On 8/12/2025 4:13 AM, Sean Christopherson wrote:
[...]
+void __tdx_mask_cpuid_features(struct kvm_cpuid_entry2 *entry)
+{
+ /*
+ * Only entries with sub-leaf zero need to be masked, but some of these
+ * leaves have other sub-leaves defined. Bail on any non-zero sub-leaf,
+ * so they don't get unintentionally modified.
+ */
+ if (entry->index)
+ return;
+
+ switch (entry->function) {
+ case 0x1:
+ entry->ecx &= ~(CPUID_EXT_VMX | CPUID_EXT_SMX);
+ entry->edx &= ~CPUID_PSE36;
vcpu_clear_cpuid_feature()
+ break;
+ case 0x7:
+ entry->ebx &= ~(CPUID_7_0_EBX_TSC_ADJUST | CPUID_7_0_EBX_SGX);
+ entry->ebx &= ~CPUID_7_0_EBX_INTEL_PT;
+ entry->ecx &= ~CPUID_7_0_ECX_SGX_LC;
+ break;
+ case 0x40000001:
+ entry->eax &= TDX_SUPPORTED_KVM_FEATURES;
+ break;
+ case 0x80000007:
+ entry->edx |= CPUID_APM_INVTSC;
Quite obviously isn't "masking" anything".
Beside that, I guess this is handling fixed1 bit. But why only this bit is
treated specially?
