From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 77FBA2AE68 for ; Wed, 25 Feb 2026 03:23:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.18 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771989805; cv=none; b=ngGwiDw1AeEe1AwQGtqb/B/c4H6su+9/WhgnFfBSIuDCbGnVmPmkJg5etv57UxdX3p5s8hZh8VTLgO3UkZ/Zdjqvv74JH0MeM97nFS4DAfEsT2+oK/UUbS9ZU0Er79TVYJAOyjBKPw6Op0QZQcFcyRrMjRSZtYwY6JWpCfjlMxA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771989805; c=relaxed/simple; bh=fdPpGFsfhcNkYYJovguqzV2NDnvxyAskr7Q6U0zrLa8=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=JVSLPPaAlM7EVJIpuekjXE8ob0J6XjmUY8O5OUVhdoftrpWuyaBb9AsGQSkAj3Y0nGLBrWpMjD5QNfKretx2yPl8t2Ms7ODf4xSoj02id86y5jI+6aXhKKGZMAFf2/P4LEEdWNGc4ai5+tZBLXTFDeY4YTJgoAGHb4MM1aBhp8c= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=J0YqMpnY; arc=none smtp.client-ip=198.175.65.18 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="J0YqMpnY" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1771989805; x=1803525805; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=fdPpGFsfhcNkYYJovguqzV2NDnvxyAskr7Q6U0zrLa8=; b=J0YqMpnYNLEgPd6BwsuAn20qSBGqMbj1VAKJ4EALM6ycynmJhMzVm3CZ 3wWXR9t7M1jKk4pB+YyO+eULilH+HmBD9BTeP0purdD2JD8SiZGSdFkaB V2FzmWGjwDvVwdyGM6zoXw4UcWWFFLaW5fC41Yv11cYYVPyaVmsOdoT9I b3CKzjz57Z/rPd3e+WCizySV4U9JGpVIEJQiEDREElhn0dQSYwhNT4B/D MmQZoaWNq+Qp1CclHaq11qLUCAPFBzTrpH3UfTZedjX+bQDU32N1eHCsI SCQ9EjU1ZSkF2RbRddDndgMPOdyuWg/gXWHyzIZOS8i/x42ioPi+b9JN+ w==; X-CSE-ConnectionGUID: s++2a1+MQgalPXurmVOryA== X-CSE-MsgGUID: 8JJbKvQ2QlGm9/jK4GC4pA== X-IronPort-AV: E=McAfee;i="6800,10657,11711"; a="73065562" X-IronPort-AV: E=Sophos;i="6.21,309,1763452800"; d="scan'208";a="73065562" Received: from orviesa003.jf.intel.com ([10.64.159.143]) by orvoesa110.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Feb 2026 19:23:25 -0800 X-CSE-ConnectionGUID: G1BEvh1TRlGwfDlwnpSI8w== X-CSE-MsgGUID: glHZXKZqRsyIuzSYpSo4Nw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.21,309,1763452800"; d="scan'208";a="220218433" Received: from unknown (HELO [10.238.1.83]) ([10.238.1.83]) by ORVIESA003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Feb 2026 19:23:21 -0800 Message-ID: <66336533-8bee-4219-9936-3163c7ce06bb@linux.intel.com> Date: Wed, 25 Feb 2026 11:23:17 +0800 Precedence: bulk X-Mailing-List: linux-coco@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] KVM: TDX: Set SIGNIFCANT_INDEX flag for supported CPUIDs To: Sean Christopherson Cc: Rick P Edgecombe , Xiaoyao Li , "changyuanl@google.com" , "pbonzini@redhat.com" , Binbin Wu , Isaku Yamahata , "bp@alien8.de" , "x86@kernel.org" , "kas@kernel.org" , "hpa@zytor.com" , "mingo@redhat.com" , "linux-kernel@vger.kernel.org" , "dave.hansen@linux.intel.com" , "tglx@kernel.org" , "kvm@vger.kernel.org" , "linux-coco@lists.linux.dev" References: <20260223214336.722463-1-changyuanl@google.com> <213d614fe73e183a230c8f4e0c8fa1cc3d45df39.camel@intel.com> Content-Language: en-US From: Binbin Wu In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On 2/25/2026 12:03 AM, Sean Christopherson wrote: > On Tue, Feb 24, 2026, Binbin Wu wrote: >> On 2/24/2026 9:57 AM, Edgecombe, Rick P wrote: >>>> diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c >>>> index 2d7a4d52ccfb4..0c524f9a94a6c 100644 >>>> --- a/arch/x86/kvm/vmx/tdx.c >>>> +++ b/arch/x86/kvm/vmx/tdx.c >>>> @@ -172,9 +172,15 @@ static void td_init_cpuid_entry2(struct >>>> kvm_cpuid_entry2 *entry, unsigned char i >>>>   entry->ecx = (u32)td_conf->cpuid_config_values[idx][1]; >>>>   entry->edx = td_conf->cpuid_config_values[idx][1] >> 32; >>>>   >>>> - if (entry->index == KVM_TDX_CPUID_NO_SUBLEAF) >>>> + if (entry->index == KVM_TDX_CPUID_NO_SUBLEAF) { >>>>   entry->index = 0; >>>> + entry->flags &= ~KVM_CPUID_FLAG_SIGNIFCANT_INDEX; >>> >>> There are two callers of this. One is already zeroed, and the other has >>> stack garbage in flags. But that second caller doesn't look at the >>> flags so it is harmless. Maybe it would be simpler and clearer to just >>> zero init the entry struct in that caller. Then you don't need to clear >>> it here. Or alternatively set flags to zero above, and then add >>> KVM_CPUID_FLAG_SIGNIFCANT_INDEX if needed. Rather than manipulating a >>> single bit in a field of garbage, which seems weird. > > +1, td_init_cpuid_entry2() should initialize flags to '0' and then set > KVM_CPUID_FLAG_SIGNIFCANT_INDEX as appropriate. > >>>> + } else { >>>> + entry->flags |= KVM_CPUID_FLAG_SIGNIFCANT_INDEX; >>>> + } >>>>   >>>> + WARN_ON_ONCE(cpuid_function_is_indexed(entry->function) != >>>> +      !!(entry->flags & >>>> KVM_CPUID_FLAG_SIGNIFCANT_INDEX)); >>> >>> It warns on leaf 0x23 for me. Is it intentional? >> >> I guess because the list in cpuid_function_is_indexed() is hard-coded >> and 0x23 is not added into the list yet. > > Yeah, I was anticipating that we'd run afoul of leaves that aren't known to > the kernel. FWIW, it looks like 0x24 is also indexed. > >> It's fine for existing KVM code because cpuid_function_is_indexed() is >> only used to check that if a CPUID entry is queried without index, it >> shouldn't be included in the indexed list. >> >> But adding the consistency check here would cause compatibility issue. >> Generally, if a new CPUID indexed function is added for some new CPU and >> the TDX module reports it, KVM versions without the CPUID function in >> the list will trigger the warning. > > IMO, that's a good thing and working as intended. WARNs aren't inherently evil. > While the goal is to be WARN-free, in this case triggering the WARN if the TDX > Module is updated (or new silicon arrives) is desirable, because it alerts us to > that new behavior, so that we can go update KVM. So it effectively leverages the TDX module's interface to retrieve the hardware information to validate the hard-coded list. Do we need to consider the panic_on_warn case? I guess the option will not be enabled in a production environment? > > But we should "fix" 0x23 and 0x24 before landing this patch. >