Direct HLT instruction execution causes #VEs for TDX VMs which is routed
to hypervisor via TDCALL. safe_halt() routines execute HLT in STI-shadow
so IRQs need to remain disabled until the TDCALL to ensure that pending
IRQs are correctly treated as wake events. As per current TDX spec, HLT
#VE handler doesn't have access to interruptibility state to selectively
enable interrupts, it ends up enabling interrupts during #VE handling
before the TDCALL is executed.
Commit bfe6ed0c6727 ("x86/tdx: Add HLT support for TDX guests")
effectively solved this issue for idle routines by defining TDX specific
idle routine which directly invokes TDCALL while keeping interrupts
disabled, but missed handling arch_safe_halt(). This series intends to fix
arch_safe_halt() execution for TDX VMs.
Changes introduced by the series include:
- Move *halt() variants outside CONFIG_PARAVIRT_XXL and under
CONFIG_PARAVIRT [1].
- Add explicit dependency on CONFIG_PARAVIRT for TDX VMs.
- Route "sti; hlt" sequences via tdx_safe_halt() for reliability.
- Route "hlt" sequences via tdx_halt() to avoid unnecessary #VEs.
- Warn and fail emulation if HLT #VE emulation executes with interrupts
enabled.
Changes since v5:
1) Addressed Dave's comments.
2) Dropped the cleanup patch for now, it can be discussed separately.
v5: https://lore.kernel.org/lkml/20250220211628.1832258-1-vannapurve@xxxxxxxxxx/
Kirill A. Shutemov (1):
x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT
Vishal Annapurve (2):
x86/tdx: Fix arch_safe_halt() execution for TDX VMs
x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling
arch/x86/Kconfig | 1 +
arch/x86/coco/tdx/tdx.c | 34 ++++++++++++++++++++++-
arch/x86/include/asm/irqflags.h | 40 +++++++++++++++------------
arch/x86/include/asm/paravirt.h | 20 +++++++-------
arch/x86/include/asm/paravirt_types.h | 3 +-
arch/x86/include/asm/tdx.h | 2 +-
arch/x86/kernel/paravirt.c | 14 ++++++----
arch/x86/kernel/process.c | 2 +-
8 files changed, 77 insertions(+), 39 deletions(-)
--
2.48.1.658.g4767266eb4-goog
