From: Sean Christopherson <seanjc@google.com>
To: Michael Roth <michael.roth@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
Sagi Shahar <sagis@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Kiryl Shutsemau <kas@kernel.org>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
Thomas Gleixner <tglx@kernel.org>,
Borislav Petkov <bp@alien8.de>, "H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev,
Vishal Annapurve <vannapurve@google.com>
Subject: Re: [PATCH v3 1/2] KVM: TDX: Allow userspace to return errors to guest for MAPGPA
Date: Tue, 17 Feb 2026 19:20:24 +0000 [thread overview]
Message-ID: <aZS_ePUyLcTyZ4Am@google.com> (raw)
In-Reply-To: <20260217191635.swit2awsmwrj57th@amd.com>
On Tue, Feb 17, 2026, Michael Roth wrote:
> On Tue, Feb 17, 2026 at 12:45:52PM -0600, Tom Lendacky wrote:
> > On 2/17/26 12:05, Michael Roth wrote:
> > >> diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
> > >> index 2d7a4d52ccfb..056a44b9d78b 100644
> > >> --- a/arch/x86/kvm/vmx/tdx.c
> > >> +++ b/arch/x86/kvm/vmx/tdx.c
> > >> @@ -1186,10 +1186,21 @@ static void __tdx_map_gpa(struct vcpu_tdx *tdx);
> > >>
> > >> static int tdx_complete_vmcall_map_gpa(struct kvm_vcpu *vcpu)
> > >> {
> > >> + u64 hypercall_ret = READ_ONCE(vcpu->run->hypercall.ret);
> > >> struct vcpu_tdx *tdx = to_tdx(vcpu);
> > >>
> > >> - if (vcpu->run->hypercall.ret) {
> > >> - tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_INVALID_OPERAND);
> > >> + if (hypercall_ret) {
> > >> + if (hypercall_ret == EAGAIN) {
> > >> + tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_RETRY);
> > >> + } else if (vcpu->run->hypercall.ret == EINVAL) {
> > >> + tdvmcall_set_return_code(
> > >> + vcpu, TDVMCALL_STATUS_INVALID_OPERAND);
> > >> + } else {
> > >> + WARN_ON_ONCE(
> > >> + kvm_is_valid_map_gpa_range_ret(hypercall_ret));
> > >> + return -EINVAL;
> > >> + }
> > >> +
> > >> tdx->vp_enter_args.r11 = tdx->map_gpa_next;
> > >> return 1;
> > >> }
> > >
> > > Maybe slightly more readable?
> > >
> > > switch (hypercall_ret) {
> > > case EAGAIN:
> > > tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_RETRY);
> > > /* fallthrough */
> >
> > I think you want a break here, not a fallthrough, so that you don't set
> > the return code twice with the last one not being correct for EAGAIN.
>
> Doh, thanks for the catch. I guess a break for the EINVAL case as well would
> be more consistent then.
>
> switch (hypercall_ret) {
> case EAGAIN:
> tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_RETRY);
> break;
> case EINVAL:
> tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_INVALID_OPERAND);
> break;
> case 0:
> break;
> case default:
> WARN_ON_ONCE(kvm_is_valid_map_gpa_range_ret(hypercall_ret));
> return -EINVAL;
> }
>
> tdx->vp_enter_args.r11 = tdx->map_gpa_next;
> return 1;
Heh, except then KVM will fail to handle the next chunk on success. I like the
idea of a switch statement, so what if we add that and dedup the error handling?
static int tdx_complete_vmcall_map_gpa(struct kvm_vcpu *vcpu)
{
u64 hypercall_ret = READ_ONCE(vcpu->run->hypercall.ret);
struct vcpu_tdx *tdx = to_tdx(vcpu);
long rc;
switch (hypercall_ret) {
case 0:
break;
case EAGAIN:
rc = TDVMCALL_STATUS_RETRY;
goto propagate_error;
case EINVAL:
rc = TDVMCALL_STATUS_INVALID_OPERAND;
goto propagate_error;
default:
WARN_ON_ONCE(kvm_is_valid_map_gpa_range_ret(hypercall_ret));
return -EINVAL;
}
tdx->map_gpa_next += TDX_MAP_GPA_MAX_LEN;
if (tdx->map_gpa_next >= tdx->map_gpa_end)
return 1;
/*
* Stop processing the remaining part if there is a pending interrupt,
* which could be qualified to deliver. Skip checking pending RVI for
* TDVMCALL_MAP_GPA, see comments in tdx_protected_apic_has_interrupt().
*/
if (kvm_vcpu_has_events(vcpu)) {
rc = TDVMCALL_STATUS_RETRY;
goto propagate_error;
}
__tdx_map_gpa(tdx);
return 0;
propagate_error:
tdvmcall_set_return_code(vcpu, rc);
tdx->vp_enter_args.r11 = tdx->map_gpa_next;
return 1;
}
next prev parent reply other threads:[~2026-02-17 19:20 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-06 22:28 [PATCH v3 0/2] Extend KVM_HC_MAP_GPA_RANGE api to allow retry Sagi Shahar
2026-02-06 22:28 ` [PATCH v3 1/2] KVM: TDX: Allow userspace to return errors to guest for MAPGPA Sagi Shahar
2026-02-17 18:05 ` Michael Roth
2026-02-17 18:45 ` Tom Lendacky
2026-02-17 19:16 ` Michael Roth
2026-02-17 19:20 ` Sean Christopherson [this message]
2026-03-05 22:27 ` Sagi Shahar
2026-02-06 22:28 ` [PATCH v3 2/2] KVM: SEV: Restrict userspace return codes for KVM_HC_MAP_GPA_RANGE Sagi Shahar
2026-02-17 18:19 ` Michael Roth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aZS_ePUyLcTyZ4Am@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kas@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=sagis@google.com \
--cc=tglx@kernel.org \
--cc=thomas.lendacky@amd.com \
--cc=vannapurve@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.