From: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
To: "seanjc@google.com" <seanjc@google.com>
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"Hansen, Dave" <dave.hansen@intel.com>,
"Yamahata, Isaku" <isaku.yamahata@intel.com>,
"dmaluka@chromium.org" <dmaluka@chromium.org>,
"x86@kernel.org" <x86@kernel.org>,
"kas@kernel.org" <kas@kernel.org>, "bp@alien8.de" <bp@alien8.de>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"mingo@redhat.com" <mingo@redhat.com>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"binbin.wu@linux.intel.com" <binbin.wu@linux.intel.com>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
"hpa@zytor.com" <hpa@zytor.com>,
"tglx@kernel.org" <tglx@kernel.org>,
"pbonzini@redhat.com" <pbonzini@redhat.com>
Subject: Re: [PATCH] KVM: TDX: Fix APIC MSR ranges in tdx_has_emulated_msr()
Date: Sat, 4 Apr 2026 00:11:14 +0000 [thread overview]
Message-ID: <faac37c7ba9e3a2e8d996e18c74301d9cefad3dc.camel@intel.com> (raw)
In-Reply-To: <adBIPdBA-aJWcUrY@google.com>
On Fri, 2026-04-03 at 16:07 -0700, Sean Christopherson wrote:
> > I mean ones where wrmsr is handled by the TDX module instead of generating a
> > #VE that gets morphed into TDVMCALL by the guest. Actually usually called
> > "native", but I just reused your "accelerated" term from the mail.
>
> It's neither. Precision matters here, otherwise I can't follow along.
> Accelerated means the CPU virtualizes it without software involvement. Native
> would mean the guest has direct access to bare metal hardware.
Oh, sorry.
> IIUC, what's happening here is that the TDX-Module is emulating x2APIC stuff.
I'll stick to this language. The tdx docs call them differently of course.
"native" there is about #VE or not. So I can talk about it with respect to VE or
!VE.
>
> > So... "Reduced #VE" (also called "VE reduction") reduces which things cause
> > a #VE. The guest opts into it and the TDX module starts behaving
> > differently. It's kind of grab bag of changes including changing CPUID
> > behavior, which is another wrinkle. It was intended to fixup guest side TDX
> > arch issues.
>
> And KVM has no visilibity into which mode the guest has selected? That's
> awful.
Yea, on both accounts. So where we are at with this is, starting to reject
changes that build on the pattern. We haven't gone so far as to ask for a
feature to notify the host of the guest opt-ins. But I wouldn't say we have a
grand design in mind either. If you have any clarity, please feel free to drop a
quotable.
>
> If KVM has no visiblity, then I don't see an option other than for KVM to
> advertise and emulate what it can at all times, and it becomes the guest's
> responsibility to not screw up. I guess it's not really any different from
> not trying to use MMIO accesses after switching to x2APIC mode.
Like your diff? Expose any MSRs that might be emulated in the TDX paradigm. But
don't expose all MSRs that KVM supports.
next prev parent reply other threads:[~2026-04-04 0:11 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-18 19:01 [PATCH] KVM: TDX: Fix APIC MSR ranges in tdx_has_emulated_msr() Dmytro Maluka
2026-03-18 19:42 ` Dave Hansen
2026-03-18 20:30 ` Dmytro Maluka
2026-03-19 1:14 ` Binbin Wu
2026-03-19 1:48 ` Dave Hansen
2026-03-19 7:40 ` Binbin Wu
2026-03-19 19:33 ` Edgecombe, Rick P
2026-04-03 16:30 ` Sean Christopherson
2026-04-03 18:40 ` Edgecombe, Rick P
2026-04-03 19:07 ` Sean Christopherson
2026-04-03 19:30 ` Edgecombe, Rick P
2026-04-03 23:07 ` Sean Christopherson
2026-04-04 0:11 ` Edgecombe, Rick P [this message]
2026-04-06 23:07 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=faac37c7ba9e3a2e8d996e18c74301d9cefad3dc.camel@intel.com \
--to=rick.p.edgecombe@intel.com \
--cc=binbin.wu@linux.intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=dmaluka@chromium.org \
--cc=hpa@zytor.com \
--cc=isaku.yamahata@intel.com \
--cc=kas@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=tglx@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox