[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH for-4.22] x86/hvm: Introduce force_x2apic flag

  • To: Teddy Astie <teddy.astie@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Grygorii Strashko <grygorii_strashko@xxxxxxxx>
  • Date: Thu, 30 Oct 2025 01:08:01 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rrLeplXh79pypeIlqsPO7ZRY8OH5CRWSIdvghemi1lw=; b=skEk6k6XPl2o/pkIsI4VQVb+gPxJoVDv4zLcHGLy+LPn+KBJUbJX4hkeTNQMvFctCm7ayYhfJRh9ea+aHY7OUGWJ2tOQu244aXPGiz0ric2s3qwfkKGz0k4W+zphymcinqDtVAVIFr9t6Yj1xqhoBA1B9Yvaw1s6N1MSr5HJPW/soZPOMYEM1saGOXedo6w0UzMBIYcDrbpZ9Y0DV7/LWftSPOH4e3Q1Vp4iHyETvgA9It4aPjOb1EGr81sFAcdtBJoRvE1vP3Mw29M9IGojmbcj5WVxfGJy5xCiF1p5VYjBp1A82N49FQ1iYJPYLY+IwQDyoVdwFLqUIKcnbtq8EA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=yob2e8qdd0PGt4GQKQePgtTZa0lirSm6yP4GunXyyw5qQcx+cZB5023YK+7WZ2wxOthQRqTGxxK8tT/iG47Vc2wPB4KiWGM4hEmCvTrRVqwrf7+6GIeAMyJzAdiOROFYdaW6IUPxT+BmPraEHwWJB+csRmg3oP2nshG+POlZUg3VC7Tu+9kH0nzB+PJOj5/f8XW6DNFSQAly4UV4VoRdnmeUADIjxLK2lVV1J12qTS0QGxT3YWsRfy4OBaggGgBeDGKomdf8KMyXeB3hBy6TmpqaJgge/bExJ/wlEO+3rkaSNwNh31TXMw4gkJ+tLAJGlt476YxEfZop6tmJa7H6Rg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;
  • Cc: Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>, "Alejandro.GarciaVallejo@xxxxxxx" <Alejandro.GarciaVallejo@xxxxxxx>, Jason Andryuk <Jason.Andryuk@xxxxxxx>
  • Delivery-date: Wed, 29 Oct 2025 23:08:27 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>


On 29.10.25 20:26, Teddy Astie wrote:

Introduce a new flag to force the x2APIC enabled and preventing a
guest from switching back LAPIC to xAPIC mode.

The semantics of this mode are based IA32_XAPIC_DISABLE_STATUS
architectural MSR of Intel specification.

Signed-off-by: Teddy Astie <teddy.astie@xxxxxxxxxx>
---
This feature can be useful for various reasons, starting with SEV as
it is complicated (especially with SEV-ES) to handle MMIO, and legacy
xAPIC is one thing that needs MMIO intercepts (and Linux uses it during
boot unless x2APIC is initially enabled, even if it switches to
x2apic afterward). It could also be interesting to reduce the attack
surface of the hypervisor (by only exposing x2apic to the guest).

As it can allow to have MMIO-less guest (using PVH), perhaps it can
be enough for avoiding the problematic cases of virtualized INVLPGB
(when we have it).

In my testing, Linux, FreeBSD and PV-shim works fine with it; OVMF
freezes for some reason, NetBSD doesn't support it (no x2apic support
as Xen guest). HVM BIOS gets stuck at SeaBIOS as it expects booting
with xAPIC.

On Intel platforms, it would be better to expose the
IA32_XAPIC_DISABLE_STATUS architectural MSR to advertise this to
guest, but it's non-trivial as it needs to be properly exposed
through IA32_ARCH_CAPABILITIES which is currently passed-through.

  docs/man/xl.cfg.5.pod.in              |  7 +++++++
  tools/libs/light/libxl_types.idl      |  1 +
  tools/libs/light/libxl_x86.c          |  4 ++++
  tools/xl/xl_parse.c                   |  1 +
  xen/arch/x86/domain.c                 |  2 +-
  xen/arch/x86/hvm/hvm.c                |  2 ++
  xen/arch/x86/hvm/vlapic.c             | 23 ++++++++++++++++++++++-
  xen/arch/x86/include/asm/domain.h     |  2 ++
  xen/arch/x86/include/asm/hvm/domain.h |  3 +++
  xen/include/public/arch-x86/xen.h     | 12 +++++++++++-
  10 files changed, 54 insertions(+), 3 deletions(-)

diff --git a/docs/man/xl.cfg.5.pod.in b/docs/man/xl.cfg.5.pod.in
index ad1553c5e9..01b41d93c0 100644
--- a/docs/man/xl.cfg.5.pod.in
+++ b/docs/man/xl.cfg.5.pod.in
@@ -3198,6 +3198,13 @@ option.
If using this option is necessary to fix an issue, please report a bug. +=item B<force_x2apic=BOOLEAN> 
+
+Force the LAPIC in x2APIC mode and prevent the guest from disabling
+it or switching to xAPIC mode.
+
+This option is disabled by default.
+
  =back
=head1 SEE ALSO 

[...]
diff --git a/xen/arch/x86/include/asm/domain.h b/xen/arch/x86/include/asm/domain.h 
index 5df8c78253..771992d156 100644
--- a/xen/arch/x86/include/asm/domain.h
+++ b/xen/arch/x86/include/asm/domain.h
@@ -509,6 +509,8 @@ struct arch_domain
  #define has_pirq(d)        (!!((d)->arch.emulation_flags & X86_EMU_USE_PIRQ))
  #define has_vpci(d)        (!!((d)->arch.emulation_flags & X86_EMU_VPCI))
+#define has_force_x2apic(d) ((d)->arch.hvm.force_x2apic) 

Would it be possible for you to consider having Kconfig option to make
such configuration global, static?

--
Best regards,
-grygorii

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.