From: "Upadhyay, Neeraj" <neeraj.upadhyay@amd.com>
To: Borislav Petkov <bp@alien8.de>
Cc: linux-kernel@vger.kernel.org, tglx@linutronix.de,
mingo@redhat.com, dave.hansen@linux.intel.com,
Thomas.Lendacky@amd.com, nikunj@amd.com, Santosh.Shukla@amd.com,
Vasant.Hegde@amd.com, Suravee.Suthikulpanit@amd.com,
David.Kaplan@amd.com, x86@kernel.org, hpa@zytor.com,
peterz@infradead.org, seanjc@google.com, pbonzini@redhat.com,
kvm@vger.kernel.org, kirill.shutemov@linux.intel.com,
huibo.wang@amd.com, naveen.rao@amd.com,
francescolavra.fl@gmail.com, tiala@microsoft.com
Subject: Re: [PATCH v9 09/18] x86/sev: Initialize VGIF for secondary VCPUs for Secure AVIC
Date: Mon, 25 Aug 2025 11:55:44 +0530 [thread overview]
Message-ID: <a91b5470-33a0-4a23-ac1a-a7f1d4559cc1@amd.com> (raw)
In-Reply-To: <20250822172820.GSaKiotPxNu-H9rYve@fat_crate.local>
On 8/22/2025 10:58 PM, Borislav Petkov wrote:
> On Mon, Aug 11, 2025 at 03:14:35PM +0530, Neeraj Upadhyay wrote:
>> Subject: Re: [PATCH v9 09/18] x86/sev: Initialize VGIF for secondary VCPUs for Secure AVIC
>
> "vCPU"
>
Ok
>> From: Kishon Vijay Abraham I <kvijayab@amd.com>
>>
>> Secure AVIC requires VGIF to be configured in VMSA. Configure
>
> Please explain in one sentence here for the unenlightened among us what VGIF
> is.
>
Ok. Below is the updated description:
Virtual GIF (VGIF) providing masking capability for when virtual
interrupts (virtual maskable interrupts, virtual NMIs) can be taken by
the guest vCPU. Secure AVIC hardware reads VGIF state from the vCPU's
VMSA. So, set VGIF for secondary CPUs (the configuration for boot CPU is
done by the hypervisor), to unmask delivery of virtual interrupts to
the vCPU.
> Also, I can't find anyhwere in the APM the requirement that SAVIC requires
> VGIF. Do we need to document it?
>
I also don't see an explicit mention. I will check on documenting it in
the APM. However, there are references to virtual interrupts (V_NMI,
V_INTR) (which requires VGIF support) and VGIF in terms of functional
usage in below sections of volume 2. In addition, as event injection is
not supported (EventInjCtlr field in the VMCB is ignored), virtual NMI
is required for NMI injection from host to guest.
"15.36.21.2 VMRUN and #VMEXIT
...
The interrupt control information loaded from the VMCB and VMSA for
Secure AVIC mode operation is the same as the information loaded in
Alternate Injection mode. "
Alternate injection section talks about the interrupt controls:
"15.36.16 Interrupt Injection Restrictions
When Alternate Injection is enabled, the EventInjCtlr field in the VMCB
(offset A8h) is ignored on VMRUN. The VIntrCtrl field in the VMCB
(offset 60h) is processed, but only the V_INTR_MASKING, Virtual GIF
Mode, and AVIC Enable bits are used.
...
The remaining fields of VIntrCtrl (V_TPR, V_IRQ, VGIF, V_INTR_PRIO,
V_IGN_TPR, V_INTR_VECTOR, V_NMI, V_NMI_MASK, V_NMI_EN) are read from the
VMSA."
- Neeraj
next prev parent reply other threads:[~2025-08-25 6:25 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-11 9:44 [PATCH v9 00/18] AMD: Add Secure AVIC Guest Support Neeraj Upadhyay
2025-08-11 9:44 ` [PATCH v9 01/18] x86/apic: Add new driver for Secure AVIC Neeraj Upadhyay
2025-08-11 9:44 ` [PATCH v9 02/18] x86/apic: Initialize Secure AVIC APIC backing page Neeraj Upadhyay
2025-08-15 10:25 ` Borislav Petkov
2025-08-15 13:16 ` Upadhyay, Neeraj
2025-08-15 21:05 ` Borislav Petkov
2025-08-11 9:44 ` [PATCH v9 03/18] x86/apic: Populate .read()/.write() callbacks of Secure AVIC driver Neeraj Upadhyay
2025-08-18 11:26 ` Borislav Petkov
2025-08-19 4:15 ` Upadhyay, Neeraj
2025-08-19 14:32 ` Borislav Petkov
2025-08-20 3:33 ` Upadhyay, Neeraj
2025-08-11 9:44 ` [PATCH v9 04/18] x86/apic: Initialize APIC ID for Secure AVIC Neeraj Upadhyay
2025-08-19 21:53 ` Borislav Petkov
2025-08-20 3:34 ` Upadhyay, Neeraj
2025-08-11 9:44 ` [PATCH v9 05/18] x86/apic: Add update_vector() callback for apic drivers Neeraj Upadhyay
2025-08-19 21:59 ` Borislav Petkov
2025-08-20 3:36 ` Upadhyay, Neeraj
2025-08-25 14:49 ` Borislav Petkov
2025-08-26 4:06 ` Upadhyay, Neeraj
2025-08-26 13:25 ` Borislav Petkov
2025-08-11 9:44 ` [PATCH v9 06/18] x86/apic: Add update_vector() callback for Secure AVIC Neeraj Upadhyay
2025-08-11 9:44 ` [PATCH v9 07/18] x86/apic: Add support to send IPI " Neeraj Upadhyay
2025-08-20 15:46 ` Borislav Petkov
2025-08-21 5:27 ` Upadhyay, Neeraj
2025-08-22 17:14 ` Borislav Petkov
2025-08-23 4:20 ` Upadhyay, Neeraj
2025-08-11 9:44 ` [PATCH v9 08/18] x86/apic: Support LAPIC timer " Neeraj Upadhyay
2025-08-11 9:44 ` [PATCH v9 09/18] x86/sev: Initialize VGIF for secondary VCPUs " Neeraj Upadhyay
2025-08-22 17:28 ` Borislav Petkov
2025-08-25 6:25 ` Upadhyay, Neeraj [this message]
2025-08-25 14:53 ` Borislav Petkov
2025-08-11 9:44 ` [PATCH v9 10/18] x86/apic: Add support to send NMI IPI " Neeraj Upadhyay
2025-08-25 15:06 ` Borislav Petkov
2025-08-11 9:44 ` [PATCH v9 11/18] x86/apic: Allow NMI to be injected from hypervisor " Neeraj Upadhyay
2025-08-25 15:20 ` Borislav Petkov
2025-08-11 9:44 ` [PATCH v9 12/18] x86/sev: Enable NMI support " Neeraj Upadhyay
2025-08-11 9:44 ` [PATCH v9 13/18] x86/apic: Read and write LVT* APIC registers from HV for SAVIC guests Neeraj Upadhyay
2025-08-11 9:44 ` [PATCH v9 14/18] x86/apic: Handle EOI writes for Secure AVIC guests Neeraj Upadhyay
2025-08-11 9:44 ` [PATCH v9 15/18] x86/apic: Add kexec support for Secure AVIC Neeraj Upadhyay
2025-08-11 9:44 ` [PATCH v9 16/18] x86/apic: Enable Secure AVIC in Control MSR Neeraj Upadhyay
2025-08-25 15:54 ` Borislav Petkov
2025-08-11 9:44 ` [PATCH v9 17/18] x86/sev: Prevent SECURE_AVIC_CONTROL MSR interception for Secure AVIC guests Neeraj Upadhyay
2025-08-25 16:28 ` Borislav Petkov
2025-08-11 9:44 ` [PATCH v9 18/18] x86/sev: Indicate SEV-SNP guest supports Secure AVIC Neeraj Upadhyay
2025-08-25 16:02 ` [PATCH v9 00/18] AMD: Add Secure AVIC Guest Support Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a91b5470-33a0-4a23-ac1a-a7f1d4559cc1@amd.com \
--to=neeraj.upadhyay@amd.com \
--cc=David.Kaplan@amd.com \
--cc=Santosh.Shukla@amd.com \
--cc=Suravee.Suthikulpanit@amd.com \
--cc=Thomas.Lendacky@amd.com \
--cc=Vasant.Hegde@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=francescolavra.fl@gmail.com \
--cc=hpa@zytor.com \
--cc=huibo.wang@amd.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=naveen.rao@amd.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tiala@microsoft.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).