On 9/13/2024 2:41 AM, Sean Christopherson wrote:
CET might be a bad example because it looks like it's controlled by TDCS.XFAM, but
presumably there are other CPUID-based features that would actively enable some
feature for a TDX VM.
XFAM is controlled by userspace though, not KVM, so we've got no
control on that either.
I assume it's plain text though? I.e. whatever ioctl() sets TDCS.XFAM can be
rejected by KVM if it attempts to enable unsupported features?
yes. XFAM is validated by KVM actually in this series.
KVM reports supported_xfam via KVM_TDX_CAPABILITIES and userspace sets
XFAM via ioctl(KVM_TDX_VM_INIT). If userspace sets any bits beyond the
supported_xfam, KVM returns -EINVAL.
The same for attributes.
I don't expect that we'll want KVM to gatekeep many, if any features, but I do
think we should require explicit enabling in KVM whenever possible, even if the
enabling is boring and largely ceremonial.
+1