From: Thomas Gleixner <tglx@linutronix.de>
To: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>, linux-kernel@vger.kernel.org
Cc: bp@alien8.de, mingo@redhat.com, dave.hansen@linux.intel.com,
Thomas.Lendacky@amd.com, nikunj@amd.com, Santosh.Shukla@amd.com,
Vasant.Hegde@amd.com, Suravee.Suthikulpanit@amd.com,
David.Kaplan@amd.com, x86@kernel.org, hpa@zytor.com,
peterz@infradead.org, seanjc@google.com, pbonzini@redhat.com,
kvm@vger.kernel.org, kirill.shutemov@linux.intel.com,
huibo.wang@amd.com, naveen.rao@amd.com
Subject: Re: [RFC v2 05/17] x86/apic: Add update_vector callback for Secure AVIC
Date: Fri, 21 Mar 2025 15:27:08 +0100 [thread overview]
Message-ID: <87jz8i31dv.ffs@tglx> (raw)
In-Reply-To: <20250226090525.231882-6-Neeraj.Upadhyay@amd.com>
On Wed, Feb 26 2025 at 14:35, Neeraj Upadhyay wrote:
> Add update_vector callback to set/clear ALLOWED_IRR field in
> the APIC backing page. The ALLOWED_IRR field indicates the
> interrupt vectors which the guest allows the hypervisor to
> send (typically for emulated devices). Interrupt vectors used
> exclusively by the guest itself (like IPI vectors) should not
> be allowed to be injected into the guest for security reasons.
> The update_vector callback is invoked from APIC vector domain
> whenever a vector is allocated, freed or moved.
Your changelog tells a lot about the WHAT. Please read and follow the
documentation, which describes how a change log should be structured.
https://www.kernel.org/doc/html/latest/process/maintainer-tip.html#changelog
> diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c
> index 72fa4bb78f0a..e0c9505e05f8 100644
> --- a/arch/x86/kernel/apic/vector.c
> +++ b/arch/x86/kernel/apic/vector.c
> @@ -174,6 +174,8 @@ static void apic_update_vector(struct irq_data *irqd, unsigned int newvec,
> apicd->prev_cpu = apicd->cpu;
> WARN_ON_ONCE(apicd->cpu == newcpu);
> } else {
> + if (apic->update_vector)
> + apic->update_vector(apicd->cpu, apicd->vector, false);
> irq_matrix_free(vector_matrix, apicd->cpu, apicd->vector,
> managed);
> }
> @@ -183,6 +185,8 @@ static void apic_update_vector(struct irq_data *irqd, unsigned int newvec,
> apicd->cpu = newcpu;
> BUG_ON(!IS_ERR_OR_NULL(per_cpu(vector_irq, newcpu)[newvec]));
> per_cpu(vector_irq, newcpu)[newvec] = desc;
> + if (apic->update_vector)
> + apic->update_vector(apicd->cpu, apicd->vector, true);
A trivial
static inline void apic_update_vector(....)
{
if (apic->update_vector)
....
}
would be too easy to read and add not enough line count, right?
> static void vector_assign_managed_shutdown(struct irq_data *irqd)
> @@ -528,11 +532,15 @@ static bool vector_configure_legacy(unsigned int virq, struct irq_data *irqd,
> if (irqd_is_activated(irqd)) {
> trace_vector_setup(virq, true, 0);
> apic_update_irq_cfg(irqd, apicd->vector, apicd->cpu);
> + if (apic->update_vector)
> + apic->update_vector(apicd->cpu, apicd->vector, true);
> } else {
> /* Release the vector */
> apicd->can_reserve = true;
> irqd_set_can_reserve(irqd);
> clear_irq_vector(irqd);
> + if (apic->update_vector)
> + apic->update_vector(apicd->cpu, apicd->vector, false);
> realloc = true;
This is as incomplete as it gets. None of the other code paths which
invoke clear_irq_vector() nor those which invoke free_moved_vector() are
mopping up the leftovers in the backing page.
And no, you don't sprinkle this nonsense all over the call sites. There
is only a very limited number of functions which are involed in setting
up and tearing down a vector. Doing this at the call sites is a
guarantee for missing out as you demonstrated.
> +#define VEC_POS(v) ((v) & (32 - 1))
> +#define REG_POS(v) (((v) >> 5) << 4)
This is unreadable, undocumented and incomprehensible garbage.
> static DEFINE_PER_CPU(void *, apic_backing_page);
>
> struct apic_id_node {
> @@ -192,6 +195,22 @@ static void x2apic_savic_send_IPI_mask_allbutself(const struct cpumask *mask, in
> __send_IPI_mask(mask, vector, APIC_DEST_ALLBUT);
> }
>
> +static void x2apic_savic_update_vector(unsigned int cpu, unsigned int vector, bool set)
> +{
> + void *backing_page;
> + unsigned long *reg;
> + int reg_off;
> +
> + backing_page = per_cpu(apic_backing_page, cpu);
> + reg_off = SAVIC_ALLOWED_IRR_OFFSET + REG_POS(vector);
> + reg = (unsigned long *)((char *)backing_page + reg_off);
> +
> + if (set)
> + test_and_set_bit(VEC_POS(vector), reg);
> + else
> + test_and_clear_bit(VEC_POS(vector), reg);
> +}
What's the test_and_ for if you ignore the return value anyway?
Als I have no idea what SAVIC_ALLOWED_IRR_OFFSET means. Whether it's
something from the datashit or a made up thing does not matter. It's
patently non-informative.
Again:
struct apic_page {
union {
u32 regs[NR_APIC_REGS];
u8 bytes[PAGE_SIZE];
};
};
struct apic_page *ap = this_cpu_ptr(apic_page);
unsigned long *sirr;
/*
* apic_page.regs[SAVIC_ALLOWED_IRR_OFFSET...] is an array of
* consecutive 32-bit registers, which represents a vector bitmap.
*/
sirr = (unsigned long *) &ap->regs[SAVIC_ALLOWED_IRR_OFFSET];
if (set)
set_bit(sirr, vector);
else
clear_bit(sirr, vector);
See how code suddenly becomes self explaining, obvious and
comprehensible?
Thanks,
tglx
next prev parent reply other threads:[~2025-03-21 14:27 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-26 9:05 [RFC v2 00/17] AMD: Add Secure AVIC Guest Support Neeraj Upadhyay
2025-02-26 9:05 ` [RFC v2 01/17] x86/apic: Add new driver for Secure AVIC Neeraj Upadhyay
2025-03-20 15:51 ` Borislav Petkov
2025-03-21 3:44 ` Neeraj Upadhyay
2025-03-21 13:55 ` Borislav Petkov
2025-03-21 16:09 ` Neeraj Upadhyay
2025-03-21 17:11 ` Borislav Petkov
2025-04-01 5:12 ` Neeraj Upadhyay
2025-04-02 9:47 ` Borislav Petkov
2025-04-02 10:34 ` Neeraj Upadhyay
2025-04-07 13:17 ` Borislav Petkov
2025-04-07 16:17 ` Neeraj Upadhyay
2025-03-21 12:44 ` Thomas Gleixner
2025-03-21 13:52 ` Borislav Petkov
2025-03-21 12:53 ` Thomas Gleixner
2025-03-21 13:25 ` Neeraj Upadhyay
2025-02-26 9:05 ` [RFC v2 02/17] x86/apic: Initialize Secure AVIC APIC backing page Neeraj Upadhyay
2025-03-21 13:08 ` Thomas Gleixner
2025-03-21 13:49 ` Neeraj Upadhyay
2025-03-21 16:32 ` Francesco Lavra
2025-03-21 17:00 ` Neeraj Upadhyay
2025-02-26 9:05 ` [RFC v2 03/17] x86/apic: Populate .read()/.write() callbacks of Secure AVIC driver Neeraj Upadhyay
2025-03-21 13:38 ` Thomas Gleixner
2025-03-21 14:00 ` Neeraj Upadhyay
2025-02-26 9:05 ` [RFC v2 04/17] x86/apic: Initialize APIC ID for Secure AVIC Neeraj Upadhyay
2025-03-21 13:52 ` Thomas Gleixner
2025-03-21 15:11 ` Neeraj Upadhyay
2025-02-26 9:05 ` [RFC v2 05/17] x86/apic: Add update_vector callback " Neeraj Upadhyay
2025-03-21 14:27 ` Thomas Gleixner [this message]
2025-03-21 15:35 ` Neeraj Upadhyay
2025-03-25 12:10 ` Neeraj Upadhyay
2025-03-27 10:27 ` Thomas Gleixner
2025-03-27 11:17 ` Neeraj Upadhyay
2025-03-27 12:18 ` Thomas Gleixner
2025-03-27 12:30 ` Neeraj Upadhyay
2025-02-26 9:05 ` [RFC v2 06/17] x86/apic: Add support to send IPI " Neeraj Upadhyay
2025-03-21 15:06 ` Thomas Gleixner
2025-04-01 10:25 ` Neeraj Upadhyay
2025-02-26 9:05 ` [RFC v2 07/17] x86/apic: Support LAPIC timer " Neeraj Upadhyay
2025-02-26 9:05 ` [RFC v2 08/17] x86/sev: Initialize VGIF for secondary VCPUs " Neeraj Upadhyay
2025-02-26 9:05 ` [RFC v2 09/17] x86/apic: Add support to send NMI IPI " Neeraj Upadhyay
2025-02-26 9:05 ` [RFC v2 10/17] x86/apic: Allow NMI to be injected from hypervisor " Neeraj Upadhyay
2025-02-26 9:05 ` [RFC v2 11/17] x86/sev: Enable NMI support " Neeraj Upadhyay
2025-02-26 9:05 ` [RFC v2 12/17] x86/apic: Read and write LVT* APIC registers from HV for SAVIC guests Neeraj Upadhyay
2025-02-26 9:05 ` [RFC v2 13/17] x86/apic: Handle EOI writes " Neeraj Upadhyay
2025-03-21 15:41 ` Thomas Gleixner
2025-03-21 17:11 ` Sean Christopherson
2025-03-27 10:48 ` Thomas Gleixner
2025-03-27 12:20 ` Thomas Gleixner
2025-03-27 14:19 ` Sean Christopherson
2025-03-27 16:54 ` Thomas Gleixner
2025-02-26 9:05 ` [RFC v2 14/17] x86/apic: Add kexec support for Secure AVIC Neeraj Upadhyay
2025-03-21 15:48 ` Thomas Gleixner
2025-04-01 10:35 ` Neeraj Upadhyay
2025-04-01 18:31 ` Thomas Gleixner
2025-04-02 2:40 ` Neeraj Upadhyay
2025-02-26 9:05 ` [RFC v2 15/17] x86/apic: Enable Secure AVIC in Control MSR Neeraj Upadhyay
2025-02-26 9:05 ` [RFC v2 16/17] x86/sev: Prevent SECURE_AVIC_CONTROL MSR interception for Secure AVIC guests Neeraj Upadhyay
2025-02-26 9:05 ` [RFC v2 17/17] x86/sev: Indicate SEV-SNP guest supports Secure AVIC Neeraj Upadhyay
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87jz8i31dv.ffs@tglx \
--to=tglx@linutronix.de \
--cc=David.Kaplan@amd.com \
--cc=Neeraj.Upadhyay@amd.com \
--cc=Santosh.Shukla@amd.com \
--cc=Suravee.Suthikulpanit@amd.com \
--cc=Thomas.Lendacky@amd.com \
--cc=Vasant.Hegde@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=huibo.wang@amd.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=naveen.rao@amd.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=seanjc@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox