From: Binbin Wu <binbin.wu@linux.intel.com>
To: pbonzini@redhat.com, seanjc@google.com, kvm@vger.kernel.org
Cc: rick.p.edgecombe@intel.com, kai.huang@intel.com,
adrian.hunter@intel.com, reinette.chatre@intel.com,
xiaoyao.li@intel.com, tony.lindgren@intel.com,
isaku.yamahata@intel.com, yan.y.zhao@intel.com,
mikko.ylinen@linux.intel.com, linux-kernel@vger.kernel.org,
kirill.shutemov@intel.com, jiewen.yao@intel.com,
binbin.wu@linux.intel.com
Subject: [RFC PATCH 3/4] KVM: TDX: Exit to userspace for GetTdVmCallInfo
Date: Tue, 10 Jun 2025 10:14:21 +0800 [thread overview]
Message-ID: <20250610021422.1214715-4-binbin.wu@linux.intel.com> (raw)
In-Reply-To: <20250610021422.1214715-1-binbin.wu@linux.intel.com>
Exit to userspace for TDG.VP.VMCALL<GetTdVmCallInfo> via a new KVM exit
reason to allow userspace to provide information about the support of
TDVMCALLs when r12 is 1 for the TDVMCALLs beyond the GHCI base API.
GHCI spec defines the GHCI base TDVMCALLs: <GetTdVmCallInfo>, <MapGPA>,
<ReportFatalError>, <Instruction.CPUID>, <#VE.RequestMMIO>,
<Instruction.HLT>, <Instruction.IO>, <Instruction.RDMSR> and
<Instruction.WRMSR>. They must be supported by VMM to support TDX guests.
For GetTdVmCallInfo
- When leaf (r12) to enumerate TDVMCALL functionality is set to 0,
successful execution indicates all GHCI base TDVMCALLs listed above are
supported.
Update the KVM TDX document with the set of the GHCI base APIs.
- When leaf (r12) to enumerate TDVMCALL functionality is set to 1, it
indicates the TDX guest is querying the supported TDVMCALLs beyond
the GHCI base TDVMCALLs.
Exit to userspace to let userspace set the TDVMCALL sub-function bit(s)
accordingly to the leaf outputs. KVM could set the TDVMCALL bit(s)
supported by itself when the TDVMCALLs don't need support from userspace
after returning from userspace and before entering guest. Currently, no
such TDVMCALLs implemented, KVM just sets the values returned from
userspace.
A new KVM exit reason KVM_EXIT_TDX_GET_TDVMCALL_INFO and its structure
are added. Userspace is required to handle the exit reason as the initial
support for TDX.
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Binbin Wu <binbin.wu@linux.intel.com>
---
Documentation/virt/kvm/api.rst | 17 +++++++++++
Documentation/virt/kvm/x86/intel-tdx.rst | 9 ++++++
arch/x86/kvm/vmx/tdx.c | 36 +++++++++++++++++++++---
include/uapi/linux/kvm.h | 7 +++++
4 files changed, 65 insertions(+), 4 deletions(-)
diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
index 7c5bb6b5c2c2..4a729841e000 100644
--- a/Documentation/virt/kvm/api.rst
+++ b/Documentation/virt/kvm/api.rst
@@ -7201,6 +7201,23 @@ generated Quote is returned via the same buffer. Userspace is required to handle
the KVM exit reason as the initial support for TDX, however, userspace is
allowed to set 'ret' filed to TDVMCALL_STATUS_SUBFUNC_UNSUPPORTED.
+::
+
+ /* KVM_EXIT_TDX_GET_TDVMCALL_INFO */
+ struct tdx_get_tdvmcall_info {
+ __u64 ret;
+ __u64 leaf;
+ __u64 leaf_output[4];
+ };
+
+If the exit reason is KVM_EXIT_TDX_GET_TDVMCALL_INFO, then it indicates that a
+TDX guest has requested to get the supporting status of TDVMCALLs. Currently,
+KVM only exits to userspace when the leaf value is 1, i.e, the TDX guest is
+querying the supporting status of TDVMCALLs beyond the GHCI base TDVMCALLs.
+Userspace is expected to set leaf outputs according to the layout defined in
+the GHCI spec if they are supported by userspace. Userspace is required to
+handle the exit reason as the initial support for TDX.
+
::
/* Fix the size of the union. */
diff --git a/Documentation/virt/kvm/x86/intel-tdx.rst b/Documentation/virt/kvm/x86/intel-tdx.rst
index 76bdd95334d6..69c64453e9ca 100644
--- a/Documentation/virt/kvm/x86/intel-tdx.rst
+++ b/Documentation/virt/kvm/x86/intel-tdx.rst
@@ -249,6 +249,15 @@ control flow is as follows:
#. Run VCPU
+The GHCI base TDVMCALLs
+=======================
+The GHCI base TDVMCALLs are: <GetTdVmCallInfo>, <MapGPA>, <ReportFatalError>,
+<Instruction.CPUID>, <#VE.RequestMMIO>, <Instruction.HLT>, <Instruction.IO>,
+<Instruction.RDMSR> and <Instruction.WRMSR>. These base TDVMCALLs are mandatory
+for VMMs to support TDX guests.
+For the TDVMCALLs beyond the GHCI base TDVMCALLs, TDX guests can query the
+support status via GetTdVmCallInfo with leaf set to 1.
+
References
==========
diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index 35428c6b5a67..a3cd68f44a9c 100644
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -1449,18 +1449,46 @@ static int tdx_emulate_mmio(struct kvm_vcpu *vcpu)
return 1;
}
+static int tdx_complete_get_tdcall_info(struct kvm_vcpu *vcpu)
+{
+ struct vcpu_tdx *tdx = to_tdx(vcpu);
+
+ tdvmcall_set_return_code(vcpu, vcpu->run->tdx_get_tdvmcall_info.ret);
+
+ /*
+ * For now, there is no TDVMCALL beyond GHCI base API supported by KVM
+ * directly without the support from userspace, just set the value
+ * returned from userspace.
+ */
+ tdx->vp_enter_args.r11 = vcpu->run->tdx_get_tdvmcall_info.leaf_output[0];
+ tdx->vp_enter_args.r12 = vcpu->run->tdx_get_tdvmcall_info.leaf_output[1];
+ tdx->vp_enter_args.r13 = vcpu->run->tdx_get_tdvmcall_info.leaf_output[2];
+ tdx->vp_enter_args.r14 = vcpu->run->tdx_get_tdvmcall_info.leaf_output[3];
+
+ return 1;
+}
+
static int tdx_get_td_vm_call_info(struct kvm_vcpu *vcpu)
{
struct vcpu_tdx *tdx = to_tdx(vcpu);
- if (tdx->vp_enter_args.r12)
- tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_INVALID_OPERAND);
- else {
+ switch (tdx->vp_enter_args.r12) {
+ case 0:
tdx->vp_enter_args.r11 = 0;
tdx->vp_enter_args.r13 = 0;
tdx->vp_enter_args.r14 = 0;
+ return 1;
+ case 1:
+ vcpu->run->tdx_get_tdvmcall_info.leaf = 1;
+ vcpu->run->exit_reason = KVM_EXIT_TDX_GET_TDVMCALL_INFO;
+ vcpu->arch.complete_userspace_io = tdx_complete_get_tdcall_info;
+ memset(vcpu->run->tdx_get_tdvmcall_info.leaf_output, 0,
+ sizeof(vcpu->run->tdx_get_tdvmcall_info.leaf_output));
+ return 0;
+ default:
+ tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_INVALID_OPERAND);
+ return 1;
}
- return 1;
}
static int tdx_complete_get_quote(struct kvm_vcpu *vcpu)
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index e63e4df468b5..0729b37ac911 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -179,6 +179,7 @@ struct kvm_xen_exit {
#define KVM_EXIT_LOONGARCH_IOCSR 38
#define KVM_EXIT_MEMORY_FAULT 39
#define KVM_EXIT_TDX_GET_QUOTE 40
+#define KVM_EXIT_TDX_GET_TDVMCALL_INFO 41
/* For KVM_EXIT_INTERNAL_ERROR */
/* Emulate instruction failed. */
@@ -454,6 +455,12 @@ struct kvm_run {
__u64 gpa;
__u64 size;
} tdx_get_quote;
+ /* KVM_EXIT_TDX_GET_TDVMCALL_INFO */
+ struct {
+ __u64 ret;
+ __u64 leaf;
+ __u64 leaf_output[4];
+ } tdx_get_tdvmcall_info;
/* Fix the size of the union. */
char padding[256];
};
--
2.46.0
next prev parent reply other threads:[~2025-06-10 2:13 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-10 2:14 [RFC PATCH 0/4] TDX attestation support and GHCI fixup Binbin Wu
2025-06-10 2:14 ` [RFC PATCH 1/4] KVM: TDX: Add new TDVMCALL status code for unsupported subfuncs Binbin Wu
2025-06-10 2:14 ` [RFC PATCH 2/4] KVM: TDX: Handle TDG.VP.VMCALL<GetQuote> Binbin Wu
2025-06-10 2:14 ` Binbin Wu [this message]
2025-06-10 9:16 ` [RFC PATCH 3/4] KVM: TDX: Exit to userspace for GetTdVmCallInfo Xiaoyao Li
2025-06-10 16:50 ` Edgecombe, Rick P
2025-06-10 16:54 ` Edgecombe, Rick P
2025-06-11 2:04 ` Binbin Wu
2025-06-11 2:37 ` Xiaoyao Li
2025-06-11 14:17 ` Edgecombe, Rick P
2025-06-11 14:34 ` Xiaoyao Li
2025-06-11 14:41 ` Edgecombe, Rick P
2025-06-11 1:37 ` Binbin Wu
2025-06-11 2:17 ` Xiaoyao Li
2025-06-11 14:54 ` Sean Christopherson
2025-06-11 14:58 ` Edgecombe, Rick P
2025-06-11 16:26 ` Sean Christopherson
2025-06-11 16:53 ` Edgecombe, Rick P
2025-06-11 18:13 ` Sean Christopherson
2025-06-11 18:52 ` Edgecombe, Rick P
2025-06-12 8:27 ` Huang, Kai
2025-06-12 15:26 ` Edgecombe, Rick P
2025-06-20 18:27 ` Edgecombe, Rick P
2025-06-10 2:14 ` [RFC PATCH 4/4] KVM: TDX: Check KVM exit on KVM_HC_MAP_GPA_RANGE when TD finalize Binbin Wu
2025-06-10 17:01 ` Edgecombe, Rick P
2025-06-10 19:58 ` Sean Christopherson
2025-06-11 1:22 ` Binbin Wu
2025-06-11 13:36 ` Sean Christopherson
2025-06-11 14:01 ` Xiaoyao Li
2025-06-11 14:04 ` Edgecombe, Rick P
2025-06-11 14:26 ` Xiaoyao Li
2025-06-11 16:00 ` Binbin Wu
2025-06-11 15:33 ` Binbin Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250610021422.1214715-4-binbin.wu@linux.intel.com \
--to=binbin.wu@linux.intel.com \
--cc=adrian.hunter@intel.com \
--cc=isaku.yamahata@intel.com \
--cc=jiewen.yao@intel.com \
--cc=kai.huang@intel.com \
--cc=kirill.shutemov@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mikko.ylinen@linux.intel.com \
--cc=pbonzini@redhat.com \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=tony.lindgren@intel.com \
--cc=xiaoyao.li@intel.com \
--cc=yan.y.zhao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.