Re: [PATCH] x86/tdx: Fix zero-extension for CPUID emulation

Next message: Vipin Sharma: "Re: [PATCH v8 1/8] vfio: selftests: Add -Wall and -Werror to the Makefile"
Previous message: Mario Limonciello: "[PATCH] cpufreq/amd-pstate: Drop Kconfig option for dynamic EPP"
In reply to: Dave Hansen: "Re: [PATCH] x86/tdx: Fix zero-extension for CPUID emulation"
Next in thread: Dave Hansen: "Re: [PATCH] x86/tdx: Fix zero-extension for CPUID emulation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Edgecombe, Rick P

Date: Tue May 12 2026 - 18:25:18 EST

On Tue, 2026-05-12 at 15:14 -0700, Dave Hansen wrote:
> The end result is that a TDX guest can use CPUID and end up having bits
> set in rax/rbx/rcx/rdx that are architecturally impossible. This patch
> is effectively fixing up the VMM naughtiness before the guest CPUID
> instance can see it.

A naughty VMM could mess with the guest in a number of ways though. For example
setting impossible bits in specific leafs in the lower 32 bits. This patch is a
relatively simple sanity check compared to a complete check of CPUID arch
matching (or MSR, etc) of course.

>
> Does anybody disagree with any of that?
>
> Do we *want* to fix this up silently? If we catch a malicious VMM trying
> to stuff garbage into the guest, shouldn't we be a bit more upset than
> silently papering over it?

I agree a warning would be appropriate. This should probably trigger a bug fix
in the VMM. For example, BIOS might hit it too. So I kind of wonder, how
valuable is catching this specific bug in the guest? Do we need to worry about
the specific issue for some reason?

On the other hand, the #VE handler is supposed to do the emulation of the
instruction, with the help of the TDVMCALL, so maybe the correctness should be
in the guest... Hmm...