From: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
To: "linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
"Hansen, Dave" <dave.hansen@intel.com>,
"clopez@suse.de" <clopez@suse.de>,
"kas@kernel.org" <kas@kernel.org>,
"x86@kernel.org" <x86@kernel.org>
Cc: "ak@linux.intel.com" <ak@linux.intel.com>,
"bp@alien8.de" <bp@alien8.de>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"hpa@zytor.com" <hpa@zytor.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Luck, Tony" <tony.luck@intel.com>,
"tglx@kernel.org" <tglx@kernel.org>,
"stable@vger.kernel.org" <stable@vger.kernel.org>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>
Subject: Re: [PATCH] x86/tdx: Fix zero-extension for CPUID emulation
Date: Tue, 12 May 2026 22:24:51 +0000 [thread overview]
Message-ID: <43a913a1b4721c752443416a685631478bee2f10.camel@intel.com> (raw)
In-Reply-To: <7f7b8bfd-f39e-417c-991f-d224d58cb52a@intel.com>
On Tue, 2026-05-12 at 15:14 -0700, Dave Hansen wrote:
> The end result is that a TDX guest can use CPUID and end up having bits
> set in rax/rbx/rcx/rdx that are architecturally impossible. This patch
> is effectively fixing up the VMM naughtiness before the guest CPUID
> instance can see it.
A naughty VMM could mess with the guest in a number of ways though. For example
setting impossible bits in specific leafs in the lower 32 bits. This patch is a
relatively simple sanity check compared to a complete check of CPUID arch
matching (or MSR, etc) of course.
>
> Does anybody disagree with any of that?
>
> Do we *want* to fix this up silently? If we catch a malicious VMM trying
> to stuff garbage into the guest, shouldn't we be a bit more upset than
> silently papering over it?
I agree a warning would be appropriate. This should probably trigger a bug fix
in the VMM. For example, BIOS might hit it too. So I kind of wonder, how
valuable is catching this specific bug in the guest? Do we need to worry about
the specific issue for some reason?
On the other hand, the #VE handler is supposed to do the emulation of the
instruction, with the help of the TDVMCALL, so maybe the correctness should be
in the guest... Hmm...
next prev parent reply other threads:[~2026-05-12 22:24 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-12 21:37 [PATCH] x86/tdx: Fix zero-extension for CPUID emulation Carlos López
2026-05-12 21:48 ` Edgecombe, Rick P
2026-05-12 22:14 ` Dave Hansen
2026-05-12 22:24 ` Edgecombe, Rick P [this message]
2026-05-12 22:37 ` Dave Hansen
2026-05-12 22:43 ` Edgecombe, Rick P
2026-05-12 22:33 ` Carlos López
2026-05-12 22:15 ` Carlos López
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43a913a1b4721c752443416a685631478bee2f10.camel@intel.com \
--to=rick.p.edgecombe@intel.com \
--cc=ak@linux.intel.com \
--cc=bp@alien8.de \
--cc=clopez@suse.de \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kas@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=stable@vger.kernel.org \
--cc=tglx@kernel.org \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox