[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <mzrkt3qm35tluz3sh3weg7g2xf6xozgmiimenyidubcyofyrng@a63x6gie4vqy>
Date: Tue, 29 Oct 2024 16:36:50 +0200
From: "Kirill A. Shutemov" <kirill@...temov.name>
To: Neeraj Upadhyay <Neeraj.Upadhyay@....com>
Cc: Borislav Petkov <bp@...en8.de>, linux-kernel@...r.kernel.org,
tglx@...utronix.de, mingo@...hat.com, dave.hansen@...ux.intel.com,
Thomas.Lendacky@....com, nikunj@....com, Santosh.Shukla@....com, Vasant.Hegde@....com,
Suravee.Suthikulpanit@....com, David.Kaplan@....com, x86@...nel.org, hpa@...or.com,
peterz@...radead.org, seanjc@...gle.com, pbonzini@...hat.com, kvm@...r.kernel.org
Subject: Re: [RFC 00/14] AMD: Add Secure AVIC Guest Support
On Tue, Oct 29, 2024 at 05:45:23PM +0530, Neeraj Upadhyay wrote:
>
>
> On 10/29/2024 5:21 PM, Kirill A. Shutemov wrote:
> > On Tue, Oct 29, 2024 at 03:54:24PM +0530, Neeraj Upadhyay wrote:
> >> diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
> >> index aeda74bf15e6..08156ac4ec6c 100644
> >> --- a/arch/x86/kernel/apic/apic.c
> >> +++ b/arch/x86/kernel/apic/apic.c
> >> @@ -1163,6 +1163,9 @@ void disable_local_APIC(void)
> >> if (!apic_accessible())
> >> return;
> >>
> >> + if (apic->teardown)
> >> + apic->teardown();
> >> +
> >> apic_soft_disable();
> >>
> >> #ifdef CONFIG_X86_32
> >
> > Hm. I think it will call apic->teardown() for all but the one CPU that
> > does kexec. I believe we need to disable SAVIC for all CPUs.
> >
>
> I see it being called for all CPUs.
>
> For the CPU doing kexec, I see below backtrace, which lands into disable_local_APIC()
>
> disable_local_APIC
> native_stop_other_cpus
> native_machine_shutdown
> machine_shutdown
> kernel_kexec
>
> For the other CPUs, it is below:
>
> disable_local_APIC
> stop_this_cpu
> __sysvec_reboot
> sysvec_reboot
Backtraces are backwards, but, yeah, I missed reboot path.
> > Have you tested the case when the target kernel doesn't support SAVIC and
> > tries to use a new interrupt vector on the boot CPU? I think it will
> > break.
> >
>
> For a VM launched with VMSA feature containing Secure AVIC, the target
> kernel also is required to support Secure AVIC. Otherwise, guest bootup
> would fail. I will capture this information in the documentation.
> So, as far as I understand, SAVIC kernel kexecing into a non-SAVIC kernel
> is not a valid use case.
Hm. I thought if SAVIC is not enabled by the guest the guest would boot
without the secure feature, no?
--
Kiryl Shutsemau / Kirill A. Shutemov
Powered by blists - more mailing lists