Re: [RFC 01/14] x86/apic: Add new driver for Secure AVIC

[Neeraj Upadhyay]

On 11/21/2024 4:23 PM, Borislav Petkov wrote:
> On Thu, Nov 21, 2024 at 01:33:29PM +0530, Neeraj Upadhyay wrote:
>> As SAVIC's guest APIC register accesses match x2avic (which uses x2APIC MSR
>> interface in guest), the x2apic common flow need to be executed in the
>> guest.
> 
> How much of that "common flow" is actually needed by SAVIC?
> 

I see most of that flow required. By removing dependency on CONFIG_X86_X2APIC 
and enabling SAVIC, I see below boot issues:

- Crash in register_lapic_address() in below path:

    register_lapic_address+0x82/0xe0
    early_acpi_boot_init+0xc7/0x160
    setup_arch+0x9b2/0xec0

The issue happens as register_lapic_address() tries to setup APIC MMIO,
which applies to XAPIC and not to X2APIC. As SAVIC only supports X2APIC
msr interface, APIC MMIO setup fails.

void __init register_lapic_address(unsigned long address)
{
	/* This should only happen once */
	WARN_ON_ONCE(mp_lapic_addr);
	mp_lapic_addr = address;

	if (!x2apic_mode)
		apic_set_fixmap(true);
}

- x2apic_enable() (which enables X2APIC in APIC base reg) not being called causes
  read_msr_from_hv() to return below error:

  Secure AVIC msr (0x803) read returned error (4)
  KVM: unknown exit reason 24

- x2apic_set_max_apicid() not being called causes below BUG_ON to happen:

  kernel BUG at arch/x86/kernel/apic/io_apic.c:2292!

  void __init setup_IO_APIC(void)
  {
        ...
        for_each_ioapic(ioapic)
                BUG_ON(mp_irqdomain_create(ioapic));
        ...
  }



- Neeraj