| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMvTesAscN2MyqJXpcbwcXWC-6-en6U_c03M+2=zcMF0bLv4iw@mail.gmail.com> Date: Fri, 20 Jun 2025 23:05:28 +0800 From: Tianyu Lan <ltykernel@...il.com> To: Michael Kelley <mhklinux@...look.com> Cc: "kys@...rosoft.com" <kys@...rosoft.com>, "haiyangz@...rosoft.com" <haiyangz@...rosoft.com>, "wei.liu@...nel.org" <wei.liu@...nel.org>, "decui@...rosoft.com" <decui@...rosoft.com>, "tglx@...utronix.de" <tglx@...utronix.de>, "mingo@...hat.com" <mingo@...hat.com>, "bp@...en8.de" <bp@...en8.de>, "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>, "x86@...nel.org" <x86@...nel.org>, "hpa@...or.com" <hpa@...or.com>, "kvijayab@....com" <kvijayab@....com>, "Neeraj.Upadhyay@....com" <Neeraj.Upadhyay@....com>, Tianyu Lan <tiala@...rosoft.com>, "linux-hyperv@...r.kernel.org" <linux-hyperv@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [RFC Patch v2 0/4] x86/Hyper-V: Add AMD Secure AVIC for Hyper-V platform On Fri, Jun 20, 2025 at 10:17 AM Michael Kelley <mhklinux@...look.com> wrote: > > From: Tianyu Lan <ltykernel@...il.com> Sent: Friday, June 13, 2025 4:08 AM > > > > Secure AVIC is a new hardware feature in the AMD64 > > architecture to allow SEV-SNP guests to prevent the > > hypervisor from generating unexpected interrupts to > > a vCPU or otherwise violate architectural assumptions > > around APIC behavior. > > > > Each vCPU has a guest-allocated APIC backing page of > > size 4K, which maintains APIC state for that vCPU. > > APIC backing page's ALLOWED_IRR field indicates the > > interrupt vectors which the guest allows the hypervisor > > to send. > > > > This patchset is to enable the feature for Hyper-V > > platform. Patch "Expose x2apic_savic_update_vector()" > > is to expose new fucntion and device driver and arch > > code may update AVIC backing page ALLOWED_IRR field to > > allow Hyper-V inject associated vector. > > The last sentence above seems to be leftover from v1 of the > patch set and is no longer accurate. Please update. Thank you very much, Michael! Will update. > > Additional observation: These patches depend on > CC_ATTR_SNP_SECURE_AVIC, which is not set when operating > in VTOM mode (i.e., a paravisor is present). So evidently Linux > on Hyper-V must handle the Secure AVIC only when Linux is > running as the paravisor in VTL2 (CONFIG_HYPERV_VTL_MODE=y), > or when running as an SEV-SNP guest with no paravisor. Is > that correct? This patchset enables Secure AVIC function for enlightened SEV-SNP guest which uses c-bit to encrypt/decrypt guest memory. -- Thanks Tianyu Lan
Powered by blists - more mailing lists