From: Isaku Yamahata <isaku.yamahata@intel.com> To: qemu-devel@nongnu.org, pbonzini@redhat.com, alistair@alistair23.me, ehabkost@redhat.com, marcel.apfelbaum@gmail.com, mst@redhat.com, cohuck@redhat.com, mtosatti@redhat.com, xiaoyao.li@intel.com, seanjc@google.com Cc: kvm@vger.kernel.org, isaku.yamahata@gmail.com, isaku.yamahata@intel.com, Sean Christopherson <sean.j.christopherson@intel.com> Subject: [RFC PATCH 22/23] i386/tdx: Force x2apic mode and routing for TDs Date: Mon, 15 Feb 2021 18:13:18 -0800 [thread overview] Message-ID: <99972768126128546e54fca3445c9673a527b67f.1613188118.git.isaku.yamahata@intel.com> (raw) In-Reply-To: <cover.1613188118.git.isaku.yamahata@intel.com> In-Reply-To: <cover.1613188118.git.isaku.yamahata@intel.com> From: Sean Christopherson <sean.j.christopherson@intel.com> TDX requires x2apic and "resets" vCPUs to have x2apic enabled. Model this in QEMU and unconditionally enable x2apic interrupt routing. This fixes issues where interrupts from IRQFD would not get forwarded to the guest due to KVM silently dropping the invalid routing entry. Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> --- hw/intc/apic_common.c | 12 ++++++++++++ include/hw/i386/apic.h | 1 + include/hw/i386/apic_internal.h | 1 + target/i386/kvm/tdx.c | 7 +++++++ 4 files changed, 21 insertions(+) diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c index 97dd96dffa..6a69027377 100644 --- a/hw/intc/apic_common.c +++ b/hw/intc/apic_common.c @@ -263,6 +263,15 @@ void apic_designate_bsp(DeviceState *dev, bool bsp) } } +void apic_force_x2apic(DeviceState *dev) +{ + if (dev == NULL) { + return; + } + + APIC_COMMON(dev)->force_x2apic = true; +} + static void apic_reset_common(DeviceState *dev) { APICCommonState *s = APIC_COMMON(dev); @@ -271,6 +280,9 @@ static void apic_reset_common(DeviceState *dev) bsp = s->apicbase & MSR_IA32_APICBASE_BSP; s->apicbase = APIC_DEFAULT_ADDRESS | bsp | MSR_IA32_APICBASE_ENABLE; + if (s->force_x2apic) { + s->apicbase |= MSR_IA32_APICBASE_EXTD; + } s->id = s->initial_apic_id; apic_reset_irq_delivered(); diff --git a/include/hw/i386/apic.h b/include/hw/i386/apic.h index da1d2fe155..7d05abd7e0 100644 --- a/include/hw/i386/apic.h +++ b/include/hw/i386/apic.h @@ -19,6 +19,7 @@ void apic_init_reset(DeviceState *s); void apic_sipi(DeviceState *s); void apic_poll_irq(DeviceState *d); void apic_designate_bsp(DeviceState *d, bool bsp); +void apic_force_x2apic(DeviceState *d); int apic_get_highest_priority_irr(DeviceState *dev); /* pc.c */ diff --git a/include/hw/i386/apic_internal.h b/include/hw/i386/apic_internal.h index c175e7e718..eda0b5a587 100644 --- a/include/hw/i386/apic_internal.h +++ b/include/hw/i386/apic_internal.h @@ -187,6 +187,7 @@ struct APICCommonState { DeviceState *vapic; hwaddr vapic_paddr; /* note: persistence via kvmvapic */ bool legacy_instance_id; + bool force_x2apic; }; typedef struct VAPICState { diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 007d33989b..b4bd157fe1 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -137,6 +137,11 @@ int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) tdx_caps->nr_cpuid_configs = TDX1_MAX_NR_CPUID_CONFIGS; tdx_ioctl(KVM_TDX_CAPABILITIES, 0, tdx_caps); + if (!kvm_enable_x2apic()) { + error_report("Failed to enable x2apic in KVM"); + exit(1); + } + qemu_add_machine_init_done_late_notifier(&tdx_machine_done_late_notify); return 0; } @@ -279,6 +284,8 @@ void tdx_post_init_vcpu(CPUState *cpu) hob = tdx_get_hob_entry(tdx); _tdx_ioctl(cpu, KVM_TDX_INIT_VCPU, 0, (void *)hob->address); + + apic_force_x2apic(X86_CPU(cpu)->apic_state); } static bool tdx_guest_get_debug(Object *obj, Error **errp) -- 2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Isaku Yamahata <isaku.yamahata@intel.com> To: qemu-devel@nongnu.org, pbonzini@redhat.com, alistair@alistair23.me, ehabkost@redhat.com, marcel.apfelbaum@gmail.com, mst@redhat.com, cohuck@redhat.com, mtosatti@redhat.com, xiaoyao.li@intel.com, seanjc@google.com Cc: isaku.yamahata@intel.com, Sean Christopherson <sean.j.christopherson@intel.com>, isaku.yamahata@gmail.com, kvm@vger.kernel.org Subject: [RFC PATCH 22/23] i386/tdx: Force x2apic mode and routing for TDs Date: Mon, 15 Feb 2021 18:13:18 -0800 [thread overview] Message-ID: <99972768126128546e54fca3445c9673a527b67f.1613188118.git.isaku.yamahata@intel.com> (raw) In-Reply-To: <cover.1613188118.git.isaku.yamahata@intel.com> In-Reply-To: <cover.1613188118.git.isaku.yamahata@intel.com> From: Sean Christopherson <sean.j.christopherson@intel.com> TDX requires x2apic and "resets" vCPUs to have x2apic enabled. Model this in QEMU and unconditionally enable x2apic interrupt routing. This fixes issues where interrupts from IRQFD would not get forwarded to the guest due to KVM silently dropping the invalid routing entry. Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> --- hw/intc/apic_common.c | 12 ++++++++++++ include/hw/i386/apic.h | 1 + include/hw/i386/apic_internal.h | 1 + target/i386/kvm/tdx.c | 7 +++++++ 4 files changed, 21 insertions(+) diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c index 97dd96dffa..6a69027377 100644 --- a/hw/intc/apic_common.c +++ b/hw/intc/apic_common.c @@ -263,6 +263,15 @@ void apic_designate_bsp(DeviceState *dev, bool bsp) } } +void apic_force_x2apic(DeviceState *dev) +{ + if (dev == NULL) { + return; + } + + APIC_COMMON(dev)->force_x2apic = true; +} + static void apic_reset_common(DeviceState *dev) { APICCommonState *s = APIC_COMMON(dev); @@ -271,6 +280,9 @@ static void apic_reset_common(DeviceState *dev) bsp = s->apicbase & MSR_IA32_APICBASE_BSP; s->apicbase = APIC_DEFAULT_ADDRESS | bsp | MSR_IA32_APICBASE_ENABLE; + if (s->force_x2apic) { + s->apicbase |= MSR_IA32_APICBASE_EXTD; + } s->id = s->initial_apic_id; apic_reset_irq_delivered(); diff --git a/include/hw/i386/apic.h b/include/hw/i386/apic.h index da1d2fe155..7d05abd7e0 100644 --- a/include/hw/i386/apic.h +++ b/include/hw/i386/apic.h @@ -19,6 +19,7 @@ void apic_init_reset(DeviceState *s); void apic_sipi(DeviceState *s); void apic_poll_irq(DeviceState *d); void apic_designate_bsp(DeviceState *d, bool bsp); +void apic_force_x2apic(DeviceState *d); int apic_get_highest_priority_irr(DeviceState *dev); /* pc.c */ diff --git a/include/hw/i386/apic_internal.h b/include/hw/i386/apic_internal.h index c175e7e718..eda0b5a587 100644 --- a/include/hw/i386/apic_internal.h +++ b/include/hw/i386/apic_internal.h @@ -187,6 +187,7 @@ struct APICCommonState { DeviceState *vapic; hwaddr vapic_paddr; /* note: persistence via kvmvapic */ bool legacy_instance_id; + bool force_x2apic; }; typedef struct VAPICState { diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 007d33989b..b4bd157fe1 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -137,6 +137,11 @@ int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) tdx_caps->nr_cpuid_configs = TDX1_MAX_NR_CPUID_CONFIGS; tdx_ioctl(KVM_TDX_CAPABILITIES, 0, tdx_caps); + if (!kvm_enable_x2apic()) { + error_report("Failed to enable x2apic in KVM"); + exit(1); + } + qemu_add_machine_init_done_late_notifier(&tdx_machine_done_late_notify); return 0; } @@ -279,6 +284,8 @@ void tdx_post_init_vcpu(CPUState *cpu) hob = tdx_get_hob_entry(tdx); _tdx_ioctl(cpu, KVM_TDX_INIT_VCPU, 0, (void *)hob->address); + + apic_force_x2apic(X86_CPU(cpu)->apic_state); } static bool tdx_guest_get_debug(Object *obj, Error **errp) -- 2.17.1
next prev parent reply other threads:[~2021-02-16 2:15 UTC|newest] Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-02-16 2:12 [RFC PATCH 00/23] [RFC PATCH 00/24] TDX support Isaku Yamahata 2021-02-16 2:12 ` Isaku Yamahata 2021-02-16 2:12 ` [RFC PATCH 01/23] target/i386: Expose x86_cpu_get_supported_feature_word() for TDX Isaku Yamahata 2021-02-16 2:12 ` Isaku Yamahata 2021-02-16 7:53 ` Philippe Mathieu-Daudé 2021-02-16 7:53 ` Philippe Mathieu-Daudé 2021-02-16 2:12 ` [RFC PATCH 02/23] kvm: Switch KVM_CAP_READONLY_MEM to a per-VM ioctl() Isaku Yamahata 2021-02-16 2:12 ` Isaku Yamahata 2021-02-16 7:56 ` Philippe Mathieu-Daudé 2021-02-16 7:56 ` Philippe Mathieu-Daudé 2021-02-23 3:23 ` Isaku Yamahata 2021-02-23 3:23 ` Isaku Yamahata 2021-02-16 2:12 ` [RFC PATCH 03/23] KVM: i386: use VM capability check for KVM_CAP_X86_SMM Isaku Yamahata 2021-02-16 2:12 ` Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 04/23] i386/kvm: Move architectural CPUID leaf generation to separarte helper Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 05/23] vl: Introduce machine_init_done_late notifier Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 06/23] hw/i386: Introduce kvm-type for TDX guest Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 07/23] i386/kvm: Squash getting/putting guest state for TDX VMs Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 08/23] i386/kvm: Skip KVM_X86_SETUP_MCE for TDX guests Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 09/23] target/i386: kvm: don't synchronize guest tsc for TD guest Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 10/23] linux-headers: Update headers to pull in TDX API changes Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 11/23] hw/i386: Initialize TDX via KVM ioctl() when kvm_type is TDX Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 12/23] target/i386/tdx: Finalize the TD's measurement when machine is done Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 13/23] i386/tdx: Frame in tdx_get_supported_cpuid with KVM_TDX_CAPABILITIES Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 14/23] i386/tdx: Frame in the call for KVM_TDX_INIT_VCPU Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 15/23] i386/tdx: Add hook to require generic device loader Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 16/23] hw/i386: Add definitions from UEFI spec for volumes, resources, etc Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 17/23] i386/tdx: Add definitions for TDVF metadata Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 18/23] i386/tdx: Parse tdvf metadata and store the result into TdxGuest Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 19/23] i386/tdx: Create the TD HOB list upon machine init done Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 20/23] i386/tdx: Add TDVF memory via INIT_MEM_REGION Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 21/23] i386/tdx: Use KVM_TDX_INIT_VCPU to pass HOB to TDVF Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata [this message] 2021-02-16 2:13 ` [RFC PATCH 22/23] i386/tdx: Force x2apic mode and routing for TDs Isaku Yamahata 2021-02-16 2:13 ` [RFC PATCH 23/23] target/i386: Add machine option to disable PIC/8259 Isaku Yamahata 2021-02-16 2:13 ` Isaku Yamahata
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=99972768126128546e54fca3445c9673a527b67f.1613188118.git.isaku.yamahata@intel.com \ --to=isaku.yamahata@intel.com \ --cc=alistair@alistair23.me \ --cc=cohuck@redhat.com \ --cc=ehabkost@redhat.com \ --cc=isaku.yamahata@gmail.com \ --cc=kvm@vger.kernel.org \ --cc=marcel.apfelbaum@gmail.com \ --cc=mst@redhat.com \ --cc=mtosatti@redhat.com \ --cc=pbonzini@redhat.com \ --cc=qemu-devel@nongnu.org \ --cc=sean.j.christopherson@intel.com \ --cc=seanjc@google.com \ --cc=xiaoyao.li@intel.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.