| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250514071803.209166-29-Neeraj.Upadhyay@amd.com>
Date: Wed, 14 May 2025 12:47:59 +0530
From: Neeraj Upadhyay <Neeraj.Upadhyay@....com>
To: <linux-kernel@...r.kernel.org>
CC: <bp@...en8.de>, <tglx@...utronix.de>, <mingo@...hat.com>,
<dave.hansen@...ux.intel.com>, <Thomas.Lendacky@....com>, <nikunj@....com>,
<Santosh.Shukla@....com>, <Vasant.Hegde@....com>,
<Suravee.Suthikulpanit@....com>, <David.Kaplan@....com>, <x86@...nel.org>,
<hpa@...or.com>, <peterz@...radead.org>, <seanjc@...gle.com>,
<pbonzini@...hat.com>, <kvm@...r.kernel.org>,
<kirill.shutemov@...ux.intel.com>, <huibo.wang@....com>,
<naveen.rao@....com>, <francescolavra.fl@...il.com>, <tiala@...rosoft.com>
Subject: [RFC PATCH v6 28/32] x86/apic: Handle EOI writes for Secure AVIC guests
Secure AVIC accelerates guest's EOI msr writes for edge-triggered
interrupts.
For level-triggered interrupts, EOI msr writes trigger VC exception
with SVM_EXIT_AVIC_UNACCELERATED_ACCESS error code. To complete EOI
handling, the VC exception handler would need to trigger a GHCB protocol
MSR write event to notify the hypervisor about completion of the
level-triggered interrupt. Hypervisor notification is required for
cases like emulated IOAPIC, to complete and clear interrupt in the
IOAPIC's interrupt state.
However, VC exception handling adds extra performance overhead for
APIC register writes. In addition, for Secure AVIC, some unaccelerated
APIC register msr writes are trapped, whereas others are faulted. This
results in additional complexity in VC exception handling for unacclerated
APIC msr accesses. So, directly do a GHCB protocol based APIC EOI msr write
from apic->eoi() callback for level-triggered interrupts.
Use wrmsr for edge-triggered interrupts, so that hardware re-evaluates
any pending interrupt which can be delivered to guest vCPU. For level-
triggered interrupts, re-evaluation happens on return from VMGEXIT
corresponding to the GHCB event for APIC EOI msr write.
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@....com>
---
Changes since v5:
- Use apic_test_vector() in apic.h
arch/x86/kernel/apic/x2apic_savic.c | 35 ++++++++++++++++++++++++++++-
1 file changed, 34 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c
index 0fecc295874e..a527d7e4477c 100644
--- a/arch/x86/kernel/apic/x2apic_savic.c
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -300,6 +300,39 @@ static void savic_update_vector(unsigned int cpu, unsigned int vector, bool set)
update_vector(cpu, SAVIC_ALLOWED_IRR, vector, set);
}
+static void savic_eoi(void)
+{
+ unsigned int cpu;
+ void *bitmap;
+ int vec;
+
+ cpu = raw_smp_processor_id();
+ bitmap = get_reg_bitmap(cpu, APIC_ISR);
+ vec = apic_find_highest_vector(bitmap);
+ if (WARN_ONCE(vec == -1, "EOI write while no active interrupt in APIC_ISR"))
+ return;
+
+ bitmap = get_reg_bitmap(cpu, APIC_TMR);
+
+ /* Is level-triggered interrupt? */
+ if (apic_test_vector(vec, bitmap)) {
+ update_vector(cpu, APIC_ISR, vec, false);
+ /*
+ * Propagate the EOI write to hv for level-triggered interrupts.
+ * Return to guest from GHCB protocol event takes care of
+ * re-evaluating interrupt state.
+ */
+ savic_ghcb_msr_write(APIC_EOI, 0);
+ } else {
+ /*
+ * Hardware clears APIC_ISR and re-evaluates the interrupt state
+ * to determine if there is any pending interrupt which can be
+ * delivered to CPU.
+ */
+ native_apic_msr_eoi();
+ }
+}
+
static void init_apic_page(struct apic_page *ap)
{
u32 apic_id;
@@ -386,7 +419,7 @@ static struct apic apic_x2apic_savic __ro_after_init = {
.read = savic_read,
.write = savic_write,
- .eoi = native_apic_msr_eoi,
+ .eoi = savic_eoi,
.icr_read = native_x2apic_icr_read,
.icr_write = savic_icr_write,
--
2.34.1
Powered by blists - more mailing lists