On Mon, 2024-02-26 at 00:27 -0800, isaku.yamahata@xxxxxxxxx wrote: > Implement a hook of KVM_SET_CPUID2 for additional consistency check. > > Intel TDX or AMD SEV has a restriction on the value of cpuid. For > example, > some values must be the same between all vcpus. Check if the new > values > are consistent with the old values. The check is light because the > cpuid > consistency is very model specific and complicated. The user space > VMM > should set cpuid and MSRs consistently. I see that this was suggested by Sean, but can you explain the problem that this is working around? From the linked thread, it seems like the problem is what to do when userspace also calls SET_CPUID after already configuring CPUID to the TDX module in the special way. The choices discussed included: 1. Reject the call 2. Check the consistency between the first CPUID configuration and the second one. 1 is a lot simpler, but the reasoning for 2 is because "some KVM code paths rely on guest CPUID configuration" it seems. Is this a hypothetical or real issue? Which code paths are problematic for TDX/SNP? Just trying to assess what we should do with these two patches.