| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <SN6PR02MB41579BCC56F6C966E3E2499CD47CA@SN6PR02MB4157.namprd02.prod.outlook.com> Date: Fri, 20 Jun 2025 02:17:04 +0000 From: Michael Kelley <mhklinux@...look.com> To: Tianyu Lan <ltykernel@...il.com>, "kys@...rosoft.com" <kys@...rosoft.com>, "haiyangz@...rosoft.com" <haiyangz@...rosoft.com>, "wei.liu@...nel.org" <wei.liu@...nel.org>, "decui@...rosoft.com" <decui@...rosoft.com>, "tglx@...utronix.de" <tglx@...utronix.de>, "mingo@...hat.com" <mingo@...hat.com>, "bp@...en8.de" <bp@...en8.de>, "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>, "x86@...nel.org" <x86@...nel.org>, "hpa@...or.com" <hpa@...or.com>, "kvijayab@....com" <kvijayab@....com>, "Neeraj.Upadhyay@....com" <Neeraj.Upadhyay@....com> CC: Tianyu Lan <tiala@...rosoft.com>, "linux-hyperv@...r.kernel.org" <linux-hyperv@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: RE: [RFC Patch v2 0/4] x86/Hyper-V: Add AMD Secure AVIC for Hyper-V platform From: Tianyu Lan <ltykernel@...il.com> Sent: Friday, June 13, 2025 4:08 AM > > Secure AVIC is a new hardware feature in the AMD64 > architecture to allow SEV-SNP guests to prevent the > hypervisor from generating unexpected interrupts to > a vCPU or otherwise violate architectural assumptions > around APIC behavior. > > Each vCPU has a guest-allocated APIC backing page of > size 4K, which maintains APIC state for that vCPU. > APIC backing page's ALLOWED_IRR field indicates the > interrupt vectors which the guest allows the hypervisor > to send. > > This patchset is to enable the feature for Hyper-V > platform. Patch "Expose x2apic_savic_update_vector()" > is to expose new fucntion and device driver and arch > code may update AVIC backing page ALLOWED_IRR field to > allow Hyper-V inject associated vector. The last sentence above seems to be leftover from v1 of the patch set and is no longer accurate. Please update. Additional observation: These patches depend on CC_ATTR_SNP_SECURE_AVIC, which is not set when operating in VTOM mode (i.e., a paravisor is present). So evidently Linux on Hyper-V must handle the Secure AVIC only when Linux is running as the paravisor in VTL2 (CONFIG_HYPERV_VTL_MODE=y), or when running as an SEV-SNP guest with no paravisor. Is that correct? > > This patchset is based on the AMD patchset "AMD: Add > Secure AVIC Guest Support" https://lkml.org/lkml/2025/6/10/1579 > > Change since v1: > - Remove the check of Secure AVIC when set APIC backing page > - Use apic_update_vector() instead of exposing new interface > from Secure AVIC driver to update APIC backing page and allow > associated interrupt to be injected by hypervisor. > > Tianyu Lan (4): > x86/Hyper-V: Not use hv apic driver when Secure AVIC is available > drivers/hv: Allow vmbus message synic interrupt injected from Hyper-V > x86/Hyper-V: Not use auto-eoi when Secure AVIC is available > x86/Hyper-V: Allow Hyper-V to inject Hyper-V vectors > > arch/x86/hyperv/hv_apic.c | 3 +++ > arch/x86/hyperv/hv_init.c | 4 ++++ > arch/x86/kernel/cpu/mshyperv.c | 2 ++ > drivers/hv/hv.c | 2 ++ > 4 files changed, 11 insertions(+) > > -- > 2.25.1
Powered by blists - more mailing lists