vCPU state reset upon AP_CREATION

[mmisono]

Hi

Currently the KVM resets a vCPU state upon AP_CREATION VMGEXIT via KVM_REQ_UPDATE_PROTECTED_GUEST_STATE request. The vCPU reset includes the lapic reset.

I found that this causes an issue regarding interrupts when creating another VMPL with AP_CREATION. For example, we think of a scenario where SVSM provides an interface to run code in VMPL3.

• SVSM start Linux in VMPL2
• Linux configure lapic
• Later, Linux makes some SVSM call, and in the handler SVSM creates VMPL3 and run some code there with AP_CREATION. This AP_CREATION resets lapic states
• After execution of VMPL3 code, SVSM return Linux with VMPL2 with VMPL_RUN
• As the LAPIC setting is gone, linux won't get any interrupts after that, resulting in a stuck

I was wondering if the current vCPU reset is as intended. If so, what would be the correct way to manage interrupts when using multiple VMPL levels?

[tlendacky]

The current hypervisor support is proof-of-concept type code and has its limitations as you've seen. Eventually the idea is to provide an APIC emulation level per VMPL, which would hopefully solve the issue that you are seeing.