On 10/18/2024 4:57 PM, Joao Martins wrote:
On 18/10/2024 09:50, Suravee Suthikulpanit wrote:
On SNP-enabled system, VMRUN marks AVIC Backing Page as in-use while
the guest is running for both secure and non-secure guest. Any hypervisor
write to the in-use vCPU's AVIC backing page (e.g. to inject an interrupt)
will generate unexpected #PF in the host.
Currently, attempt to run AVIC guest would result in the following error:
BUG: unable to handle page fault for address: ff3a442e549cc270
#PF: supervisor write access in kernel mode
#PF: error_code(0x80000003) - RMP violation
PGD b6ee01067 P4D b6ee02067 PUD 10096d063 PMD 11c540063 PTE 80000001149cc163
SEV-SNP: PFN 0x1149cc unassigned, dumping non-zero entries in 2M PFN region: [0x114800 - 0x114a00]
...
Newer AMD system is enhanced to allow hypervisor to modify the backing page
for non-secure guest on SNP-enabled system. This enhancement is available
when the CPUID Fn8000_001F_EAX bit 30 is set (HvInUseWrAllowed).
This table describes AVIC support matrix w.r.t. SNP enablement:
| Non-SNP system | SNP system
-----------------------------------------------------
Non-SNP guest | AVIC Activate | AVIC Activate iff
| | HvInuseWrAllowed=1
-----------------------------------------------------
SNP guest | N/A | Secure AVIC
| | x2APIC only
Introduce APICV_INHIBIT_REASON_HVINUSEWR_NOT_ALLOWED to deactivate AVIC
when the feature is not available on SNP-enabled system.
I misread your first sentence in v1 wrt to non-secure guests -- but it's a lot
more obvious now. If this was sort of a dynamic condition at runtime (like the
other inhibits triggered by guest behavior or something that can change at
runtime post-boot, or modparam) then the inhibit system would be best acquainted
for preventing enabling AVIC on a per-vm basis. But it appears this is
global-defined-at-boot that blocks any non-secure guest from using AVIC if we
boot as an SNP-enabled host i.e. based on testing BSP-defined feature bits solely.
Your original proposal perhaps is better where you disable AVIC globally in
avic_hardware_setup(). Apologies for (mistankenly) misleading you and wasting
your time :/
Repost from v1 thread:
I was considering the APICV inhibit as well, and decided to go with
disabling AVIC since it does not require additional
APICV_INHIBIT_REASON_XXX flag, and we can simply disable AVIC support
during kvm-amd driver initialization.
After rethink this, it is better to use per-VM APICv inhibition instead
since certain AVIC data structures will be needed for secure AVIC
support in the future.
Thanks,
Suravee
