From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6164315CD74
	for <linux-kernel@vger.kernel.org>; Wed,  8 Jan 2025 15:01:03 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1736348464; cv=none; b=t1g16yNCwjvzt7BdYnoh5SS7i4zKKBP42AXTKkl56gfrS1lYDo5KimdbvEAfubZPjqb1tKVmfrn98Kwx6Mw8kku3xeEkbqfvtJ/UZuKN27A33jBYkvlWu6WL1SKD9T4gFGbFzw4+/2SVlIn/hVYuIVhAlAZEtgny05SeQQUeFzY=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1736348464; c=relaxed/simple;
	bh=nyV2yl3XmNDhQ40W7YYCBaBWCDclqEByPJGKII1QDBA=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type; b=nfat2+xKRBQRSgYbpoeas3z74EfZF4ZwL97Ukd7EEny2ioIeNcMQFEIvACG/gi55URJCySCDdSc5f9MNckwt3XlwoH6j5x5cWAD5ydM0NWdkXI/lO3l5LUSWP+W6Hfo6scuBWy5agy4KAs9i7bR/2L/p8kzIlHKJfw9NaJfRUDU=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=wTKCtLEm; arc=none smtp.client-ip=209.85.216.74
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="wTKCtLEm"
Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2ef9b9981f1so38933133a91.3
        for <linux-kernel@vger.kernel.org>; Wed, 08 Jan 2025 07:01:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1736348463; x=1736953263; darn=vger.kernel.org;
        h=content-transfer-encoding:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id
         :reply-to;
        bh=/BxpHeQa6+oVcHk1D5x+DCISdWdWpyOX6w9TVx4KjZs=;
        b=wTKCtLEmrkvOllL+NbJrzl5JdEYnqCasorgC26rk+s9Edr/zfpzvGqGv6bfRs6zTmQ
         w/O/weH//g9a2zUwA8vyCGV0g182INkzpgilen5s05iPmOIxvOq4CtIAz2DiFd6z28LZ
         bXHq/TjMLM40a0OO6yA3lASpJPaDZasSYjKC82+xfaElrdPCM7UgjcNIThZXYj6UA2BI
         T7dVSg2BAz+EgxZFr7YzE0og91ZG2CWR2z1UqjTZ1kLPhIKzJmYNsMvdJMsvUilNI0+8
         4M6hmw5mzeU3zFMrf9AKdUWKFaaV/uktoal+eUu5GDaJSigZmycO2sARmUgwN1guuP5z
         IRdg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1736348463; x=1736953263;
        h=content-transfer-encoding:cc:to:from:subject:message-id:references
         :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject
         :date:message-id:reply-to;
        bh=/BxpHeQa6+oVcHk1D5x+DCISdWdWpyOX6w9TVx4KjZs=;
        b=ojiJ23PpfGpWoc1xurABsuMpSv3j9NLmX32ILs/kssF0ZJsMX3aGYeh39wbokkDn0N
         jKrqm4KR6+eVal6Z16Td6vf1H6G1PEG1qaNIl9WOBMSxmNcRJNKDh7HV5OdqPSv/6/y0
         mM4kEczVT61KFf/oCNA6/OLv5GlTTigYQ13T4+WQojRmgPIQfuZsARBRRCZ31GxL3owd
         knJ9bvrIvzsAnhkgeOyYdvc2y+XGPkUfRGstHtb47GknA2NCE8OaY8HNpkhCudHEGxDW
         Ore7pPng8glA5LfFNw98FuwLgGUMrHQqOZ56WD6rJRQjjvifOY08lVDuRe3vbUJveWKH
         xZug==
X-Forwarded-Encrypted: i=1; AJvYcCX1owRxRY0Q502GgIuV4qTrtvn24dMl059TFxFrJjh28zrTF4CNVMhNRf1W77wVS84qeHktCmrRDAUnN9Y=@vger.kernel.org
X-Gm-Message-State: AOJu0Yx2Em5o4MaTGZZpQ+VnXq3d4ER57zkyu8BDonVpKtznEAXK0QlC
	MaZhIYivBCup5txF2iFDFlxmByh+MvdZ6IJ9HF3fBfp+gxf5IXJsvdu1HIgVJ4ea6fUDzf3oO6A
	HRQ==
X-Google-Smtp-Source: AGHT+IHPEwOjIRpY3qflTXtWlCZWrnzWqpeJtMdMBn2fUt52cnKKWya/HJRk3WY+oGQFCmrz/1mIlOBmAf0=
X-Received: from pfbcv10.prod.google.com ([2002:a05:6a00:44ca:b0:725:e60b:1e4f])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:178e:b0:725:f4c6:6b81
 with SMTP id d2e1a72fcca58-72d21f459e8mr4979296b3a.2.1736348462619; Wed, 08
 Jan 2025 07:01:02 -0800 (PST)
Date: Wed, 8 Jan 2025 07:01:01 -0800
In-Reply-To: <Z34NGyZL7G_j716N@tlindgre-MOBL1>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241030190039.77971-1-rick.p.edgecombe@intel.com>
 <CABgObfZsF+1YGTQO_+uF+pBPm-i08BrEGCfTG8_o824776c=6Q@mail.gmail.com>
 <94e37a815632447d4d16df0a85f3ec2e346fca49.camel@intel.com>
 <Z3zZw2jYII2uhoFx@tlindgre-MOBL1> <7f8d0beb-cc02-467d-ae2a-10e22571e5cf@suse.com>
 <Z34NGyZL7G_j716N@tlindgre-MOBL1>
Message-ID: <Z36TLcX1kOe1ltjp@google.com>
Subject: Re: [PATCH v2 00/25] TDX vCPU/VM creation
From: Sean Christopherson <seanjc@google.com>
To: Tony Lindgren <tony.lindgren@linux.intel.com>
Cc: Nikolay Borisov <nik.borisov@suse.com>, Rick P Edgecombe <rick.p.edgecombe@intel.com>, 
	"pbonzini@redhat.com" <pbonzini@redhat.com>, Kai Huang <kai.huang@intel.com>, 
	Xiaoyao Li <xiaoyao.li@intel.com>, 
	"isaku.yamahata@gmail.com" <isaku.yamahata@gmail.com>, 
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, "kvm@vger.kernel.org" <kvm@vger.kernel.org>, 
	Yan Y Zhao <yan.y.zhao@intel.com>, Reinette Chatre <reinette.chatre@intel.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

On Wed, Jan 08, 2025, Tony Lindgren wrote:
> On Tue, Jan 07, 2025 at 02:41:51PM +0200, Nikolay Borisov wrote:
> > On 7.01.25 =D0=B3. 9:37 =D1=87., Tony Lindgren wrote:
> > > --- a/arch/x86/kvm/lapic.c
> > > +++ b/arch/x86/kvm/lapic.c
> > > @@ -139,6 +139,8 @@ __read_mostly DEFINE_STATIC_KEY_FALSE(kvm_has_noa=
pic_vcpu);
> > >   EXPORT_SYMBOL_GPL(kvm_has_noapic_vcpu);
> > >   __read_mostly DEFINE_STATIC_KEY_DEFERRED_FALSE(apic_hw_disabled, HZ=
);
> > > +EXPORT_SYMBOL_GPL(apic_hw_disabled);
> >=20
> > Is it really required to expose this symbol? apic_hw_disabled is define=
d as
> > static inline in the header?

No, apic_hw_disabled can't be "static inline", because it's a variable, not=
 a
function.

> For loadable modules yes, otherwise we'll get:
>=20
> ERROR: modpost: "apic_hw_disabled" [arch/x86/kvm/kvm-intel.ko] undefined!
>=20
> This is similar to the EXPORT_SYMBOL_GPL(kvm_has_noapic_vcpu) already
> there.

Heh, which is a hint that you're using the wrong helper.  TDX should check
lapic_in_kernel(), not kvm_apic_present().  The former verifies that local =
APIC
emulation/virtualization is handed in-kernel, i.e. by KVM.  The latter chec=
ks
that the local APIC is in-kernel *and* that the vCPU's local APIC is hardwa=
re
enabled, and checking that the local APIC is hardware enabled is unnecessar=
y
and only works by sheer dumb luck.

The only reason kvm_create_lapic() stuffs the enable bit is to avoid toggli=
ng
the static key, which incurs costly IPIs to patch kernel text.  If
apic_hw_disabled were to be removed (which is somewhat seriously being cons=
idered),
this code would be deleted and TDX would break.

	/*
	 * Stuff the APIC ENABLE bit in lieu of temporarily incrementing
	 * apic_hw_disabled; the full RESET value is set by kvm_lapic_reset().
	 */
	vcpu->arch.apic_base =3D MSR_IA32_APICBASE_ENABLE;