Re: [RFC PATCH v2 4/4] KVM: x86: TDX: Report CORE_CAPABILITIES as supported

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] Missing handling of MSR_IA32_CORE_CAPS in tdx_set_msr() causes KVM_SET_MSRS to fail, breaking VM initialization and live migration.
--

commit 217a78047d73d2be68ef27e206470a6c237db79a
Author: Binbin Wu <binbin.wu@linux.intel.com>

KVM: x86: TDX: Report CORE_CAPABILITIES as supported

This commit adds CORE_CAPABILITIES to the TDX configurable CPUID allowlist
to accommodate legacy TDX module behavior. It also modifies tdx_get_msr()
to return 0 for MSR_IA32_CORE_CAPS.

> diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
> index 26a5ad59a5694..b7661ba98a8d4 100644
> --- a/arch/x86/kvm/vmx/tdx.c
> +++ b/arch/x86/kvm/vmx/tdx.c

[ ... ]

> @@ -2319,6 +2319,14 @@ int tdx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr)
>  			return 1;
>  		msr->data = vcpu->arch.mcg_ext_ctl;
>  		return 0;
> +	case MSR_IA32_CORE_CAPS:
> +		/*
> +		 * KVM doesn't support MSR_IA32_CORE_CAPS, however, in some old
> +		 * TDX modules, CPUID.0x7.0.EDX[30] is fixed-1. As a workaround,
> +		 * just return 0 for this MSR.
> +		 */
> +		msr->data = 0;
> +		return 0;

[Severity: High]
Since MSR_IA32_CORE_CAPS is now exposed to userspace via tdx_get_msr(), does
tdx_set_msr() need a corresponding update to accept host-initiated writes?

During VM migration or state restore, userspace typically reads MSRs on the
source and writes them to the destination. If tdx_set_msr() doesn't handle
MSR_IA32_CORE_CAPS, the KVM_SET_MSRS ioctl will fall through to the default
case.

Because tdx_has_emulated_msr() does not include MSR_IA32_CORE_CAPS, won't
tdx_set_msr() return an error and immediately abort the migration?

>  	default:
>  		if (!tdx_has_emulated_msr(msr->index))
>  			return 1;

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260604023314.3907511-1-binbin.wu@linux.intel.com?part=4