[kvm-unit-tests RFC v2 04/18] x86 TDX: Bypass APIC and enable x2APIC directly

Qian Wen <qian.wen@xxxxxxxxx> · Mon, 18 Dec 2023 15:22:33 +0800

From: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx>

According to TDX Module 1.5 Base Sepc, 11.9 Interrupt Handling and
APIC Virtualization:
1. Guest TDs must use virtualized x2APIC mode. xAPIC mode(using memory
mapped APIC access) is not allowed.
2. Guest TDs attempts to RDMSR or WRMSR the IA32_APIC_BASE MSR cause a
VE to the guest TD. The guest TD cannot disable the APIC.

Bypass xAPIC initialization and enable x2APIC directly. Set software
enable bit in x2APIC initializaion.

Use uid/apicid mapping to get apicid in setup_tss(). Initially I enabled
x2APIC early so apic_id() could be used. But that brings issue for
multiprocessor support as reading APIC_ID in AP triggers #VE and require
gdt/tss/idt to be initialized early, so setup_gdt_tss() early.

Signed-off-by: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx>
Reviewed-by: Yu Zhang <yu.c.zhang@xxxxxxxxx>
Link: https://lore.kernel.org/r/20220303071907.650203-4-zhenzhong.duan@xxxxxxxxx
Co-developed-by: Qian Wen <qian.wen@xxxxxxxxx>
Signed-off-by: Qian Wen <qian.wen@xxxxxxxxx>
---
 lib/x86/apic.c  |  4 ++++
 lib/x86/setup.c | 13 ++++++++-----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/lib/x86/apic.c b/lib/x86/apic.c
index 0d151476..a74edf53 100644
--- a/lib/x86/apic.c
+++ b/lib/x86/apic.c
@@ -153,6 +153,10 @@ int enable_x2apic(void)
 		asm ("rdmsr" : "=a"(a), "=d"(d) : "c"(MSR_IA32_APICBASE));
 		a |= 1 << 10;
 		asm ("wrmsr" : : "a"(a), "d"(d), "c"(MSR_IA32_APICBASE));
+
+		/* software APIC enabled bit is cleared after reset in TD-guest */
+		x2apic_write(APIC_SPIV, 0x1ff);
+
 		this_cpu_write_apic_ops((void *)&x2apic_ops);
 		return 1;
 	} else {
diff --git a/lib/x86/setup.c b/lib/x86/setup.c
index 97d9e896..8ff8ce4f 100644
--- a/lib/x86/setup.c
+++ b/lib/x86/setup.c
@@ -112,8 +112,9 @@ unsigned long setup_tss(u8 *stacktop)
 {
 	u32 id;
 	tss64_t *tss_entry;
+	static u32 cpus = 0;
 
-	id = pre_boot_apic_id();
+	id = is_tdx_guest() ? id_map[cpus++] : pre_boot_apic_id();
 
 	/* Runtime address of current TSS */
 	tss_entry = &tss[id];
@@ -362,11 +363,13 @@ efi_status_t setup_efi(efi_bootinfo_t *efi_bootinfo)
 	 * Resetting the APIC sets the per-vCPU APIC ops and so must be
 	 * done after loading GS.base with the per-vCPU data.
 	 */
-	reset_apic();
-	mask_pic_interrupts();
+	if (!is_tdx_guest()) {
+		reset_apic();
+		mask_pic_interrupts();
+		enable_apic();
+		save_id();
+	}
 	setup_page_table();
-	enable_apic();
-	save_id();
 	bsp_rest_init();
 
 	return EFI_SUCCESS;
-- 
2.25.1








