From: Tianyu Lan <ltykernel@gmail.com>
To: Michael Kelley <mhklinux@outlook.com>
Cc: "kys@microsoft.com" <kys@microsoft.com>,
"haiyangz@microsoft.com" <haiyangz@microsoft.com>,
"wei.liu@kernel.org" <wei.liu@kernel.org>,
"decui@microsoft.com" <decui@microsoft.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"mingo@redhat.com" <mingo@redhat.com>,
"bp@alien8.de" <bp@alien8.de>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"x86@kernel.org" <x86@kernel.org>,
"hpa@zytor.com" <hpa@zytor.com>,
"kvijayab@amd.com" <kvijayab@amd.com>,
"Neeraj.Upadhyay@amd.com" <Neeraj.Upadhyay@amd.com>,
Tianyu Lan <tiala@microsoft.com>,
"linux-hyperv@vger.kernel.org" <linux-hyperv@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [RFC Patch v2 0/4] x86/Hyper-V: Add AMD Secure AVIC for Hyper-V platform
Date: Fri, 20 Jun 2025 23:05:28 +0800 [thread overview]
Message-ID: <CAMvTesAscN2MyqJXpcbwcXWC-6-en6U_c03M+2=zcMF0bLv4iw@mail.gmail.com> (raw)
In-Reply-To: <SN6PR02MB41579BCC56F6C966E3E2499CD47CA@SN6PR02MB4157.namprd02.prod.outlook.com>
On Fri, Jun 20, 2025 at 10:17 AM Michael Kelley <mhklinux@outlook.com> wrote:
>
> From: Tianyu Lan <ltykernel@gmail.com> Sent: Friday, June 13, 2025 4:08 AM
> >
> > Secure AVIC is a new hardware feature in the AMD64
> > architecture to allow SEV-SNP guests to prevent the
> > hypervisor from generating unexpected interrupts to
> > a vCPU or otherwise violate architectural assumptions
> > around APIC behavior.
> >
> > Each vCPU has a guest-allocated APIC backing page of
> > size 4K, which maintains APIC state for that vCPU.
> > APIC backing page's ALLOWED_IRR field indicates the
> > interrupt vectors which the guest allows the hypervisor
> > to send.
> >
> > This patchset is to enable the feature for Hyper-V
> > platform. Patch "Expose x2apic_savic_update_vector()"
> > is to expose new fucntion and device driver and arch
> > code may update AVIC backing page ALLOWED_IRR field to
> > allow Hyper-V inject associated vector.
>
> The last sentence above seems to be leftover from v1 of the
> patch set and is no longer accurate. Please update.
Thank you very much, Michael! Will update.
>
> Additional observation: These patches depend on
> CC_ATTR_SNP_SECURE_AVIC, which is not set when operating
> in VTOM mode (i.e., a paravisor is present). So evidently Linux
> on Hyper-V must handle the Secure AVIC only when Linux is
> running as the paravisor in VTL2 (CONFIG_HYPERV_VTL_MODE=y),
> or when running as an SEV-SNP guest with no paravisor. Is
> that correct?
This patchset enables Secure AVIC function for enlightened SEV-SNP guest
which uses c-bit to encrypt/decrypt guest memory.
--
Thanks
Tianyu Lan
prev parent reply other threads:[~2025-06-20 15:06 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-13 11:08 [RFC Patch v2 0/4] x86/Hyper-V: Add AMD Secure AVIC for Hyper-V platform Tianyu Lan
2025-06-13 11:08 ` [RFC Patch v2 1/4] x86/Hyper-V: Not use hv apic driver when Secure AVIC is available Tianyu Lan
2025-06-20 2:17 ` Michael Kelley
2025-06-13 11:08 ` [RFC Patch v2 2/4] drivers/hv: Allow vmbus message synic interrupt injected from Hyper-V Tianyu Lan
2025-06-20 2:17 ` Michael Kelley
2025-06-13 11:08 ` [RFC Patch v2 3/4] x86/Hyper-V: Not use auto-eoi when Secure AVIC is available Tianyu Lan
2025-06-20 2:17 ` Michael Kelley
2025-06-13 11:08 ` [RFC Patch v2 4/4] x86/Hyper-V: Allow Hyper-V to inject Hyper-V vectors Tianyu Lan
2025-06-20 2:18 ` Michael Kelley
2025-06-20 2:17 ` [RFC Patch v2 0/4] x86/Hyper-V: Add AMD Secure AVIC for Hyper-V platform Michael Kelley
2025-06-20 15:05 ` Tianyu Lan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMvTesAscN2MyqJXpcbwcXWC-6-en6U_c03M+2=zcMF0bLv4iw@mail.gmail.com' \
--to=ltykernel@gmail.com \
--cc=Neeraj.Upadhyay@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=decui@microsoft.com \
--cc=haiyangz@microsoft.com \
--cc=hpa@zytor.com \
--cc=kvijayab@amd.com \
--cc=kys@microsoft.com \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhklinux@outlook.com \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=tiala@microsoft.com \
--cc=wei.liu@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).