Re: [RFC PATCH v2 4/4] KVM: x86: TDX: Report CORE_CAPABILITIES as supported

Next message: Joy Zou: "[PATCH v2 1/4] Input: snvs_pwrkey - make use of dev_err_probe()"
Previous message: Praveen Talari: "[PATCH v3 2/4] spi: qcom-geni: Use geni_se_resources_init() for resource initialization"
In reply to: Binbin Wu: "[RFC PATCH v2 4/4] KVM: x86: TDX: Report CORE_CAPABILITIES as supported"
Next in thread: Binbin Wu: "Re: [RFC PATCH v2 4/4] KVM: x86: TDX: Report CORE_CAPABILITIES as supported"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Xiaoyao Li

Date: Thu Jun 04 2026 - 02:53:42 EST

On 6/4/2026 10:33 AM, Binbin Wu wrote:

Add CORE_CAPABILITIES (CPUID.0x7.0.EDX[30]) to the TDX configurable
CPUID allowlist to accommodate legacy TDX module behavior.

KVM doesn't support MSR_IA32_CORE_CAPS, however, some older TDX specs
define CORE_CAPABILITIES CPUID bit as fixed-1. As a result, userspace
may expect this bit to be enabled in the TDX module for TDs. When the
CPUID bit becomes a directly configurable without reporting to the
userspace, it can not be enabled. To avoid confusing userspace, report
CORE_CAPABILITIES to userspace via KVM_TDX_CAPABILITIES.

Although KVM could determine the real CPUID setting by reading the
metadata via SEAMCALL after KVM_TDX_INIT_VM, doing so is overkill to
cover such a corner case. If CORE_CAPABILITIES is exposed to a TDX
guest, and the guest reads it, simply return 0.

shouldn't this patch be put as patch 02 instead of 04?

Patch 02 and 03 in this series break the old QEMU and then patch 04 fixes the broken. This is not friendly to the bisect.