Re: [RFC PATCH v5 101/104] KVM: TDX: Silently ignore INIT/SIPI

[Tom Lendacky]

On 4/5/22 10:48, Paolo Bonzini wrote:
> On 3/4/22 20:49, isaku.yamahata@xxxxxxxxx wrote:
> > +        if (kvm_init_sipi_unsupported(vcpu->kvm))
> > +            /*
> > +             * TDX doesn't support INIT.  Ignore INIT event.  In the
> > +             * case of SIPI, the callback of
> > +             * vcpu_deliver_sipi_vector ignores it.
> > +             */
> >               vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
> > -        else
> > -            vcpu->arch.mp_state = KVM_MP_STATE_INIT_RECEIVED;
> > +        else {
> > +            kvm_vcpu_reset(vcpu, true);
> > +            if (kvm_vcpu_is_bsp(apic->vcpu))
> > +                vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;
> > +            else
> > +                vcpu->arch.mp_state = KVM_MP_STATE_INIT_RECEIVED;
> > +        }
>
> Should you check vcpu->arch.guest_state_protected instead of 
> special-casing TDX?  KVM_APIC_INIT is not valid for SEV-ES either, if I 
> remember correctly.

While the INIT doesn't update any actual state that is in the encrypted 
VMSA, SEV-ES still calls kvm_vcpu_reset() to allow KVM to set any internal 
tracking state, etc. I haven't ever tested SEV-ES where that is bypassed.

Thanks,
Tom

> Paolo