On 10/29/2025 5:20 AM, Sagi Shahar wrote:
KVM_TDX_INIT_VM needs to be called after KVM_CREATE_VM and before creating any VCPUs, thus before KVM_SET_CPUID2. KVM_TDX_INIT_VM accepts the CPUID values directly.
This sentence seems not accurate. KVM_TDX_INIT_VM, i.e. the seamcall TDH.MNG.INIT, allows only directly configurable CPUID bits to be 1.
Since KVM_GET_CPUID2 can't be used at this point,
I don't think this is relevant. As mentioned above, only directly configurable CPUID bits can be 1, so the CPUIDs input for KVM_TDX_INIT_VM should be filtered against the supported directly configurable CPUID bits.
calculate the CPUID values manually by using kvm_get_supported_cpuid() and filter the returned CPUIDs against the supported CPUID values read from the TDX
supported CPUID -> supported configurable CPUID
module.
[...]
