From: Sathyanarayanan Kuppuswamy <sathyanarayanan.kuppuswamy@linux.intel.com>
To: Dave Hansen <dave.hansen@intel.com>,
"Kirill A . Shutemov" <kas@kernel.org>
Cc: Rick Edgecombe <rick.p.edgecombe@intel.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Dan Williams <dan.j.williams@intel.com>,
x86@kernel.org, linux-kernel@vger.kernel.org,
linux-coco@lists.linux.dev
Subject: Re: [PATCH v5] virt: tdx-guest: Handle GetQuote request error code
Date: Wed, 3 Dec 2025 10:04:56 -0800 [thread overview]
Message-ID: <48b4ec49-76f2-4b82-8551-02dd876d1da0@linux.intel.com> (raw)
In-Reply-To: <56c01575-c0e3-43f3-a6c6-bf62fcbe4f5d@intel.com>
Hi Dave,
On 12/2/25 4:03 PM, Dave Hansen wrote:
> On 12/2/25 16:00, Kuppuswamy Sathyanarayanan wrote:
>> The reason the kernel must parse the status field is that the failure
>> code is only available in the header portion of the shared GPA buffer
>> populated by the VMM. Userspace currently does not have access to this
>> header since we only expose the Quote payload itself. Because userspace
>> cannot directly interpret the VMM status codes, the kernel needs to parse
>> them and return appropriate generic error codes.
> That's kinda the key to this.
Agreed. I have reworked the commit message to make this the primary
motivation.
>
> Users are poking at sysfs and expect (near) universal explicit errors.
> Are they even doing this from shell scripts most of the time?
Yes, many users validate the GetQuote flow using simple shell scripts or other
minimal tooling. Since there is no common userspace library for this interface,
each vendor or user typically has their own implementation.
>
> Also, please don't just keep tacking gunk onto the changelog. Start
> cutting out the cruft, please.
Got it. How about the following version?
virt: tdx-guest: Return explicit errors for GetQuote failures
TD users often retrieve the Quote through simple libraries or shell
scripts over the configfs interface. In such cases, direct error
returns from the kernel for Quote failures are preferred and simplify
failure detection. Prior to this patch, certain VMM reported GetQuote
failures, such as Quote service unavailability or VMM processing
errors, were silently reported as success with a zero length Quote
buffer. This behavior is ambiguous and makes failure detection
complex.
The VMM reports these failures through the status Code in the header
portion of the shared GPA buffer (refer to GHCI specification v1.5
March 2023, sec titled TDG.VP.VMCALL<GetQuote>, Table 3-10 and Table
3-11 for GPA format and status code details). Userspace does not have
access to this header because only the Quote payload is exposed
through configfs. Therefore, the kernel must parse the status and
translate VMM failures into proper error codes.
Update the TDX guest driver to return explicit kernel errors for all
VMM reported GetQuote failure cases. This preserves existing ABI
behavior because userspace already treats a zero length Quote as a
failure indication. The only change is that such failures now return
explicit error codes instead of silently succeeding.
>
--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer
next prev parent reply other threads:[~2025-12-03 18:04 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-02 22:22 [PATCH v5] virt: tdx-guest: Handle GetQuote request error code Kuppuswamy Sathyanarayanan
2025-12-02 22:46 ` Dave Hansen
2025-12-03 0:00 ` Kuppuswamy Sathyanarayanan
2025-12-03 0:03 ` Dave Hansen
2025-12-03 18:04 ` Sathyanarayanan Kuppuswamy [this message]
2025-12-03 18:16 ` Dave Hansen
2025-12-05 0:20 ` Sathyanarayanan Kuppuswamy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48b4ec49-76f2-4b82-8551-02dd876d1da0@linux.intel.com \
--to=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=kas@kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=rick.p.edgecombe@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox