Hi, This is a new effort to solicit community feedback for potential future TDX module features. There are two features in different stages of development around the configurability of the max physical address exposed in 0x80000008.EAX. I was hoping to get some comments on them and share the current plans on whether to implement them in KVM. One of the TDX module features is called MAXPA_VIRT. In short, it is similar to KVM’s allow_smaller_maxphyaddr. It requires an explicit opt-in by the VMM, and allows a TD’s 0x80000008.EAX[7:0] to be configured by the VMM. Accesses to physical addresses above the specified value by the TD will cause the TDX module to inject a mostly correct #PF with the RSVD error code set. It has to deal with the same problems as allow_smaller_maxphyaddr for correctly setting the RSVD bit. I wasn’t thinking to push this feature for KVM due the movement away from allow_smaller_maxphyaddr and towards 0x80000008.EAX[23:16]. There is also a potential future TDX module feature currently being evaluated around the configurability of 0x80000008.EAX[23:16]. I wanted to get some community comments on the feature while it is still in the early stages of development. 0x80000008[7:0] is defined by the SDM as MAXPHYADDR. KVM is designed to work with guest MAXPHYADDR set to host MAXPHYADDR. In the future there is work for KVM to also accommodate a potentially smaller value in 0x80000008.EAX[23:16] for normal VMs. This value is defined by AMD spec as GuestPhysAddrSize: Maximum guest physical address size in bits. This number applies only to guests using nested paging. When this field is zero, refer to the PhysAddrSize field for the maximum guest physical address size. The idea is that TDX module could add the capability to configure these bits as well, so that TDs could match normal VMs for cases where there is a desire for the guests MAXPA to be smaller than the hosts. The requirements would be, roughly: - The VMM specifies the 0x80000008.EAX[23:16] when creating a TD. - The TDX module does sanity checking. - The 0x80000008.EAX[23:16] field is used to communicate the max addressable GPA to the guest. It will be used by the guest firmware to make sure resources like PCI bars are mapped into the addressable GPA. - If the guest attempts to access memory beyond the max addressable GPA, then the TDX module generates EPT violation to the VMM. For the VMM, this case means that the guest attempted to access "invalid" (I/O) memory. - The VMM will be expected to terminate the TD guest. The VMM may send a notification, but the TDX module doesn't necessarily need to know how. Glad to hear any comments. Thanks. Rick
