Commit c4074ab8 authored Aug 28, 2025 by Neeraj Upadhyay Committed by Borislav Petkov (AMD) Sep 01, 2025

x86/apic: Enable Secure AVIC in the control MSR



With all the pieces in place now, enable Secure AVIC in the Secure AVIC
Control MSR. Any access to x2APIC MSRs are emulated by the hypervisor
before Secure AVIC is enabled in the control MSR.  Post Secure AVIC
enablement, all x2APIC MSR accesses (whether accelerated by AVIC
hardware or trapped as a #VC exception) operate on the vCPU's APIC
backing page.

Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Tianyu Lan <tiala@microsoft.com>
Link: https://lore.kernel.org/20250828112126.209028-1-Neeraj.Upadhyay@amd.com

parent c8018325

arch/x86/include/asm/msr-index.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -704,6 +704,8 @@
		#define MSR_AMD64_SNP_RESV_BIT 19
		#define MSR_AMD64_SNP_RESERVED_MASK GENMASK_ULL(63, MSR_AMD64_SNP_RESV_BIT)
		#define MSR_AMD64_SAVIC_CONTROL 0xc0010138
		#define MSR_AMD64_SAVIC_EN_BIT 0
		#define MSR_AMD64_SAVIC_EN BIT_ULL(MSR_AMD64_SAVIC_EN_BIT)
		#define MSR_AMD64_SAVIC_ALLOWEDNMI_BIT 1
		#define MSR_AMD64_SAVIC_ALLOWEDNMI BIT_ULL(MSR_AMD64_SAVIC_ALLOWEDNMI_BIT)
		#define MSR_AMD64_RMP_BASE 0xc0010132

arch/x86/kernel/apic/x2apic_savic.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -365,7 +365,8 @@ static void savic_setup(void)
		if (res != ES_OK)
		snp_abort();

		native_wrmsrq(MSR_AMD64_SAVIC_CONTROL, gpa \| MSR_AMD64_SAVIC_ALLOWEDNMI);
		native_wrmsrq(MSR_AMD64_SAVIC_CONTROL,
		gpa \| MSR_AMD64_SAVIC_EN \| MSR_AMD64_SAVIC_ALLOWEDNMI);
		}

		static int savic_probe(void)