x86/apic: Enable Secure AVIC in the control MSR

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

With all the pieces in place now, enable Secure AVIC in the Secure AVIC
Control MSR. Any access to x2APIC MSRs are emulated by the hypervisor
before Secure AVIC is enabled in the control MSR. Post Secure AVIC
enablement, all x2APIC MSR accesses (whether accelerated by AVIC
hardware or trapped as a #VC exception) operate on the vCPU's APIC
backing page.

Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Tianyu Lan <tiala@microsoft.com>
Link: https://lore.kernel.org/20250828112126.209028-1-Neeraj.Upadhyay@amd.com

authored by

Neeraj Upadhyay and committed by

Borislav Petkov (AMD) 7 months ago c4074ab8 c8018325

+4 -1

2 changed files

expand all

arch

x86

include

asm

msr-index.h

kernel

apic

x2apic_savic.c

arch/x86/include/asm/msr-index.h

··· 704 704 #define MSR_AMD64_SNP_RESV_BIT 19 705 705 #define MSR_AMD64_SNP_RESERVED_MASK GENMASK_ULL(63, MSR_AMD64_SNP_RESV_BIT) 706 706 #define MSR_AMD64_SAVIC_CONTROL 0xc0010138 707 + #define MSR_AMD64_SAVIC_EN_BIT 0 708 + #define MSR_AMD64_SAVIC_EN BIT_ULL(MSR_AMD64_SAVIC_EN_BIT) 707 709 #define MSR_AMD64_SAVIC_ALLOWEDNMI_BIT 1 708 710 #define MSR_AMD64_SAVIC_ALLOWEDNMI BIT_ULL(MSR_AMD64_SAVIC_ALLOWEDNMI_BIT) 709 711 #define MSR_AMD64_RMP_BASE 0xc0010132

+2 -1

arch/x86/kernel/apic/x2apic_savic.c

··· 365 365 if (res != ES_OK) 366 366 snp_abort(); 367 367 368 - native_wrmsrq(MSR_AMD64_SAVIC_CONTROL, gpa | MSR_AMD64_SAVIC_ALLOWEDNMI); 368 + native_wrmsrq(MSR_AMD64_SAVIC_CONTROL, 369 + gpa | MSR_AMD64_SAVIC_EN | MSR_AMD64_SAVIC_ALLOWEDNMI); 369 370 } 370 371 371 372 static int savic_probe(void)