@@ -8165,9 +8165,11 @@ KVM_X86_QUIRK_STUFF_FEATURE_MSRS By default, at vCPU creation, KVM sets the
be set by userspace (KVM sets them based on
guest CPUID, for safety purposes).
-KVM_X86_QUIRK_EPT_IGNORE_GUEST_PAT By default, on Intel platforms, KVM ignores
- guest PAT and forces the effective memory
- type to WB in EPT. The quirk has no effect
+KVM_X86_QUIRK_EPT_IGNORE_GUEST_PAT By default, on Intel platforms except TDX,
+ KVM ignores guest PAT and forces the
+ effective memory type to WB in EPT. The
+ quirk only affects the memory type of
+ KVM-managed EPTs. The quirk has no effect
when KVM runs on Intel platforms which are
incapable of safely honoring guest PAT
(i.e., without CPU feature self-snoop, KVM
@@ -8184,14 +8186,14 @@ KVM_X86_QUIRK_EPT_IGNORE_GUEST_PAT By default, on Intel platforms, KVM ignores
map the video RAM, causing wayland desktop
to fail to start correctly). To prevent
breaking older guest software, KVM enables
- the quirk by default on Intel platforms.
- Userspace can disable the quirk to honor
- guest PAT when there is no older
+ the quirk by default on Intel platforms
+ except TDX. Userspace can disable the quirk
+ to honor guest PAT when there is no older
unmodifiable guest software that relies on
KVM to force memory type to WB. Note, the
- quirk is not visible on AMD's platforms,
- i.e., KVM always honors guest PAT when
- running on AMD.
+ quirk is not visible on Intel TDX or AMD's
+ platforms, i.e., KVM always honors guest PAT
+ when running on Intel TDX or AMD.
=================================== ============================================
7.32 KVM_CAP_MAX_VCPU_ID
@@ -1092,6 +1092,7 @@ static int __init vt_init(void)
vcpu_align = max_t(unsigned, vcpu_align,
__alignof__(struct vcpu_tdx));
kvm_caps.supported_vm_types |= BIT(KVM_X86_TDX_VM);
+ kvm_caps.supported_quirks &= ~KVM_X86_QUIRK_EPT_IGNORE_GUEST_PAT;
}
/*
@@ -3483,6 +3483,11 @@ int __init tdx_bringup(void)
goto success_disable_tdx;
}
+ if (!cpu_feature_enabled(X86_FEATURE_SELFSNOOP)) {
+ pr_err("Self-snoop is reqiured for TDX\n");
+ goto success_disable_tdx;
+ }
+
if (!kvm_can_support_tdx()) {
pr_err("tdx: no TDX private KeyIDs available\n");
goto success_disable_tdx;
Always honor guest PAT in KVM-managed EPTs on TDX enabled platforms by making self-snoop feature a hard dependency for TDX and making quirk KVM_X86_QUIRK_EPT_IGNORE_GUEST_PAT not a valid quirk once TDX is enabled. The quirk KVM_X86_QUIRK_EPT_IGNORE_GUEST_PAT only affects memory type of KVM-managed EPTs. For the TDX-module-managed private EPT, memory type is always forced to WB now. Honoring guest PAT in KVM-managed EPTs ensures KVM does not invoke kvm_zap_gfn_range() when attaching/detaching non-coherent DMA devices, which would cause mirrored EPTs for TDs to be zapped, leading to the TDX-module-managed private EPT being incorrectly zapped. As a new platform, TDX is always with self-snoop feature supported and has no worry to break old not-well-written yet unmodifiable guests. So, simply make the quirk KVM_X86_QUIRK_EPT_IGNORE_GUEST_PAT invalid on TDX enabled platforms. Suggested-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Yan Zhao <yan.y.zhao@intel.com> --- Documentation/virt/kvm/api.rst | 20 +++++++++++--------- arch/x86/kvm/vmx/main.c | 1 + arch/x86/kvm/vmx/tdx.c | 5 +++++ 3 files changed, 17 insertions(+), 9 deletions(-)