Re: [RFC 01/14] x86/apic: Add new driver for Secure AVIC

From: Neeraj Upadhyay
Date: Mon Nov 25 2024 - 02:22:01 EST




On 11/21/2024 4:23 PM, Borislav Petkov wrote:
> On Thu, Nov 21, 2024 at 01:33:29PM +0530, Neeraj Upadhyay wrote:
>> As SAVIC's guest APIC register accesses match x2avic (which uses x2APIC MSR
>> interface in guest), the x2apic common flow need to be executed in the
>> guest.
>
> How much of that "common flow" is actually needed by SAVIC?
>

I see most of that flow required. By removing dependency on CONFIG_X86_X2APIC
and enabling SAVIC, I see below boot issues:

- Crash in register_lapic_address() in below path:

register_lapic_address+0x82/0xe0
early_acpi_boot_init+0xc7/0x160
setup_arch+0x9b2/0xec0

The issue happens as register_lapic_address() tries to setup APIC MMIO,
which applies to XAPIC and not to X2APIC. As SAVIC only supports X2APIC
msr interface, APIC MMIO setup fails.

void __init register_lapic_address(unsigned long address)
{
/* This should only happen once */
WARN_ON_ONCE(mp_lapic_addr);
mp_lapic_addr = address;

if (!x2apic_mode)
apic_set_fixmap(true);
}

- x2apic_enable() (which enables X2APIC in APIC base reg) not being called causes
read_msr_from_hv() to return below error:

Secure AVIC msr (0x803) read returned error (4)
KVM: unknown exit reason 24

- x2apic_set_max_apicid() not being called causes below BUG_ON to happen:

kernel BUG at arch/x86/kernel/apic/io_apic.c:2292!

void __init setup_IO_APIC(void)
{
...
for_each_ioapic(ioapic)
BUG_ON(mp_irqdomain_create(ioapic));
...
}



- Neeraj