From patchwork Fri Feb 28 08:50:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995918 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2084.outbound.protection.outlook.com [40.107.95.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BCFDB253F13; Fri, 28 Feb 2025 08:56:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.95.84 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740732987; cv=fail; b=djD5CUEymMzZLqKfD2exMkImVZOCUZGOYgCvHVkfBFyB5Ul4gPd6H6nTyVPvKp6sQpfVtNzRV4gFqHgMZIR7/EK/8WvYB2/K9zwSiovXzg0wAQHFje7GpLCcjcTPAYfKGT/YotTUKVMdJbiR4Dfhc2utG9MqFKJFHouiUna8gho= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740732987; c=relaxed/simple; bh=BMq7jdlCLRc8bQWbOrMjMgMe60xuy5jz860uwwLv89k=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=EyqzXzQlj9ZlGey7fs8YWkusC1d3CilvGNTOWGtyFdqO3xBK4EXyLj91j2Sq2QKz4LGjISwPVUgpUHVGeFrd9t6uFVix01+7ntUiuO6naJ9xaKTARcnsj3lE+lCvC/F91+nP8AKizJUh/BaJjwHjBs+s3roJFQz6IFFZIouQqOA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=EkJnoknB; arc=fail smtp.client-ip=40.107.95.84 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="EkJnoknB" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=yN6k2WHfbfIvsI/VOO9J3lVQGfTI0tpBgvN6sOuF4qtQJsCP841rECOMKG5voPrWsUmGGS/JJKreSkEHUd5nHV5886eWbrRdUthk2PfVhi51gi19O8ZNpqi7XEsYXThgRMCKiA/I9lJyyo+Ya4AqOWC5Jo5397cM2Yp4/G6KYtyCuL8TM/8jhUDPut5fYdmYZtV40zd5gCwt0pFYNYD1LEAgIudo7Onbd2ch7/1k2slXyFRPZPALkk5K/n9kedAUJYO01U4Eehaq7USq8Nsrsp61bJhbG6kiwOJP+u+Q/Da/05v2C1zME67zedxtLCuP8H8aIlYmhH6lmDoRiy6Xtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MPezGnTuP7Ab3/OvNWsIXTi2VPD8xSb+Qslem+gWhJE=; b=zIcavC8zlEW7fu4rR/yZuKSdTRoc9CUXZNWeXHtyi679lW96uby6hkWDajoJ4bBbkrE3QLvgdlbsMbfqbuY16SiRbA4HjDcs/LJnL4wU9fOW6tgzTPgV54s/ZvVEo/BlKsAhLRZy7v0O8ZxW8sdZM4r8O4nA4pNpxbARfFIJwum5PYxAhKFBNJH0c1Y6uzIdZne98a6bkQ7v0uK8vEfP3AQIInRblMdIsADM9lh90g51ZqoX5uBcVgtL44fYJPJcaIQKYEcn6vNKijdyPNUNvbbpR0YrEF++f9mO6jFCKBgAlXM0PwaQo6kKF6WvI622WfKTJdVs2AGDu37cDzYM3Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MPezGnTuP7Ab3/OvNWsIXTi2VPD8xSb+Qslem+gWhJE=; b=EkJnoknB6gZk+EidAwCgGfucjF/wfVG9M0p225tHQhfFyxnZzty9ItqA+iHCXR83LVkFZfioayj3irI3FFJJ7wob/JzOGNI+j5HkwJiIjSRnXHvGDvb62plBzPantnYn4UEZ4tU+wpkserTw5OoPfOI6xB6aecDTCpv5PIh/eSg= Received: from BYAPR07CA0087.namprd07.prod.outlook.com (2603:10b6:a03:12b::28) by PH7PR12MB6717.namprd12.prod.outlook.com (2603:10b6:510:1b0::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.19; Fri, 28 Feb 2025 08:56:19 +0000 Received: from SJ1PEPF000023D6.namprd21.prod.outlook.com (2603:10b6:a03:12b:cafe::78) by BYAPR07CA0087.outlook.office365.com (2603:10b6:a03:12b::28) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.22 via Frontend Transport; Fri, 28 Feb 2025 08:56:19 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF000023D6.mail.protection.outlook.com (10.167.244.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8511.0 via Frontend Transport; Fri, 28 Feb 2025 08:56:19 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 02:52:53 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 01/19] KVM: TDX: Add support for find pending IRQ in a protected local APIC Date: Fri, 28 Feb 2025 14:20:57 +0530 Message-ID: <20250228085115.105648-2-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF000023D6:EE_|PH7PR12MB6717:EE_ X-MS-Office365-Filtering-Correlation-Id: 92d255b4-72f7-425b-e68c-08dd57d5c482 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|82310400026|1800799024|376014|36860700013|7053199007; X-Microsoft-Antispam-Message-Info: x35W7grOAhklOyeI5fVul4ZRt2D76LHuqbAgUZvb8qmkPxTSVWl3RzZc4ROdb4lvyfJtQa8aNW9hVmCSIxMpwxAqm7CJjzAarQuj9MpHv9BBt/AL3ZzlxCSYtcmWVTI/Tsqz9aT4tzndtnZo8EY2j7rw0T2P74l5FpJfyTh3CuYgnSqzoN/whkfG4LLmyHud5gyR1J4lesJjsKO6ih1ZlUm7bhwNzGYQKGG9xHDxv1mnQgsIleGUJg1QC/f2ZWI+nZ8nvOdr7bzDGhkv+VUk5ylwdCaqxLjxPJFflJtd84UBGLfgnzP/TOP+2qMFD0M59QBRKW411F3+0fueCv53wc11jwIYWyarmF2nve8gHkS+w1v/tGLR76BqL3zf2esY5cGfsK7sz6elD2H+qwH4EjUF6/rK4S9EXitkoO7s/1WJqzK2oFxZP9JvwTButQYa1+eBG/R39JDkQPdWWs5K+slLlHM608dQBN7yJJEKe9uBP8wiJHuWIewrJie45LQJ1wTrf2fmuqt7ZTRVZoTnGuubdRf8rkZMe6Ahh91faI2FdTS5aQeTYtENdgHUYNi596+LQbjxGflugEMqXo9JaM1jTU7dYHxvdht+EqIz4OP8hPDGN977Q2Y1bXSpvEJeKKbIycuC5/l8eYn4ORLo8y1aQkmEiY/EgdY390hGTr87vj3dwRRXW3gcCLxIu1/vyRYHaLY7GFJG/meeZxNyitJUp1KYV0U+txkEii5FuZQ0jgHFe7okSeSGK8PgXD2blkevETRUCQEUx6Im34fBMEOHimDFfsvkuICWapfvW9w8k/PJMcF6YxTYV0HwI9H5rAw1NiwS+lr5zw/aRs+fNUkDWlm5c4KVrOXG51s0UuSX3HQ9AX2JWnd94cIFsUf43NCRT9blmZeX4z1XChdNepgWkGps1g/7KYIBu71r6ltlbDfRo9WBfEvZPZTICfASWd7ZVNLxp+W++toYpGH1jB1gIgg/DOFjJ4TvdRwK2RhOZ1y/nTAgertyhjwy2oTGNd9j9rTo/f8gs8tjleHJWvXPoPMUwIbu2w3ekl694qPHdu3VuBUo6QbrWSX9VYYQCt3rMHLzwyFA/9DAGB99uGnL0623UPnlFR9qIYQBfdJhQe3AcWyVlXYAgvgxmWg7zpmd6/7r0q6dF0NFuVQ7Po6BXNAAcgirLY9dmr6P7EtLpJUJ2fUWFoMtdaWdjWWv2tAmetLd95rhQ66N0eZxjsh3BhqXYqQRWxL0wf9M/Y9tF3nvNp8IDIPVtsvY6lw+ybnsexUUXS3gwLmgHjphzdN07x/rjZIpTcNKwJ2yxGrE44X7DNF7SE3/tYs/R9nbZ98xVG7hWz7InmY73wuSlIn7YxMn9bYHXyPNOusiy1GwmhPPksp2I0N4NZL/VIQdEtAkuWWxeSw9Y2M2IAY5fZr3iK1/jT9tJfBaE9mSVxA2k2VVvQUfyu20Ru8122MJCcE3CAcNvzqqgrLMvSQ3EzPfm5WgNZw5YwuS0Qk/+lg= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(7416014)(82310400026)(1800799024)(376014)(36860700013)(7053199007);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 08:56:19.1323 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 92d255b4-72f7-425b-e68c-08dd57d5c482 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF000023D6.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB6717 From: Sean Christopherson Add flag and hook to KVM's local APIC management to support determining whether or not a TDX guest as a pending IRQ. For TDX vCPUs, the virtual APIC page is owned by the TDX module and cannot be accessed by KVM. As a result, registers that are virtualized by the CPU, e.g. PPR, cannot be read or written by KVM. To deliver interrupts for TDX guests, KVM must send an IRQ to the CPU on the posted interrupt notification vector. And to determine if TDX vCPU has a pending interrupt, KVM must check if there is an outstanding notification. Return "no interrupt" in kvm_apic_has_interrupt() if the guest APIC is protected to short-circuit the various other flows that try to pull an IRQ out of the vAPIC, the only valid operation is querying _if_ an IRQ is pending, KVM can't do anything based on _which_ IRQ is pending. Intentionally omit sanity checks from other flows, e.g. PPR update, so as not to degrade non-TDX guests with unnecessary checks. A well-behaved KVM and userspace will never reach those flows for TDX guests, but reaching them is not fatal if something does go awry. Note, this doesn't handle interrupts that have been delivered to the vCPU but not yet recognized by the core, i.e. interrupts that are sitting in vmcs.GUEST_INTR_STATUS. Querying that state requires a SEAMCALL and will be supported in a future patch. Signed-off-by: Sean Christopherson Signed-off-by: Isaku Yamahata Signed-off-by: Binbin Wu [Neeraj.Upadhyay@amd.com : Pick common ->guest_apic_protected bits] Signed-off-by: Neeraj Upadhyay --- - Not intended for review. Taken as a base patch for this RFC development. arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/irq.c | 3 +++ arch/x86/kvm/lapic.c | 3 +++ arch/x86/kvm/lapic.h | 2 ++ 5 files changed, 10 insertions(+) diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index c35550581da0..5abc048aec07 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -114,6 +114,7 @@ KVM_X86_OP_OPTIONAL(pi_start_assignment) KVM_X86_OP_OPTIONAL(apicv_pre_state_restore) KVM_X86_OP_OPTIONAL(apicv_post_state_restore) KVM_X86_OP_OPTIONAL_RET0(dy_apicv_has_pending_interrupt) +KVM_X86_OP_OPTIONAL(protected_apic_has_interrupt) KVM_X86_OP_OPTIONAL(set_hv_timer) KVM_X86_OP_OPTIONAL(cancel_hv_timer) KVM_X86_OP(setup_mce) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index f378cd43241c..97e95b88bc6f 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1830,6 +1830,7 @@ struct kvm_x86_ops { void (*apicv_pre_state_restore)(struct kvm_vcpu *vcpu); void (*apicv_post_state_restore)(struct kvm_vcpu *vcpu); bool (*dy_apicv_has_pending_interrupt)(struct kvm_vcpu *vcpu); + bool (*protected_apic_has_interrupt)(struct kvm_vcpu *vcpu); int (*set_hv_timer)(struct kvm_vcpu *vcpu, u64 guest_deadline_tsc, bool *expired); diff --git a/arch/x86/kvm/irq.c b/arch/x86/kvm/irq.c index 63f66c51975a..f0644d0bbe11 100644 --- a/arch/x86/kvm/irq.c +++ b/arch/x86/kvm/irq.c @@ -100,6 +100,9 @@ int kvm_cpu_has_interrupt(struct kvm_vcpu *v) if (kvm_cpu_has_extint(v)) return 1; + if (lapic_in_kernel(v) && v->arch.apic->guest_apic_protected) + return static_call(kvm_x86_protected_apic_has_interrupt)(v); + return kvm_apic_has_interrupt(v) != -1; /* LAPIC */ } EXPORT_SYMBOL_GPL(kvm_cpu_has_interrupt); diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index a009c94c26c2..8eefbaf4a456 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2966,6 +2966,9 @@ int kvm_apic_has_interrupt(struct kvm_vcpu *vcpu) if (!kvm_apic_present(vcpu)) return -1; + if (apic->guest_apic_protected) + return -1; + __apic_update_ppr(apic, &ppr); return apic_has_interrupt_for_ppr(apic, ppr); } diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h index 1a8553ebdb42..e33c969439f7 100644 --- a/arch/x86/kvm/lapic.h +++ b/arch/x86/kvm/lapic.h @@ -65,6 +65,8 @@ struct kvm_lapic { bool sw_enabled; bool irr_pending; bool lvt0_in_nmi_mode; + /* Select registers in the vAPIC cannot be read/written. */ + bool guest_apic_protected; /* Number of bits set in ISR. */ s16 isr_count; /* The highest vector set in ISR; if -1 - invalid, must scan ISR. */ From patchwork Fri Feb 28 08:50:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995919 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2073.outbound.protection.outlook.com [40.107.92.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 41921254878; Fri, 28 Feb 2025 08:57:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.73 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740733029; cv=fail; b=opsAo5bTl7v17QjpXZkmvLawlLccvmaMuvCLENz3oCrTd/3Y6tXULvx7XDkwl//+Tzzf1a+jb18wVoqUVZuLtPJtTZLcfoHTLpeHNgNzJ3EEiuKb+lAC36NW4QWbk+0luepA5pa49vsWKCjVdwyT4n7gqbui/C5WvpcsUwztaPg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740733029; c=relaxed/simple; bh=nSoFge23z38HMX+Rr8aSVIwjo/16W+Yl00nfwyc68uo=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=LmBOzpevJfx8GRDz1qhlzU34KLuBjHVcRr5Kxte7uY4O4GjjQxodvCLQ4b0wnC9XpiTXGjAXEuD4cYNMOs6+OOlCozDw1MvNAaUX2b30teBKW569J5oQjOLbfmz1g4tUKJNjc+QOggURbKNg9FFdm0tLzI4omxzGCV586+9j+sg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=c+N8vqfL; arc=fail smtp.client-ip=40.107.92.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="c+N8vqfL" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=g7EwiZLspJWhlh+ULmvKTClI9BO3+Sm5hSHgMy3HVMz3VapKNipqi5hz/BZaAgl+wFNpTjeIR6Pkk5tY79IiO5PJXnK0OW3MoIND5I6vpuws19pKhkJboxPiYLm+aXTAg/dxQ1f1rjp1TmX2gvujWZnjDOw3PgQ5Cj9wSRY2zaJWEcBcB9aZTeQz2N14Caz8786OnlW/Ylzi91YMcKTXRnftA5Y1jc0VwmVoRaLu+I1FQfdXftM1r9as3Gdm0K0aMN6qmIx1i2RV/fnSDBMWOY28N4sbdenJuIEVDn74q1W3QJHvVm3+quSV6BorPYaBe3pe1aP+QTXkReAoPUnadg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zQanG7MOkHGykUX2rWzAtO/excH7lXi2RltMNkHy5p0=; b=fQvdY9Sg25rx4Yb/E4M5YLTNy9S7zLaaR08oQ1z79kqNYUGhkgcnc7J6cmYmwu+En0W+bnrxFrPhZK9iPGNwpUY8loRrO/cxDSWcanv+fHcLFvVjAMdna3MaAvMGHJ/P+03zul+ZxW0bWFWlX6/i2T6iEoMnOURVyEweu7q8apHG2stzoGZJhniLyj5SLZ0CMaqal6AzewzR/Tf6WUC87RXUrRqVlqAjnulFZthsO8rvCTt4BrfMv8Xy0XDtZfV7Bx4PGow5a+fwbLAZrmcd5+madBL2WBf++W9zKzBqcTA3P+PTYLU3vuyC9EYYr3F6dla5rdPMliCdr7mQ2yuGdw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zQanG7MOkHGykUX2rWzAtO/excH7lXi2RltMNkHy5p0=; b=c+N8vqfLPmxFCoG/CqOiVcMMW60YzTTOOGZcs+WJp9zH6RNSYanPHhI/WoVu+lWsL+GLJPct8MrjOUhnCsLVv2DxcaJKiNkCmNE97BZzWmGzFCXOKSgZCfaXVt9KFS57qZgy7aUscRwqeR8fKcjHTO19eqb6+Alrrzi/W9oeukk= Received: from PH2PEPF00003850.namprd17.prod.outlook.com (2603:10b6:518:1::72) by IA1PR12MB7759.namprd12.prod.outlook.com (2603:10b6:208:420::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.23; Fri, 28 Feb 2025 08:57:03 +0000 Received: from SJ1PEPF000023DA.namprd21.prod.outlook.com (2a01:111:f403:c902::13) by PH2PEPF00003850.outlook.office365.com (2603:1036:903:48::3) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.22 via Frontend Transport; Fri, 28 Feb 2025 08:57:03 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF000023DA.mail.protection.outlook.com (10.167.244.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8511.0 via Frontend Transport; Fri, 28 Feb 2025 08:57:03 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 02:55:55 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 02/19] KVM: x86: Assume timer IRQ was injected if APIC state is protected Date: Fri, 28 Feb 2025 14:20:58 +0530 Message-ID: <20250228085115.105648-3-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF000023DA:EE_|IA1PR12MB7759:EE_ X-MS-Office365-Filtering-Correlation-Id: 5273ec31-9bcc-4841-1e22-08dd57d5dedf X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|36860700013|376014|7416014|7053199007; X-Microsoft-Antispam-Message-Info: ja+Nvyekr5ZtuHusljgQYKDxoJ/YFhml8dRASCEaN0BCK10+T/Ta35Yfh+z5WrksI7FYe76k3972pgB/G/MEioP/Jcon2AiYnwjo+xus3locYSs+RMXDwyXMKc+4Phwap1LA5UlFE9LBsqTby5kYr7kt+ZzGxrZifi7sKx7/upUN+dH/j3rQ9/trs+xfdA7g3wzZ3dSg2a3NpXuGuaKu4L9J1TKeAXnQFUA+E5Bgve+bdCgLiaivkZfp4iTvV1x4fiJA13jDGXSt82J6xstmAzuq0M0Y3SlmR4+yvn0mp3AODyfkzOi2UBYIJcp5pRZhRr2uJopOH0pxRS7h9V18orDYXLovFG+taPWNaKZGp9kBg68P7s8xKjPns/MUJipL3DEDdcqyIg6R3ekr1RRycnSP/lPYS1SNvg9N4JdlTNq1sAIRZwiWWJhOkdV1lzUrPEbCzy5JnQOEptuPv0iG4RMYRK6fnxIdaA/3h2zXUdVIxJW9QqfxXR/23toNbspmP8M1iLI3gS1eFlWSoPI3TYqnL8FtXWH7RCIvwiLqalbohMhXO9cVbQgXLeKbMoAGCHgy0KM0Tkxl9k9GL3ohkuHHXg9F17Y42sbuqc11xxGt3/8qJPZjr6FPLoem57FoVHnkIGpB5CjI2vB0P/Qv/RMwnNS7bDMSDYc6Kzgfp2DdZpwnNLnfsoD5aO2H6tCXmDmEOSKlUhWRE4RQ9sxGPzUCRjvPI2du1dKDRXM+B0BeJW3kA7Pj4FLRJGXpVnMM0o6WwI5rhidojNeXKxss2jVG7y21IUy5rNKzBPfL2u4USHtwkhzdlWB8QjcXt1Za+7DbG02wmgZ3DPWAHP9pXTsGFVaYVAdYT4jH+Pfm6agPzP4e9Ait4in0ZEZFcrp8KiyMflEJHdcvcQGeQjvb+j9zQdyfhKpcD/AM1p/ZTI9wa2n/oS6kq5k1RPGIZaVjHOt+Jl7vOjHSe1TBpZHaPuu+zkMlSlhl9FvEeIvvizvFhgvQfYjKwZnYgdGaDp6J8bs7aznlVr2QhEr5dDWjlY8Pa6We20e/M/7sDpO92xsOdohakJK4lFei8yD9qVD18GOQzALATYneChXkyKzzbh6fmW6hhhmhM33qimtMAZvhDPcs1g8f5p32mPOrSFkPwobVOArRZ4EydmXB4HUlFe4x+JqItLMQ1J5dw8+hADP7kBAX0ifdmHQoJnAkRlhhAvqBAFhgjoefbwec0RjzlxQmfNEJ/SASjArmThYSybtkTARiVdFe2YvZXhgRJPPd6vPaxPAVy3+S1qu2facHDWebhyvyhUoUVEEmEtQ8qDjqYQNrDxBBOTaP3wH0KqzAuptsJ8HUeGbVl+rc3OE63Mf2o3k+ZHVfiCMPst7B6t/Mn6QGry8QCSyw4h0z953zDxoJi0dgQSTKDZUDduE6+mgy12kUeaRpbH76TEhDWhQKXoC4gIxcd8tVHq1UOS2pygUCJ6Xa+pC/3RcCcKsby6rIJcrwNTrdODuDoJH8ttg= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(36860700013)(376014)(7416014)(7053199007);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 08:57:03.3574 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5273ec31-9bcc-4841-1e22-08dd57d5dedf X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF000023DA.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB7759 From: Sean Christopherson If APIC state is protected, i.e. the vCPU is a TDX guest, assume a timer IRQ was injected when deciding whether or not to busy wait in the "timer advanced" path. The "real" vIRR is not readable/writable, so trying to query for a pending timer IRQ will return garbage. Note, TDX can scour the PIR if it wants to be more precise and skip the "wait" call entirely. Signed-off-by: Sean Christopherson Signed-off-by: Binbin Wu Signed-off-by: Neeraj Upadhyay --- - Not intended for review. Taken as a base patch for this RFC development. arch/x86/kvm/lapic.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 8eefbaf4a456..65f69537c105 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -1797,8 +1797,17 @@ static void apic_update_lvtt(struct kvm_lapic *apic) static bool lapic_timer_int_injected(struct kvm_vcpu *vcpu) { struct kvm_lapic *apic = vcpu->arch.apic; - u32 reg = kvm_lapic_get_reg(apic, APIC_LVTT); + u32 reg; + /* + * Assume a timer IRQ was "injected" if the APIC is protected. KVM's + * copy of the vIRR is bogus, it's the responsibility of the caller to + * precisely check whether or not a timer IRQ is pending. + */ + if (apic->guest_apic_protected) + return true; + + reg = kvm_lapic_get_reg(apic, APIC_LVTT); if (kvm_apic_hw_enabled(apic)) { int vec = reg & APIC_VECTOR_MASK; void *bitmap = apic->regs + APIC_ISR; From patchwork Fri Feb 28 08:50:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995920 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2051.outbound.protection.outlook.com [40.107.236.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B28C6256C74; Fri, 28 Feb 2025 08:57:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.51 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740733034; cv=fail; b=sHjzSZKIXiTsZd9Nncj2QLIqKZo6LUSLWhWUgARUNQ4QD9dnh+bNsoUMZNYUB8WQ7gPujwLB6na0snby5DQcK3+N6rWxtqSXFF8vIhvbq+sAGCSKK5aDUf+1QEIPwBK53EQN0C+j+kRzGQ0nbVQNCwbO4mL2Q5MCMn8RyogqKZ0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740733034; c=relaxed/simple; bh=eIT5cW8GqVTCoQCjR/UBbQ+EyY+Lhc94mgmcKN2mXlA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=B8xQcQ/mcokUjNn7eZVpa8JaSUWxiFaIO/OvXths98yyr5GzC2FGa3GVft/dfHharWxTA2gnpAYtUl6c6xmoykpmw/VhiBZ2k+Bk63X45bG2CwN+Z6YRCXA6LY/+J3m+VFQPMz/y6/upHtcn9amQQh4hyiXSl1vcYx3+PbmSFBY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=tv1pYrLh; arc=fail smtp.client-ip=40.107.236.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="tv1pYrLh" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qqsIbheRI+JoR7rsUWYpj/tBPl2UBEJBz9L7MmGwoA74cXJQ6U1jY1VTdIL9mG6/6/vR5LwUAHpg6peCKgv1a1pZ0gfx7/ngRNUTRyJDK0nC0AaKvYtBGasYhiw9aWCdrqv12CDVTd34BiOrh9ixqKVVgATVx8yth7hsTVJlXugvgwVPymkS36LmkfJxKbeKvYQjDugwSJpMPA0mEtq7Hgm5dvNP8tRx/R7RjfI7TdQBZgIEvlU+Ifx1J5UqyWZCzAuEsim7fDkx6x0SPfuADFu0/jqlleVSZDbGXaKa/dIJLrGRAPOfvY7xwCHIyqemzIK4m9L/dIq3WGhJHf65gQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7kiCyma2xPUQLUeTPXj9V3XZG1rlkw2+oiEWx33jfG8=; b=USJMKYIbURVrkT1ViWBOJ88bpqTqigWVwtvSgw8pqb+i/SFpj+vv7tRyOwOhLJQDLFK2t5+iEcB0pcTPupl1cACwPd8fdMKMFpaptUCUnIGTtHSrZlYSpiObBLb97Mv/YuNNgxeHTuR5k3bPYvRbA+3PaZcEmmdeKI+Kh+XHGtA/GWGW6NDnVBQV4ivVSkPUBaH61XhKlG9BaYUijOeN7DUL3+nXIL4BRhDeWIGAUHJCuQCZ8UXiORGxntVgdtMMMJoTvRTc16V7Zz6DDlQIP+TKDbal2u7sisVdh752vfT5NdEV1cnyjScvMZXK32m97RxEkjqxeaDz0nRnzR6ORA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7kiCyma2xPUQLUeTPXj9V3XZG1rlkw2+oiEWx33jfG8=; b=tv1pYrLhYPrNTaiRtqG0wQWnRRNbRxt41Bn58roYRiY+iX4D3QSMe/NF00Hp/Ve4gl4KTldhIATrTBDgCswjaNNKx8trcjtU26DmIp0zBzMV4DJgYQ47kNdigrbLZXXgh39495BNyiGdxXQl6/7jrSjLDoG1QesZgvK+3vayTwQ= Received: from PH0P220CA0024.NAMP220.PROD.OUTLOOK.COM (2603:10b6:510:d3::29) by MN2PR12MB4174.namprd12.prod.outlook.com (2603:10b6:208:15f::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.23; Fri, 28 Feb 2025 08:57:09 +0000 Received: from SJ1PEPF000023D3.namprd21.prod.outlook.com (2603:10b6:510:d3:cafe::22) by PH0P220CA0024.outlook.office365.com (2603:10b6:510:d3::29) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.23 via Frontend Transport; Fri, 28 Feb 2025 08:57:08 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF000023D3.mail.protection.outlook.com (10.167.244.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8511.0 via Frontend Transport; Fri, 28 Feb 2025 08:57:08 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 02:56:43 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 03/19] KVM: x86: Convert guest_apic_protected bool to an enum type Date: Fri, 28 Feb 2025 14:20:59 +0530 Message-ID: <20250228085115.105648-4-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF000023D3:EE_|MN2PR12MB4174:EE_ X-MS-Office365-Filtering-Correlation-Id: 10ef9f16-b276-4913-5032-08dd57d5e1d3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|36860700013|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: 2/hhI4jUN1a/NN5uASfJXpPGBdW9mdHjOMxDArbeLwHgvPvnKJzO7JJmrUQFGD8x9avVhZu/rvm2C9Dj9XLi0DhLv36Zg9O3nu9zRgwuA9Tt1NiDQs/eQsG07G9CGLvQGljqZdubCf3HM4oxevcqlbKFlPPyLyd/z1XGfjQTq3eYvnqeKmJSx7OAKPo22AHcsrOvRSpKqINnIQyk/VZcevdzyfmhacb8zlMZAw9vs2/W43EQ5DsHZHUKkHNZ1TmuuxM//UTceo/p+K3IlORljj1MoWu9cCfujgmaGRB2EEVzNW5U/KV9XHdA0mkiI4904u6p5c1cTaJMfhZisLhKsZsOk4SuADbZ5QmldiXXIlK4xr04hXpm6YJU4E4lANSyxF/Cwe/2DCEI14uNFrdSvXkau0R1nbe7No0H8vvzS6EA9L9fW5shMvNu8mp9GgKi2vqV9hB25eT/RvE/mhOHzMorwDFS4U4l20bxdaiQfzFWNJ9lgv9riCqSbeY4P+XFFCjps2Z3tO1T0B9y3rW/dtaj/IUrVvjVvbiArBxamehba1Go3+PUftZH3ekTD+GwsmVKFYtvar2DP+k0AP9KNifXNrU5t/KWjYULKuJCL6YIyQjznY1mDT5vmYGTHIDQ9XRW8ByfVVwo4I/ULxL4VO3zj32kltsnrPo6RBzYw7SZgOPjB+u1TiO2S8j4HvkOty3z2/jMCoSyvLxnhR60kkAwx9h1HU8Ohi6m/OzMboFae/+CLyT3SnQM5M+r3dqeMhs41Yn7v0vxIUHHZZ8wDJQGZi4L5JDsa49KTKvYcmy/xTYod6AbbOTfSR3HNGv0CIwa3cy4jdxJvkbeiOC4iL16n53FdFjMzdB/Ud0asU8PlldGmI4zXdcibc0FkDW8TdSWMHFnlP5KUEaXeW1UZF22N8iCc+cYpfmbYM0rLw5ip2ZVazx8r3wU413gngbyfShqI+R0ee0lj+Zyi3WHFmuLHEoIjkYtKP4CrYTxyJW0QHFTYG6uoIKuA6smU2XyTkt1YWUiFYPvKoYTV73TagVOGJ/aUExUCN7zXvo00j+IQRXt2Qun2rzOpkk2o9ES8DVHwNucY/4iRYrkST3Hkh/kMY4O7HkXfkXqIo2LRzsXhWAH02N3+Ao2lGBtDyowdHntp+nGIl5grDjO5Zblcb/E7ORgiZMFe1X0/2mIEBOseSZMNiQug78xNlE3U9NAtp3fEiECMStFpugoSDYV6bLozSZ3ekDTEhjTSnTF2vI84FwU8cDNNWzpEMzs9535VZX7N6bIb2TyErLV4HQEk6LX9qIcOdcibR0ZhWwubnoHs4nNNeFk469pkCaxxZa06EGXaGLh4gTboDxifBAfKfvAgnm1YtmSHxG/sAWTVbmDLvEr04RCa+HohH9gAqAAID0JFrAzvYUzs/Cw6v3bFrkphsZDP+QuL17NpaaVPxWNy8aZ5CZj3h/36kc1ShqFZ11oDLBeYd4PLEIMlQlSJ9w7kKG3qYXnHTy5JDbrXHc= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(7416014)(36860700013)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 08:57:08.3288 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 10ef9f16-b276-4913-5032-08dd57d5e1d3 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF000023D3.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4174 Convert guest_apic_protected lapic struct member to an enum.. This allows to categorize guest APIC state protection according to the KVM interrupt delivery mechanism. This is used to distinguish between SNP Secure AVIC's interrupt injection-based interrupt delivery and TDX's posted interrupt delivery mechanism. Use value 0 to indicate unprotected APIC so that functions like kvm_cpu_has_interrupt(), which require KVM to call an arch-specific callback to determine whether there are any interrupts that need to be delivered to the vCPU, can still use non-zero guest_apic_protected check. Subsequent patches for Secure AVIC-specific interrupt injection checks will need to use specific guest_apic_protected value. Signed-off-by: Neeraj Upadhyay --- arch/x86/kvm/lapic.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h index e33c969439f7..c9ef9bce438b 100644 --- a/arch/x86/kvm/lapic.h +++ b/arch/x86/kvm/lapic.h @@ -55,6 +55,12 @@ struct kvm_timer { bool hv_timer_in_use; }; +enum kvm_apic_protection { + APIC_STATE_UNPROTECTED, + APIC_STATE_PROTECTED_POSTED_INTR, + APIC_STATE_PROTECTED_INJECTED_INTR, +}; + struct kvm_lapic { unsigned long base_address; struct kvm_io_device dev; @@ -66,7 +72,7 @@ struct kvm_lapic { bool irr_pending; bool lvt0_in_nmi_mode; /* Select registers in the vAPIC cannot be read/written. */ - bool guest_apic_protected; + enum kvm_apic_protection guest_apic_protected; /* Number of bits set in ISR. */ s16 isr_count; /* The highest vector set in ISR; if -1 - invalid, must scan ISR. */ From patchwork Fri Feb 28 08:51:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995922 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2042.outbound.protection.outlook.com [40.107.244.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 980C0254B1B; Fri, 28 Feb 2025 09:01:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.42 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740733274; cv=fail; b=i7Gf7e7z6sqLZBKSbWuvDTPDJOW4ai7kjlFR2ZEMga8E6vOKz6/8wweVmzkTWAMR1t384VHy3MlarNmTdWpu4EDxeABk7pfQF4YTKP+Kp2pLXcZqFCZPRtypfZ/u2JHrQXlvr7+K4nBVx5J4eexiuVlI/Ilh+Bi5551a8+yPjvI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740733274; c=relaxed/simple; bh=fFBcyQPcVRzIA11GLdfiP2bhx+5xYIgbDsjiUqti8/I=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ayAkOETNN302FmgouMK0VDJdfmrtPzYAghemOmZcG9ppQsFLjh8PM7SPzxmieTE2PWz2Oi9b7of6QIGo8o1eRNSZ8rNZ0oDMl/U+F6mQMUV621S1EWR7ub8NwlcSuqFEUCRtBWPENgWO2mBEZjFBYtcHi9/2nlA+12nBfIDy0mc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=XjWWX8Dm; arc=fail smtp.client-ip=40.107.244.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="XjWWX8Dm" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=BYtR8ieA/Pl+k3fl01F+3xlK1/vWhhcFN2lSyO5SAaxBsEexAPjJuE4z45kcMQ153edny+6f62CgCGz4ftrVGqbC60AmqngMtJZpEKtz5dBZzMfuVXJkJPB1Sua9f+sMEwBdZnp6YRgSd9XNAY3JktjkyKZ/F0Abf7wKa02VkUacIVuGX1MObquvWCG06E5VtJtL8OOj1Z5vRPBOTPXtBg8q334iT2+HyZUirNcbD11tqmyKosiHsgucEKppZHDH3O8yZpBHmSHUvJmpemRyyAeUiEN4Mp6qLVOEVyvYA8uYQvxE62MfS8O+oJIi4oRQ5Y9DxA6aY8dR7be7IbZO4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=S9oExLAbdy9++h3fPmDSbrv8v8y8GidwysKt4q1TF20=; b=KOdTLFyV48nVJeXm42HsJrkNLqc8Lulnp5HeHRHiV6qWqzao3sW/r0/03U5VdzdzMCcmPw4Nq3Wh59zT6rjtCwI8KntZLmICr6Ve4I7TJ9u5cGM82AMk2lV7/tSSnQj6PCnZ0xb725rwZHSOG8U15FdXqB9vnd0AxefdGlWh3m1XRKYNvX59QyUm+2tLhz1stJ99KUVLsXAk5axMpw7DZTzG9r5QYyY/jYJ99JlLMJ4hkizlH4rBR169RAN58dOac1EzKQAg/5mwCzgnhxFBgMufB8F1ruiDcOcCSB7vs6Bl17gi5wedc10qCABXyR31HK4dCtbttiVxKVrjAC59yg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=S9oExLAbdy9++h3fPmDSbrv8v8y8GidwysKt4q1TF20=; b=XjWWX8DmBxwdRPonudmqto7jotC4vLpBbJwtphnImUO6bg28Bi8ZSjOmUKTWaD3IZAVxKPbrbj3TkBR2cyz2Zp7isk83HHAEY7jS4/mc/YhieGLaZHBrqzrSW4+wvc6dSEdlzURi09Svs6OgpVz59WKEIg1cngEzz3/2YkigjQg= Received: from BY5PR20CA0026.namprd20.prod.outlook.com (2603:10b6:a03:1f4::39) by IA1PR12MB9466.namprd12.prod.outlook.com (2603:10b6:208:595::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.18; Fri, 28 Feb 2025 09:01:09 +0000 Received: from SJ1PEPF00001CE1.namprd05.prod.outlook.com (2603:10b6:a03:1f4:cafe::e3) by BY5PR20CA0026.outlook.office365.com (2603:10b6:a03:1f4::39) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.21 via Frontend Transport; Fri, 28 Feb 2025 09:01:09 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00001CE1.mail.protection.outlook.com (10.167.242.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Fri, 28 Feb 2025 09:01:09 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 02:57:48 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 04/19] x86/cpufeatures: Add Secure AVIC CPU Feature Date: Fri, 28 Feb 2025 14:21:00 +0530 Message-ID: <20250228085115.105648-5-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00001CE1:EE_|IA1PR12MB9466:EE_ X-MS-Office365-Filtering-Correlation-Id: 82ef97a2-e44f-420c-4e85-08dd57d6715a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|82310400026|376014|7416014; X-Microsoft-Antispam-Message-Info: gbe49Knkl5HRMYL+wuGYfCPXX/MP62JvbO7QBT/bf86Oww6JDVkZ2WD+//eHGfm3fc3/c6N10ia55KTY//LVQp/pitOACaLos3G5zcJ0gRV2qkBUDMkT1gw9kNXGmORCgAF5abfRr9GHs9d6hIZKJ6QqWV7kvyAqcjZoP7gZCDyiHbPrzbPN2oXOakxpYA85JaeJfFyV9K4hO97OghY1qR1xXY4l6kBy+mifLUvH6spOPm1JVCMIvfagEIOjV8BF4JYi30nBucglyeHzwUDLfR201ViZnNEnBZFmFpG2f7fpLvdTwHhS5zDhkEDdry8XIPt68goIJdtkgolbWsTqzM5luv/gpooNRGbmNLBI43NUzMfVbhS/OV7LEhjYh1hE59NksrtrCWfdz0ZPmYrkLM3cNaV0mKqz7c2cEHuDL/Xm8rNgqyILIYq6EY2ywJE1rugrKOtrBnUAXHgUYTfx3/DB7Tij1wbkdKkRUCBAbKSvChmYwozKzoUUETFlWQrKYOKlBEhvgvcWiJLbcDf/oO6/zrN4FNoawI4f1sRvwoVFhb4LVw6hsKrUr7Oz0wZETEZSnKfBaEvrIBNP+BO9mpA3Sn3X6b7dbj8JWfJYq6fb6kE59ymQfjmt5A1zWJEtKohj0dQhcl0glTPMHY6wUij+/jGtQli0XKABCNzsmDkTRTn6dTGqsBz7aJU+1CIeCbVktUN3mzIdIMDvsMkxHU/hXi9IquMg66vy6kosZAnVfQxWiD17QzC5WY4e9lB/nNcZJoPqWC4HWhPwx6EDTDNjsXKCzL26bfMLHLvORSJZ7wrBMp3jsZY1Ix23hJ1x6zaAbQG3jKr6fvzLoRI2w0cz92xITzjw0LMFreTEiWdn33fE3c+Xj45vUAiuJ1lP/mvu6Eyfmr59y7GBN2qhZVmZ0wCuFTT2vwM9SnQ3erlJk3TY+g83qivWR10hjRh7CTV0IdO4vXfDRLGnwnazQR8proie6yicmmi1VoAcbxWWmhjqHkIEIA4tYtdhlJJnCuQJBuFO/15g9KraRnU61jVtiuhhlRKrKsTSKPDeAENPHGdMC/WvtyCWZQmskwXbxwS8FHfY7UWBcA9OTySLsN2RjRwPbflTglqXIIJbXG+ZPajQeRYSok97zqdBqo2HyMxN3dCdf6zRDPu2kdwYIR55B8B+19MsaOuHRextXNJcRKr2jV5Dbb/EmCvaSlCjjnr9Z5QZCtBR0jYko+RbYStWVvsoILim/wnBlWDRL4UmvYwMe0zu58bBLO6mGqMijbakf46zGpQBVs9BH1L8Badf8Vcmwu6qCSklVIEoSttj/Lpgl8Hsl/hqo3vBGBq1zdaDIjcHejFjxi81iRpEmR/Zt3VKHEqdC4+szRsroyo3wVH//3ZiNk3wMPo6APJHI5iqTnXkecDVVzvdpX2zn4QVMJBCvbHbdiQ7i0ccfPVArhxsgs8D7OswnXdGkl2MoFuYE4KBuItU/CRBjdgfB2tbIFhN42MHGju7E3TWRtk= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(82310400026)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 09:01:09.1746 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 82ef97a2-e44f-420c-4e85-08dd57d6715a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00001CE1.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB9466 Add CPU feature detection for Secure AVIC. The Secure AVIC feature provides hardware acceleration for performance sensitive APIC accesses and support for managing guest owned APIC state for SEV-SNP guests. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- arch/x86/include/asm/cpufeatures.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index 2ba5c11941ee..a63ca1b34b3a 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -452,6 +452,7 @@ #define X86_FEATURE_V_TSC_AUX (19*32+ 9) /* Virtual TSC_AUX */ #define X86_FEATURE_SME_COHERENT (19*32+10) /* AMD hardware-enforced cache coherency */ #define X86_FEATURE_DEBUG_SWAP (19*32+14) /* "debug_swap" AMD SEV-ES full debug state swap support */ +#define X86_FEATURE_SECURE_AVIC (19*32+26) /* Secure AVIC */ #define X86_FEATURE_ALLOWED_SEV_FEATURES (19*32+27) /* Allowed SEV Features */ #define X86_FEATURE_SVSM (19*32+28) /* "svsm" SVSM present */ #define X86_FEATURE_HV_INUSE_WR_ALLOWED (19*32+30) /* Allow Write to in-use hypervisor-owned pages */ From patchwork Fri Feb 28 08:51:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995923 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2085.outbound.protection.outlook.com [40.107.93.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4970A1EDA2F; Fri, 28 Feb 2025 09:01:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.85 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740733285; cv=fail; b=k4/CLq/VrLSD3BBVZiTeJuprlpfBX7zuedWdkr/sLy2c7mv+9vPookoYkl//MSBdzMxmA4b4aedK0PFpc2MI8kaZBRy1m6guk3+AIIg9GwACFu6swXiRVINSYzcr/UGa5MwUM4vdTxcO5Ya8YpVqH2GYELEuk/tLtJed40gz7YY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740733285; c=relaxed/simple; bh=jT72YGGTK/7/6vpLax1+u9YGtSvyZMeIBiJ7bKSgRSQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ev216giOSUYV/oASsKAkJRJcEOsKHfabYnyjAHZ8P4hStb9SAJsMgAFxe+X7qDCCf+SKoZpVWMjc/c7L0WToXBbf/MMAvQH4lxq8Rb4T7tjF17dDDLl1UlT9sgc3qKMXbuwoSKmKSnzXFjQy/Fw1R+tV23tbn6/hmPgWTh49uhQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=f2smNlgj; arc=fail smtp.client-ip=40.107.93.85 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="f2smNlgj" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=e+MI8DlTE/dqrrR3xRGZemKfB+Sa0RZYiQb9CrYhtuRH2kvZNWcpUHqOqhTHzPhN2goOnZaPtcNmRWegFQ7rNV6n0RHBQXcxe1WFOrotFxBqaJOOdAj9ArWVn7ggbN7F56y/XxigIDLyBkFVLJMU462aGxifVMum7lHuew7xwzwLONjmHOaH1BRaeLY6Ej0N3iklM5YlhgL+L+Pqhf6o+qN6EHlF0jxV0i4yFaPNMKWnK/Qt3pA/FNJuSfVITUAy+FwowxAs4YcuSCN5ZKng3HK97LykIqLg+OMdAkezy5V7NQMI8XCmQzZNN8ETg0C3p5dFMNxwCfTz2I1yDY+GiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=u93zLMV/4DhbvBDrJ7XQZqSoCduVlZjlSyLf30KDlZA=; b=GOoIAuIl2sSg+6fQrhEE34PaH6CCmskKb5s+JUJjtzkusHxOJaY4uV3zQf6YmmCdjuI4a71MtWpct3MLu+Qwe46OmryQ4Xzzv9bMYHl4ghuCvOq6BZvqrCVm+GC05TvTVqkmZ+2JLfB0qERKwRtYWuF86apxXEZ6vcJJ33pH0EBrAda/KwckhvqbpJCkeKIBExX1mTHtlb4UDpk1g6RKj07aK8f0Lk895W0jcfSvlzzKjn+S2Acrk6xvfrn5g0dpVvfODmfsBq/AfoKe+QRFvku5pFopE/YOtrvQaVIc258yzgEwBZJmTVoyTC/vopfpph0C3QUte3jW9QGgf8qQdA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=u93zLMV/4DhbvBDrJ7XQZqSoCduVlZjlSyLf30KDlZA=; b=f2smNlgjmU/xkTNMp2SXvQQRnZdjfGKplM0UvmVLrOrqrR5k2xkXzJ6SLRkk/Fv5byc6aGe3gNSWRcbDb947Aa3HtQwXdBs4+3abzeA+QpeaFYCBJeUC8FiSn2WbeqGBa/Lb5/R4oQwLPTzur+s2oqUEz5aJWOIhmZWNew+D5SM= Received: from BYAPR06CA0018.namprd06.prod.outlook.com (2603:10b6:a03:d4::31) by LV8PR12MB9334.namprd12.prod.outlook.com (2603:10b6:408:20b::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.23; Fri, 28 Feb 2025 09:01:20 +0000 Received: from SJ1PEPF00001CDE.namprd05.prod.outlook.com (2603:10b6:a03:d4:cafe::cc) by BYAPR06CA0018.outlook.office365.com (2603:10b6:a03:d4::31) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.18 via Frontend Transport; Fri, 28 Feb 2025 09:01:19 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00001CDE.mail.protection.outlook.com (10.167.242.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Fri, 28 Feb 2025 09:01:19 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 03:01:13 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 05/19] KVM: SVM: Add support for Secure AVIC capability in KVM Date: Fri, 28 Feb 2025 14:21:01 +0530 Message-ID: <20250228085115.105648-6-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00001CDE:EE_|LV8PR12MB9334:EE_ X-MS-Office365-Filtering-Correlation-Id: b64991a5-4396-4229-c953-08dd57d6779a X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|82310400026|7416014|376014; X-Microsoft-Antispam-Message-Info: K/T1CM6ibk24wHh130y7OW0jFdgbgfgiODtgNERzI6St19zSbjMrhw1mLUKt2k/adUvY8ZDy41xJoSCwnahhzxeaJHq1/RbriJ/GefOUbY37Rsa5LNBM4oBJMGurNASWpW7LN7K1Fl9ss92rNCqrF3/BAQJAbWIBn3Q2v1F8J2H/zRf7QoV5//1WhAQzshwtyGxE9hRKzeu5/IgeleJ9ku1RkVEk9XmQnr/dC6khPHC6K60c9BvKpqIwCz0gAEO/c8Attpl+bcJVcbDNnyqoW4B8erPmK0LPFOE86F3o5ApPnKP2wELVIC7bIpv+m3O7X/WH0OgPm0GBZwSjWFH060jRcq42prb0STbNB0vZM8buZeUGtM0wojDu7ALEI7bM+f6UknW1B0+pwrpPrw898QLJP8RocEoaAwTzU1oHQAZgfQ2MumcVLQ5IrzVmPnxjjg1IiLxVhCcq89vJ477pbzDrzHEznKpCrvj1fB3Q4WjOHTJ25UwKMzo1oD6krg9BJxql5kYrXmmF7KEgjh28P4orbj6A2XBpRpffJ1bGeevEZkes/u3INqUWZVGyAT1G7oq0EigyUM4s1nKzEmT/s4Eco8lWV/06ajA7znvK4t2V1xFIw7xYI+tlRn/EJnS/iYt8KFIZJjhRKLG75qWFLJlA6UOS5a4W+B7Di7IkF8zFEh4qZNQndFEBYBe17wkMmon8ydB+wlpeatut1x9LuS4KU9Kx5TEqCPYbwUicVUuB4oV3xv2gXLRT6cvr8n5uav21JCvQEHK6rV8BVxV93/fVz65xk0U5feEfK5JLwfKxf1Naj8VH0vv3YZuTtkx6egwNnY9VCPUS86aeDXvKWu1XBc86AN5FfVBFMKDNNEKmp/6LfCNbeXW/VWqBoAe49KBSA372xGYmElCmg3OiA3zAI8z9+JUk+h1xnX3hFcykQ+MV+KRKUmWTJsBDGH44tGxjpwYu4uc7yxz33GxE/2Sgs8kRqB1/kRpPcCxXnBmv3dCOxY6PX9UgBm8IWVO/mYkHaj09B+QwO1udyG+ZBNSWSQ3stNY3ENEFoVrnP1A+6q77vlYFpSwy/6Q3sxWHnuR/uX/tyZIhn3052yvUVFESv8/NgcavZ2UJI/Mijgu2dtbB3Hdasp7xXqy8trjy9e5ezrIa5sjlOCvVBlC1Bp52FyBFsFbvScjPhf1jZ/BRwqADhgYAMiKs8libj2oDr/E70IhLzbnCS48TjLRsXsqIYFdFB84MbeY743IgLY7dIoebJYIaAfDOU+rC2fIPZsv+O8E2CKvL1NbTJAzqXuEqnpIUgIMc4PGNdKH7phYWx5Qc4EEloAAUq9qkLyO8Ok6ACkZdptS7IhXU2ud2b5aY571Zpt160Sf1G8Msditn6L3kNp1r43B0kieRaZJPQIq1Fi4hckX4SyXiYdflJqaY0BGd0NUcW3tW+30E42bktiGyOLot9mrW3pP69PMq8L/BwVZSYlywSmrNoBzYwx6GPxhzZt3tBWQX37gZAdw= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(82310400026)(7416014)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 09:01:19.6010 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b64991a5-4396-4229-c953-08dd57d6779a X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00001CDE.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV8PR12MB9334 Add support to KVM for determining if a system is capable of supporting Secure AVIC feature. Secure AVIC feature support is determined based on: - secure_avic module parameter is set. - X86_FEATURE_SECURE_AVIC CPU Feature bit is set. - SNP feature is supported. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- arch/x86/include/asm/svm.h | 1 + arch/x86/kvm/svm/sev.c | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 9391eca5412e..f81b417fe836 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -292,6 +292,7 @@ static_assert((X2AVIC_MAX_PHYSICAL_ID & AVIC_PHYSICAL_MAX_INDEX_MASK) == X2AVIC_ #define SVM_SEV_FEAT_RESTRICTED_INJECTION BIT(3) #define SVM_SEV_FEAT_ALTERNATE_INJECTION BIT(4) #define SVM_SEV_FEAT_DEBUG_SWAP BIT(5) +#define SVM_SEV_FEAT_SECURE_AVIC BIT(16) #define SVM_SEV_FEAT_ALLOWED_SEV_FEATURES BIT_ULL(63) #define SVM_SEV_FEAT_INT_INJ_MODES \ diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index bf4e85e11a7b..82209cd56ec6 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -58,6 +58,10 @@ static bool sev_es_debug_swap_enabled = true; module_param_named(debug_swap, sev_es_debug_swap_enabled, bool, 0444); static u64 sev_supported_vmsa_features; +/* enable/disable SEV-SNP Secure AVIC support */ +bool sev_snp_savic_enabled = true; +module_param_named(secure_avic, sev_snp_savic_enabled, bool, 0444); + #define AP_RESET_HOLD_NONE 0 #define AP_RESET_HOLD_NAE_EVENT 1 #define AP_RESET_HOLD_MSR_PROTO 2 @@ -2962,6 +2966,8 @@ void __init sev_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_SEV_SNP); kvm_caps.supported_vm_types |= BIT(KVM_X86_SNP_VM); } + if (sev_snp_savic_enabled) + kvm_cpu_cap_set(X86_FEATURE_SECURE_AVIC); } void __init sev_hardware_setup(void) @@ -3082,6 +3088,9 @@ void __init sev_hardware_setup(void) !cpu_feature_enabled(X86_FEATURE_NO_NESTED_DATA_BP)) sev_es_debug_swap_enabled = false; + if (!sev_snp_supported || !cpu_feature_enabled(X86_FEATURE_SECURE_AVIC)) + sev_snp_savic_enabled = false; + sev_supported_vmsa_features = 0; if (sev_es_debug_swap_enabled) sev_supported_vmsa_features |= SVM_SEV_FEAT_DEBUG_SWAP; From patchwork Fri Feb 28 08:51:02 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995924 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2052.outbound.protection.outlook.com [40.107.236.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 95BEE1DDA20; Fri, 28 Feb 2025 09:04:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.52 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740733491; cv=fail; b=nLLpV5jT1/OHOt5RQm0bAdOEvC91tur5cOkVf2TrjA/24Uvxn9UqAHn/85NIvsPcpd/M7cMCR0S5Ua7thu8lQZscCidRFQUhrDomm06vZ/mzRNd/am4O0ckVhCNDuc02O9qY9XqqfuGqZOJ9RAUW7gmDVhqBNglzTN3yH4WaP24= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740733491; c=relaxed/simple; bh=6WDCEvPpkwHP20TDuahu0rNUJjZ+Jfh7kYejLo2MRvA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ECttrBs4bGIVtwGvsolLEOAt6y59cRYye79Zd1PdJQm9+JsKymCrJ3rhIutT856NySIVzVvS6PJP/5xrNhk7SxaEZAyqf2dkObuNfRXnQCJf2c+Y6B5ScGoQ4877DtyZLF2Rlubvt4l9ODBA+T0ycLb5wofPi5pFaw/Zon/eQ/Y= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=cwxLli+Y; arc=fail smtp.client-ip=40.107.236.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="cwxLli+Y" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=t8YNUoej6iOsFSY5YSzD/yMULm59VdkUpZFyRKOVEKmqFeFVzaqEjgk8BYUKKChXf77ytCZOJp4/mKJ6aF4junM1PNG40twclPOSxnp1L253tCcPTZ14kW6KF+3vh0hf4NvRZgnkxQUP8+8+xT3xOGRzwidVohCFmI6/L9oxoFuAaLD5nx50rsn2hflVS/BcFvv1lwOxy9LmU/7KOIi7tUneS7LjGPfVC3DqitVNZ1mhwP1jOIMTtnbvMYU37MsRz2upXLQLmRJBJnNF5+jU3cjEtpOHATvovAb3gf2TNHwacYs7Y1+gc9PZ+F9lpPQ9kHNE0DYdrgCvJvJ7WQjaJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JZtvj0Tmb7QFhHOr7sMRflnBPAi/75mPWS+3iodBw8Y=; b=i33YzJMlXwYj7zmx6oDw2K5Sc7J8Urdf3wISFeRuKs/iIiv0/FLYLyMep3n7YH3s2sZrfLO+PCnwBlnINGqgaTcYXDleAUIHopDfvh101McjyujkEZtAtVgMSuIWqCkhIhjDhbym8LBKgV2p/D8PvzcKHwEa1+olzttRE82ZiDMCkIDJ/T5QEVwF9cbUNj7yh5EBwQvSON2QL34O2aUs+Orgz0lGS1bm0wkvmwj8kkWFWAZF3ikmRRv5d85vEgSJaioorYdKpD4UKSp8YSeW6O7rm0R5f4Fcj+e3YIp0c771dmdC1AqLH0l8/+fYqZ+wE6GVLFZYXMfigJ+e0FDtJg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JZtvj0Tmb7QFhHOr7sMRflnBPAi/75mPWS+3iodBw8Y=; b=cwxLli+Y7sTB0lb1oWdTQO0qEqxVM7JsuTlKRn6d63YGWIFhgP+D7y3V2iuPIJYSSpLf6PWgrpICevUqlAzO3FJaq7an7csIJAJRI61b/iuqnrZJiR5MPAvAikDWLrNt8MNETlplmrXV5D3jajW63Z/H74lGU5uGcAsxBlgL71U= Received: from MW4PR03CA0140.namprd03.prod.outlook.com (2603:10b6:303:8c::25) by CY8PR12MB7124.namprd12.prod.outlook.com (2603:10b6:930:5f::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.23; Fri, 28 Feb 2025 09:04:45 +0000 Received: from SJ1PEPF00001CDF.namprd05.prod.outlook.com (2603:10b6:303:8c:cafe::d) by MW4PR03CA0140.outlook.office365.com (2603:10b6:303:8c::25) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8466.21 via Frontend Transport; Fri, 28 Feb 2025 09:04:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00001CDF.mail.protection.outlook.com (10.167.242.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Fri, 28 Feb 2025 09:04:44 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 03:02:10 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 06/19] KVM: SVM: Initialize apic protected state for SAVIC guests Date: Fri, 28 Feb 2025 14:21:02 +0530 Message-ID: <20250228085115.105648-7-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00001CDF:EE_|CY8PR12MB7124:EE_ X-MS-Office365-Filtering-Correlation-Id: c60805c5-3f28-43fe-6d69-08dd57d6f198 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|1800799024|36860700013|376014|7416014; X-Microsoft-Antispam-Message-Info: okxClPqCGxA3keLrMVOaX9/TIU9Onb2s8U9yn07F9O5cs+zHPofe0xV2At7Lm7iEdDZvHDqjoNBsFekWZcAsqu9E6N/lMwOzvtxcjNJE0w5LWxKFWbczt0ljZo76GkaMqfA4BtcbtHuu0uscjNEN4NMtJpOYtJckF7UW0dwocVQ8AaKdGeFYN2kWVUJZgOGfBTZg7CawdXdU7CIVOMXvOKhzZR0eJ0CVgbxucIWqUpWINBOwHlaEYMCw5j5+7Vp7+kPlDNJ2Loe4WvJLgOjBcRbWxT2C2genpi2Z3Qn6zSjxyYar+Q7+QDuB2JCVZqRXtio0duh9EJd6ObiCGmo3/30UmI+0oyYYSZoKvzJ7sQbbPDWQ8lOlFSfPavKWiQEQjN+fBfptGhiTxw83oP4KTE8apaM4OpwkJgjP14utP3TiIbdL7CDWP3eKMhXaTAxhgkrH4Ox7GyJQ+qk9zJWQCuQTfywjpKR9oAWJALQC3/jS7lfVCBo3SpPnbvM4S5z5DRop4Kb32l4fb1v5oHccQOJna9n3HBIg16ef72bSmbuGU6ROxFsAwCrL3GTmDUo9DmUfWwSoIFtX5KygAsnwr/UMhncyi7ZLtbhOS2bJVHztFV1fAc4pXqA1QfKdZH14MBV4xV1EGC7g/u2KGPC97fVuGL9Y0GW2axJ3IEPlgfkZsgTI5cbvp+kBGQIzzRmbleUSzYOOpcLIhsjKu1hFuIuXU+qXZv3Ij7mO/xVQmTu5zyBbwzW0ZuNeMft5X7rO8MxNE7DcOLIUJ797dbFAIrjLTdJESD+jmrOtZigyDvgxGgRyqF2MqATSyXUEe5u84zmGulLKnpoktj6k9aMk662UCtad18gala29I0mWRRMhpnI1fBXkgDgOe69fxkA4rTB5cFblq3whq3Knxgjha0OlTxBQrsp/mV+w9pnoIravjTV7i0qZz8nqouQTSHyiP7EGwHxKl6H6HfF1+HAO4dNHL+BO/GGCDijKUJKHQS2r9FSX4RLa1VJZqGUbnwAeucuI1cnSmeaWr+I1hCTPSqiyZnQOxeJf8+ZgZD2X13xVSwwW/N84hHuRjrEuytKssqtJh5cIJoZKTrswRdjHHs3PwAk83xPBLw/+1Swus1JuqMZY6Kb8MOKzsATlT0CkSbq7ijvm4Ng7ted2FI1kXVnGCahS4tAoqheFVrGgZHUjXJF3CMpg6ZgUGegjIoewuRh3dGuHGFzqp/rKMvBwKrngeuTTuIbeF/aqjfUieHB+znTwv1lcxsEqg6s0wJM2VNsSFUu1pa5VJpuwQcBXN4Z9tVbpxHTAs3/qhZOmR/utATwlIQkOuLWSLo6HCf38zhnqoMm65BiT9RngvaZPSEwZMZwG07prK5Woo6uDnsyTqyyAxNXorATeUTSw+FdErjCrZijfnkhSoXsppfTPPgFQEgMOSRiAsjYza0XX5SSKGHw1lRfpw57ITuM3Igbw5YH/Ja42a2jkA2o6DkOl9B2s3MNn+osW+QKMjeSHMBg= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(36860700013)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 09:04:44.2363 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c60805c5-3f28-43fe-6d69-08dd57d6f198 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00001CDF.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB7124 Initialize lapic's guest_apic_protected for Secure AVIC guests. This is only an initialization commit and actual support for creating Secure AVIC enabled guests and injecting interrupts would be added in later commits. Signed-off-by: Neeraj Upadhyay --- arch/x86/kvm/svm/svm.c | 3 +++ arch/x86/kvm/svm/svm.h | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 456d841298f7..d4191c0a0133 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1442,6 +1442,9 @@ static int svm_vcpu_create(struct kvm_vcpu *vcpu) if (!vmcb01_page) goto out; + if (sev_savic_active(vcpu->kvm)) + vcpu->arch.apic->guest_apic_protected = APIC_STATE_PROTECTED_INJECTED_INTR; + if (sev_es_guest(vcpu->kvm)) { /* * SEV-ES guests require a separate VMSA page used to contain diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 9d7cdb8fbf87..7cde221e477e 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -756,6 +756,10 @@ void sev_snp_init_protected_guest_state(struct kvm_vcpu *vcpu); int sev_gmem_prepare(struct kvm *kvm, kvm_pfn_t pfn, gfn_t gfn, int max_order); void sev_gmem_invalidate(kvm_pfn_t start, kvm_pfn_t end); int sev_private_max_mapping_level(struct kvm *kvm, kvm_pfn_t pfn); +static inline bool sev_savic_active(struct kvm *kvm) +{ + return to_kvm_sev_info(kvm)->vmsa_features & SVM_SEV_FEAT_SECURE_AVIC; +} #else static inline struct page *snp_safe_alloc_page_node(int node, gfp_t gfp) { @@ -786,6 +790,7 @@ static inline int sev_private_max_mapping_level(struct kvm *kvm, kvm_pfn_t pfn) { return 0; } +static inline bool sev_savic_active(struct kvm *kvm) { return false; } #endif From patchwork Fri Feb 28 08:51:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995925 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2070.outbound.protection.outlook.com [40.107.94.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E1E761A3158; Fri, 28 Feb 2025 09:05:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.70 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740733539; cv=fail; b=QTb3twE6VihM7wdz5yOj1OMCt1c1X1rPzfjXYdQz6hlvlBZh6tisIieyZAWxoSKhqNoPeD7pnh2Q+U5fuRRCTwmdAVuvhUlz1eXRvBcowdgJsMIFJ3ASVnftMJvY7Zkztp5SAUZa816kgL6ueadr7YNKkZGUCHcmFa83HEXio2A= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740733539; c=relaxed/simple; bh=wxBTtctkNjQKsWhRKcF1wiTiYFKho3rHZxel+hz+03o=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=C7xjGAj8/OZO+ZYbcbPC461GNoi2gQshwflRP+OjAICuEsRq7qghLXhkFdondKBNO/G1GajQzNAfcW1103yT+RowrxMVizAS5H05w0q4DsqS0vW3hqw+1ism5NXZICSioHQyvZ92Gv2qHgSNjwtm+ipsYmCg9V6vzidxGQ8z4/0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=fWusdhJn; arc=fail smtp.client-ip=40.107.94.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="fWusdhJn" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Yv7vrRz7VW0emM6/NPhrAh9bpwJpTMjOCa2lnPBQVqMHUp3oYFvLPtx483+MOedKzGjSXlZgnfR2w6M/tPyWb0roXcUO6WaJUrdyBSmuOqE+F8/3tmt/A98FL2CnW/gT4hDzgQux6OHxesoNIPIuaYlAzngYdo1+9CxBiW2XoEQxmEAqU99jTYQCnEx0OlVNckVkoPmUvuih1rN3DrCkErstaii+yy0rYfXbsqgMKk/LfEC+cG5tzSlSu3zsh7gZBwCUD5lDgvUKRSy6nzEQVCIil36RwANMEVHJlgh4gw6PuYaUdw3NbDN1+Zv4vugLnrcQJg7NYOn9RPx8Djywpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bS+PZC3EUTudMMth3fF3meGGM8HntlMe2BYSCcNsc3g=; b=zBmjY00B+tvLNcVx5dvo6xy6SFr4SbBN2HCLpK9jJUvFIzn8a/vd+dJfBAQgUOHnxaRW02ye9+PmrpkVs1QH00gRlQMzEjcK5qU42qPxlF0aS0pQ+HVe2A/DjmapOU96Kah8mNWljC78fhn5OnDIbVaSVc3lRXDr/bUKkCZEyg/88eDgDXp08HvWdHsgck8iz91XfMqjYWNbtoH/KgNBYAgzlhTF7H2eXqweITVWHluTg6JoPyaa1sYqNR4z18WKI3/1y6GppUi8ccbFIkIEq5aGEPL2gEoESmT0hWUvToM6sgh4Feianq3946WjEs2qV2TCF+giSoPpxYOHoaGwEQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bS+PZC3EUTudMMth3fF3meGGM8HntlMe2BYSCcNsc3g=; b=fWusdhJnXB1IaBoTfPaGvyzKHrjiGzU6nkqpVz16nFbVlZ0d4xvP4NyLvvvrL1VMoPjcNOmo6F/X8NMvLDXNbLdZcrui4LXLanp/wSkFb4WIFvJwnKz/zMgxOarw0vEazPeHvcjNR/o3C45aIVpguRoOsEDZxM1Kv8eyzdKY2ao= Received: from MW2PR16CA0009.namprd16.prod.outlook.com (2603:10b6:907::22) by IA0PPF04DCE520E.namprd12.prod.outlook.com (2603:10b6:20f:fc04::bc5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.23; Fri, 28 Feb 2025 09:05:35 +0000 Received: from SJ1PEPF000023D0.namprd02.prod.outlook.com (2603:10b6:907:0:cafe::f1) by MW2PR16CA0009.outlook.office365.com (2603:10b6:907::22) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.20 via Frontend Transport; Fri, 28 Feb 2025 09:05:35 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF000023D0.mail.protection.outlook.com (10.167.244.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Fri, 28 Feb 2025 09:05:35 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 03:04:09 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 07/19] KVM: SEV: Do not intercept SECURE_AVIC_CONTROL MSR Date: Fri, 28 Feb 2025 14:21:03 +0530 Message-ID: <20250228085115.105648-8-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF000023D0:EE_|IA0PPF04DCE520E:EE_ X-MS-Office365-Filtering-Correlation-Id: 1b94958c-a917-4ebb-b27b-08dd57d70fef X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|82310400026|7416014|376014; X-Microsoft-Antispam-Message-Info: bzJwbgdZ0m7dxfAbx0xIfRaeu0Z/PTPNBdpmS2h4TQzWbfcPw+yckPjzrZ5aIoR7pth+XkkZpmf5ncKtI5BDjs6PZKaKKYUt+FdwrOzEQGFL61TZqTAJJlnl9nBoGn+IgyvxzU4xX1kK5aFzK92FJENZ3gMXtnrYqDhqH9S5dmywBI9nstnn1Zr0t51Ew/ZzlbMk/KMomAueDGbcfp45hy3Py2WAtwz771a66hAyyVo4lLSw5+hlyUWSWGUBoV9GgeTzVN83ZU67a8WxWJXA0rUSX3Q8wNxGi+WusYlvtYpz67mAq+xfyldcJy2H6R95Bs8ux2BgjhHAHCNqtfJVn5i4FV2CjOnMATxgT+VVg0nte12T8ANP9Bq2sx0ykIdZo5bnkkGUj1arb8DPQ1bHDLr81t0C78IgS4rlDa7tWXuiRxEdtJP4DOyGISlQJvmzPAaR/7QZa9UPWKPlRJ6ZlpIy/zSmY5liQu1czt3iwwKsr8hs+xvIzScQPCz3yHJLpEeJwAY3xD7mCAFKgoBtZu9q9igRvN48D7FE246kIAoPSadyplOQQEmOEJpdzopEiLO0RJ1nEXcOQYR1xb9GS9pDe/uuUye2VxuSzT+qkD90SYx78LXgf8j9Pa+I+rQpXX0WdNS+1G0dRD6Q/kGz97mlnywzJXZElSoZ1X1hUB2ioTwN88IcuhCoD2wDtKSYEeGAzjsyoQ0eLyXWRV/XWxC2I3LYUf0SIVAwbblyTbE8no/RoqOqGwMXGe5WRw74HxgY9VYfhNHFVUvuyjJCBzmf3v7jFpoqledbEVdeMyJuCNVZSGvY3sKXnDi/cN84g69XARuNwftv6kEqolOndxVoW8SU4HVGmOod9kvdsWC5wTrDaPJHkX7meYu4xJmWYI0gP4pEZ+zbJ4VNdCn/QqrC7fqknjTuJSdkHdiCZYqJ3LxYDrct6BRqgyTExphlT/lsqKLKH/0mo7/uqNP/WUzsoWftmgwSunFBany3ITEE2L9fiGHt9nwzHMvqEBL5oMn6r9qnv709HlusaAwvWUgfCANJ5ZP/4JSPGBOW6Q3smW7cd5Y5xckxuBtuOCUUbPyAg4CFOcWZ8iWN9hh5VRs2lDQzjdygOQDycNapW8vbHA8FKP1qtVEYULm3GhJruYm2l6gVvenpt91e9b8FPxcwnf3QRVw/eDcPhHNdwZ+GIWa+XDz+ow67LIQ39J5ziqpi1Mnru5qMxNxTtxyreRQXnNsGyyu9uF/IDmI3jRFs43Kk4CUkmZZYD9ReoMGVmbJ1OLAB87MmYX7BonuFzyswlovIKW27so6BI1p0PX1WgsJ1ILbna1iKXvpibeKbvhmJO6fbgFgXT/b/DWlUWTP9sO/nA7T2+wbWkrw5jjiL0FV7J9RPVZxfMORUR1C6DHSXJMYuBmZnOVrgslADn+EnmgWEt7EDffjvG8LQva3Nl+xN8N5KLtl1yOoCJVRKZEGxbFnOHqVJouZjbZ/yS1ZeNcPvIw1a9OYLOF+jW1c= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(82310400026)(7416014)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 09:05:35.1555 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1b94958c-a917-4ebb-b27b-08dd57d70fef X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF000023D0.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PPF04DCE520E From: Kishon Vijay Abraham I The SECURE_AVIC_CONTROL MSR (0xc0010138) holds the GPA of the APIC backing page and bitfields to enable Secure AVIC and NMI. This MSR is populated by the guest and the hypervisor should not intercept it so that the guest can properly set the MSR. Disable intercepting the SECURE_AVIC_CONTROL MSR for Secure AVIC enabled guests. Signed-off-by: Kishon Vijay Abraham I Co-developed-by: Neeraj Upadhyay Signed-off-by: Neeraj Upadhyay --- arch/x86/include/asm/msr-index.h | 2 ++ arch/x86/kvm/svm/sev.c | 3 +++ arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/svm/svm.h | 2 +- 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 3ae84c3b8e6d..6fb734228726 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -683,6 +683,8 @@ #define MSR_AMD64_SNP_RESV_BIT 18 #define MSR_AMD64_SNP_RESERVED_MASK GENMASK_ULL(63, MSR_AMD64_SNP_RESV_BIT) +#define MSR_AMD64_SECURE_AVIC_CONTROL 0xc0010138 + #define MSR_AMD64_VIRT_SPEC_CTRL 0xc001011f #define MSR_AMD64_RMP_BASE 0xc0010132 diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 82209cd56ec6..6313679a65b8 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -4573,6 +4573,9 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm) /* Clear intercepts on selected MSRs */ set_msr_interception(vcpu, svm->msrpm, MSR_EFER, 1, 1); set_msr_interception(vcpu, svm->msrpm, MSR_IA32_CR_PAT, 1, 1); + + if (sev_savic_active(vcpu->kvm)) + set_msr_interception(vcpu, svm->msrpm, MSR_AMD64_SECURE_AVIC_CONTROL, 1, 1); } void sev_init_vmcb(struct vcpu_svm *svm) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d4191c0a0133..d00ae58c0b0a 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -110,6 +110,7 @@ static const struct svm_direct_access_msrs { { .index = MSR_EFER, .always = false }, { .index = MSR_IA32_CR_PAT, .always = false }, { .index = MSR_AMD64_SEV_ES_GHCB, .always = true }, + { .index = MSR_AMD64_SECURE_AVIC_CONTROL, .always = false }, { .index = MSR_TSC_AUX, .always = false }, { .index = X2APIC_MSR(APIC_ID), .always = false }, { .index = X2APIC_MSR(APIC_LVR), .always = false }, diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 7cde221e477e..e855f101e60f 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -44,7 +44,7 @@ static inline struct page *__sme_pa_to_page(unsigned long pa) #define IOPM_SIZE PAGE_SIZE * 3 #define MSRPM_SIZE PAGE_SIZE * 2 -#define MAX_DIRECT_ACCESS_MSRS 48 +#define MAX_DIRECT_ACCESS_MSRS 49 #define MSRPM_OFFSETS 32 extern u32 msrpm_offsets[MSRPM_OFFSETS] __read_mostly; extern bool npt_enabled; From patchwork Fri Feb 28 08:51:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995926 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2057.outbound.protection.outlook.com [40.107.92.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 29511276D3B; Fri, 28 Feb 2025 09:07:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.57 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740733677; cv=fail; b=EQOZiYd78JoOusUYizqdfHgL/pU6mKeAw07n8TwVM4JeOrv1KfsdavTB+5mKYudELZ+l6QMbNypuGrrGtsgwAQIWX33Y81vPgUpvSMd65k2V2GCJT6PCcWA9cpxbVyZbrJkpcUr7gStPHcZ78EDDjnW4snhJi4xgXEQXdLGNYIc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740733677; c=relaxed/simple; bh=4yaAuVUq9FYLE+UVYA3CqZmLEtltAsypSJWPARKDt/I=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=C2N0KNbQansM+psVsm4c0ztLpoDpFcNFK+LercoEQOAh3LA1bM1pWtRamdtYAmLo2e1wcvwLChjfHwbjOEbLHrVON6rM/N19M61jwsm5rz96WM1h3QE6EMBHXC/bdDplcJvtJQKVBJMAvnkhgiIJbR98NnaTsk0bYp3gitdeY8E= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=BLNnYoQF; arc=fail smtp.client-ip=40.107.92.57 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="BLNnYoQF" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=hv/oEl+RG4ql/RMrJ+Nbc/DlyS0ikfUkXHOSeQmNBV1LPNnUeGn8oD2Wckjx78rEjt0aJjUG4jmfjl4xtXRjEx8WftNB3T2NAY1zNjQmLMWnP8o7iSs6Z1iXKE3AdR0Sc4m3W1JO+B+VqSnxam4h5kgwzD5oPRylo8zYvl3pCYpZfnOnlEgz8mIfUnyFjuvBL57VrN7/TVzAPGA3CcsNhGDAhBgX6JznJE1pWRzDyD/9v9wkvYvQwPfjdHMkY4eGO57NmxqZc7ln9NqHLqZQSKqzXBxX/Sjp4xoHlUdhk+UvRL24HgxRpFatvSvwWUUSCHB1mpp8bQCH2yRuFC6nzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=05lQPpANyB29eGqTjydQNn5Au5N79v1L7wmR3mMcxiY=; b=IqJveA92hFmCoJJvXbq7mgOXP//0oiKMOxlBcWij4dNQKWswVpdamvDRuuULGizLsBgdyjissFfTYVk2YzGtIaKq5+Sz4Eutk+YoKgEzp4WR48XVj39apuMCFi9xCJ1tq5UQNmtExeb6jH5vtuMUuIYPIbsSBBGGCRxbnrVv90a29YEayXjYduVWKOvC71G0sckAlCjPkedlJAFccRPpSlqOrpZ7KgxzAGkWYrykamK5c1LRvQjWuNfzZlcJz9jh6/MCX9WBRTj6QXnGm9Sb9vqIRGoDJX6DeiKfGf8DPjO60+I1OpUktOimU3pWDdrCsXloG4eVdeu91vtzXb4sDg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=05lQPpANyB29eGqTjydQNn5Au5N79v1L7wmR3mMcxiY=; b=BLNnYoQF2Jep8m8Oq+OXHBly7+qV9GK2HSZJZ7WY+IU2B79Pcr2jPCYFucP8sK5xD8VV87efRHLqdMKBwS93mEKXa/Ae9zYVrYKgo6JFMCBmhRytQFs87Gj1ZpP4cPzTqpoPWmansQKl7JQNgCTuFgmeiRFgoALw8IeIOTwpv70= Received: from SJ0PR03CA0150.namprd03.prod.outlook.com (2603:10b6:a03:33c::35) by CY5PR12MB6430.namprd12.prod.outlook.com (2603:10b6:930:3a::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.18; Fri, 28 Feb 2025 09:07:50 +0000 Received: from SJ5PEPF000001EF.namprd05.prod.outlook.com (2603:10b6:a03:33c:cafe::d5) by SJ0PR03CA0150.outlook.office365.com (2603:10b6:a03:33c::35) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.21 via Frontend Transport; Fri, 28 Feb 2025 09:07:50 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ5PEPF000001EF.mail.protection.outlook.com (10.167.242.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Fri, 28 Feb 2025 09:07:50 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 03:05:05 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 08/19] KVM: SVM/SEV/X86: Secure AVIC: Add support to inject interrupts Date: Fri, 28 Feb 2025 14:21:04 +0530 Message-ID: <20250228085115.105648-9-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001EF:EE_|CY5PR12MB6430:EE_ X-MS-Office365-Filtering-Correlation-Id: f4dba2ce-2b6b-4508-f9b6-08dd57d76050 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|82310400026|36860700013|1800799024; X-Microsoft-Antispam-Message-Info: q1JV41h74LvhCwZoEZRYVoNV39B6365gDBXkyjxXJpysnoqg6mUUwcz04VbhTwDHwLqY675A9KhdSJ6uWzOIn0q2VkxnoY4ewEnIehhyTCkVQn/d6wwi1B7I5HxH52rv4vE1GiOAGVtWa2TZrB+5MM9uw27bT0bevlHbvQBO0j7sy4GvDwbo1gTTR5CRV301KWMmX8b4CE1oV9Y7HF4cFNZNlR/Th4j7HMziN1ZTsoIpgX6H0bK+aTpb82P3HukC7MUgJ1Zwygf3COY6V039VrXF/ktDz5GOYK3mBFI67PaeB3+GeotfR7lQH7sQLO7UkTzVVversHKMRWkv4xiUuejy7rxweMOTFFpGFQ5rVWc9Zuc54Ei1Kes1N0f+l4B+iQXSAwxuAvo1DOAwWePJieiM5CSL7MqfrNr4JJ6TvY3parutoEPJ+6K9skv5qIKYQsbfpoVru/xwGG1rsO0kzEPfiqzKfbGTCMrPdAEQqQtOu2O/2jkwp+1TeuDnTbDVVcfB2HmCYVVKezVGCL55ZjR0pLUiGyOiD8O9FRygkDNBiYcOWkyCl9kYKjnujkRQ0qUEtgTaqHjUCQl4QU5u1ueCVgBWofbARBMV4omEFsr+SUtky/ujgCR3p+NEsxXM0lzuXjC+3fEAhyZm5xkusP8mASTROMQngergaYQt28O24PrgfB/NyOeml+QtCs+1LJEm6sydyPHzG0Uhw1XeRFapPjge2Q+m5R/Rac0LQwLDZQ+SPXfy8vG2Xl4jaYKk0/ut07HKJ22VEGT8gbkfDMBSOEwJpyoHO4OTPcBG/aJnhI61gulOmYf+gfPKMhw1jQUoSNXA2EgeBtuKfePVFp1r65uR/OZm2seBUAzC7emywHBOFWNG6vZkj/IXJyOHL1h8BqlKwCj9M/yMhd+D8OxcybGcpCKUAR+HnG/NyZUKp5wlY7TLdOASWuHhUBAqtI1KGyCf4Skw2Haz4FwupbGXosnzpN7l/oApNLdUR5h1t4LgmsYYJgvWXtcaxRu6cELEpJJP0hQuP2/SibAtnBNFldApHgZj67KNKJYftRFKr+np34sSLajZWcpPdf/r2CNxAgfZ6MllE8Bz/qYTRzbjtTdJxjLJRaACD6/C+41up+afd3cVxlBnc2jnlHuUglbvZRbQYHleQaMBtfbbG9/pyCP7VAjb46EqGKMCwgPliTYekiqaizSDL/mE7z5mQbHvO1mO6652ijV8LP8XUeW5HAW4TNY5Rc7nX942HOYx3U/93gol4xj4u1KHqFXplzFmdvM5S2IxjT/LS56UbhngUPISXOFv99VMRc1ASxjCg4DFla5s8oYYxXjyZqup6h3gp0BPVprMXhU9z60tZzxEy+27CXLiVvOhi5q4zeihcPyRkalagA8CkaW2n5MaK8DIV7KLr9Du9xgxpFt3DZDNK7piEvTUV54wDP/dlfQ/C8UFNEZtscq3OWE6ZOITxtfp01rFhLOEMsD2cmvTf+pllKPo18ZoF98xiHv0zx4= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(7416014)(82310400026)(36860700013)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 09:07:50.0420 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f4dba2ce-2b6b-4508-f9b6-08dd57d76050 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001EF.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR12MB6430 Add support to inject interrupts from emulated devices/para-virtualized devices for Secure AVIC guests. Secure AVIC requires RequestedIRR and UpdateIRR VMCB fields to be set before VMRUN for interrupt injection. Secure AVIC allows multiple interrupts to be injected at the same time. So on interrupt injection, the entire contents of APIC_IRR in host APIC backing page are copied to RequestedIRR. As guest PPR state is not visible in KVM, all pending interrupts in host APIC_IRR are considered as injectable. Secure AVIC HW handles re-injection itself so no explicit handling by KVM is required. Secure AVIC does not require an IRQ window as hardware manages interrupt delivery to the guest and can detect if the guest is in a state to accept interrupts. So, short-circuit interrupt_allowed() and enable_irq_window() ops for Secure AVIC. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- arch/x86/include/asm/svm.h | 8 ++++++-- arch/x86/kvm/irq.c | 3 +++ arch/x86/kvm/lapic.c | 13 +++++++++---- arch/x86/kvm/svm/sev.c | 39 ++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 13 +++++++++++++ arch/x86/kvm/svm/svm.h | 5 ++++- arch/x86/kvm/x86.c | 12 +++++++++++- 7 files changed, 85 insertions(+), 8 deletions(-) diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index f81b417fe836..59253e3b28f3 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -159,9 +159,13 @@ struct __attribute__ ((__packed__)) vmcb_control_area { u64 avic_physical_id; /* Offset 0xf8 */ u8 reserved_7[8]; u64 vmsa_pa; /* Used for an SEV-ES guest */ - u8 reserved_8[40]; + u8 reserved_8[36]; + u8 update_irr; /* Offset 0x134 */ + u8 reserved_9[3]; u64 allowed_sev_features; /* Offset 0x138 */ - u8 reserved_9[672]; + u8 reserved_10[16]; + u32 requested_irr[8]; /* Offset 0x150 */ + u8 reserved_11[624]; /* * Offset 0x3e0, 32 bytes reserved * for use by hypervisor/software. diff --git a/arch/x86/kvm/irq.c b/arch/x86/kvm/irq.c index f0644d0bbe11..fbfd897ea412 100644 --- a/arch/x86/kvm/irq.c +++ b/arch/x86/kvm/irq.c @@ -47,6 +47,9 @@ static int pending_userspace_extint(struct kvm_vcpu *v) */ int kvm_cpu_has_extint(struct kvm_vcpu *v) { + if (v->arch.apic->guest_apic_protected) + return 0; + /* * FIXME: interrupt.injected represents an interrupt whose * side-effects have already been applied (e.g. bit from IRR diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 65f69537c105..7b2ee5263644 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2975,11 +2975,16 @@ int kvm_apic_has_interrupt(struct kvm_vcpu *vcpu) if (!kvm_apic_present(vcpu)) return -1; - if (apic->guest_apic_protected) + switch (apic->guest_apic_protected) { + case APIC_STATE_PROTECTED_POSTED_INTR: return -1; - - __apic_update_ppr(apic, &ppr); - return apic_has_interrupt_for_ppr(apic, ppr); + case APIC_STATE_PROTECTED_INJECTED_INTR: + return apic_search_irr(apic); + case APIC_STATE_UNPROTECTED: + default: + __apic_update_ppr(apic, &ppr); + return apic_has_interrupt_for_ppr(apic, ppr); + } } EXPORT_SYMBOL_GPL(kvm_apic_has_interrupt); diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 6313679a65b8..080b71ade88d 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -34,6 +34,7 @@ #include "svm_ops.h" #include "cpuid.h" #include "trace.h" +#include "lapic.h" #define GHCB_VERSION_MAX 2ULL #define GHCB_VERSION_DEFAULT 2ULL @@ -4986,3 +4987,41 @@ int sev_private_max_mapping_level(struct kvm *kvm, kvm_pfn_t pfn) return level; } + +void sev_savic_set_requested_irr(struct vcpu_svm *svm, bool reinjected) +{ + struct kvm_lapic *apic; + bool has_interrupts; + int vec, vec_pos; + u32 val; + int i; + + /* Secure AVIC HW takes care of re-injection */ + if (reinjected) + return; + + apic = svm->vcpu.arch.apic; + has_interrupts = false; + + for (i = 0; i < ARRAY_SIZE(svm->vmcb->control.requested_irr); i++) { + val = __kvm_lapic_get_reg(apic->regs, APIC_IRR + i * 0x10); + if (!val) + continue; + has_interrupts = true; + svm->vmcb->control.requested_irr[i] |= val; + do { + vec_pos = __ffs(val); + vec = (i << 5) + vec_pos; + kvm_lapic_clear_vector(vec, apic->regs + APIC_IRR); + val = val & ~BIT(vec_pos); + } while (val); + } + + if (has_interrupts) + svm->vmcb->control.update_irr |= BIT(0); +} + +bool sev_savic_has_pending_interrupt(struct kvm_vcpu *vcpu) +{ + return kvm_apic_has_interrupt(vcpu) != -1; +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d00ae58c0b0a..7cfd6e916c74 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -50,6 +50,8 @@ #include "svm.h" #include "svm_ops.h" +#include "lapic.h" + #include "kvm_onhyperv.h" #include "svm_onhyperv.h" @@ -3679,6 +3681,9 @@ static void svm_inject_irq(struct kvm_vcpu *vcpu, bool reinjected) struct vcpu_svm *svm = to_svm(vcpu); u32 type; + if (sev_savic_active(vcpu->kvm)) + return sev_savic_set_requested_irr(svm, reinjected); + if (vcpu->arch.interrupt.soft) { if (svm_update_soft_interrupt_rip(vcpu)) return; @@ -3860,6 +3865,9 @@ static int svm_interrupt_allowed(struct kvm_vcpu *vcpu, bool for_injection) { struct vcpu_svm *svm = to_svm(vcpu); + if (sev_savic_active(vcpu->kvm)) + return 1; + if (svm->nested.nested_run_pending) return -EBUSY; @@ -3880,6 +3888,9 @@ static void svm_enable_irq_window(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); + if (sev_savic_active(vcpu->kvm)) + return; + /* * In case GIF=0 we can't rely on the CPU to tell us when GIF becomes * 1, because that's a separate STGI/VMRUN intercept. The next time we @@ -5092,6 +5103,8 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .apicv_post_state_restore = avic_apicv_post_state_restore, .required_apicv_inhibits = AVIC_REQUIRED_APICV_INHIBITS, + .protected_apic_has_interrupt = sev_savic_has_pending_interrupt, + .get_exit_info = svm_get_exit_info, .get_entry_info = svm_get_entry_info, diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index e855f101e60f..f70c161ad352 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -760,6 +760,8 @@ static inline bool sev_savic_active(struct kvm *kvm) { return to_kvm_sev_info(kvm)->vmsa_features & SVM_SEV_FEAT_SECURE_AVIC; } +void sev_savic_set_requested_irr(struct vcpu_svm *svm, bool reinjected); +bool sev_savic_has_pending_interrupt(struct kvm_vcpu *vcpu); #else static inline struct page *snp_safe_alloc_page_node(int node, gfp_t gfp) { @@ -791,7 +793,8 @@ static inline int sev_private_max_mapping_level(struct kvm *kvm, kvm_pfn_t pfn) return 0; } static inline bool sev_savic_active(struct kvm *kvm) { return false; } - +static inline void sev_savic_set_requested_irr(struct vcpu_svm *svm, bool reinjected) {} +static inline bool sev_savic_has_pending_interrupt(struct kvm_vcpu *vcpu) { return false; } #endif /* vmenter.S */ diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 8e77e61d4fbd..a9bd774baa4e 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -10426,7 +10426,17 @@ static int kvm_check_and_inject_events(struct kvm_vcpu *vcpu, if (r < 0) goto out; if (r) { - int irq = kvm_cpu_get_interrupt(vcpu); + int irq; + + /* + * Do not ack the interrupt here for APIC_STATE_PROTECTED_INJECTED_INTR. + * ->inject_irq reads the APIC_IRR state and clears it. + */ + if (vcpu->arch.apic->guest_apic_protected == + APIC_STATE_PROTECTED_INJECTED_INTR) + irq = kvm_apic_has_interrupt(vcpu); + else + irq = kvm_cpu_get_interrupt(vcpu); if (!WARN_ON_ONCE(irq == -1)) { kvm_queue_interrupt(vcpu, irq, false); From patchwork Fri Feb 28 08:51:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995927 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2054.outbound.protection.outlook.com [40.107.223.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 37C02254B1B; Fri, 28 Feb 2025 09:09:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.54 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740733755; cv=fail; b=I2zB22bIR0esXDkTz/yikdAI97ZoYXSqMtfzL2DnAnh1/0SCyNsnacxVRTb5hdpfOF3T16eCuouQ8zr7KEWHyXzkzAs5qQRNmZTpRTL8Ip7WYcQJQygO3vwgf4zomVgbOeL1RbtSFjVS4TfnAJ1P8pUgM166rTfUOuh+tfIlOhM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740733755; c=relaxed/simple; bh=WDO7dXWbMWOyUPyTEKDwd5GSKXHftByasQDVPeGefQ8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=PrwVAc9IkgGZuIQ3dwt6DngwwYFeJeT7pu1L8qNBZEM0RTKMVHweDkD5ndtdg4bcFnNvVuHl0kKRiQGAKQLryeCeYL3FOX7N//DtAlxicnV5gDBi2oPnPHeJ0zrgOibuwiaF2T9Rn8ZLhlvXG1TZPMckf4nzFHPOmOSA/eKNupU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=NYPslT2k; arc=fail smtp.client-ip=40.107.223.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="NYPslT2k" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=waGAEANXjEkj1tCky3fDuV4quzypQmI5i9qjkA3MFWJ2x86cOJFmcBi6B+Ja8Yu+ZPe7ENhk/8Vkwvbu0bXNuA3RK31Nh6zJGb+WpN1L5JZpOhPWTkThzLFsH/ntbhLQtNerLh3jZuOhRCnZqfW8OBvIBhSeAKn5ndhLyOU0yy8Lg3uboxazY29TbEPSPskyH7r58p1RDTBu0QJi12Ybl8HtuED85IPgKSj/ppiP66CEEVmPHF/LGc1W47ygSSY5zZw4VYP55HmWW4/tdxVvOrc0A3OS+QBtBpQ8NgzjT/IjvU2aMuuoQgVdd+JwhBYy+FJs48r1pN9IJz0CzlnOnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/eJ+9LXJT74g3EXNSpB/lNEZ/9wtqRZAKZPifn5da4U=; b=yPTrX3mecj+Bh7dmoxvatK/GiY3bejJPfPF+h6u1Z+/V0O4yPiSldAazxiwczKEE2pUE8XVDWXwroZbBaPVMDkpOs3AU1i/VNmLXwYrMW7WDvJX1f0r/wa22mp6zYwIjCE5aWed7VWnR76N9sX3VZztzWdWco3blGZAlecwLZElMy7ye3wMc3tlX3S9Yt6O6lpyl7ljJwh4Pxi7aN55UoO9T+f4dI7OxZ27Z0bUXwTibRnXXxMzY6qVf2MFVRjFkvqogcFZNb0ht+5kMFnf+hbFmf3oIXtQxA12OWhT2e7HbuOuC5zRhzcbpmy4fPYgsOWrDop/d92v3KFuu+2z3zQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/eJ+9LXJT74g3EXNSpB/lNEZ/9wtqRZAKZPifn5da4U=; b=NYPslT2kjZgzjIt8wUH0Bl7iCmdkewAyNWE6ETK5r4U0Y4nJSVjTa+YIVLLVxr+qVNE5rFA5+wMFsNvQnRxv/uHCR6LuL2/wuF+4NX8BLp5xBpe1pIdGDLqxl9kctqAdaRIhbv9uhod855u8pWB3GQ6Scv89MersXoUpzT+3yxI= Received: from BY5PR04CA0002.namprd04.prod.outlook.com (2603:10b6:a03:1d0::12) by IA1PR12MB8333.namprd12.prod.outlook.com (2603:10b6:208:3fe::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.18; Fri, 28 Feb 2025 09:09:08 +0000 Received: from SJ5PEPF000001E8.namprd05.prod.outlook.com (2603:10b6:a03:1d0:cafe::12) by BY5PR04CA0002.outlook.office365.com (2603:10b6:a03:1d0::12) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8466.21 via Frontend Transport; Fri, 28 Feb 2025 09:09:08 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ5PEPF000001E8.mail.protection.outlook.com (10.167.242.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Fri, 28 Feb 2025 09:09:08 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 03:07:08 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 09/19] KVM: SVM/SEV/X86: Secure AVIC: Add hypervisor side IPI Delivery Support Date: Fri, 28 Feb 2025 14:21:05 +0530 Message-ID: <20250228085115.105648-10-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001E8:EE_|IA1PR12MB8333:EE_ X-MS-Office365-Filtering-Correlation-Id: 04dee30d-450f-46a2-a7cc-08dd57d78ecf X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|7416014|376014|1800799024|82310400026; X-Microsoft-Antispam-Message-Info: 6eKi1sNBV1u3OYukd/nFvzg+LNuVKoyVomh74J0AzZolwMvp1Z3jKreeUJINzR9G/Zh97tCWA28raK6LZAg+lPxlmukvjNKJ3X3jHAuQEvYgfiLG3cQsTD5YBVMJ9iJfa3u/IfKByFw0PMnIMfTf9XjQSrzkjykQDVhbGSwAYaxDpe5/QuHkUQsbYv68OuxfXHgoG9kNQ3tzzxQMgSNp/oyr4G3eoWdb5lbyK9g00TPhvBgI0VMAZZIhCxmiDmf2ryrLr7g5h2ehMVZby2PvD0Q6dWkb6kxCJaGHUQHCnMGUWPh7pd9NNdrUOHosxSTrCa7eQVRehjBQDPtz4wMWJZAFS+omhpSAViTm5I940l+GTpuS9mf6Cj4wN/3ku7SkcUrC+k+QUmLrrvXcKwxWaXA1hbqTkt2p77as0DAP22nm2YdKHlmATUiYrTQpArmtfTLqm8hNpud3jmNin15mepax9XxIbk3h59Sl+fpUB34ZU3MpFmX5dc2gDahcukG66587Oy5fVjqx6OEgmdQKuXpfyZ77kvc1fKtdeBLWkElAN/uX1JCfTJ2RLY4gQsu/3bxcol5BLSaTurer30XwmLMo9vzOoVP6sgrTriUdGaKpsY31pUi6mBhqTQo8mpkR4sB/DSdlcOhRSJUcNFlqnYaOUrkf8zZrm+uQGZJljEMETcJweoY/efd2wk0JRRhh6wWaaMFYQmV1zR48Cm1PxthtAuGykZgT8hhIxLyt0M13KexrWnLwQVse3/ytoUIN7jXEd02Ui3OqJIPOZRChHz7LEQm5kwpFxzKjZhiEZAu9ZH1cKilF4IspxyU/VHhp9PG6De4ABEeZGBK3pa2vyxezdHFvzQdk7utm+oj3RvTuPDBxaAPTTBrDHZEEA2tm8e60peKi8otSP/aOL7Co4qAascyDE/EOm7E6wOIi5oJ/LNfER6FQblxl6fkd+uifczge47AMwhT0NFLbgPmCX/FNHj7Pssz0UEhaiRkzJqNgoh+wxcoW7HJG17MuD+eHAaX0CoW0PYUDLOPgTeto5BqX9e08NWgLeNk+LRhC2EFA+IhO1bgxPjUZI1fkyitz7kohVhxUinMJWmp0JUgOY81SkmJHQ7iHoaFJ6FBJwaNuslKtD1J4jtCLACFFP2d2F80aj/nK1bRF/cLyJhhW17TfGKBn3p962yDYNAo8LlAEMOrpY3Za6uzQXJg0xp68SPKn42w9B92utzdVcDAVHoeSAQ+C7zabP1PzO8SGf3KBfbKMJWhbm5UZDdE6sdNtKecyudpC3mAmmAajO6gaWXKmRHSQc7DD1EKYOKeP0frja2Gez9ekHh9YpSEViHe9UsKd0sLDT9G6Krajx1DIFBIkW0rrzDib6hb7kXlj3STnOznM7YP6qHYIbXhWj0O0kCFCd//WCjSBP3Lpyug9ISNbQ8UaS6sSbBK0FCPesqBcjd1uFurbDqsge31oLc74Yk7tzsobKQ4PJYYSHjn7NA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(7416014)(376014)(1800799024)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 09:09:08.0318 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 04dee30d-450f-46a2-a7cc-08dd57d78ecf X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001E8.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB8333 Secure AVIC hardware only accelerates self IPIs. For cross-vCPU IPI, source vCPU updates the APIC_IRR of destination vCPU and then issues VMGEXIT with type "SVM_EXIT_MSR" to propagate APIC_ICR write to the hypervisor. Hypervisor then examines the ICR data and sends doorbell to running vCPUs using AVIC Doorbell MSR or wakes up a blocking vCPU. Hypervisor then resumes the vCPU which issued the VMGEXIT. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- arch/x86/kvm/svm/sev.c | 216 ++++++++++++++++++++++++++++++++++++++++- arch/x86/kvm/svm/svm.h | 2 + 2 files changed, 217 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 080b71ade88d..d8413c7f4832 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3496,6 +3496,89 @@ void pre_sev_run(struct vcpu_svm *svm, int cpu) struct svm_cpu_data *sd = per_cpu_ptr(&svm_data, cpu); unsigned int asid = sev_get_asid(svm->vcpu.kvm); + /* + * It should be safe to clear sev_savic_has_pending_ipi here. + * + * Following are the scenarios possible: + * + * Scenario 1: sev_savic_has_pending_ipi is set before hlt exit of the + * target vCPU. + * + * Source vCPU Target vCPU + * + * 1. Set APIC_IRR of target + * vCPU. + * + * 2. VMGEXIT + * + * 3. Set ...has_pending_ipi + * + * savic_handle_icr_write() + * ..._has_pending_ipi = true + * + * 4. avic_ring_doorbell() + * - VS - + * + * 4. VMEXIT + * + * 5. ..._has_pending_ipi = false + * + * 6. VM entry + * + * 7. hlt exit + * + * In this case, any VM exit taken by target vCPU before hlt exit + * clears sev_savic_has_pending_ipi. On hlt exit, idle halt intercept + * would find the V_INTR set and skip hlt exit. + * + * Scenario 2: sev_savic_has_pending_ipi is set when target vCPU + * has taken hlt exit. + * + * Source vCPU Target vCPU + * + * 1. hlt exit + * + * 2. Set ...has_pending_ipi + * 3. kvm_vcpu_has_events() returns true + * and VM is reentered. + * + * vcpu_block() + * kvm_arch_vcpu_runnable() + * kvm_vcpu_has_events() + * + * + * 4. On VM entry, APIC_IRR state is re-evaluated + * and V_INTR is set and interrupt is delivered + * to vCPU. + * + * + * Scenario 3: sev_savic_has_pending_ipi is set while halt exit is happening: + * + * + * Source vCPU Target vCPU + * + * 1. hlt + * Hardware check V_INTR to determine + * if hlt exit need to be taken. No other + * exit such as intr exit can be taken + * while this sequence is being executed. + * + * 2. Set APIC_IRR of target vCPU. + * + * 3. Set ...has_pending_ipi + * 4. hlt exit taken. + * + * 5. ...has_pending_ipi being set is observed + * by target vCPU and the vCPU is resumed. + * + * In this scenario, hardware ensures that target vCPU does not take any exit + * between checking V_INTR state and halt exit. So, sev_savic_has_pending_ipi + * remains set when vCPU takes hlt exit. + */ + if (READ_ONCE(svm->sev_savic_has_pending_ipi)) + WRITE_ONCE(svm->sev_savic_has_pending_ipi, false); + /* Assign the asid allocated with this SEV guest */ svm->asid = asid; @@ -4303,6 +4386,129 @@ static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) return 0; } +static void savic_handle_icr_write(struct kvm_vcpu *kvm_vcpu, u64 icr) +{ + struct kvm *kvm = kvm_vcpu->kvm; + struct kvm_vcpu *vcpu; + u32 icr_low, icr_high; + bool in_guest_mode; + unsigned long i; + + icr_low = lower_32_bits(icr); + icr_high = upper_32_bits(icr); + + /* + * TODO: Instead of scanning all the vCPUS, get fastpath working which should + * look similar to avic_kick_target_vcpus_fast(). + */ + kvm_for_each_vcpu(i, vcpu, kvm) { + if (!kvm_apic_match_dest(vcpu, kvm_vcpu->arch.apic, icr_low & APIC_SHORT_MASK, + icr_high, icr_low & APIC_DEST_MASK)) + continue; + + /* + * Setting sev_savic_has_pending_ipi could result in a spurious + * wakeup from hlt (as kvm_cpu_has_interrupt() would return true) + * if destination CPU is inside guest and guest does a halt exit + * after handling the IPI. sev_savic_has_pending_ipi gets cleared + * on vm entry, so there can be at most one spurious wakeup per IPI. + * For vcpu->mode == IN_GUEST_MODE, sev_savic_has_pending_ipi need + * to be set to handle the case where destination vCPU has taken + * halt exit and the source CPU has not observed vcpu->mode != + * IN_GUEST_MODE. + */ + WRITE_ONCE(to_svm(vcpu)->sev_savic_has_pending_ipi, true); + /* Order sev_savic_has_pending_ipi write and vcpu->mode read. */ + smp_mb(); + /* Pairs with smp_store_release in vcpu_enter_guest. */ + in_guest_mode = (smp_load_acquire(&vcpu->mode) == IN_GUEST_MODE); + if (in_guest_mode) { + /* + * Signal the doorbell to tell hardware to inject the IRQ. + * + * If the vCPU exits the guest before the doorbell chimes, + * below memory ordering guarantees that destination vCPU + * observes sev_savic_has_pending_ipi == true before + * blocking. + * + * Src-CPU Dest-CPU + * + * savic_handle_icr_write() + * sev_savic_has_pending_ipi = true + * smp_mb() + * smp_load_acquire(&vcpu->mode) + * + * - VS - + * vcpu->mode = OUTSIDE_GUEST_MODE + * __kvm_emulate_halt() + * kvm_cpu_has_interrupt() + * smp_mb() + * if (sev_savic_has_pending_ipi) + * return true; + * + * [S1] + * sev_savic_has_pending_ipi = true + * + * SMP_MB + * + * [L1] + * vcpu->mode + * [S2] + * vcpu->mode = OUTSIDE_GUEST_MODE + * + * + * SMP_MB + * + * [L2] sev_savic_has_pending_ipi == true + * + * exists (L1=IN_GUEST_MODE /\ L2=false) + * + * Above condition does not exit. So, if source CPU observes vcpu->mode + * = IN_GUEST_MODE (L1), sev_savic_has_pending_ipi load by destination CPU + * (L2) should observe the store (S1) from source CPU. + */ + avic_ring_doorbell(vcpu); + } else { + /* + * Wake the vCPU if it was blocking. + * + * Memory ordering is provided by smp_mb() in rcuwait_wake_up() on + * source CPU and smp_mb() in set_current_state() inside + * kvm_vcpu_block() on dest CPU. + */ + kvm_vcpu_kick(vcpu); + } + } +} + +static bool savic_handle_msr_exit(struct kvm_vcpu *vcpu) +{ + u32 msr, reg; + + msr = kvm_rcx_read(vcpu); + reg = (msr - APIC_BASE_MSR) << 4; + + switch (reg) { + case APIC_ICR: + /* + * Only APIC_ICR wrmsr requires special handling + * for Secure AVIC guests to wake up destination + * vCPUs. + */ + if (to_svm(vcpu)->vmcb->control.exit_info_1) { + u64 data = kvm_read_edx_eax(vcpu); + + savic_handle_icr_write(vcpu, data); + return true; + } + break; + default: + break; + } + + return false; +} + int sev_handle_vmgexit(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); @@ -4445,6 +4651,11 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) control->exit_info_1, control->exit_info_2); ret = -EINVAL; break; + case SVM_EXIT_MSR: + if (sev_savic_active(vcpu->kvm) && savic_handle_msr_exit(vcpu)) + return 1; + + fallthrough; default: ret = svm_invoke_exit_handler(vcpu, exit_code); } @@ -5023,5 +5234,8 @@ void sev_savic_set_requested_irr(struct vcpu_svm *svm, bool reinjected) bool sev_savic_has_pending_interrupt(struct kvm_vcpu *vcpu) { - return kvm_apic_has_interrupt(vcpu) != -1; + /* See memory ordering description in savic_handle_icr_write(). */ + smp_mb(); + return READ_ONCE(to_svm(vcpu)->sev_savic_has_pending_ipi) || + kvm_apic_has_interrupt(vcpu) != -1; } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index f70c161ad352..62e3581b7d31 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -327,6 +327,8 @@ struct vcpu_svm { /* Guest GIF value, used when vGIF is not enabled */ bool guest_gif; + + bool sev_savic_has_pending_ipi; }; struct svm_cpu_data { From patchwork Fri Feb 28 08:51:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995928 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2074.outbound.protection.outlook.com [40.107.93.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 89CCF24A06C; Fri, 28 Feb 2025 09:09:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.74 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740733777; cv=fail; b=tbhxp9aB478GHlD6ny7/fVz/n6zAX0ZQ8mGG69HnD5JwspVwONC2j3YUIlGEbRV/05EPaOp90VdPBMmACGPRGiXFlsHAI2JSpiIXUoiruKco8eD1L8ntAFbXJpBXWNRW0YjEohRIq2IANsFWyETbiAC80dKJjOH6iPmsG+huAeA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740733777; c=relaxed/simple; bh=SOjmWcXofQOcDgqq25ssFmfZG6jOLuURxu6zMHLtnHk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=jrR81JEUIBJKODI5V0wKIx9CV5dbYY2xIQg8tMETWglNwLxoofRut4uvelfsnHc5ukGrQJUfW1KKO65MeYKd/pfPKO7yjPScfk10WQ0a/cuDKKIdwYbyr0envhlNI3+wyZXV2uz+2RBPy+ilHP14iC8DOfN0WHhnNab61Drs8Vw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=BJjOCY8E; arc=fail smtp.client-ip=40.107.93.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="BJjOCY8E" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=l9DrLa+/3Whwat+iJIGhpUR13lcdxgegv/4x95YqXkSYohskVVZm5bXWZF31AYD3dW0k/XsfxyudwRtq+EK8a363kaupkAsMKl29/AJb2dYP5Mim73BFFkmgys6kK6aSQtSkc0D6ukNX9KybbBjy2Qi4YMZQaQXS4wdBf5JP4XOV+3vGGIoSYPy78ZM8BY7iVgb5+FKy0ghR7h3Ys6kA9RGOCeBQkcdJFS48XS6OmmZTwrhilYirBrFyBTdfwl6qLyWCikPUROIK8sqyN34DZetu9m+HGYUuQCojaQI8s2Qhu/ssiPGm1XOeZTdFWU1ImYE+bcTx7cwIZ+a4nbAqSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=U5U1XQam6vnboZ0ChfmyQYP7hjtdOJg9jaG6xCX7ZrQ=; b=CrUej3GBfnVypALHWzXUMEn/rhVAaRlFaDGTdccp/TMnv1xmuMt1lT2Y642FqEiJ34QjvGfGG3RVH6SVnZWfLmJp4T2ZgE+c66f8m6BNYAKagaFmSvoYyS9JPMbY11zB7h6SeZxwoFGwYoQJwqnqcsA/AjrLEG1Db80DJqpInWEvkLqcKd2I5x/l8Mm4PH7yXO8LNhlJjsbPzYoVxBOG0M1WT4aGEFkRDWZdwqECBtvpaW2jFV7bHJyDRenjJ0AXCSQH0K/duv/m1sbDFz9cESAM5byODmXLqylyVCQrLEi+LlggRq01mw9LzKpTnWWy6pgUPjEaH/gic0ahGNLQPA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U5U1XQam6vnboZ0ChfmyQYP7hjtdOJg9jaG6xCX7ZrQ=; b=BJjOCY8EFYdbLu68L/HvuQhmocJlLJE5W/z3pEkrw2vDb9ICwUsDZRdCG37VmV7+TQxn/8wH/QmHYdC4CsxY56hV/Mv17eHUCdh3nUzCoBUok8WRXBsRxDY5Q6di0i5o9v/2xi8xTrxn3FxR/ZeddPvXy6AQ54F2lBt7IEROqeM= Received: from BY5PR17CA0009.namprd17.prod.outlook.com (2603:10b6:a03:1b8::22) by SA1PR12MB8888.namprd12.prod.outlook.com (2603:10b6:806:38a::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.19; Fri, 28 Feb 2025 09:09:31 +0000 Received: from SJ5PEPF000001ED.namprd05.prod.outlook.com (2603:10b6:a03:1b8:cafe::60) by BY5PR17CA0009.outlook.office365.com (2603:10b6:a03:1b8::22) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.22 via Frontend Transport; Fri, 28 Feb 2025 09:09:31 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ5PEPF000001ED.mail.protection.outlook.com (10.167.242.201) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Fri, 28 Feb 2025 09:09:31 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 03:09:08 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 10/19] KVM: SVM: Secure AVIC: Do not inject "Exceptions" for Secure AVIC Date: Fri, 28 Feb 2025 14:21:06 +0530 Message-ID: <20250228085115.105648-11-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ5PEPF000001ED:EE_|SA1PR12MB8888:EE_ X-MS-Office365-Filtering-Correlation-Id: a364d3ae-1750-46f3-d911-08dd57d79ce5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|376014|7416014|36860700013; X-Microsoft-Antispam-Message-Info: QhlCK5WZDBAHbCH1u/Q4vuuBD2EBmRfXIS7IF0VK/xGdI8dBirwafknBT5vUJYl1JSbUm0X+pO4IftQ2psGB/1vVxDbBuVaTVtyNkomUJkbQ5zCWpDCkwRpmpDgTJ7HiVE3zSSq2TTCECp+SAzhQW+2Ch0J79STqIKJC8PjMmRXFZvLFArpERzHTgMGRXJwXe4abkDOmSwWHH/89Zek2Av3/HIpvZXIzfeZM7SOcKbYlDZG7ntRc0m52PkzIQzdPGdb/YKpK/+/PKGiDLpp0tEiN+ugeReUFoGF8P2Gc8/vJx8FkKgUeSbM3zTHTGyKAmPoXDa1wYNRiyt9GyiGBkh+ch2cOSwpKdBzC+UeUOMVyMSpY+mGUuETG1+7jH9bARkZX/KHYSQ2gJImVOYlRDp9U+FTDZJT3gr/6+ayw5eroUU0s9hONZSr5lBOPoUDgDzXF6cuDM7I1oT6LRdtPidDDlP8LT7MRq+mt3vpJ5xN70He6Tztz+nMQuzZ/nooWZP1/H3JtEnwT5MC5YZOd6VLEcMlo/xtJA3iosvrQsYq9QY1YGtAM3cnw869+THbqzCPVGeFOX+6NTZZkZhkla1jMAyVUubK3haE/+FJFpVfbRtOTsIZLxK2guBHBfLkmHzMB0a2QGUvgXkUultL8sIOFiqqmf/6EeElswKcf51uJ+1DBi30+WLbDKVMHhVkzXL/SRBJeFW5Rny4coWuDguvGf/TJAg1BKpRnQlFVGGuW1Xg5wbBIJ94Sd1dfWCIDqx/UOU2HEBQOtv7fWfRY0qpFU70QI82IZcqFM9QD1nq3FiBNV9CwAiF6XC+YFbnBXr4ZyW5BMU7Nw2TC4UDQ18fwvb+GTXx6nlQwJ9H+25Pa9uXEgyWiIDAWyX0xSfE9YBCRg7aYjpZoonjTxbyBtQsvHXxB5NxHI37E/IN+jbmET3c079tF5m1D2G++Stfz60U1Zt4bdeQ60GR0g296vBoUWmmsiN1secDqe7ALZTs9VU29OJNghWNtkmazxtvg0VKjvrxXREvp8tefp95BgELVFcZQqDCK/mKqrU4kMRaft+Jc2Q4/H2bTEZEGerPjlEq2WoCLBdgnN701hTLO12xgjW1RTiL3olctrec4HBRPqQka2tOWM4CGyLNmETVgVdE8vR9rOWwQlUPIRr5DlS35mStH/pIOZ3ZQ//J7rSSK4JB+5ggoW8ZWVoz+7Yia6iH/xzZsFZlmOMLEqMkzyCdE/w9AeO2O8elI32HWurBDQyhkmSveK2woS5FrX7fECjYMnmMsRcSCpt02qvX3Z0+3fzWTlnzhlPtMaWn8Jp4hXQehq4/KkFHmc4zrmPDmPT0KZvlvva6HJLndBlwfXspZDQQ4EHJDS9Ra1EjJEAZgZaLofq9qXOz33M4Rsjc+w4N0pM8NnDh18WNmdgtX8rGmuY2UCcmcFB6DVSNizDWTf4hz/oUrYkZ7GgEEE1/JwGxnoDZHKSaNv/MLKLd78w== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(376014)(7416014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 09:09:31.6028 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a364d3ae-1750-46f3-d911-08dd57d79ce5 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ5PEPF000001ED.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB8888 From: Kishon Vijay Abraham I Secure AVIC does not support injecting "Exceptions" from hypervisor. Return from svm_inject_exception() for Secure AVIC. HW takes care of delivering exceptions initiated by guest as well as re-injecting exceptions initiated by guest (in case there's an intercept before delivering the exceptions). However exceptions cannot be explicitly injected from Hypervisor when Secure AVIC is enabled. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- arch/x86/kvm/svm/svm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 7cfd6e916c74..58733b63bcd7 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -463,6 +463,9 @@ static void svm_inject_exception(struct kvm_vcpu *vcpu) struct kvm_queued_exception *ex = &vcpu->arch.exception; struct vcpu_svm *svm = to_svm(vcpu); + if (sev_savic_active(vcpu->kvm)) + return; + kvm_deliver_exception_payload(vcpu, ex); if (kvm_exception_is_soft(ex->vector) && From patchwork Fri Feb 28 08:51:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995931 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2052.outbound.protection.outlook.com [40.107.96.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8389D254B12; Fri, 28 Feb 2025 09:13:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.96.52 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740734033; cv=fail; b=u2EresD/sAcw7W5iENZczM52t0UfMjIvAIS8Vg8qgiKRa+Qt5aDwYNF2380AbPaQKCFCII6rB1phxn/sH5tGuTJcX73VduzSPDdgyaAeX+7ojvaFJn3b7Fivppei4re/+cTPH/F2Czo+N6IfRrUw9eqeNH1Ybpsvcx7zoMtzl2E= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740734033; c=relaxed/simple; bh=8RAAu7VnyiNu5X6xM5tO/TTLkVq26OKwHKqiqxEBT24=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Q61MOGARMGig2F3ShS/zZxv+7dzlUgfn1KWOHvO6IeG95Wuw7dghiO6j7sOIZcYxta0KnmnkbeljDP2ihkacfLY8ENzzieGum3jqHYwGXuwSzo+6gG3xO1vg4Bxw/DUuhYq6irkyM9J4TV1BRM7bw9IWyDfFBe98hvLm1RZWRkQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=iuMf9UmP; arc=fail smtp.client-ip=40.107.96.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="iuMf9UmP" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=g+pWhUP1Bv968Ix0pCpX+Y75a0Hd3BRPSyyRT01k8KL3u2YvRbX5xwoQeKehYHrEPZ1bHe7yfVRdpA671iL8hqMqrHrGVMIQDT2F4XlYQ5Zl8BDsXWEbMxgqN2DB6nJy+uouOR4LJPMYvUcMrJUJlhPME+LWu5dP4AFjYDHuiyXfvIaJPyKVYJPwU8hlH11t26XfU2QK3v0dlZbQGQ+G+t1b5pei4OPVC0E80b4qsIlxakYsZxIWuofyPjN0kUmG3qJ8nvjW5YfsdnLTuz+DELI0mfwjNSz5WQvQa5I+c38DHuDJUzQml3Ml0sGO2lri9AX0uNmDSuqSn4qiboLc1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jwCIIAx4mo6GZthQ+QjcqFhumzsWIPnKgOakLMImHKQ=; b=k41Dm8qwXlvzycEkYfcz1gsEUDj6pt+wbn15npSZ3zcc6L1adYSTzhf5jDFfTIFIMVUsuzCRy3TvMAgjqTfRx3R5gHdMpJPBjVAlN8Aw/3sge67+c8xl1q5JseGs0OwyO65p69ZO6c5zvQHe7KurpjHrD6skBXIobKPFxO4ggVy5AaJbj6pTb1/CFewco4gjlS4/UGrcC6DGKgC0slTj5vfMytiFjdJV4PTgGAp6XGx7rz+dBPkik60mZJtBXuEVkgYxRx9OejfCC14HP7y9wMsQ6ZxE3hUSSEx0t1thcUQp1/wdSY/ts1xRp4lNmvcFubGAf+HN7R7oZkczPqk8fA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jwCIIAx4mo6GZthQ+QjcqFhumzsWIPnKgOakLMImHKQ=; b=iuMf9UmPryRn9IKJw6o4iSWAcMpZ0OSlg9oxzeyzb0FzCwb0gcL0y0rAzcn+i8cVSrd902f1uyd0vvrGjpTj1su39LLO6amfdmw2I3u3tSwmDDJqmPuhg9yRZ2jk1FkfCZGPHHm4T8NAnBAgNI0kocuYN/LGciWwtLeAKtoLs3E= Received: from BN9PR03CA0473.namprd03.prod.outlook.com (2603:10b6:408:139::28) by PH7PR12MB6953.namprd12.prod.outlook.com (2603:10b6:510:1ac::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.22; Fri, 28 Feb 2025 09:13:47 +0000 Received: from BN2PEPF0000449F.namprd02.prod.outlook.com (2603:10b6:408:139:cafe::10) by BN9PR03CA0473.outlook.office365.com (2603:10b6:408:139::28) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.21 via Frontend Transport; Fri, 28 Feb 2025 09:13:47 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF0000449F.mail.protection.outlook.com (10.167.243.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Fri, 28 Feb 2025 09:13:46 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 03:10:00 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 11/19] KVM: SVM/SEV: Do not intercept exceptions for Secure AVIC guest Date: Fri, 28 Feb 2025 14:21:07 +0530 Message-ID: <20250228085115.105648-12-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF0000449F:EE_|PH7PR12MB6953:EE_ X-MS-Office365-Filtering-Correlation-Id: 1b43e718-98c6-45d7-c5c7-08dd57d834fe X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|7416014|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: s1q+xSPmM9EpQTuK9lYoha7KnAMXdsJPQzeeJBBHuzoVo+BZB1yK3YQMKdiUvktUnNHlU8hAfGRVFNGNW7TfJhUVjR1IOUUh27skxp/SFIwomYBa+vGZtP9u4Msd+LjqxBqt+pLyh5DKRfY65VITRU517JPHgOWaas14LWMtQbYe3liRCqqWIAdaIEiGbjSrj0P8CPV0FRRjU0TMtC+SqZFIhCKoHkvJrLnRkRxctkWj+5TmFwez8JJcRUwsS+4Z8i0xPdKkbbTditYQZXWRzz4NZ8kDW30Pg633gn4IpBU6KgiujNyE8b/CCWiETwu3bPab2w42YBAcX1hrJkj6cy9sl3juupdPWzJsuKRH92w3I2/vJw0Wlt8xXCURcUjIQ3zHRw9OyQmoSWRVgp7dwVDvS0XoGc8G9EnkCszDKpmTGvilTtdGh+eNvlFhXYUPgz9QxG4qm//Rsg18qyTpkuYZGK/0/P/FvIxVYdbNd4jgQUUYII1dGusbaob82r/T9aW6AthUYw1+NmmMuwILtoxAH8K+lzz9y2sWAmXMLw9CuMJLDVxymM7ysGxOt/wqXt6S0gjiFHxhgvGkm9Nq3Dxeug10YaXAgg0C6MKNDzhzcoX6FrjrxNu6dBGaaCgRpY+fBfwaJ3ur31/e6rGh/lV52MqSy4TIvTHYUAV8HNwe+RQ+4BslBm7VAQbFxJWnYzdINd0sfIP5tforj9qdI9bc6le6XFOHxa8McB+FpkNYBwmurlJNGhutDz1kGPcycNSx289QCC9Wh0j9jzb2aJlu0BftWZVPnhDQOOtzk9emKyzo25qqsLaFTJOVya2KOmxlktEQ7wX4HBst9znNCyqqS/L3wg8O2qnwY7DQxzNUxtGkRv32xjvkK0+TH0IdKAq0gmHv2I4TBsImC2vs7Vr6KK71jgGpPtf3gjfWGcF8Kuirgiz0REfXYglWB9QslczrRGj9uYQty0Ejk+oIz6HEsdG982fWHsJUpzMhBjqglYYTCP2yMQfBmDiJadKpgrA4EHuvh3b4F9OVh7Dy5SpXZpwdQ+xFo9e1OOPlHLNeT4yDl0FrFmcT45Ua1Qb1RBU7ooYSIWrafc8FNhlgcU6aZinSgltwsq9Q3tDR8WmasJQxz1WbM5KN+N/n1nGOyFptu0427twXdhDiDLBdi6igu69qpbitQHUqji9AnU00Z0oWeJuTk1vgKNRw/V/SjNLPqmIcTKcv6vbZX7hG11HWL9dP0+u7dW0KmdX3tYmS74hPKU1W1YGghr2bAOf5FSlKyeLfKijmK/cLfeFYyHxFYQLGcYO2go4BfzCBE0eq5oliOD2H8bam4i5cof7rfjJYjb709iyh0gp6mouMbH/byDizlbfV/5kA71LaO27/g8+8QJwcaQndQPvqidJRT2hskJyJua/9XuK+PPVhdAbG4syGFKLChcLcaMN+3rVLDe6AfZhY2+dih+LxpmTqdWDxCQgyhhI1ODlqrMdwUgH2IRbQXkx/az93ltcb9J0= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(1800799024)(7416014)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 09:13:46.9674 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1b43e718-98c6-45d7-c5c7-08dd57d834fe X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF0000449F.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB6953 Exceptions cannot be explicitly injected from Hypervisor to Secure AVIC guests. So, clear exceptions intercepts so that all exceptions are routed directly to such guests. Signed-off-by: Neeraj Upadhyay --- arch/x86/kvm/svm/sev.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index d8413c7f4832..5106afc40cc8 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -4786,8 +4786,17 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm) set_msr_interception(vcpu, svm->msrpm, MSR_EFER, 1, 1); set_msr_interception(vcpu, svm->msrpm, MSR_IA32_CR_PAT, 1, 1); - if (sev_savic_active(vcpu->kvm)) + if (sev_savic_active(vcpu->kvm)) { set_msr_interception(vcpu, svm->msrpm, MSR_AMD64_SECURE_AVIC_CONTROL, 1, 1); + + /* Clear all exception intercepts. */ + clr_exception_intercept(svm, PF_VECTOR); + clr_exception_intercept(svm, UD_VECTOR); + clr_exception_intercept(svm, MC_VECTOR); + clr_exception_intercept(svm, AC_VECTOR); + clr_exception_intercept(svm, DB_VECTOR); + clr_exception_intercept(svm, GP_VECTOR); + } } void sev_init_vmcb(struct vcpu_svm *svm) From patchwork Fri Feb 28 08:51:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995932 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2045.outbound.protection.outlook.com [40.107.237.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 918F6253B57; Fri, 28 Feb 2025 09:15:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.45 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740734102; cv=fail; b=ravnccpAQVkbjlt13FJyYSpzHwsSlWuAwG/mjWbiIeBMOaShWhKJ4+h6njvM3gL5c0sSuIm7Dr56/v1RY8u3jk3++yHxv2v3MIWye5w9PRg3wvrZ8Uz0/Dausu5CD94nPYytpfuYvJRu+rwaxXb4qFWxPyf/syEBNYkRlbx22T8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740734102; c=relaxed/simple; bh=3REV2kayRnUaGmkwulLIAV9kE4axXxV1VL0SIrFMV5M=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=uBh1ukuVaCi1+Cg4q5paoL62QiIFE7bhl09KLNh7g5H9UfpeYEVt0TQSRWgORj6YL5+22XFhhXDKbsPNgqPW1kYh+CKEkYqurlDJSn4OzPdlUV7oxW0jO6iFO6HnGJfKCUpjcqOBZJtWOEQvU/OI4Tt35ZvRnp3cENX/YeZ1lgg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=OehtII8z; arc=fail smtp.client-ip=40.107.237.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="OehtII8z" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QsnVOdmV3nqOg2ZgWgY4Ytdq/D/0Mvy/mGgAPlD3TNByJiPp1xrpvgZkifDwvUGlpjAJq1Wo2h7S2asji5U/SobBauNKqXgGPznCq6weVEDLG9FFP50q79FNzjp0LKmmKl6J1iBRn3xR0aNilCrRyqjArdw4TfDs+ENHHuM97412c9L3o/fDaFi6Ykj1c4usY+OFRGCu6Kzz58PKcUXI1qqD1p0PvZtnUKA6xAOBXpZpaNBc9rOwlddEQ7UsrQn0h3+Ee9E6NYERGNlDe5Vzu5BLGICRksdhuBcVRqQhsWo9KN1mY/100pu9Y6XjW45hTJbXiiY2WwtOSiN8z44/Mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SyBNbG2XSWw6wm5YloiqxAMiurt4t4P/KO7IIvhebds=; b=PQKt8tRyAhFfgWSBK/v4PRbC5ma8n1XTOll3wvA+25WpnhcKSqMCFvJcu/pP/ABRJHfP+jUotV1z7B46u3A/mm1EV+mOo1gVKWFMuv7mtRSnv8Eotp/w1XznNR2RhWf2T54gMhVdcYhDOAmGKv681cAjPie5WeFnRPvgxpm96SQZ4ZMOpedyvQEN8HsJVFUoJLqihG/AShQ9sYljZpk7rJJJf9D+mMKxkqfWXZ2v1Fl8Rnet7Iojc85oF94DCJiBQyCbbYYUV/qQnjeGgNCJ7lifD1nUQaOkz3+JTYM8GrHuwsOikQ1wyAMVGh3cJXEjfOuQyv1bCQiCQt2owsu7oQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SyBNbG2XSWw6wm5YloiqxAMiurt4t4P/KO7IIvhebds=; b=OehtII8zKYdb3bXpTuPa1Z2GroBCb6gETfQVyVviCjJ8PhAtpQpr7veqIXZmgDHTx50OysA8F3/GpdKUCNexigVzLBF3ODd9zJ5S8B2IZZjQqasqDR4SQjbgZW403BZLZppXGUByNEUl9x5+EMtoYFIPoST/2Gc+q3ojeXi/vbM= Received: from BN8PR16CA0006.namprd16.prod.outlook.com (2603:10b6:408:4c::19) by MN0PR12MB6270.namprd12.prod.outlook.com (2603:10b6:208:3c2::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.24; Fri, 28 Feb 2025 09:14:57 +0000 Received: from BN2PEPF000044A4.namprd02.prod.outlook.com (2603:10b6:408:4c:cafe::e) by BN8PR16CA0006.outlook.office365.com (2603:10b6:408:4c::19) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.21 via Frontend Transport; Fri, 28 Feb 2025 09:14:57 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BN2PEPF000044A4.mail.protection.outlook.com (10.167.243.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Fri, 28 Feb 2025 09:14:57 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 03:13:14 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 12/19] KVM: SVM/SEV: Secure AVIC: Set VGIF in VMSA area Date: Fri, 28 Feb 2025 14:21:08 +0530 Message-ID: <20250228085115.105648-13-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BN2PEPF000044A4:EE_|MN0PR12MB6270:EE_ X-MS-Office365-Filtering-Correlation-Id: ea734084-93a8-4e32-c425-08dd57d85f0e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|82310400026|7416014|376014; X-Microsoft-Antispam-Message-Info: 5sED9Xx+FQfcll7bKSOhVECSvMi2s2XzFvAyB95Rt15iZmpJg/sL8bCAk6/ZO+EgJeU9UaSD9/pPg1CbAx53JgkMmiIkxGQkef+wmZSv1s71C5Gvoe5Nz83Ce6iSumzhvwt9udiTqR7H5AfLavBtZnqS64ZiFIdvmFDdxudQGqOdXwIi9Q0xNHr2KjT9daZ9BNEInDW4n6mKzuPhpHjl4PARg5SLvkAB5MMeWQnn/jTFC5G0fauAeU7oGvYLQp7Ig+fD7lANDuhEE3OFkgWEC7mXJG8mlKklaMlCf58yFppmABt4GHiKIeaiyam5iUM1uNBS/q3+KzDxUFjC318SYatYtLPlXXKJEO8+nLGVWgD7mveXDMA1n7GURm1sT9edMTY0hfo/eex6hbwMGrALypGswpJCTCTrME6eHxMsCU/t6oiz6TuVTPp3u6dZBR/4Tc2wYV2a+u0H/P/BfuTEMoRHmE3tb0TMBiboPXV/3fZuiY8uXfjHvNaMcmOzgfpWdBPzyvXNBAXf6ToT9MUU8f+0LHvGMhceFXhJwAqgN29Tk2fgEehlPwFD5whM9Zl1SczXnF/UzSGP6xZuJuRr2wRCnKFGvkl94PcR8332+jDIsu8xT/iVkEJpFufG0Q9a1EWLbXv/UpEFE5KQWKhvMdrHv0q8JC/x92bw8tYFI3zqHBvo4brDICetMT9A+Qv7U1fqxtxcLfgbJKuqzarM5G3/saiwJIinI+QAF6pqwl2+NXLOYgtf6nk+kBx3tnPg031qPW3K2CZpOPEEW3xfNuS/xBgEZo4Wb6kaSBgjyvr8bFZlY0fe7qWFHS+GFXQFf54Ff4w1z0RO8HsH4HG+BL9m+68oRF5ljDB8QB1mwPKzL/nYlKbcNFvdiJoyWrOptaXG131Z5fYomygV1ppoSldryNj3/K6MLsi75zKxhVXf3D0R4BKuTmbVcC+q9braA45PnuVzYSpolkopycs/Ms7QBBkzq/tJf93g40rokBrxd6SBegjZmgpEzQn1MqJLaeXH5ZVBuGwlxSA/5SrcTddAS2lX4Rg1T5GgmhO3Bof0FFkLAitOgMyAu1nQhpkjPEvcMiYlgesGEj7DWhadbSWzulXjCIZiBpCXKTInZw+23a95PAPxR5D9PvozNCvGtolbcCAYW7A43GMp1JyP1NiwG05nhfuNDMuVrerA99I+JFw4sH3PoQBAgSCQRgBBp6Hty+H//z3zHaEo3rzZOOez5OUA9qIWSLChvKgzK+5s8DRTloBcTDpoavMhaFf5+svIxPCkjU529wgCxwbmUakTOKwrIYfPzUfSfHlP+/MRehfyJKt4rLjDkjL3MKOdCdRyxJdCeek6jEoavLAEh81feTIuArUslqgx2GqPIM+GgCEewf7EQkLFG56bz6/G3EVlyX4eJH0dVG16LF1EQVxLotl4dgZ2szs6K+GtCFPqOFPfgJ9dltQ73MqHzaZcwAvZPNYm29HmjCrdaEjMDV3tKXIHiERWUT9cVimiXYw= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(82310400026)(7416014)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 09:14:57.5209 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ea734084-93a8-4e32-c425-08dd57d85f0e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BN2PEPF000044A4.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR12MB6270 From: Kishon Vijay Abraham I Secure AVIC requires VGIF in VMSA to be set in order for interrupts to be delivered to the guest. Usually for enabling GIF, VGIF field (bit 9 of VINTR_CTRL in VMCB) is set. However Secure AVIC ignores the VGIF field in VMCB and requires VGIF field in VINTR_CTRL of VMSA to be set. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- arch/x86/kvm/svm/sev.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 5106afc40cc8..07a8a0c09382 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -854,6 +854,8 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm) save->dr6 = svm->vcpu.arch.dr6; save->sev_features = sev->vmsa_features; + if (sev_savic_active(vcpu->kvm)) + save->vintr_ctrl |= V_GIF_MASK; /* * Skip FPU and AVX setup with KVM_SEV_ES_INIT to avoid From patchwork Fri Feb 28 08:51:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995934 Received: from NAM02-DM3-obe.outbound.protection.outlook.com (mail-dm3nam02on2053.outbound.protection.outlook.com [40.107.95.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EB9812561B7; Fri, 28 Feb 2025 09:17:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.95.53 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740734224; cv=fail; b=rn4K5cK2oggqnzQm8Lm1WpfNb8nC6PhRPRNZRWNUQVmC7250xK2/aMcYCIQLHyUEyWcAW+Vve/UzmgMmdtr9rB+QY4DNQ4QnNmAkhWiA+w2BT7JD2HOx6Y8pZd8QRESB9xPSH21PfifaqYrLxXYYv1l3D4INkD8G0sZWvKNqbIA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740734224; c=relaxed/simple; bh=EfeGP2NKoP07mW5811JxqfTNfEDlTPYXh8Xpw9gm90U=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Xnt68YwqeoUiUKllJHUErY7Hp4SUbg2Qz7QifKRi7eIZzliVEzcXbvF2Y5u8VX2VM2Daqx+cGMGWsMx8y0qY/p/G7OkjeJIf2RmEo8topWUS7967TFdG8BkpZSTYcdvYDOMeAEdDU4tbpKpY6ZnunfncxX5NrPkvyswubpFKfyk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=1ZpJRbV5; arc=fail smtp.client-ip=40.107.95.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="1ZpJRbV5" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=w5Rznzo9kcrUqeA0Jo39ES2Zt/UiZEYOx6yq36iVRkhf9CuZfKTDMiJ7U/XvkqY8j+fpMD5Z4yxd8m0lPb2o3CxDPhS5BN+bLxA9pviqy72pQQhyClbY1ofrwVskUQGWXWCP/0RUuBdzVbr2SXIl6NAzfoUWRUfhCpkRb/lRC2bvGf5hh6VsGTptUzxnLBKNXlzNXk8c1nQQ0lQtx8+YEJ2PPjGhM7ZbCtr6+jlVQaIVtTp2I0N9f9e3lidjiVjUOmm1xMw4w2sgo/uSmjEl7qkEWDF/+gx6YmgrADSuqmFZ4Bluucntj6dQTcvZuBUlkgfFPuNfIQc4gCTXx1De4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LxkZxrYMaVXrGEGfXJAVue1rMTnE+YRD8CFORz1BnSo=; b=nESVjNytO4wknYFWE0ebW6Z4WQgcJBSjRIP+hlOrVtT1yG+g2o193oG1NouPO5zkSJ4VvlPu7bSiaFwMODL2KwsArkOhVUn7+mgmg8ImKkSsspXiq10FXouOZrVQDfPLajwFAIlJpBPMiRJhK8kDm5BAAV1XIkkr2fZpu0CMWenlkptwn6CylSp3HiszIMY4dl7XaxbTRIHhf7aN84UYyFLuCimP0rx/KhDOKBTSWjTcOQNi7vjyStf00nBNiUggOnq6nOcRxRwY/AxwFgRWAK9Dt0b6iJJJhvnBr3i63xfpOlLNWNvaXH1mDRbcLtZrtZpGWbzujgBfQcYfJ77lOA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LxkZxrYMaVXrGEGfXJAVue1rMTnE+YRD8CFORz1BnSo=; b=1ZpJRbV5rBc3+73lMEFHxVL9mL/GCww6erkDAfUtnk6esfIpcSdb4fmR5rl6Qrfu4v2ftG04ZkHGM8lZVEdjBxerG59KRinZ4UMD5ElyrfGS7zk55YGEEWemIXDnFLIHDq/bttxXjsJW12AUzzR0u9BXnbb6zdMk0OSmU/FcanM= Received: from MW3PR05CA0010.namprd05.prod.outlook.com (2603:10b6:303:2b::15) by LV8PR12MB9261.namprd12.prod.outlook.com (2603:10b6:408:1ed::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.18; Fri, 28 Feb 2025 09:17:00 +0000 Received: from SJ1PEPF00002318.namprd03.prod.outlook.com (2603:10b6:303:2b:cafe::a4) by MW3PR05CA0010.outlook.office365.com (2603:10b6:303:2b::15) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8511.9 via Frontend Transport; Fri, 28 Feb 2025 09:16:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002318.mail.protection.outlook.com (10.167.242.228) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Fri, 28 Feb 2025 09:16:59 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 03:14:08 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 13/19] KVM: SVM/SEV: Secure AVIC: Enable NMI support Date: Fri, 28 Feb 2025 14:21:09 +0530 Message-ID: <20250228085115.105648-14-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002318:EE_|LV8PR12MB9261:EE_ X-MS-Office365-Filtering-Correlation-Id: 40364b00-90ba-4a4e-d8ec-08dd57d8a7fa X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|82310400026|7416014|376014; X-Microsoft-Antispam-Message-Info: H52H6lmHYHN5ER9a7q+7Wx/76kTXBsZ6waTSqOLW63CC+Y6bWx0ryqOQ/ohbh204eZpjT9MZPlS4FTgdAsKzauFpfxOn4MgTcaVdGa7BcNhK8WbIqL+pqLOHm3sJKpF/Jsz+xkDAT8dGBZCJOZcdgAtk2xuQMU3feE5m1bjqrssFwARZ44pqQrb+UL2m64O7vQfZ2zg2NJP0mSlS2ub+kyD5gcoVC5u6S7itbmTCTG2tMpCKtT0h3MdtPMqh7Os8pZgYU1yR9xDaGJ3RcJ1iIa8wQDvm6V1+w0wTIAxX9arl7xty+dv8EQPVWKqZX8pUL78xw0/ee4JcbYOj+Pnc/WjnqVBXlS6NnDQ5ygMAOIrC0pZEP3/6zOEZPFIb3otu8xOnlvPXf/r4nowyPS4v/w0y3XhBfIdY7z9xu2E6JMxh9yy/wGrYp5AgYz4qdUaAJihcEqC8uq9R83Elrg/u3b/M31QSYeGI9fJE4qVrJoOrM1RfKMGBHeCnaDm2an5AiUHougpemfauRfhqgH7SdchIwyvs5xbEu/8jveGgR1+em8eqF6aM1ySuaKegG1hXi7x7osVJjrknRqkS29LKwYxZssMMIzrEHhOyffJRwKqPytEHtq8F3fdLGVam955E+qIZnTcrHMLFNvPFLz/11pntHrT9kz91yiJijBHc93WdX54ZytF0Ohh94LMlCpu6Gvi+eeguMnDFJqzKFIUo57TqgPXXbyj2P7sHXlA+8Pd4/DncMopQu4iXo3S2mtcg7RKRz3iKnS17HHxrLWoOe5UlTnsFCPdMTqHETmwt6NyCKm2GxQSbs1q0cz+j4VB1TJK6XP/8ehjtUzi31YUo7KPgo2Jf4ZQDI2k0hSslo/w8i+kkUya6/3Q1sW087uMCp2FxVNrYc1/tpf5Iq4XLmi4fI3p0AFLJQnPA0kmoijJiETFUNLNi1rgqO5/JM7qd8BnhmQJiKxub6FVJW7pydZwszwXdxyR7GYF01ReHa3EmpBruRj31zskUDcy1EtqhqlB0Obzkb1D2jNPfqcmRXgHbf08JD/Pvv9N29v3YNNL4aZyFhmWyv9m2C73R4LvlTPghs6d/2yUWQXC1ciNjhtT4V5b8vRnzUy5idjWhWx36zFSqzh9rSR0w0TF9OIot0sa5mTJg4GYVRu7cbwT71kf4IFmXFoahVXXzCnrQTb5asbkWTfu/+/xhYl4PLFyoC+yj32BGivF/hIVY/5QH7YIULGVZg86JppL/k3wJx5NvX+NCgme0yquznrAsSmxomVgM0nVTe7Id82sQq47q4Wo5B7mUUUyc4aF9fOj2gSS5AkG9wNQD0dlLd+PBoaVJkx/m82G4zwwfOiwQTtrrwir1mFZ9mxbkmHBQ3AvpbjiGBwzlMBQJR7dTjLfkcz8PxsoAcnN0QD0NrFmBVaYsCr3u85sPumphhMxVs4FI6u6GoYsrlHRsaWgipdo/IpoLLJ15pjqSrJDTBDmSsc3e6iMn07oLkoftOCE2h2XEvQg= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(82310400026)(7416014)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 09:16:59.7546 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 40364b00-90ba-4a4e-d8ec-08dd57d8a7fa X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002318.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV8PR12MB9261 From: Kishon Vijay Abraham I Secure AVIC only allows vNMI flow for injecting NMI interrupts to the guest. Also, Secure AVIC hardware manages NMI delivery to the guest and can detect if the guest is in a state to accept NMI. So, update NMI injection code flow for Secure AVIC to inject V_NMI and allow NMI injection if there is no V_NMI pending. In addition, Secure AVIC requires V_NMI_ENABLE in VINTR_CTRL field of VMSA to be set. Set V_NMI_ENABLE in VINTR_CTRL field of VMSA. Signed-off-by: Kishon Vijay Abraham I Co-developed-by: Neeraj Upadhyay Signed-off-by: Neeraj Upadhyay --- arch/x86/kvm/svm/sev.c | 2 +- arch/x86/kvm/svm/svm.c | 56 ++++++++++++++++++++++++++---------------- 2 files changed, 36 insertions(+), 22 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 07a8a0c09382..40314c4086c2 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -855,7 +855,7 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm) save->sev_features = sev->vmsa_features; if (sev_savic_active(vcpu->kvm)) - save->vintr_ctrl |= V_GIF_MASK; + save->vintr_ctrl |= V_GIF_MASK | V_NMI_ENABLE_MASK; /* * Skip FPU and AVX setup with KVM_SEV_ES_INIT to avoid diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 58733b63bcd7..08d5dc55e175 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -3625,27 +3625,6 @@ static void pre_svm_run(struct kvm_vcpu *vcpu) new_asid(svm, sd); } -static void svm_inject_nmi(struct kvm_vcpu *vcpu) -{ - struct vcpu_svm *svm = to_svm(vcpu); - - svm->vmcb->control.event_inj = SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_NMI; - - if (svm->nmi_l1_to_l2) - return; - - /* - * No need to manually track NMI masking when vNMI is enabled, hardware - * automatically sets V_NMI_BLOCKING_MASK as appropriate, including the - * case where software directly injects an NMI. - */ - if (!is_vnmi_enabled(svm)) { - svm->nmi_masked = true; - svm_set_iret_intercept(svm); - } - ++vcpu->stat.nmi_injections; -} - static bool svm_is_vnmi_pending(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); @@ -3679,6 +3658,33 @@ static bool svm_set_vnmi_pending(struct kvm_vcpu *vcpu) return true; } +static void svm_inject_nmi(struct kvm_vcpu *vcpu) +{ + struct vcpu_svm *svm = to_svm(vcpu); + + if (sev_savic_active(vcpu->kvm)) { + svm_set_vnmi_pending(vcpu); + ++vcpu->stat.nmi_injections; + return; + } + + svm->vmcb->control.event_inj = SVM_EVTINJ_VALID | SVM_EVTINJ_TYPE_NMI; + + if (svm->nmi_l1_to_l2) + return; + + /* + * No need to manually track NMI masking when vNMI is enabled, hardware + * automatically sets V_NMI_BLOCKING_MASK as appropriate, including the + * case where software directly injects an NMI. + */ + if (!is_vnmi_enabled(svm)) { + svm->nmi_masked = true; + svm_set_iret_intercept(svm); + } + ++vcpu->stat.nmi_injections; +} + static void svm_inject_irq(struct kvm_vcpu *vcpu, bool reinjected) { struct vcpu_svm *svm = to_svm(vcpu); @@ -3826,6 +3832,14 @@ bool svm_nmi_blocked(struct kvm_vcpu *vcpu) static int svm_nmi_allowed(struct kvm_vcpu *vcpu, bool for_injection) { struct vcpu_svm *svm = to_svm(vcpu); + + /* Secure AVIC only support V_NMI based NMI injection. */ + if (sev_savic_active(vcpu->kvm)) { + if (svm->vmcb->control.int_ctl & V_NMI_PENDING_MASK) + return 0; + return 1; + } + if (svm->nested.nested_run_pending) return -EBUSY; From patchwork Fri Feb 28 08:51:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995935 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2074.outbound.protection.outlook.com [40.107.237.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ACF8C24DFF5; Fri, 28 Feb 2025 09:18:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.74 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740734336; cv=fail; b=FqWb9s6VSMaRiSYBl1WMfL7w/rIHMHwAagPSivHRWeUS9emG9a3JyPifIsWyzNDGnKwuCjTehbnjODF5im2JfJXYuFmniQskmioB/RLesBr+gpGCdALxWYMeXKW29Ajsb/4Lud5DUCXvhZAuWQLo+YGtovKD+mDFe8m+WqWqAVk= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740734336; c=relaxed/simple; bh=kduU1XC5es3TnjditFVb994gpJtps1kz6t+YZ8vQG/Q=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=oITCUE43ET03tB8dqgusLb/eDktXYyh46mBtkavwjcbpisswpADgOKwrEGGpV9W5NqqCD/jo+PcTrssZWuusTrIQXtCy3XM5uiqfjxfrlWzUKU9pH73PBSGcVtFrmV6kR6YuUr5omitsEXFRLofAIRy+Wuypk7/wStvwvriLK74= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=0IA5aiDl; arc=fail smtp.client-ip=40.107.237.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="0IA5aiDl" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qp1tuYPO7wfzv3VNWyieAB3Mvy/jS38O5jZa3ed83+klED70t3a7+TRN308h/5fHTk/Icl1YckLh4OTQOZ6bFpOKxJIrCe6bfgYVmW8sR9CV2aLkLe+jgCYqcW3F3QHkN1CZ/d9Sd0xhTzAE4V7Dc4jXFx5M4iA4eEkuJm24VbCrlEYnpjToop9ZSeMQizk8tWtuq2zkmMNj0gQxy1Cp5demJzEZ6eI6ai3dkozDxhvZRY4PIGjhBfaKuFzdKNnAVclVvPnIh7nn0nisb+a/QPtSeOpAWe7bnur26sLfx5j+7DkJ/sTPG87RZLYT8jdOK+t1hE5Av3cPRzaOULug4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dsSkb1coara77qY5f1uZxJboPiy9PEgzbZcCWKgLhtE=; b=Ei3NZYdLQTLwTmTgHxcfwyTEUM3mrNd+NOmHKU5HICWVTceHQPv/d6LN+u86gMI1JNWq2jgMnhQWBT3IVz4RDJwCOSRgFyvwfeX/pMgMQb5a5VzDpzq1L1Je8J54RSNApWWs9CULdisrxfAw5uOyIYrh7h1rhGDSc0aQ5jdckquGiqkhK4r6EhOH+jtlTmYl4Ib49sJi0Qr/Flv5vkUVFopHF0CabnIiBzkSrvgttzYQO0yRZ+TmRqys2f1A+l8t2Ms6ixkXEHfxq8V6CUaJcDkTACsYLJu5fmzd0VBNTMiNfMz46uFiobvkt9T6dfwb0e9/+ZFVkyk8QbYPe6hF+w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dsSkb1coara77qY5f1uZxJboPiy9PEgzbZcCWKgLhtE=; b=0IA5aiDlEZb7NSKB28cisMMULSlYOKHyD7/iL5rO+DROkA5AWldn2W7jtYU9REUhxc/ffvvAFEgMt/s+DgZi0y2s3TxtHGfIJpppqggX3RDk4ilagj7P8UKncbnw9ATDCg1NbesKupnkWkQp2viKY/jnM4Jigi/TWk/suLCo36Y= Received: from BY5PR03CA0003.namprd03.prod.outlook.com (2603:10b6:a03:1e0::13) by CYXPR12MB9441.namprd12.prod.outlook.com (2603:10b6:930:dc::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.20; Fri, 28 Feb 2025 09:18:50 +0000 Received: from SJ1PEPF00002318.namprd03.prod.outlook.com (2603:10b6:a03:1e0:cafe::f2) by BY5PR03CA0003.outlook.office365.com (2603:10b6:a03:1e0::13) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.21 via Frontend Transport; Fri, 28 Feb 2025 09:18:50 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00002318.mail.protection.outlook.com (10.167.242.228) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Fri, 28 Feb 2025 09:18:50 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 03:16:11 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 14/19] KVM: SVM/SEV: Add SVM_VMGEXIT_SECURE_AVIC GHCB protocol event handling Date: Fri, 28 Feb 2025 14:21:10 +0530 Message-ID: <20250228085115.105648-15-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00002318:EE_|CYXPR12MB9441:EE_ X-MS-Office365-Filtering-Correlation-Id: 8c892643-e439-4b8a-8a0a-08dd57d8e9b1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|7416014|82310400026|1800799024|36860700013|13003099007; X-Microsoft-Antispam-Message-Info: =?utf-8?q?rmlxZK5Ht9xtvyy65I/nhFCOQmuM1iE?= =?utf-8?q?UJAJ1GNFcGYaNP4BcNe/fB4hzuhlFVNY4DcLjFysZWvplFFFT9FIfub7BgKE3vQGi?= =?utf-8?q?X89rHLFKga/BREzlinHNmZr/rjdxLoSRxqQQTpcdXXCfgDxMbfoIFXTgQf0DuxyH3?= =?utf-8?q?PZOvDoYA+kLsDxmcgHGwmzDlO52gQChG91ShPojmvZSyW3KbE3lf9cN0Yoj0Qk7rf?= =?utf-8?q?Nb3r2QNTfEvHWThTolgO+YoCoIlrRPwQ7YR7DN4Ch4XSGE6OTcYTlcqE36l1NZdMg?= =?utf-8?q?CWqU/uDq1IZq0bXbw7oqmr6G6WOi6i1Twf6YJQbc4sutUfjfTBFrYwdA2k1RVIH55?= =?utf-8?q?c02CjmTRpnaSg0APa9MtIOkDL0fBAcyIL8ZLw0DMrsuNKObZ9fjJnKkqfaCmkan3J?= =?utf-8?q?3rAqy7/d/wwG4CjC09Mss0mdQQCEllZksaBQV7QJCWg7Hyo0FHrmRYHAObbGdC1lt?= =?utf-8?q?0SDrRcvxNIO/lMTvymQhSRzAPabkDie9Msg5rJq4iuRFF8LDW9aQSyDvfgGggYBGv?= =?utf-8?q?G92zY+KbqglkRQhaH+Sm6ctOBRu7viwNL7cy7m4Yu+JNZOZ9neqRosu2l3yBxnb5M?= =?utf-8?q?UShMiE4+k3SFfJ+AoMzYdWzUycga7F1GjK7n11q9xlpPEPZoRybQy2trQV5JSiLKR?= =?utf-8?q?fF1nbGJG80eICo1fvMRJaCBEnNPmBuX8KBzO3O7WbMBNklXRoSb6r7e5eW+Mo8a9F?= =?utf-8?q?mo/lK8f/2PIspKQyOMKYNEOkkwXUKxDxn6OXFWYZ0wOAlJnu+xj18w0UJKMl1qu69?= =?utf-8?q?NWGZbu9nvfDv7EIdVFgc0ufqkF2Fg0tuPHbaXx1fEei8EXpF36AzqKtM66+6LMnEX?= =?utf-8?q?yM5TByscCTWcgsVIycjAmEsjLViKr8v4so8WNdKbdd2owiaUi2YNdrFEql2+S1ter?= =?utf-8?q?ypCoIWAxV3hiE4u++SwPWn2IEBkifEBPlyMah+tWKVaXsW1P9jade0JiQPFrG9u3K?= =?utf-8?q?2SBawN2QHwCG/1IDtxT4RbqteCy26Tcfu5pbGQAyPPl9Vy1vTT7PYtUqxYk3a0X+h?= =?utf-8?q?9RLoAkbe4/6sbinMIuHL6X3yK3Sqky9uN7e4EkrrVXWfVqFBbZKL4UHP8N2mDXAmf?= =?utf-8?q?toBhq2tTMtaNPlheyt/nqX2+JfGumydRiT5guL0Yhk8tRZE5n5NFOP9ZhpFivMPZ9?= =?utf-8?q?Uh2fZETx891I1i0V/ZzIeafg2DH7kDQB/iypGqzR7Cd5fK8EWQ6qmunbxHm56EYZ9?= =?utf-8?q?Q9CPVUNy4OgYCcGb5UjbGcuV+fXVe9i0WDk6lVISjMLIajrJMtxIuG8mxfiaEc/uL?= =?utf-8?q?FOVpMi6RfkqAgEnwRwKgQpCFbAnbEC+0e9wLP3+beqATS+VAsNMJZ7o5m+n58sM0w?= =?utf-8?q?z+wrGYkNSC/OK3IbkIO0Ocs7qcMBoSOU/mowZq/StHPfqaDw6YLasNFjgDMfh9y8M?= =?utf-8?q?8iIwhdt8Tah?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(7416014)(82310400026)(1800799024)(36860700013)(13003099007);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 09:18:50.0038 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8c892643-e439-4b8a-8a0a-08dd57d8e9b1 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00002318.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CYXPR12MB9441 This GHCB protocol event is used by the guest to notify KVM of the GPA of the APIC backing page being used by a vCPU. The APIC ID parameter is used to identify the vCPU to which the backing page action is related is assigned. An APIC ID value of 0xffff_ffff_ffff_ffff means that the backing page action is for the vCPU performing the call. Secure AVIC requires the guest vCPU APIC backing page entry to be always present in the guest’s Nested Paginge Table (NPT) while the vCPU is running because some AVIC hardware acceleration sequences may not be restartable when Secure AVIC is enabled. If an access to the guest's APIC backing page by Secure AVIC hardware results in a nested page fault, the BUSY bit in the VMSA is set and subsequent VMRUN fails with a VMEXIT_BUSY error code. VMEXIT_BUSY is unrecoverable in this instance and the vCPU cannot be resumed post this event. Two actions are available to the guest to notify KVM of these pages. • SVM_VMGEXIT_SAVIC_REGISTER_BACKING_PAGE (0) A Secure AVIC guest should use this action to inform KVM of the page-aligned GPA that will be used as the Secure AVIC backing page for the specified vCPU. To ensure that the backing page NPT entry is present while vCPU is running, KVM does a PSMASH for the GPA if the corresponding NPT entry is of size 2M. Without PSMASH, it is possible for other allocations to be part of the same 2M page as the APIC backing page and any modifications (page state change from private to shared) to any one of those allocations would result in splitting the 2M page to 4K pages. This would result in zapping the 2M PTE while APIC backing page is potentially being accessed by Secure AVIC hardware. Setting a Secure AVIC backing page GPA automatically clears any currently set Secure AVIC backing page GPA. • SVM_VMGEXIT_SAVIC_UNREGISTER_BACKING_PAGE (1) A guest may use this action to inform KVM that the previously set GPA is no longer being used as the Secure AVIC backing page for the specified vCPU. This removes the requirement on KVM to ensure that the specified GPA is always present in the NPT of the guest while the specified vCPU is running. KVM returns the GPA that was currently SET or 0 if there was no previously set GPA. Co-developed-by: Kishon Vijay Abraham I Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- Initial GHCB draft spec for the new GHCB event for Secure AVIC is at: https://lore.kernel.org/linux-coco/3453675d-ca29-4715-9c17-10b56b3af17e@amd.com/T/#u The GHCB event has been updated to pass the action param for GPA register/unregister. The new GHCB spec will be published soon. I will share the link to the updated spec once it is available publically. arch/x86/include/uapi/asm/svm.h | 3 ++ arch/x86/kvm/svm/sev.c | 58 +++++++++++++++++++++++++++++++++ arch/x86/kvm/svm/svm.h | 1 + 3 files changed, 62 insertions(+) diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h index ec1321248dac..0a1e8687f464 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -117,6 +117,9 @@ #define SVM_VMGEXIT_AP_CREATE 1 #define SVM_VMGEXIT_AP_DESTROY 2 #define SVM_VMGEXIT_SNP_RUN_VMPL 0x80000018 +#define SVM_VMGEXIT_SECURE_AVIC 0x8000001a +#define SVM_VMGEXIT_SAVIC_REGISTER_BACKING_PAGE 0 +#define SVM_VMGEXIT_SAVIC_UNREGISTER_BACKING_PAGE 1 #define SVM_VMGEXIT_HV_FEATURES 0x8000fffd #define SVM_VMGEXIT_TERM_REQUEST 0x8000fffe #define SVM_VMGEXIT_TERM_REASON(reason_set, reason_code) \ diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 40314c4086c2..77c1ecebf677 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3400,6 +3400,14 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) !kvm_ghcb_rcx_is_valid(svm)) goto vmgexit_err; break; + case SVM_VMGEXIT_SECURE_AVIC: + if (!sev_savic_active(vcpu->kvm) || + !kvm_ghcb_rax_is_valid(svm)) + goto vmgexit_err; + if (svm->vmcb->control.exit_info_1 == SVM_VMGEXIT_SAVIC_REGISTER_BACKING_PAGE) + if (!kvm_ghcb_rbx_is_valid(svm)) + goto vmgexit_err; + break; case SVM_VMGEXIT_MMIO_READ: case SVM_VMGEXIT_MMIO_WRITE: if (!kvm_ghcb_sw_scratch_is_valid(svm)) @@ -4511,6 +4519,53 @@ static bool savic_handle_msr_exit(struct kvm_vcpu *vcpu) return false; } +static int sev_handle_savic_vmgexit(struct vcpu_svm *svm) +{ + struct kvm_vcpu *vcpu = NULL; + u64 apic_id; + + apic_id = kvm_rax_read(&svm->vcpu); + + if (apic_id == -1ULL) { + vcpu = &svm->vcpu; + } else { + vcpu = kvm_get_vcpu_by_id(vcpu->kvm, apic_id); + if (!vcpu) + goto savic_request_invalid; + } + + switch (svm->vmcb->control.exit_info_1) { + case SVM_VMGEXIT_SAVIC_REGISTER_BACKING_PAGE: + gpa_t gpa; + + gpa = kvm_rbx_read(&svm->vcpu); + if (!PAGE_ALIGNED(gpa)) + goto savic_request_invalid; + + /* + * sev_handle_rmp_fault() invocation would result in PSMASH if + * NPTE size is 2M. + */ + sev_handle_rmp_fault(vcpu, gpa, 0); + to_svm(vcpu)->sev_savic_gpa = gpa; + break; + case SVM_VMGEXIT_SAVIC_UNREGISTER_BACKING_PAGE: + kvm_rbx_write(&svm->vcpu, to_svm(vcpu)->sev_savic_gpa); + to_svm(vcpu)->sev_savic_gpa = 0; + break; + default: + goto savic_request_invalid; + } + + return 1; + +savic_request_invalid: + ghcb_set_sw_exit_info_1(svm->sev_es.ghcb, 2); + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, GHCB_ERR_INVALID_INPUT); + + return 1; +} + int sev_handle_vmgexit(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm = to_svm(vcpu); @@ -4653,6 +4708,9 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) control->exit_info_1, control->exit_info_2); ret = -EINVAL; break; + case SVM_VMGEXIT_SECURE_AVIC: + ret = sev_handle_savic_vmgexit(svm); + break; case SVM_EXIT_MSR: if (sev_savic_active(vcpu->kvm) && savic_handle_msr_exit(vcpu)) return 1; diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 62e3581b7d31..be87b9a0284f 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -329,6 +329,7 @@ struct vcpu_svm { bool guest_gif; bool sev_savic_has_pending_ipi; + gpa_t sev_savic_gpa; }; struct svm_cpu_data { From patchwork Fri Feb 28 08:51:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995936 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2076.outbound.protection.outlook.com [40.107.93.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 32AE424A046; Fri, 28 Feb 2025 09:20:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.76 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740734412; cv=fail; b=a3iJmaZ1PYRKjYYSdnYh+zlfaFJfUaDhuBBFNwLvjgw+M6P0ffX58Bj2QDEx+lxzPhARjRQwpjOtMvcgQbJh4QOeEet9W2kRsuxqrDAceCJQ2i6WDc9XmJ5YpURnf+16FqjxFOQ/Zl95Ur95E2puua9gsOyb71j66LCK7GRkU0s= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740734412; c=relaxed/simple; bh=rEC0FQUnur/2ZX1Tf325HoNeMuvn1BfVbCvsH6F2kHg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=u1lFjSAHACzjB1Bzyu9X69Lp+oliBcN2GravzAwFFL/BPzu0l9j62e24s5sXnAsP6QKa4cUxGfCu6ufxqthTAugxeoT0QN/tSoBDOjO2vkiLAwAwBN+GXT3HyL2iih4NI/QAF5XqTAFUj9L4f0wBl26SiDS7zDoQ5UC/aldJdhQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=lFui7bVZ; arc=fail smtp.client-ip=40.107.93.76 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="lFui7bVZ" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=k5QoNEIaBX+HoZdDX3Dw4J1LTM6K9hS/3jYyT+ZxyOldG4Y0JP5ozuJqu/kT9Cp2kpuNHeURPtBr4yM7xlN9xbYmProwj+aKKRGZAXMIZiBRfTBzAMhjFDbdljclPTW8pimRyyhcb5u8+bnz3wXr/yV1HIKZSB3GnlNKZE66oP5TuZZ0vhBReIDT2qf8Kp35VvDM/5fnmL1LCWeNVIeeLlV2EyIiGvIeaPRpL6Be8Ovvm1JYxMEFfkITWBrkIM1kXgGZOuR4K+AAYk3cWWNRc/qrdldhnSEL0PdjoY+Bn4Fnwd0fIIrNlfpUXtgW20Rc+HNSjJnq+RBZptEUfkd42w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iV4dUZWIb4SIYuyRMmbjDJ9dqKszHI/fEv1ypcKKJRA=; b=dXWKr2SB2x2XZ6Sr7Px9jgelskBNqX1/t1IJlLDrQPU9Ay5AU/jaV+KR6TCEUatFCB19rlwEj3niTgvFjsPxTAFhfWkXYhXsFei8SKsZT1IgNFzKL9fDMc74ndervKgfzb9YSv0TeAj5hQX6YIMAqH36+dZuWgEd2+wuOMT4SFK52Ey2b2Me/4fJGt1hrFZ6TbxoOe/XbOg71AZoKk4SgKVqrBH+3/w3bFiluTmcouh92A9DZnC3fPsCMmtfUWor/rgdBS5JZHUpxzJ36OiqvTQP/lfGm/MJnW/rffPj9DHUL+jXDv8RVJ4AdhUmQCip6zkIZ5riwPfZbnWTy655ig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iV4dUZWIb4SIYuyRMmbjDJ9dqKszHI/fEv1ypcKKJRA=; b=lFui7bVZ+gur/pgYfMM9HbwGhS6fwVtsaq+mlBXwil4OkBhp+FoWYXB+NmFXf5V97BlSMBuFJlYosX37MHIOg/q+nEjQbtFuL6jj+4hKPKO7i5W2LrLVgmtsdgWKtbWsxCinEVhWF9QL2K8Ddy64beM5tIcinE+WNBSGH2+p6Wo= Received: from SJ0PR05CA0048.namprd05.prod.outlook.com (2603:10b6:a03:33f::23) by PH0PR12MB7907.namprd12.prod.outlook.com (2603:10b6:510:28d::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.22; Fri, 28 Feb 2025 09:20:07 +0000 Received: from SJ1PEPF0000231B.namprd03.prod.outlook.com (2603:10b6:a03:33f:cafe::22) by SJ0PR05CA0048.outlook.office365.com (2603:10b6:a03:33f::23) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8511.10 via Frontend Transport; Fri, 28 Feb 2025 09:20:06 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF0000231B.mail.protection.outlook.com (10.167.242.232) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Fri, 28 Feb 2025 09:20:06 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 03:17:45 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 15/19] KVM: x86: Secure AVIC: Indicate APIC is enabled by guest SW _always_ Date: Fri, 28 Feb 2025 14:21:11 +0530 Message-ID: <20250228085115.105648-16-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF0000231B:EE_|PH0PR12MB7907:EE_ X-MS-Office365-Filtering-Correlation-Id: 50557dd6-7189-4aee-85a8-08dd57d91772 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|7416014|376014|36860700013|1800799024; X-Microsoft-Antispam-Message-Info: HOIpdHFbCKA8lgWJfzNXfbUqMmkQxqVcA98zyODBP4zYUTyqpcJdiH5fyL3EHrAUEkDOlsJenwroAot3lRxE/QLDD02fOIPaYsDAXdSD7Lj9yeggDGw32+UhCB5GUiMFpQDmKgbnd/18kvjvy9fkB6UQcxGXkU8WSFDON1SXCYQOoliPlMVRjcQzqZ5/TDJAUG408pXjuTK8PfadGJB/KO9M8Ugmx4rsVd5cAlT7L56IyDnkfC7i2CyNyKxZMp2TT8SR6w6zpmWxp0mIG9+zwzBATcR+ljlxf6mpSWA/yJkEKprG494FhnPSj5Nw88ag785GTV+nLgXT1zhPOG6qqbptZ2cApIir79Xzpi0t21Fm43H+ZYE/uwgo9JQ/W6EGqYrS3GLse3fS9s1KKdcB3BKRX895LI0vj5opFpAgSVb2+JOpes9RAfWVw8egsNoIw79s1VMIFbK198msRS9wIyO91LQCSJVwzuBj4esQkl1bucxZZpVjnDXvpWm6CGnM85x64+LCjIbk9Z4zG5dtmd2ky2pz/sPID8s7al/x2xLKHN6Btv4vIcG20VMAZMOBahMZEo3tRmnq9a2lCpZzauJ8lsl3hIhj7D02aPTGCRNsCzqtK+nbDPqRmfYdsSfreNcgzPKK13G8rlfeH4mz5xUZhwp1Hs8nzRij22apBDKGORChyz9tju7RlSIIc6XmllEGymTC88avq3Ya9nE1vxNFhB3zRUeLAaWsVGpG2PEqHadmt6dtvHYFZK1vfhZ5sOtPIrxnF2vAdMs1YTksdft+jrbEAwqFte20Xrx6SO2xBI2tWFeHSw6EwgxzF9CwhiY8O0Zx7zWeAQnYKHdFXMHOpqIjuH0aETAneOV7Nd+FOZeHGyZx7nvBUPWb2jJvyY0FRYI3+0hNASQ/Kzu27SdGAmnlMoAq4He20UnKzFHUhvCHdTC3fCwt9Uxftbt6jkmNPGq/aR4okJViP1VnJLnuYpFlXCsaMohA1IIkss9mTztjhr9MacUcQQvRqaM/gYPtFbKvd8/od9d3J0lFaJwHK/TPiH75I4KKVSrabPWcegLYXphISNd23dQbAb5g4HM2sRbql+EhuPHt7dEzUqP873aP3mmjLGWyGj1+iH2AnTNuQODSJakyRYfILzjZLaREnYbLYUdUHGiJS4rVaEGPKWjBtKXPCO73I33Xsn2ZQEMDGdWasqv79BlkzZGwt4s7+6Fb2WdQJUQ19t8kneDFhX3wrRzO8ZV0e7VW2TdIQLVlZsBWyKj3JOzMPTBxw7ZkLYluR2ZfIIjKcLMN+yVvabYVLMS6Rgu6QBQkW+ZyTdGtEtmLeuGOyodOl+2oTcP5GnSzVQei8GqsjiDrRn1XKmfNvdZFir8Cz4eCe4ATfNoN21YikQXu29gaYZnzrtEJSr/cFPmNhfPfn0PaZV4aX/13x1/kvEBpPNSyv++9iNWtoaDEHSuk38Hx3YFAHb0zm4L5NS90sjgyBV9aAm3HQnVT7hm/9zja47/wR84= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(7416014)(376014)(36860700013)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 09:20:06.7817 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 50557dd6-7189-4aee-85a8-08dd57d91772 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF0000231B.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB7907 From: Kishon Vijay Abraham I Guest SW indicates APIC is enabled by writing to APIC_SPIV ( Bit 8: APIC Software Enable). However in the case of Secure AVIC, APIC_SPIV is not propagated to hypervisor as Secure AVIC HW itself can detect whether the Guest SW has enabled APIC or not and handle accordingly. To handle this case where the HW handles APIC SW Enable in the hypervisor, always return 'true' from kvm_apic_sw_enabled() if Secure AVIC is active. This would let hypervisor assume Guest SW has always enabled APIC and prevent it from taking actions it usually does when Guest SW has not enabled APIC. This is especially used when accepting interrupts to be injected to the Guest and for injecting LAPIC timer interrupts. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Neeraj Upadhyay --- arch/x86/kvm/lapic.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h index c9ef9bce438b..a1367689d53c 100644 --- a/arch/x86/kvm/lapic.h +++ b/arch/x86/kvm/lapic.h @@ -206,6 +206,9 @@ extern struct static_key_false_deferred apic_sw_disabled; static inline bool kvm_apic_sw_enabled(struct kvm_lapic *apic) { + if (apic->guest_apic_protected == APIC_STATE_PROTECTED_INJECTED_INTR) + return true; + if (static_branch_unlikely(&apic_sw_disabled.key)) return apic->sw_enabled; return true; From patchwork Fri Feb 28 08:51:12 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995938 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2053.outbound.protection.outlook.com [40.107.92.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BC1B6276D3B; Fri, 28 Feb 2025 09:22:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.53 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740734579; cv=fail; b=s6HDXv6OHRbrqFvLPlChiiEPi9FglQV6kV6DhFIaJTaEYsZhq3DinngreK58k6G3eYYSKYURWLfoyn6B21G70FjRqswZORLUbGVRcaDc7LHEwXLmJrGTr6Qy3CQ8XkJfOk0XpLw1FRC8a2bT+rQ0gAuHNHtg/tt+FrPimWb2ZmY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740734579; c=relaxed/simple; bh=y2yK87GmOElZx7YoojZ0MU/vatdks/OAxnvGNc+M38Q=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=e6UVD/sw4P6vcWoDk7icmKFRWjO/lZ3OPLzE+NmuP2vPqjh5p5/0fpxHeIs8zMn/CBefdAl9k2pDOrk2zaF8MM3yjFRC1y9PEq+dmlIoaBqVdFmUwyiaqtdFrNuNPpfjvwyXk9TvqXp9Er+ib55D0nQ0WPGZGkxsVWR2AXt3qrU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=zr1J+j1R; arc=fail smtp.client-ip=40.107.92.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="zr1J+j1R" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JneHbrRlN9XqtLVIRw+ERGl2KLTyT9UDntO/dhCU96IWbDLDnJBOw80kwPFIGTCUUPIxFvRroapBwGDosp3ifeQY7LAn2bB4jl0PtjOZjJ/SesKCGs0YVBQElCrtB1RnoVqcaClRwsI/M2JdoTInFFcK2lpVPO9o8/jnBzGgnQTcfjc3nUrc7CZmGAYkyu9sXyrQC+vU3Tacjo8dIGbM+yJYKOdrrGzk4WXWr0HldWkNkzoLIK/C7B7AOoWU8CApd8nBu9H52ETBRFE9sUxxYNI0FOmeLZdsCD2Ekp4QMNsIBSmhviz99sTNpT48ux5jJs3SAgS/o3MyOSyz4cybVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=c1WMtFLwBm619ady0UKmZ95YE9M2q0JzD4sS7SkelFo=; b=PtZ0lHenAVG01aPhSfSh6tlk+qQwhBWozX8LWSK6kbOzP7S/v4X+6Ad1Q5fmDXDkADY+uNSMIZXDz3lyPMj8+DYZc+t7RxG/B3s+dC3CcongYdO0XYYou1ci2SdW2p8Z4Ty+ijbunj8cBHBR6JM4GmZ3cAlePtChsrbfpbTPt2oUcOY0B1ZIq5Hn1Ovw5PW3fbad7vcL5GXSr92gPTgwzSRGzcJNzOWG6mLPFib0pi0+PuH2TYHLx1ej0XMbQ8JEclCgSAM2pCLiAUpyCXJS9fE0iIzRm5MPRrTkO1oi9T/hk0llkOsrYFTcqHldTDHYtrr2Qf7c+/fbje6iAC5HvQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c1WMtFLwBm619ady0UKmZ95YE9M2q0JzD4sS7SkelFo=; b=zr1J+j1RVFGfcs07r62iXx5edkQpn75Db5X2X6lu2aNxB8QHYWTDps1Qkr8HCv8qkmkTQr585S4FDKFSeFlopCryJanyMpxv5fguTK4iixSyT7ipv05eLD0b31FxJYMeO5CrKfjeysJofQwc4UnJCLggSj5NsT49CfWXCgK0PWo= Received: from SJ0P220CA0003.NAMP220.PROD.OUTLOOK.COM (2603:10b6:a03:41b::34) by PH8PR12MB7229.namprd12.prod.outlook.com (2603:10b6:510:227::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.18; Fri, 28 Feb 2025 09:22:52 +0000 Received: from SJ1PEPF00001CE3.namprd05.prod.outlook.com (2603:10b6:a03:41b:cafe::be) by SJ0P220CA0003.outlook.office365.com (2603:10b6:a03:41b::34) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.20 via Frontend Transport; Fri, 28 Feb 2025 09:22:52 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00001CE3.mail.protection.outlook.com (10.167.242.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Fri, 28 Feb 2025 09:22:52 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 03:20:16 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 16/19] KVM: x86: Secure AVIC: Add IOAPIC EOI support for level interrupts Date: Fri, 28 Feb 2025 14:21:12 +0530 Message-ID: <20250228085115.105648-17-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00001CE3:EE_|PH8PR12MB7229:EE_ X-MS-Office365-Filtering-Correlation-Id: 0d84d417-7d45-400d-f35e-08dd57d97a32 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|82310400026|376014|7416014; X-Microsoft-Antispam-Message-Info: flP6HIPp3RaVgGOSa1uDTM+8ZWkk89KE/a2p3UUiSEJLeQSJTrCJ7X009O6V5vOePNW+SOY0gpZiP86i196qhz96lk6RPGa/0JfjpO2sD0nB8XhA7ylubmgMfzTtzdL+tDqvtV4g61qC+ZfzhSAtFEQA+Xb6uxePUo0BTPyBBwkhbSPprLDDwUVrIEVne9U3ZxtQJn3rrymTbjEW+db3aUWv89jNSvfryckOacCky3z/zXXuICb1idjAHHXrLgrU1obXxqj0y7TgBAYJ5aTW3Uwe/8Y+o3XTMu2RUzzk0ckX83NCRxlz+pYwk1I5rxBQvkWSoN0JGQ6pERCYMS+1ofF1TB+wnx+Ar5G3LpNexzjVya/+0wsZY6vrbVv7ya2Hir1Xgd9HMW46gZYJmlq2xSttrDy6OlNwFBODmEabGzShPvalEGHJNfrSo4PmCOF5bsd4pHaNUVZg0+lp3m97bB9N/c0SbKOmVfCwnjxhBMRVEHPmm2FFTRN0WM7bKAn0931tE5UB7JsGN7q7ShwyE72v3fNazn1sqcQ1ddikO8oSEmdR3SF6mXrNS2oQEjj4ewvPLfNy9TQUoWPlLe3fmSykcnVExBpahqe6qka7cbKDauyTSuFIngnzZ6Jn5hGOAxAIlWoMUF+R3Emli8CAb+/t5OvWH27xpWIKDvE6yEaxhhaxrkR4LIPK55P6RGp8+MfmSXCmtJZ+VoHnt0I3DvFGAg9v9YkgTV+wbgB+C38kApdlzG6o9TlKhLeazn+lu87PQSMlfnGecm6m9RdZPU0ACU6ouNjmoWp+kVrqRI5DGEP+++dfwu996U04Yjh0Nb563Zq1aXtPUrLRSkE3waOx2jYDLomov1VYeiYEMuF5R0ZB8jh+s2EN/LeGT9SzcYhdYp7eiCqMhbWRUbxFwdTP0MsuOZj4E16+1dHzHjK9qfQmQUYc2vcN40OaOJOutyP6qIaG3bYTuNZblnn60t49h97TFYRv2FoSzdf/Qmj03r/E5o6R57yzgq2nGdF1fIDs3BbfskuTJcwbVYwXS5vIyTqhRW2C66Ieh23QiG6Yi78PqllJkI3Ij5lc/4p3XCc7l6TGwArk9sE8/dTgkmTYgmpx0co0EbzMRPRbXCu6buCQtfFxPok3yoi6FGLXf8Eq1QFExmbk50TuPXIObE2baQagMePkGhj+2b4PB4s61pXej6ozGgj7V1g19gT9QF5kC8wt8bwusY0NmTNmVNtr7E6cuqP7yfta13+XKhf3aCPspxz4UsYQY2z+hKFcWrpDZAHYTEEfwRPK2kbQ41sNjgm7/2IBlKVz66pgEEj5YzvMjWs/JkSosDFIviaCasrJzsnnf6wgI4hGYGpPxLWWy9OwEFXS43wRBvO39kCLTQoWa8L6qXMTSMztjy9aYyrL3FunZIs1lCBonqi5NtpRnJ/cua/0LV2QRe+3qs4/XIlbI4wUXxi7G/vrtC/giEu/QodY8unSFA8H/+YTF/MMvbvNakRkIWO7fyEkfRE= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(82310400026)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 09:22:52.4438 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0d84d417-7d45-400d-f35e-08dd57d97a32 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00001CE3.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB7229 Secure AVIC accelerates EOI writes for edge-triggered interrupts. For level-triggered interrupts, EOI msr write is forwarded to hypervisor. Handle APIC_EOI msr write VMGEXIT and propagate EOI writes to IOAPIC. Current implementation reuses unused host APIC_ISR regs space to maintain information about active level-triggered interrupts. As host APIC_TMR state is updated from IOAPIC redirect entry, host APIC_TMR is used to identify level-triggered IOAPIC interrupts. Signed-off-by: Neeraj Upadhyay --- arch/x86/kvm/lapic.h | 5 +++++ arch/x86/kvm/svm/sev.c | 26 ++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h index a1367689d53c..4e41c7ea4f66 100644 --- a/arch/x86/kvm/lapic.h +++ b/arch/x86/kvm/lapic.h @@ -159,6 +159,11 @@ static inline void kvm_lapic_clear_vector(int vec, void *bitmap) clear_bit(VEC_POS(vec), (bitmap) + REG_POS(vec)); } +static inline int kvm_lapic_test_vector(int vec, void *bitmap) +{ + return test_bit(VEC_POS(vec), (bitmap) + REG_POS(vec)); +} + static inline void kvm_lapic_set_vector(int vec, void *bitmap) { set_bit(VEC_POS(vec), (bitmap) + REG_POS(vec)); diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 77c1ecebf677..a7e916891226 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -4491,9 +4491,27 @@ static void savic_handle_icr_write(struct kvm_vcpu *kvm_vcpu, u64 icr) } } +static int find_highest_isr(struct kvm_lapic *apic) +{ + int vec_per_reg = 32; + int max_vec = 256; + u32 *reg; + int vec; + + for (vec = max_vec - 32; vec >= 0; vec -= vec_per_reg) { + reg = apic->regs + APIC_ISR + REG_POS(vec); + if (*reg) + return __fls(*reg) + vec; + } + + return -1; +} + static bool savic_handle_msr_exit(struct kvm_vcpu *vcpu) { + struct kvm_lapic *apic; u32 msr, reg; + int vec; msr = kvm_rcx_read(vcpu); reg = (msr - APIC_BASE_MSR) << 4; @@ -4512,6 +4530,12 @@ static bool savic_handle_msr_exit(struct kvm_vcpu *vcpu) return true; } break; + case APIC_EOI: + apic = vcpu->arch.apic; + vec = find_highest_isr(apic); + kvm_lapic_clear_vector(vec, apic->regs + APIC_ISR); + kvm_apic_set_eoi_accelerated(vcpu, vec); + return true; default: break; } @@ -5294,6 +5318,8 @@ void sev_savic_set_requested_irr(struct vcpu_svm *svm, bool reinjected) vec = (i << 5) + vec_pos; kvm_lapic_clear_vector(vec, apic->regs + APIC_IRR); val = val & ~BIT(vec_pos); + if (kvm_lapic_test_vector(vec, apic->regs + APIC_TMR)) + kvm_lapic_set_vector(vec, apic->regs + APIC_ISR); } while (val); } From patchwork Fri Feb 28 08:51:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995939 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2069.outbound.protection.outlook.com [40.107.237.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C88001F30A2; Fri, 28 Feb 2025 09:24:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.69 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740734660; cv=fail; b=mCYdE3da4PT75EYcP7UQuJIHKc7G79/ydvihhqAsVWIurx97bI1kiCPJ9I5YJAe2Smiv6Nwx2BLO5L4Hb4dI0YxFQcNg8DEOX6W++/DFbgiH4hrtBeJ7fP8CpXb3rXy1DErEZF02sNrDreswuvSw0f/6FPZndC/zByjczj2skXc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740734660; c=relaxed/simple; bh=9/yMUVH5TQ/upWkNMs/2IAvZC0DDU/TRk6LT3FBipB0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=L9o/CYaQT6UitN72JBrgUuexMcXieC1I/iyEQ2RtJbBrO58Tfhdjk8I8s+PkPmLQKW2Sa2g1mN9F/9XUTtkxWMSkUO+MzoFiTd2ozbLuG4JSDnQ26jqwT+SPzaLgRnYT1pQpl0VpH3LSvMHTeCJO1Pbwn1rHLbs2fxTeK5oX7Ho= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=rFT/Xnak; arc=fail smtp.client-ip=40.107.237.69 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="rFT/Xnak" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=d/LrqkAXrfWu4rZnbcaovlUPoa+6IyeP/CWZd1KC78dwUBTQjgwipZSuS01FcWeGiKEn6brBSQXOzH8Fy+vdIFDWtDmzS7z7/kb+XM4zio2Eiw0tJ2Zv2nJSg3n1dK2cQ6fVsjIPAfke8n/acdUSnq41bc3YwZOBDHByPr08qB0q7DPiYFsF0m8P4u26lrt2BNzDThWq9WmHWT1EnLwvCii9reRaKTn7AiLLYHVMRDmeVhQ0O8FXm/pRHyXhyZR/rdaRN4InU3VITe5JMmfnwDwaFVK36taXqe8R7xpdHAhYnZ/NoIyEgRQfhi4T8M3mM7fFM734m8gJMmgFFpPsdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=b2oJzoquwamRfn+A74VI3gTwiJOszNVo0COy4uKlBvg=; b=Bu9O0zlWujNVLfBzpBHknbzaPQ9LAeGrW12ZNvtTAZHcZVON87z0sQYD3Nu5Q3gfle6YUdSSUnaBGjCyPUZchI0Dc9dZ2olGNhoYX5mawo9MyJJkqdaIPuEN+5bgOUkMzwB1OosO3O4kGxk4lfOPqev4atoe8CJAhi8WuAzrWReiEvUwK8x2tb6b+cCyuWMogRn6U9NSr4+JV8j3mrWfQNi7IRvDfXQv15gP0EzpF2SNsfdRBhQi+H1Llg5mQfkOSvgnaY3E/NWjoNnlX20qIS6pMJekHCR5gtWcPIc+ljxjEhPuc0upqkKC4FcABlVhvoC/DRK0xj6iSHTh+akhXA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=b2oJzoquwamRfn+A74VI3gTwiJOszNVo0COy4uKlBvg=; b=rFT/XnakVBpzhPPUC3oKg11p19VMBN3b5t5CeZhlIXNEuVm+cumyV+kKNVHcfU17w8qy2J4ks3Pc5XDloorO+lawFVjtS2OeSeuYiacWrXQs6fhc+NQ13s3YaveQpjMoIsiuAfS+OTKckr/ag17k0Sm6xMEipeFE4xe0F6T6EcA= Received: from SJ0PR05CA0029.namprd05.prod.outlook.com (2603:10b6:a03:33b::34) by DM6PR12MB4042.namprd12.prod.outlook.com (2603:10b6:5:215::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.18; Fri, 28 Feb 2025 09:24:14 +0000 Received: from SJ1PEPF00001CDF.namprd05.prod.outlook.com (2603:10b6:a03:33b:cafe::eb) by SJ0PR05CA0029.outlook.office365.com (2603:10b6:a03:33b::34) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.20 via Frontend Transport; Fri, 28 Feb 2025 09:24:14 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00001CDF.mail.protection.outlook.com (10.167.242.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Fri, 28 Feb 2025 09:24:14 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 03:21:44 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 17/19] KVM: x86/ioapic: Disable RTC_GSI EOI tracking for protected APIC Date: Fri, 28 Feb 2025 14:21:13 +0530 Message-ID: <20250228085115.105648-18-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00001CDF:EE_|DM6PR12MB4042:EE_ X-MS-Office365-Filtering-Correlation-Id: 8132b3c9-f8e2-42d7-9fcb-08dd57d9aad2 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|7416014|376014|1800799024; X-Microsoft-Antispam-Message-Info: l7Z/938vIZVqHtMCaF1OCVPegaIz8XYNZmU3bHEHlK2AaabV03oJM5MEtzwOCjwwAS3zZjxcqXTLTabKQidqJ3rpK3tJTB8qRYGrUv4wovQloiaZN5j+febYYlRIFOHEMYA4LS7brneXMQaumW0J01GqMLAusoban2b2GhZ8ROnIfl03qNzLMpMw2TAiHwrCrjxY2kSFA6fR1HfbOu2amWdOKe2y1rZDdv0ifad7EbHMhW4ojya9tEBNigz0aNW4m58RbvJ06jsFJj+JDDjA9fgpLuX+QzJdFjoP1Xyhie53uiAAdvkhKKEaOPBPPzwAY0mBku/3RQby4Ak17TgBgwibyG7Tt5dkous1FB8gXdHs/wCysYNbzILNo/FKq0/eWRUlOfzjDdBages1qehDFKqVXagYeTum4QS9YJQnfB8sN1vEbuvJTck/Jb3mncKk8SYXXOnfHnzzITOyqJy7l6FUXAK6hWJ8qncnHU8o8LhvbhnLSpzXFjInX5yp7pEr5Fbboj71fIf0nqytIOyl70wxedEXE6tBze3Ny95AIlJtVm4/RrnGkLpcP0rowUiv1JiwHTXdUGZxTw0BZUyGGC1lrn6AavJHPgkHknSJlTzAm24nLShqm8pAfWJrk5ywLsEaw8cf+8orWdhPkUSS8w+AUJl0vLMUWWwdKQcFIFZxIcQJ/ANXNkr0MPABI14toXanhOCqUFj9NQ/JXcFnL2GIrowB3X6h+luPbDQWlNZliSPUSRZKF6bQHyYWvyKteV+/QiSbC+CAWWFrJPDfQIU2gQTrdDR6TGdwNO/tDVRzNEtQCJlf7AgZom5g9vY58kg7zNClGKGGXBevL4SI7kenBWgi3k71SSBTqXlfFigNldNVzCEYapCGnks9+zQtN+c/xXa1WemJK99dwVifU2zyfCYEdiLDSl95Y6gHClGBtVSQ6HA41DN753rj1TRukdX+Cpz6nlgBZORcioQpMANnWoHzpYP0T0nzj5rLps4xF0Bra31sBjy2i/5qg7yxB5Q9r2/hgzAOENsnnXveO1jiLHLDIC1lI4p/cx/WIifbkjEX8KQ01LsHVf0XNFR5lzk4CCaL9r46w07gL4WEa3O5d/Q1GLrD7qdjuHbmNT6vHKtQ71FA8TjTDuSy2oL0xtKGiJw5XG0F9rYiKyIK6gFs9EIjatJcC4g7fZkYpzL3h0WFRsFnGRiaE7YekraJMymUvFz1CJNS+uGkPMETCpF4QWc9wUUTPLhxs0wbolDehS4oXTC5JQlWPBp1hApY8cfoRXMKHGK3345Uw1JJNdZvLOJQV/yVr2e0Z/BSx8UI23jiHeD3INmKa9ud1Qz9lTU9AohyJjUv06yWg0BKLJSVytnJ28wzo5ZzQkMy1CiYa9RkFYEPixY7pXWEmuQwdZUouooaNFdjdGoShHAhSaztZL7G11M8XJscbx8uYRUWL1iaZ9ou5jNwFkVim6Lvn1PfNXEtrCnafTo53pCYiHeA2zJeDCyFWRW8PtrsUl4= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(7416014)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 09:24:14.0365 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8132b3c9-f8e2-42d7-9fcb-08dd57d9aad2 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00001CDF.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4042 Disable RTC_GSI pending EOI tracking for guests with protected APIC state such as Secure AVIC. RTC_GSI is a edge-triggered vector and Secure AVIC accelerates EOI write for edge-triggered interrupts. In addition, APIC_ISR state is not visible within KVM and is part of guest-owned backing page. So, lazy pending EOI checks also cannot be done. So, disable tracking of pending EOI. This means coalesced RTC interrupts cannot be detected by userspace for Secure AVIC guests. Signed-off-by: Neeraj Upadhyay --- arch/x86/kvm/ioapic.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c index 995eb5054360..7d68e8ef6245 100644 --- a/arch/x86/kvm/ioapic.c +++ b/arch/x86/kvm/ioapic.c @@ -113,6 +113,9 @@ static void __rtc_irq_eoi_tracking_restore_one(struct kvm_vcpu *vcpu) struct dest_map *dest_map = &ioapic->rtc_status.dest_map; union kvm_ioapic_redirect_entry *e; + if (vcpu->arch.apic->guest_apic_protected) + return; + e = &ioapic->redirtbl[RTC_GSI]; if (!kvm_apic_match_dest(vcpu, NULL, APIC_DEST_NOSHORT, e->fields.dest_id, @@ -443,6 +446,7 @@ static int ioapic_service(struct kvm_ioapic *ioapic, int irq, bool line_status) { union kvm_ioapic_redirect_entry *entry = &ioapic->redirtbl[irq]; struct kvm_lapic_irq irqe; + struct kvm_vcpu *vcpu; int ret; if (entry->fields.mask || @@ -472,7 +476,9 @@ static int ioapic_service(struct kvm_ioapic *ioapic, int irq, bool line_status) BUG_ON(ioapic->rtc_status.pending_eoi != 0); ret = kvm_irq_delivery_to_apic(ioapic->kvm, NULL, &irqe, &ioapic->rtc_status.dest_map); - ioapic->rtc_status.pending_eoi = (ret < 0 ? 0 : ret); + vcpu = kvm_get_vcpu(ioapic->kvm, 0); + if (!vcpu->arch.apic->guest_apic_protected) + ioapic->rtc_status.pending_eoi = (ret < 0 ? 0 : ret); } else ret = kvm_irq_delivery_to_apic(ioapic->kvm, NULL, &irqe, NULL); From patchwork Fri Feb 28 08:51:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995940 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2060.outbound.protection.outlook.com [40.107.244.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8DDD71C2324; Fri, 28 Feb 2025 09:24:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.60 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740734683; cv=fail; b=iZKu6cowlyuTdZOAdVaQJjwn5yUfj2KmvBvbe9zOqZeZnGWs33Lrxv/ueSb4jnUunAwOEkmalQ1CYWjQNIV7bsXh4P7jbbtOP4UvEwaKzsFMMGek++ivLO5bJPWini2SSNzEMyOdD1QQlEkBj3y5Kwv+q2AE0qOCCfCfnpv1txY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740734683; c=relaxed/simple; bh=UpNHG615ffwbVFQE6nEYc9kCZluH62/MQMXXzqmIbiU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=nsb6u7YxuFy8UmjQiCoYJ2ToDzrlKSoGi5SyPbP1Qb5tAv1iUjXnCUTrhRZt87pj8+9/B7obSpjsSzMFQqF0GBbsJv6EvbBGPl7oezaPSWxN/8sLAlVuQVh054ZgPjKiJn26+g/x7B4h1Jg2/O1Tj42fW+TDG5PISmqzMIDl6Zc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=WYBCQThN; arc=fail smtp.client-ip=40.107.244.60 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="WYBCQThN" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=FLFymCEkHraYlGfgAjK8v/PDaHdK+ky9sy9O6/K+F5FteftGlIKbUzLtpNg4s3UzHOzeYXjRe57PAx5G5Bpu+R75IR/l9PITAfUVzB3z8WDN3BtZ+8daBbxXkHJP/JzR8gMQI5BYXmm4KwwuqNqBYVkwRdkFQScOEeL8bVfXFJhYYF8WhSfqK0gmRkI+V/ZKJ021m8BIG2YizFY5aEPh3LYmzOPariOse+HdPzGWE0LzLQBCB1782nDF2BVVyNA+ebj2hsJaBitks0HKNmzTb+q/bJHjw9yoj1LsJ3nPaVjWv+vtFe2sy1su+CBrmv5dtC8PIn8A/s06mo+fBaN5oQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=53NAodmLhmzOmrUBg0McY6WeOT3kHYrwCuoGguNa62c=; b=kG/O98jXgw8UMdrzLLAgJG+gvRAq4aWPDwT9nEFb8KauloNXrsW5jatPMypWC/xoDHo5LCRkCvsY20Bek68ocS4+xql8gWxOV3TvCHcaaoQlnGgYyHIwn3wt66QaW2nrZ1z7LeMhnN9NbjzGBYhLYdvadtvR5kkgAi1Zl/vpm0agaBtUaWLg76L6Ajs7UqJJPQro5OnkQOFTVvE4rAREtNHCJ98pNa2Y8eaw06vDSl26eBa5wnvtTLdd788LWfvfrSWBvI1//qfCWkQ9Zo1WSGPAYQJ52my3X0bq/cS3rH9epYjJZDvf9v3qf4/4vz/xC5HoHYIi5KzT3wHOhPStiQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=53NAodmLhmzOmrUBg0McY6WeOT3kHYrwCuoGguNa62c=; b=WYBCQThNOMerjmcVGTjg92CNGPZOT14zoiMQWN19s8rHnrZEQtNcbOoZpS2bL5sP8REeppl+vqn+1KpRXunospiq+mer3b3dQ8AvlZQgAA4uqkXnZE5qgOPZGGi7fM/sv2QYJDVFrwwcfSmLhjOVsFJlZy1ZItYnUVby4DOy9ew= Received: from SJ0PR05CA0002.namprd05.prod.outlook.com (2603:10b6:a03:33b::7) by DS0PR12MB8198.namprd12.prod.outlook.com (2603:10b6:8:f2::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8466.21; Fri, 28 Feb 2025 09:24:38 +0000 Received: from SJ1PEPF00001CDF.namprd05.prod.outlook.com (2603:10b6:a03:33b:cafe::25) by SJ0PR05CA0002.outlook.office365.com (2603:10b6:a03:33b::7) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8511.10 via Frontend Transport; Fri, 28 Feb 2025 09:24:38 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00001CDF.mail.protection.outlook.com (10.167.242.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Fri, 28 Feb 2025 09:24:38 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 03:23:35 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 18/19] X86: SVM: Check injected vectors before waiting for timer expiry Date: Fri, 28 Feb 2025 14:21:14 +0530 Message-ID: <20250228085115.105648-19-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00001CDF:EE_|DS0PR12MB8198:EE_ X-MS-Office365-Filtering-Correlation-Id: 0795785a-e2ef-4141-5a8a-08dd57d9b93d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|1800799024|376014|7416014; X-Microsoft-Antispam-Message-Info: 21TLZKhN95go3BkfwOpVtoI6HkahbKZ43sh3EwvroSPw3Kk5Mz7MnAO0aXh627Ktv5LxpgHFZTFNUeoTUJPPgX175cbff166orPudduzMed8d4YNas2Z12V1SbgF0Sf1q13zpWxDHLh/9BFJ3Mu0xEUCwo6tP+fhTtAYdqlRPF0EMHJLMr6ELa+MksdFiTiTI43NVRHNwlYCPi6v94GP9RR/v0BOno5Gl+3DITXESp/L/u0mWKXbdUK6UdsvwPSQM2/V+ghsY7VxEQxLfFALls3ZhEZx8+JQty3usGIfKrPdlVA1xxlq5GA/oRhPd2knYYK1xyE3gw+KwbEGh+dgLcz3dJGRsksH0yFiRC/VxXo2LgaVQjZ9eEAJk85Mpj1fW9I4Sk+oZWXXHZUZQydLozOW/lxPJDVezdSLnYrrmf6xahaXpsPj8KDhA+rXap1HrvgtFcZzdc++1coE6HO7cVbXlTUvqERJjy7VFzZQle4P+bO3iZ66DPC0w8NYg6VPYkpVvRpbJsFxVJ9jN0NU+vlhPEjHNArB+T/LUB58Vs1LpRbWpdU4nipplVMZlFCDJMoTR4XIyDkRtOpH22oJdfdgjzQlNBM36YbqcXZi6KooHI/XQKQU9FDqZMLQWV5lrHTpITt9v/pBTV4QxfN7reEpkswf1ketE8HGQpFrUgrcU+P4MOU3ymL2d3RwYOb/qLVTvSfqmqv9PdtzXewDaJJKNqFTMCokSAvTaNPLBNtrWQJ9snPG9XH4HfQbcTeGEMHc0Ogg2mvsuv0PA/avb6ZbyrnfMoKdUvzH3/xAgbGD/FKFmdHqWxeuN548nJEWMb1HdVR08mk02mvDgsfLO+84jdaghT7spL0USShRZjI9Y3Vep460Ox5lbpJJ9xagxMSubHEgxCT/qH+EYlRlRH3yFh4mMF/xhEUXsE7hQcOhBBdl+YWXHnWWKYsiza+o1f1gvsTjFuGjgJsuw2H2HE9q/xqmP+HAa9pn55iyvnFUlPOkaGYRJYQEutzy4/hTXjqyvKgaTJW3t0wjMbk2MmRGUS5nwy5RBFC6KH/4axMoDYkROYp9Mzap2DicL1LxP6VnGN3KfWokK3811oE50L8+wGwrY4UCVRtLVsPP/IT2UTWueTNNWYGgVMraxBIB69nXePWGQL8a6ua/drkJxRWyqwh8MkCkyx55aP0TgyfoVf8Z3p8N1MZda18rXYW+IzfEmCE1lJoia9HS7OKgzKhZGNtaWln7L7+k153dfRZ/M8Euw5CU6MmVaseaH7nTwz7sGBuqUGRgkno4yKCmDyfS3qFmgFa7m+ePwfMjn/+y+yFjEtm2Ee8evFMTnwWTUfl34fx5X+wBsr3/zgH27/b9Rxhh2512cJDX70kO7DmJvDNisCMJbzSeUlh3KI+60IGSiXan9XzYZkDOi8QJQt+4E6R9g528MTPLLsjaZHFjnoQwdxPqL3dWKQ8zYbKRB7SyEdxyvvTnslwZ0lystCGVGbuGRu06De5r5BxIKBY= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(1800799024)(376014)(7416014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 09:24:38.2241 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0795785a-e2ef-4141-5a8a-08dd57d9b93d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00001CDF.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8198 For Secure AVIC guests, call kvm_wait_lapic_expire() only when the vector for LVTT is set in requested_IRR. KVM always assumes a timer IRQ was injected if APIC state is protected. For Secure AVIC guests, check to-be-injected vectors in the requested_IRR to avoid unnecessary wait calls. Signed-off-by: Neeraj Upadhyay --- arch/x86/kvm/svm/sev.c | 8 ++++++++ arch/x86/kvm/svm/svm.c | 3 ++- arch/x86/kvm/svm/svm.h | 2 ++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index a7e916891226..881311227504 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -5334,3 +5334,11 @@ bool sev_savic_has_pending_interrupt(struct kvm_vcpu *vcpu) return READ_ONCE(to_svm(vcpu)->sev_savic_has_pending_ipi) || kvm_apic_has_interrupt(vcpu) != -1; } + +bool sev_savic_timer_int_injected(struct kvm_vcpu *vcpu) +{ + u32 reg = kvm_lapic_get_reg(vcpu->arch.apic, APIC_LVTT); + int vec = reg & APIC_VECTOR_MASK; + + return to_svm(vcpu)->vmcb->control.requested_irr[vec / 32] & BIT(vec % 32); +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 08d5dc55e175..1323ec14f76a 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4292,7 +4292,8 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu, clgi(); kvm_load_guest_xsave_state(vcpu); - kvm_wait_lapic_expire(vcpu); + if (!sev_savic_active(vcpu->kvm) || sev_savic_timer_int_injected(vcpu)) + kvm_wait_lapic_expire(vcpu); /* * If this vCPU has touched SPEC_CTRL, restore the guest's value if diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index be87b9a0284f..b129ae089186 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -765,6 +765,7 @@ static inline bool sev_savic_active(struct kvm *kvm) } void sev_savic_set_requested_irr(struct vcpu_svm *svm, bool reinjected); bool sev_savic_has_pending_interrupt(struct kvm_vcpu *vcpu); +bool sev_savic_timer_int_injected(struct kvm_vcpu *vcpu); #else static inline struct page *snp_safe_alloc_page_node(int node, gfp_t gfp) { @@ -798,6 +799,7 @@ static inline int sev_private_max_mapping_level(struct kvm *kvm, kvm_pfn_t pfn) static inline bool sev_savic_active(struct kvm *kvm) { return false; } static inline void sev_savic_set_requested_irr(struct vcpu_svm *svm, bool reinjected) {} static inline bool sev_savic_has_pending_interrupt(struct kvm_vcpu *vcpu) { return false; } +static inline bool sev_savic_timer_int_injected(struct kvm_vcpu *vcpu) { return true; } #endif /* vmenter.S */ From patchwork Fri Feb 28 08:51:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Neeraj Upadhyay X-Patchwork-Id: 13995968 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2070.outbound.protection.outlook.com [40.107.93.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D23EA25CC84; Fri, 28 Feb 2025 09:26:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.70 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740734814; cv=fail; b=idV2XjHcxVVw5KYmi/7dUTNguKZjh2uAZzReRrCRWFRG93pYwPqRB6nJe7HKev3cwPzoG+KWV6DF50amiGXwYZrRPlytPe9ONNWmjhdS8JUa8OI2ij12xHajHFwaLxYbcGXWZOMeRG48vu8b4hOLaUD6wkLmgfpB7i9jakpnmMA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740734814; c=relaxed/simple; bh=gDN5vBFkmjy4bwQHFeXsJTJjXsXPTpfSQv93mx9Be14=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=tu0Amywjo7fIu9hHZ2X3FaCBBkcROq+fNXxK4UEPkhjrtK/bdNKgDf7r1mta/E1NmK7u41KmDutkchfodOJuL3MKIlJYeOzrHsFlc0SWbqrcfRJ0iLI1ggBo7w8NNrwfwwHC2e65+8wBvUCmo99l17/qDSQpMl0Kcg+8uU5V0cU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Xo7SjN3p; arc=fail smtp.client-ip=40.107.93.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Xo7SjN3p" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=trv03TzDH9nkKHhZpAO3GMxcjWHHdjFhTmjbl8KfPrAX0f9goFzuiJFs9z3JYE3xsdb3PpUXqQayIS1nJYW2wqp652Bbwf2Vcw0p5rcuVTfnrB9WZiXekG0CWwREmVvpOojAwhv5hoplOCOPeCQEcJySr9NqxFXSj3m5zr4XBiWctr9ueAjvB26XeCNWh91XfqAyWDaq2oCgC8oaeC0H/FkXG8GFSVi8BVzrUQD9Q1+6fjEFivLW8dICOtPrfOuZbBBHaKe5Ly1KarCzC/o9NCb53Sajj9yCNlaNaq1tKOb0ja0qlo7vl7XIRpPIB12x/rJy3w23USEg9IbZrrMatw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AIKdtg3JwyaJJrJLv84FvtqS/CN3qQRtwN3wzgrzqQw=; b=O6DQqGH4NfjbtVC5H8h23SPVaqLxEyA1ltMotrmWXCTatD+xFEWc5ni4NE3FmhW2dLT0MoRG07E6kF99op8Jsc6/Xa/SqmIlnKaAr3UDGTvf0T5rrHpPvQXJ+nF8Rjk/zSL6K0OxDUWM2yXjl5e6MOu1Bw3NF7f087rnSQp/NxxrxcYYO44itRG+6MVop5n0YDPGJBxVKghV4jGh7xYqeyb2VDh6sERfvWa+cP/dRTKUluhM8Gfze4sLDNf7f9asQh1Po7p1PJuLSOf7QBedWCyXLRTBo2e//22q3GDRYAq5nOaXSc5NEzhN9Q/BM1ExRMuzPQVpGNCvVXT9+nsaUw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=google.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AIKdtg3JwyaJJrJLv84FvtqS/CN3qQRtwN3wzgrzqQw=; b=Xo7SjN3pByuUCgxX6+lk2zJlEzWokxMpRjn3vfWZSkQLOwfOPLguaFqKmaXEjL6O6shBCBH+ekypXgEPoeej2xccfQ4BaqqB/1NPh8iQZ+zs+Ld7Y+Ctr86Dk7t0pSRoKNkiwO9OcZLOw4AktTWPst11tSgRspK1kBYbqYGhFzg= Received: from DM6PR04CA0008.namprd04.prod.outlook.com (2603:10b6:5:334::13) by DM4PR12MB6304.namprd12.prod.outlook.com (2603:10b6:8:a2::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8489.22; Fri, 28 Feb 2025 09:26:49 +0000 Received: from DS3PEPF000099D8.namprd04.prod.outlook.com (2603:10b6:5:334:cafe::70) by DM6PR04CA0008.outlook.office365.com (2603:10b6:5:334::13) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8489.23 via Frontend Transport; Fri, 28 Feb 2025 09:26:49 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF000099D8.mail.protection.outlook.com (10.167.17.9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8489.16 via Frontend Transport; Fri, 28 Feb 2025 09:26:49 +0000 Received: from BLR-L-NUPADHYA.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 28 Feb 2025 03:24:15 -0600 From: Neeraj Upadhyay To: , , CC: , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 19/19] KVM: SVM/SEV: Allow creating VMs with Secure AVIC enabled Date: Fri, 28 Feb 2025 14:21:15 +0530 Message-ID: <20250228085115.105648-20-Neeraj.Upadhyay@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> References: <20250228085115.105648-1-Neeraj.Upadhyay@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF000099D8:EE_|DM4PR12MB6304:EE_ X-MS-Office365-Filtering-Correlation-Id: fee2f30c-7fd9-4383-500a-08dd57da0770 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|82310400026|7416014|376014; X-Microsoft-Antispam-Message-Info: u6WURjBPVKLt3uHbWBEl25CgS+9YQ7rrKYUyxlrBuvSPlW5wh/dUHLPREZF55Jdtr6p6d1KRfUlEC5FrKVlewIwuP2/CmqdU+dNJmBifbQ7N64aPOlZfJ94TbYw8jJmI0e1TtfV6y1VxtjXqsQTNMLr65t0XmcUo+3Sam2KQrBuTYE8xnnft2ohubEr82czI6sYiWV1Rphl5kd+6ftYZxb81JePRL+I4Zj5E9Vn460utaYWkizdDwPDN2tbykmB+ojTomIAXbS+gxzQ5zefVeSWAOtzE/6lrwAtedt02RNSPgqTcYEKtgsisD0EJGXfHfIf2yrvnyO9uPp+ZIXtiHw+9s7RnAe8P8H8cp/GZENNYDBPzKJr0AFap4+/wePlltmvLnK7fq5pba0iLwIRp4I99LG1s6D7vc9tE6i/maSrtO6hNPpPbUbA23P6RF6BaMi1qg5dbGfdy86IEM3bVlEc4WFaCcFroaWuJUr/kKDx7pjGbpR7K+q8W7qptAEF3Y5e4bZILy+XKLgHWp5syhrtdX5Msg2kCTpeeLyqlhyQljTuZBSqyUEIa3c+L1A2T4DNGL7TadOI1mhsy1VRzkSrIKp7hRnaYvyJoSPzD8ObaDTGhJ3xu+lFFlN8XBYdw5uzmd8/dWYS+vtWNP0EoieDTOPNWTuWBnUqL+95Sv9MxAu5ptNWRm6TYOYrx3LzMeq9SzMvkrYrRYi5zzIXP3lpbXY0lbM5sVs3PWv6CfGDM4QIeZu2D5SessSzDnOuzzFtNQWhPkHs8k1g9wYG/KFG6Hk5KRyHM2y38Xfw7rHt5egE7GfsVie/efbj49+k7D6Itoyn4Aq1Nj1lCG6G5RR391JLfqT28+sc4QWZ1yk3YFfFOGsXfWDzuFw3zBZGyYQy9nrU+vQ9EMtq1LgxsEQcS6OQDeC7+26RhSgxZYZTDFxgld6sfpMeTqM+2oOnuJhZzdN7oh+shBdqfM9Ij5RFQHFHMF3rj+wB23RfF36S5yvF8M7Tm3HQVh+XnslZKkHNcxUCLCOBEB1/U/q6G7sZkzQ9aqxk9/+j4I5tK0IOIb52N5FBcyju8F4mz6aYVeVZ9gI/uExd6E8GF3Pcuc35xi+l1AeKMphgTmq62XSExKdeoqvBVgjnKaE3Jqv/ZpRePKG1DUVbJzhPiZ2EmlBMf7WBjM8JFjHG8gKv0NpNIHdJMMg0VObxLJGgVvWp4s2Pcf7hUNPTdpbOKQOf7ap1izPHwXde8O/c7SgT/QlZGVk4LNG14miF1kOSkdh3tEp5j2/4waL+xFQCQCQqp/GQWPIstSpCF44RVonLq23/I1rzk1fScRid/xym+AAV+DKOSDTO8DISthcwIAM9PumygW8/PWUVNtbU/zbSA2y6lJ5PNjpH+Xv8Cr44VAUnIGGLEnAQt4zLmoSGc6S06RzxIMVTgoOwTNyoJT49VuWoDhVkE7RiTUCW42Ydp9NL8ewOcmN0YitMMm/QPtyMYc5QEOpFMHAyVPKtJzUV1SSY= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(82310400026)(7416014)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2025 09:26:49.4672 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fee2f30c-7fd9-4383-500a-08dd57da0770 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF000099D8.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6304 Now that all the initialization required to enable secure AVIC is done, set supported_vmsa_features to allow creating Secure AVIC VMs. Signed-off-by: Neeraj Upadhyay --- arch/x86/kvm/svm/sev.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 881311227504..6b1ce8bc490c 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3100,6 +3100,9 @@ void __init sev_hardware_setup(void) if (sev_es_enabled && cpu_feature_enabled(X86_FEATURE_ALLOWED_SEV_FEATURES)) sev_supported_vmsa_features |= SVM_SEV_FEAT_ALLOWED_SEV_FEATURES; + + if (sev_snp_savic_enabled) + sev_supported_vmsa_features |= SVM_SEV_FEAT_SECURE_AVIC; } void sev_hardware_unsetup(void)