Re: [PATCH] arch/x86: Set XSS while handling #VC intercept for CPUID

From: Dave Hansen
Date: Tue Oct 03 2023 - 12:07:17 EST


On 10/3/23 02:28, Jinank Jain wrote:
...
> diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c
> index 2eabccde94fb..92350a24848c 100644
> --- a/arch/x86/kernel/sev-shared.c
> +++ b/arch/x86/kernel/sev-shared.c
> @@ -880,6 +880,9 @@ static enum es_result vc_handle_cpuid(struct ghcb *ghcb,
> if (snp_cpuid_ret != -EOPNOTSUPP)
> return ES_VMM_ERROR;
>
> + if (regs->ax == 0xD && regs->cx == 0x1)
> + ghcb_set_xss(ghcb, 0);

The spec talks about leaf 0xD, but not the subleaf:

> XSS is only required to besupplied when a request forCPUID 0000_000D
> is made andthe guest supports the XSS MSR(0x0000_0DA0).
Why restrict this to subleaf (regx->cx) 1?

Second, XCR0 is being supplied regardless of the CPUID leaf. Why should
XSS be restricted to 0xD while XCR0 is universally supplied?

Third, why is it OK to supply a garbage (0) value? If the GHCB field is
required it's surely because the host *NEEDS* the value to do something.
Won't a garbage value potentially confuse the host?