Some CPUID features may be provided by KVM for some guests, independent of processor support, for example TSC deadline or TSC adjust. They are not going to be present in named models unless the vendor implements them in hardware, but they will be present in "-cpu host".
If these bits are not supported by the confidential computing firmware, however, the guest will fail to start, and indeed this is a problem when you run SNP guests with "-cpu host". This series fixes the issue. However, I am marking this as RFC because it's not future proof. If in the future AMD processors do provide any of these bits, this is going to break (tsc_deadline and tsc_adjust are the most likely one). Including the bits if they are present in host CPUID is not super safe either, since the firmware might not be updated to follow suit. Michael, any ideas? Is there a way for the host to retrieve the supported CPUID bits for SEV-SNP guests? One possibility is to set up a fake guest---either in QEMU or when KVM starts---to do a LAUNCH_UPDATE for the CPUID page, but even that is not perfect. For example, I got > function 0x7, index: 0x0 provided: edx: 0xbc000010, expected: edx: 0x00000000 even though the FSRM bit (0x10) is supported. That might be just a firmware bug however. Paolo Based-on: <20240627140628.1025317-1-pbonz...@redhat.com> Paolo Bonzini (4): target/i386: add support for masking CPUID features in confidential guests target/i386/SEV: implement mask_cpuid_features target/i386/confidential-guest.h | 24 ++++++++++++++++++++++++ target/i386/cpu.c | 9 +++++++++ target/i386/cpu.h | 4 ++++ target/i386/kvm/kvm.c | 5 +++++ target/i386/sev.c | 33 +++++++++++++++++++++++++++++++++ 5 files changed, 75 insertions(+) -- 2.45.2