Re: [PATCH v2 2/8] x86/mtrr: support setting MTRR state for software defined MTRRs

[Juergen Gross]

On 13.02.23 16:27, Dave Hansen wrote:
> On 2/13/23 07:11, Borislav Petkov wrote:
> > On Mon, Feb 13, 2023 at 04:03:07PM +0100, Borislav Petkov wrote:
> > > > Wouldn't !cpu_feature_enabled(X86_FEATURE_HYPERVISOR) be enough?
> > > >
> > > > I'm not sure we won't need that for TDX guests, too.
> > > See, that's the problem. I wanna have it simple too. Lemme check with
> > > dhansen.
> > He says MTRRs are enabled in TDX guests: "X86_FEATURE_MTRR is fixed to
> > 1 in TDX guests."
> >
> > So we will have to do the more finer-grained check I guess.
>
> Yes, TDX guests see MTRRs as being supported.  But, the TDX module also
> appears to inject a #VE for all RDMSR or WRMSR's to the MTRRs.  That
> makes them effectively useless.
>
> I actually don't know what the heck TDX guests are supposed to do if
> they feel like mucking with the MSRs.  The architecture (CPUID) is
> essentially telling them: "Sure, go ahead MTRRs are fiiiiiiine".  But
> the TDX module is sitting there throwing exceptions (#VE) if the guest
> tries to touch MTRRs.
>
> It sounds like there are some guest<->host ABIs on Xen to help the
> guests do this.  But I don't see anything in the TDX "GHCI" about it.

This is in line of the PAT init sequence of TDX guests. PAT is said to
be supported, but a TDX guest can't use the sequence as written in the
SDM for setting the PAT MSR (disable caches, etc.).


Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature