lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <29dd4494-01a8-45bf-9f88-1d99d6ff6ac0@amd.com>
Date: Thu, 21 Aug 2025 10:57:24 +0530
From: "Upadhyay, Neeraj" <neeraj.upadhyay@....com>
To: Borislav Petkov <bp@...en8.de>
Cc: linux-kernel@...r.kernel.org, tglx@...utronix.de, mingo@...hat.com,
 dave.hansen@...ux.intel.com, Thomas.Lendacky@....com, nikunj@....com,
 Santosh.Shukla@....com, Vasant.Hegde@....com, Suravee.Suthikulpanit@....com,
 David.Kaplan@....com, x86@...nel.org, hpa@...or.com, peterz@...radead.org,
 seanjc@...gle.com, pbonzini@...hat.com, kvm@...r.kernel.org,
 kirill.shutemov@...ux.intel.com, huibo.wang@....com, naveen.rao@....com,
 francescolavra.fl@...il.com, tiala@...rosoft.com
Subject: Re: [PATCH v9 07/18] x86/apic: Add support to send IPI for Secure
 AVIC



On 8/20/2025 9:16 PM, Borislav Petkov wrote:
> On Mon, Aug 11, 2025 at 03:14:33PM +0530, Neeraj Upadhyay wrote:
>> With Secure AVIC only Self-IPI is accelerated. To handle all the
>> other IPIs, add new callbacks for sending IPI. These callbacks write
>> to the IRR of the target guest vCPU's APIC backing page and issue
>> GHCB protocol MSR write event for the hypervisor to notify the
>> target vCPU about the new interrupt request.
>>
>> For Secure AVIC GHCB APIC MSR writes, reuse GHCB msr handling code in
> 	     ^^^^^^^^^^^^^^^^^^
> 
> say what now?!
> 

Is below better?

x86/apic: Add support to send IPI for Secure AVIC

Secure AVIC hardware only accelerates Self-IPI, i.e. on WRMSR to
APIC_SELF_IPI and APIC_ICR (with destination shorthand equal to Self)
registers, hardware takes care of updating the APIC_IRR in the APIC
backing page of the vCPU. For other IPI types (cross-vCPU, broadcast 
IPIs), software needs to take care of updating the APIC_IRR state of the 
target CPUs and to ensure that the target vCPUs notice the new pending 
interrupt.

Add new callbacks in the Secure AVIC driver for sending IPI requests. 
These callbacks update the IRR in the target guest vCPU's APIC backing 
page. To ensure that the remote vCPU notices the new pending interrupt, 
reuse the GHCB MSR handling code in vc_handle_msr() to issue APIC_ICR 
MSR-write GHCB protocol event to the hypervisor. For Secure AVIC guests, 
on APIC_ICR write MSR exits, the hypervisor notifies the target vCPU by 
either sending an AVIC doorbell (if target vCPU is running) or by waking 
up the non-running target vCPU.

>> +void savic_ghcb_msr_write(u32 reg, u64 value)
> 
> I guess this belongs into x2apic_savic.c.
> 

Ok moving it to x2apic_savic.c requires below 4 sev-internal 
declarations to be moved to arch/x86/include/asm/sev.h

struct ghcb_state;
struct ghcb *__sev_get_ghcb(struct ghcb_state *state);
void __sev_put_ghcb(struct ghcb_state *state);
enum es_result sev_es_ghcb_handle_msr(...);

>> +{
>> +	u64 msr = APIC_BASE_MSR + (reg >> 4);
>> +	struct pt_regs regs = {
>> +		.cx = msr,
>> +		.ax = lower_32_bits(value),
>> +		.dx = upper_32_bits(value)
>> +	};
>> +	struct es_em_ctxt ctxt = { .regs = &regs };
>> +	struct ghcb_state state;
>> +	enum es_result res;
>> +	struct ghcb *ghcb;
>> +
>> +	guard(irqsave)();
>> +
>> +	ghcb = __sev_get_ghcb(&state);
>> +	vc_ghcb_invalidate(ghcb);
>> +
>> +	res = sev_es_ghcb_handle_msr(ghcb, &ctxt, true);
>> +	if (res != ES_OK) {
>> +		pr_err("Secure AVIC msr (0x%llx) write returned error (%d)\n", msr, res);
>> +		/* MSR writes should never fail. Any failure is fatal error for SNP guest */
>> +		snp_abort();
>> +	}
>> +
>> +	__sev_put_ghcb(&state);
>> +}
> 
> ...
> 
>> +static inline void self_ipi_reg_write(unsigned int vector)
>> +{
>> +	/*
>> +	 * Secure AVIC hardware accelerates guest's MSR write to SELF_IPI
>> +	 * register. It updates the IRR in the APIC backing page, evaluates
>> +	 * the new IRR for interrupt injection and continues with guest
>> +	 * code execution.
>> +	 */
> 
> Why is that comment here? It is above a WRMSR write. What acceleration is it
> talking about?
> 

This comment explains why WRMSR is sufficient for sending SELF_IPI. On
WRMSR by vCPU, Secure AVIC hardware takes care of updating APIC_IRR in
backing page. Hardware also ensures that new APIC_IRR state is evaluated
for new pending interrupts. So, WRMSR is hardware-accelerated.

For non-self-IPI case, software need to do APIC_IRR update and sending 
of wakeup-request/doorbell to the target vCPU.


- Neeraj

>> +	native_apic_msr_write(APIC_SELF_IPI, vector);
>> +}
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ