Re: [PATCH v19 130/130] RFC: KVM: x86, TDX: Add check for KVM_SET_CPUID2
From: Edgecombe, Rick P
Date: Thu Mar 21 2024 - 19:12:54 EST
On Mon, 2024-02-26 at 00:27 -0800, isaku.yamahata@xxxxxxxxx wrote:
> Implement a hook of KVM_SET_CPUID2 for additional consistency check.
>
> Intel TDX or AMD SEV has a restriction on the value of cpuid. For
> example,
> some values must be the same between all vcpus. Check if the new
> values
> are consistent with the old values. The check is light because the
> cpuid
> consistency is very model specific and complicated. The user space
> VMM
> should set cpuid and MSRs consistently.
I see that this was suggested by Sean, but can you explain the problem
that this is working around? From the linked thread, it seems like the
problem is what to do when userspace also calls SET_CPUID after already
configuring CPUID to the TDX module in the special way. The choices
discussed included:
1. Reject the call
2. Check the consistency between the first CPUID configuration and the
second one.
1 is a lot simpler, but the reasoning for 2 is because "some KVM code
paths rely on guest CPUID configuration" it seems. Is this a
hypothetical or real issue? Which code paths are problematic for
TDX/SNP?
Just trying to assess what we should do with these two patches.