lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7395fc42-5af1-4e26-9e39-8e7213ac5f7b@amd.com>
Date: Fri, 15 Aug 2025 18:46:55 +0530
From: "Upadhyay, Neeraj" <neeraj.upadhyay@....com>
To: Borislav Petkov <bp@...en8.de>
Cc: linux-kernel@...r.kernel.org, tglx@...utronix.de, mingo@...hat.com,
 dave.hansen@...ux.intel.com, Thomas.Lendacky@....com, nikunj@....com,
 Santosh.Shukla@....com, Vasant.Hegde@....com, Suravee.Suthikulpanit@....com,
 David.Kaplan@....com, x86@...nel.org, hpa@...or.com, peterz@...radead.org,
 seanjc@...gle.com, pbonzini@...hat.com, kvm@...r.kernel.org,
 kirill.shutemov@...ux.intel.com, huibo.wang@....com, naveen.rao@....com,
 francescolavra.fl@...il.com, tiala@...rosoft.com
Subject: Re: [PATCH v9 02/18] x86/apic: Initialize Secure AVIC APIC backing
 page



On 8/15/2025 3:55 PM, Borislav Petkov wrote:
> On Mon, Aug 11, 2025 at 03:14:28PM +0530, Neeraj Upadhyay wrote:
>> With Secure AVIC, the APIC backing page is owned and managed by guest.
> 
> Please use articles: "...and managed by the guest."
> 
> Check all your text pls.
> 

Ok

>> +enum es_result savic_register_gpa(u64 gpa)
>> +{
>> +	struct ghcb_state state;
>> +	struct es_em_ctxt ctxt;
>> +	enum es_result res;
>> +	struct ghcb *ghcb;
>> +
>> +	guard(irqsave)();
>> +
>> +	ghcb = __sev_get_ghcb(&state);
>> +	vc_ghcb_invalidate(ghcb);
>> +
>> +	ghcb_set_rax(ghcb, SVM_VMGEXIT_SAVIC_SELF_GPA);
>> +	ghcb_set_rbx(ghcb, gpa);
>> +	res = sev_es_ghcb_hv_call(ghcb, &ctxt, SVM_VMGEXIT_SAVIC,
>> +				  SVM_VMGEXIT_SAVIC_REGISTER_GPA, 0);
>> +
>> +	__sev_put_ghcb(&state);
>> +
>> +	return res;
>> +}
> 
> I was gonna say put this into a new arch/x86/coco/sev/savic.c but ok, you're
> adding only two functions.
> 

There are four new functions. So, do I need to put them in new 
arch/x86/coco/sev/savic.c file?

savic_register_gpa()
savic_unregister_gpa()
savic_ghcb_msr_read()
savic_ghcb_msr_write()


>> +struct secure_avic_page {
>> +	u8 regs[PAGE_SIZE];
>> +} __aligned(PAGE_SIZE);
>> +
>> +static struct secure_avic_page __percpu *secure_avic_page __ro_after_init;
> 
> 
> static struct secure_avic_page __percpu *savic_page __ro_after_init;
> 

Ok


- Neeraj

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ