1. Patchew
  2. QEMU
  3. [PATCH v6 00/60] QEMU TDX support
  4. View patch

[PATCH v6 43/60] i386/tdx: Only configure MSR_IA32_UCODE_REV in kvm_init_msrs() for TDs

Xiaoyao Li posted 60 patches 1 year, 3 months ago
There is a newer version of this series
[PATCH v6 43/60] i386/tdx: Only configure MSR_IA32_UCODE_REV in kvm_init_msrs() for TDs
Posted by Xiaoyao Li 1 year, 3 months ago 
For TDs, only MSR_IA32_UCODE_REV in kvm_init_msrs() can be configured
by VMM, while the features enumerated/controlled by other MSRs except
MSR_IA32_UCODE_REV in kvm_init_msrs() are not under control of VMM.

Only configure MSR_IA32_UCODE_REV for TDs.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
---
 target/i386/kvm/kvm.c | 44 ++++++++++++++++++++++---------------------
 1 file changed, 23 insertions(+), 21 deletions(-)

diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 595439f4a4d6..8909fce14909 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -3852,32 +3852,34 @@ static void kvm_init_msrs(X86CPU *cpu)
     CPUX86State *env = &cpu->env;
 
     kvm_msr_buf_reset(cpu);
-    if (has_msr_arch_capabs) {
-        kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES,
-                          env->features[FEAT_ARCH_CAPABILITIES]);
-    }
-
-    if (has_msr_core_capabs) {
-        kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY,
-                          env->features[FEAT_CORE_CAPABILITY]);
-    }
-
-    if (has_msr_perf_capabs && cpu->enable_pmu) {
-        kvm_msr_entry_add_perf(cpu, env->features);
+
+    if (!is_tdx_vm()) {
+        if (has_msr_arch_capabs) {
+            kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES,
+                                env->features[FEAT_ARCH_CAPABILITIES]);
+        }
+
+        if (has_msr_core_capabs) {
+            kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY,
+                                env->features[FEAT_CORE_CAPABILITY]);
+        }
+
+        if (has_msr_perf_capabs && cpu->enable_pmu) {
+            kvm_msr_entry_add_perf(cpu, env->features);
+        }
+
+        /*
+         * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but
+         * all kernels with MSR features should have them.
+         */
+        if (kvm_feature_msrs && cpu_has_vmx(env)) {
+            kvm_msr_entry_add_vmx(cpu, env->features);
+        }
     }
 
     if (has_msr_ucode_rev) {
         kvm_msr_entry_add(cpu, MSR_IA32_UCODE_REV, cpu->ucode_rev);
     }
-
-    /*
-     * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but
-     * all kernels with MSR features should have them.
-     */
-    if (kvm_feature_msrs && cpu_has_vmx(env)) {
-        kvm_msr_entry_add_vmx(cpu, env->features);
-    }
-
     assert(kvm_buf_set_msrs(cpu) == 0);
 }
 
-- 
2.34.1
Re: [PATCH v6 43/60] i386/tdx: Only configure MSR_IA32_UCODE_REV in kvm_init_msrs() for TDs
Posted by Ira Weiny 1 year, 1 month ago 
On Tue, Nov 05, 2024 at 01:23:51AM -0500, Xiaoyao Li wrote:
> For TDs, only MSR_IA32_UCODE_REV in kvm_init_msrs() can be configured
> by VMM, while the features enumerated/controlled by other MSRs except
> MSR_IA32_UCODE_REV in kvm_init_msrs() are not under control of VMM.

I'm confused by this commit message.  If these features are not under VMM
control with TDX who controls them?  I assume it is the TDX module.  But where
are the qemu hooks to talk to the module?  Are they not needed in qemu at all?

Also, why are the has_msr_* flags true for a TDX TD in the first place?

Ira

> 
> Only configure MSR_IA32_UCODE_REV for TDs.
> 
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>  target/i386/kvm/kvm.c | 44 ++++++++++++++++++++++---------------------
>  1 file changed, 23 insertions(+), 21 deletions(-)
> 
> diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
> index 595439f4a4d6..8909fce14909 100644
> --- a/target/i386/kvm/kvm.c
> +++ b/target/i386/kvm/kvm.c
> @@ -3852,32 +3852,34 @@ static void kvm_init_msrs(X86CPU *cpu)
>      CPUX86State *env = &cpu->env;
>  
>      kvm_msr_buf_reset(cpu);
> -    if (has_msr_arch_capabs) {
> -        kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES,
> -                          env->features[FEAT_ARCH_CAPABILITIES]);
> -    }
> -
> -    if (has_msr_core_capabs) {
> -        kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY,
> -                          env->features[FEAT_CORE_CAPABILITY]);
> -    }
> -
> -    if (has_msr_perf_capabs && cpu->enable_pmu) {
> -        kvm_msr_entry_add_perf(cpu, env->features);
> +
> +    if (!is_tdx_vm()) {
> +        if (has_msr_arch_capabs) {
> +            kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES,
> +                                env->features[FEAT_ARCH_CAPABILITIES]);
> +        }
> +
> +        if (has_msr_core_capabs) {
> +            kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY,
> +                                env->features[FEAT_CORE_CAPABILITY]);
> +        }
> +
> +        if (has_msr_perf_capabs && cpu->enable_pmu) {
> +            kvm_msr_entry_add_perf(cpu, env->features);
> +        }
> +
> +        /*
> +         * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but
> +         * all kernels with MSR features should have them.
> +         */
> +        if (kvm_feature_msrs && cpu_has_vmx(env)) {
> +            kvm_msr_entry_add_vmx(cpu, env->features);
> +        }
>      }
>  
>      if (has_msr_ucode_rev) {
>          kvm_msr_entry_add(cpu, MSR_IA32_UCODE_REV, cpu->ucode_rev);
>      }
> -
> -    /*
> -     * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but
> -     * all kernels with MSR features should have them.
> -     */
> -    if (kvm_feature_msrs && cpu_has_vmx(env)) {
> -        kvm_msr_entry_add_vmx(cpu, env->features);
> -    }
> -
>      assert(kvm_buf_set_msrs(cpu) == 0);
>  }
>  
> -- 
> 2.34.1
>
Re: [PATCH v6 43/60] i386/tdx: Only configure MSR_IA32_UCODE_REV in kvm_init_msrs() for TDs
Posted by Paolo Bonzini 1 year, 1 month ago 
On 12/13/24 15:42, Ira Weiny wrote:
> On Tue, Nov 05, 2024 at 01:23:51AM -0500, Xiaoyao Li wrote:
>> For TDs, only MSR_IA32_UCODE_REV in kvm_init_msrs() can be configured
>> by VMM, while the features enumerated/controlled by other MSRs except
>> MSR_IA32_UCODE_REV in kvm_init_msrs() are not under control of VMM.
> 
> I'm confused by this commit message.  If these features are not under VMM
> control with TDX who controls them?  I assume it is the TDX module.  But where
> are the qemu hooks to talk to the module?  Are they not needed in qemu at all?

The TDX module controls the values of the MSRs, and the values cannot be 
affected by QEMU so there is nothing that QEMU needs to (or can) do.

> Also, why are the has_msr_* flags true for a TDX TD in the first place?

KVM only provides a system ioctl for this purpose, not a VM ioctl; so 
there is currently no way to obtain the information for the VM.

Paolo

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.