Re: [RFC 01/14] x86/apic: Add new driver for Secure AVIC
From: Neeraj Upadhyay
Date: Mon Nov 25 2024 - 02:22:01 EST
On 11/21/2024 4:23 PM, Borislav Petkov wrote:
> On Thu, Nov 21, 2024 at 01:33:29PM +0530, Neeraj Upadhyay wrote:
>> As SAVIC's guest APIC register accesses match x2avic (which uses x2APIC MSR
>> interface in guest), the x2apic common flow need to be executed in the
>> guest.
>
> How much of that "common flow" is actually needed by SAVIC?
>
I see most of that flow required. By removing dependency on CONFIG_X86_X2APIC
and enabling SAVIC, I see below boot issues:
- Crash in register_lapic_address() in below path:
register_lapic_address+0x82/0xe0
early_acpi_boot_init+0xc7/0x160
setup_arch+0x9b2/0xec0
The issue happens as register_lapic_address() tries to setup APIC MMIO,
which applies to XAPIC and not to X2APIC. As SAVIC only supports X2APIC
msr interface, APIC MMIO setup fails.
void __init register_lapic_address(unsigned long address)
{
/* This should only happen once */
WARN_ON_ONCE(mp_lapic_addr);
mp_lapic_addr = address;
if (!x2apic_mode)
apic_set_fixmap(true);
}
- x2apic_enable() (which enables X2APIC in APIC base reg) not being called causes
read_msr_from_hv() to return below error:
Secure AVIC msr (0x803) read returned error (4)
KVM: unknown exit reason 24
- x2apic_set_max_apicid() not being called causes below BUG_ON to happen:
kernel BUG at arch/x86/kernel/apic/io_apic.c:2292!
void __init setup_IO_APIC(void)
{
...
for_each_ioapic(ioapic)
BUG_ON(mp_irqdomain_create(ioapic));
...
}
- Neeraj