Re: [PATCH 1/2] KVM: TDX: Allow TDs to read MSR_IA32_PLATFORM_ID

[Binbin Wu]

On 4/29/2026 2:49 AM, Dave Hansen wrote:
> On 4/27/26 19:47, Binbin Wu wrote:
>> Linux kernel reads MSR_IA32_PLATFORM_ID during init since commit
>> d8630b67ca1e ("x86/cpu: Add platform ID to CPU info structure").  KVM
>> already supports this MSR on read for normal VMs by returning 0.
>> Without support for this MSR, TDs get unchecked MSR access errors.
> 
> NAK from me on this.

Based on the discussions, I will drop this patch.

> 
> The platform ID is used for one thing and one thing only: microcode
> updates. Those updates are solely the domain of the bare-metal OS.
> 
> The (guest) kernel code that's even trying to touch this MSR is buggy
> and insane. We need to turn that code it off when
> X86_FEATURE_HYPERVISOR==1. There's already a patch floating around to do
> that.

I guess it's the second patch in this patch set.

The second patch checks hypervisor bit via native_cpuid_ecx(1) instead of
boot_cpu_has(X86_FEATURE_HYPERVISOR) since intel_get_platform_id() could be
called in ucode load path even in virtualized environment when
CONFIG_MICROCODE_DBG is set.

But using native_cpuid_ecx(1) will have an issue for XEN PV guest.
intel_get_platform_id() can be called by XEN PV guest and the
native_cpuid_ecx(1) doesn't have the hypervisor bit for XEN PV guest.

There could be two options:
- Use cpuid_ecx(1) in intel_get_platform_id() and drop the helper.
- Use boot_cpu_has(X86_FEATURE_HYPERVISOR) directly since CONFIG_MICROCODE_DBG
  is just a debug config option. Maybe add some comments to avoid confusion
  due to the pre-existing comments for intel_cpuid_vfm().


> 
> Please don't add more smoke and mirrors.
>