Re: [PATCH v8 18/21] coco/tdx-host: Don't expose P-SEAMLDR features on CPUs with erratum

Next message: Matthew Rosato: "Re: [PATCH v4 1/3] KVM: s390: Add map/unmap ioctl and clean mappings post-guest"
Previous message: Paul Walmsley: "Re: [PATCH] Documentation: riscv: cmodx: fix typos"
In reply to: Chao Gao: "[PATCH v8 18/21] coco/tdx-host: Don't expose P-SEAMLDR features on CPUs with erratum"
Next in thread: Chao Gao: "[PATCH v8 09/21] x86/virt/seamldr: Introduce skeleton for TDX module updates"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Dave Hansen

Date: Thu Apr 30 2026 - 16:10:01 EST

On 4/27/26 08:28, Chao Gao wrote:
> Some TDX-capable CPUs have an erratum, as documented in Intel® Trust
> Domain CPU Architectural Extensions (May 2021 edition) Chapter 2.3:
>
> SEAMRET from the P-SEAMLDR clears the current VMCS structure pointed
> to by the current-VMCS pointer. A VMM that invokes the P-SEAMLDR using
> SEAMCALL must reload the current-VMCS, if required, using the VMPTRLD
> instruction.
>
> Clearing the current VMCS behind KVM's back will break KVM.
>
> This erratum is not present when IA32_VMX_BASIC[60] is set. Add a CPU
> bug bit for this erratum and refuse to expose P-SEAMLDR features (e.g.,
> TDX module updates) on affected CPUs.

This seems totally random.

Shouldn't this be way back when can_expose_seamldr() got defined in the
first place?
> +#define X86_BUG_SEAMRET_INVD_VMCS X86_BUG( 1*32+11) /* "seamret_invd_vmcs" SEAMRET from P-SEAMLDR clears the current VMCS */

I find myself wondering if this is worth a bug bit.