Re: [PATCHv5 10/30] x86/tdx: Handle CPUID via #VE
From: Dave Hansen
Date: Tue Mar 08 2022 - 15:33:43 EST
On 3/2/22 06:27, Kirill A. Shutemov wrote:
> In TDX guests, most CPUID leaf/sub-leaf combinations are virtualized
> by the TDX module while some trigger #VE.
>
> Implement the #VE handling for EXIT_REASON_CPUID by handing it through
> the hypercall, which in turn lets the TDX module handle it by invoking
> the host VMM.
>
> More details on CPUID Virtualization can be found in the TDX module
> specification, the section titled "CPUID Virtualization".
>
> Note that VMM that handles the hypercall is not trusted. It can return
> data that may steer the guest kernel in wrong direct. Only allow VMM
> to control range reserved for hypervisor communication. Return all-zeros
> for any CPUID outside the range.
>
> Co-developed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx>
> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx>
> Reviewed-by: Andi Kleen <ak@xxxxxxxxxxxxxxx>
> Reviewed-by: Tony Luck <tony.luck@xxxxxxxxx>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
It would be nice to also mention the implications of the all-zero CPUID
policy. I'll plan to add a sentence or two when we apply this.
Reviewed-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>