TDX: Fix a VTL 1-only typo, but move logic to only affect VTL 0 (#1859)

smalis-msft · web-flow · commit 935b978fcafe · 2025-08-18T13:47:44.000-04:00
Masanamuthu spotted this copy/paste typo in vm/x86/x86defs/src/tdx.rs,
fix that up. However I think in the only place we set any TDX controls
today we actually only want those controls to apply to VTL 0, so move
that logic out of the for loop. This makes this PR a functional no-op,
but it fixes the typo for when the day comes that we do want to set a
control on VTL 1.
diff --git a/openhcl/virt_mshv_vtl/src/processor/tdx/mod.rs b/openhcl/virt_mshv_vtl/src/processor/tdx/mod.rs
@@ -856,20 +856,18 @@ impl BackingPrivate for TdxBacked {
                 .into(),
         );
 
-        for vtl in [GuestVtl::Vtl0, GuestVtl::Vtl1] {
-            let controls = TdxL2Ctls::new()
-                // Configure L2 controls to permit shared memory.
-                .with_enable_shared_ept(!shared.cvm.hide_isolation)
-                // If the synic is to be managed by the hypervisor, then enable TDVMCALLs.
-                .with_enable_tdvmcall(
-                    shared.untrusted_synic.is_none() && !shared.cvm.hide_isolation,
-                );
+        let controls = TdxL2Ctls::new()
+            // Configure L2 controls to permit shared memory.
+            .with_enable_shared_ept(!shared.cvm.hide_isolation)
+            // If the synic is to be managed by the hypervisor, then enable TDVMCALLs.
+            .with_enable_tdvmcall(shared.untrusted_synic.is_none() && !shared.cvm.hide_isolation);
 
-            params
-                .runner
-                .set_l2_ctls(vtl, controls)
-                .map_err(crate::Error::FailedToSetL2Ctls)?;
+        params
+            .runner
+            .set_l2_ctls(GuestVtl::Vtl0, controls)
+            .map_err(crate::Error::FailedToSetL2Ctls)?;
 
+        for vtl in [GuestVtl::Vtl0, GuestVtl::Vtl1] {
             // Set guest/host masks for CR0 and CR4. These enable shadowing these
             // registers since TDX requires certain bits to be set at all times.
             let initial_cr0 = params
diff --git a/vm/x86/x86defs/src/tdx.rs b/vm/x86/x86defs/src/tdx.rs
@@ -478,7 +478,7 @@ impl TdxContextCode {
 pub const TDX_FIELD_CODE_L2_CTLS_VM1: TdxExtendedFieldCode =
     TdxExtendedFieldCode(0xA020000300000051);
 pub const TDX_FIELD_CODE_L2_CTLS_VM2: TdxExtendedFieldCode =
-    TdxExtendedFieldCode(0xA020000300000051);
+    TdxExtendedFieldCode(0xA020000300000052);
 
 /// Extended field code for TDG.VP.WR and TDG.VP.RD
 #[bitfield(u64)]
