[REVERTME] x86/tdx: Add CONFIG option for KVM SDV workarounds

Shared memory seems to be broken in the KVM SDV, but since we
don't need it there just don't set the attribute.

Also the SDV injects #VE for MSR reads, which breaks the early
boot that tries to read MISC_ENABLES. Skip that check because
it's not needed.

Also enable debug mode with SDV

arch/x86/Kconfig

@@ -884,6 +884,10 @@ config INTEL_TDX_GUEST
 	  run in a CPU mode that protects the confidentiality of TD memory
 	  contents and the TD’s CPU state from other software, including VMM.
 
+config INTEL_TDX_KVM_SDV
+	bool "Fixes specific to KVM SDV (incompatible to others)"
+	depends on INTEL_TDX_GUEST
+
 config INTEL_TDX_ICL_FIXES
 	bool "Fixes specific for ICL chip"
 	depends on INTEL_TDX_GUEST

arch/x86/kernel/tdx.c

@@ -138,11 +138,18 @@ static inline bool cpuid_has_tdx_guest(void)
 /* The highest bit of a guest physical address is the "sharing" bit */
 phys_addr_t tdx_shared_mask(void)
 {
+#ifdef CONFIG_INTEL_TDX_KVM_SDV
+	return 0;
+#else
 	return 1ULL << (td_info.gpa_width - 1);
+#endif
 }
 
 bool tdx_debug_enabled(void)
 {
+#ifdef CONFIG_INTEL_TDX_KVM_SDV
+	return true;
+#endif
 	return td_info.attributes & BIT(0);
 }
 

arch/x86/kernel/verify_cpu.S

@@ -62,7 +62,13 @@ SYM_FUNC_START_LOCAL(verify_cpu)
 	cmpl	$0x444d4163,%ecx
 	jnz	.Lverify_cpu_noamd
 	mov	$1,%di			# cpu is from AMD
+#ifdef CONFIG_INTEL_TDX_KVM_SDV
+	/* The KVM SDV currently injects a #VE on accessing
+	 * MISC_ENABLE, which we cannot handle here. Just
+	 * skip it, since XD_DISABLE is never set.
+	 */
 	jmp	.Lverify_cpu_check
+#endif
 
 .Lverify_cpu_noamd:
 	cmpl	$0x756e6547,%ebx        # GenuineIntel?
@@ -72,6 +78,8 @@ SYM_FUNC_START_LOCAL(verify_cpu)
 	cmpl	$0x6c65746e,%ecx
 	jnz	.Lverify_cpu_check
 
+	jmp	.Lverify_cpu_check
+
 	# only call IA32_MISC_ENABLE when:
 	# family > 6 || (family == 6 && model >= 0xd)
 	movl	$0x1, %eax		# check CPU family and model