lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7416f775-9859-4148-acbf-875dbb9db108@linux.intel.com>
Date: Mon, 6 Jan 2025 10:18:41 +0800
From: Binbin Wu <binbin.wu@...ux.intel.com>
To: Vishal Annapurve <vannapurve@...gle.com>
Cc: pbonzini@...hat.com, seanjc@...gle.com, kvm@...r.kernel.org,
 rick.p.edgecombe@...el.com, kai.huang@...el.com, adrian.hunter@...el.com,
 reinette.chatre@...el.com, xiaoyao.li@...el.com,
 tony.lindgren@...ux.intel.com, isaku.yamahata@...el.com,
 yan.y.zhao@...el.com, chao.gao@...el.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 13/16] KVM: TDX: Add methods to ignore virtual apic
 related operation




On 1/4/2025 6:04 AM, Vishal Annapurve wrote:
> On Sun, Dec 8, 2024 at 5:12 PM Binbin Wu <binbin.wu@...ux.intel.com> wrote:
>> From: Isaku Yamahata <isaku.yamahata@...el.com>
>> ...
>> +}
>> +
>>   static void vt_apicv_pre_state_restore(struct kvm_vcpu *vcpu)
>>   {
>>          struct pi_desc *pi = vcpu_to_pi_desc(vcpu);
>> @@ -236,6 +245,22 @@ static void vt_apicv_pre_state_restore(struct kvm_vcpu *vcpu)
>>          memset(pi->pir, 0, sizeof(pi->pir));
> Should this be a nop for TDX VMs? pre_state_restore could cause
> pending PIRs to get cleared as KVM doesn't have ability to sync them
> to vIRR in absence of access to the VAPIC page.
This callback is called by kvm_lapic_reset() and kvm_apic_set_state().
If it is call by kvm_lapic_reset(), it should be cleared.

If it is called by kvm_apic_set_state() when userspace want to setup the
lapic. It will be needed when live migration is enabled for TDX.
For VMX VM, the PIR is synced to vIRR and then the state will be sent to
destination VM.
For TDX guest, I am not sure the final solution to sync PIR from source to
destination TDX guest. I guess TDX module probably will do the job. Will
ask Intel guys to check what is the solution.
For this base series, TDX live migration is not supported yet, it is OK
to reset PIR for now.

>
>>   }
>>
>> +static void vt_hwapic_irr_update(struct kvm_vcpu *vcpu, int max_irr)
>> +{
>> +       if (is_td_vcpu(vcpu))
>> +               return;
>> +
>> +       return vmx_hwapic_irr_update(vcpu, max_irr);
>> +}
>> +

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ