Re: [RFC v2 16/32] x86/tdx: Handle MWAIT, MONITOR and WBINVD
From: Dave Hansen
Date: Tue May 11 2021 - 10:09:03 EST
On 5/10/21 6:23 PM, Dan Williams wrote:
>> To prevent TD guest from using MWAIT/MONITOR instructions,
>> support for these instructions are already disabled by TDX
>> module (SEAM). So CPUID flags for these instructions should
>> be in disabled state.
> Why does this not result in a #UD if the instruction is disabled by
> SEAM? How is it possible to execute a disabled instruction (one
> precluded by CPUID) to the point where it triggers #VE instead of #UD?
This is actually a vestige of VMX. It's quite possible toady to have a
feature which isn't enumerated in CPUID which still exists and "works"
in the silicon. There are all kinds of pitfalls to doing this, but
folks evidently do it in public clouds all the time.
The CPUID virtualization basically just traps into the hypervisor and
lets the hypervisor set whatever register values it wants to appear when
CPUID "returns".
But, the controls for what instructions generate #UD are actually quite
separate and unrelated to CPUID itself.