[RFC,v6,090/104] KVM: TDX: Handle TDX PV CPUID hypercall

Message ID	98939c0ec83a109c8f49045e82096d6cdd5dafa3.1651774251.git.isaku.yamahata@intel.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <kvm-owner@kernel.org> From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini <pbonzini@redhat.com>, erdemaktas@google.com, Sean Christopherson <seanjc@google.com>, Sagi Shahar <sagis@google.com> Subject: [RFC PATCH v6 090/104] KVM: TDX: Handle TDX PV CPUID hypercall Date: Thu, 5 May 2022 11:15:24 -0700 Message-Id: <98939c0ec83a109c8f49045e82096d6cdd5dafa3.1651774251.git.isaku.yamahata@intel.com> In-Reply-To: <cover.1651774250.git.isaku.yamahata@intel.com> References: <cover.1651774250.git.isaku.yamahata@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	KVM TDX basic feature support \| expand [RFC,v6,000/104] KVM TDX basic feature support [RFC,v6,001/104] KVM: x86: Move check_processor_compatibility from init ops to runtime ops [RFC,v6,002/104] Partially revert "KVM: Pass kvm_init()'s opaque param to additional arch funcs" [RFC,v6,003/104] KVM: Refactor CPU compatibility check on module initialiization [RFC,v6,004/104] KVM: VMX: Move out vmx_x86_ops to 'main.c' to wrap VMX and TDX [RFC,v6,005/104] x86/virt/vmx/tdx: export platform_has_tdx [RFC,v6,006/104] KVM: TDX: Detect CPU feature on kernel module initialization [RFC,v6,007/104] KVM: Enable hardware before doing arch VM initialization [RFC,v6,008/104] KVM: x86: Refactor KVM VMX module init/exit functions [RFC,v6,009/104] KVM: TDX: Add placeholders for TDX VM/vcpu structure [RFC,v6,010/104] x86/virt/tdx: Add a helper function to return system wide info about TDX module [RFC,v6,011/104] KVM: TDX: Initialize TDX module when loading kvm_intel.ko [RFC,v6,012/104] KVM: x86: Introduce vm_type to differentiate default VMs from confidential VMs [RFC,v6,013/104] KVM: TDX: Make TDX VM type supported [RFC,v6,014/104,MARKER] The start of TDX KVM patch series: TDX architectural definitions [RFC,v6,015/104] KVM: TDX: Define TDX architectural definitions [RFC,v6,016/104] KVM: TDX: Add TDX "architectural" error codes [RFC,v6,017/104] KVM: TDX: Add C wrapper functions for SEAMCALLs to the TDX module [RFC,v6,018/104] KVM: TDX: Add helper functions to print TDX SEAMCALL error [RFC,v6,019/104,MARKER] The start of TDX KVM patch series: TD VM creation/destruction [RFC,v6,020/104] KVM: TDX: Stub in tdx.h with structs, accessors, and VMCS helpers [RFC,v6,021/104] x86/cpu: Add helper functions to allocate/free TDX private host key id [RFC,v6,022/104] KVM: TDX: create/destroy VM structure [RFC,v6,023/104] KVM: TDX: x86: Add ioctl to get TDX systemwide parameters [RFC,v6,024/104] KVM: TDX: Add place holder for TDX VM specific mem_enc_op ioctl [RFC,v6,025/104] KVM: TDX: initialize VM with TDX specific parameters [RFC,v6,026/104] KVM: TDX: Make KVM_CAP_SET_IDENTITY_MAP_ADDR unsupported for TDX [RFC,v6,027/104] KVM: TDX: Make pmu_intel.c ignore guest TD case [RFC,v6,028/104,MARKER] The start of TDX KVM patch series: TD vcpu creation/destruction [RFC,v6,029/104] KVM: TDX: allocate/free TDX vcpu structure [RFC,v6,030/104] KVM: TDX: allocate/free TDX vcpu structure [RFC,v6,031/104] KVM: TDX: Do TDX specific vcpu initialization [RFC,v6,032/104,MARKER] The start of TDX KVM patch series: KVM MMU GPA shared bits [RFC,v6,033/104] KVM: x86/mmu: introduce config for PRIVATE KVM MMU [RFC,v6,034/104] KVM: x86/mmu: Add address conversion functions for TDX shared bits [RFC,v6,035/104,MARKER] The start of TDX KVM patch series: KVM TDP refactoring for TDX [RFC,v6,036/104] KVM: x86/mmu: Explicitly check for MMIO spte in fast page fault [RFC,v6,037/104] KVM: x86/mmu: Allow non-zero value for non-present SPTE [RFC,v6,038/104] KVM: x86/mmu: Track shadow MMIO value/mask on a per-VM basis [RFC,v6,039/104] KVM: x86/mmu: Disallow fast page fault on private GPA [RFC,v6,040/104] KVM: x86/mmu: Allow per-VM override of the TDP max page level [RFC,v6,041/104] KVM: x86/mmu: Zap only leaf SPTEs for deleted/moved memslot for private mmu [RFC,v6,042/104] KVM: VMX: Introduce test mode related to EPT violation VE [RFC,v6,043/104,MARKER] The start of TDX KVM patch series: KVM TDP MMU hooks [RFC,v6,044/104] KVM: x86/mmu: Focibly use TDP MMU for TDX [RFC,v6,045/104] KVM: x86/mmu: Add a private pointer to struct kvm_mmu_page [RFC,v6,046/104] KVM: x86/tdp_mmu: refactor kvm_tdp_mmu_map() [RFC,v6,047/104] KVM: x86/tdp_mmu: Support TDX private mapping for TDP MMU [RFC,v6,048/104,MARKER] The start of TDX KVM patch series: TDX EPT violation [RFC,v6,049/104] KVM: x86/mmu: Disallow dirty logging for x86 TDX [RFC,v6,050/104] KVM: x86/tdp_mmu: Ignore unsupported mmu operation on private GFNs [RFC,v6,051/104] KVM: VMX: Split out guts of EPT violation to common/exposed function [RFC,v6,052/104] KVM: VMX: Move setting of EPT MMU masks to common VT-x code [RFC,v6,053/104] KVM: TDX: Add load_mmu_pgd method for TDX [RFC,v6,054/104] KVM: TDX: don't request KVM_REQ_APIC_PAGE_RELOAD [RFC,v6,055/104] KVM: TDX: TDP MMU TDX support [RFC,v6,056/104,MARKER] The start of TDX KVM patch series: KVM TDP MMU MapGPA [RFC,v6,057/104] KVM: x86/mmu: steal software usable git to record if GFN is for shared or not [RFC,v6,058/104] KVM: x86/tdp_mmu: implement MapGPA hypercall for TDX [RFC,v6,059/104] KVM: x86/mmu: Introduce kvm_mmu_map_tdp_page() for use by TDX [RFC,v6,060/104,MARKER] The start of TDX KVM patch series: TD finalization [RFC,v6,061/104] KVM: TDX: Create initial guest memory [RFC,v6,062/104] KVM: TDX: Finalize VM initialization [RFC,v6,063/104,MARKER] The start of TDX KVM patch series: TD vcpu enter/exit [RFC,v6,064/104] KVM: TDX: Add helper assembly function to TDX vcpu [RFC,v6,065/104] KVM: TDX: Implement TDX vcpu enter/exit path [RFC,v6,066/104] KVM: TDX: vcpu_run: save/restore host state(host kernel gs) [RFC,v6,067/104] KVM: TDX: restore host xsave state when exit from the guest TD [RFC,v6,068/104] KVM: x86: Allow to update cached values in kvm_user_return_msrs w/o wrmsr [RFC,v6,069/104] KVM: TDX: restore user ret MSRs [RFC,v6,070/104,MARKER] The start of TDX KVM patch series: TD vcpu exits/interrupts/hypercalls [RFC,v6,071/104] KVM: TDX: complete interrupts after tdexit [RFC,v6,072/104] KVM: TDX: restore debug store when TD exit [RFC,v6,073/104] KVM: TDX: handle vcpu migration over logical processor [RFC,v6,074/104] KVM: x86: Add a switch_db_regs flag to handle TDX's auto-switched behavior [RFC,v6,075/104] KVM: TDX: Add support for find pending IRQ in a protected local APIC [RFC,v6,076/104] KVM: x86: Assume timer IRQ was injected if APIC state is proteced [RFC,v6,077/104] KVM: TDX: remove use of struct vcpu_vmx from posted_interrupt.c [RFC,v6,078/104] KVM: TDX: Implement interrupt injection [RFC,v6,079/104] KVM: TDX: Implements vcpu request_immediate_exit [RFC,v6,080/104] KVM: TDX: Implement methods to inject NMI [RFC,v6,081/104] KVM: VMX: Modify NMI and INTR handlers to take intr_info as function argument [RFC,v6,082/104] KVM: VMX: Move NMI/exception handler to common helper [RFC,v6,083/104] KVM: x86: Split core of hypercall emulation to helper function [RFC,v6,084/104] KVM: TDX: Add a place holder to handle TDX VM exit [RFC,v6,085/104] KVM: TDX: handle EXIT_REASON_OTHER_SMI [RFC,v6,086/104] KVM: TDX: handle ept violation/misconfig exit [RFC,v6,087/104] KVM: TDX: handle EXCEPTION_NMI and EXTERNAL_INTERRUPT [RFC,v6,088/104] KVM: TDX: Add a place holder for handler of TDX hypercalls (TDG.VP.VMCALL) [RFC,v6,089/104] KVM: TDX: handle KVM hypercall with TDG.VP.VMCALL [RFC,v6,090/104] KVM: TDX: Handle TDX PV CPUID hypercall [RFC,v6,091/104] KVM: TDX: Handle TDX PV HLT hypercall [RFC,v6,092/104] KVM: TDX: Handle TDX PV port io hypercall [RFC,v6,093/104] KVM: TDX: Handle TDX PV MMIO hypercall [RFC,v6,094/104] KVM: TDX: Implement callbacks for MSR operations for TDX [RFC,v6,095/104] KVM: TDX: Handle TDX PV rdmsr/wrmsr hypercall [RFC,v6,096/104] KVM: TDX: Handle TDX PV report fatal error hypercall [RFC,v6,097/104] KVM: TDX: Handle TDX PV map_gpa hypercall [RFC,v6,098/104] KVM: TDX: Handle TDG.VP.VMCALL<GetTdVmCallInfo> hypercall [RFC,v6,099/104] KVM: TDX: Silently discard SMI request [RFC,v6,100/104] KVM: TDX: Silently ignore INIT/SIPI [RFC,v6,101/104] KVM: TDX: Add methods to ignore accesses to CPU state [RFC,v6,102/104] Documentation/virtual/kvm: Document on Trust Domain Extensions(TDX) [RFC,v6,103/104] KVM: x86: design documentation on TDX support of x86 KVM TDP MMU [RFC,v6,104/104,MARKER] the end of (the first phase of) TDX KVM patch series

Message ID

98939c0ec83a109c8f49045e82096d6cdd5dafa3.1651774251.git.isaku.yamahata@intel.com (mailing list archive)

State

New, archived

Headers

From: isaku.yamahata@intel.com
To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com,
        Paolo Bonzini <pbonzini@redhat.com>, erdemaktas@google.com,
        Sean Christopherson <seanjc@google.com>,
        Sagi Shahar <sagis@google.com>
Subject: [RFC PATCH v6 090/104] KVM: TDX: Handle TDX PV CPUID hypercall
Date: Thu,  5 May 2022 11:15:24 -0700
Message-Id: 
 <98939c0ec83a109c8f49045e82096d6cdd5dafa3.1651774251.git.isaku.yamahata@intel.com>
In-Reply-To: <cover.1651774250.git.isaku.yamahata@intel.com>
References: <cover.1651774250.git.isaku.yamahata@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

KVM TDX basic feature support | expand

Commit Message

Isaku Yamahata May 5, 2022, 6:15 p.m. UTC

From: Isaku Yamahata <isaku.yamahata@intel.com>

Wire up TDX PV CPUID hypercall to the KVM backend function.

Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
---
 arch/x86/kvm/vmx/tdx.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

Comments

Sagi Shahar June 14, 2022, 6:15 p.m. UTC | #1

On Thu, May 5, 2022 at 11:16 AM <isaku.yamahata@intel.com> wrote:
>
> From: Isaku Yamahata <isaku.yamahata@intel.com>
>
> Wire up TDX PV CPUID hypercall to the KVM backend function.
>
> Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
> ---
>  arch/x86/kvm/vmx/tdx.c | 22 ++++++++++++++++++++++
>  1 file changed, 22 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
> index 9c712f661a7c..c7cdfee397ec 100644
> --- a/arch/x86/kvm/vmx/tdx.c
> +++ b/arch/x86/kvm/vmx/tdx.c
> @@ -946,12 +946,34 @@ static int tdx_emulate_vmcall(struct kvm_vcpu *vcpu)
>         return 1;
>  }
>
> +static int tdx_emulate_cpuid(struct kvm_vcpu *vcpu)
> +{
> +       u32 eax, ebx, ecx, edx;
> +
> +       /* EAX and ECX for cpuid is stored in R12 and R13. */
> +       eax = tdvmcall_a0_read(vcpu);
> +       ecx = tdvmcall_a1_read(vcpu);
> +
> +       kvm_cpuid(vcpu, &eax, &ebx, &ecx, &edx, true);

According to the GHCI spec section 3.6
(TDG.VP.VMCALL<Instruction.CPUID>) we should return
VMCALL_INVALID_OPERAND if an invalid CPUID is requested.

kvm_cpuid already returns false in this case so we should use that
return value to set the tdvmcall return code in case of invalid leaf.
> +
> +       tdvmcall_a0_write(vcpu, eax);
> +       tdvmcall_a1_write(vcpu, ebx);
> +       tdvmcall_a2_write(vcpu, ecx);
> +       tdvmcall_a3_write(vcpu, edx);
> +
> +       tdvmcall_set_return_code(vcpu, TDG_VP_VMCALL_SUCCESS);
> +
> +       return 1;
> +}
> +
>  static int handle_tdvmcall(struct kvm_vcpu *vcpu)
>  {
>         if (tdvmcall_exit_type(vcpu))
>                 return tdx_emulate_vmcall(vcpu);
>
>         switch (tdvmcall_leaf(vcpu)) {
> +       case EXIT_REASON_CPUID:
> +               return tdx_emulate_cpuid(vcpu);
>         default:
>                 break;
>         }
> --
> 2.25.1
>

Sagi

Isaku Yamahata June 29, 2022, 10:13 a.m. UTC | #2

On Tue, Jun 14, 2022 at 11:15:00AM -0700,
Sagi Shahar <sagis@google.com> wrote:

> On Thu, May 5, 2022 at 11:16 AM <isaku.yamahata@intel.com> wrote:
> >
> > From: Isaku Yamahata <isaku.yamahata@intel.com>
> >
> > Wire up TDX PV CPUID hypercall to the KVM backend function.
> >
> > Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
> > ---
> >  arch/x86/kvm/vmx/tdx.c | 22 ++++++++++++++++++++++
> >  1 file changed, 22 insertions(+)
> >
> > diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
> > index 9c712f661a7c..c7cdfee397ec 100644
> > --- a/arch/x86/kvm/vmx/tdx.c
> > +++ b/arch/x86/kvm/vmx/tdx.c
> > @@ -946,12 +946,34 @@ static int tdx_emulate_vmcall(struct kvm_vcpu *vcpu)
> >         return 1;
> >  }
> >
> > +static int tdx_emulate_cpuid(struct kvm_vcpu *vcpu)
> > +{
> > +       u32 eax, ebx, ecx, edx;
> > +
> > +       /* EAX and ECX for cpuid is stored in R12 and R13. */
> > +       eax = tdvmcall_a0_read(vcpu);
> > +       ecx = tdvmcall_a1_read(vcpu);
> > +
> > +       kvm_cpuid(vcpu, &eax, &ebx, &ecx, &edx, true);
> 
> According to the GHCI spec section 3.6
> (TDG.VP.VMCALL<Instruction.CPUID>) we should return
> VMCALL_INVALID_OPERAND if an invalid CPUID is requested.
> 
> kvm_cpuid already returns false in this case so we should use that
> return value to set the tdvmcall return code in case of invalid leaf.

Based on CPUID instruction, cpuid results in #UD when lock prefix is used or
earlier CPU that doesn't support cpuid instruction.
So I'm not sure what CPUID input result in INVALID_OPERAND error.
Does the following make sense for you?

--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -1347,7 +1347,7 @@ static int tdx_emulate_cpuid(struct kvm_vcpu *vcpu)
        eax = tdvmcall_a0_read(vcpu);
        ecx = tdvmcall_a1_read(vcpu);

-       kvm_cpuid(vcpu, &eax, &ebx, &ecx, &edx, true);
+       kvm_cpuid(vcpu, &eax, &ebx, &ecx, &edx, false);

        tdvmcall_a0_write(vcpu, eax);
        tdvmcall_a1_write(vcpu, ebx);

thanks,

Sagi Shahar July 18, 2022, 10:37 p.m. UTC | #3

On Wed, Jun 29, 2022 at 3:14 AM Isaku Yamahata <isaku.yamahata@gmail.com> wrote:
>
> On Tue, Jun 14, 2022 at 11:15:00AM -0700,
> Sagi Shahar <sagis@google.com> wrote:
>
> > On Thu, May 5, 2022 at 11:16 AM <isaku.yamahata@intel.com> wrote:
> > >
> > > From: Isaku Yamahata <isaku.yamahata@intel.com>
> > >
> > > Wire up TDX PV CPUID hypercall to the KVM backend function.
> > >
> > > Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
> > > ---
> > >  arch/x86/kvm/vmx/tdx.c | 22 ++++++++++++++++++++++
> > >  1 file changed, 22 insertions(+)
> > >
> > > diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
> > > index 9c712f661a7c..c7cdfee397ec 100644
> > > --- a/arch/x86/kvm/vmx/tdx.c
> > > +++ b/arch/x86/kvm/vmx/tdx.c
> > > @@ -946,12 +946,34 @@ static int tdx_emulate_vmcall(struct kvm_vcpu *vcpu)
> > >         return 1;
> > >  }
> > >
> > > +static int tdx_emulate_cpuid(struct kvm_vcpu *vcpu)
> > > +{
> > > +       u32 eax, ebx, ecx, edx;
> > > +
> > > +       /* EAX and ECX for cpuid is stored in R12 and R13. */
> > > +       eax = tdvmcall_a0_read(vcpu);
> > > +       ecx = tdvmcall_a1_read(vcpu);
> > > +
> > > +       kvm_cpuid(vcpu, &eax, &ebx, &ecx, &edx, true);
> >
> > According to the GHCI spec section 3.6
> > (TDG.VP.VMCALL<Instruction.CPUID>) we should return
> > VMCALL_INVALID_OPERAND if an invalid CPUID is requested.
> >
> > kvm_cpuid already returns false in this case so we should use that
> > return value to set the tdvmcall return code in case of invalid leaf.
>
> Based on CPUID instruction, cpuid results in #UD when lock prefix is used or
> earlier CPU that doesn't support cpuid instruction.
> So I'm not sure what CPUID input result in INVALID_OPERAND error.
> Does the following make sense for you?
>
> --- a/arch/x86/kvm/vmx/tdx.c
> +++ b/arch/x86/kvm/vmx/tdx.c
> @@ -1347,7 +1347,7 @@ static int tdx_emulate_cpuid(struct kvm_vcpu *vcpu)
>         eax = tdvmcall_a0_read(vcpu);
>         ecx = tdvmcall_a1_read(vcpu);
>
> -       kvm_cpuid(vcpu, &eax, &ebx, &ecx, &edx, true);
> +       kvm_cpuid(vcpu, &eax, &ebx, &ecx, &edx, false);
>
>         tdvmcall_a0_write(vcpu, eax);
>         tdvmcall_a1_write(vcpu, ebx);
>
> thanks,

If any CPUID request is considered valid, then perhaps the spec itself
needs to be updated.

Right now it clearly states that TDG.VP.VMCALL_INVALID_OPERAND is
returned if "Invalid CPUID requested" which I understood as a
non-existing leaf. But if you say that a non-existing leaf is still a
valid CPUID request than I'm not sure what "Invalid CPUID requested"
means in the spec itself.

>
> --
> Isaku Yamahata <isaku.yamahata@gmail.com>

Sean Christopherson July 19, 2022, 7:23 p.m. UTC | #4

On Mon, Jul 18, 2022, Sagi Shahar wrote:
> On Wed, Jun 29, 2022 at 3:14 AM Isaku Yamahata <isaku.yamahata@gmail.com> wrote:
> >
> > On Tue, Jun 14, 2022 at 11:15:00AM -0700,
> > Sagi Shahar <sagis@google.com> wrote:
> >
> > > On Thu, May 5, 2022 at 11:16 AM <isaku.yamahata@intel.com> wrote:
> > > >
> > > > From: Isaku Yamahata <isaku.yamahata@intel.com>
> > > >
> > > > Wire up TDX PV CPUID hypercall to the KVM backend function.
> > > >
> > > > Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
> > > > ---
> > > >  arch/x86/kvm/vmx/tdx.c | 22 ++++++++++++++++++++++
> > > >  1 file changed, 22 insertions(+)
> > > >
> > > > diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
> > > > index 9c712f661a7c..c7cdfee397ec 100644
> > > > --- a/arch/x86/kvm/vmx/tdx.c
> > > > +++ b/arch/x86/kvm/vmx/tdx.c
> > > > @@ -946,12 +946,34 @@ static int tdx_emulate_vmcall(struct kvm_vcpu *vcpu)
> > > >         return 1;
> > > >  }
> > > >
> > > > +static int tdx_emulate_cpuid(struct kvm_vcpu *vcpu)
> > > > +{
> > > > +       u32 eax, ebx, ecx, edx;
> > > > +
> > > > +       /* EAX and ECX for cpuid is stored in R12 and R13. */
> > > > +       eax = tdvmcall_a0_read(vcpu);
> > > > +       ecx = tdvmcall_a1_read(vcpu);
> > > > +
> > > > +       kvm_cpuid(vcpu, &eax, &ebx, &ecx, &edx, true);
> > >
> > > According to the GHCI spec section 3.6
> > > (TDG.VP.VMCALL<Instruction.CPUID>) we should return
> > > VMCALL_INVALID_OPERAND if an invalid CPUID is requested.
> > >
> > > kvm_cpuid already returns false in this case so we should use that
> > > return value to set the tdvmcall return code in case of invalid leaf.
> >
> > Based on CPUID instruction, cpuid results in #UD when lock prefix is used or
> > earlier CPU that doesn't support cpuid instruction.
> > So I'm not sure what CPUID input result in INVALID_OPERAND error.
> > Does the following make sense for you?
> >
> > --- a/arch/x86/kvm/vmx/tdx.c
> > +++ b/arch/x86/kvm/vmx/tdx.c
> > @@ -1347,7 +1347,7 @@ static int tdx_emulate_cpuid(struct kvm_vcpu *vcpu)
> >         eax = tdvmcall_a0_read(vcpu);
> >         ecx = tdvmcall_a1_read(vcpu);
> >
> > -       kvm_cpuid(vcpu, &eax, &ebx, &ecx, &edx, true);
> > +       kvm_cpuid(vcpu, &eax, &ebx, &ecx, &edx, false);

Barring new verbiage in the GHCI, this change is correct.  CPUID behavior is
different for AMD vs. Intel, but the behavior is architectural and well-defined
for each vendor.  KVM handles this by emulating the AMD vs. Intel behavior based
on the configured vCPU model.

Forcing an exact match would make TDX follow AMD behavior, not Intel behavior.

> >         tdvmcall_a0_write(vcpu, eax);
> >         tdvmcall_a1_write(vcpu, ebx);
> >
> > thanks,
> 
> If any CPUID request is considered valid, then perhaps the spec itself
> needs to be updated.

Agreed.  Documenting that "Invalid CPUID requested" is a legal return value implies
that TDX is creating a _third_ variant of CPUID behavior.  Dropping the error return
seems like the simplest approach, unless it was added for a specific reason?

diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index 9c712f661a7c..c7cdfee397ec 100644
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -946,12 +946,34 @@  static int tdx_emulate_vmcall(struct kvm_vcpu *vcpu)
 	return 1;
 }
 
+static int tdx_emulate_cpuid(struct kvm_vcpu *vcpu)
+{
+	u32 eax, ebx, ecx, edx;
+
+	/* EAX and ECX for cpuid is stored in R12 and R13. */
+	eax = tdvmcall_a0_read(vcpu);
+	ecx = tdvmcall_a1_read(vcpu);
+
+	kvm_cpuid(vcpu, &eax, &ebx, &ecx, &edx, true);
+
+	tdvmcall_a0_write(vcpu, eax);
+	tdvmcall_a1_write(vcpu, ebx);
+	tdvmcall_a2_write(vcpu, ecx);
+	tdvmcall_a3_write(vcpu, edx);
+
+	tdvmcall_set_return_code(vcpu, TDG_VP_VMCALL_SUCCESS);
+
+	return 1;
+}
+
 static int handle_tdvmcall(struct kvm_vcpu *vcpu)
 {
 	if (tdvmcall_exit_type(vcpu))
 		return tdx_emulate_vmcall(vcpu);
 
 	switch (tdvmcall_leaf(vcpu)) {
+	case EXIT_REASON_CPUID:
+		return tdx_emulate_cpuid(vcpu);
 	default:
 		break;
 	}

[RFC,v6,090/104] KVM: TDX: Handle TDX PV CPUID hypercall

Commit Message

Comments

Patch