Gentwo Git Trees - linux/.git/commit

author	Sagi Shahar <sagis@google.com>
	Wed, 27 Aug 2025 01:17:26 +0000 (18:17 -0700)
committer	Sean Christopherson <seanjc@google.com>
	Tue, 16 Sep 2025 19:54:15 +0000 (12:54 -0700)
commit	b3a37bff8daf50cdd6fa9ebe4a503d4261d99796
tree	d94d1ecfc8bbf61720328b6cf788215bafb3d6c5	tree \| snapshot
parent	aac057dd623132a1776be37b471e30b4589fdf76	commit \| diff

KVM: TDX: Reject fully in-kernel irqchip if EOIs are protected, i.e. for TDX VMs

Reject KVM_CREATE_IRQCHIP if the VM type has protected EOIs, i.e. if KVM
can't intercept EOI and thus can't faithfully emulate level-triggered
interrupts that are routed through the I/O APIC. For TDX VMs, the
TDX-Module owns the VMX EOI-bitmap and configures all IRQ vectors to have
the CPU accelerate EOIs, i.e. doesn't allow KVM to intercept any EOIs.

KVM already requires a split irqchip[1], but does so during vCPU creation,
which is both too late to allow userspace to fallback to a split irqchip
and a less-than-stellar experience for userspace since an -EINVAL on
KVM_VCPU_CREATE is far harder to debug/triage than failure exactly on
KVM_CREATE_IRQCHIP. And of course, allowing an action that ultimately
fails is arguably a bug regardless of the impact on userspace.

Link: https://lore.kernel.org/lkml/20250222014757.897978-11-binbin.wu@linux.intel.com
Link: https://lore.kernel.org/lkml/aK3vZ5HuKKeFuuM4@google.com
Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Sagi Shahar <sagis@google.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>
Acked-by: Kai Huang <kai.huang@intel.com>
Link: https://lore.kernel.org/r/20250827011726.2451115-1-sagis@google.com
[sean: massage shortlog+changelog, relocate setting has_protected_eoi]
Signed-off-by: Sean Christopherson <seanjc@google.com>

arch/x86/include/asm/kvm_host.h		diff \| blob \| blame \| history
arch/x86/kvm/vmx/tdx.c		diff \| blob \| blame \| history
arch/x86/kvm/x86.c		diff \| blob \| blame \| history