On Tue, Apr 01, 2025 at 09:01:55AM -0400, Xiaoyao Li wrote:
> Date: Tue, 1 Apr 2025 09:01:55 -0400
> From: Xiaoyao Li <xiaoyao...@intel.com>
> Subject: [PATCH v8 45/55] i386/tdx: Add TDX fixed1 bits to supported CPUIDs
> X-Mailer: git-send-email 2.34.1
>
> TDX architecture forcibly sets some CPUID bits for TD guest that VMM
> cannot disable it. They are fixed1 bits.
>
> Fixed1 bits are not covered by tdx_caps.cpuid (which only contians the
> directly configurable bits), while fixed1 bits are supported for TD guest
> obviously.
>
> Add fixed1 bits to tdx_supported_cpuid. Besides, set all the fixed1
> bits to the initial set of KVM's support since KVM might not report them
> as supported.
>
> Signed-off-by: Xiaoyao Li <xiaoyao...@intel.com>
> ---
> target/i386/cpu.h | 2 +
> target/i386/kvm/kvm_i386.h | 7 ++
> target/i386/kvm/tdx.c | 132 +++++++++++++++++++++++++++++++++++++
> target/i386/sev.c | 5 --
> 4 files changed, 141 insertions(+), 5 deletions(-)
LGTM, (only some nits)
Reviewed-by: Zhao Liu <zhao1....@intel.com>
> + .entries[3] = {
> + .function = 0x7,
> + .index = 2,
> + .flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX,
> + .edx = (1U << 0) | (1U << 1) | (1U << 2) | (1U << 4),
Missed to use macro?
.edx = CPUID_7_2_EDX_PSFD | CPUID_7_2_EDX_IPRED_CTRL |
CPUID_7_2_EDX_RRSBA_CTRL | CPUID_7_2_EDX_BHI_CTRL
> + },
> + .entries[4] = {
> + .function = 0xD,
> + .index = 0,
> + .flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX,
> + .eax = XSTATE_FP_MASK | XSTATE_SSE_MASK,
> + },
> + .entries[5] = {
> + .function = 0xD,
> + .index = 1,
> + .flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX,
> + .eax = CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XSAVEC|
> + CPUID_XSAVE_XGETBV1 | CPUID_XSAVE_XSAVES,
> + },
> + .entries[6] = {
> + .function = 0x80000001,
> + .index = 0,
> + .ecx = CPUID_EXT3_LAHF_LM | CPUID_EXT3_ABM |
> CPUID_EXT3_3DNOWPREFETCH,
> + /* strictly speaking, SYSCALL is not fixed1 bit since it depends on
style nit?
/*
* strictly ...
*/
> + * the CPU to be in 64-bit mode. But here fixed1 is used to serve the
> + * purpose of supported bits for TDX. In this sense, SYACALL is
> always
> + * supported.
> + */
> + .edx = CPUID_EXT2_SYSCALL | CPUID_EXT2_NX | CPUID_EXT2_PDPE1GB |
> + CPUID_EXT2_RDTSCP | CPUID_EXT2_LM,
> + },
> + .entries[7] = {
> + .function = 0x80000007,
> + .index = 0,
> + .edx = CPUID_APM_INVTSC,
> + },
> +};
> +
...
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index a6c0a697250b..217b19ad7bc6 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -214,11 +214,6 @@ static const char *const sev_fw_errlist[] = {
> /* <linux/kvm.h> doesn't expose this, so re-use the max from kvm.c */
> #define KVM_MAX_CPUID_ENTRIES 100
This macro can also be cleaned up in this patch or in your patch 5.
