From: Binbin Wu <binbin.wu@linux.intel.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org, kvm@vger.kernel.org
Cc: dave.hansen@intel.com, seanjc@google.com, pbonzini@redhat.com,
kas@kernel.org, rick.p.edgecombe@intel.com,
vishal.l.verma@intel.com, xiaoyao.li@intel.com,
chao.gao@intel.com, binbin.wu@linux.intel.com
Subject: [PATCH v2] x86/cpu: Skip reading MSR_IA32_PLATFORM_ID in virtualized environment
Date: Thu, 30 Apr 2026 10:09:53 +0800 [thread overview]
Message-ID: <20260430020953.1405535-1-binbin.wu@linux.intel.com> (raw)
The kernel now reads MSR_IA32_PLATFORM_ID during CPU init. When
running as a guest, if the underlying hypervisor does not emulate the
MSR, the RDMSR from MSR_IA32_PLATFORM_ID can trigger an unchecked MSR
access during early boot. This MSR is not emulated in the case for KVM
TDX, where the following is observed in the TD guest:
unchecked MSR access error: RDMSR from 0x17 at rIP: 0xffffffffba38d6fc (intel_get_platform_id+0x7c/0xb0)
Call Trace:
<TASK>
? early_init_intel+0x28/0x2c0
? early_cpu_init+0x9b/0x930
? setup_arch+0xbf/0xbb0
? _printk+0x6b/0x90
? start_kernel+0x7f/0xaa0
? x86_64_start_reservations+0x24/0x30
? x86_64_start_kernel+0xda/0xe0
? common_startup_64+0x13e/0x141
</TASK>
The platform ID is used for one thing and one thing only: microcode
updates. Those updates are solely the domain of the bare-metal OS. The
guest kernel code should not even try to touch the MSR. Skip reading
the MSR when the kernel is running in a virtualized environment. 0 is a
valid platform ID, however, microcode related logic is skipped in a
virtualized environment.
Since intel_get_platform_id() could be called early before cpuinfo_x86
is fully initialized in the case of CONFIG_MICROCODE_DBG, check whether
the kernel is running in a virtualized environment from CPUID. Use
cpuid_ecx() instead of native_cpuid_ecx() so that Xen PV guest will see
the virtualized bit.
Fixes: d8630b67ca1ed ("x86/cpu: Add platform ID to CPU info structure")
Reported-by: Vishal Verma <vishal.l.verma@intel.com>
Signed-off-by: Binbin Wu <binbin.wu@linux.intel.com>
Reviewed-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
---
v2:
- Drop the patch on KVM side. (Sean, Dave)
- Use X86_FEATURE_HYPERVISOR for better readability. (Dave)
- Use cpuid_ecx() instead of native_cpuid_ecx() to check the hypervisor bit.
- Add RB from Rick.
---
arch/x86/kernel/cpu/microcode/intel.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/arch/x86/kernel/cpu/microcode/intel.c b/arch/x86/kernel/cpu/microcode/intel.c
index 37ac4afe0972..1bc0c350726c 100644
--- a/arch/x86/kernel/cpu/microcode/intel.c
+++ b/arch/x86/kernel/cpu/microcode/intel.c
@@ -147,6 +147,10 @@ u32 intel_get_platform_id(void)
if (intel_cpuid_vfm() <= INTEL_PENTIUM_II_KLAMATH)
return 0;
+ /* Don't try to read microcode bits when virtualized. */
+ if (cpuid_ecx(1) & BIT(X86_FEATURE_HYPERVISOR & 0x1f))
+ return 0;
+
/* get processor flags from MSR 0x17 */
native_rdmsr(MSR_IA32_PLATFORM_ID, val[0], val[1]);
base-commit: 9974969c14031a097d6b45bcb7a06bb4aa525c40
--
2.46.0
next reply other threads:[~2026-04-30 2:05 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-30 2:09 Binbin Wu [this message]
2026-05-11 9:38 ` [PATCH v2] x86/cpu: Skip reading MSR_IA32_PLATFORM_ID in virtualized environment Kiryl Shutsemau
2026-05-11 10:04 ` Borislav Petkov
2026-05-12 1:57 ` Binbin Wu
2026-05-13 10:14 ` Borislav Petkov
2026-05-13 11:02 ` Binbin Wu
2026-05-13 11:08 ` Borislav Petkov
2026-05-13 12:20 ` Binbin Wu
2026-05-13 13:11 ` Borislav Petkov
2026-05-13 14:41 ` Binbin Wu
2026-05-13 20:00 ` Borislav Petkov
2026-05-13 20:06 ` [PATCH 1/2] x86/microcode: Do not access MSR_IA32_PLATFORM_ID when running as a guest Borislav Petkov
2026-05-14 6:22 ` Binbin Wu
2026-05-14 10:40 ` Borislav Petkov
2026-05-14 12:38 ` Xiaoyao Li
2026-05-14 14:13 ` Borislav Petkov
2026-05-13 20:07 ` [PATCH 2/2] x86/cpu: Move intel_get_platform_id() to cpu/intel.c Borislav Petkov
2026-05-14 6:25 ` Binbin Wu
2026-05-14 12:39 ` Xiaoyao Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260430020953.1405535-1-binbin.wu@linux.intel.com \
--to=binbin.wu@linux.intel.com \
--cc=chao.gao@intel.com \
--cc=dave.hansen@intel.com \
--cc=kas@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=vishal.l.verma@intel.com \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.