On Mon, Jan 13, 2025, Binbin Wu wrote:
> On 1/13/2025 10:03 AM, Binbin Wu wrote:
> >
> > On 12/9/2024 9:07 AM, Binbin Wu wrote:
> > > From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
> > >
> > > Inhibit APICv for TDX guest in KVM since TDX doesn't support APICv accesses
> > > from host VMM.
> > >
> > > Follow how SEV inhibits APICv. I.e, define a new inhibit reason for TDX, set
> > > it on TD initialization, and add the flag to kvm_x86_ops.required_apicv_inhibits.
> >
> Resend due to the format mess.
That was a very impressive mess :-)
> After TDX vCPU init, APIC is set to x2APIC mode. However, userspace could
> disable APIC via KVM_SET_LAPIC or KVM_SET_{SREGS, SREGS2}.
>
> - KVM_SET_LAPIC
> Currently, KVM allows userspace to request KVM_SET_LAPIC to set the state
> of LAPIC for TDX guests.
> There are two options:
> - Force x2APIC mode and default base address when userspace request
> KVM_SET_LAPIC.
> - Simply reject KVM_SET_LAPIC for TDX guest (apic->guest_apic_protected
> is true), since migration is not supported yet.
> Choose option 2 for simplicity for now.
Yeah. We'll likely need to support KVM_SET_LAPIC at some point, e.g. to support
PID.PIR save/restore, but that's definitely a future problem.
> Summary about APICv inhibit reasons:
> APICv could still be disabled runtime in some corner case, e.g,
> APICV_INHIBIT_REASON_PHYSICAL_ID_ALIASED due to memory allocation failure.
> After checking enable_apicv in tdx_bringup(), apic->apicv_active is
> initialized as true in kvm_create_lapic(). If APICv is inhibited due to any
> reason runtime, the refresh_apicv_exec_ctrl() callback could be used to check
> if APICv is disabled for TDX, if APICv is disabled, bug the VM.
I _think_ this is a non-issue, and that KVM could do KVM_BUG_ON() if APICv is
inihibited by kvm_recalculate_apic_map() for a TDX VM. x2APIC is mandatory
(KVM_APIC_MODE_MAP_DISABLED and "APIC_ID modified" impossible), KVM emulates
APIC_ID as read-only for x2APIC mode (physical aliasing impossible), and LDR is
read-only for x2APIC (logical aliasing impossible).
To ensure no physical aliasing, KVM would need to require KVM_CAP_X2APIC_API be
enabled, but that should probably be required for TDX no matter what.
> kvm_arch_dy_has_pending_interrupt()
> -----------------------------------
> Before enabling off-TD debug, there is no functional change because there
> is no PAUSE Exit for TDX guests.
> After enabling off-TD debug, the kvm_vcpu_apicv_active(vcpu) should be true
> to get the pending interrupt from PID. Set APICv to active for TDX is the
> right thing to do.
And as alluded to above, for save/restore, e.g. intrahost migration.
