From: isaku.yamahata@intel.com
To: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
"H . Peter Anvin" <hpa@zytor.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
x86@kernel.org, linux-kernel@vger.kernel.org,
kvm@vger.kernel.org
Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com,
Kai Huang <kai.huang@linux.intel.com>,
Sean Christopherson <sean.j.christopherson@intel.com>
Subject: [RFC PATCH 24/67] KVM: x86: Add per-VM flag to disable in-kernel I/O APIC and level routes
Date: Mon, 16 Nov 2020 10:26:09 -0800 [thread overview]
Message-ID: <b379033c7cc157444993dac67755575b486cb232.1605232743.git.isaku.yamahata@intel.com> (raw)
In-Reply-To: <cover.1605232743.git.isaku.yamahata@intel.com>
In-Reply-To: <cover.1605232743.git.isaku.yamahata@intel.com>
From: Kai Huang <kai.huang@linux.intel.com>
Add a flag to let TDX disallow the in-kernel I/O APIC, level triggered
routes for a userspace I/O APIC, and anything else that relies on being
able to intercept EOIs. TDX-SEAM does not allow intercepting EOI.
Note, technically KVM could partially emulate the I/O APIC by allowing
only edge triggered interrupts, but that adds a lot of complexity for
basically zero benefit. Ideally KVM wouldn't even allow I/O APIC route
reservation, but disabling that is a train wreck for Qemu.
Signed-off-by: Kai Huang <kai.huang@linux.intel.com>
Co-developed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
arch/x86/include/asm/kvm_host.h | 1 +
arch/x86/kvm/ioapic.c | 4 ++++
arch/x86/kvm/irq_comm.c | 6 +++++-
arch/x86/kvm/lapic.c | 3 ++-
arch/x86/kvm/x86.c | 6 ++++++
5 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index e5b706889d09..7537ba0bada2 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -977,6 +977,7 @@ struct kvm_arch {
enum kvm_irqchip_mode irqchip_mode;
u8 nr_reserved_ioapic_pins;
+ bool eoi_intercept_unsupported;
bool disabled_lapic_found;
diff --git a/arch/x86/kvm/ioapic.c b/arch/x86/kvm/ioapic.c
index 698969e18fe3..e2de6e552d25 100644
--- a/arch/x86/kvm/ioapic.c
+++ b/arch/x86/kvm/ioapic.c
@@ -311,6 +311,10 @@ void kvm_arch_post_irq_ack_notifier_list_update(struct kvm *kvm)
{
if (!ioapic_in_kernel(kvm))
return;
+
+ if (WARN_ON_ONCE(kvm->arch.eoi_intercept_unsupported))
+ return;
+
kvm_make_scan_ioapic_request(kvm);
}
diff --git a/arch/x86/kvm/irq_comm.c b/arch/x86/kvm/irq_comm.c
index 4aa1c2e00e2a..1523e9d66867 100644
--- a/arch/x86/kvm/irq_comm.c
+++ b/arch/x86/kvm/irq_comm.c
@@ -307,6 +307,10 @@ int kvm_set_routing_entry(struct kvm *kvm,
e->msi.address_hi = ue->u.msi.address_hi;
e->msi.data = ue->u.msi.data;
+ if (kvm->arch.eoi_intercept_unsupported &&
+ e->msi.data & (1 << MSI_DATA_TRIGGER_SHIFT))
+ return -EINVAL;
+
if (kvm_msi_route_invalid(kvm, e))
return -EINVAL;
break;
@@ -390,7 +394,7 @@ int kvm_setup_empty_irq_routing(struct kvm *kvm)
void kvm_arch_post_irq_routing_update(struct kvm *kvm)
{
- if (!irqchip_split(kvm))
+ if (!irqchip_split(kvm) || kvm->arch.eoi_intercept_unsupported)
return;
kvm_make_scan_ioapic_request(kvm);
}
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 105e7859d1f2..e6c0aaf4044e 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -278,7 +278,8 @@ void kvm_recalculate_apic_map(struct kvm *kvm)
if (old)
call_rcu(&old->rcu, kvm_apic_map_free);
- kvm_make_scan_ioapic_request(kvm);
+ if (!kvm->arch.eoi_intercept_unsupported)
+ kvm_make_scan_ioapic_request(kvm);
}
static inline void apic_set_spiv(struct kvm_lapic *apic, u32 val)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 4060f3d91f74..8d58141256c5 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -5454,6 +5454,9 @@ long kvm_arch_vm_ioctl(struct file *filp,
goto create_irqchip_unlock;
r = -EINVAL;
+ if (kvm->arch.eoi_intercept_unsupported)
+ goto create_irqchip_unlock;
+
if (kvm->created_vcpus)
goto create_irqchip_unlock;
@@ -5484,6 +5487,9 @@ long kvm_arch_vm_ioctl(struct file *filp,
u.pit_config.flags = KVM_PIT_SPEAKER_DUMMY;
goto create_pit;
case KVM_CREATE_PIT2:
+ r = -EINVAL;
+ if (kvm->arch.eoi_intercept_unsupported)
+ goto out;
r = -EFAULT;
if (copy_from_user(&u.pit_config, argp,
sizeof(struct kvm_pit_config)))
--
2.17.1
next prev parent reply other threads:[~2020-11-16 18:32 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-16 18:25 [RFC PATCH 00/67] KVM: X86: TDX support isaku.yamahata
2020-11-16 18:25 ` [RFC PATCH 01/67] x86/cpufeatures: Add synthetic feature flag for TDX (in host) isaku.yamahata
2020-11-16 18:25 ` [RFC PATCH 02/67] x86/msr-index: Define MSR_IA32_MKTME_KEYID_PART used by TDX isaku.yamahata
2020-11-16 18:25 ` [RFC PATCH 03/67] x86/cpu: Move get_builtin_firmware() common code (from microcode only) isaku.yamahata
2020-11-25 22:09 ` Borislav Petkov
2020-11-26 0:18 ` Sean Christopherson
2020-11-26 10:12 ` Borislav Petkov
2020-11-30 19:18 ` Sean Christopherson
2020-11-16 18:25 ` [RFC PATCH 04/67] KVM: Export kvm_io_bus_read for use by TDX for PV MMIO isaku.yamahata
2020-11-16 18:25 ` [RFC PATCH 05/67] KVM: Enable hardware before doing arch VM initialization isaku.yamahata
2020-11-16 18:25 ` [RFC PATCH 06/67] KVM: x86: Split core of hypercall emulation to helper function isaku.yamahata
2020-11-16 18:25 ` [RFC PATCH 07/67] KVM: x86: Export kvm_mmio tracepoint for use by TDX for PV MMIO isaku.yamahata
2020-11-16 18:25 ` [RFC PATCH 08/67] KVM: x86/mmu: Zap only leaf SPTEs for deleted/moved memslot by default isaku.yamahata
2020-11-16 18:25 ` [RFC PATCH 09/67] KVM: Add infrastructure and macro to mark VM as bugged isaku.yamahata
2020-11-16 18:25 ` [RFC PATCH 10/67] KVM: Export kvm_make_all_cpus_request() for use in marking VMs " isaku.yamahata
2020-11-16 18:25 ` [RFC PATCH 11/67] KVM: x86: Use KVM_BUG/KVM_BUG_ON to handle bugs that are fatal to the VM isaku.yamahata
2020-11-16 18:25 ` [RFC PATCH 12/67] KVM: x86/mmu: Mark VM as bugged if page fault returns RET_PF_INVALID isaku.yamahata
2020-11-16 18:25 ` [RFC PATCH 13/67] KVM: VMX: Explicitly check for hv_remote_flush_tlb when loading pgd() isaku.yamahata
2020-11-16 18:25 ` [RFC PATCH 14/67] KVM: Add max_vcpus field in common 'struct kvm' isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 15/67] KVM: x86: Add vm_type to differentiate legacy VMs from protected VMs isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 16/67] KVM: x86: Hoist kvm_dirty_regs check out of sync_regs() isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 17/67] KVM: x86: Introduce "protected guest" concept and block disallowed ioctls isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 18/67] KVM: x86: Add per-VM flag to disable direct IRQ injection isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 19/67] KVM: x86: Add flag to disallow #MC injection / KVM_X86_SETUP_MCE isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 20/67] KVM: x86: Make KVM_CAP_X86_SMM a per-VM capability isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 21/67] KVM: x86: Add flag to mark TSC as immutable (for TDX) isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 22/67] KVM: Add per-VM flag to mark read-only memory as unsupported isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 23/67] KVM: Add per-VM flag to disable dirty logging of memslots for TDs isaku.yamahata
2020-11-16 18:26 ` isaku.yamahata [this message]
2020-11-16 18:26 ` [RFC PATCH 25/67] KVM: x86: Allow host-initiated WRMSR to set X2APIC regardless of CPUID isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 26/67] KVM: x86: Add kvm_x86_ops .cache_gprs() and .flush_gprs() isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 27/67] KVM: x86: Add support for vCPU and device-scoped KVM_MEMORY_ENCRYPT_OP isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 28/67] KVM: x86: Introduce vm_teardown() hook in kvm_arch_vm_destroy() isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 29/67] KVM: x86: Add a switch_db_regs flag to handle TDX's auto-switched behavior isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 30/67] KVM: x86: Check for pending APICv interrupt in kvm_vcpu_has_events() isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 31/67] KVM: x86: Add option to force LAPIC expiration wait isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 32/67] KVM: x86: Add guest_supported_xss placholder isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 33/67] KVM: Export kvm_is_reserved_pfn() for use by TDX isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 34/67] KVM: x86: Add infrastructure for stolen GPA bits isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 35/67] KVM: x86/mmu: Explicitly check for MMIO spte in fast page fault isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 36/67] KVM: x86/mmu: Track shadow MMIO value on a per-VM basis isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 37/67] KVM: x86/mmu: Ignore bits 63 and 62 when checking for "present" SPTEs isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 38/67] KVM: x86/mmu: Allow non-zero init value for shadow PTE isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 39/67] KVM: x86/mmu: Refactor shadow walk in __direct_map() to reduce indentation isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 40/67] KVM: x86/mmu: Return old SPTE from mmu_spte_clear_track_bits() isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 41/67] KVM: x86/mmu: Frame in support for private/inaccessible shadow pages isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 42/67] KVM: x86/mmu: Move 'pfn' variable to caller of direct_page_fault() isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 43/67] KVM: x86/mmu: Introduce kvm_mmu_map_tdp_page() for use by TDX isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 44/67] KVM: VMX: Modify NMI and INTR handlers to take intr_info as param isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 45/67] KVM: VMX: Move NMI/exception handler to common helper isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 46/67] KVM: VMX: Split out guts of EPT violation to common/exposed function isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 47/67] KVM: VMX: Define EPT Violation architectural bits isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 48/67] KVM: VMX: Define VMCS encodings for shared EPT pointer isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 49/67] KVM: VMX: Add 'main.c' to wrap VMX and TDX isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 50/67] KVM: VMX: Move setting of EPT MMU masks to common VT-x code isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 51/67] KVM: VMX: Move register caching logic to common code isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 52/67] KVM: TDX: Add TDX "architectural" error codes isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 53/67] KVM: TDX: Add architectural definitions for structures and values isaku.yamahata
2021-06-11 2:25 ` Erdem Aktas
2020-11-16 18:26 ` [RFC PATCH 54/67] KVM: TDX: Define TDCALL exit reason isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 55/67] KVM: TDX: Add SEAMRR related MSRs macro definition isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 56/67] KVM: TDX: Add macro framework to wrap TDX SEAMCALLs isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 57/67] KVM: TDX: Stub in tdx.h with structs, accessors, and VMCS helpers isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 58/67] KVM: VMX: Add macro framework to read/write VMCS for VMs and TDs isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 59/67] KVM: VMX: Move AR_BYTES encoder/decoder helpers to common.h isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 60/67] KVM: VMX: MOVE GDT and IDT accessors to common code isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 61/67] KVM: VMX: Move .get_interrupt_shadow() implementation to common VMX code isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 62/67] KVM: TDX: Load and init TDX-SEAM module during boot isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 63/67] cpu/hotplug: Document that TDX also depends on booting CPUs once isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 64/67] KVM: TDX: Add "basic" support for building and running Trust Domains isaku.yamahata
[not found] ` <CAAYXXYwHp-wiAsSjfsLngriGZpdQHUVY6o7zdGrN2fNm_RJZAQ@mail.gmail.com>
2021-06-11 15:22 ` Sean Christopherson
[not found] ` <CAAYXXYxX_ns-D_OJCOkA+jgzSV6Hb=oHyLDb5fYMwF-2X5QAgQ@mail.gmail.com>
2021-06-15 1:10 ` Isaku Yamahata
2020-11-16 18:26 ` [RFC PATCH 65/67] KVM: x86: Mark the VM (TD) as bugged if non-coherent DMA is detected isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 66/67] fixup! KVM: TDX: Add "basic" support for building and running Trust Domains isaku.yamahata
2020-11-16 18:26 ` [RFC PATCH 67/67] KVM: X86: not for review: add dummy file for TDX-SEAM module isaku.yamahata
2021-05-19 16:37 ` [RFC PATCH 00/67] KVM: X86: TDX support Connor Kuehl
2021-05-20 9:31 ` Isaku Yamahata
2021-05-21 14:09 ` Connor Kuehl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b379033c7cc157444993dac67755575b486cb232.1605232743.git.isaku.yamahata@intel.com \
--to=isaku.yamahata@intel.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=isaku.yamahata@gmail.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kai.huang@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=sean.j.christopherson@intel.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).