On Mon, Mar 29, 2021, Andy Lutomirski wrote: > > > On Mar 29, 2021, at 7:04 PM, Andi Kleen <a...@linux.intel.com> wrote: > > > > > >> > >>> No, if these instructions take a #VE then they were executed at CPL=0. > >>> MONITOR > >>> and MWAIT will #UD without VM-Exit->#VE. Same for WBINVD, s/#UD/#GP. > >> > >> Dare I ask about XSETBV? > > > > XGETBV does not cause a #VE, it just works normally. The guest has full > > AVX capabilities. > > > > X *SET* BV
Heh, XSETBV also works normally, relative to the features enumerated in CPUID. XSAVES/XRSTORS support is fixed to '1' in the virtual CPU model. A subset of the features managed by XSAVE can be hidden by the VMM, but attempting to enable unsupported features will #GP (either from hardware or injected by TDX Module), not #VE.
