The paravirtualized APIC features, PV_EOI and PV_SEND_IPI, are predicated on KVM having full visibility and control over the guest's vAPIC state. This assumption is invalid for guests with a protected APIC (e.g., AMD SEV-SNP with Secure AVIC, Intel TDX), where the APIC state is opaque to the hypervisor and managed by the hardware. - PV_EOI: KVM cannot service a PV_EOI MSR write because it has no access to the guest's true In-Service Register (ISR). For these guests, EOIs are either accelerated by hardware or virtualized via a different, technology-specific VM-Exit, not the PV MSR. - PV_SEND_IPI: Protected guest models have their own specific IPI virtualization flows (e.g., VMGEXIT on ICR write for Secure AVIC). Exposing the generic PV_SEND_IPI hypercall would provide a conflicting, incorrect path that bypasses the required secure flow. To prevent the guest from using these incompatible interfaces, clear the KVM_FEATURE_PV_EOI and KVM_FEATURE_PV_SEND_IPI PV feature CPUID bits when for guests with protected APIC. Signed-off-by: Neeraj Upadhyay --- arch/x86/kvm/cpuid.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index e2836a255b16..01b3c4e88282 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -245,6 +245,10 @@ static u32 kvm_apply_cpuid_pv_features_quirk(struct kvm_vcpu *vcpu) if (kvm_hlt_in_guest(vcpu->kvm)) best->eax &= ~(1 << KVM_FEATURE_PV_UNHALT); + if (vcpu->arch.apic->guest_apic_protected) + best->eax &= ~((1 << KVM_FEATURE_PV_EOI) | + (1 << KVM_FEATURE_PV_SEND_IPI)); + return best->eax; } -- 2.34.1