQE9IQxfsT1jK1j1MFi1ih75lZF5FPdqtEeAocnDX3dhGoDNAjkO4gQeNMk+BPkHKfB2tpcwR3xZcBizgHj4tjlvwEUVISmnAv5/QKGp+DONuBjsIWp6k72SZf8zjhjrgrzDX4lOl9fxaNRt2/7so/kPJHQNI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881628; c=relaxed/simple; bh=R5y5IssbXHrnWiiBNNK0AaRxQrGAEvQJmqnO5slT5zc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=A5+Y8w0hZIZCrz76i7dYlhTy8NO8NpKR6awIKtok8jvk1ug1KkP2Ej/ygul9RM5d9mRAwal5R4E85wir77xgSnrdVS89hdSEjw+nUknPe7FUOp3VSW54sZt0HuNrJFrqcCeMqiS15lcmArf/3jQviCyt58fNdGrLjQe6wglQRfA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=W2UL2kBd; arc=fail smtp.client-ip=40.107.223.82 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="W2UL2kBd" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=PiJctMoru+nRIlp1sh17hXriE0Kkw/P9PR4omR0UETiuMyK4QevukUDSwD4g3jZ/kybeVMZrgSetkq6WwuGLPI+hqqMlGt5piqmQkbyUypnAl9NSKSQwN7AUvbWfQ13rUw8Aq0CBS+xS5gWC+u5VNQwBiIfqKBs5bJ0+o4eW/keIz2Jyz25YSC9ITtnn2v0OB+iX6RdmMO5yXBHlJl3VJxjoFTr1lD8q1uYNzchmzgGzy2QNJygTPKviZYZMW5skldOj8Ds+/AulPQJJzah59JeHCkExcsMrx+8f0tdmCy3IPM7bQdFWpsWAigZ5Q2D3aWjyurv3v8gUZffu3iRWMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=03+R6ZXFVJeY+h4BXv9xA+UHA8abuabJ/EK8+Edm++k=; b=ECTFLY7P3v9Mc55vtWJiKoW9U+Id1Zyce0konZfWzUfstZCe9ajiCs/J61dE9fS85CLa8PRXaUbNmjveNv4lx+3dEsVPiIsIOoAd8Sbe9EDIP7nk3c8+pcXxT5oGY9Y2UHFH+8Ta/pAWGjVNKmq80JM+rbEd1onBUfI/3JS5NLnCZmnW6yQ1OJ7AUMRZnk2iuG4IAztoEhisWHe2PYpTqc1MQTFZdJg2troamNfZn4Fg03KDrud+WF8/TGK0Yxr/s+hk8clNyXFzz84X0NCsLVA4DzQNC8L8CIAxaHyfhSMTP2qGWMzuWUboxhrmgLoCUEuYbNgeVykeTSEOkiNO0w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=03+R6ZXFVJeY+h4BXv9xA+UHA8abuabJ/EK8+Edm++k=; b=W2UL2kBde6J2HYoCLt65FNxDqAz834rp0vOMcHeienpdEFIZjiAhO7eWJxVAnDW1mEW8jUcGbgQbgxLK6WYoismMpeIgSxu0S5cggF7LAtk8/2jJjCLL/06WYKaPAooRnle72gd7PWdDuLhqyE9Fv0/A1ztFCW5v3NH47IyZ45E= Received: from BL1PR13CA0317.namprd13.prod.outlook.com (2603:10b6:208:2c1::22) by PH7PR12MB6810.namprd12.prod.outlook.com (2603:10b6:510:1b4::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.34; Thu, 17 Apr 2025 09:20:20 +0000 Received: from BN2PEPF000055E0.namprd21.prod.outlook.com (2603:10b6:208:2c1:cafe::5b) by BL1PR13CA0317.outlook.office365.com (2603:10b6:208:2c1::22) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8655.12 via Frontend Transport; Thu, 17 Apr 2025 09:20:19 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000055E0.mail.protection.outlook.com (10.167.245.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8678.4 via Frontend Transport; Thu, 17 Apr 2025 09:20:19 +0000 Received: from BLR-L-NUPADHYA.xilinx.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 04:20:08 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 07/18] x86/apic: Add support to send IPI for Secure AVIC Date: Thu, 17 Apr 2025 14:46:57 +0530 Message-ID: <20250417091708.215826-8-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> References: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000055E0:EE_|PH7PR12MB6810:EE_ X-MS-Office365-Filtering-Correlation-Id: 7ed01ee4-2619-4331-b074-08dd7d911304 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|36860700013|1800799024|376014|82310400026; X-Microsoft-Antispam-Message-Info: 9Rfj4Th0EjTatv3yIfTYB5FyK3p6J1OYxFuF6fYcfkLlNHad2L4uba9q4mexCAwA98CaYZVGlAw/qIJsy2ohYU0llc/Hr5LUay00u2DsISUoXXJfBoL3gZvvc873Cc04kAGFZmmSHQer060GJ/AhmzpqagjAZOkbteHrRu8iMbxt01ZECOoSWE8nlZ8Ly2+Ew2+3mitRnUYIYGzEFtvoSHcbFjFpGLanahJpuxAsGPjwaYwWyEnb2siBixp7lx93giqq7kWo1j21Bn4wgtPq0jt5iXNLWA2rJB6gtzilitufgsR706Z5LmOLap399lbBg2g86s5GVgMgHJQaeHNx8QxcicxDZFfqVMTZb5LU+psca0emsTr4VehE8iIjzWM5TXAk4LnZB8hmQmrys5C5UWNjX5VtDUC/LcFm7cpTlrTYw3ROXPE3ffaTLyviJ3Y2lhSoFKKwjnoFsY/sgL/2Sq2sSm9Uh951ymKy7bRvyB+LTDzvGnnxBwPD/FKP/ekMtN0RTCsqvxEwzzE78v3tfrsg5sBC6P/ZDtcjDVeq5UEPHNaUUwzs3oWT2xxykbFuulPHGzJnovwIwqw1fUfE0spHABZlc8TUrIMt4J+r+aoKszmDIkd188P/FdxbDhUhC/y/eUaPWScJfBR2/+isRffeY9iugdeXv/5i4W0D9kz0BXdwN+4FUaEwODjATvjFB64NxPx2zdA87+Nyxk6j9b73SsuvN5bkI60Elfg7CTvEN/B9FTLZqRyZXqGS7+TpSDi4d4n2LNLWu37RnqwFYJuvK6OMzv1dZ/WmvaPQKiFZ7ZALi/Iysue4+Foeku+IppPjfya/yapSxcSr74Q0ob5l8Ceoux+O6jK5xraRWoxmNVzqdkwOYWbeMQTHjIN35tS6hs0/dohvoZpllgw9sckNs6xCfNE/QgAbD8UtkhnfSnmD0BIgCZkk39ku2J09Wie8BEj+AETpBHU/py+uPC3zDOVX9NQ9lvRaYVXP/9ebdav1VNaGSEQEROXmT4Ye1MDIXf4PWvdF4nq6ooaU9zMNJN1/3pZxAOfNohOWtlg9yWLRpcXzSGquarB3v16ZEIEjayZeswk9uMkwRIhQL/oGQ3QLrZBxCQasYglCwWeZNfmoS+DytDE9WleZqe0t6fVUu5F+rs998lMUKshmL0/TP0oD4ianZ7fyGF0717aCck0OdoAKBjy+TuWpYaW6fb4Ak2jzXO0Pdvg96D815jtKDtaFxGdGnSk3f1gNuR4LZE0hkVqNL6PfCHTuAEAKi1+xXvLF47iEEtmjTumfwmnXJtXCgKqloXfe1AEHwoe6g9I1tVij209j4sWg69woKrDn2OcMrHzKvhIzrgLnQWe6dWj+n1nXgCKKqXC89VycAngqpO/rdZD35k6MoeEZwNIJ4siGZ+UXWe69CFrM7nf/4jW8yS7UHhlIFLA080uKm1H0+JOTLqEDDV2Tuls2m2MIsk/JTPThlLB5HPURtfks7t2txS5IXUgfX8PUAqpmGyQKk6rZh2Q+uWV8gmCs X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(36860700013)(1800799024)(376014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 09:20:19.8736 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7ed01ee4-2619-4331-b074-08dd7d911304 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000055E0.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB6810 With Secure AVIC only Self-IPI is accelerated. To handle all the other IPIs, add new callbacks for sending IPI, which write to the IRR of the target guest vCPU's APIC backing page and then issue GHCB protocol MSR write event for the hypervisor to notify the target vCPU. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v3: - Use guard(irqsave)() in savic_ghcb_msr_write(). - Remove "x2apic_" from savic's apic callback names. - Misc cleanups. arch/x86/coco/sev/core.c | 39 ++++++-- arch/x86/include/asm/sev.h | 2 + arch/x86/kernel/apic/x2apic_savic.c | 135 +++++++++++++++++++++++++++- 3 files changed, 169 insertions(+), 7 deletions(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 6046a325abd6..603110703605 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1382,14 +1382,10 @@ static enum es_result __vc_handle_secure_tsc_msrs(struct pt_regs *regs, bool wri return ES_OK; } -static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt) +static enum es_result __vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt, bool write) { struct pt_regs *regs = ctxt->regs; enum es_result ret; - bool write; - - /* Is it a WRMSR? */ - write = ctxt->insn.opcode.bytes[1] == 0x30; switch (regs->cx) { case MSR_SVSM_CAA: @@ -1419,6 +1415,39 @@ static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt) return ret; } +static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt) +{ + return __vc_handle_msr(ghcb, ctxt, ctxt->insn.opcode.bytes[1] == 0x30); +} + +void savic_ghcb_msr_write(u32 reg, u64 value) +{ + u64 msr = APIC_BASE_MSR + (reg >> 4); + struct pt_regs regs = { + .cx = msr, + .ax = lower_32_bits(value), + .dx = upper_32_bits(value) + }; + struct es_em_ctxt ctxt = { .regs = ®s }; + struct ghcb_state state; + enum es_result res; + struct ghcb *ghcb; + + guard(irqsave)(); + + ghcb = __sev_get_ghcb(&state); + vc_ghcb_invalidate(ghcb); + + res = __vc_handle_msr(ghcb, &ctxt, true); + if (res != ES_OK) { + pr_err("Secure AVIC msr (0x%llx) write returned error (%d)\n", msr, res); + /* MSR writes should never fail. Any failure is fatal error for SNP guest */ + snp_abort(); + } + + __sev_put_ghcb(&state); +} + enum es_result savic_register_gpa(u64 gpa) { struct ghcb_state state; diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 4246fdc31afa..2056e7be41d0 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -521,6 +521,7 @@ int snp_svsm_vtpm_send_command(u8 *buffer); void __init snp_secure_tsc_prepare(void); void __init snp_secure_tsc_init(void); enum es_result savic_register_gpa(u64 gpa); +void savic_ghcb_msr_write(u32 reg, u64 value); static __always_inline void vc_ghcb_invalidate(struct ghcb *ghcb) { @@ -572,6 +573,7 @@ static inline int snp_svsm_vtpm_send_command(u8 *buffer) { return -ENODEV; } static inline void __init snp_secure_tsc_prepare(void) { } static inline void __init snp_secure_tsc_init(void) { } static inline enum es_result savic_register_gpa(u64 gpa) { return ES_UNSUPPORTED; } +static inline void savic_ghcb_msr_write(u32 reg, u64 value) { } #endif /* CONFIG_AMD_MEM_ENCRYPT */ diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index 9d2e93656037..d3e585881c5c 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -7,6 +7,7 @@ * Author: Neeraj Upadhyay */ +#include #include #include #include @@ -136,6 +137,17 @@ static u32 savic_read(u32 reg) #define SAVIC_NMI_REQ 0x278 +static inline void self_ipi_reg_write(unsigned int vector) +{ + /* + * Secure AVIC hardware accelerates guest's MSR write to SELF_IPI + * register. It updates the IRR in the APIC backing page, evaluates + * the new IRR for interrupt injection and continues with guest + * code execution. + */ + native_apic_msr_write(APIC_SELF_IPI, vector); +} + static void savic_write(u32 reg, u32 data) { switch (reg) { @@ -144,7 +156,6 @@ static void savic_write(u32 reg, u32 data) case APIC_LVT1: case APIC_TMICT: case APIC_TDCR: - case APIC_SELF_IPI: case APIC_TASKPRI: case APIC_EOI: case APIC_SPIV: @@ -160,6 +171,9 @@ static void savic_write(u32 reg, u32 data) case APIC_EILVTn(0) ... APIC_EILVTn(3): set_reg(reg, data); break; + case APIC_SELF_IPI: + self_ipi_reg_write(data); + break; /* ALLOWED_IRR offsets are writable */ case SAVIC_ALLOWED_IRR ... SAVIC_ALLOWED_IRR + 0x70: if (IS_ALIGNED(reg - SAVIC_ALLOWED_IRR, 16)) { @@ -172,6 +186,116 @@ static void savic_write(u32 reg, u32 data) } } +static void send_ipi_dest(unsigned int cpu, unsigned int vector) +{ + update_vector(cpu, APIC_IRR, vector, true); +} + +static void send_ipi_allbut(unsigned int vector) +{ + unsigned int cpu, src_cpu; + + guard(irqsave)(); + + src_cpu = raw_smp_processor_id(); + + for_each_cpu(cpu, cpu_online_mask) { + if (cpu == src_cpu) + continue; + send_ipi_dest(cpu, vector); + } +} + +static inline void self_ipi(unsigned int vector) +{ + u32 icr_low = APIC_SELF_IPI | vector; + + native_x2apic_icr_write(icr_low, 0); +} + +static void savic_icr_write(u32 icr_low, u32 icr_high) +{ + unsigned int dsh, vector; + u64 icr_data; + + dsh = icr_low & APIC_DEST_ALLBUT; + vector = icr_low & APIC_VECTOR_MASK; + + switch (dsh) { + case APIC_DEST_SELF: + self_ipi(vector); + break; + case APIC_DEST_ALLINC: + self_ipi(vector); + fallthrough; + case APIC_DEST_ALLBUT: + send_ipi_allbut(vector); + break; + default: + send_ipi_dest(icr_high, vector); + break; + } + + icr_data = ((u64)icr_high) << 32 | icr_low; + if (dsh != APIC_DEST_SELF) + savic_ghcb_msr_write(APIC_ICR, icr_data); +} + +static void send_ipi(u32 dest, unsigned int vector, unsigned int dsh) +{ + unsigned int icr_low; + + icr_low = __prepare_ICR(dsh, vector, APIC_DEST_PHYSICAL); + savic_icr_write(icr_low, dest); +} + +static void savic_send_ipi(int cpu, int vector) +{ + u32 dest = per_cpu(x86_cpu_to_apicid, cpu); + + send_ipi(dest, vector, 0); +} + +static void send_ipi_mask(const struct cpumask *mask, unsigned int vector, bool excl_self) +{ + unsigned int cpu, this_cpu; + + guard(irqsave)(); + + this_cpu = raw_smp_processor_id(); + + for_each_cpu(cpu, mask) { + if (excl_self && cpu == this_cpu) + continue; + send_ipi(per_cpu(x86_cpu_to_apicid, cpu), vector, 0); + } +} + +static void savic_send_ipi_mask(const struct cpumask *mask, int vector) +{ + send_ipi_mask(mask, vector, false); +} + +static void savic_send_ipi_mask_allbutself(const struct cpumask *mask, int vector) +{ + send_ipi_mask(mask, vector, true); +} + +static void savic_send_ipi_allbutself(int vector) +{ + send_ipi(0, vector, APIC_DEST_ALLBUT); +} + +static void savic_send_ipi_all(int vector) +{ + send_ipi(0, vector, APIC_DEST_ALLINC); +} + +static void savic_send_ipi_self(int vector) +{ + self_ipi_reg_write(vector); +} + static void savic_update_vector(unsigned int cpu, unsigned int vector, bool set) { update_vector(cpu, SAVIC_ALLOWED_IRR, vector, set); @@ -251,13 +375,20 @@ static struct apic apic_x2apic_savic __ro_after_init = { .calc_dest_apicid = apic_default_calc_apicid, + .send_IPI = savic_send_ipi, + .send_IPI_mask = savic_send_ipi_mask, + .send_IPI_mask_allbutself = savic_send_ipi_mask_allbutself, + .send_IPI_allbutself = savic_send_ipi_allbutself, + .send_IPI_all = savic_send_ipi_all, + .send_IPI_self = savic_send_ipi_self, + .nmi_to_offline_cpu = true, .read = savic_read, .write = savic_write, .eoi = native_apic_msr_eoi, .icr_read = native_x2apic_icr_read, - .icr_write = native_x2apic_icr_write, + .icr_write = savic_icr_write, .update_vector = savic_update_vector, }; From patchwork Thu Apr 17 09:16:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 14055170 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2073.outbound.protection.outlook.com [40.107.94.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2819B229B32; Thu, 17 Apr 2025 09:20:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.73 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881647; cv=fail; b=cpoUwaJO9TAL++ZtLx6e7bI/CwPU9tRc5T8PErgiBbd3eE94McVOR2SPT/MvrOodOQeXDLtZFhwWRfvR538YZI/hZnSQsHLKZF66dVEQslWxDoRRU/m/Tx0bg8SvtVInT5LZn4oZZ+PLnvkCWg420KL3cqVeGBv75Z+d7kO+kNk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881647; c=relaxed/simple; bh=W+MzOeOpn4LxWMK3WZt4QJPDbPmTBAsV+DEMkFH2vKQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=gsWZZgiMCUV2PTivzuEtD/pt95G24Bb+YqKRn1CnT9BQW0iAhJzU/QDFPF4LtKnak5VG7tYRYD6qcKgFq78twXDJF+TNPpq5IMvMmf/ge3ADTmFIQNHViB+nY4mDYi/P1m4CW88xszEEshYzFFl1nx8YE0JZDHs6tuDruPXvh7c= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=zEvcp4Ai; arc=fail smtp.client-ip=40.107.94.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="zEvcp4Ai" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HYolLw8hrH3tHwO3F0WOoQcAQA2nfHghHJPf3vVp5w08AVw/h+hTYdhS4aQ78FQt2+tP39GO17ncIvpkpeAKn4K+mMWv2g9CyKjZS4NnkbFwObUBC9yDuusMmtJS7n76MnBmnwXN2rFNHl0PLv9aCtU/7bu4+uGEoIvVyhQpheJVXlfONR/W/FqSxy1IcLQDBxwLhgJt0c9fGhcyI1gnGTRprnxR/OWhYtAYD4feC5Cq6ZOhIbLI7mB59bsYzTuZ1GYzBfx6K82Q5pesXkQjAj0PqFwTuidgjTAxEasX5Fgp14O79FN43diwkGGAuAYggd71Tfm9T/wSHknm2Tgk/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9iyhafnf+VaVROXOo83oyrQKc88VdUTQtIy93Xjxb7I=; b=yBKKZqRkWre00J23phyZY+oxvS/aJVE/bVpE9j/tq3GUCA3RmyAy5GMCUpW+muxBY5GJmWu24Jm/qcvM7aFY0v+TC7Ht94OqmV52/i1dBkI3F0wFoJ5428aZygpbpf+pU++gK/P1trgSCda/mcNmQpKQ+zqs2xqi9uJjjDLMF9YkZholkCs21Jw+jX+jWDtpbrzyGY9jjaQYNbqgg2cRZtPtacRsN/8YVs2zG/dM2Bi71/Wgt0g+6jGpj8CftpcTLJQWhQhbPrCnwsiC1iJMkn6LkXtGbMxv9i850gLsUvp16t2fzE1sIqMt3dRSMZ63RzBJnldfBt2kLwf/vY+PFA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9iyhafnf+VaVROXOo83oyrQKc88VdUTQtIy93Xjxb7I=; b=zEvcp4AiB018GjXwg2+EKOTe887YitSXD8JrkTh+/MHx+q2Wpt7jCL0aZWuXMG1TMZlMv7ZAE7jouUZYAaN9+mwjIaQQZJAbOGVcBa/8UHDfvA4uCqUzdNwuU5iBY6lBSalPPJWTaRO3tLKkDnkmL/+WbBQokxZ7iNON1bdY/a0= Received: from BN9PR03CA0189.namprd03.prod.outlook.com (2603:10b6:408:f9::14) by SA1PR12MB5615.namprd12.prod.outlook.com (2603:10b6:806:229::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.32; Thu, 17 Apr 2025 09:20:41 +0000 Received: from BN2PEPF000055E1.namprd21.prod.outlook.com (2603:10b6:408:f9:cafe::df) by BN9PR03CA0189.outlook.office365.com (2603:10b6:408:f9::14) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8655.23 via Frontend Transport; Thu, 17 Apr 2025 09:20:41 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000055E1.mail.protection.outlook.com (10.167.245.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8678.4 via Frontend Transport; Thu, 17 Apr 2025 09:20:41 +0000 Received: from BLR-L-NUPADHYA.xilinx.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 04:20:33 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 08/18] x86/apic: Support LAPIC timer for Secure AVIC Date: Thu, 17 Apr 2025 14:46:58 +0530 Message-ID: <20250417091708.215826-9-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> References: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000055E1:EE_|SA1PR12MB5615:EE_ X-MS-Office365-Filtering-Correlation-Id: df5044e6-6c18-47f6-5037-08dd7d911fec X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|7416014|376014|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: 7BSvfJjsCpp/F4RntKOeIX9y8kNvkcy5rMfAZOBulCCQRFU+/XYMF8eoAQlOY1BX8p/UobDAZzTmA3Vsnm9B+0VYrNWhNrPpcsxii2cvGzuwlvVOhjKnim+nd6sZ2qOfStivwzNcRoMmB6guKvx+GmkCN50DKiKc/q4Cc5f8REQ+BEc+AmHqS2pHTGkjNUxf7RlxO9jroHLoiU27+9aTPW4eT9hidX9HkqbFYiis417HgVXkYRkBgcNrzXe8Iljm9mSr+j0L9bZdgttT3RYZyqu+ocBy76wwOMvJNfUa2rKw/wqIq6YSUSLI7hTyAMtdop9sRCxodkjtPlt2zchd6UX+uPtH7yArFNWQ3v6DlP+OYk9SyG7WqLuJksbdW7Mo2tSuh/dgSbJx+nMMnZNxI3dZvEEMlAKoPOTxhOwGJDCwE5Tr4fFd5Q7y/Aj4mRmC5OG4iz5SjVl4XgsCpswVma4kuk3y/3ljeP5xFNgR55FetyFJuIVxkH6CGoSh/J/I3hiUne+Uvx2EKqNkJNBpX3eUxORXEakEdQlKcs12eBmerLnD+05xT03jzJL1XrANRwMmHWQ8XxinRBdAiSgbfMW0+mhIoBsib2bTm8H/RBR624Ph09jdwyxnukuqpdhbLLfKhi0uZWzEuvYctkeE7MIDGbmpA3mjKssyCQc2dMCZpv2UUpk5FTYyc2880rk7TVFSEkqb7DW1QM674Skng0tZXw8/7tEcW5LKt9AHVzlavNVNR6ucu1Fm44an0XG1DI6pGzH48nvqJh/rkdQ3kVcwoOhE6Kc2E3B929GWLgnhHoa+Nw6h9DmwSUlcfCQGzW9vpgNoQvxKXAWmMzVOrDig/Lu86L/kkQLGbcJikLP/oEOe4/7kJpqffoWhuS/rFsxX1lkrp2gCSRlS2FAziWZPtlH9oAAJMbT+9BTG1BtEzX6XiLbq1VCO+IJUMR+ZBAFj0RVXvwMdw/9i/dStKsAiYw9TrR6750NydH/G6CRbdKhoeVfHB54IL6SYsbAuFPjtckqQElGScmyCMqjN14eSdqGbCMV5XCgTKNiZqKCBPcHnPXcNbZ/p6rweJuboZRz6H67iHqi8JVVmftU2n8l7T+VJRLGA5Q1qdeae04RRaE3rr3XBVnPWqpBVgUNEXC2ndDR8uXbdav08nzMgPatcFemfOpamcysPEpLNNTtINE27KQMQLvTGMGcF5/Ij5ec4KtkBF2YxyHW6u42LSB3LF0KVvHld2aX0sw7NfIzSh3lXYy1q2xkD4N2vS8huxjoQyzcsmE230cYMe1z06nM0sDGrz/WarMZmulZ8Nu+ZDgK9ykmFilZMBGb1ErPV9cl0SDKWTxlGdsQsm1JYlYtKCQ8TcC0+6wVU+r/5+HWQ+/QDZURdrwDjEkCeG25haTiX41DexA7iP9nEgg9uJLgjqIaohQeM4f7xLmD5qm+C+aO3tjYh+Iqp1W5sGrkINpEZ2bb7I1jlNHdwwYse5YLguGrWq9lXt5op/jw3jTq8PaUqzBEG50iORMNxAz24 X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(7416014)(376014)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 09:20:41.5359 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: df5044e6-6c18-47f6-5037-08dd7d911fec X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000055E1.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB5615 Secure AVIC requires LAPIC timer to be emulated by the hypervisor. KVM already supports emulating LAPIC timer using hrtimers. In order to emulate LAPIC timer, APIC_LVTT, APIC_TMICT and APIC_TDCR register values need to be propagated to the hypervisor for arming the timer. APIC_TMCCT register value has to be read from the hypervisor, which is required for calibrating the APIC timer. So, read/write all APIC timer registers from/to the hypervisor. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v3: - Remove apic_update_vector() static call. - Use guard(irqsave)() in savic_ghcb_msr_read(). arch/x86/coco/sev/core.c | 26 ++++++++++++++++++++++++++ arch/x86/include/asm/sev.h | 2 ++ arch/x86/kernel/apic/apic.c | 2 ++ arch/x86/kernel/apic/x2apic_savic.c | 7 +++++-- 4 files changed, 35 insertions(+), 2 deletions(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 603110703605..aa335e0862eb 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1420,6 +1420,32 @@ static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt) return __vc_handle_msr(ghcb, ctxt, ctxt->insn.opcode.bytes[1] == 0x30); } +u64 savic_ghcb_msr_read(u32 reg) +{ + u64 msr = APIC_BASE_MSR + (reg >> 4); + struct pt_regs regs = { .cx = msr }; + struct es_em_ctxt ctxt = { .regs = ®s }; + struct ghcb_state state; + enum es_result res; + struct ghcb *ghcb; + + guard(irqsave)(); + + ghcb = __sev_get_ghcb(&state); + vc_ghcb_invalidate(ghcb); + + res = __vc_handle_msr(ghcb, &ctxt, false); + if (res != ES_OK) { + pr_err("Secure AVIC msr (0x%llx) read returned error (%d)\n", msr, res); + /* MSR read failures are treated as fatal errors */ + snp_abort(); + } + + __sev_put_ghcb(&state); + + return regs.ax | regs.dx << 32; +} + void savic_ghcb_msr_write(u32 reg, u64 value) { u64 msr = APIC_BASE_MSR + (reg >> 4); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 2056e7be41d0..fab71d311135 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -521,6 +521,7 @@ int snp_svsm_vtpm_send_command(u8 *buffer); void __init snp_secure_tsc_prepare(void); void __init snp_secure_tsc_init(void); enum es_result savic_register_gpa(u64 gpa); +u64 savic_ghcb_msr_read(u32 reg); void savic_ghcb_msr_write(u32 reg, u64 value); static __always_inline void vc_ghcb_invalidate(struct ghcb *ghcb) @@ -574,6 +575,7 @@ static inline void __init snp_secure_tsc_prepare(void) { } static inline void __init snp_secure_tsc_init(void) { } static inline enum es_result savic_register_gpa(u64 gpa) { return ES_UNSUPPORTED; } static inline void savic_ghcb_msr_write(u32 reg, u64 value) { } +static inline u64 savic_ghcb_msr_read(u32 reg) { return 0; } #endif /* CONFIG_AMD_MEM_ENCRYPT */ diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index 839397eab8fc..bad60bcb80e7 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -591,6 +591,8 @@ static void setup_APIC_timer(void) 0xF, ~0UL); } else clockevents_register_device(levt); + + apic_update_vector(smp_processor_id(), LOCAL_TIMER_VECTOR, true); } /* diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index d3e585881c5c..69605e14ab75 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -92,6 +92,7 @@ static u32 savic_read(u32 reg) case APIC_TMICT: case APIC_TMCCT: case APIC_TDCR: + return savic_ghcb_msr_read(reg); case APIC_ID: case APIC_LVR: case APIC_TASKPRI: @@ -152,10 +153,12 @@ static void savic_write(u32 reg, u32 data) { switch (reg) { case APIC_LVTT: - case APIC_LVT0: - case APIC_LVT1: case APIC_TMICT: case APIC_TDCR: + savic_ghcb_msr_write(reg, data); + break; + case APIC_LVT0: + case APIC_LVT1: case APIC_TASKPRI: case APIC_EOI: case APIC_SPIV: From patchwork Thu Apr 17 09:16:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 14055171 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2047.outbound.protection.outlook.com [40.107.101.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9D05D22157E; Thu, 17 Apr 2025 09:21:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.101.47 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881678; cv=fail; b=M96zuhm8n+9wMbXMavOQFlzhlSIWw2p53BeLF74e2obu1VS/hhd+MJFSbc1JOFJxi+HrYUu9oECJ1F4+x1ujrGDZO4t1xsnWTq7bF3LpWP2dhGO54a4UxO78JCRmyUnoPf0qOiv7CdpxTJh9G0M5SKeKDwMERypYqgF2j+aC42Q= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881678; c=relaxed/simple; bh=pbjpfQzXcu29JKuwee1AaV4NRF/IoF+aN5GBRPYSkBI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=QysuwmqjVvI6XC8S9bjA1bn4oLPPWa/V4VWvGLBIsFlUuI5X1kayLkUfYpWnZdIvaZWfmUm0UnbSn1+0fE6FXYCHyhMh0DKdYbZ96fsmT6moSGV53fK9Fx6JmC8Wkrh4nNmTIc/m1SZWDjgyjRvETsSmpKl7SkJcdPhF9b5ioTk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=q/1rYMU1; arc=fail smtp.client-ip=40.107.101.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="q/1rYMU1" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=yDN6PTw+Ai2RuAHobI8pNbQ8WTAr4R4MpxJvfV1viPb9RhL/8tYgTNe1kC44SIjjn5azM0XYBNxHlt5g65ENiZpdrIENB5XzbGIe4K3ulybOiaPa1+4H9dJt3BHsV/UE3Hd0OSEeFOSDqrM3sNfC4qcfnjU+mjJkZRakV+o1NxbvxMBOuCyrsWqHY7Trm4FnC6UDFAEQn+ClvT3s6S0mbzVsU5EPAnjagBhhHcnEtfa4owXJ+/K8gxNGz3EL04mHA11TWCU/x+AGCDwpfODTcRlzDrF9BWMFCdzES3hl/ziJpNBEcdJu990T4zR7mQeNtg8ch227O7flckKWsm7Hqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Kc28jYkv8xSQJq7KIOd9MGrBpSr/JUcs7Ps/camOaw0=; b=xvmfXXZilYigxAwOQAUoeJ07r4BO+vt5nWX/Sktq8IT+5I2EHdYntXsF8ZHfU1ycChUn1FXwSTjPGw5FDYzGABX398BV4LQDkJieo3UKAhPZrYUFkxIxAySCUj7CY/o0Ps//SjXiOrajDA/SqTpPN0XmTp7GR/uIzGsKz0A2+RyQB1yfFpqGdhfaJ5KbROyHWcLavL+Q3KqR8vLaSYxJ/4BZcQ9zIcocj48f/2RCblJxkdwNfMXMTKR5aFPQill8tX4Cwfq4VypWGzbKIgWVwMAGArKqaEP7u9GA0ORzTy0rRvfx35t+PyQOHWcxBWDK84MXcoy6Lr/KaOoV1ZPbvA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Kc28jYkv8xSQJq7KIOd9MGrBpSr/JUcs7Ps/camOaw0=; b=q/1rYMU1avfDWkNuyWx5YKPX2/e0N2AT2iiD2NGct5Zv6iS4TUvAWSYwMFEn5AVDS3iqpDoTV2zRzSTZVksoGwkgOZ1tjqgO3g/HH8fqs9HIXEdURFbR7gvgw5kFs/EHZMFa4uUjwzX/6kmWiJEnllvvEnbjlrDud+OoP0E7TYY= Received: from BL1PR13CA0315.namprd13.prod.outlook.com (2603:10b6:208:2c1::20) by SA3PR12MB7880.namprd12.prod.outlook.com (2603:10b6:806:305::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.33; Thu, 17 Apr 2025 09:21:10 +0000 Received: from BN2PEPF000055E0.namprd21.prod.outlook.com (2603:10b6:208:2c1:cafe::7b) by BL1PR13CA0315.outlook.office365.com (2603:10b6:208:2c1::20) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8655.10 via Frontend Transport; Thu, 17 Apr 2025 09:21:10 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000055E0.mail.protection.outlook.com (10.167.245.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8678.4 via Frontend Transport; Thu, 17 Apr 2025 09:21:10 +0000 Received: from BLR-L-NUPADHYA.xilinx.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 04:21:03 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 09/18] x86/sev: Initialize VGIF for secondary VCPUs for Secure AVIC Date: Thu, 17 Apr 2025 14:46:59 +0530 Message-ID: <20250417091708.215826-10-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> References: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000055E0:EE_|SA3PR12MB7880:EE_ X-MS-Office365-Filtering-Correlation-Id: 0dae7f62-c91e-4041-e101-08dd7d913149 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|1800799024|82310400026|376014|36860700013; X-Microsoft-Antispam-Message-Info: cOt0rxd6WGLoRhyWPGYrZ8RDg/wYnC0jbElUBHzhawZlfmMfZBPy6lCa9MChOEnT5WkDJUZ1nHIdC5ZjUufGfCxZa2oky8Thi0ZoROk3+OnoW92VOttamFukS1XZA2DVnzjwCc+AalkiasVbNQRObbpBTaw4+ns9w9AurGSk5MNGfAV2Jreo8IdEfM0+JMe61ibn3xqLpX381DjKSQ+GplNH+6wVX1/j6wOe/VqRKEh60oVRUkYAzyk254QobDKk903s2dKyycKilQNsuvWrCtbl6irNREySyHjwJCCqXjFdkrZweNPQA5mInezAWBz33RXJ+1/5i9ye495mzjbqmlli+TC5b0e64Bm4LSI3ZV/5cXHuxNhY92utOb+PSAsdmv/47pNeO1dze5aNxO3doGdFE5wI4FQSm5bXbCdXMqCkOZjdZwEoiUfhCxKxP/+I8up7qi9c4Jt07iDuAgMMtZhyKJ/3NS87vFsBq0eca0fu1xOjtMpTRYjbz4SSjipixcZ0/kTsgABnGdr8cZg4jSiZdVIkxo+bHUwvkK4V5oaxfXdq0XVptp6+d54YhyyoG0RFzyAXsN7RZ+Kt6YmWDD7Y1+Mi/l02mciwXD+UPuZawJrgVw9Rfum6qBx+6wjR0dephq8cq0INpUOxZliN5WvOx5jpuzlIIsFSbSfsysV4kCAWd/dtJE1/XgBeRpAhB1N5J920jgzdd8SCwh4wc6B8dI41PbFmugtmGWhWDuqc4OHgecgTLE/wypKXh37srKJMvnPeMX/KVjldj6oYBjnRlHak5Q2d2DxLmfgHSsuqX9iPhxaNZnsYTjA3m4TQbCOpC0LwptQruFvnnFkcYJ5tlv/uyn5RVvtSWeYRxOWOMpRlIIVjXQWGOr0zjhEjd9DGlKToo7sC29hctvt+W9Zvu8lJ6vj1hujdQUyewO15eHFldM/SLmbdZHISMb5x9hUvdC5Wqf9ruWayHU0/DiRoI1WFKtgw2WG287XVjg1tzwJ/vvEXX+HhnvoFstKhrNF3RYefVoj1vJJmydHGxPUugO+PT+0WJ6PGG9LG1GA2Hzw00T60czj/p8gQefIT1e+k8gMByAYdzWef3TRemsCl48PVJvUegl4OZ1S1mlgwAE17QMi2+g0a41Nx+smv2BkvfFP5yAsNy7DZjEfoCXpnhSdKtiBB6sZZZO7FtutLfJLcuC1nPBqEEq0LM78gtmT981MWtCpbk5Zr0TL/cb1X5o1mIwUVKwEg6sZHdyXW6baJD+Kdp3G2eHt7OgGHbIWh0RdQPq0KddGLW5MbnJTaa0EOhwVpVseE6zWudKuGrWEWkgVM5VG2IeC7XbgraUE2PQ3I0S2HwSPhKs0Axc9dxZWyglB1fDBE7+s2NxOkSqNOep33u+pfuOiril3R0KxdjqXaYZix/mcmGpVe2hUauqpySnplVAyFITnluoWduL8hsN+TOrF+Gl/DZxGeKBpFP9e4kOPRnILkdk7vEZ49oW0A+HnlIML4BQKtyTOWhldSZq7W65NfU/Yggi+z X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(1800799024)(82310400026)(376014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 09:21:10.6700 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0dae7f62-c91e-4041-e101-08dd7d913149 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000055E0.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR12MB7880 From: Kishon Vijay Abraham I Secure AVIC requires VGIF to be configured in VMSA. Configure for secondary vCPUs (the configuration for boot CPU is done by the hypervisor). Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v3: - No change. arch/x86/coco/sev/core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index aa335e0862eb..7bc0c036b4d7 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1188,6 +1188,9 @@ static int wakeup_cpu_via_vmgexit(u32 apic_id, unsigned long start_ip) vmsa->x87_ftw = AP_INIT_X87_FTW_DEFAULT; vmsa->x87_fcw = AP_INIT_X87_FCW_DEFAULT; + if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) + vmsa->vintr_ctrl |= V_GIF_MASK; + /* SVME must be set. */ vmsa->efer = EFER_SVME; From patchwork Thu Apr 17 09:17:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 14055172 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2058.outbound.protection.outlook.com [40.107.237.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D68422A4E7; Thu, 17 Apr 2025 09:21:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.58 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881705; cv=fail; b=KDgdt+wjCCKn4aUxF/Uv0YOh3ylLx4rzNmK6Ekxl7AK9z2vk7xlFvZ7Dn5NB8SvuchPp/Hgawhmc23M9UzFIQxE7N7wGApxTNYDQ1x+Ld51WmhBQ23GVFp3IVyKQU7ozbIPfkxWG3I5E5X34tv4UQmlC83obma77hTVt9e4qstE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881705; c=relaxed/simple; bh=fw9ycN7xdX3YmvK4F7PfW5fTkMXJTyvQhn7VU4MTQ9U=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=jZ1hs1Gcc1o+h6ZUxVsOIBHnH+FnkWungSIZTijeGrZ4C/OQcfnAjf+MPZ+WIt/3WmK4yEq7YCU/hiKOk99c2PvsTC0JG4u7mniGXvKIKjCnYhYGKo1RmYoJk4ERV4DOsSzc93wf0AU/KX9xGTzlmSwG2w8e/h2whxiVlEIuNEA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=NOSTyeRY; arc=fail smtp.client-ip=40.107.237.58 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="NOSTyeRY" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=PeXHAYIwliTnIDxlnsv0HWwfvczJGSMhrJ+INOGU8VTF93ZvVbq3B6F4n7VOEZA68Un1l+jz8VCWkXT4L6Eltq2gho0USqEgcMhLd0FIKEzwK49rfPZmuYKwZBHlRMhbFnjOAwEEQY1IfYorNkZbMriIXO0Uh9MyWGBYVXX8c7mmLlAeribZJ6ksSrmgUjPaXSzFW0ICFQ2bIqXPAJFfzs6h5UD1nl4h7QSIbbCsI53qgBQZctri53iFdgfG9BbkN2JJk+Tz0t9eKxgAyhBH2JEixkBiyJg9Qb3QMHyNicpc6km3OXc/C41KpxiR8R4UHTqUoOdkZunNW4G9VfeLTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=f7oHUGFEeAAC3CgTO6eOYU7tdNrve33ha1cWck4McTw=; b=TN/Nh2QxfQJ+dSY/ZmhKZVG8rY0KNUTPfSNlQAJ0nitdB6T8K4GfFPXcz+XfPKwCrO+kPgfF7/Wa6OtUEi3yzIeDYM40WrWDefT0FpBUcURWD8oMW93ZNZm1Y2Q0BDGdSMjbw4Q+XFf9ekzdLIMw3MyXSAKPR/OsIEo437748Rdo4M2xR0XkQvXkVHvn8H9h9xMNFZc1NLyNXkDsmDAX0fkb65nBe1dFsZd0yfCcXlo60/Uo3/9lw1mFoRiDn7xHpTv7vKm6VXWvxusf8wIlk0p2XdaVa8NLdSw7RBtu632z+A8wOqcevMaX4fwvHg/81cvkheVuurlzXVW9ioQ4Fw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=f7oHUGFEeAAC3CgTO6eOYU7tdNrve33ha1cWck4McTw=; b=NOSTyeRYxRAUPwFeeFYsnVYwRZU6pLSHH7U8poWaxd7rzWdUUXnUb2OLwfW4VgWrEsTGTMHA3tLw4Lfid0WY+DS5Sb8Yk0qcbDmhaFu83sekN2bZ5jK9jCij3Qcih/bh1hBAI9UloiS30bu0Tmpk09H6bz+hAScK4y3ac7JO6gU= Received: from BL1PR13CA0405.namprd13.prod.outlook.com (2603:10b6:208:2c2::20) by DM4PR12MB5961.namprd12.prod.outlook.com (2603:10b6:8:68::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.33; Thu, 17 Apr 2025 09:21:39 +0000 Received: from BN2PEPF000055DA.namprd21.prod.outlook.com (2603:10b6:208:2c2:cafe::4a) by BL1PR13CA0405.outlook.office365.com (2603:10b6:208:2c2::20) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8655.12 via Frontend Transport; Thu, 17 Apr 2025 09:21:39 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000055DA.mail.protection.outlook.com (10.167.245.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8678.4 via Frontend Transport; Thu, 17 Apr 2025 09:21:38 +0000 Received: from BLR-L-NUPADHYA.xilinx.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 04:21:30 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 10/18] x86/apic: Add support to send NMI IPI for Secure AVIC Date: Thu, 17 Apr 2025 14:47:00 +0530 Message-ID: <20250417091708.215826-11-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> References: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000055DA:EE_|DM4PR12MB5961:EE_ X-MS-Office365-Filtering-Correlation-Id: 78af5559-2407-4054-d04a-08dd7d914225 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|1800799024|376014|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: NLshjzIBD2jbGSS89Oq2DPsXKXRyxQTZdOeIhXzALji3n0Xi35yu/jXJKHlwHljidvilqLazsUsazwS2o9ORd22itHR4MHcLLDsuELCMIkUxRzQzxgnxnMRSk9cdXjQAbooSNMBWQ3RPd3vD8ErjZjFBfNHi1o6vYSQYOiULd9EkaMJLErsPwSuvtcyCKh8XG0g7Y0l7JpAyYFIl0O6rwtPstoqPGLbOiuZtM4PGtR1n2v5ShvUhYL2B61lROykzz9bWwctRtSD2b+y+KkV6NVaISW8Z4hFrkYdUbjt7IdgnqjvAVabKujxnj0wcSnEvscgj9a4bdECC+TztFnpbQuovCyxy2QYzTbMigWaKiGaGGv5I6kSYJIjqbYb2V5Ljwi6FnX0qSdNEqMtQ7UzUKak31g2Stq2ck60Ugg5csAUEkdNWPf8dhiS6lXAj+Wwvo6ac5bobxGmSbpJ6fYK35QSa2CZWlMvLSPubO2lujRe8W307WZ77uz2NB3NBdhHYO+TIHWK81BjvEAtY2KVhSsGFUlhBcgq1siIH6OoWvCuttGDKDStgErfUegOUCS4svUjVAiOtcc+Xj5P6uRmC6d8owxdbO6WpjBbk4IasS8eREMyBEal8VM8iI8mfUd6gyNGFwuz7GisisFXfK/M7S7E8AXnhv5Zxpm4Stg6nMzXFhZxezzFPGVWjqdK1CDbWvcFdc5aYa6qrnj67Ga2o+GVSBbKj85ESi1vYbo3gF3tqEy6GiubvQ+Gx6z487LH92PERlEZRjdjS41JnFqEgHLiUiyjqZfg3VJEnryfdrVZIpLTM1H0TPH4NaO1Pace88y8C7T3XiY2OydoILL1Zc9rH6OfRZeGMt1waAa3P8SIltpjek04Bc3uYh+KMbU9wdPLoPTyrXzPF3q4DCvFst9CD3kRUF+JBOtD6dbOu8LtrR9lke+05mt3FO8QEN4kBPtypZCvEX2HEmXf8rTf6pnfQ8aNIMiDFYrDi1RFuGWHAr0UdhXPCtxaNacuUCHQj5h2kxIjTIdA3qEBobfZEoL0w1TsKWWBGD5eUQ/oEtLwO/W/3qVePATxVCPG2+vTWhlQis0ECFY15GJl36ZCb838tFl6rqAcu5QPj3rZLE7LEEw+KLhOL0U/KcD75tINlj3D8qRQ7FpnlRHMDmlmGMfLxbluudJmpi8Eg9rY5UwmJIVGJKmzLJJ2Uq9Q9xK4OV2ODTjRiRMkQCJ2ouz3tvPyGGPBYtvgZCCaYvyzjKiNta2XjM40TqplvahQiTk6OPOQLxGSabgYLzgPoNKomEXeTVhA3CA9ExTT4EUbwn4BGlFsOZ3EYIEEf1eKbLi50W3pXU79PNGVvaAWbjrlgw9k5QFLnql55M++DC6CIi90ilr7ibpxD+GeSxqFZVpIpMBzjuTsrWQsiGfGxpjtonAdW7s7PdeR8KOuyFQBSjwTRZnzHlWfBswdgXfuF80m6lVvQ5PruG/eoc+rUx08upf5PyQK9YOVBejzJeyKvjOcnMf02ra+YF09YmZomwZKg X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(1800799024)(376014)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 09:21:38.9284 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 78af5559-2407-4054-d04a-08dd7d914225 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000055DA.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5961 Secure AVIC has introduced a new field in the APIC backing page "NmiReq" that has to be set by the guest to request a NMI IPI through APIC_ICR write. Add support to set NmiReq appropriately to send NMI IPI. This also requires Virtual NMI feature to be enabled in VINTRL_CTRL field in the VMSA. However this would be added by a later commit after adding support for injecting NMI from the hypervisor. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v3: - No change. arch/x86/kernel/apic/x2apic_savic.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index 69605e14ab75..c95a61109183 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -189,12 +189,19 @@ static void savic_write(u32 reg, u32 data) } } -static void send_ipi_dest(unsigned int cpu, unsigned int vector) +static void send_ipi_dest(unsigned int cpu, unsigned int vector, bool nmi) { + if (nmi) { + struct apic_page *ap = per_cpu_ptr(apic_page, cpu); + + WRITE_ONCE(ap->regs[SAVIC_NMI_REQ >> 2], 1); + return; + } + update_vector(cpu, APIC_IRR, vector, true); } -static void send_ipi_allbut(unsigned int vector) +static void send_ipi_allbut(unsigned int vector, bool nmi) { unsigned int cpu, src_cpu; @@ -205,14 +212,17 @@ static void send_ipi_allbut(unsigned int vector) for_each_cpu(cpu, cpu_online_mask) { if (cpu == src_cpu) continue; - send_ipi_dest(cpu, vector); + send_ipi_dest(cpu, vector, nmi); } } -static inline void self_ipi(unsigned int vector) +static inline void self_ipi(unsigned int vector, bool nmi) { u32 icr_low = APIC_SELF_IPI | vector; + if (nmi) + icr_low |= APIC_DM_NMI; + native_x2apic_icr_write(icr_low, 0); } @@ -220,22 +230,24 @@ static void savic_icr_write(u32 icr_low, u32 icr_high) { unsigned int dsh, vector; u64 icr_data; + bool nmi; dsh = icr_low & APIC_DEST_ALLBUT; vector = icr_low & APIC_VECTOR_MASK; + nmi = ((icr_low & APIC_DM_FIXED_MASK) == APIC_DM_NMI); switch (dsh) { case APIC_DEST_SELF: - self_ipi(vector); + self_ipi(vector, nmi); break; case APIC_DEST_ALLINC: - self_ipi(vector); + self_ipi(vector, nmi); fallthrough; case APIC_DEST_ALLBUT: - send_ipi_allbut(vector); + send_ipi_allbut(vector, nmi); break; default: - send_ipi_dest(icr_high, vector); + send_ipi_dest(icr_high, vector, nmi); break; } From patchwork Thu Apr 17 09:17:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 14055173 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04on2075.outbound.protection.outlook.com [40.107.102.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 827A918BC0C; Thu, 17 Apr 2025 09:22:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.102.75 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881727; cv=fail; b=EjVpTVzb/AxqHKcy/7eZXrxe6rP4eK/SX0GnZPe0c5lCo+SLEHZniQ5tgs8k57tWD0F5N1pPSr4h+7tv0vvrAKbtv3pl5JvbEB65YakSrfZnpYgz6cDxHYsWj95tf33qjN3Dy0o3KVVwLGaYSi0fAeChNvW4hThpwFY4hhlZStU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881727; c=relaxed/simple; bh=oNRvjdBJc+w7VJvMaYvWXGQiv1FHluveN1RvObAg4GE=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=eBmkdVO6rackfZ+B3I5TWP+kC6uQfpYILVNEmWANLkBhavsczDg0Hgv5lALgAyUgX8paKzhPM2ff+j3gdl1MhXg3mQxWvvTarqPpbA6uM8ymKZb8dpLMsNLZI15b5gw03/JOeiJENZ5mi6+qu8ah5iBWePYG0dtj4YeBZo3ntkw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Pkk5Rzve; arc=fail smtp.client-ip=40.107.102.75 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Pkk5Rzve" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=gEEBk7TLJo8wDU+elC/P7oZFeH3XXy+OKylRYSMzX0Uz74y7d3fQVRWyM27cHc7Uqg1rFmoVQ4gj0n+MiJkx9SpgGC0/+FBlq2ZtQK3yvAdRQQYpre9fo+gQgyJSk7zw7WEp+E9kUYoroAGsaogcFe/103r8FProU77XK9u2BBAGQLKpgkJ+MxHbl4Bno+lI1YzdH06PbBwUnt2qDZo9F7UzD/T2drcwmTAdFe52dKPVRq5MDzGp4a3NumPiOmPSIAcW3moSf/sn7z482InM2Ur3QfWTH1S+oTlIKqG9alCRjSopMglmLJeDjfJcJauwVPPWTRyDDCtWX6ztR6qy9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=x46n83GaWQtihXUGPNPb7NoeGnreKsHi9fZuCNcVZxU=; b=Csrthlwm0nrRuulfV1kWQPJjsQ+AxDI1dDDvZwnRYVKfLs/hYFhJrU/RKRfnV+ra34naakhpoUTlWxt/5zgkLV1u7+fapGJHEG059Kaxh6zMS+yW2psVLEV85igckW4RmfYRg1BQky+IJRs1KUKxkwPTjhaTa6N3ZMGkdgAnzX3gvP0Bv4RdB6XJkb7hp4Ix3dbk123X7PwW9k0jZXShSk8dUvTB1z5qzu7Gbrh0QCQoTZ0bkuThpMEyKsQz6BPI7KRmPEbHeD5kconRrKlk68OEUXTPmtSgHIC3TtPo4r5n1JDj2//tAbdZymLllNSDDd2R7FojRphr70W8kZBRzg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x46n83GaWQtihXUGPNPb7NoeGnreKsHi9fZuCNcVZxU=; b=Pkk5Rzve5nIPrsUJo8+J/+VkbMOKR3P6qlVOKmLXr/NnM+OQxkchB07h9lwtq/EgYS/EizdGTTdqkMDdkNZ6rZZ2koCGnBSwPYeptOkxF2FusDFivpYONWW2Rz/5VWwQTqKDP0hRKH/SjnfPbLye5M7oVDWZzKRJz7VTw77w++k= Received: from BN9PR03CA0386.namprd03.prod.outlook.com (2603:10b6:408:f7::31) by CY8PR12MB7361.namprd12.prod.outlook.com (2603:10b6:930:53::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8606.34; Thu, 17 Apr 2025 09:22:02 +0000 Received: from BN2PEPF000055DE.namprd21.prod.outlook.com (2603:10b6:408:f7:cafe::85) by BN9PR03CA0386.outlook.office365.com (2603:10b6:408:f7::31) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8655.18 via Frontend Transport; Thu, 17 Apr 2025 09:22:00 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000055DE.mail.protection.outlook.com (10.167.245.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8678.4 via Frontend Transport; Thu, 17 Apr 2025 09:22:00 +0000 Received: from BLR-L-NUPADHYA.xilinx.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 04:21:53 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 11/18] x86/apic: Allow NMI to be injected from hypervisor for Secure AVIC Date: Thu, 17 Apr 2025 14:47:01 +0530 Message-ID: <20250417091708.215826-12-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> References: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000055DE:EE_|CY8PR12MB7361:EE_ X-MS-Office365-Filtering-Correlation-Id: f8d2bba3-c861-4e80-97c5-08dd7d914efa X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|7416014|1800799024|376014; X-Microsoft-Antispam-Message-Info: 8zF7aH6sam1shDzSCAUzIK8zk8g4u/HuDbccEPScfxYKgcC6Zmwk0bqJhp5uROo+rS3x/gmZ7uEZplSrRpvD7tJgbEPvb5F4vfrJ3IZbt/wR1xnky9EWaSqn2/CiysznmnW4LNK75dG73QWmX2ZrUbVV6uOOc+e+AfoKNbk5DNnI5ZWqkjSLrnBIOICrJcYv8DrdDxSZq7Dk4nffVqLrfk9oHMDk+1d1jcTPuT0Awki1f8Z9kgYWJ7hw9pO9Jr6ZxIypASaxyTl8SCe+mQYFXiY8yjC7BOF+kHN94c/siXUdrJc/NonoX+1fUlug5JJtQ3NBTbhIKXhDCueyLuaLsqEsqgkZ2KF6X8Ce/JmidIOUs2SvuY5hRe4wH6oqQh4Zgxy7CgoTSh0i/aUrJMenCUu6b/GgCMHXhZKKxvZ4kiRNBabk2J+QBcLGqbbiCFaOflTDPGTf99SQInpt+5aizZ5GTmcQ9nf0o0uyEzIyJAHEr/sC1wGCjDcqAkK2SnehJylSXthf2o4KxtfAgEUK02oUZDVUylo0FQEQ+2n0+A7t9RgWBnUvrPe8km52VM8PVJ+gtIMgVFsfzoGUG0fMQUjEdnFEbf2t4Xz2qz1FTzHkOIdrXhcZ187sA3R9LE0lI6g+yEN4AbeY/K5IbNRrCZlX8s0qD9LjEulXQveGANN9WmtAvxI6jHfIvuA6+eVN+BzTyqhI0zVMa7rsZ6oaUL80OaaB+WMANaNWqWbc24XLi8GdP4MKb0rAPzVCDfaf4krTxQImiM8VG1ZQGXCfhm3rLtdpsn9SrvaKrC1MU9UjRCZhKwvMXXKL92OuOQj/VBO8I/q7hSMu6LZUbteyjDqaqImTLXqrOhnuSyJ0F5Y96e55VY1uwPyPZ/YZr1v0YkZr5CYzXqW7XbtBe/eF3cxzKrImxFEkzcLbOkmjsOVomAD56DQyCYBtPP00M9SNsR0LjNB7IhV986d+nG7g5Zi3lGYAdulNMps+xGKE0OvDEe5ySP2attn2fPrnAc7rX53LcvAjO031HIiIuhfRWNU179h+Ufz70OFyBSis5x6n3Aol6U71zR9EfXSuXJsbh30heTRxSmJm+KQUxUJApX97FX8LL8ZEgRl9yo2DBqqnNn/p/1TJKtc6fuFBG51nY5KD7GlLGFLwEH1pFZidfXjB0FI3PcLnuUKEhdxYtoS9NyGqbKv2qhQq6UePwysLapz63c+XrVBP8bUIOc9cLZCMLjCRPO9tVYw+aC98Beux3TPWaadRRFco9EGcvvdc8J0nopw5mQ0gRtuWnzL8c1tpvAK1N5h+4IiGjbsfvQ90BED41l69tE2m++hvXxe1cpGwYJfTnalZuNUVzVSR1EOoEepPeZl3gHwKzmFvpTXBQyhIYqH+KLex6M4qLs40yokaJ212sDtFN0uLbNxeOx912FxEc4uo3Nc0Vlor4xzCxzkuxSCDWhCPM9PrwzRwQxl/yR6LISt4RG2rZXCZDknMHzKa1De/ZRxNuvWktDY1/3HdjV2xcNyh6PvnsoNU X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(7416014)(1800799024)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 09:22:00.4822 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f8d2bba3-c861-4e80-97c5-08dd7d914efa X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000055DE.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB7361 Secure AVIC requires "AllowedNmi" bit in the Secure AVIC Control MSR to be set for NMI to be injected from hypervisor. Set "AllowedNmi" bit in Secure AVIC Control MSR to allow NMI interrupts to be injected from hypervisor. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v3: - No change. arch/x86/include/asm/msr-index.h | 3 +++ arch/x86/kernel/apic/x2apic_savic.c | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index d32908b93b30..9f3c4dbd6385 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -693,6 +693,9 @@ #define MSR_AMD64_SNP_SECURE_AVIC BIT_ULL(MSR_AMD64_SNP_SECURE_AVIC_BIT) #define MSR_AMD64_SNP_RESV_BIT 19 #define MSR_AMD64_SNP_RESERVED_MASK GENMASK_ULL(63, MSR_AMD64_SNP_RESV_BIT) +#define MSR_AMD64_SECURE_AVIC_CONTROL 0xc0010138 +#define MSR_AMD64_SECURE_AVIC_ALLOWEDNMI_BIT 1 +#define MSR_AMD64_SECURE_AVIC_ALLOWEDNMI BIT_ULL(MSR_AMD64_SECURE_AVIC_ALLOWEDNMI_BIT) #define MSR_AMD64_RMP_BASE 0xc0010132 #define MSR_AMD64_RMP_END 0xc0010133 #define MSR_AMD64_RMP_CFG 0xc0010136 diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index c95a61109183..552581ce6b36 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -29,6 +29,11 @@ struct apic_page { static struct apic_page __percpu *apic_page __ro_after_init; +static inline void savic_wr_control_msr(u64 val) +{ + native_wrmsr(MSR_AMD64_SECURE_AVIC_CONTROL, lower_32_bits(val), upper_32_bits(val)); +} + static int savic_acpi_madt_oem_check(char *oem_id, char *oem_table_id) { return x2apic_enabled() && cc_platform_has(CC_ATTR_SNP_SECURE_AVIC); @@ -351,6 +356,7 @@ static void savic_setup(void) res = savic_register_gpa(gpa); if (res != ES_OK) snp_abort(); + savic_wr_control_msr(gpa | MSR_AMD64_SECURE_AVIC_ALLOWEDNMI); } static int savic_probe(void) From patchwork Thu Apr 17 09:17:02 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 14055174 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2077.outbound.protection.outlook.com [40.107.236.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5186918BC0C; Thu, 17 Apr 2025 09:22:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.77 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881747; cv=fail; b=n1hWIgfI5QJYlpepu2imAkBV7G7srDkp6toroyhtATAyPGA1wEa8v1QQpYKy4g6oWhDPUvTEqGp81xIT8KJGwdyN7L+n4VJ5LTeqR/OmSuZJKApwMU/hglEk3YK0CsLrnz1O4f+VeT3gwj8buwDOq0T7G/fu0vuKXDKBubAUzvs= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881747; c=relaxed/simple; bh=RxnnllWctx340IZ0MgDpBK9EP05R0fwWLcE8mkDEvL4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Qg/tBSWXoCXYl/tbUO5k/uCWTsm3OqpF7KOP+fKEpp3+ys4Hz3N1DNddzbWzBXdhDbAO4ylAKXFp5w6SnuFVfnldA3Xn99svtfdcBt2Mtr8nDFaNhyZRQPXaX/32y+R8MnycdZxJvqUMMSQwzKaaAD6p26b4A55seSynEsEet+A= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=3JLavZj+; arc=fail smtp.client-ip=40.107.236.77 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="3JLavZj+" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=IQibZro3fvXDgyCwKZVbM2uaMlNTQhRrwi2/60F8lcLFYSKqmJQZ606ch+TMzzg+0B2h8nlo3iHSASQAc0QN14Imt88GjIflWtLpxrqcNnQM79dz1+Qg/WQpQ9JTyjoD3wpCI0Q98sJgAfgOSeYFHE+6xYaVpFd4bwMXS8RYYPOW9msknaKjtiTfhclcHYMHuVvSGHjEpjHuLx4jX2nxFaE43uMKd5IlZjSEAcLRk2Y2oiWAE9Hl9SNuWWQJk42yx3kM1py198qX81F/d40R1dcSRioYMYUw6vaV6RpapiOOuKpaKihCTrgCZT3IaIz0Q/xFxyVlnr2JTLWP0ziY1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8x8EiUUDtWRFp8MtS6o7SPnkYamkIROUUFTvCiqEP5U=; b=oiiAtojgxYNMM7F+3TyWbk+tTjwUmSKGuxcsLT5/jl+dw0RkfvWWekrAd9/30rV3GYhuV6gid36PBfF8Slr6QCqpvyI2z9tG5VkpYEcc6H0GF6VI/ESVwrVNRvZ4ypIpCFQyl5A4U4GWXmVZ9WBCMTrWh55rUJOkkvEdSKm1iRxRY/BRgCMUx+QBNM+g7CKqtOEhNStHOK0wNcWRcNb8lLvD5O4kHRgKScz9Wj/Lj5k5fxrnmrMyw8USd7k6gqLzDVGpy7uNwGPI2K5XJi9RN6SmcKB9AnfiMAMd1qH79nBLUsinXEfYlz/ciSYS9zYMeITVIdrVeBlFYc6RZNsqEQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8x8EiUUDtWRFp8MtS6o7SPnkYamkIROUUFTvCiqEP5U=; b=3JLavZj+ns9zbPEf8SXrVA2nnfLjnS+gqA0aZAUE3kA+yqUipv2mh/pI3F8SN8bIQKG3j+mzYHFJg7GTtCEiK7YaRzzTUU3Ab64JBaohIigzLm5XkLyVaI/69PGjh/C61kwCw6s3LBZ2iSl749khn2CuUPW1/XDqOEEF0C8q66g= Received: from BN0PR04CA0021.namprd04.prod.outlook.com (2603:10b6:408:ee::26) by SA3PR12MB9157.namprd12.prod.outlook.com (2603:10b6:806:39a::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.35; Thu, 17 Apr 2025 09:22:22 +0000 Received: from BN2PEPF000055DC.namprd21.prod.outlook.com (2603:10b6:408:ee:cafe::c3) by BN0PR04CA0021.outlook.office365.com (2603:10b6:408:ee::26) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8632.36 via Frontend Transport; Thu, 17 Apr 2025 09:22:22 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000055DC.mail.protection.outlook.com (10.167.245.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8678.4 via Frontend Transport; Thu, 17 Apr 2025 09:22:22 +0000 Received: from BLR-L-NUPADHYA.xilinx.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 04:22:14 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 12/18] x86/sev: Enable NMI support for Secure AVIC Date: Thu, 17 Apr 2025 14:47:02 +0530 Message-ID: <20250417091708.215826-13-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> References: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000055DC:EE_|SA3PR12MB9157:EE_ X-MS-Office365-Filtering-Correlation-Id: b0580662-0755-4289-0407-08dd7d915c2a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|7416014|376014|82310400026|36860700013; X-Microsoft-Antispam-Message-Info: F0FtZFLfuolAGNuHc1YawM5OXdz90kSUfYW9ckZKFT+/mYkHmcwfN7/r2FiHk/SGyENfr+vXQDSMD9SWQQzcYdgarJrLVdEUoGLpzbnm5BFhFaySG7AxcuTC4X88WG6rHgaxlzDe9WQ+tJ2GN+9HIcpGrrQyxuJstB/AIw0dACeokhfZ/PDk/sX94uCNoAkRV0vjlYABS5m1jGUq24Hms2Stnzqkf95we2/2lde5Vyv50IQJQM6nyzjOclji04mBP6vLr+HYjvUmlDNtYfhMP/ivyBEX95LtTU5JmVQORl0pPSVGAoHSBqqJugRrLdaZpSIz6R6j2y4ZhPq474bdSNLlBZ5sNPSCGI/wS0SK7SbHKvvxTitSat/Qdk8jLJxL0a21zDgZwMn8bjur3MbYOR+DTWUxl2MgXaEFFthqq5WW1LaS9xaXU2LkKc0qOzoiUUcLorgeXwk9xKO/s69zozB8TJFcTfI2tv11vQYMkHU/w7TIdG8nYCHgSHdQpqKEkZPIeuyIneJe+I4UJEq42NkgScTZqg5PwqkzedpANsjBHqjhGzv82R1aClkyvx9WWkeBCZyttfY8Mq3/w0eP0GOj+nx7znehyCwsnlnlugTfkaQI24GvEA/yaGRfo146NE5cm15LdepBj1oyNfGG8rGp+Sm6aFTAazI/e1fuZV59zPebFK6z1u1iGd4BjfJFtyIASzNt+yDTjyf0JFBn/cEhpi0K/WNO6pZzJnjkCMLzn0CDC70conT6cO1hkKbfjEeGZKAkPwm7NaQYDsXFoyIb5dmZb9RzXohwgmmp7vCbvBa84R+nzkRWJxp4xHP6iCWgIkzysDiSW0ckEIsjTHVEN05O/20ecoXxTTvHyjbxr6Qdx/uNJSAm63FJwgjbvYKDdGVNn9ZzjwW1SIXFWVAyI5jFXJtpZgC73XzX3GGOnQ+A2INEaz1wt19fXPyEyQ/rC5YmLe4huYqboNV3BtlhPQoePvZf7HhBRq0/OZjvAggFuUXYyM1eSMhF8rBnaQqqcbOJlxufgvzpiGrRhx4f3aAzv/VH7j8Azku7oJTzkacr9mpsTURSRJzudbLSgR/31YBVzy5gki9FPcyqzzYDTY9EZD4DSt9jEVz96rUO5wFmjSSnG2+LdxHaZwkw44+vaHUS1WVLI5JlZwHxrMZPcLfDMygJUjZ/60SfV83AUXUiXWRqNbanfQ9GSO4UoONRRQylWeuOOF2RATmYxO/GLoZHrgBHF19doqPv1mFT0Bgrj/F104TvGW9HurPN5dYJEbDppLmV7Dn6vs2zLSCi+Qj1eFKbRJa9R7cGUEx4d1NmP+0GcLad6ngKLsHjOcYIdhRUZEc4g/pgxoLy3MlhkSqH4V9jNktN8F7unioDLiInN8Uz06/IK6xaWU7fQH/TW0Q+jpLPnYVxxw1/ek0M2PKzBXN9F6ZkOQoDqD9JBxG9rum9SUG/1dGvtRk5j0eWh9Lf7r/DaUWDih72sPc104L3HaUfxaJB2IIsiBoOioC5JSMyPxy0/3pKXArf X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(7416014)(376014)(82310400026)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 09:22:22.6050 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b0580662-0755-4289-0407-08dd7d915c2a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000055DC.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR12MB9157 From: Kishon Vijay Abraham I Now that support to send NMI IPI and support to inject NMI from the hypervisor has been added, set V_NMI_ENABLE in VINTR_CTRL field of VMSA to enable NMI for Secure AVIC guests. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v3: - No change. arch/x86/coco/sev/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 7bc0c036b4d7..1dcd40e80a46 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1189,7 +1189,7 @@ static int wakeup_cpu_via_vmgexit(u32 apic_id, unsigned long start_ip) vmsa->x87_fcw = AP_INIT_X87_FCW_DEFAULT; if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) - vmsa->vintr_ctrl |= V_GIF_MASK; + vmsa->vintr_ctrl |= (V_GIF_MASK | V_NMI_ENABLE_MASK); /* SVME must be set. */ vmsa->efer = EFER_SVME; From patchwork Thu Apr 17 09:17:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 14055175 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2072.outbound.protection.outlook.com [40.107.244.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C36361F8EF6; Thu, 17 Apr 2025 09:22:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.72 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881776; cv=fail; b=e9A+1fj4FxKjAAOPC3S799+a2NGLJs/EM3rUXLCRZSlVkdF3BNt8RnhWlVSkF92yRKBtk4zDek0sIxkk6pNnqfz7/cP/y+SzojJwRJjDJnPMBM1OMlyTHRia5AV0Tp0wn9SocBk1EA/OL79a7WkqnD/99sg9UdgP/Gj8QcWjFeE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881776; c=relaxed/simple; bh=xEUvlrXk4EWRwYXFn10rQBgpOBmW6WQ3Kf9l4qY67dI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=qRpW8mABGxsXbWTBoRRO2VYyiiVuSYT31pTE2g/ynyycuHk5BxiZf0UzBUgKGRO0P855D5hgWKc2eDuvoG/2BphQFv62rsKdnIhueHcROtIQICuiWxtOyarH5hPvQ3mtCfiniJwWYTJUC8LYnK/aLSQSObLbMHFk02we2hhYZHc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=St4OBVdn; arc=fail smtp.client-ip=40.107.244.72 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="St4OBVdn" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=am69RBdfkWt70aiMDURMg30plX2Nv8CVwgGHEoDax0sUPjNxtCayHEv+3Jvg0ty2e/YLz65ZvR6jyYyV+aDSHmkyMwEXD/urfb0PN/WBh9oNQw9bKqvthM0hLTmkEcVV6ODdLq0Ucfo/qYmSlldHxIsnMt1bhVB43GBu56LL3YrDWSoBPr7j2UQut0vzzijrGyTYqdQNEcfUt/1wZjBruamPrPgeoAREILOe5BnZp8spe7TEYjvgSjZID3KIXroYRAfY+QmTmAxnyakH21x+OPU77zIOBUCrEa332Kt9mO/vWQbfX1ZkZO0nrI+7JpcM7Og+DCmrzE7MKP3QCr5fxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nP7Jxd0pGvAFO7x3fzBXjfGdpFy6E6CXUNlASVE4e+U=; b=EoLRx/A8WySw7SPwRh/kN+P00lXerXccIOovzCl5MEU3xlR9kOAObM4dZkOKv571FFsxMWVnvldcufq3Ps2MtxpRM5H2a2OXLw2s2IJRGzckYd010mvVN6/3H1YM2ALatQI0BELEPFWKhGha9YHOwtSHUakv3QnATSWz6XKr3B0am6USaC0bK4QGFKQcIb04S0uZvkOg0abdo7Fzi+DVdZ72UuCOqZ1rsifr9UrXG1Dkb9tcJgdzkeKDkExpPdRrJqRc97Ec4aDJUhqlc9+ED0lhKE6NdeAlj2rnRmczE7qRo8tDLfwqlwD35AFZ5lLA+1nHC5E9J009nRt+Wa0+aQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nP7Jxd0pGvAFO7x3fzBXjfGdpFy6E6CXUNlASVE4e+U=; b=St4OBVdnI07u+g9gb9QyFB6NRlqsjIYxIvJhM3OOgSnNvQ4OjcWutmfiKgfSpQd8d3B2ctgJ7bx7jQmZUh+2uGvLWqsheY8TgwWmc0g2EuMK5Jm9pj0x9DKSRlZzupeT/B1qzK2D+/H8NhqTv0SL+EqzwM77iZzREPRY+UmZ5xU= Received: from BL1PR13CA0019.namprd13.prod.outlook.com (2603:10b6:208:256::24) by SN7PR12MB8104.namprd12.prod.outlook.com (2603:10b6:806:35a::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8655.25; Thu, 17 Apr 2025 09:22:51 +0000 Received: from BL6PEPF0001AB53.namprd02.prod.outlook.com (2603:10b6:208:256:cafe::44) by BL1PR13CA0019.outlook.office365.com (2603:10b6:208:256::24) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8655.15 via Frontend Transport; Thu, 17 Apr 2025 09:22:51 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB53.mail.protection.outlook.com (10.167.241.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8655.12 via Frontend Transport; Thu, 17 Apr 2025 09:22:50 +0000 Received: from BLR-L-NUPADHYA.xilinx.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 04:22:41 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 13/18] x86/apic: Read and write LVT* APIC registers from HV for SAVIC guests Date: Thu, 17 Apr 2025 14:47:03 +0530 Message-ID: <20250417091708.215826-14-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> References: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB53:EE_|SN7PR12MB8104:EE_ X-MS-Office365-Filtering-Correlation-Id: 1b27debf-d942-47b3-7a4a-08dd7d916cf5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|1800799024|376014|7416014; X-Microsoft-Antispam-Message-Info: WJjpTBII8OmNEWziZ28ZB4scftVNqxEtQcJDpK/58Yyztpup40upnLvtRySG4pEiTudk/Ku3ZzhfeBsL1OZ3j0cuQMlwWGvHZMLnm71N1IqOlFsYqYzkA6+AC3Jts/YN3c9YegXzUUJk7KBnAjaUSUZT5VHSEUAA95ulNW39C1gllbCmch4fWFW0TO2Zrya3Qb3t0EXmyDfI/Dt+w2wJfIVoCSCWoxrGmYelcDlefo5n7g3Fx50VChnbZS4IZoK1ftKPKBvWIM0FSiyrI8XgFg93of5YopcgoJunUfepIuO+PBz9bont0iWwvOI7AlgLWAVA1p/q8/TBmA15t0y7rrVOkjHwCLTXZOOQsrfpvJUEHtkuN6gJqE5g0DwmCA3QTCMoLewouO/+Aqc99H61yBpVyZoVlDpPcJGazbJvxz4m4uWijcKTi0IGmIS02Rs9dt0FkK5Dkfs6t6E5qxmcC/aywUHXUE30RQXNFZyAUO8kdHj/lMLMUsfN9vGkHuYt8aLylxjhr7uqb9g7wEFGb4N8DjNf9EYTe0W75gLsBXTT54bZnH//4WZqvOOJhujU8XfHSzpxxtpOfRrmbo4SlQwOe5s/k46pMMQOGjeYsfn/spJshS4ogRQMCa4zg+wPIBgM9b0ZnLBwtPcbaxrRjlynIbieYk0KmPrBCh/7GQLygZuplz/Jrr5HQyHX068HuHDEzO/6azGdt0ooVn7Xvy0lvswQTphf2cUwdKal59pAdwgEREm3LzJebrTbdPEomZ3wbHra9pajMFltFuDWeUKL95JwNkEDFNAwLCgBUIB/hu0yN9iu0SXVz8ScTnLnamuzqcpb7qWg75ieknZZ056fmlKjNoUCcedlwQUpS5cKvUCLg8Epp7sz8oZ/aUGz5nUcILYLjgf652LkucjdXGneBD+KTJSoMdhKA3THpXkiNHt9Mdcg9dxf6mxJsqIQCdygqkcrRdSIBP9sEiTDziodUhh1mDOJ/ln1IenwCiosoGkht8podc9fqgmgZZ/wruJ8GtMQAZFZZtrzI19KJ1S6axppN+r8HIyNKSRWnWfIeBiEI1btBuNAB5j1UF8xbsEdDxj4J+RF5qLx5oT6yXbpY0GJu8mzOR9l1VTTzdT0o1YJpsVzpsGwPZxYOzyzwQrvufzHdWoX54chRIatQefqDsRpGNMFQSGHgh9DZ/h3NgpFbpcxwbMWb0iIiURXiYqpuDqFDaKx1PINkwSnbWY4DdQf0AjBk74CDwBQWJsYcEknlDG9DLrg29evjxFkWyCKLW1Y8YvWiNGfI2YRuujx0ywEe6acbN+X4Ec3vXZMdprZuRGFr1GuaRuEpAF+1reetz7byihe4rRla30v/g7+sNrNy6K7dm9JqXmI5QIl9e2fHCX4r86f+IZkXgNQ2qPaIMer+i33l6VBVRSeJpXGCgM0hq1U37hh53tdmhAqOcLEbr7DcT6kb5XJDXf9XJO+/2WZ1HHaUS3vVnmJKLrQUALTJ1PlIVZNvRkc5RKW4qgIY7Ejo2ZATgNqd+L0 X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(1800799024)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 09:22:50.7794 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1b27debf-d942-47b3-7a4a-08dd7d916cf5 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB53.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB8104 Hypervisor need information about the current state of LVT registers for device emulation and NMI. So, forward reads and write of these registers to the Hypervisor for Secure AVIC guests. Signed-off-by: Neeraj Upadhyay --- Changes since v3: - No change. arch/x86/kernel/apic/x2apic_savic.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index 552581ce6b36..f113c04b0352 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -97,6 +97,11 @@ static u32 savic_read(u32 reg) case APIC_TMICT: case APIC_TMCCT: case APIC_TDCR: + case APIC_LVTTHMR: + case APIC_LVTPC: + case APIC_LVT0: + case APIC_LVT1: + case APIC_LVTERR: return savic_ghcb_msr_read(reg); case APIC_ID: case APIC_LVR: @@ -107,11 +112,6 @@ static u32 savic_read(u32 reg) case APIC_SPIV: case APIC_ESR: case APIC_ICR: - case APIC_LVTTHMR: - case APIC_LVTPC: - case APIC_LVT0: - case APIC_LVT1: - case APIC_LVTERR: case APIC_EFEAT: case APIC_ECTRL: case APIC_SEOI: @@ -160,19 +160,19 @@ static void savic_write(u32 reg, u32 data) case APIC_LVTT: case APIC_TMICT: case APIC_TDCR: - savic_ghcb_msr_write(reg, data); - break; case APIC_LVT0: case APIC_LVT1: + case APIC_LVTTHMR: + case APIC_LVTPC: + case APIC_LVTERR: + savic_ghcb_msr_write(reg, data); + break; case APIC_TASKPRI: case APIC_EOI: case APIC_SPIV: case SAVIC_NMI_REQ: case APIC_ESR: case APIC_ICR: - case APIC_LVTTHMR: - case APIC_LVTPC: - case APIC_LVTERR: case APIC_ECTRL: case APIC_SEOI: case APIC_IER: From patchwork Thu Apr 17 09:17:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 14055185 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04on2062.outbound.protection.outlook.com [40.107.102.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DAA08218EB8; Thu, 17 Apr 2025 09:23:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.102.62 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881795; cv=fail; b=AkRqs0k+eRGfjuIzfzxP7KQTQDNpvAx99AjSXFNTMR93loC1Dmf+51X755tPkI6EuvEwqm+iNAPAk/WjLeUJvty7dMSsc1lwj2H1KrT9hWY8dfXFdD6X6isf0j72jeW3TUl5qL3ykh4nC4/BcVd9m8xkCDb/cCObra17zULJxH8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881795; c=relaxed/simple; bh=kfVdRHexGQVa+ZX248sx4+f6OPtQPGRC56aSuCvmKqU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=fZIbdvZeOc7Htl62HPf1/y+4lMxu5SIyGKD1G8fc2evryyT2aFrVimrvIWmc7VNw5P/RDJ5P9/ozuh4jMYTWpGx1Q1GX0u9k0TRRbS0pDRWKIx/wBzGWn/HRMWvFrSWCc1oXn8a9aS6Edr29XI+PV58kxVytGq/JmW2GQRfs5lw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=SHJomxzg; arc=fail smtp.client-ip=40.107.102.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="SHJomxzg" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=aZ2Sih2C3D4tml539vD/vZIf/rGVUwuM94xPLRNvE0TaOodYW27Pa2Fj6Ld+U5K/w7rud6ZTqQxvfdo0juzFGKDXZ1e8GK7Fxp5Euy0BR9s1ueyjjL9htkhBMxDU55psqwJqBhx5a4IBhVBaYJ+RmRbLz8TuhyCPHwkhLrvcIrNn7u18RS5XUvZQu9Jv/5d1SFeq19prPliil1qYpD2PCrrFMEEJ3ikrIeKywZt2P4wLxr/uTKuBzyHjZKmlX5yHc1oq+VwimBl8AWaSvFRj31bYMpbnAwFIKKCdsX7ybT3meNjt7w8/pSVHvSPb3lNsoX5vS654KTzixv0t2lK0GQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PMRXuxMN5ZXT4ZlmxoSfOt+r3U6PR80JvQjp12zWKt0=; b=h4yREzrJNSGIlk11y3UBHy/YJQOnbsitNc/pXNA8Yuoa8wqx+wY/wTjayHyaOzzbS4qLzt0WGS5zmBXRyyDG+7GaetjCq68K7qf7cCTNQxajjPH224dqDDiVz613cE2BM9VQX4/p64iWdRlgnh3NxegdU7SEUpR8XmYYfCNKRXOEeH4RyHIS9Rd+oYhEM/bpoOrt+MPrMwt3g8flGI6Z/PZlB27SVnsbch3NxIYTeDOQsrSANlwvs/kTjSLL92I/tdw2DtdsG5cJfRp/FMCO/iCVO6pv0Lx9H4REuCwQWOrBCzj4xZfYe1N8Uof3DRAgsJ+NL1nVe1s5ofOMxPysNw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PMRXuxMN5ZXT4ZlmxoSfOt+r3U6PR80JvQjp12zWKt0=; b=SHJomxzgei7n+kI3xjBmHX5Vz9W075mfXwg6jdfyew0InMCTagXZJEFZLVWHutYcqJyvmbRAv7oZg8/KNemRYWizxvDHXPr04CrgXF2fHjNPCyVUaNQ2oKP7ADzrjEfxtWtGI7NGDGERrTTHtMd2y38M7k//2koG4jqbok3qsNU= Received: from BN9PR03CA0476.namprd03.prod.outlook.com (2603:10b6:408:139::31) by DS0PR12MB8317.namprd12.prod.outlook.com (2603:10b6:8:f4::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.35; Thu, 17 Apr 2025 09:23:10 +0000 Received: from BL6PEPF0001AB54.namprd02.prod.outlook.com (2603:10b6:408:139:cafe::4a) by BN9PR03CA0476.outlook.office365.com (2603:10b6:408:139::31) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8632.34 via Frontend Transport; Thu, 17 Apr 2025 09:23:10 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB54.mail.protection.outlook.com (10.167.241.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8655.12 via Frontend Transport; Thu, 17 Apr 2025 09:23:10 +0000 Received: from BLR-L-NUPADHYA.xilinx.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 04:23:02 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 14/18] x86/apic: Handle EOI writes for SAVIC guests Date: Thu, 17 Apr 2025 14:47:04 +0530 Message-ID: <20250417091708.215826-15-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> References: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB54:EE_|DS0PR12MB8317:EE_ X-MS-Office365-Filtering-Correlation-Id: d91d07c1-d5b0-4e80-82dd-08dd7d917873 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|7416014|376014|1800799024; X-Microsoft-Antispam-Message-Info: 4HZ79lr5VfQ4UoMFFxh18Hg8o5zpJ6dyGJDDP8pt7oLnn+hqfEHl6hMxKwkfTOFDHdSMSZkWwJLICXrKJRGp+TRvC7mDj0K/dDM3IGXujnPJch1WEjWg2X2laGoTC0L2drKyekZ9FLPBQPhSlDk57eECs+bs3ULh93O89titPb0zE04dhfdEbtwp/YlkZpcXNLxRe9py5+5s3pfew1mur+XOuvuGkyw/Mn9J5f/Det9xUkjQfDteNRJrzm8IHQvgqcdz2j8NjGTB/1ItOsaUgCAEody5mlo4WPHqbOlL62vZLzBMxqS0NhQE/AGCca2hCePudT9XUtiXep4w0cornwiCCCxv8FJiMhWVlzr6u0Kr8crR4auBAquZkziIwicdW2UnUSskBpjmJ6ztVvzag0tcoyd+yt0Szsu7LSeE2rq6cL78GuEvqjuPa7sn4/u9wjA4wzd1jEfCwgiFP2hFQvixFV3+Z+hXrNWBPltKCx3sAJBp/TeA4DVhnPc9c2QckcoY6RuKLM5GtoR4VnW2qFacYZj8W1IEHAcHDBMmUMnwYh7iLxTUpHV+Xqcv5PJvG8l5p1YfAQuvZVKjxF0vaotjhjUQuGGSdxJ1Y+vEpT77dqOaB7ZpQFKceib/2V5RzUc4pYnP1aEb1Kz5+a+S1Z5ZPMyJD3fWRLNRmltxGn6H0b9RJh0ZZRW8xuD8UpNKLud8vTXwoCXugdn+06huEemBmqsOe1XtCiKcYUOJJMIcG/H+xr1aR7KgKNUV1ORC0dmiUvCPes1bw4lHMaF3neMl5DogEzjRWegxZwZY28MHv+2F53heZ7cbkLrCBY2d54gK2krKeCvHYyZ1bbn8bdLHOhlwV5HYU0aoSPB0V9Pz9+1X7ocNLX/sx0HDi715v/gkAv2WVO/chx8Omf6LSk1/tyv5rTAzOnZETflHO+5iImIKvBci/vG6rt4FLFGwF78I1ce7tBhD59psrPVu8mdOGw8f6cPpdzOYWP/XiIFHIIj/GEwMiOr/WI/AuaH6GbgW0EuIse4dGcE0fV2PfrzZd/bOThqHzv+lQ3fEgOq9hkv1KPJAh3jMZgJIsbfH12QUggv9UWiwFsnW7zUS18+4sr5w38oFfHbRLwJFrb5wylRhhOTyxV0Kf13V3KrhmFoZmGdLORP1dmifflZyGvNc8IiiFKX6NhEGKpG7vxV/0xE2ugrg9If5c7mu9dtv1ES0Qh1gL9/jPzkggMaVKt83YyFYU5exq5vWXfEekd88naKtKkCXRgluMRz+gQOB7gbZYLjhA6UugCVXp/5knHG1cbvCufDhG7zuV1Oh0fJDjjM1I2gfORVH9l+7d9WgyIXmbmTzCk5VRhFLImWczPJBdhXhcyb4ysOaazUJ6ZZdemsUiOF8sOSTeRb1Pfll4OIzNCCB4k1NONXEMuP/+fzwPMRWrHIlg1F7oCh7rEhYvc+IUCYvgh0cEcluW9UGiKZ8hKgODKYFe6PobgJGchC4ieH6/Euf2y6oGngIjyAEkVFbLKrb50xHt4qLqEiI X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(7416014)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 09:23:10.0607 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d91d07c1-d5b0-4e80-82dd-08dd7d917873 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB54.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8317 Secure AVIC accelerates guest's EOI msr writes for edge-triggered interrupts. For level-triggered interrupts, EOI msr writes trigger VC exception with SVM_EXIT_AVIC_UNACCELERATED_ACCESS error code. The VC handler would need to trigger a GHCB protocol MSR write event to notify the Hypervisor about completion of the level-triggered interrupt. This is required for cases like emulated IOAPIC. VC exception handling adds extra performance overhead for APIC register write. In addition, some unaccelerated APIC register msr writes are trapped, whereas others are faulted. This results in additional complexity in VC exception handling for unacclerated accesses. So, directly do a GHCB protocol based EOI write from apic->eoi() callback for level-triggered interrupts. Use wrmsr for edge-triggered interrupts, so that hardware re-evaluates any pending interrupt which can be delivered to guest vCPU. For level- triggered interrupts, re-evaluation happens on return from VMGEXIT corresponding to the GHCB event for EOI msr write. Signed-off-by: Neeraj Upadhyay --- Changes since v3: - Removed KVM updates and moved to separate patch. - Rename callback to savic_eoi(). - Changed test_vector() to is_vector_level_trig(), as there is a single user of that. arch/x86/kernel/apic/x2apic_savic.c | 38 ++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index f113c04b0352..bfb6f2770f7e 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -377,6 +377,42 @@ static int savic_probe(void) return 1; } +static inline bool is_vector_level_trig(unsigned int cpu, unsigned int vector) +{ + unsigned long *reg = get_reg_bitmap(cpu, APIC_TMR); + unsigned int bit = get_vec_bit(vector); + + return test_bit(bit, reg); +} + +static void savic_eoi(void) +{ + unsigned int cpu; + int vec; + + cpu = raw_smp_processor_id(); + vec = apic_find_highest_vector(get_reg_bitmap(cpu, APIC_ISR)); + if (WARN_ONCE(vec == -1, "EOI write while no active interrupt in APIC_ISR")) + return; + + if (is_vector_level_trig(cpu, vec)) { + update_vector(cpu, APIC_ISR, vec, false); + /* + * Propagate the EOI write to hv for level-triggered interrupts. + * Return to guest from GHCB protocol event takes care of + * re-evaluating interrupt state. + */ + savic_ghcb_msr_write(APIC_EOI, 0); + } else { + /* + * Hardware clears APIC_ISR and re-evaluates the interrupt state + * to determine if there is any pending interrupt which can be + * delivered to CPU. + */ + native_apic_msr_eoi(); + } +} + static struct apic apic_x2apic_savic __ro_after_init = { .name = "secure avic x2apic", @@ -407,7 +443,7 @@ static struct apic apic_x2apic_savic __ro_after_init = { .read = savic_read, .write = savic_write, - .eoi = native_apic_msr_eoi, + .eoi = savic_eoi, .icr_read = native_x2apic_icr_read, .icr_write = savic_icr_write, From patchwork Thu Apr 17 09:17:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 14055186 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2071.outbound.protection.outlook.com [40.107.220.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 96F3722157E; Thu, 17 Apr 2025 09:23:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.71 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881820; cv=fail; b=AxNapLtXVQxJrJ9i8G3oMv0gsuYFiBVOOcHF/CJ+dVCy1g2nAvceeFgMllB16wUyRpjRdjMQr7nk+h5+dKwxuSGno+Zm/QyQiENF8QV81FZiCgNruPqdhYUm4kNOCgH0z6+b3GePu7WwP5k8qDaYsHREZiElu1VDtsiryNlyC3A= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881820; c=relaxed/simple; bh=CKLrXGY7++cHpO76C0dZiH37suKGi4TDM+yGiL0lMZY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=UCV35kbLEI81G0vDG3ETh7wMgPQRl7IHZtucLDl88N4+yb6loK/99j49amxcCGzDj0utYjt1rQ2oyr2zaRY2GipLEjKF7BKq0tt3WHUVlmsGmGt/Yet3B3QCc6RWm3TKk3s0KGyu7XYWjBq1XkoT+mwSZiAv/k3uOtti+x6LwCc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=W75zYKie; arc=fail smtp.client-ip=40.107.220.71 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="W75zYKie" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=u615+UOOM+eh+X77wxSzTps3WDpYFf2yZ1WyNANIbKhMmnXiMX35e9zxw/upOhIyzhDPgdmUaNB603u+gDLJMPdwMITcII/3w1e9FB6CKDqzuVJrTtu25/WBqnBs/8EFZ7TQ+9FslGzSNvCJgsgNp+Nt+4JXR5RT+BuNJEefqHEr4AaGKDI30ngjIXrwbXKgrx3UTZpIcb76YiHYsz9Hw0+NC33tTVzWWG1JbAD/iQyQamlavrjo3BYqwF+DFjvk3zne3ixZD4GcTKWsi6Pn+ClaAOrflg7mQ9snH3I1+FjnzaGQOyeJwOOroAso6p32SOC6iye3JNZUSw4S866fZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lUv1SmKy5i/8r8vZVOWpDmjPcAHjAA25R4HpO+iBVa0=; b=AJgTLs9mVrT1f1UrNWltSMp/GUaVA3uPlRi2MKx5sS19IHN7fOg+NzRsXLaFz6JkZwQVZERzldeWwAeFNBoPn9duDTNj6Y9h68YZSmDHLhF0EFW+3r74l4e1tGcaSnmX4lMZtn2AHviCXxUr3X4b00cN5h20CI7LVli6zK3m6VltmTRM4I3McRSxqFx1+my5wOvnMrq/c2dyQQVmveFNGlxgeXPgf+D+nVjPTQ0dX22T9+eRPkrv6fv7iCy3Dz8Oin7XcP24wzOqFWFkZS1aOYQBgT+kG/kIMlCKjgkOKzgl+9jq4D15XoRoX3uEhSQtI/zycYNYB+k3bbJDBEH0nw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lUv1SmKy5i/8r8vZVOWpDmjPcAHjAA25R4HpO+iBVa0=; b=W75zYKieDHcwyz0dzVIWFCvT/pT37VO4Md5BoF/Nn6erWvcC69+m+Avjx+4JQmUb305MDH6pBNGDuyJlv4VLyYrwydQM2gngkEUstYLB9Lv5iyaMpi0hXb4n9zYy9z9VuxarifWLf1L2whXgiupY0GVMvbZJaGhTiezWKXTA/6o= Received: from BL0PR02CA0062.namprd02.prod.outlook.com (2603:10b6:207:3d::39) by DM4PR12MB6591.namprd12.prod.outlook.com (2603:10b6:8:8e::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.34; Thu, 17 Apr 2025 09:23:33 +0000 Received: from BL6PEPF0001AB56.namprd02.prod.outlook.com (2603:10b6:207:3d:cafe::8f) by BL0PR02CA0062.outlook.office365.com (2603:10b6:207:3d::39) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8632.35 via Frontend Transport; Thu, 17 Apr 2025 09:23:33 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB56.mail.protection.outlook.com (10.167.241.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8655.12 via Frontend Transport; Thu, 17 Apr 2025 09:23:33 +0000 Received: from BLR-L-NUPADHYA.xilinx.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 04:23:24 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 15/18] x86/apic: Add kexec support for Secure AVIC Date: Thu, 17 Apr 2025 14:47:05 +0530 Message-ID: <20250417091708.215826-16-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> References: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB56:EE_|DM4PR12MB6591:EE_ X-MS-Office365-Filtering-Correlation-Id: d85fb08b-4e3e-4838-a9fc-08dd7d918660 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|376014|1800799024|7416014; X-Microsoft-Antispam-Message-Info: sHhD7t+fhr6R1Agx0DzeFZJuoiTKYxxioQks+PORWNau4G8y3bOyNHBHWXWPG9ZsfwFyG3WIduIOioHvKaQI8J6YWMbCI0dSXIl5FMRmBU4IcfS02VCOgoWtS93xMa0Y+cAIKRGl+XYK2SoIjlzI6Ff4lDWT6tdZ8ZA4Ymdl61wcFcysisI+m2b58TslIPHdlHcqHZGL6zOKY8Yq3RsM8eQbSYEzK8n5D1mXJKsLpbACyhgN+7uqUyhcWbTKwWz7eAiCN/xXhfzSzN/87PBtYDHEYtx3U/14hz2KfrMJeW2Dwt25CPH6ZcnzITTHYmKPl2pfM2EbXQiwpK5PpKcMVeNHgP9sEelKORSJ9shULMPVaWJMrv3+n9zLe2y1yv81qnaJ4fFQybXgcWuqUh5nYwqu8NR6rIZSYOH3OYXkCmGf2ZzBFn4fm7/Y2GOXpsJZVAeGik2HXQcfskdjl6IxBJwXwXVZ6/4NmTzh6NBxxZVitxOiBJEzDTIu7SIMxrDNwAYQgkKZLlandZq+CZi3DwlDbvdnxc0/Cg0V71P8GId8w1y00JGhaeh4n5g7sbBBiSXNlDYX60ehJ+asgOwc5UGhNGRNg9+U43m3beeQV4TQ9VK0WYxeEQ6rOBryRxdYGEu0xxeSmaThV9kKaqqyjrLigIhcOcve/MDRz7Ux5GvNxGLtHuTSZOm2Bl9TBtBCq8mxjKDJzVEzF87wn6p556Sh+eHm0pi4poqEzYUBqurY/fRHRoMlvNZ91L5Fpavs/Mt4miXmXV64wXSEv4WSc2Vqk8maw3WyHB/VFaGEV59jjl34YbS94XNQLnrLQhRR1Gd9n9asut2/xbWcWTT/yedynjYuZyVvoBaHQf2y1S3YGaD4+qLqA7pC1D9EcyRC/euesKr5Y5FpQtRba7/bOYibRcIfFwAvAInUvw9JbFL+9SgJgAx3VVVg4JgjYtxaQb3vVB6Ud+pDpqp8LMtTJ4NHZwaFLVdcgGChn7RW2veO+m9PUZFZSVx7wIQ4zYBRqeLQNLmNdJw5jyzibAIeY+/2BBevFsBp0uJTDIV8jCi2CU3dQZgqOLDFCCS9Ql4mWIHuz61BQrYJf1T1K2p7ca+vCKl4D9W/BE5KzMrVJRjkC63+EShCprGbcgf4hpLnd1Hpk1WSraC1yvBgQPOYPfz3EL5DFsK6cCdQt15w6u9Jr1Wn+QGvOIqDsniLC1JUcDoxKLkJYhm49FaoEOWnqsMsbQL9/0wgcZc9BTu47Nw4jMAn86VpqdTiQHFR0rQ8hj2bAo+exTrODoUQ776WkeFCr3z8X7YiMQhmudo4hswGyHuoLsIp02xwxJE74Xb/dyItk8pRq/mV2UNIO8yNDngWNi2Kl+XYCVmlogF1jNMvGUmnk/N5T4HI1bpc3NkX/JFiv64vQNy4M90BcEfGUQdjRYqEh9d2y3Mvos2JbkgfDMqDmNQ5D+MDyoniu6w9oFgX90BsR/yNshnhHdG16+ZVajoXxeD6voDAQ/6cX1JhkOECx0iqzmL0SME5n66l X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(376014)(1800799024)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 09:23:33.4254 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d85fb08b-4e3e-4838-a9fc-08dd7d918660 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB56.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6591 Add a apic->teardown() callback to disable Secure AVIC before rebooting into the new kernel. This ensures that the new kernel does not access the old APIC backing page which was allocated by the previous kernel. Such accesses can happen if there are any APIC accesses done during guest boot before Secure AVIC driver probe is done by the new kernel (as Secure AVIC would have remained enabled in the Secure AVIC control msr). Signed-off-by: Neeraj Upadhyay --- Changes since v3: - Use SVM_VMGEXIT_SAVIC_SELF_GPA in place of -1ULL in savic_unregister_gpa(). - Use guard(irqsave)() in savic_unregister_gpa(). - Misc cleanups. arch/x86/coco/sev/core.c | 23 +++++++++++++++++++++++ arch/x86/include/asm/apic.h | 1 + arch/x86/include/asm/sev.h | 2 ++ arch/x86/kernel/apic/apic.c | 3 +++ arch/x86/kernel/apic/x2apic_savic.c | 8 ++++++++ 5 files changed, 37 insertions(+) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 1dcd40e80a46..49cf0f97e372 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1499,6 +1499,29 @@ enum es_result savic_register_gpa(u64 gpa) return res; } +enum es_result savic_unregister_gpa(u64 *gpa) +{ + struct ghcb_state state; + struct es_em_ctxt ctxt; + enum es_result res; + struct ghcb *ghcb; + + guard(irqsave)(); + + ghcb = __sev_get_ghcb(&state); + vc_ghcb_invalidate(ghcb); + + ghcb_set_rax(ghcb, SVM_VMGEXIT_SAVIC_SELF_GPA); + res = sev_es_ghcb_hv_call(ghcb, &ctxt, SVM_VMGEXIT_SAVIC, + SVM_VMGEXIT_SAVIC_UNREGISTER_GPA, 0); + if (gpa && res == ES_OK) + *gpa = ghcb->save.rbx; + + __sev_put_ghcb(&state); + + return res; +} + static void snp_register_per_cpu_ghcb(void) { struct sev_es_runtime_data *data; diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h index c359cce60b22..37317d914c05 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -306,6 +306,7 @@ struct apic { /* Probe, setup and smpboot functions */ int (*probe)(void); void (*setup)(void); + void (*teardown)(void); int (*acpi_madt_oem_check)(char *oem_id, char *oem_table_id); void (*init_apic_ldr)(void); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index fab71d311135..feeff8418bb7 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -521,6 +521,7 @@ int snp_svsm_vtpm_send_command(u8 *buffer); void __init snp_secure_tsc_prepare(void); void __init snp_secure_tsc_init(void); enum es_result savic_register_gpa(u64 gpa); +enum es_result savic_unregister_gpa(u64 *gpa); u64 savic_ghcb_msr_read(u32 reg); void savic_ghcb_msr_write(u32 reg, u64 value); @@ -574,6 +575,7 @@ static inline int snp_svsm_vtpm_send_command(u8 *buffer) { return -ENODEV; } static inline void __init snp_secure_tsc_prepare(void) { } static inline void __init snp_secure_tsc_init(void) { } static inline enum es_result savic_register_gpa(u64 gpa) { return ES_UNSUPPORTED; } +static inline enum es_result savic_unregister_gpa(u64 *gpa) { return ES_UNSUPPORTED; } static inline void savic_ghcb_msr_write(u32 reg, u64 value) { } static inline u64 savic_ghcb_msr_read(u32 reg) { return 0; } diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index bad60bcb80e7..5a378bdf7db3 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -1169,6 +1169,9 @@ void disable_local_APIC(void) if (!apic_accessible()) return; + if (apic->teardown) + apic->teardown(); + apic_soft_disable(); #ifdef CONFIG_X86_32 diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index bfb6f2770f7e..e7dd7ec7c502 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -333,6 +333,13 @@ static void init_apic_page(void) set_reg(APIC_ID, apic_id); } +static void savic_teardown(void) +{ + /* Disable Secure AVIC */ + native_wrmsr(MSR_AMD64_SECURE_AVIC_CONTROL, 0, 0); + savic_unregister_gpa(NULL); +} + static void savic_setup(void) { void *backing_page; @@ -419,6 +426,7 @@ static struct apic apic_x2apic_savic __ro_after_init = { .probe = savic_probe, .acpi_madt_oem_check = savic_acpi_madt_oem_check, .setup = savic_setup, + .teardown = savic_teardown, .dest_mode_logical = false, From patchwork Thu Apr 17 09:17:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 14055187 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2053.outbound.protection.outlook.com [40.107.237.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E32A4226CF1; Thu, 17 Apr 2025 09:24:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.53 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881846; cv=fail; b=DTpFMysSQC6PyXNd6KBWDluHbxAwd3OmCJkLDhJXrB/2wkCXFat+6UKPMJKT67NHBRJQ7cRgi6aOJAAhmJQoXnExuaxkxoYIiZ7Zn14FSZIo3lBM1wv4/tUzNlfZ3GlOC5YW7uY1oM4rYRNFjWn8h13GflsKsZC6Qyhmckci2po= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881846; c=relaxed/simple; bh=Y3x7EXV1YcrW8Afspw1vAxXmo3rXsaSfZrtmUiBgn2c=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=fUQVLGgymU4bxcifhxE0cvPxf5xd9ynHGD4yzL59ns0KyNYo+842x2gq4dA03Rk8I9nathJc/i6o0zdATePJ72DtumsxnTW+mFjc3QjlcNW1hgwGuPDyVIs7UzleA32W67QZBd1brr4c68MetDbxdtBZyTEpa/sQ86s5S1tKHxY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=dFi7skiE; arc=fail smtp.client-ip=40.107.237.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="dFi7skiE" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=cA3GjDKvEGgy+JbBZ033ECxoslLdRMPVCj+FGbMUXwnWkJ1Qu0GJkUICerwWbUXfayenJ7NibntAZgHOWc6n27QFX1SYE+uR4+bGmeFOVF39Z/3hh7LXKpkvTh8D26GlsfnnprF+n9Nxc2Y3NbCPSkU94qHSCjvWg5K+S2q7iMPF9FehmZmvn+JY3rKIjfpU9qY9oNKU7V0Rff3co1HDoCsxYWzw2FUZd2Z1W3z3jlDaApFf4tpBFPH0kFrA0Pj/2YbkvaldOJV2qnsLasphBEUczZV+iL3UbbXlUagCPZMWoS+gFynwp7mU5j9xiyx9BNBtaRJqAJNdx2SBcMwEXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JWXiLuEv4l4Qm1T8uayhkmgtLDhe4QigI/3TNIf8d6E=; b=R2Cv/b1KPrSzqrtsk+/K3lD+5FzjYUfG4KG6ZiVXsY/URfcuMCVolgVG+fV/NderRqOvgJ4n/K1c2gDj1fpdKnBw5rjVmjxvtOFTEYz1oaMJQAc2eAXM3WOZkSB0/aaOrM0pi8DS/+2qC2HM3Vi8NBwGOlks4EUqUqC9vGIRPbRR1yCirp9txCVNRyRS9/UdFblQI+MlOu+fYcW1gDqVFe/V7obUv0w6d7qaqBaj6wbE8fKFeGm0c6sRV7zUF+IcvUw7tLniOsaVD7LGOaRmHDk6xJFoWjAOiBg3u6YmE1qrqGegZuX/JFM2CVgJnpHRfKT4KCl+9iZFW/TOZxATXw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JWXiLuEv4l4Qm1T8uayhkmgtLDhe4QigI/3TNIf8d6E=; b=dFi7skiEu5caAC2VdOiITXWzAQ6SuGi/I6AVmPQQ3/vzJ62cZhBLn8bISoZmc+SJv+sFvENklSToZMSIF7rtp0iIgMmEXlsr+HyLRkVHNUrmd6MYpQUapQAw24v6xvytScpc1OgbMkmbT8mAGZXlAMjQX/daZxsZ3zUEdY+oKcg= Received: from BN9PR03CA0465.namprd03.prod.outlook.com (2603:10b6:408:139::20) by SA0PR12MB4432.namprd12.prod.outlook.com (2603:10b6:806:98::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8655.22; Thu, 17 Apr 2025 09:24:01 +0000 Received: from BL6PEPF0001AB54.namprd02.prod.outlook.com (2603:10b6:408:139:cafe::17) by BN9PR03CA0465.outlook.office365.com (2603:10b6:408:139::20) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8632.32 via Frontend Transport; Thu, 17 Apr 2025 09:24:00 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB54.mail.protection.outlook.com (10.167.241.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8655.12 via Frontend Transport; Thu, 17 Apr 2025 09:24:00 +0000 Received: from BLR-L-NUPADHYA.xilinx.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 04:23:53 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 16/18] x86/apic: Enable Secure AVIC in Control MSR Date: Thu, 17 Apr 2025 14:47:06 +0530 Message-ID: <20250417091708.215826-17-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> References: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB54:EE_|SA0PR12MB4432:EE_ X-MS-Office365-Filtering-Correlation-Id: 915650a2-8382-46ed-37d4-08dd7d9196b9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|36860700013|7416014|376014; X-Microsoft-Antispam-Message-Info: EkoDganiXfozpGuoKPBcFkCIiWLV4MX9SaPZkYV19B37gyVUlxbZdYX+IaPImBs8RQ3U6dCA/rv8nq6F5zR2iR0jJ3SvEcbmnE01Va/pK0cRuPrxif+PWptMyr0n5RwnPUt3j284EXW8RYIdWI8Vxx0U3m+Ge77yAeQPwA8+JIb3B4qBZOepJq/11tuV1YcS7pMpz4QPUtl6rg163O6bnvhNidSvnfEyRxX7pNMK1TJHsEXfQ0jIiDYzmEkSxr1Mwd46zYKRk5/r7M2IG8bfwUgfCc0Gn+WS31qnh7gfFcIBa6WP8mrBJ+G59VQmQMuOM4YTFCqa19G8WMFT0m9CgLsRW8XO5PuwTfVF/NaTZTqYnClF8JttrZclItI68IZ5W5lP3e4X+tEbQKxv+dGVgKQJ8j/miD3FnvG2vxxEAxcX02JH4oKgCw/QxdGpb8vDyrnACbEdRUfCzuyb0FjkPPJdKjHR9VHGWKYQjI8Fc+J5jgpFSSgvJbPfwZdDnwvO0mTUGjy5/WxaLp02rhm3F9J7LfpFPIClZNXt9VhdfaEaAe3Rt/ltzK2hRiL+Sg7/YTYgzBjXNHXn0tEQI50snhpvM5xFxLzwSnfJ/fM9mi3takC86htP+CqMpJGf1Pjq4bzS22NUNsPVHZj1+XW7r88NeBSzU3pJBHwG7FOf5zumkDFxUC3oPqr8VoPOauoHoerMtx2N2sXLWvfr4tT9GjMrR8RKOTyq+++MOsHfs5HsXLbcLYZkOT0ZZinKD6A+t2IacxfNCZi2skNPiSdiCVsv9zHFlZ7ahsFbo9vrbjsBbAPMl87CthS32cdpfaFJaUpCCyI9YlNCRD6lEtu3cyTj5sclL7mq6v69X0V7eIkt80jd7vI+D9Ls8njh9K/iE3zlYG839TgzkUNm/7HFiNdpTwF2ZraC7vxE6xTcKB6BZmovk2ddf3H5Iv2lAyeRc/FTvxN/ghtIWtlLez0rZnt4LSmU2nZmXAOVppDWG87PK2rTs7eNms1R3N+f4BAh+TAyjbg+gbq41nZo6Pk6XfwTfastMPcUp/La9JRNV+1zPv0Y/QztM6pIgnvXe3WLzN6k/M+Xa09eumkf+brcc+NbOiITMYxTFOK8eFk4GEQSTN8VKWDYl/2RvXSUc/7YSIIYuktUpcjFOG500neEZm45Sriv0hbXMK2ckwnlNLIsONr4RZ/S60UmUnN4jrGUxHxMbOyvQj3XR9onCehEX0cgd1BS9oLg31rLL11eqTgSRPBzBPfhIuFX7pL3/Aztwk1k8+4B3sLMHNKT50A8CQMlnXrgBzBZtmmD+AjzqtLwNljLUrWaWlt+Xi2E+1f1TZ089y1RVvpoOGdpQbXi+33ZhLkn6LbL/GnMoMBBDOMUhPNvxSBZjhczH9mGkDJfloYxhOa8iL7Joa5vKDnPN2FgDPK9mloaotX8aUIaV/xPWimTdV7LDQNMvzvX/c2/LjwjdcFGsQ38e59kZzeQb36QAV91pzsh4ee8QTTwGk8N6K63gdlObY002wEmca80 X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(36860700013)(7416014)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 09:24:00.8488 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 915650a2-8382-46ed-37d4-08dd7d9196b9 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB54.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4432 With all the pieces in place now, enable Secure AVIC in Secure AVIC Control MSR. Any access to x2APIC MSRs are emulated by the hypervisor before Secure AVIC is enabled in the control MSR. Post Secure AVIC enablement, all x2APIC MSR accesses (whether accelerated by AVIC hardware or trapped as VC exception) operate on vCPU's APIC backing page. Signed-off-by: Neeraj Upadhyay --- Changes since v3: - No change. arch/x86/include/asm/msr-index.h | 2 ++ arch/x86/kernel/apic/x2apic_savic.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 9f3c4dbd6385..c5ce1c256f1d 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -694,6 +694,8 @@ #define MSR_AMD64_SNP_RESV_BIT 19 #define MSR_AMD64_SNP_RESERVED_MASK GENMASK_ULL(63, MSR_AMD64_SNP_RESV_BIT) #define MSR_AMD64_SECURE_AVIC_CONTROL 0xc0010138 +#define MSR_AMD64_SECURE_AVIC_EN_BIT 0 +#define MSR_AMD64_SECURE_AVIC_EN BIT_ULL(MSR_AMD64_SECURE_AVIC_EN_BIT) #define MSR_AMD64_SECURE_AVIC_ALLOWEDNMI_BIT 1 #define MSR_AMD64_SECURE_AVIC_ALLOWEDNMI BIT_ULL(MSR_AMD64_SECURE_AVIC_ALLOWEDNMI_BIT) #define MSR_AMD64_RMP_BASE 0xc0010132 diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c index e7dd7ec7c502..6284d1f8dac9 100644 --- a/arch/x86/kernel/apic/x2apic_savic.c +++ b/arch/x86/kernel/apic/x2apic_savic.c @@ -363,7 +363,7 @@ static void savic_setup(void) res = savic_register_gpa(gpa); if (res != ES_OK) snp_abort(); - savic_wr_control_msr(gpa | MSR_AMD64_SECURE_AVIC_ALLOWEDNMI); + savic_wr_control_msr(gpa | MSR_AMD64_SECURE_AVIC_EN | MSR_AMD64_SECURE_AVIC_ALLOWEDNMI); } static int savic_probe(void) From patchwork Thu Apr 17 09:17:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 14055188 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2074.outbound.protection.outlook.com [40.107.94.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 27885225417; Thu, 17 Apr 2025 09:24:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.74 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881870; cv=fail; b=d5+xGk5C+T8Gd/4NlIyjDLPQrtF6q4cEPwzDZ1we/03cGn1fmE071m4dnToHZZNp0nysblVzKYI6zyZrMV9MZDQYfkNRSrEPRZhtX6DajLQLdqjquZfB60AIg17k7fjl60/cyq9p89zrHhIRPb4R7Pi3h9Jt0C/RoY0uD/Q4Faw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881870; c=relaxed/simple; bh=Myw/QAjKQPuiokMdpIDBt4zndsc7tVdrADHr3kU9JsA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=MYhMGBsApAmq9eWtt6kia8IHtOMRMWKL9xJVKGfGDGCcbPykbIIRO7hTL4DnlBc9gZWYwPh1SODAYk5YS7uF2SBKL+HH+yQ93H5iH0smKJK3YUvgmc5np6xijuu9PtZZKNo410KnUp5XOAxp6Volo9y0AorqyigEKAc9K9I7Tcs= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=24w4GdXq; arc=fail smtp.client-ip=40.107.94.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="24w4GdXq" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qdo4elPb4fS63qtH3IzzYyKN5mXshRd8ocvGbZJGs7B8q7jDIUdfYokt+N2YELghTBsYa6+Pz2Dt5Ss7Q/cl7CiSQZ+LH6koNQlspxfTg0JJpHc7XSpY0Ax8pFCKZ5jxNupCqaIipWFKkBe9y5bwC+Bm6Eu2R/Ir+FHVQyanctcy8q7+xKsdKcSLUfaO3QvNDIdZFOd+h5J5jXWR8x1kurR4hXF5IgA10A8ljAc7IM3VAG8zVAD4e5qfuHfYo89Rc8Mt8U7auSC0tx8wJkOQZm17tDbhCtMtIDOlvSrc8dU4c2SsgnDW8gfVVzzG4qPNmQ4bi3tcD3UdTP0E5cZdBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nTvHLVF7/46lzEkeOre6qLgQWgQA91vgIG7FWvBifEs=; b=uAm/UvXRLsewtDXRZbFRl/pYTPMg+KgbTT7nKRnSLwmj2KDDObm+R5i6PgKsOX7C2alouUluRrPmCqnfebWwVYxKilggbEsx42vkWcnzkf5uo0MU58SRW9+acevDXpqAAT97vNaIk17gNtlV2IkzzGX1OmGIoyaa5h1HEBSMI/8u0EL1YNLU9psOHbZDPILQW73lnnUQNJqgAp2ZL9/Z+TaxYC6WeZMjNhbbzw0ZhbYH8a6EWnYfhJtvg9QjA4PZ2yLEbSfuidMTVjYzsBYpJRLpcZT+clkWqcX+ifksvbTs5+UUXfP8mMPh+LaUsYr7WFIPpnljZwdQqBya8X708Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nTvHLVF7/46lzEkeOre6qLgQWgQA91vgIG7FWvBifEs=; b=24w4GdXqVK0JwOvdHUlkR53XtyWz0WFEsf81UvfzFnA+wWYay4BHbzHe8JJXktdKh4tNHPpeDqnTY8LpXetR5EENW3gVOiE7VgnwTsHlDWjCZnLkNUGUS33dsueUxPUZY4H7FRmC90vl+0VI2uSWhxPX8S+VuzKCXDYcQ2EGOhM= Received: from BN9PR03CA0166.namprd03.prod.outlook.com (2603:10b6:408:f4::21) by DM4PR12MB5988.namprd12.prod.outlook.com (2603:10b6:8:6b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.35; Thu, 17 Apr 2025 09:24:25 +0000 Received: from BL6PEPF0001AB58.namprd02.prod.outlook.com (2603:10b6:408:f4:cafe::5c) by BN9PR03CA0166.outlook.office365.com (2603:10b6:408:f4::21) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8655.21 via Frontend Transport; Thu, 17 Apr 2025 09:24:24 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB58.mail.protection.outlook.com (10.167.241.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8655.12 via Frontend Transport; Thu, 17 Apr 2025 09:24:24 +0000 Received: from BLR-L-NUPADHYA.xilinx.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 04:24:14 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 17/18] x86/sev: Prevent SECURE_AVIC_CONTROL MSR interception for Secure AVIC guests Date: Thu, 17 Apr 2025 14:47:07 +0530 Message-ID: <20250417091708.215826-18-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> References: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB58:EE_|DM4PR12MB5988:EE_ X-MS-Office365-Filtering-Correlation-Id: 521bf3f7-6792-4385-8275-08dd7d91a4fa X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|7416014|376014|82310400026; X-Microsoft-Antispam-Message-Info: +lL4Te/Qt/exnz6SV1RUwsOhIqIS3DCClFlgp4HjR6xNTLt/5BbkUzVWwqSaGdNcs4IMAG7q8FHdOHk+ohfr6dFMdQYJMKNgRpjAsrBbQOOdhtq7OAvA81aeae4d2kNqFt/UGZwilcZDijCazIy1KYpfEAqH34gYgo4q8oflid7vp++lvw/hr+INeSkrHc5y4t0sFs1LuJ8eU4uJYQU4QAmwpW4JZxzhUtaBd11Y0MnmgUvq0dcOSZcTveUxRZmDiPtYK26VoGrvPY0YR5lcfZRUC3pGdNVavcrtekt5fTrGTm0zasu/5cL2LbiAbLAE2as5imFblERTH/JAj/oTSib5gCT1ZRIKVFobd7ofEuiFsPhf38JRpN2Mr13HxNMHPa5WF7rkOdnIChDqkb9b2VX7kPFO6M/n1yMycG5Lok7t9JA+fkprXEPUub26Kgbyb3fXqewp1CKG8cZBGCSlVoM7y9lRzLNFVm6tdEGakmExDB+XEJuaBmEl2cYs1jmJvKr1OippxryFCIs3h8sNCvBtkIhQkko3yEf4re8pz3zoJaeXTRmm1tOpyRTA0cwRiNSZsG3uY0oSSlf26XcXRF3IjhnyOdAPjtWel2rFY7S2LNDuEyKJrSmq1UlboBMjyKyhtfbiCqEB5XSH3McWhWfNWPUDWl4Y8BiTzBV0oyVOMrx0aAP6pEjWGi6Qz3YMG51ydOvOrqm3rCIpHlYkx9o5qRjixBXzN5/9d05Nse/l0r1P1sPDUxA1f8Wdl/g1d032DOTQcGNxZkleBEP/dAUmBM4nUWj6z3YdQ+/AVyd7mAQLhRciTbWh2JUNOq3fA+vqW5t3jwmmFoRK7DXzvdFHasnE5ZPoxGJCOhN0Pii0q/dL6twF+ASxwV9jGFsP3Nq9yo3qpzOA2DcbMjX6vTTFQmhzmBdmz2QtFDMyiwAw61DKW1pDnca9TgKnE0zSr4l89MBLb4uAjiB9Y4QQkNtpNjCxzv6z72cROdgxhBE+IMWP9PueFXBdiGwNZ8816hgfiUAr0FQh1/tLqCWSjSG/bt7Alb7UIM1YwM/5Alx5IQcPCdpqiDZ6isZRBYnw63EPflmGWTicysBl8d9LfLm/8CdYsF5wHmZexzx+Ac+69XCpS8+mm6o9+GNGtpQQPoGKOux3DlbdER7cm5GvYCvjyI6FrR/i8Md9BbARLDEEimU3Z66m5r6ZfgwyrR3Yp8KpifZ8Dk6UWdi2Uqxwr8JOvpDqB/c4mKY6Nap7fxTz+cAeOhpIiAXbE3XsqEfiIeXVLRD3boPYdgGIKS0uGSF24kXW8xoFr/r0Z1UeZWaeEQMU5+IInMkNTxKvoafmc2kKI45cl9zIZ1r1xwq7vxhonzfUibmdeWRrJWU19NrCUZcaZeit80ecXFNSGXndhGIK1tszTkwnAiVwXUBrpA0MeU2OhC59h9RwKakWboQWu1u6wxGa1GsisoatEQnptQwfbWSFiX53cECDJKPtvfU+EGjJgZpRd6VpwUBkjz+oZ0v4eiDHJfPOcHEm0f0k X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(7416014)(376014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 09:24:24.7643 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 521bf3f7-6792-4385-8275-08dd7d91a4fa X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB58.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5988 The SECURE_AVIC_CONTROL MSR holds the GPA of the guest APIC backing page and bitfields to control enablement of Secure AVIC and NMI by guest vCPUs. This MSR is populated by the guest and the hypervisor should not intercept it. A #VC exception will be generated otherwise. If this occurs and Secure AVIC is enabled, terminate guest execution. Signed-off-by: Neeraj Upadhyay --- Changes since v3: - Changed "fallthrough" to "break" for MSR_AMD64_SECURE_AVIC_CONTROL "case" in __vc_handle_msr(). arch/x86/coco/sev/core.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 49cf0f97e372..a2d670ceef2f 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1398,6 +1398,15 @@ static enum es_result __vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt if (sev_status & MSR_AMD64_SNP_SECURE_TSC) return __vc_handle_secure_tsc_msrs(regs, write); break; + case MSR_AMD64_SECURE_AVIC_CONTROL: + /* + * AMD64_SECURE_AVIC_CONTROL should not be intercepted when + * Secure AVIC is enabled. Terminate the Secure AVIC guest + * if the interception is enabled. + */ + if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) + return ES_VMM_ERROR; + break; default: break; } From patchwork Thu Apr 17 09:17:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 14055189 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2046.outbound.protection.outlook.com [40.107.94.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 78C81335BA; Thu, 17 Apr 2025 09:24:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.46 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881893; cv=fail; b=ONFH+oIOI4J0F9n6yqZvmXSqIXu81WIShhiM4UWiaTQfstW2FWXLisl51DUhWvIlJykH88OD+QsYEZY9akueho9x9WwJ6qf4/liBlwf0XMEOfIIZSOXytvuJZhvqE+7gDDqJqYKGAaRGzOtNdetMQGI7kOZnXM9eJWWZSrt7XZs= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744881893; c=relaxed/simple; bh=B4JBCRsZ4u0ER8nXcWrOMtDefXQRAsHpPeedDHigxkI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=jTJ7NJzqMi4AwEc9CW5neKUTYvPmDYsvD8dzQfOWt4czF/Ok7H9sNKIb0e2Td+khOPZvt1WJF668m96nI6mPcBIhAaNHQrIU+5S8TVACqbqUpINf/s+qbBmjutJfj42VTuE850viVj7jO0A75XBO2540zmF7+fh4r3KFDWNfQ7g= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=v7npmzoZ; arc=fail smtp.client-ip=40.107.94.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="v7npmzoZ" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=hZ4BSEi3DomFVf9m1afiLCpKBsx0GNbJfAkWYvDasqgGbpfp/supJkpetZtZI2/YS8Ut3kKpq9fPvnhkFgUxYr9DInZ0lRjPQy666UFyb19yRJnrHNdJpysmSGxL73Dv+fe7g8VLsFKH8E83vtL/D1wP4vWet8hcOdQHI0Mhas3kh8LyA5eLhW2U3u4Zxs6PW8ok/uwan3dActqGa5nkt0Mo5DA9WiRhEpBOlkOfp3RUmBXnNacjTicpEk6ScVbVf7xazAC5dNmynj6jCmXzBhmr7xMZ3sk0irU23A6tmdY4sdI05W5KnvIfES0D08/dzTOgvT/R9Ywbt+RhX+zDIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=s/1A7IVUNFPTU+FPCzjRS2HBHGdPpHvhYDWwGZ+KFQM=; b=DNqwqbLyYDWw7Dlvd8gbhgj97mSIyFOXel18NdpemxFwfwJMcPkOxgn828dCY62WcM9Hc/oWyperkebYKMv2F67ocvtmiSSXFa2l9BVhrCRGjw1+Hak8Qk/JpQ8jQjakczeLsHkQwiaxRBtFZltrWxF4ZPgbTjPqYBWI1tmacZJTQRgtJ6yNXNAixKNoTUEvY6w3CHyZpAnMGcKPVmrZB1Xn3+1OD9y+2HbwfdBH5S7C63EQ9B5ePE3a18Lv1gvv+PCWVJ/vs5daK8gQOcoEj+Ws+uq+5X88NJDTAu0HBoSZ5OWZY5rndXcD3PIq6nBjHz5ZEMgVKYqCgZSbxlA5Qg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s/1A7IVUNFPTU+FPCzjRS2HBHGdPpHvhYDWwGZ+KFQM=; b=v7npmzoZaS8h+CrT4TEdFE6IOr/dct4atM29kUZwzaMNCEUmEMOz2AM0Cco65C7bwMhyXMnZygPxnS66W73KdbcZLhARlh9hmGa57kfqnq1a9oxIG+APxCEoIGTN1tTppjNSVOPgb41xY363mtxG891W+81DSRREOxv6qD0olKA= Received: from BL0PR02CA0055.namprd02.prod.outlook.com (2603:10b6:207:3d::32) by DS0PR12MB8525.namprd12.prod.outlook.com (2603:10b6:8:159::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.35; Thu, 17 Apr 2025 09:24:46 +0000 Received: from BL6PEPF0001AB56.namprd02.prod.outlook.com (2603:10b6:207:3d:cafe::50) by BL0PR02CA0055.outlook.office365.com (2603:10b6:207:3d::32) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8655.15 via Frontend Transport; Thu, 17 Apr 2025 09:24:46 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB56.mail.protection.outlook.com (10.167.241.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8655.12 via Frontend Transport; Thu, 17 Apr 2025 09:24:46 +0000 Received: from BLR-L-NUPADHYA.xilinx.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 04:24:38 -0500 From: Neeraj Upadhyay To: CC: , , , , , , , , , , , , , , , , , , , Subject: [PATCH v4 18/18] x86/sev: Indicate SEV-SNP guest supports Secure AVIC Date: Thu, 17 Apr 2025 14:47:08 +0530 Message-ID: <20250417091708.215826-19-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> References: <20250417091708.215826-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB56:EE_|DS0PR12MB8525:EE_ X-MS-Office365-Filtering-Correlation-Id: 735abb8d-c5ad-4588-bd36-08dd7d91b1db X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|7416014|376014|1800799024; X-Microsoft-Antispam-Message-Info: jtT6xrj+0nhUXUjr24tz9rHO0lMON9TTkwXlTe/CpP9wwF+fY7uZQrwiUMsLR9f3Pq095Q2pkIxVZFGm6dDdJTf5iwCPJWSOlb71h5j9srXP/en4OnqPa5qN5WSbhwgWY4NWzP5KKu9QX0/+P3qfk/t/NMtu3iJBTOPSynLmRFVJmFGY9NNBK78zv0sqbKkMqHuqaPQEusj+Pxwa9Q3P4e7Zymzlifo9a1rfNterNrVuQ/hI++59lXwh7ZTc36IrWV4gVEQf3EcHM7Dk5r88Q3nqLdQMAhQtkXa3H/qqBiDOhv1aP89pbNuRnSQ7aU/bKEtJd9uFRc4yihpHOvdoh5bv/MINzm4GmfymXdXlG2cJtDSiA60VQRSAGcS50c4qnh4DRwaSoZYNGMPuzN4jE0oxCaOsYV3w72On/HIxjdO/Df7XL3zyBgj1nu/pQk/DrI++OfbywCCknMcBn8nCkKNjFF2JAJZQ0tj1TH/joKcdepErr8uCK59HE1+x/3h+eVuBky2ICdVxeTNofqsp78tqmVcM7PhpbZ8xu/cFDraDW24OSCqDFhn9Lr6gzX46r7Gvn4AyfmifDQNdX+IyuiUqJFErPRoRqkhXCOeKeBTG3nHP7Xs9TzhbK/eoqQvYBVGjsItzCIRZTejUAbpybwRRUy3BjvuRCv5Xq8sIXVR6vjuKYzb2nLeNy+qKxV23V+3o1rXPwbPjJ14mIbKKDz6tm6XsZRXexqXvy+0M1fVXXqHukn6Up8kysugk5eFS6/jl0AJE+kUBfZLLTA00U4q/O7veTdEMc3qfk9VXKUASisSmXYtb8EpLdJ/E8AQLFpXHyHPbJOX0EpcJNashT4C9Vo/k+Q0Qi0XXICX+oeLrWzEoUIDPzky2SKuLE2I1Ar5DNgmRiAgfCjd1OKGS6j6QdyAPq+gDAhEwIxzn5QeUmEqeuoEo5TP96F/kieoqnfhzAOTIjiytQwJMAMYm5ueUAzubF7cRJswZQ4Y0Gukmbqo7Swdbnb8OmdNvItSLl5opSZ7moNGc5Fdrb/DCQVoR0xqR9VPiwPJce08su7Gt9+w2/0Z2bPliyUAAw8MyWYiR6E4fsw1ScvETKn3T+UpV9mwwIoAowN8TV13IeFePBXD/z17UQcrKZGIpvG/kTuyT3jns3U13zqDA8EzDKv7koiJX1N0q200pnbDpfE2t0iQSA1B9bYrh4IOEHgxIJu3SNw4ko3jt72CUP1YgpJPNn702LBwffH+iOEK2N7VdwwRYd88g2NMZuSielRp/e+7GFIhmBJUh8YMT/mk5KWV61MspVm8ySAEfwdYtC34HkVgZGURCWvCYszI5F1HgZC77+56hP0IdvBon1BaCf8xGT3rRj6qUul79vF9AjblqlJGdk2a9e9mKcJ2FOcQ0B9Eq9/zifhiu9uWU3wZaa+agbKdvii5yAB7ZzgiZONRIa7r5+SAOKGm2r2ADl8GieclZdMedK3DuNJ8mdN2GrMpdh0DmaotnvKig8ERb/5pHkEKIl64Aoy37kVW95bnV X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(7416014)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 09:24:46.3748 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 735abb8d-c5ad-4588-bd36-08dd7d91b1db X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB56.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8525 Now that Secure AVIC support is added in the guest, indicate SEV-SNP guest supports Secure AVIC feature if CONFIG_AMD_SECURE_AVIC is enabled. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Changes since v3: - No change. arch/x86/boot/compressed/sev.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index a418e80cfcf3..c5a467c334af 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -402,13 +402,20 @@ void do_boot_stage2_vc(struct pt_regs *regs, unsigned long exit_code) MSR_AMD64_SNP_SECURE_AVIC | \ MSR_AMD64_SNP_RESERVED_MASK) +#ifdef CONFIG_AMD_SECURE_AVIC +#define SNP_FEATURE_SECURE_AVIC MSR_AMD64_SNP_SECURE_AVIC +#else +#define SNP_FEATURE_SECURE_AVIC 0 +#endif + /* * SNP_FEATURES_PRESENT is the mask of SNP features that are implemented * by the guest kernel. As and when a new feature is implemented in the * guest kernel, a corresponding bit should be added to the mask. */ #define SNP_FEATURES_PRESENT (MSR_AMD64_SNP_DEBUG_SWAP | \ - MSR_AMD64_SNP_SECURE_TSC) + MSR_AMD64_SNP_SECURE_TSC | \ + SNP_FEATURE_SECURE_AVIC) u64 snp_get_unsupported_features(u64 status) {