From: Sean Christopherson <seanjc@google.com>
To: Kai Huang <kai.huang@intel.com>
Cc: Chang Seok Bae <chang.seok.bae@intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"kas@kernel.org" <kas@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
"x86@kernel.org" <x86@kernel.org>
Subject: Re: [PATCH v2 5/6] KVM: x86: Track available/dirty register masks as "unsigned long" values
Date: Tue, 14 Apr 2026 08:48:54 -0700 [thread overview]
Message-ID: <ad5h5hO7_QmJlOVk@google.com> (raw)
In-Reply-To: <d6f05e5fa781ccb465d27a4fb1c7c1ac1e9e95ff.camel@intel.com>
On Mon, Apr 13, 2026, Kai Huang wrote:
> On Mon, 2026-04-13 at 07:54 -0700, Sean Christopherson wrote:
> > More importantly, because the TDX-Module *requires* RCX (the GPR that holds the
> > mask of registers to expose to the VMM) to be hidden on TDVMCALL, KVM *can't*
> > do any kind of meaningful "available" tracking.
> >
>
> Hmm I think RCX conveys the shared GPRs and VMM can read. Per "Table 5.323:
> TDH.VP.ENTER Output Operands Format #5 Definition: On TDCALL(TDG.VP.VMCALL)
> Following a TD Entry":
>
> RCX ...
> Bit(s) Name Description
>
> 31:0 PARAMS_MASK Value as passed into TDCALL(TDG.VP.VMCALL) by
> the guest TD: indicates which part of the guest
> TD GPR and XMM state is passed as-is to the
> VMM
> and back. For details, see the description of
> TDG.VP.VMCALL in 5.5.26.
The problem is that bit 1 in RCX is required to be '0'. I.e. the guest *can't*
expose RCX to the VMM. From the spec:
15:0 GPR Mask Controls the transfer of GPR values:
Bit 0: RAX (must be 0)
Bit 1: RCX (must be 0)
And the code:
api_error_type tdg_vp_vmcall(uint64_t controller_value)
{
api_error_type retval = TDX_OPERAND_INVALID;
tdx_module_local_t* tdx_local_data_ptr = get_local_data();
tdvmcall_control_t control = { .raw = controller_value };
// Bits 0, 1 and 4 and 63:32 of RCX must be 0
if (((control.gpr_select & (uint16_t)(BIT(0) | BIT(1) | BIT(4))) != 0) || <==== sadness
(control.reserved != 0))
{
retval = api_error_with_operand_id(TDX_OPERAND_INVALID, OPERAND_ID_RCX);
TDX_ERROR("Unsupported bits in GPR_SELECT field = 0x%x\n", control.gpr_select)
goto EXIT_FAILURE;
}
Oh, dagnabbit. The spec also says:
The value of RCX itself is always passed to the host VMM.
and then in code:
td_exit_qual.gpr_select = control.gpr_select;
td_exit_qual.xmm_select = control.xmm_select;
tdx_local_data_ptr->vmm_regs.rcx = td_exit_qual.raw;
// RAX is not copied, RCX filled above, start from RDX
I don't get why TDX requires bit 1 to be 0, but whatever.
So I was wrong, KVM can (and should!) validate the registers coming from the
guest. If we want to harden TDX, that's the obvious first step.
next prev parent reply other threads:[~2026-04-14 15:49 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-09 22:42 [PATCH v2 0/6] KVM: x86: Reg cleanups / prep work for APX Sean Christopherson
2026-04-09 22:42 ` [PATCH v2 1/6] KVM: x86: Add dedicated storage for guest RIP Sean Christopherson
2026-04-10 18:43 ` Chang S. Bae
2026-04-14 12:31 ` Xiaoyao Li
2026-04-14 13:59 ` Chang S. Bae
2026-04-14 15:37 ` Sean Christopherson
2026-04-15 1:28 ` Xiaoyao Li
2026-04-15 16:06 ` Sean Christopherson
2026-04-09 22:42 ` [PATCH v2 2/6] KVM: x86: Drop the "EX" part of "EXREG" to avoid collision with APX Sean Christopherson
2026-04-13 11:23 ` Huang, Kai
2026-04-09 22:42 ` [PATCH v2 3/6] KVM: nVMX: Do a bitwise-AND of regs_avail when switching active VMCS Sean Christopherson
2026-04-09 22:42 ` [PATCH v2 4/6] KVM: x86: Add wrapper APIs to reset dirty/available register masks Sean Christopherson
2026-04-09 22:42 ` [PATCH v2 5/6] KVM: x86: Track available/dirty register masks as "unsigned long" values Sean Christopherson
2026-04-13 11:24 ` Huang, Kai
2026-04-13 11:28 ` Huang, Kai
2026-04-13 14:54 ` Sean Christopherson
2026-04-13 23:03 ` Huang, Kai
2026-04-14 2:12 ` Xiaoyao Li
2026-04-14 14:04 ` Sean Christopherson
2026-04-15 11:29 ` Xiaoyao Li
2026-04-15 12:20 ` Xiaoyao Li
2026-04-15 16:05 ` Sean Christopherson
2026-04-14 15:48 ` Sean Christopherson [this message]
2026-04-14 22:21 ` Huang, Kai
2026-04-09 22:42 ` [PATCH v2 6/6] KVM: x86: Use a proper bitmap for tracking available/dirty registers Sean Christopherson
2026-04-13 11:31 ` [PATCH v2 0/6] KVM: x86: Reg cleanups / prep work for APX Huang, Kai
2026-05-13 16:50 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ad5h5hO7_QmJlOVk@google.com \
--to=seanjc@google.com \
--cc=chang.seok.bae@intel.com \
--cc=kai.huang@intel.com \
--cc=kas@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.