Re: [PATCH 1/2] KVM: TDX: Allow TDs to read MSR_IA32_PLATFORM_ID

[Chao Gao]

On Tue, Apr 28, 2026 at 10:47:45AM +0800, Binbin Wu wrote:
>Add MSR_IA32_PLATFORM_ID to tdx_has_emulated_msr() so that TDs can read
>it.
>
>Linux kernel reads MSR_IA32_PLATFORM_ID during init since commit
>d8630b67ca1e ("x86/cpu: Add platform ID to CPU info structure").  KVM
>already supports this MSR on read for normal VMs by returning 0.
>Without support for this MSR, TDs get unchecked MSR access errors.
>
>    unchecked MSR access error: RDMSR from 0x17 at rIP: 0xffffffffba38d6fc (intel_get_platform_id+0x7c/0xb0)
>    Call Trace:
>     <TASK>
>     ? early_init_intel+0x28/0x2c0
>     ? early_cpu_init+0x9b/0x930
>     ? setup_arch+0xbf/0xbb0
>     ? _printk+0x6b/0x90
>     ? start_kernel+0x7f/0xaa0
>     ? x86_64_start_reservations+0x24/0x30
>     ? x86_64_start_kernel+0xda/0xe0
>     ? common_startup_64+0x13e/0x141
>     </TASK>
>
>Add MSR_IA32_PLATFORM_ID in tdx_has_emulated_msr() to allow TDs to read
>the MSR.  MSR_IA32_PLATFORM_ID is read-only by hardware definition, i.e.
>KVM should never add it as writable, no need to add it in
>tdx_is_read_only_msr().
>
>Fixes: dd50294f3e3c ("KVM: TDX: Implement callbacks for MSR operations")
>Reported-by: Vishal Verma <vishal.l.verma@xxxxxxxxx>
>Signed-off-by: Binbin Wu <binbin.wu@xxxxxxxxxxxxxxx>
>---
> arch/x86/kvm/vmx/tdx.c | 1 +
> 1 file changed, 1 insertion(+)
>
>diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
>index 04ce321ebdf3..812ad99b11e5 100644
>--- a/arch/x86/kvm/vmx/tdx.c
>+++ b/arch/x86/kvm/vmx/tdx.c
>@@ -2094,6 +2094,7 @@ void tdx_get_exit_info(struct kvm_vcpu *vcpu, u32 *reason,
> bool tdx_has_emulated_msr(u32 index)
> {
> 	switch (index) {
>+	case MSR_IA32_PLATFORM_ID:
> 	case MSR_IA32_UCODE_REV:
> 	case MSR_IA32_ARCH_CAPABILITIES:
> 	case MSR_IA32_POWER_CTL:

This patch looks good to me. But the rule for which MSRs should be emulated
by KVM for TDX is not very clear to me.

Maybe we can document the rule here, if there is one. That would make it
much easier to tell whether future issues like this are guest regressions
or missing KVM handling.