git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
	Thu, 28 Aug 2025 07:03:18 +0000 (12:33 +0530)
committer	Borislav Petkov (AMD) <bp@alien8.de>
	Sun, 31 Aug 2025 19:59:07 +0000 (21:59 +0200)
commit	b8c3c9f5d0505905e21c03731d1665c67053b47e
tree	4e2bdf81428a3b5acf7ed7f4589ebf7c901bd2dc	tree \| snapshot
parent	30c2b98aa84c76f2ae60e66dd4ec2d9497713359	commit \| diff

x86/apic: Initialize Secure AVIC APIC backing page

With Secure AVIC, the APIC backing page is owned and managed by the guest.
Allocate and initialize APIC backing page for all guest CPUs.

The NPT entry for a vCPU's APIC backing page must always be present when the
vCPU is running in order for Secure AVIC to function. A VMEXIT_BUSY is
returned on VMRUN and the vCPU cannot be resumed otherwise.

To handle this, notify GPA of the vCPU's APIC backing page to the hypervisor
by using the SVM_VMGEXIT_SECURE_AVIC GHCB protocol event. Before executing
VMRUN, the hypervisor makes use of this information to make sure the APIC
backing page is mapped in the NPT.

[ bp: Massage commit message. ]

Co-developed-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Tianyu Lan <tiala@microsoft.com>
Link: https://lore.kernel.org/20250828070334.208401-3-Neeraj.Upadhyay@amd.com

arch/x86/coco/sev/core.c		diff \| blob \| blame \| history
arch/x86/include/asm/apic.h		diff \| blob \| blame \| history
arch/x86/include/asm/sev.h		diff \| blob \| blame \| history
arch/x86/include/uapi/asm/svm.h		diff \| blob \| blame \| history
arch/x86/kernel/apic/apic.c		diff \| blob \| blame \| history
arch/x86/kernel/apic/x2apic_savic.c		diff \| blob \| blame \| history