From: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
To: "seanjc@google.com" <seanjc@google.com>
Cc: "Gao, Chao" <chao.gao@intel.com>,
"Hansen, Dave" <dave.hansen@intel.com>,
"x86@kernel.org" <x86@kernel.org>,
"binbin.wu@linux.intel.com" <binbin.wu@linux.intel.com>,
"kas@kernel.org" <kas@kernel.org>,
"Li, Xiaoyao" <xiaoyao.li@intel.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Verma, Vishal L" <vishal.l.verma@intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"pbonzini@redhat.com" <pbonzini@redhat.com>
Subject: Re: [PATCH 1/2] KVM: TDX: Allow TDs to read MSR_IA32_PLATFORM_ID
Date: Tue, 28 Apr 2026 19:28:52 +0000 [thread overview]
Message-ID: <80e6526c042e6f78aee7cbc60a825c64bf75fad7.camel@intel.com> (raw)
In-Reply-To: <afD_8se-aOikeHTT@google.com>
On Tue, 2026-04-28 at 11:44 -0700, Sean Christopherson wrote:
> > This is a problem with the bare metal KVM behavior too, and it's just super
> > old?
>
> No? Oh, I see what you're asking.
I mean that KVM has hacked ABI around this already. So here we just don't do it
again.
> I'm mostly concerned about the host side of things. The problem with TDX is
> that a TDX-Module update could effectively
> change KVM's behavior, i.e. if the TDX-Module decides it needs to emulate
> PLATFORM_ID for whatever reason.
We have similar problems with CPUID bits.
Besides that, the guest can actually change some MSR handling. The reduced #VE
thing.
> So not only would KVM need to enumerate to userspace that the MSR is
> supported/emulated for TDX guests, KVM would also need to differentiate
> between emulated by KVM and emulated by the TDX-Module.
The KVM supported and TDX-Module supported ones are already effectively separate
things. And the guest can even know which one it is accessing.
I agree we can just not support this MSR for now, but I think Chao is right we
need a plan for this. I don't have any clear and confident ideas.
I'm seeing a lot of parrallels to the CPUID bit cleanup effort. Binbin and the
team did a bunch of pondering to find the right line between opt-ins everywhere
and avoiding backwards ABI issues. We probably need to do this here too.
>
> > For TDX, hmm. I guess the standard thing to do in order to avoid creating a
> > KVM ABI problems is just match the arch behavior. But for TDs, it is a very
> > special type of VM. The special TDX guest things can't work on bare metal.
> > Furthermore, guest opt ins can change what arch is even supposed to be
> > virtualized. So the normal KVM default thing to do doesn't always fit.
> >
> > So instead we will just virtualize as little as possible to keep Linux guest
> > running? Ok.
>
> Yeah, and the sequence of events matters. Most of KVM's half-hearted
> emulation of random MSRs exists because KVM needed to be able to run existing
> kernels. But once KVM (and other hypervisors) existed, kernels learned to run
> as guests (and hardware vendors largely did a better job of explicitly
> enumerating MSRs and whatnot), and so the need to throw hacks into KVM mostly
> went away.
So now we don't want to throw hacks in again. But we (Intel TDX folks) need to
make sure TDX arch makes it so there isn't a pressure for hacks too.
next prev parent reply other threads:[~2026-04-28 19:28 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-28 2:47 [PATCH 0/2] Fix MSR_IA32_PLATFORM_ID access for TDX guests Binbin Wu
2026-04-28 2:47 ` [PATCH 1/2] KVM: TDX: Allow TDs to read MSR_IA32_PLATFORM_ID Binbin Wu
2026-04-28 5:31 ` Xiaoyao Li
2026-04-28 11:44 ` Chao Gao
2026-04-28 16:30 ` Sean Christopherson
2026-04-28 18:31 ` Edgecombe, Rick P
2026-04-28 18:44 ` Sean Christopherson
2026-04-28 19:28 ` Edgecombe, Rick P [this message]
2026-04-28 18:49 ` Dave Hansen
2026-04-29 9:09 ` Binbin Wu
2026-04-28 2:47 ` [PATCH 2/2] x86/cpu: Skip reading MSR_IA32_PLATFORM_ID in virtualized environment Binbin Wu
2026-04-28 6:01 ` Xiaoyao Li
2026-04-28 9:57 ` Binbin Wu
2026-04-28 18:54 ` Edgecombe, Rick P
2026-04-28 19:13 ` Dave Hansen
2026-04-29 23:14 ` Dave Hansen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=80e6526c042e6f78aee7cbc60a825c64bf75fad7.camel@intel.com \
--to=rick.p.edgecombe@intel.com \
--cc=binbin.wu@linux.intel.com \
--cc=chao.gao@intel.com \
--cc=dave.hansen@intel.com \
--cc=kas@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=vishal.l.verma@intel.com \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox