On Tue, Jan 14, 2025, Binbin Wu wrote: > On 1/14/2025 1:16 AM, Sean Christopherson wrote: > > On Mon, Jan 13, 2025, Binbin Wu wrote: > > > Summary about APICv inhibit reasons: > > > APICv could still be disabled runtime in some corner case, e.g, > > > APICV_INHIBIT_REASON_PHYSICAL_ID_ALIASED due to memory allocation failure. > > > After checking enable_apicv in tdx_bringup(), apic->apicv_active is > > > initialized as true in kvm_create_lapic(). If APICv is inhibited due to any > > > reason runtime, the refresh_apicv_exec_ctrl() callback could be used to check > > > if APICv is disabled for TDX, if APICv is disabled, bug the VM. > > I _think_ this is a non-issue, and that KVM could do KVM_BUG_ON() if APICv is > > inihibited by kvm_recalculate_apic_map() for a TDX VM. x2APIC is mandatory > > (KVM_APIC_MODE_MAP_DISABLED and "APIC_ID modified" impossible), KVM emulates > > APIC_ID as read-only for x2APIC mode (physical aliasing impossible), and LDR is > > read-only for x2APIC (logical aliasing impossible). > > For logical aliasing, according to the KVM code, it's only relevant to > AMD's AVIC. It's not set in VMX_REQUIRED_APICV_INHIBITS. Ah, right. > Is the reason AVIC using logical-id-addressing while APICv using > physical-id-addressing for IPI virtualization? Ya, more or less. AVIC supports virtualizing both physical and logical IPIs, APICv only supports physical. > > To ensure no physical aliasing, KVM would need to require KVM_CAP_X2APIC_API be > > enabled, but that should probably be required for TDX no matter what. > There is no physical aliasing when APIC is in x2apic mode, vcpu_id is used > anyway. Yeah, ignore this, I misremembered the effects of KVM_CAP_X2APIC_API.