Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp3430382rwb; Fri, 30 Sep 2022 03:34:15 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6VUkNUU2QnvqVVj54mCnTVSC//jhAaVE6L8FRWIML2pS+ECYwI9AVhgivXakfkA8Q2oHg9 X-Received: by 2002:a17:907:2cca:b0:77d:6542:d912 with SMTP id hg10-20020a1709072cca00b0077d6542d912mr6131571ejc.528.1664534055194; Fri, 30 Sep 2022 03:34:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664534055; cv=none; d=google.com; s=arc-20160816; b=jWnzABKFqVbWjBz6lk3wH7S62wS+QwIkH50CmuKtNpk1vWm09FYKWR24nIBZ+oaocM nc93jz2H+zk2J7KeGiHhSDOx6R3OP3ZZDrYU0EDn1jkjPxAjZkGlbj+HEJP8M9TXebI8 B+eDlTlnnJ0n4sJKEUGwdUH98M+UAo03SrBRLbv2RSPVXgvMMaobxDNp615KyQQ918ST FJd2p8lQaJoqNzbQIg+LgIEfUkAB+JN1rAaPfms783JzLSgyQ7+5qYOIHmxn0sTJmxet j5Rq8GmSFYaS5GDxm2cU10pOuMIPvOD15jiy4wuTZ/NlVmWbk7KrXQg2W37AJuXrDmJF AliQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=HdmQoqyEkshDIZFNCj09P/mawTdtiUs7ByQRVADzn1k=; b=RSmdXO+ClgLH+PJB9pGdUX71y8VKDn8zVA0sA0SwnwjyJqtzbiU+rNmEYo6bSlTdQc VKvtsmGFKJUbjjBKyFTmQn/CvFB9ODRt11BYgBwM3Pufl5TNPnhlApIdwjk88Q9bEQjq rP2U/qf4KoV7Ip2DWlFCU/TNMP6ClzDciI7IjDZcVuiVGcDbf202jO8udTUUN2H9EwDZ KY1LHGbi+v41WuubaDiakPQcO3BqdcER/+YNFlhjcllF+hPGhC2t/tWfG/9VhXnbYkaZ xlAVikLqZxG0sWswOIJ0rE0vD3a6JR+eBo0v6+lh7jNhjidDRlPKgvH8LDk1qLSEGObl Kxxw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=NBEBa03o; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y19-20020a056402271300b004548a74553esi1967870edd.445.2022.09.30.03.33.49; Fri, 30 Sep 2022 03:34:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=NBEBa03o; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232452AbiI3K2a (ORCPT + 99 others); Fri, 30 Sep 2022 06:28:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34768 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232594AbiI3K02 (ORCPT ); Fri, 30 Sep 2022 06:26:28 -0400 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6E4FF3719B; Fri, 30 Sep 2022 03:19:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1664533200; x=1696069200; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=x/pp7Rr6YLHDavCMmIEepzFwSxDLb5TVp3XhWZFvsNw=; b=NBEBa03ohIRpXNjvH6hHBG9BgZOeZPdPTzvewgwbzmphT8w2lVq7qzDF 6nTKJRIlO84iJSd0FvhGjgi1xAIbqXcYh1R3/k+I6W6wBbci7AIYIPX3U cK8bOXOmhOPHqh7y6zCEgpmJ+GMByzPw245cgcMRSKlW9iaIQ5uaBEHgv yMnArqZdbON7QnZvP5U+4Sjwg6am5wSD+/24bjSzkxR7EkmcJr79Y3GSA M9r2WTBtx6bkGoCRu58h6WR8YswfH+QGSswgeTZwKRnFTumWAkSVkFJpi ffgDEXqI6RAGpsjXhvxC4tolvc7Iy0q0YcG8liiMiS07Ih2LBjVKSU5Zm A==; X-IronPort-AV: E=McAfee;i="6500,9779,10485"; a="328540184" X-IronPort-AV: E=Sophos;i="5.93,358,1654585200"; d="scan'208";a="328540184" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Sep 2022 03:19:08 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10485"; a="726807843" X-IronPort-AV: E=Sophos;i="5.93,358,1654585200"; d="scan'208";a="726807843" Received: from ls.sc.intel.com (HELO localhost) ([143.183.96.54]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Sep 2022 03:19:08 -0700 From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar Subject: [PATCH v9 101/105] KVM: TDX: Silently ignore INIT/SIPI Date: Fri, 30 Sep 2022 03:18:35 -0700 Message-Id: <4df60690fb826f632716e5c2fd5190e34467d86e.1664530908.git.isaku.yamahata@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Isaku Yamahata The TDX module API doesn't provide API for VMM to inject INIT IPI and SIPI. Instead it defines the different protocols to boot application processors. Ignore INIT and SIPI events for the TDX guest. There are two options. 1) (silently) ignore INIT/SIPI request or 2) return error to guest TDs somehow. Given that TDX guest is paravirtualized to boot AP, the option 1 is chosen for simplicity. Signed-off-by: Isaku Yamahata --- arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/lapic.c | 16 +++++++++++----- arch/x86/kvm/svm/svm.c | 1 + arch/x86/kvm/vmx/main.c | 22 +++++++++++++++++++++- 5 files changed, 36 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index 0ecaebcf8a18..89cdc31dca4a 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -140,6 +140,7 @@ KVM_X86_OP_OPTIONAL(migrate_timers) KVM_X86_OP(msr_filter_changed) KVM_X86_OP(complete_emulated_msr) KVM_X86_OP(vcpu_deliver_sipi_vector) +KVM_X86_OP(vcpu_deliver_init) KVM_X86_OP_OPTIONAL_RET0(vcpu_get_apicv_inhibit_reasons); KVM_X86_OP(check_processor_compatibility) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index de7a716e774c..276f09caf9bd 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1700,6 +1700,7 @@ struct kvm_x86_ops { int (*complete_emulated_msr)(struct kvm_vcpu *vcpu, int err); void (*vcpu_deliver_sipi_vector)(struct kvm_vcpu *vcpu, u8 vector); + void (*vcpu_deliver_init)(struct kvm_vcpu *vcpu); /* * Returns vCPU specific APICv inhibit reasons @@ -1908,6 +1909,7 @@ int kvm_emulate_wbinvd(struct kvm_vcpu *vcpu); void kvm_get_segment(struct kvm_vcpu *vcpu, struct kvm_segment *var, int seg); int kvm_load_segment_descriptor(struct kvm_vcpu *vcpu, u16 selector, int seg); void kvm_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector); +void kvm_vcpu_deliver_init(struct kvm_vcpu *vcpu); int kvm_task_switch(struct kvm_vcpu *vcpu, u16 tss_selector, int idt_index, int reason, bool has_error_code, u32 error_code); diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index e02681061637..03e06e1e901d 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -3035,6 +3035,16 @@ int kvm_lapic_set_pv_eoi(struct kvm_vcpu *vcpu, u64 data, unsigned long len) return 0; } +void kvm_vcpu_deliver_init(struct kvm_vcpu *vcpu) +{ + kvm_vcpu_reset(vcpu, true); + if (kvm_vcpu_is_bsp(vcpu)) + vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE; + else + vcpu->arch.mp_state = KVM_MP_STATE_INIT_RECEIVED; +} +EXPORT_SYMBOL_GPL(kvm_vcpu_deliver_init); + int kvm_apic_accept_events(struct kvm_vcpu *vcpu) { struct kvm_lapic *apic = vcpu->arch.apic; @@ -3082,11 +3092,7 @@ int kvm_apic_accept_events(struct kvm_vcpu *vcpu) if (test_bit(KVM_APIC_INIT, &pe)) { clear_bit(KVM_APIC_INIT, &apic->pending_events); - kvm_vcpu_reset(vcpu, true); - if (kvm_vcpu_is_bsp(apic->vcpu)) - vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE; - else - vcpu->arch.mp_state = KVM_MP_STATE_INIT_RECEIVED; + static_call(kvm_x86_vcpu_deliver_init)(vcpu); } if (test_bit(KVM_APIC_SIPI, &pe)) { clear_bit(KVM_APIC_SIPI, &apic->pending_events); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 37c0db89a1a4..455eded53f47 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4866,6 +4866,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .complete_emulated_msr = svm_complete_emulated_msr, .vcpu_deliver_sipi_vector = svm_vcpu_deliver_sipi_vector, + .vcpu_deliver_init = kvm_vcpu_deliver_init, .vcpu_get_apicv_inhibit_reasons = avic_vcpu_get_apicv_inhibit_reasons, }; diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index 017c24ed16e5..72dd771b0993 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -286,6 +286,25 @@ static void vt_deliver_interrupt(struct kvm_lapic *apic, int delivery_mode, vmx_deliver_interrupt(apic, delivery_mode, trig_mode, vector); } +static void vt_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) +{ + if (is_td_vcpu(vcpu)) + return; + + kvm_vcpu_deliver_sipi_vector(vcpu, vector); +} + +static void vt_vcpu_deliver_init(struct kvm_vcpu *vcpu) +{ + if (is_td_vcpu(vcpu)) { + /* TDX doesn't support INIT. Ignore INIT event */ + vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE; + return; + } + + kvm_vcpu_deliver_init(vcpu); +} + static void vt_flush_tlb_all(struct kvm_vcpu *vcpu) { if (is_td_vcpu(vcpu)) @@ -627,7 +646,8 @@ struct kvm_x86_ops vt_x86_ops __initdata = { .msr_filter_changed = vmx_msr_filter_changed, .complete_emulated_msr = kvm_complete_insn_gp, - .vcpu_deliver_sipi_vector = kvm_vcpu_deliver_sipi_vector, + .vcpu_deliver_sipi_vector = vt_vcpu_deliver_sipi_vector, + .vcpu_deliver_init = vt_vcpu_deliver_init, .dev_mem_enc_ioctl = tdx_dev_ioctl, .mem_enc_ioctl = vt_mem_enc_ioctl, -- 2.25.1