git.kernel.dk Git - linux-2.6-block.git/commit

author	Isaku Yamahata <isaku.yamahata@intel.com>
	Sat, 22 Feb 2025 01:47:50 +0000 (09:47 +0800)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Fri, 14 Mar 2025 18:20:56 +0000 (14:20 -0400)
commit	4cdf243eb1f5a4e87fc1883de9332f6ac0476a9c
tree	dd98ebf9a7db32dcec99aae3db05cef7ec51f316	tree
parent	2b06beb08f560dbc14f1887cc32f7291586209c4	commit \| diff

KVM: TDX: Always block INIT/SIPI

Always block INIT and SIPI events for the TDX guest because the TDX module
doesn't provide API for VMM to inject INIT IPI or SIPI.

TDX defines its own vCPU creation and initialization sequence including
multiple seamcalls. Also, it's only allowed during TD build time.

Given that TDX guest is para-virtualized to boot BSP/APs, normally there
shouldn't be any INIT/SIPI event for TDX guest. If any, three options to
handle them:
1. Always block INIT/SIPI request.
2. (Silently) ignore INIT/SIPI request during delivery.
3. Return error to guest TDs somehow.

Choose option 1 for simplicity. Since INIT and SIPI are always blocked,
INIT handling and the OP vcpu_deliver_sipi_vector() won't be called, no
need to add new interface or helper function for INIT/SIPI delivery.

Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Co-developed-by: Binbin Wu <binbin.wu@linux.intel.com>
Signed-off-by: Binbin Wu <binbin.wu@linux.intel.com>
Message-ID: <20250222014757.897978-10-binbin.wu@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

arch/x86/kvm/vmx/main.c		diff \| blob \| blame \| history
arch/x86/kvm/vmx/tdx.c		diff \| blob \| blame \| history
arch/x86/kvm/vmx/x86_ops.h		diff \| blob \| blame \| history