On Fri, Jun 20, 2025 at 10:17 AM Michael Kelley <[email protected]> wrote: > > From: Tianyu Lan <[email protected]> Sent: Friday, June 13, 2025 4:08 AM > > > > Secure AVIC is a new hardware feature in the AMD64 > > architecture to allow SEV-SNP guests to prevent the > > hypervisor from generating unexpected interrupts to > > a vCPU or otherwise violate architectural assumptions > > around APIC behavior. > > > > Each vCPU has a guest-allocated APIC backing page of > > size 4K, which maintains APIC state for that vCPU. > > APIC backing page's ALLOWED_IRR field indicates the > > interrupt vectors which the guest allows the hypervisor > > to send. > > > > This patchset is to enable the feature for Hyper-V > > platform. Patch "Expose x2apic_savic_update_vector()" > > is to expose new fucntion and device driver and arch > > code may update AVIC backing page ALLOWED_IRR field to > > allow Hyper-V inject associated vector. > > The last sentence above seems to be leftover from v1 of the > patch set and is no longer accurate. Please update.
Thank you very much, Michael! Will update. > > Additional observation: These patches depend on > CC_ATTR_SNP_SECURE_AVIC, which is not set when operating > in VTOM mode (i.e., a paravisor is present). So evidently Linux > on Hyper-V must handle the Secure AVIC only when Linux is > running as the paravisor in VTL2 (CONFIG_HYPERV_VTL_MODE=y), > or when running as an SEV-SNP guest with no paravisor. Is > that correct? This patchset enables Secure AVIC function for enlightened SEV-SNP guest which uses c-bit to encrypt/decrypt guest memory. -- Thanks Tianyu Lan
