Re: [PATCH v5 11/12] x86/tdx: Don't write CSTAR MSR on Intel
From: Sean Christopherson
Date: Wed Aug 04 2021 - 14:31:56 EST
On Wed, Aug 04, 2021, Kuppuswamy Sathyanarayanan wrote:
> From: Andi Kleen <ak@xxxxxxxxxxxxxxx>
>
> On Intel CPUs writing the CSTAR MSR is not really needed. Syscalls
> from 32bit work using SYSENTER and 32bit SYSCALL is an illegal opcode.
> But the kernel did write it anyways even though it was ignored by
> the CPU. Inside a TDX guest this actually leads to a #GP. While the #GP
> is caught and recovered from, it prints an ugly message at boot.
> Do not write the CSTAR MSR on Intel CPUs.
Not that it really matters, but...
Is #GP the actual TDX-Module behavior? If so, isn't that a contradiction with
respect to the TDX-Module architecture? It says:
guest TD access violations to MSRs can cause a #GP(0) in most cases where the
MSR is enumerated as inaccessible by the Intel TDX module via CPUID
virtualization. In other cases, guest TD access violations to MSRs can cause
a #VE.
Given that there is no dedicated CPUID flag for CSTAR and CSTAR obviously exists
on Intel CPUs, I don't see how the TDX-Module can possible enumerate CSTAR as
being inaccessible.
Regardless of #GP versus #VE, "Table 16.2 MSR Virtualization" needs to state the
actual behavior.