drivers: mshv_vtl: Support Secure AVIC

Author: romank-msft

arch/x86/include/asm/apic.h

@@ -245,6 +245,7 @@ static inline u64 native_x2apic_icr_read(void)
 extern void x2apic_savic_update_vector(unsigned int cpu,
 				unsigned int vector,
 				bool set);
+extern void x2apic_savic_init_backing_page(void *backing_page);
 #else
 static inline void x2apic_savic_update_vector(unsigned int cpu,
 					      unsigned int vector,								      bool set) { }

arch/x86/include/asm/sev.h

@@ -109,7 +109,12 @@ struct rmp_state {
 	u32 asid;
 } __packed;
 
-#define RMPADJUST_VMSA_PAGE_BIT		BIT(16)
+/* Target VMPL takes the first byte */
+#define RMPADJUST_ENABLE_READ			BIT(8)
+#define RMPADJUST_ENABLE_WRITE			BIT(9)
+#define RMPADJUST_USER_EXECUTE			BIT(10)
+#define RMPADJUST_KERNEL_EXECUTE		BIT(11)
+#define RMPADJUST_VMSA_PAGE_BIT			BIT(16)
 
 /* SNP Guest message request */
 struct snp_req_data {

arch/x86/kernel/apic/x2apic_savic.c

@@ -362,7 +362,7 @@ void x2apic_savic_update_vector(unsigned int cpu, unsigned int vector, bool set)
 		test_and_clear_bit(VEC_POS(vector), reg);
 }
 
-static void init_backing_page(void *backing_page)
+void x2apic_savic_init_backing_page(void *backing_page)
 {
 	u32 hv_apic_id;
 	u32 apic_id;
@@ -412,7 +412,7 @@ static void x2apic_savic_setup(void)
 		return;
 
 	backing_page = this_cpu_read(apic_backing_page);
-	init_backing_page(backing_page);
+	x2apic_savic_init_backing_page(backing_page);
 	gpa = __pa(backing_page);
 	gfn = gpa >> PAGE_SHIFT;
 

drivers/hv/mshv_vtl_main.c

@@ -162,6 +162,9 @@ struct mshv_vtl_per_cpu {
 	u64 l1_msr_sfmask;
 	u64 l1_msr_tsc_aux;
 #endif
+#if defined(CONFIG_X86_64) && defined(CONFIG_SEV_GUEST)
+	struct page *secure_avic_page;
+#endif
 };
 
 static struct mutex	mshv_vtl_poll_file_lock;
@@ -191,18 +194,28 @@ static struct page *mshv_vtl_cpu_reg_page(int cpu)
 	return *per_cpu_ptr(&mshv_vtl_per_cpu.reg_page, cpu);
 }
 
-#if defined(CONFIG_X86_64) && defined(CONFIG_INTEL_TDX_GUEST)
 
 static struct page *tdx_apic_page(int cpu)
 {
+#if defined(CONFIG_X86_64) && defined(CONFIG_INTEL_TDX_GUEST)
 	return *per_cpu_ptr(&mshv_vtl_per_cpu.tdx_apic_page, cpu);
+#else
+	(void)cpu;
+	return NULL;
+#endif
 }
 
 static struct page *tdx_this_apic_page(void)
 {
+#if defined(CONFIG_X86_64) && defined(CONFIG_INTEL_TDX_GUEST)
 	return *this_cpu_ptr(&mshv_vtl_per_cpu.tdx_apic_page);
+#else
+	return NULL;
+#endif
 }
 
+#if defined(CONFIG_X86_64) && defined(CONFIG_INTEL_TDX_GUEST)
+
 /*
  * For ICR emulation on TDX, we need a fast way to map APICIDs to CPUIDs.
  * Instead of iterating through all CPUs for each target in the ICR destination field
@@ -236,6 +249,26 @@ static int mshv_tdx_set_cpumask_from_apicid(int apicid, struct cpumask *cpu_mask
 }
 #endif
 
+static struct page *snp_secure_avic_page(int cpu)
+{
+#if defined(CONFIG_X86_64) && defined(CONFIG_SEV_GUEST)
+	return *per_cpu_ptr(&mshv_vtl_per_cpu.secure_avic_page, cpu);
+#else
+	(void)cpu;
+	return NULL;
+#endif
+}
+
+static struct page* mshv_apic_page(int cpu)
+{
+	if (hv_isolation_type_tdx())
+		return tdx_apic_page(cpu);
+	else if (hv_isolation_type_snp())
+		return snp_secure_avic_page(cpu);
+
+	return NULL;
+}
+
 static long __mshv_vtl_ioctl_check_extension(u32 arg)
 {
 	switch (arg) {
@@ -619,12 +652,34 @@ static int mshv_vtl_alloc_context(unsigned int cpu)
 		mshv_write_tdx_apic_page(page_to_phys(tdx_apic_page));
 #endif
 	} else if (hv_isolation_type_snp()) {
-#ifdef CONFIG_X86_64
+#if defined(CONFIG_X86_64) && defined(CONFIG_SEV_GUEST)
 		int ret;
 
 		ret = mshv_configure_vmsa_page(0, &per_cpu->vmsa_page);
 		if (ret < 0)
 			return ret;
+
+		if (cc_platform_has(CC_ATTR_SNP_SECURE_AVIC)) {
+			struct page *page = alloc_page(GFP_KERNEL | __GFP_ZERO);
+			void *secure_avic_page;
+
+			if (!page)
+				return -ENOMEM;
+			secure_avic_page = page_address(page);
+
+			/* VMPL 2 for the VTL0 */
+			ret = rmpadjust((unsigned long)secure_avic_page,
+						RMP_PG_SIZE_4K, 2 | RMPADJUST_ENABLE_READ | RMPADJUST_ENABLE_WRITE);
+			if (ret) {
+				pr_err("failed to adjust RMP for the secure AVIC page: %d\n", ret);
+				free_page((u64)page);
+				return -EINVAL;
+			}
+			pr_info("VTL0 secure AVIC page allocated, CPU %d\n", cpu);
+
+			x2apic_savic_init_backing_page(secure_avic_page);
+			per_cpu->secure_avic_page = secure_avic_page;
+		}
 #endif
 	} else if (mshv_vsm_capabilities.intercept_page_available)
 		mshv_vtl_configure_reg_page(per_cpu);
@@ -1933,7 +1988,7 @@ mshv_vtl_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg)
 
 static vm_fault_t mshv_vtl_fault(struct vm_fault *vmf)
 {
-	struct page *page;
+	struct page *page = NULL;
 	int cpu = vmf->pgoff & MSHV_PG_OFF_CPU_MASK;
 	int real_off = vmf->pgoff >> MSHV_REAL_OFF_SHIFT;
 
@@ -1965,18 +2020,16 @@ static vm_fault_t mshv_vtl_fault(struct vm_fault *vmf)
 		if (!hv_isolation_type_snp())
 			return VM_FAULT_SIGBUS;
 		page = *per_cpu_ptr(&mshv_vtl_per_cpu.vmsa_page, cpu);
-#ifdef CONFIG_INTEL_TDX_GUEST
 	} else if (real_off == MSHV_APIC_PAGE_OFFSET) {
-		if (!hv_isolation_type_tdx())
-			return VM_FAULT_SIGBUS;
-
-		page = tdx_apic_page(cpu);
-#endif
+		page = mshv_apic_page(cpu);
 #endif
 	} else {
 		return VM_FAULT_NOPAGE;
 	}
 
+	if (!page)
+		return VM_FAULT_SIGBUS;
+
 	get_page(page);
 	vmf->page = page;