| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250228085115.105648-16-Neeraj.Upadhyay@amd.com>
Date: Fri, 28 Feb 2025 14:21:11 +0530
From: Neeraj Upadhyay <Neeraj.Upadhyay@....com>
To: <seanjc@...gle.com>, <pbonzini@...hat.com>, <kvm@...r.kernel.org>
CC: <linux-kernel@...r.kernel.org>, <bp@...en8.de>, <tglx@...utronix.de>,
<mingo@...hat.com>, <dave.hansen@...ux.intel.com>, <Thomas.Lendacky@....com>,
<nikunj@....com>, <Santosh.Shukla@....com>, <Vasant.Hegde@....com>,
<Suravee.Suthikulpanit@....com>, <David.Kaplan@....com>, <x86@...nel.org>,
<hpa@...or.com>, <peterz@...radead.org>, <huibo.wang@....com>,
<naveen.rao@....com>, <binbin.wu@...ux.intel.com>, <isaku.yamahata@...el.com>
Subject: [RFC PATCH 15/19] KVM: x86: Secure AVIC: Indicate APIC is enabled by guest SW _always_
From: Kishon Vijay Abraham I <kvijayab@....com>
Guest SW indicates APIC is enabled by writing to APIC_SPIV (
Bit 8: APIC Software Enable). However in the case of Secure AVIC,
APIC_SPIV is not propagated to hypervisor as Secure AVIC HW
itself can detect whether the Guest SW has enabled APIC or not and
handle accordingly.
To handle this case where the HW handles APIC SW Enable in the
hypervisor, always return 'true' from kvm_apic_sw_enabled() if
Secure AVIC is active. This would let hypervisor assume Guest SW
has always enabled APIC and prevent it from taking actions it
usually does when Guest SW has not enabled APIC.
This is especially used when accepting interrupts to be injected to
the Guest and for injecting LAPIC timer interrupts.
Signed-off-by: Kishon Vijay Abraham I <kvijayab@....com>
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@....com>
---
arch/x86/kvm/lapic.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
index c9ef9bce438b..a1367689d53c 100644
--- a/arch/x86/kvm/lapic.h
+++ b/arch/x86/kvm/lapic.h
@@ -206,6 +206,9 @@ extern struct static_key_false_deferred apic_sw_disabled;
static inline bool kvm_apic_sw_enabled(struct kvm_lapic *apic)
{
+ if (apic->guest_apic_protected == APIC_STATE_PROTECTED_INJECTED_INTR)
+ return true;
+
if (static_branch_unlikely(&apic_sw_disabled.key))
return apic->sw_enabled;
return true;
--
2.34.1
Powered by blists - more mailing lists