Re: [PATCH 1/2] KVM: TDX: Allow TDs to read MSR_IA32_PLATFORM_ID

[Sean Christopherson]

On Tue, Apr 28, 2026, Chao Gao wrote:
> On Tue, Apr 28, 2026 at 10:47:45AM +0800, Binbin Wu wrote:
> >Add MSR_IA32_PLATFORM_ID to tdx_has_emulated_msr() so that TDs can read
> >it.
> >
> >Linux kernel reads MSR_IA32_PLATFORM_ID during init since commit
> >d8630b67ca1e ("x86/cpu: Add platform ID to CPU info structure").  KVM
> >already supports this MSR on read for normal VMs by returning 0.
> >Without support for this MSR, TDs get unchecked MSR access errors.
> >
> >    unchecked MSR access error: RDMSR from 0x17 at rIP: 0xffffffffba38d6fc (intel_get_platform_id+0x7c/0xb0)
> >    Call Trace:
> >     <TASK>
> >     ? early_init_intel+0x28/0x2c0
> >     ? early_cpu_init+0x9b/0x930
> >     ? setup_arch+0xbf/0xbb0
> >     ? _printk+0x6b/0x90
> >     ? start_kernel+0x7f/0xaa0
> >     ? x86_64_start_reservations+0x24/0x30
> >     ? x86_64_start_kernel+0xda/0xe0
> >     ? common_startup_64+0x13e/0x141
> >     </TASK>
> >
> >Add MSR_IA32_PLATFORM_ID in tdx_has_emulated_msr() to allow TDs to read
> >the MSR.  MSR_IA32_PLATFORM_ID is read-only by hardware definition, i.e.
> >KVM should never add it as writable, no need to add it in
> >tdx_is_read_only_msr().
> >
> >Fixes: dd50294f3e3c ("KVM: TDX: Implement callbacks for MSR operations")
> >Reported-by: Vishal Verma <vishal.l.verma@xxxxxxxxx>
> >Signed-off-by: Binbin Wu <binbin.wu@xxxxxxxxxxxxxxx>
> >---
> > arch/x86/kvm/vmx/tdx.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> >diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
> >index 04ce321ebdf3..812ad99b11e5 100644
> >--- a/arch/x86/kvm/vmx/tdx.c
> >+++ b/arch/x86/kvm/vmx/tdx.c
> >@@ -2094,6 +2094,7 @@ void tdx_get_exit_info(struct kvm_vcpu *vcpu, u32 *reason,
> > bool tdx_has_emulated_msr(u32 index)
> > {
> > 	switch (index) {
> >+	case MSR_IA32_PLATFORM_ID:
> > 	case MSR_IA32_UCODE_REV:
> > 	case MSR_IA32_ARCH_CAPABILITIES:
> > 	case MSR_IA32_POWER_CTL:
> 
> This patch looks good to me. But the rule for which MSRs should be emulated
> by KVM for TDX is not very clear to me.

I would strongly prefer to not take this patch, and instead fix the guest.  This
isn't some latent/pre-existing guest behavior, it's brand new functionality.
I.e. Linux-as-a-TDX-guest broke itself.

More importantly from a guest security perspective, consuming MSR_IA32_PLATFORM_ID
is actively dangerous.  E.g. it could allow the untrusted host to steer the guest's
behavior with respect to feature detection and enablement.

And once KVM allows reads from MSR_IA32_PLATFORM_ID, there's no going back.  E.g.
if the TDX-Module wants to emulate MSR_IA32_PLATFORM_ID, because there's an actual
*need* to do so, then we're going to have a (minor) mess with KVM's ABI.

> Maybe we can document the rule here, if there is one. That would make it
> much easier to tell whether future issues like this are guest regressions
> or missing KVM handling.