From: Grygorii Strashko <grygorii_strashko@epam.com>
To: Teddy Astie <teddy.astie@vates.tech>, xen-devel@lists.xenproject.org
Cc: "Anthony PERARD" <anthony.perard@vates.tech>,
"Juergen Gross" <jgross@suse.com>,
"Jan Beulich" <jbeulich@suse.com>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"Roger Pau Monné" <roger.pau@citrix.com>,
"Oleksii Kurochko" <oleksii.kurochko@gmail.com>,
"Alejandro.GarciaVallejo@amd.com"
<Alejandro.GarciaVallejo@amd.com>,
"Jason Andryuk" <Jason.Andryuk@amd.com>
Subject: Re: [RFC PATCH for-4.22] x86/hvm: Introduce force_x2apic flag
Date: Thu, 30 Oct 2025 01:08:01 +0200 [thread overview]
Message-ID: <ee234574-384f-438a-8bf2-e250b61bc75b@epam.com> (raw)
In-Reply-To: <d498a50f6187b362ac5da3c6a7a7c348f35dc4b3.1761761288.git.teddy.astie@vates.tech>
On 29.10.25 20:26, Teddy Astie wrote:
> Introduce a new flag to force the x2APIC enabled and preventing a
> guest from switching back LAPIC to xAPIC mode.
>
> The semantics of this mode are based IA32_XAPIC_DISABLE_STATUS
> architectural MSR of Intel specification.
>
> Signed-off-by: Teddy Astie <teddy.astie@vates.tech>
> ---
> This feature can be useful for various reasons, starting with SEV as
> it is complicated (especially with SEV-ES) to handle MMIO, and legacy
> xAPIC is one thing that needs MMIO intercepts (and Linux uses it during
> boot unless x2APIC is initially enabled, even if it switches to
> x2apic afterward). It could also be interesting to reduce the attack
> surface of the hypervisor (by only exposing x2apic to the guest).
>
> As it can allow to have MMIO-less guest (using PVH), perhaps it can
> be enough for avoiding the problematic cases of virtualized INVLPGB
> (when we have it).
>
> In my testing, Linux, FreeBSD and PV-shim works fine with it; OVMF
> freezes for some reason, NetBSD doesn't support it (no x2apic support
> as Xen guest). HVM BIOS gets stuck at SeaBIOS as it expects booting
> with xAPIC.
>
> On Intel platforms, it would be better to expose the
> IA32_XAPIC_DISABLE_STATUS architectural MSR to advertise this to
> guest, but it's non-trivial as it needs to be properly exposed
> through IA32_ARCH_CAPABILITIES which is currently passed-through.
>
> docs/man/xl.cfg.5.pod.in | 7 +++++++
> tools/libs/light/libxl_types.idl | 1 +
> tools/libs/light/libxl_x86.c | 4 ++++
> tools/xl/xl_parse.c | 1 +
> xen/arch/x86/domain.c | 2 +-
> xen/arch/x86/hvm/hvm.c | 2 ++
> xen/arch/x86/hvm/vlapic.c | 23 ++++++++++++++++++++++-
> xen/arch/x86/include/asm/domain.h | 2 ++
> xen/arch/x86/include/asm/hvm/domain.h | 3 +++
> xen/include/public/arch-x86/xen.h | 12 +++++++++++-
> 10 files changed, 54 insertions(+), 3 deletions(-)
>
> diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in
> index ad1553c5e9..01b41d93c0 100644
> --- a/docs/man/xl.cfg.5.pod.in
> +++ b/docs/man/xl.cfg.5.pod.in
> @@ -3198,6 +3198,13 @@ option.
>
> If using this option is necessary to fix an issue, please report a bug.
>
> +=item B<force_x2apic=BOOLEAN>
> +
> +Force the LAPIC in x2APIC mode and prevent the guest from disabling
> +it or switching to xAPIC mode.
> +
> +This option is disabled by default.
> +
> =back
>
> =head1 SEE ALSO
[...]
>
> diff --git a/xen/arch/x86/include/asm/domain.h b/xen/arch/x86/include/asm/domain.h
> index 5df8c78253..771992d156 100644
> --- a/xen/arch/x86/include/asm/domain.h
> +++ b/xen/arch/x86/include/asm/domain.h
> @@ -509,6 +509,8 @@ struct arch_domain
> #define has_pirq(d) (!!((d)->arch.emulation_flags & X86_EMU_USE_PIRQ))
> #define has_vpci(d) (!!((d)->arch.emulation_flags & X86_EMU_VPCI))
>
> +#define has_force_x2apic(d) ((d)->arch.hvm.force_x2apic)
Would it be possible for you to consider having Kconfig option to make
such configuration global, static?
--
Best regards,
-grygorii
next prev parent reply other threads:[~2025-10-29 23:08 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-29 18:26 [RFC PATCH for-4.22] x86/hvm: Introduce force_x2apic flag Teddy Astie
2025-10-29 18:52 ` Roger Pau Monné
2025-10-29 20:06 ` Teddy Astie
2025-10-30 8:24 ` Roger Pau Monné
2025-10-30 7:49 ` Jan Beulich
2025-10-29 23:08 ` Grygorii Strashko [this message]
2025-10-30 7:46 ` Jan Beulich
2025-11-11 12:36 ` Alejandro Vallejo
2025-10-30 7:54 ` Jan Beulich
2025-10-31 14:33 ` Teddy Astie
2025-11-06 8:17 ` Jan Beulich
2025-11-11 12:31 ` Alejandro Vallejo
2025-11-11 13:32 ` Andrew Cooper
2025-11-12 10:35 ` Teddy Astie
2025-11-12 11:02 ` Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ee234574-384f-438a-8bf2-e250b61bc75b@epam.com \
--to=grygorii_strashko@epam.com \
--cc=Alejandro.GarciaVallejo@amd.com \
--cc=Jason.Andryuk@amd.com \
--cc=andrew.cooper3@citrix.com \
--cc=anthony.perard@vates.tech \
--cc=jbeulich@suse.com \
--cc=jgross@suse.com \
--cc=oleksii.kurochko@gmail.com \
--cc=roger.pau@citrix.com \
--cc=teddy.astie@vates.tech \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.