Re: [PATCH] KVM: TDX: Fix APIC MSR ranges in tdx_has_emulated_msr()

[Edgecombe, Rick P]

On Thu, 2026-03-19 at 15:40 +0800, Binbin Wu wrote:
> tdx_has_emulated_msr() is used by KVM to decide whether to emulate a MSR access from the
> TDVMCALL or just return the error code.
> 
> During an off-list discussion, Rick noted that #VE reduction could change the behavior of
> accessing an MSR (e.g., from #VE to #GP or to be virtualized by the TDX module) without
> KVM knowing.Because KVM lacks the full context to perfectly decide if an MSR should be
> emulated, the question was raised: Can we just delete tdx_has_emulated_msr() entirely?
> 
> However, these native type x2apic MSRs are a special case. Since the TDX module owns the
> APICv page, KVM cannot emulate these MSRs. If we remove tdx_has_emulated_msr(), a guest
> directly issuing TDVMCALLs for these native type x2apic MSRs will trigger a silent failure,
> even though this is the guest's fault.
> 
> It comes down to a tradeoff. Should we prioritize code simplicity by dropping the function,
> or keep it to explicitly catch this misbehaving guest corner case?

I think from KVM's perspective it doesn't want to help the guest behave
correctly. So we can ignore that I think. But it does really care to not define
any specific guest ABI that it has to maintain. So tdx_has_emulated_msr() has
some value there. And even more, it wants to not allow the guest to hurt the
host.

On the latter point, another problem with deleting tdx_has_emulated_msr() is the
current code path skips the checks done in the other MSR paths. So we would need
to call some appropriate higher up MSR helper to protect the host? And that
wades into the CPUID bit consistency issues.

So maybe... could we do a more limited version of the deletion where we allow
all the APIC MSRs through? We'd have to check that it won't cause problems.

Failing that, we should maybe just explicitly list the ones TDX supports rather
than the current way we define the APIC ones. As you mention below, it's not
correct in other ways too so it could be more robust.

> 
> 
> BTW, besides the bug described by this patch, according to the latest published TDX module
> ABI table, MSR IA32_X2APIC_SELF_IPI is native type, but not included in the list.
> There are some MSRs, which are reserved for xAPIC MSR, not included in the list, but they
> can be covered by the KVM common code.