Re: [RFC PATCH v2 0/4] KVM: x86: TDX: Validate directly configurable CPUID bits

From: Binbin Wu

Date: Sun Jun 28 2026 - 23:02:52 EST


On 6/26/2026 1:04 AM, Sean Christopherson wrote:
> On Mon, Jun 22, 2026, Binbin Wu wrote:
>> On 6/4/2026 10:33 AM, Binbin Wu wrote:
>>> Hi,
>>>
>>> A host state clobbering feature on new TDX modules/platforms can lead
>>> to host state corruption if KVM does not explicitly save and restore
>>> the related MSR(s) during host/guest transitions. If such a feature is
>>> blindly exposed to and used by TDs, it will result in unexpected behavior
>>> on the host.
>>>
>>> The v1 RFC [1] attempted to solve this by introducing a comprehensive
>>> CPUID paranoid verification framework across VMX, SVM, and TDX. However,
>>> as Sean pointed out in [2] and the discussion in the PUCK meeting, this
>>> approach was overly complex and bled too many TDX-specific details into
>>> common KVM code, creating an unnecessary maintenance burden.
>>>
>>> This v2 takes a significantly simpler, TDX-contained approach. It strictly
>>> validates only the TDX directly configurable CPUID bits—those reported by
>>> the TDX module in CPUID_CONFIG fields that the VMM can configure for a TD.
>>> This is sufficient to address the host clobbering issue, as no new host
>>> state clobbering features will be fixed-1. All filtering and validation
>>> logic is entirely isolated within TDX code.
>>>
>>> Feedback is highly appreciated, particularly on whether this contained
>>> approach strikes an acceptable balance regarding complexity.
>>
>> Hi Sean,
>>
>> Do you think this proposal is the direction to go?
>
> Yeah, the basic gist looks good.
>

Thanks for confirming this!