From: Tianyu Lan <ltykernel@gmail.com>
To: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
Cc: linux-kernel@vger.kernel.org, bp@alien8.de, tglx@linutronix.de,
mingo@redhat.com, dave.hansen@linux.intel.com,
Thomas.Lendacky@amd.com, nikunj@amd.com, Santosh.Shukla@amd.com,
Vasant.Hegde@amd.com, Suravee.Suthikulpanit@amd.com,
David.Kaplan@amd.com, x86@kernel.org, hpa@zytor.com,
peterz@infradead.org, seanjc@google.com, pbonzini@redhat.com,
kvm@vger.kernel.org, kirill.shutemov@linux.intel.com,
huibo.wang@amd.com, naveen.rao@amd.com,
francescolavra.fl@gmail.com, tiala@microsoft.com
Subject: Re: [RFC PATCH v6 31/32] x86/sev: Prevent SECURE_AVIC_CONTROL MSR interception for Secure AVIC guests
Date: Mon, 9 Jun 2025 15:40:19 +0800 [thread overview]
Message-ID: <CAMvTesCSX1g8Ttzjn4PhfcWSYUdAcCUV9hfJd_TPQzek24K1LA@mail.gmail.com> (raw)
In-Reply-To: <20250514071803.209166-32-Neeraj.Upadhyay@amd.com>
On Wed, May 14, 2025 at 3:33 PM Neeraj Upadhyay <Neeraj.Upadhyay@amd.com> wrote:
>
> The SECURE_AVIC_CONTROL MSR holds the GPA of the guest APIC backing
> page and bitfields to control enablement of Secure AVIC and NMI by
> guest vCPUs. This MSR is populated by the guest and the hypervisor
> should not intercept it. A #VC exception will be generated otherwise.
> If this occurs and Secure AVIC is enabled, terminate guest execution.
>
> Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
> ---
Reviewed-by: Tianyu Lan <tiala@microsoft.com>
--
Thanks
Tianyu Lan
next prev parent reply other threads:[~2025-06-09 7:40 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-14 7:17 [RFC PATCH v6 00/32] AMD: Add Secure AVIC Guest Support Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 01/32] x86/apic: KVM: Deduplicate APIC vector => register+bit math Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 02/32] KVM: x86: Move find_highest_vector() to a common header Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 03/32] KVM: x86: Move lapic get/set_reg() helpers to common code Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 04/32] KVM: x86: Move lapic get/set_reg64() " Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 05/32] KVM: x86: Move lapic set/clear_vector() " Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 06/32] KVM: x86: Move {REG,VEC}_POS() macros to lapic.c Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 07/32] KVM: x86: apic_test_vector() to common code Neeraj Upadhyay
2025-05-24 12:12 ` Borislav Petkov
2025-05-26 3:00 ` Neeraj Upadhyay
2025-06-06 18:47 ` Sean Christopherson
2025-06-06 18:56 ` Sean Christopherson
2025-06-10 4:26 ` Neeraj Upadhyay
2025-06-10 4:25 ` Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 08/32] x86/apic: Remove redundant parentheses around 'bitmap' Neeraj Upadhyay
2025-05-24 12:14 ` Borislav Petkov
2025-05-26 3:01 ` Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 09/32] x86/apic: Rename 'reg_off' to 'reg' Neeraj Upadhyay
2025-06-09 6:35 ` Tianyu Lan
2025-05-14 7:17 ` [RFC PATCH v6 10/32] x86/apic: Change apic_*_vector() vector param to unsigned Neeraj Upadhyay
2025-05-24 12:15 ` Borislav Petkov
2025-05-26 3:01 ` Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 11/32] x86/apic: Change get/set reg operations reg " Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 12/32] x86/apic: Unionize apic regs for 32bit/64bit access w/o type casting Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 13/32] x86/apic: Simplify bitwise operations on apic bitmap Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 14/32] x86/apic: Move apic_update_irq_cfg() calls to apic_update_vector() Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 15/32] x86/apic: Add new driver for Secure AVIC Neeraj Upadhyay
2025-06-10 6:52 ` Tianyu Lan
2025-05-14 7:17 ` [RFC PATCH v6 16/32] x86/apic: Initialize Secure AVIC APIC backing page Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 17/32] x86/apic: Populate .read()/.write() callbacks of Secure AVIC driver Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 18/32] x86/apic: Initialize APIC ID for Secure AVIC Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 19/32] x86/apic: Add update_vector() callback for apic drivers Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 20/32] x86/apic: Add update_vector() callback for Secure AVIC Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 21/32] x86/apic: Add support to send IPI " Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 22/32] x86/apic: Support LAPIC timer " Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 23/32] x86/sev: Initialize VGIF for secondary VCPUs " Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 24/32] x86/apic: Add support to send NMI IPI " Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 25/32] x86/apic: Allow NMI to be injected from hypervisor " Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 26/32] x86/sev: Enable NMI support " Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 27/32] x86/apic: Read and write LVT* APIC registers from HV for SAVIC guests Neeraj Upadhyay
2025-05-14 7:17 ` [RFC PATCH v6 28/32] x86/apic: Handle EOI writes for Secure AVIC guests Neeraj Upadhyay
2025-05-14 7:18 ` [RFC PATCH v6 29/32] x86/apic: Add kexec support for Secure AVIC Neeraj Upadhyay
2025-05-14 7:18 ` [RFC PATCH v6 30/32] x86/apic: Enable Secure AVIC in Control MSR Neeraj Upadhyay
2025-05-14 7:18 ` [RFC PATCH v6 31/32] x86/sev: Prevent SECURE_AVIC_CONTROL MSR interception for Secure AVIC guests Neeraj Upadhyay
2025-06-09 7:40 ` Tianyu Lan [this message]
2025-05-14 7:18 ` [RFC PATCH v6 32/32] x86/sev: Indicate SEV-SNP guest supports Secure AVIC Neeraj Upadhyay
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMvTesCSX1g8Ttzjn4PhfcWSYUdAcCUV9hfJd_TPQzek24K1LA@mail.gmail.com \
--to=ltykernel@gmail.com \
--cc=David.Kaplan@amd.com \
--cc=Neeraj.Upadhyay@amd.com \
--cc=Santosh.Shukla@amd.com \
--cc=Suravee.Suthikulpanit@amd.com \
--cc=Thomas.Lendacky@amd.com \
--cc=Vasant.Hegde@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=francescolavra.fl@gmail.com \
--cc=hpa@zytor.com \
--cc=huibo.wang@amd.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=naveen.rao@amd.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tiala@microsoft.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).