Re: [PATCH v2 14/16] KVM: x86: Expose APX foundational feature bit to guests

Next message: Yan Zhao: "Re: [PATCH v3 00/24] KVM: TDX huge page support for private memory"
Previous message: Cindy Lu: "[PATCH v3 3/3] vdpa/mlx5: update MAC address handling in mlx5_vdpa_set_attr()"
Next in thread: Edgecombe, Rick P: "Re: [PATCH v2 14/16] KVM: x86: Expose APX foundational feature bit to guests"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Xiaoyao Li

Date: Mon Jan 19 2026 - 00:56:01 EST

+ Rick and Binbin

On 1/13/2026 7:54 AM, Chang S. Bae wrote:

diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 189a03483d03..67b3312ab737 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -214,7 +214,8 @@ static DEFINE_PER_CPU(struct kvm_user_return_msrs, user_return_msrs);
#define KVM_SUPPORTED_XCR0 (XFEATURE_MASK_FP | XFEATURE_MASK_SSE \
| XFEATURE_MASK_YMM | XFEATURE_MASK_BNDREGS \
| XFEATURE_MASK_BNDCSR | XFEATURE_MASK_AVX512 \
- | XFEATURE_MASK_PKRU | XFEATURE_MASK_XTILE)
+ | XFEATURE_MASK_PKRU | XFEATURE_MASK_XTILE \
+ | XFEATURE_MASK_APX)

Not any intention of this patch, but this change eventually allows the userspace to expose APX to TDX guests.

Without any mentioning of TDX APX tests and validation like the one for CET[1], I think it's unsafe to allow it for TDX guests. E.g., the worst case would be KVM might need extra handling to keep host's states/functionalities correct once TD guest is able to manage APX.

I'm thinking maybe we need introduce a supported mask, KVM_SUPPORTED_TD_XFAM, like KVM_SUPPORTED_TD_ATTRS. So that any new XFAM related feature for TD needs the explicit enabling in KVM, and people work on the new XSAVE related feature enabling for normal VMs don't need to worry about the potential TDX impact.

[1] https://lore.kernel.org/all/ecaaef65cf1cd90eb8f83e6a53d9689c8b0b9a22.camel@xxxxxxxxx/