[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH for-4.22] x86/hvm: Introduce force_x2apic flag

  • To: Teddy Astie <teddy.astie@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Wed, 12 Nov 2025 11:02:50 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0ZiXP8Zepi5lNeaO9BfEkf0pA6E1xpycNBx/AuwO7pI=; b=EQqwoBsdEAIfpZSfmGaoamHtZmfUUskBKoDsUHWt2P2iWRG7k+V+miKSj9ekuYqP5eD3ED/EL0ycQA9BCYxeTdIPgQxBA+TdKccbHGjAnIZ8n2dgo8Z4Fy6d06pg77/0DywqhPUVCBCoKBJORY8C/fDCYjcsK8nhRDkZiA0Hp9ay1cmBKxDdXNB+b6JPavnkDrSmPp+Z+yAAuP8tiEK1cDiEC0hZRVd0iigO1VYwQmYngRAq/nED3ZbM43V1oEvkhwKrvO8Td1aKlDVegdOu930iM5La77Ly4u3TwyBfaB90Q0OXB3LLenP5l3O2rwNacwgNKtai1ul8/RKZRgWw6w==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Ewm49zHvDlVZ1cODLVrARZCWucEacfDMH5XhVhHtGOBE4s1bomJup1zbEK340tvj/KjVWJtHlz4z1NDWxxU9gzXZ7PXBGQCuVDe9R6AkL3hs/HvLTwpB9sQswNZ5mWlHk6yyohZcq3Sn9fBnjJn6Pekf5V3jzZMfAniBJOmiTmH5S28crfbfB5i2V4v+rJqVmZW/tkj5CRA+39Aqjq1HgA4VGGdXaRxM1n42qgAZo3dNQoXQUQ28NuzJ/lrILbaekqB4R3IJ2sdqnoyHZ3/OLJZM+K+uDP0PZJ3DjYXCVTYHCPslaw0kSosb86gHh6H/S1krkopqRZIUfr/QoSNJkw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>, Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>, Grygorii Strashko <grygorii_strashko@xxxxxxxx>
  • Delivery-date: Wed, 12 Nov 2025 11:03:10 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 12/11/2025 10:35 am, Teddy Astie wrote:
> Le 29/10/2025 à 19:26, Teddy Astie a écrit :
>> Introduce a new flag to force the x2APIC enabled and preventing a
>> guest from switching back LAPIC to xAPIC mode.
>>
>> The semantics of this mode are based IA32_XAPIC_DISABLE_STATUS
>> architectural MSR of Intel specification.
>>
>> Signed-off-by: Teddy Astie <teddy.astie@xxxxxxxxxx>
>> ---
>> This feature can be useful for various reasons, starting with SEV as
>> it is complicated (especially with SEV-ES) to handle MMIO, and legacy
>> xAPIC is one thing that needs MMIO intercepts (and Linux uses it during
>> boot unless x2APIC is initially enabled, even if it switches to
>> x2apic afterward). It could also be interesting to reduce the attack
>> surface of the hypervisor (by only exposing x2apic to the guest).
>>
>> As it can allow to have MMIO-less guest (using PVH), perhaps it can
>> be enough for avoiding the problematic cases of virtualized INVLPGB
>> (when we have it).
>>
>> In my testing, Linux, FreeBSD and PV-shim works fine with it; OVMF
>> freezes for some reason, NetBSD doesn't support it (no x2apic support
>> as Xen guest). HVM BIOS gets stuck at SeaBIOS as it expects booting
>> with xAPIC.
>>
>> On Intel platforms, it would be better to expose the
>> IA32_XAPIC_DISABLE_STATUS architectural MSR to advertise this to
>> guest, but it's non-trivial as it needs to be properly exposed
>> through IA32_ARCH_CAPABILITIES which is currently passed-through.
>>
>>   docs/man/xl.cfg.5.pod.in              |  7 +++++++
>>   tools/libs/light/libxl_types.idl      |  1 +
>>   tools/libs/light/libxl_x86.c          |  4 ++++
>>   tools/xl/xl_parse.c                   |  1 +
>>   xen/arch/x86/domain.c                 |  2 +-
>>   xen/arch/x86/hvm/hvm.c                |  2 ++
>>   xen/arch/x86/hvm/vlapic.c             | 23 ++++++++++++++++++++++-
>>   xen/arch/x86/include/asm/domain.h     |  2 ++
>>   xen/arch/x86/include/asm/hvm/domain.h |  3 +++
>>   xen/include/public/arch-x86/xen.h     | 12 +++++++++++-
>>   10 files changed, 54 insertions(+), 3 deletions(-)
>>
> I guess for now, it would be preferable overall to :
> - just add a way to enable it by default, not lock in it in x2apic mode
> - the ability to lock it down (i.e disable xAPIC at compile time) could 
> be introduced separately
>
> I'm not completely decided on the naming of the option, maybe something 
> like :
> x2apic_mode = <default> | <pre_enable> (or just enable ?)
>
> `default` will keep the current behavior, or force x2apic if xAPIC is 
> disabled at compile time; `pre_enable` will enable it by default, but OS 
> may be able to go back to xAPIC mode if supported.

You don't need any new hypercalls.  Just set the state correctly in a
LAPIC record in libxg's vcpu_hvm().

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.