drivers: hv: mshv_vtl: Support for Secure AVIC#121
Open
Brian-Perkins wants to merge 1 commit intomicrosoft:product/hcl-main/6.18from
Open
drivers: hv: mshv_vtl: Support for Secure AVIC#121Brian-Perkins wants to merge 1 commit intomicrosoft:product/hcl-main/6.18from
Brian-Perkins wants to merge 1 commit intomicrosoft:product/hcl-main/6.18from
Conversation
There was a problem hiding this comment.
Pull request overview
Adds Secure AVIC (SEV-SNP) support to the Hyper-V VTL (mshv_vtl) path, primarily to accelerate interrupt/IPI handling for hardware-isolated guests and expose required metadata to userspace.
Changes:
- Introduces a new MSHV VTL ioctl to retrieve the Secure AVIC backing page PFN for VTL0, and allocates/configures the backing page on SNP.
- Refactors/extends in-kernel interrupt offload plumbing (APIC page selection, proxy IRR handling, APICID↔CPUID mapping) to support both TDX and SNP paths.
- Updates x86 Hyper-V / SVM related UAPI and headers (new SVM exit codes/flags, VMCB enlightenments structure, Secure AVIC backing page initializer).
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| include/uapi/linux/mshv.h | Adds a new VTL ioctl definition for Secure AVIC PFN retrieval. |
| include/uapi/hyperv/hvgdk_mini.h | Adds a UAPI definition for Hyper-V VMCB enlightenments. |
| drivers/hv/mshv_vtl_main.c | Implements Secure AVIC backing page allocation/config and new ioctl; generalizes APIC/proxy-IRR handling for isolated guests. |
| arch/x86/kernel/apic/x2apic_savic.c | Exposes backing-page initialization helper for Secure AVIC. |
| arch/x86/include/uapi/asm/svm.h | Adds/aligns SVM exit reason constants used by the new SNP exit handling. |
| arch/x86/include/asm/svm.h | Adds VMCB flag bits used by SNP exit handling; adjusts Hyper-V header include. |
| arch/x86/include/asm/sev.h | Adds RMPADJUST permission bit definitions used when configuring Secure AVIC pages. |
| arch/x86/include/asm/apic.h | Declares the new Secure AVIC backing-page init helper (with stub when unsupported). |
| arch/x86/hyperv/hv_vtl.c | Disables TSC_ADJUST to skip periodic TSC sync logic under Hyper-V VTL. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Brian-Perkins
force-pushed
the
snp_savic
branch
from
579837a to
c323ace
Compare
Brian-Perkins
force-pushed
the
snp_savic
branch
from
c323ace to
3331547
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.
Comments suppressed due to low confidence (1)
arch/x86/kernel/apic/x2apic_savic.c:347
x2apic_savic_init_backing_page()is now a non-static symbol used bydrivers/hv/mshv_vtl_main.c, but it is not exported fromx2apic_savic.c. SinceCONFIG_MSHV_VTLis a tristate (module-capable), buildingmshv_vtlas a module will fail to link with an undefined symbol unless this function is exported (e.g.,EXPORT_SYMBOL_GPL) or the call site is structured to avoid module->vmlinux linkage.
void x2apic_savic_init_backing_page(void *ap)
{
u32 apic_id;
/*
* Before Secure AVIC is enabled, APIC msr reads are intercepted.
* APIC_ID msr read returns the value from the Hypervisor.
*/
apic_id = native_apic_msr_read(APIC_ID);
apic_set_reg(ap, APIC_ID, apic_id);
}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Brian-Perkins
force-pushed
the
snp_savic
branch
from
3331547 to
78fa247
Compare
Brian-Perkins
changed the base branch from
product/hcl-main/6.12
to
product/hcl-main/6.18
Signed-off-by: Roman Kisel <romank@linux.microsoft.com> Signed-off-by: Tianyu Lan <tiala@microsoft.com>
Brian-Perkins
force-pushed
the
snp_savic
branch
from
78fa247 to
44270f4
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.