| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250401113616.204203-6-Neeraj.Upadhyay@amd.com>
Date: Tue, 1 Apr 2025 17:06:04 +0530
From: Neeraj Upadhyay <Neeraj.Upadhyay@....com>
To: <linux-kernel@...r.kernel.org>
CC: <bp@...en8.de>, <tglx@...utronix.de>, <mingo@...hat.com>,
<dave.hansen@...ux.intel.com>, <Thomas.Lendacky@....com>, <nikunj@....com>,
<Santosh.Shukla@....com>, <Vasant.Hegde@....com>,
<Suravee.Suthikulpanit@....com>, <David.Kaplan@....com>, <x86@...nel.org>,
<hpa@...or.com>, <peterz@...radead.org>, <seanjc@...gle.com>,
<pbonzini@...hat.com>, <kvm@...r.kernel.org>,
<kirill.shutemov@...ux.intel.com>, <huibo.wang@....com>,
<naveen.rao@....com>, <francescolavra.fl@...il.com>
Subject: [PATCH v3 05/17] x86/apic: Add update_vector callback for Secure AVIC
Add update_vector callback to set/clear ALLOWED_IRR field in
a vCPU's APIC backing page for external vectors. The ALLOWED_IRR
field indicates the interrupt vectors which the guest allows the
hypervisor to send (typically for emulated devices). Interrupt
vectors used exclusively by the guest itself and the vectors which
are not emulated by the hypervisor, such as IPI vectors, are part
of system vectors and are not set in the ALLOWED_IRR.
Co-developed-by: Kishon Vijay Abraham I <kvijayab@....com>
Signed-off-by: Kishon Vijay Abraham I <kvijayab@....com>
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@....com>
---
Changes since v2:
- Associate update_vector() invocation with vector allocation/free
calls.
- Cleanup and simplify vector bitmap calculation for ALLOWED_IRR.
arch/x86/include/asm/apic.h | 2 +
arch/x86/include/asm/apic.h | 2 +
arch/x86/kernel/apic/vector.c | 59 +++++++++++++++++++++++------
arch/x86/kernel/apic/x2apic_savic.c | 20 ++++++++++
3 files changed, 69 insertions(+), 12 deletions(-)
diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
index e17c8cb810a2..b510008c586f 100644
--- a/arch/x86/include/asm/apic.h
+++ b/arch/x86/include/asm/apic.h
@@ -318,6 +318,8 @@ struct apic {
/* wakeup secondary CPU using 64-bit wakeup point */
int (*wakeup_secondary_cpu_64)(u32 apicid, unsigned long start_eip);
+ void (*update_vector)(unsigned int cpu, unsigned int vector, bool set);
+
char *name;
};
diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c
index 72fa4bb78f0a..897e85e58139 100644
--- a/arch/x86/kernel/apic/vector.c
+++ b/arch/x86/kernel/apic/vector.c
@@ -139,8 +139,44 @@ static void apic_update_irq_cfg(struct irq_data *irqd, unsigned int vector,
apicd->hw_irq_cfg.dest_apicid);
}
-static void apic_update_vector(struct irq_data *irqd, unsigned int newvec,
- unsigned int newcpu)
+static inline void apic_update_vector(unsigned int cpu, unsigned int vector, bool set)
+{
+ if (apic->update_vector)
+ apic->update_vector(cpu, vector, set);
+}
+
+static int irq_alloc_vector(const struct cpumask *dest, bool resvd, unsigned int *cpu)
+{
+ int vector;
+
+ vector = irq_matrix_alloc(vector_matrix, dest, resvd, cpu);
+
+ if (vector >= 0)
+ apic_update_vector(*cpu, vector, true);
+
+ return vector;
+}
+
+static int irq_alloc_managed_vector(unsigned int *cpu)
+{
+ int vector;
+
+ vector = irq_matrix_alloc_managed(vector_matrix, vector_searchmask, cpu);
+
+ if (vector >= 0)
+ apic_update_vector(*cpu, vector, true);
+
+ return vector;
+}
+
+static void irq_free_vector(unsigned int cpu, unsigned int vector, bool managed)
+{
+ apic_update_vector(cpu, vector, false);
+ irq_matrix_free(vector_matrix, cpu, vector, managed);
+}
+
+static void apic_chipd_update_vector(struct irq_data *irqd, unsigned int newvec,
+ unsigned int newcpu)
{
struct apic_chip_data *apicd = apic_chip_data(irqd);
struct irq_desc *desc = irq_data_to_desc(irqd);
@@ -174,8 +210,7 @@ static void apic_update_vector(struct irq_data *irqd, unsigned int newvec,
apicd->prev_cpu = apicd->cpu;
WARN_ON_ONCE(apicd->cpu == newcpu);
} else {
- irq_matrix_free(vector_matrix, apicd->cpu, apicd->vector,
- managed);
+ irq_free_vector(apicd->cpu, apicd->vector, managed);
}
setnew:
@@ -256,11 +291,11 @@ assign_vector_locked(struct irq_data *irqd, const struct cpumask *dest)
if (apicd->move_in_progress || !hlist_unhashed(&apicd->clist))
return -EBUSY;
- vector = irq_matrix_alloc(vector_matrix, dest, resvd, &cpu);
+ vector = irq_alloc_vector(dest, resvd, &cpu);
trace_vector_alloc(irqd->irq, vector, resvd, vector);
if (vector < 0)
return vector;
- apic_update_vector(irqd, vector, cpu);
+ apic_chipd_update_vector(irqd, vector, cpu);
apic_update_irq_cfg(irqd, vector, cpu);
return 0;
@@ -332,12 +367,11 @@ assign_managed_vector(struct irq_data *irqd, const struct cpumask *dest)
/* set_affinity might call here for nothing */
if (apicd->vector && cpumask_test_cpu(apicd->cpu, vector_searchmask))
return 0;
- vector = irq_matrix_alloc_managed(vector_matrix, vector_searchmask,
- &cpu);
+ vector = irq_alloc_managed_vector(&cpu);
trace_vector_alloc_managed(irqd->irq, vector, vector);
if (vector < 0)
return vector;
- apic_update_vector(irqd, vector, cpu);
+ apic_chipd_update_vector(irqd, vector, cpu);
apic_update_irq_cfg(irqd, vector, cpu);
return 0;
}
@@ -357,7 +391,7 @@ static void clear_irq_vector(struct irq_data *irqd)
apicd->prev_cpu);
per_cpu(vector_irq, apicd->cpu)[vector] = VECTOR_SHUTDOWN;
- irq_matrix_free(vector_matrix, apicd->cpu, vector, managed);
+ irq_free_vector(apicd->cpu, vector, managed);
apicd->vector = 0;
/* Clean up move in progress */
@@ -366,7 +400,7 @@ static void clear_irq_vector(struct irq_data *irqd)
return;
per_cpu(vector_irq, apicd->prev_cpu)[vector] = VECTOR_SHUTDOWN;
- irq_matrix_free(vector_matrix, apicd->prev_cpu, vector, managed);
+ irq_free_vector(apicd->prev_cpu, vector, managed);
apicd->prev_vector = 0;
apicd->move_in_progress = 0;
hlist_del_init(&apicd->clist);
@@ -528,6 +562,7 @@ static bool vector_configure_legacy(unsigned int virq, struct irq_data *irqd,
if (irqd_is_activated(irqd)) {
trace_vector_setup(virq, true, 0);
apic_update_irq_cfg(irqd, apicd->vector, apicd->cpu);
+ apic_update_vector(apicd->cpu, apicd->vector, true);
} else {
/* Release the vector */
apicd->can_reserve = true;
@@ -905,7 +940,7 @@ static void free_moved_vector(struct apic_chip_data *apicd)
* affinity mask comes online.
*/
trace_vector_free_moved(apicd->irq, cpu, vector, managed);
- irq_matrix_free(vector_matrix, cpu, vector, managed);
+ irq_free_vector(cpu, vector, managed);
per_cpu(vector_irq, cpu)[vector] = VECTOR_UNUSED;
hlist_del_init(&apicd->clist);
apicd->prev_vector = 0;
diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c
index 21f7c055995e..0bb649e3527d 100644
--- a/arch/x86/kernel/apic/x2apic_savic.c
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -185,6 +185,24 @@ static void x2apic_savic_send_ipi_mask_allbutself(const struct cpumask *mask, in
__send_ipi_mask(mask, vector, true);
}
+static void x2apic_savic_update_vector(unsigned int cpu, unsigned int vector, bool set)
+{
+ struct apic_page *ap = per_cpu_ptr(apic_page, cpu);
+ unsigned long *sirr = (unsigned long *) &ap->bytes[SAVIC_ALLOWED_IRR];
+ unsigned int bit;
+
+ /*
+ * The registers are 32-bit wide and 16-byte aligned.
+ * Compensate for the resulting bit number spacing.
+ */
+ bit = vector + 96 * (vector / 32);
+
+ if (set)
+ set_bit(bit, sirr);
+ else
+ clear_bit(bit, sirr);
+}
+
static void init_apic_page(void)
{
u32 apic_id;
@@ -271,6 +289,8 @@ static struct apic apic_x2apic_savic __ro_after_init = {
.eoi = native_apic_msr_eoi,
.icr_read = native_x2apic_icr_read,
.icr_write = native_x2apic_icr_write,
+
+ .update_vector = x2apic_savic_update_vector,
};
apic_driver(apic_x2apic_savic);
--
2.34.1
Powered by blists - more mailing lists