From: Sean Christopherson <seanjc@google.com>
To: Rick P Edgecombe <rick.p.edgecombe@intel.com>
Cc: "binbin.wu@linux.intel.com" <binbin.wu@linux.intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"changyuanl@google.com" <changyuanl@google.com>,
Binbin Wu <binbin.wu@intel.com>,
"x86@kernel.org" <x86@kernel.org>,
"kas@kernel.org" <kas@kernel.org>,
Xiaoyao Li <xiaoyao.li@intel.com>,
"hpa@zytor.com" <hpa@zytor.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"bp@alien8.de" <bp@alien8.de>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"tglx@kernel.org" <tglx@kernel.org>,
Isaku Yamahata <isaku.yamahata@intel.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>
Subject: Re: [PATCH] KVM: TDX: Set SIGNIFCANT_INDEX flag for supported CPUIDs
Date: Tue, 24 Feb 2026 12:42:57 -0800 [thread overview]
Message-ID: <aZ4NUZdbH6PPUr5K@google.com> (raw)
In-Reply-To: <d6820308325d5f8fee7918996ef98ab3f7b6ce6d.camel@intel.com>
On Tue, Feb 24, 2026, Rick P Edgecombe wrote:
> On Tue, 2026-02-24 at 08:03 -0800, Sean Christopherson wrote:
> > > But adding the consistency check here would cause compatibility issue.
> > > Generally, if a new CPUID indexed function is added for some new CPU and
> > > the TDX module reports it, KVM versions without the CPUID function in
> > > the list will trigger the warning.
> >
> > IMO, that's a good thing and working as intended. WARNs aren't inherently
> > evil. While the goal is to be WARN-free, in this case triggering the WARN if
> > the TDX Module is updated (or new silicon arrives) is desirable, because it
> > alerts us to that new behavior, so that we can go update KVM.
> >
> > But we should "fix" 0x23 and 0x24 before landing this patch.
>
> Would we backport those changes then? I would usually think that if the TDX
> module updates in such a way that triggers a warning in the kernel then it's a
> TDX module bug.
To stable@? No, I don't think see any reason to do that.
> I'm still not clear on the impact of this one, but assuming it's not too
> serious, could we discuss the WIP CPUID bit TDX arch stuff in PUCK before doing
> the change?
Sure, I don't see a rush on the patch.
> We were initially focusing on the problem of CPUID bits that affect host state,
> but then recently were discussing how many other categories of potential
> problems we should worry about at this point. So it would be good to understand
> the impact here.
>
> If this warn is a trend towards doubling back on the initial decision to expose
> the CPUID interface to userspace,
Maybe I'm missing something, but I think you're reading into the WARN waaaay too
much. I suggested it purely as a paranoid guard against the TDX Module doing
something bizarre and/or the kernel fat-fingering a CPUID function. I.e. there's
no ulterior motive here, unless maybe Changyuan is planning world domination or
something. :-D
> which I think is still doable and worth considering as an alternative, then
> this also affects how we would want the TDX module changes to work.
next prev parent reply other threads:[~2026-02-24 20:42 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-23 21:43 [PATCH] KVM: TDX: Set SIGNIFCANT_INDEX flag for supported CPUIDs Changyuan Lyu
2026-02-24 1:57 ` Edgecombe, Rick P
2026-02-24 8:50 ` Binbin Wu
2026-02-24 16:03 ` Sean Christopherson
2026-02-24 18:45 ` Edgecombe, Rick P
2026-02-24 20:42 ` Sean Christopherson [this message]
2026-02-24 21:44 ` Edgecombe, Rick P
2026-02-25 0:18 ` Binbin Wu
2026-02-25 3:23 ` Binbin Wu
2026-02-25 13:59 ` Sean Christopherson
2026-02-25 15:03 ` Binbin Wu
2026-02-24 21:29 ` Changyuan Lyu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aZ4NUZdbH6PPUr5K@google.com \
--to=seanjc@google.com \
--cc=binbin.wu@intel.com \
--cc=binbin.wu@linux.intel.com \
--cc=bp@alien8.de \
--cc=changyuanl@google.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=isaku.yamahata@intel.com \
--cc=kas@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=tglx@kernel.org \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.