Re: [RFC Patch v2 0/4] x86/Hyper-V: Add AMD Secure AVIC for Hyper-V platform

[Tianyu Lan]

On Fri, Jun 20, 2025 at 10:17 AM Michael Kelley <mhklinux@xxxxxxxxxxx> wrote:
>
> From: Tianyu Lan <ltykernel@xxxxxxxxx> Sent: Friday, June 13, 2025 4:08 AM
> >
> > Secure AVIC is a new hardware feature in the AMD64
> > architecture to allow SEV-SNP guests to prevent the
> > hypervisor from generating unexpected interrupts to
> > a vCPU or otherwise violate architectural assumptions
> > around APIC behavior.
> >
> > Each vCPU has a guest-allocated APIC backing page of
> > size 4K, which maintains APIC state for that vCPU.
> > APIC backing page's ALLOWED_IRR field indicates the
> > interrupt vectors which the guest allows the hypervisor
> > to send.
> >
> > This patchset is to enable the feature for Hyper-V
> > platform. Patch "Expose x2apic_savic_update_vector()"
> > is to expose new fucntion and device driver and arch
> > code may update AVIC backing page ALLOWED_IRR field to
> > allow Hyper-V inject associated vector.
>
> The last sentence above seems to be leftover from v1 of the
> patch set and is no longer accurate. Please update.

Thank you very much, Michael!  Will update.
>
> Additional observation:  These patches depend on
> CC_ATTR_SNP_SECURE_AVIC, which is not set when operating
> in VTOM mode (i.e., a paravisor is present). So evidently Linux
> on Hyper-V must handle the Secure AVIC only when Linux is
> running as the paravisor in VTL2 (CONFIG_HYPERV_VTL_MODE=y),
> or when running as an SEV-SNP guest with no paravisor. Is
> that correct?

This patchset enables Secure AVIC function for enlightened SEV-SNP guest
which uses c-bit to encrypt/decrypt guest memory.

-- 
Thanks
Tianyu Lan