[RFC PATCH 0/6] x86/Hyper-V: Add AMD Secure AVIC for Hyper-V platform

[RFC PATCH 0/6] x86/Hyper-V: Add AMD Secure AVIC for Hyper-V platform

[Tianyu Lan]

From: Tianyu Lan <tiala@microsoft.com>

Secure AVIC is a new hardware feature in the AMD64
architecture to allow SEV-SNP guests to prevent the
hypervisor from generating unexpected interrupts to
a vCPU or otherwise violate architectural assumptions
around APIC behavior.

Each vCPU has a guest-allocated APIC backing page of
size 4K, which maintains APIC state for that vCPU.
APIC backing page's ALLOWED_IRR field indicates the
interrupt vectors which the guest allows the hypervisor
to send.

This patchset is to enable the feature for Hyper-V
platform. Patch "Expose x2apic_savic_update_vector()"
is to expose new fucntion and device driver and arch
code may update AVIC backing page ALLOWED_IRR field to
allow Hyper-V inject associated vector.

This patchset is based on the AMD patchset "AMD: Add
Secure AVIC Guest Support"
https://lkml.org/lkml/2025/4/17/585

Tianyu Lan (6):
  x86/Hyper-V: Not use hv apic driver when Secure AVIC is available
  x86/x2apic-savic: Expose x2apic_savic_update_vector()
  drivers/hv: Allow vmbus message synic interrupt injected from Hyper-V
  x86/Hyper-V: Allow Hyper-V to inject Hyper-V vectors
  x86/Hyper-V: Not use auto-eoi when Secure AVIC is available
  x86/x2apic-savic: Not set APIC backing page if Secure AVIC is not
    enabled.

 arch/x86/hyperv/hv_apic.c           |  3 +++
 arch/x86/hyperv/hv_init.c           | 12 ++++++++++++
 arch/x86/include/asm/apic.h         |  9 +++++++++
 arch/x86/kernel/apic/x2apic_savic.c | 13 ++++++++++++-
 arch/x86/kernel/cpu/mshyperv.c      |  3 +++
 drivers/hv/hv.c                     |  2 ++
 6 files changed, 41 insertions(+), 1 deletion(-)

-- 
2.25.1

[RFC PATCH 1/6] x86/Hyper-V: Not use hv apic driver when Secure AVIC is available

[Tianyu Lan]

From: Tianyu Lan <tiala@microsoft.com>

When Secure AVIC is available, AMD x2apic Secure
AVIC driver should be selected and return directly
in the hv_apic_init().

Signed-off-by: Tianyu Lan <tiala@microsoft.com>
---
 arch/x86/hyperv/hv_apic.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/x86/hyperv/hv_apic.c b/arch/x86/hyperv/hv_apic.c
index 6d91ac5f9836..bd8f83923305 100644
--- a/arch/x86/hyperv/hv_apic.c
+++ b/arch/x86/hyperv/hv_apic.c
@@ -292,6 +292,9 @@ static void hv_send_ipi_self(int vector)
 
 void __init hv_apic_init(void)
 {
+	if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
+		return;
+
 	if (ms_hyperv.hints & HV_X64_CLUSTER_IPI_RECOMMENDED) {
 		pr_info("Hyper-V: Using IPI hypercalls\n");
 		/*
-- 
2.25.1

[RFC PATCH 2/6] x86/x2apic-savic: Expose x2apic_savic_update_vector()

[Tianyu Lan]

From: Tianyu Lan <tiala@microsoft.com>

Expose x2apic_savic_update_vector() and device driver
arch code may update AVIC backing page to allow Hyper-V
inject associated vector.

Signed-off-by: Tianyu Lan <tiala@microsoft.com>
---
 arch/x86/include/asm/apic.h         | 9 +++++++++
 arch/x86/kernel/apic/x2apic_savic.c | 8 ++++++++
 2 files changed, 17 insertions(+)

diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
index 6aa4b8ff08a9..949389e05dd7 100644
--- a/arch/x86/include/asm/apic.h
+++ b/arch/x86/include/asm/apic.h
@@ -241,6 +241,15 @@ static inline u64 native_x2apic_icr_read(void)
 	return val;
 }
 
+#if defined(CONFIG_AMD_SECURE_AVIC)
+extern void x2apic_savic_update_vector(unsigned int cpu,
+				unsigned int vector,
+				bool set);
+#else
+static inline void x2apic_savic_update_vector(unsigned int cpu,
+					      unsigned int vector,								      bool set) { }
+#endif
+
 extern int x2apic_mode;
 extern int x2apic_phys;
 extern void __init x2apic_set_max_apicid(u32 apicid);
diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c
index 6284d1f8dac9..0dd7e39931b0 100644
--- a/arch/x86/kernel/apic/x2apic_savic.c
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -321,6 +321,14 @@ static void savic_update_vector(unsigned int cpu, unsigned int vector, bool set)
 	update_vector(cpu, SAVIC_ALLOWED_IRR, vector, set);
 }
 
+void x2apic_savic_update_vector(unsigned int cpu, unsigned int vector, bool set)
+{
+	if (!cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
+		return;
+
+	savic_update_vector(cpu, vector, set);
+}
+
 static void init_apic_page(void)
 {
 	u32 apic_id;
-- 
2.25.1

[RFC PATCH 3/6] drivers/hv: Allow vmbus message synic interrupt injected from Hyper-V

[Tianyu Lan]

From: Tianyu Lan <tiala@microsoft.com>

When Secure AVIC is enabled, Vmbus driver should
call x2apic Secure AVIC interface to allow Hyper-V
to inject Vmbus message interrupt.

Signed-off-by: Tianyu Lan <tiala@microsoft.com>
---
 drivers/hv/hv.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
index 308c8f279df8..f77c1dc0e8d4 100644
--- a/drivers/hv/hv.c
+++ b/drivers/hv/hv.c
@@ -20,6 +20,11 @@
 #include <linux/interrupt.h>
 #include <clocksource/hyperv_timer.h>
 #include <asm/mshyperv.h>
+
+#if IS_ENABLED(CONFIG_AMD_SECURE_AVIC)
+#include <asm/apic.h>
+#endif
+
 #include <linux/set_memory.h>
 #include "hyperv_vmbus.h"
 
@@ -311,6 +316,10 @@ void hv_synic_enable_regs(unsigned int cpu)
 		enable_percpu_irq(vmbus_irq, 0);
 	shared_sint.as_uint64 = hv_get_msr(HV_MSR_SINT0 + VMBUS_MESSAGE_SINT);
 
+#if IS_ENABLED(CONFIG_AMD_SECURE_AVIC)
+	x2apic_savic_update_vector(smp_processor_id(), vmbus_interrupt, true);
+#endif
+	
 	shared_sint.vector = vmbus_interrupt;
 	shared_sint.masked = false;
 	shared_sint.auto_eoi = hv_recommend_using_aeoi();
-- 
2.25.1

[RFC PATCH 4/6] x86/Hyper-V: Allow Hyper-V to inject Hyper-V vectors

[Tianyu Lan]

From: Tianyu Lan <tiala@microsoft.com>

When Secure AVIC is enabled, call Secure AVIC
function to allow Hyper-V to inject REENLIGHTENMENT,
STIMER0 and CALLBACK vectors.

Signed-off-by: Tianyu Lan <tiala@microsoft.com>
---
 arch/x86/hyperv/hv_init.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c
index ddeb40930bc8..d75df5c3965d 100644
--- a/arch/x86/hyperv/hv_init.c
+++ b/arch/x86/hyperv/hv_init.c
@@ -131,6 +131,18 @@ static int hv_cpu_init(unsigned int cpu)
 		wrmsrl(HV_X64_MSR_VP_ASSIST_PAGE, msr.as_uint64);
 	}
 
+	/* Allow Hyper-V vector to be injected from Hypervisor. */
+	if (ms_hyperv.features & HV_ACCESS_REENLIGHTENMENT)
+		x2apic_savic_update_vector(cpu,
+					   HYPERV_REENLIGHTENMENT_VECTOR, true);
+
+	if (ms_hyperv.misc_features & HV_STIMER_DIRECT_MODE_AVAILABLE)
+		x2apic_savic_update_vector(cpu,
+					   HYPERV_STIMER0_VECTOR, true);
+
+	x2apic_savic_update_vector(cpu, HYPERVISOR_CALLBACK_VECTOR, true);
+
+
 	return hyperv_init_ghcb();
 }
 
-- 
2.25.1

[RFC PATCH 5/6] x86/Hyper-V: Not use auto-eoi when Secure AVIC is available

[Tianyu Lan]

From: Tianyu Lan <tiala@microsoft.com>

Hyper-V doesn't support auto-eoi with Secure AVIC.
So Enable HV_DEPRECATING_AEOI_RECOMMENDED flag
to force to write eoi register after handling
interrupt.

Signed-off-by: Tianyu Lan <tiala@microsoft.com>
---
 arch/x86/kernel/cpu/mshyperv.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
index 3e2533954675..fbe45b5e9790 100644
--- a/arch/x86/kernel/cpu/mshyperv.c
+++ b/arch/x86/kernel/cpu/mshyperv.c
@@ -463,6 +463,9 @@ static void __init ms_hyperv_init_platform(void)
 
 	hv_identify_partition_type();
 
+	if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
+		ms_hyperv.hints |= HV_DEPRECATING_AEOI_RECOMMENDED;
+
 	if (ms_hyperv.hints & HV_X64_HYPERV_NESTED) {
 		hv_nested = true;
 		pr_info("Hyper-V: running on a nested hypervisor\n");
-- 
2.25.1

[RFC PATCH 6/6] x86/x2apic-savic: Not set APIC backing page if Secure AVIC is not enabled.

[Tianyu Lan]

From: Tianyu Lan <tiala@microsoft.com>

When Secure AVIC is not enabled, init_apic_page()
should return directly.

Signed-off-by: Tianyu Lan <tiala@microsoft.com>
---
 arch/x86/kernel/apic/x2apic_savic.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c
index 0dd7e39931b0..fb09c0f9e276 100644
--- a/arch/x86/kernel/apic/x2apic_savic.c
+++ b/arch/x86/kernel/apic/x2apic_savic.c
@@ -333,6 +333,9 @@ static void init_apic_page(void)
 {
 	u32 apic_id;
 
+	if (!cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
+		return;
+
 	/*
 	 * Before Secure AVIC is enabled, APIC msr reads are intercepted.
 	 * APIC_ID msr read returns the value from the Hypervisor.
-- 
2.25.1

Re: [RFC PATCH 2/6] x86/x2apic-savic: Expose x2apic_savic_update_vector()

[Neeraj Upadhyay]

On 5/6/2025 6:37 PM, Tianyu Lan wrote:
> From: Tianyu Lan <tiala@microsoft.com>
> 
> Expose x2apic_savic_update_vector() and device driver
> arch code may update AVIC backing page to allow Hyper-V
> inject associated vector.
> 
> Signed-off-by: Tianyu Lan <tiala@microsoft.com>

I think this new interface is not required. Device driver arch code can call
apic_update_vector() to invoke APIC driver's update_vector() callback. 
Or is it that I am missing something? So, can you explain why this new interface
is needed?



- Neeraj

> ---
>  arch/x86/include/asm/apic.h         | 9 +++++++++
>  arch/x86/kernel/apic/x2apic_savic.c | 8 ++++++++
>  2 files changed, 17 insertions(+)
> 
> diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
> index 6aa4b8ff08a9..949389e05dd7 100644
> --- a/arch/x86/include/asm/apic.h
> +++ b/arch/x86/include/asm/apic.h
> @@ -241,6 +241,15 @@ static inline u64 native_x2apic_icr_read(void)
>  	return val;
>  }
>  
> +#if defined(CONFIG_AMD_SECURE_AVIC)
> +extern void x2apic_savic_update_vector(unsigned int cpu,
> +				unsigned int vector,
> +				bool set);
> +#else
> +static inline void x2apic_savic_update_vector(unsigned int cpu,
> +					      unsigned int vector,								      bool set) { }
> +#endif
> +
>  extern int x2apic_mode;
>  extern int x2apic_phys;
>  extern void __init x2apic_set_max_apicid(u32 apicid);
> diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c
> index 6284d1f8dac9..0dd7e39931b0 100644
> --- a/arch/x86/kernel/apic/x2apic_savic.c
> +++ b/arch/x86/kernel/apic/x2apic_savic.c
> @@ -321,6 +321,14 @@ static void savic_update_vector(unsigned int cpu, unsigned int vector, bool set)
>  	update_vector(cpu, SAVIC_ALLOWED_IRR, vector, set);
>  }
>  
> +void x2apic_savic_update_vector(unsigned int cpu, unsigned int vector, bool set)
> +{
> +	if (!cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
> +		return;
> +
> +	savic_update_vector(cpu, vector, set);
> +}
> +
>  static void init_apic_page(void)
>  {
>  	u32 apic_id;

Re: [RFC PATCH 6/6] x86/x2apic-savic: Not set APIC backing page if Secure AVIC is not enabled.

[Neeraj Upadhyay]

On 5/6/2025 6:37 PM, Tianyu Lan wrote:
> From: Tianyu Lan <tiala@microsoft.com>
> 
> When Secure AVIC is not enabled, init_apic_page()
> should return directly.
> 
> Signed-off-by: Tianyu Lan <tiala@microsoft.com>
> ---
>  arch/x86/kernel/apic/x2apic_savic.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c
> index 0dd7e39931b0..fb09c0f9e276 100644
> --- a/arch/x86/kernel/apic/x2apic_savic.c
> +++ b/arch/x86/kernel/apic/x2apic_savic.c
> @@ -333,6 +333,9 @@ static void init_apic_page(void)
>  {
>  	u32 apic_id;
>  
> +	if (!cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
> +		return;
> +
>  	/*

Why is this change needed? init_apic_page() is only called from Secure AVIC driver's
setup() callback. savic_probe() already does this check. So, if this check fails during
savic_probe(), Secure AVIC apic driver won't be selected as apic driver and it's setup
callback will never get invoked.


- Neeraj



>  	 * Before Secure AVIC is enabled, APIC msr reads are intercepted.
>  	 * APIC_ID msr read returns the value from the Hypervisor.

Re: [RFC PATCH 2/6] x86/x2apic-savic: Expose x2apic_savic_update_vector()

[Tianyu Lan]

On Wed, May 7, 2025 at 11:57 AM Neeraj Upadhyay <Neeraj.Upadhyay@amd.com> wrote:
>
>
>
> On 5/6/2025 6:37 PM, Tianyu Lan wrote:
> > From: Tianyu Lan <tiala@microsoft.com>
> >
> > Expose x2apic_savic_update_vector() and device driver
> > arch code may update AVIC backing page to allow Hyper-V
> > inject associated vector.
> >
> > Signed-off-by: Tianyu Lan <tiala@microsoft.com>
>
> I think this new interface is not required. Device driver arch code can call
> apic_update_vector() to invoke APIC driver's update_vector() callback.
> Or is it that I am missing something? So, can you explain why this new interface
> is needed?

Hi Neeraj:
       Thank you for your review. Agree. apic_update_vector() should be enough.
Will update.

Thanks.

RE: [RFC PATCH 0/6] x86/Hyper-V: Add AMD Secure AVIC for Hyper-V platform

[Michael Kelley]

From: Tianyu Lan <ltykernel@gmail.com> Sent: Tuesday, May 6, 2025 6:07 AM
> 

For consistency with other patches, use "x86/hyperv" as the Subject prefix.
I'd suggest being slightly more precise and saying "Hyper-V guests" instead
of "Hyper-V platform". So,

x86/hyperv: Add AMD Secure AVIC support for Hyper-V guests

> Secure AVIC is a new hardware feature in the AMD64
> architecture to allow SEV-SNP guests to prevent the
> hypervisor from generating unexpected interrupts to
> a vCPU or otherwise violate architectural assumptions
> around APIC behavior.
> 
> Each vCPU has a guest-allocated APIC backing page of
> size 4K, which maintains APIC state for that vCPU.
> APIC backing page's ALLOWED_IRR field indicates the

s/APIC backing/The APIC backing/

> interrupt vectors which the guest allows the hypervisor
> to send.
> 
> This patchset is to enable the feature for Hyper-V
> platform. Patch "Expose x2apic_savic_update_vector()"

s/platform/guests/

> is to expose new fucntion and device driver and arch

"is to expose the new function. Device driver and arch"

> code may update AVIC backing page ALLOWED_IRR field to

s/update AVIC/update the AVIC/

> allow Hyper-V inject associated vector.

s/Hyper-V inject associated/Hyper-V to inject the associated/

> 
> This patchset is based on the AMD patchset "AMD: Add
> Secure AVIC Guest Support"
> https://lkml.org/lkml/2025/4/17/585
> 
> Tianyu Lan (6):
>   x86/Hyper-V: Not use hv apic driver when Secure AVIC is available
>   x86/x2apic-savic: Expose x2apic_savic_update_vector()
>   drivers/hv: Allow vmbus message synic interrupt injected from Hyper-V
>   x86/Hyper-V: Allow Hyper-V to inject Hyper-V vectors
>   x86/Hyper-V: Not use auto-eoi when Secure AVIC is available
>   x86/x2apic-savic: Not set APIC backing page if Secure AVIC is not
>     enabled.
> 
>  arch/x86/hyperv/hv_apic.c           |  3 +++
>  arch/x86/hyperv/hv_init.c           | 12 ++++++++++++
>  arch/x86/include/asm/apic.h         |  9 +++++++++
>  arch/x86/kernel/apic/x2apic_savic.c | 13 ++++++++++++-
>  arch/x86/kernel/cpu/mshyperv.c      |  3 +++
>  drivers/hv/hv.c                     |  2 ++
>  6 files changed, 41 insertions(+), 1 deletion(-)
> 
> --
> 2.25.1
> 

RE: [RFC PATCH 1/6] x86/Hyper-V: Not use hv apic driver when Secure AVIC is available

[Michael Kelley]

From: Tianyu Lan <ltykernel@gmail.com> Sent: Tuesday, May 6, 2025 6:07 AM
> 

Suggested Subject line:

x86/hyperv: Don't use hv apic driver when Secure AVIC is available

> When Secure AVIC is available, AMD x2apic Secure
> AVIC driver should be selected and return directly
> in the hv_apic_init().

Suggested wording:

When Secure AVIC is available, the AMD x2apic Secure AVIC
driver will be selected. So skip initialization of the
Hyper-V apic driver.

> 
> Signed-off-by: Tianyu Lan <tiala@microsoft.com>
> ---
>  arch/x86/hyperv/hv_apic.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/arch/x86/hyperv/hv_apic.c b/arch/x86/hyperv/hv_apic.c
> index 6d91ac5f9836..bd8f83923305 100644
> --- a/arch/x86/hyperv/hv_apic.c
> +++ b/arch/x86/hyperv/hv_apic.c
> @@ -292,6 +292,9 @@ static void hv_send_ipi_self(int vector)
> 
>  void __init hv_apic_init(void)
>  {
> +	if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
> +		return;
> +
>  	if (ms_hyperv.hints & HV_X64_CLUSTER_IPI_RECOMMENDED) {
>  		pr_info("Hyper-V: Using IPI hypercalls\n");
>  		/*

It seems like this patch will cause a bisect problem if a bisect includes
this patch but none of the subsequent patches in this series. The
Hyper-V guest VM could see Secure AVIC is enabled, but the VM
wouldn't boot because the code to allow Hyper-V to inject an interrupt
haven't been added yet.

This patch probably should come later in the patch series after Secure
AVIC can be functional in a Hyper-V guest.

Michael

RE: [RFC PATCH 4/6] x86/Hyper-V: Allow Hyper-V to inject Hyper-V vectors

[Michael Kelley]

From: Tianyu Lan <ltykernel@gmail.com> Sent: Tuesday, May 6, 2025 6:07 AM
> 

Update Subject prefix to "x86/hyperv".

> When Secure AVIC is enabled, call Secure AVIC
> function to allow Hyper-V to inject REENLIGHTENMENT,
> STIMER0 and CALLBACK vectors.
> 
> Signed-off-by: Tianyu Lan <tiala@microsoft.com>
> ---
>  arch/x86/hyperv/hv_init.c | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c
> index ddeb40930bc8..d75df5c3965d 100644
> --- a/arch/x86/hyperv/hv_init.c
> +++ b/arch/x86/hyperv/hv_init.c
> @@ -131,6 +131,18 @@ static int hv_cpu_init(unsigned int cpu)
>  		wrmsrl(HV_X64_MSR_VP_ASSIST_PAGE, msr.as_uint64);
>  	}
> 
> +	/* Allow Hyper-V vector to be injected from Hypervisor. */
> +	if (ms_hyperv.features & HV_ACCESS_REENLIGHTENMENT)
> +		x2apic_savic_update_vector(cpu,
> +					   HYPERV_REENLIGHTENMENT_VECTOR, true);

This will allow Hyper-V to submit the re-enlightenment interrupt on
any vCPU, even though the Linux guest has programmed the interrupt
to only arrive to a particular vCPU.  That selected vCPU is set up in
set_hv_tscchange_cb(), and maintained in clear_hv_tscchange_cb()
and in hv_cpu_die(). I'm not super familiar with the re-enlightenment
code, but I don't see a problem if Hyper-V sends the interrupt on an
unexpected vCPU.  So it's probably OK to enable this interrupt vector
on all vCPUs.

> +
> +	if (ms_hyperv.misc_features & HV_STIMER_DIRECT_MODE_AVAILABLE)
> +		x2apic_savic_update_vector(cpu,
> +					   HYPERV_STIMER0_VECTOR, true);
> +
> +	x2apic_savic_update_vector(cpu, HYPERVISOR_CALLBACK_VECTOR, true);

This is redundant with Patch 3 of your patch set. In Patch 3, vmbus_interrupt
is set to HYPERVISOR_CALLBACK_VECTOR.

> +
> +
>  	return hyperv_init_ghcb();
>  }
> 
> --
> 2.25.1
> 

RE: [RFC PATCH 5/6] x86/Hyper-V: Not use auto-eoi when Secure AVIC is available

[Michael Kelley]

From: Tianyu Lan <ltykernel@gmail.com> Sent: Tuesday, May 6, 2025 6:07 AM
> 

For the patch Subject, use:

x86/hyperv: Don't use auto-EOI when Secure AVIC is available

> Hyper-V doesn't support auto-eoi with Secure AVIC.
> So Enable HV_DEPRECATING_AEOI_RECOMMENDED flag

s/Enable/enable/
> to force to write eoi register after handling interrupt.

"to force writing the EOI register after handling an interrupt."

> 
> Signed-off-by: Tianyu Lan <tiala@microsoft.com>
> ---
>  arch/x86/kernel/cpu/mshyperv.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
> index 3e2533954675..fbe45b5e9790 100644
> --- a/arch/x86/kernel/cpu/mshyperv.c
> +++ b/arch/x86/kernel/cpu/mshyperv.c
> @@ -463,6 +463,9 @@ static void __init ms_hyperv_init_platform(void)
> 
>  	hv_identify_partition_type();
> 
> +	if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
> +		ms_hyperv.hints |= HV_DEPRECATING_AEOI_RECOMMENDED;
> +

Shouldn't Hyper-V already be setting this flag if it is offering Secure AVIC
to guests? I guess it doesn't hurt to do this in the Linux code, but it seems
like it should be Hyper-V's responsibility.

Michael

>  	if (ms_hyperv.hints & HV_X64_HYPERV_NESTED) {
>  		hv_nested = true;
>  		pr_info("Hyper-V: running on a nested hypervisor\n");
> --
> 2.25.1
> 

Re: [RFC PATCH 0/6] x86/Hyper-V: Add AMD Secure AVIC for Hyper-V platform

[Tianyu Lan]

On Thu, May 15, 2025 at 12:54 AM Michael Kelley <mhklinux@outlook.com> wrote:
>
> From: Tianyu Lan <ltykernel@gmail.com> Sent: Tuesday, May 6, 2025 6:07 AM
> >
>
> For consistency with other patches, use "x86/hyperv" as the Subject prefix.
> I'd suggest being slightly more precise and saying "Hyper-V guests" instead
> of "Hyper-V platform". So,
>
> x86/hyperv: Add AMD Secure AVIC support for Hyper-V guests
>
Hi Michael:
       Thanks for your review.  Good idea ! Will update in the next version.

> > Secure AVIC is a new hardware feature in the AMD64
> > architecture to allow SEV-SNP guests to prevent the
> > hypervisor from generating unexpected interrupts to
> > a vCPU or otherwise violate architectural assumptions
> > around APIC behavior.
> >
> > Each vCPU has a guest-allocated APIC backing page of
> > size 4K, which maintains APIC state for that vCPU.
> > APIC backing page's ALLOWED_IRR field indicates the
>
> s/APIC backing/The APIC backing/
>
> > interrupt vectors which the guest allows the hypervisor
> > to send.
> >
> > This patchset is to enable the feature for Hyper-V
> > platform. Patch "Expose x2apic_savic_update_vector()"
>
> s/platform/guests/
>
> > is to expose new fucntion and device driver and arch
>
> "is to expose the new function. Device driver and arch"
>
> > code may update AVIC backing page ALLOWED_IRR field to
>
> s/update AVIC/update the AVIC/
>
> > allow Hyper-V inject associated vector.
>
> s/Hyper-V inject associated/Hyper-V to inject the associated/
>
> >
> > This patchset is based on the AMD patchset "AMD: Add
> > Secure AVIC Guest Support"
> > https://lkml.org/lkml/2025/4/17/585
> >
> > Tianyu Lan (6):
> >   x86/Hyper-V: Not use hv apic driver when Secure AVIC is available
> >   x86/x2apic-savic: Expose x2apic_savic_update_vector()
> >   drivers/hv: Allow vmbus message synic interrupt injected from Hyper-V
> >   x86/Hyper-V: Allow Hyper-V to inject Hyper-V vectors
> >   x86/Hyper-V: Not use auto-eoi when Secure AVIC is available
> >   x86/x2apic-savic: Not set APIC backing page if Secure AVIC is not
> >     enabled.
> >
> >  arch/x86/hyperv/hv_apic.c           |  3 +++
> >  arch/x86/hyperv/hv_init.c           | 12 ++++++++++++
> >  arch/x86/include/asm/apic.h         |  9 +++++++++
> >  arch/x86/kernel/apic/x2apic_savic.c | 13 ++++++++++++-
> >  arch/x86/kernel/cpu/mshyperv.c      |  3 +++
> >  drivers/hv/hv.c                     |  2 ++
> >  6 files changed, 41 insertions(+), 1 deletion(-)
> >
> > --
> > 2.25.1
> >
>


-- 
Thanks
Tianyu Lan

Re: [RFC PATCH 1/6] x86/Hyper-V: Not use hv apic driver when Secure AVIC is available

[Tianyu Lan]

On Thu, May 15, 2025 at 12:54 AM Michael Kelley <mhklinux@outlook.com> wrote:
>
> From: Tianyu Lan <ltykernel@gmail.com> Sent: Tuesday, May 6, 2025 6:07 AM
> >
> >  void __init hv_apic_init(void)
> >  {
> > +     if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
> > +             return;
> > +
> >       if (ms_hyperv.hints & HV_X64_CLUSTER_IPI_RECOMMENDED) {
> >               pr_info("Hyper-V: Using IPI hypercalls\n");
> >               /*
>
> It seems like this patch will cause a bisect problem if a bisect includes
> this patch but none of the subsequent patches in this series. The
> Hyper-V guest VM could see Secure AVIC is enabled, but the VM
> wouldn't boot because the code to allow Hyper-V to inject an interrupt
> haven't been added yet.
>
> This patch probably should come later in the patch series after Secure
> AVIC can be functional in a Hyper-V guest.
>

Good idea! Will rework patch order.

-- 
Thanks
Tianyu Lan

Re: [RFC PATCH 4/6] x86/Hyper-V: Allow Hyper-V to inject Hyper-V vectors

[Tianyu Lan]

On Thu, May 15, 2025 at 12:54 AM Michael Kelley <mhklinux@outlook.com> wrote:
>
> From: Tianyu Lan <ltykernel@gmail.com> Sent: Tuesday, May 6, 2025 6:07 AM
> >
>
> Update Subject prefix to "x86/hyperv".
>
> > When Secure AVIC is enabled, call Secure AVIC
> > function to allow Hyper-V to inject REENLIGHTENMENT,
> > STIMER0 and CALLBACK vectors.
> >
> > Signed-off-by: Tianyu Lan <tiala@microsoft.com>
> > ---
> >  arch/x86/hyperv/hv_init.c | 12 ++++++++++++
> >  1 file changed, 12 insertions(+)
> >
> > diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c
> > index ddeb40930bc8..d75df5c3965d 100644
> > --- a/arch/x86/hyperv/hv_init.c
> > +++ b/arch/x86/hyperv/hv_init.c
> > @@ -131,6 +131,18 @@ static int hv_cpu_init(unsigned int cpu)
> >               wrmsrl(HV_X64_MSR_VP_ASSIST_PAGE, msr.as_uint64);
> >       }
> >
> > +     /* Allow Hyper-V vector to be injected from Hypervisor. */
> > +     if (ms_hyperv.features & HV_ACCESS_REENLIGHTENMENT)
> > +             x2apic_savic_update_vector(cpu,
> > +                                        HYPERV_REENLIGHTENMENT_VECTOR, true);
>
> This will allow Hyper-V to submit the re-enlightenment interrupt on
> any vCPU, even though the Linux guest has programmed the interrupt
> to only arrive to a particular vCPU.  That selected vCPU is set up in
> set_hv_tscchange_cb(), and maintained in clear_hv_tscchange_cb()
> and in hv_cpu_die(). I'm not super familiar with the re-enlightenment
> code, but I don't see a problem if Hyper-V sends the interrupt on an
> unexpected vCPU.  So it's probably OK to enable this interrupt vector
> on all vCPUs.
>
Yes, I will double check it. Thanks for suggestion..
--
Thanks
Tianyu Lan

Re: [RFC PATCH 5/6] x86/Hyper-V: Not use auto-eoi when Secure AVIC is available

[Tianyu Lan]

On Thu, May 15, 2025 at 12:54 AM Michael Kelley <mhklinux@outlook.com> wrote:
>
> From: Tianyu Lan <ltykernel@gmail.com> Sent: Tuesday, May 6, 2025 6:07 AM
> >
>
> For the patch Subject, use:
>
> x86/hyperv: Don't use auto-EOI when Secure AVIC is available
>
> > Hyper-V doesn't support auto-eoi with Secure AVIC.
> > So Enable HV_DEPRECATING_AEOI_RECOMMENDED flag
>
> s/Enable/enable/
> > to force to write eoi register after handling interrupt.
>
> "to force writing the EOI register after handling an interrupt."
>
> >
> > Signed-off-by: Tianyu Lan <tiala@microsoft.com>
> > ---
> >  arch/x86/kernel/cpu/mshyperv.c | 3 +++
> >  1 file changed, 3 insertions(+)
> >
> > diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
> > index 3e2533954675..fbe45b5e9790 100644
> > --- a/arch/x86/kernel/cpu/mshyperv.c
> > +++ b/arch/x86/kernel/cpu/mshyperv.c
> > @@ -463,6 +463,9 @@ static void __init ms_hyperv_init_platform(void)
> >
> >       hv_identify_partition_type();
> >
> > +     if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
> > +             ms_hyperv.hints |= HV_DEPRECATING_AEOI_RECOMMENDED;
> > +
>
> Shouldn't Hyper-V already be setting this flag if it is offering Secure AVIC
> to guests? I guess it doesn't hurt to do this in the Linux code, but it seems
> like it should be Hyper-V's responsibility.
>

OK. I will double check from OpenHCL side.



-- 
Thanks
Tianyu Lan

Re: [RFC PATCH 6/6] x86/x2apic-savic: Not set APIC backing page if Secure AVIC is not enabled.

[Tianyu Lan]

On Wed, May 7, 2025 at 12:03 PM Neeraj Upadhyay <Neeraj.Upadhyay@amd.com> wrote:
>
>
>
> On 5/6/2025 6:37 PM, Tianyu Lan wrote:
> > From: Tianyu Lan <tiala@microsoft.com>
> >
> > When Secure AVIC is not enabled, init_apic_page()
> > should return directly.
> >
> > Signed-off-by: Tianyu Lan <tiala@microsoft.com>
> > ---
> >  arch/x86/kernel/apic/x2apic_savic.c | 3 +++
> >  1 file changed, 3 insertions(+)
> >
> > diff --git a/arch/x86/kernel/apic/x2apic_savic.c b/arch/x86/kernel/apic/x2apic_savic.c
> > index 0dd7e39931b0..fb09c0f9e276 100644
> > --- a/arch/x86/kernel/apic/x2apic_savic.c
> > +++ b/arch/x86/kernel/apic/x2apic_savic.c
> > @@ -333,6 +333,9 @@ static void init_apic_page(void)
> >  {
> >       u32 apic_id;
> >
> > +     if (!cc_platform_has(CC_ATTR_SNP_SECURE_AVIC))
> > +             return;
> > +
> >       /*
>
> Why is this change needed? init_apic_page() is only called from Secure AVIC driver's
> setup() callback. savic_probe() already does this check. So, if this check fails during
> savic_probe(), Secure AVIC apic driver won't be selected as apic driver and it's setup
> callback will never get invoked.
>
>
Hi Neeraj:
       Thanks for your review. Agree. Will remove it.


--
Thanks
Tianyu Lan