From: Xiaoyao Li <xiaoyao.li@intel.com>
To: Sean Christopherson <seanjc@google.com>,
Rick P Edgecombe <rick.p.edgecombe@intel.com>
Cc: Kai Huang <kai.huang@intel.com>,
"binbin.wu@linux.intel.com" <binbin.wu@linux.intel.com>,
Reinette Chatre <reinette.chatre@intel.com>,
Yan Y Zhao <yan.y.zhao@intel.com>,
"tony.lindgren@linux.intel.com" <tony.lindgren@linux.intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
Isaku Yamahata <isaku.yamahata@intel.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>,
Adrian Hunter <adrian.hunter@intel.com>
Subject: Re: (Proposal) New TDX Global Metadata To Report FIXED0 and FIXED1 CPUID Bits
Date: Fri, 20 Dec 2024 10:40:35 +0800 [thread overview]
Message-ID: <88c87ff8-bae0-4522-bb65-109b959a7e52@intel.com> (raw)
In-Reply-To: <Z2OEQdxgLX0GM70n@google.com>
On 12/19/2024 10:33 AM, Sean Christopherson wrote:
>>> For all other CPUID bits, what the TDX Module thinks and/or presents to the guest
>>> is completely irrelevant, at least as far as KVM cares, and to some extent as far
>>> as QEMU cares. This includes the TDX Module's FEATURE_PARAVIRT_CTRL, which frankly
>>> is asinine and should be ignored. IMO, the TDX Module spec is entirely off the
>>> mark in its assessment of paravirtualization. Injecting a #VE instead of a #GP
>>> isn't "paravirtualization".
>>>
>>> Take TSC_DEADLINE as an example. "Disabling" the feature from the guest's side
>>> simply means that WRMSR #GPs instead of #VEs.*Nothing* has changed from KVM's
>>> perspective. If the guest makes a TDVMCALL to write IA32_TSC_DEADLINE, KVM has
>>> no idea if the guest has opted in/out of #VE vs #GP. And IMO, a sane guest will
>>> never take a #VE or #GP if it wants to use TSC_DEADLINE; the kernel should instead
>>> make a direct TDVMCALL and save itself a pointless exception.
>>>
>>> Enabling Guest TDs are not allowed to access the IA32_TSC_DEADLINE MSR directly.
>>> Virtualization of IA32_TSC_DEADLINE depends on the virtual value of
>>> CPUID(1).ECX[24] bit (TSC Deadline). The host VMM may configure (as an input to
>>> TDH.MNG.INIT) virtual CPUID(1).ECX[24] to be a constant 0 or allow it to be 1
>>> if the CPU’s native value is 1.
>>>
>>> If the TDX module supports #VE reduction, as enumerated by TDX_FEATURES0.VE_REDUCTION
>>> (bit 30), and the guest TD has set TD_CTLS.REDUCE_VE to 1, it may control the
>>> value of virtual CPUID(1).ECX[24] by writing TDCS.FEATURE_PARAVIRT_CTRL.TSC_DEADLINE.
>>>
>>> • If the virtual value of CPUID(1).ECX[24] is 0, IA32_TSC_DEADLINE is virtualized
>>> as non-existent. WRMSR or RDMSR attempts result in a #GP(0).
>>>
>>> • If the virtual value of CPUID(1).ECX[24] is 1, WRMSR or RDMSR attempts result
>>> in a #VE(CONFIG_PARAVIRT). This enables the TD’s #VE handler.
>>>
>>> Ditto for TME, MKTME.
>>>
>>> FEATURE_PARAVIRT_CTRL.MCA is even weirder, but I still don't see any reason for
>>> KVM or QEMU to care if it's fixed or configurable. There's some crazy logic for
>>> whether or not CR4.MCE can be cleared, but the host can't see guest CR4, and so
>>> once again, the TDX Module's view of MCA is irrelevant when it comes to handling
>>> TDVMCALL for the machine check MSRs.
>>>
>>> So I think this again purely comes to back to KVM correctness and safety. More
>>> specifically, the TDX Module needs to report features that are unconditionally
>>> enabled or disabled and can't be emulated by KVM. For everything else, I don't
>>> see any reason to care what the TDX module does.
>>>
>>> I'm pretty sure that gives us a way forward. If there only a handful of features
>>> that are unconditionally exposed to the guest, then KVM forces those features in
>>> cpu_caps[*].
>> I see. Hmm. We could use this new interface to double check the fixed bits. It
>> seems like a relatively cheap sanity check.
>>
>> There already is an interface to get CPUID bits (fixed and dynamic). But it only
>> works after a TD is configured. So if we want to do extra verification or
>> adjustments, we could use it before entering the TD. Basically, if we delay this
>> logic we don't need to wait for the fixed bit interface.
> Oh, yeah, that'd work. Grab the guest CPUID and then verify that bits KVM needs
> to be 0 (or 1) are set according, and WARN+kill if there's a mismatch.
>
> Honestly, I'd probably prefer that over using the fixed bit interface, as my gut
> says it's less likely for the TDX Module to misreport what CPUID it has created
> for the guest, than it is for the TDX module to generate a "fixed bits" list that
> doesn't match the code. E.g. KVM has (had?) more than a few CPUID features that
> KVM emulates without actually reporting support to userspace.
The original motivation of the proposed fxied0 and fixed1 data is to
complement the CPUID configurability report, which is important for
userspace. E.g., Currently, what QEMU is doing is hardcoding the fixed0
and fixed1 information of a specific TDX release to adjust the
KVM_GET_SUPPORTED_CPUID result and gets a final "supported" CPUID set
for TDX. Hardcoding is not a good idea and it's better that KVM can get
the data from TDX module, then pass to userspace (of course KVM can
tweak the data based on its own requirement). So, do you think it's
useful to have TDX module report the fixed0/fixed1 data for this purpose?
next prev parent reply other threads:[~2024-12-20 2:41 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-06 2:42 (Proposal) New TDX Global Metadata To Report FIXED0 and FIXED1 CPUID Bits Xiaoyao Li
2024-12-06 18:41 ` Edgecombe, Rick P
2024-12-10 3:22 ` Xiaoyao Li
2024-12-10 17:45 ` Edgecombe, Rick P
2024-12-17 1:53 ` Sean Christopherson
2024-12-17 4:27 ` Xiaoyao Li
2024-12-17 21:31 ` Edgecombe, Rick P
2024-12-18 0:08 ` Sean Christopherson
2024-12-19 1:56 ` Edgecombe, Rick P
2024-12-19 2:33 ` Sean Christopherson
2024-12-19 17:52 ` Edgecombe, Rick P
2024-12-20 2:40 ` Xiaoyao Li [this message]
2024-12-20 16:59 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=88c87ff8-bae0-4522-bb65-109b959a7e52@intel.com \
--to=xiaoyao.li@intel.com \
--cc=adrian.hunter@intel.com \
--cc=binbin.wu@linux.intel.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=tony.lindgren@linux.intel.com \
--cc=yan.y.zhao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).