On Wed, Jul 9, 2025 at 11:40 AM Neeraj Upadhyay <Neeraj.Upadhyay@xxxxxxx> wrote: > > With Secure AVIC, the APIC backing page is owned and managed by guest. > Allocate and initialize APIC backing page for all guest CPUs. > > The NPT entry for a vCPU's APIC backing page must always be present > when the vCPU is running, in order for Secure AVIC to function. A > VMEXIT_BUSY is returned on VMRUN and the vCPU cannot be resumed if > the NPT entry for the APIC backing page is not present. To handle this, > notify GPA of the vCPU's APIC backing page to the hypervisor by using the > SVM_VMGEXIT_SECURE_AVIC GHCB protocol event. Before executing VMRUN, > the hypervisor makes use of this information to make sure the APIC backing > page is mapped in NPT. > > Co-developed-by: Kishon Vijay Abraham I <kvijayab@xxxxxxx> > Signed-off-by: Kishon Vijay Abraham I <kvijayab@xxxxxxx> > Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@xxxxxxx> > --- > Changes since v7: > - No change. Reviewed-by: Tianyu Lan <tiala@xxxxxxxxxxxxx> -- Thanks Tianyu Lan
