Re: [PATCH v19 094/130] KVM: TDX: Implement methods to inject NMI

From: Isaku Yamahata
Date: Tue Apr 02 2024 - 03:09:39 EST


On Fri, Mar 29, 2024 at 10:11:05AM +0800,
Chao Gao <chao.gao@xxxxxxxxx> wrote:

> >+static void vt_set_nmi_mask(struct kvm_vcpu *vcpu, bool masked)
> >+{
> >+ if (is_td_vcpu(vcpu))
> >+ return;
> >+
> >+ vmx_set_nmi_mask(vcpu, masked);
> >+}
> >+
> >+static void vt_enable_nmi_window(struct kvm_vcpu *vcpu)
> >+{
> >+ /* Refer the comment in vt_get_nmi_mask(). */
> >+ if (is_td_vcpu(vcpu))
> >+ return;
> >+
> >+ vmx_enable_nmi_window(vcpu);
> >+}
>
> The two actually request something to do done for the TD. But we make them nop
> as TDX module doesn't support VMM to configure nmi mask and nmi window. Do you
> think they are worth a WARN_ON_ONCE()? or adding WARN_ON_ONCE() requires a lot
> of code factoring in KVM's NMI injection logics?

Because user space can reach those hooks with KVM_SET_VCPU_EVENTS, we shouldn't
add WARN_ON_ONCE(). There are two choices. Ignore the request (the current
choice) or return error for unsupported request.

It's troublesome to allow error for them because we have to fix up the caller
up to the user space. The user space may abort on such error without fix.
--
Isaku Yamahata <isaku.yamahata@xxxxxxxxx>