From: Sean Christopherson <seanjc@google.com>
To: Michael Roth <michael.roth@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
Sagi Shahar <sagis@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Kiryl Shutsemau <kas@kernel.org>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
Thomas Gleixner <tglx@kernel.org>,
Borislav Petkov <bp@alien8.de>, "H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev,
Vishal Annapurve <vannapurve@google.com>
Subject: Re: [PATCH v3 1/2] KVM: TDX: Allow userspace to return errors to guest for MAPGPA
Date: Tue, 17 Feb 2026 19:20:24 +0000 [thread overview]
Message-ID: <aZS_ePUyLcTyZ4Am@google.com> (raw)
In-Reply-To: <20260217191635.swit2awsmwrj57th@amd.com>
On Tue, Feb 17, 2026, Michael Roth wrote:
> On Tue, Feb 17, 2026 at 12:45:52PM -0600, Tom Lendacky wrote:
> > On 2/17/26 12:05, Michael Roth wrote:
> > >> diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
> > >> index 2d7a4d52ccfb..056a44b9d78b 100644
> > >> --- a/arch/x86/kvm/vmx/tdx.c
> > >> +++ b/arch/x86/kvm/vmx/tdx.c
> > >> @@ -1186,10 +1186,21 @@ static void __tdx_map_gpa(struct vcpu_tdx *tdx);
> > >>
> > >> static int tdx_complete_vmcall_map_gpa(struct kvm_vcpu *vcpu)
> > >> {
> > >> + u64 hypercall_ret = READ_ONCE(vcpu->run->hypercall.ret);
> > >> struct vcpu_tdx *tdx = to_tdx(vcpu);
> > >>
> > >> - if (vcpu->run->hypercall.ret) {
> > >> - tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_INVALID_OPERAND);
> > >> + if (hypercall_ret) {
> > >> + if (hypercall_ret == EAGAIN) {
> > >> + tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_RETRY);
> > >> + } else if (vcpu->run->hypercall.ret == EINVAL) {
> > >> + tdvmcall_set_return_code(
> > >> + vcpu, TDVMCALL_STATUS_INVALID_OPERAND);
> > >> + } else {
> > >> + WARN_ON_ONCE(
> > >> + kvm_is_valid_map_gpa_range_ret(hypercall_ret));
> > >> + return -EINVAL;
> > >> + }
> > >> +
> > >> tdx->vp_enter_args.r11 = tdx->map_gpa_next;
> > >> return 1;
> > >> }
> > >
> > > Maybe slightly more readable?
> > >
> > > switch (hypercall_ret) {
> > > case EAGAIN:
> > > tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_RETRY);
> > > /* fallthrough */
> >
> > I think you want a break here, not a fallthrough, so that you don't set
> > the return code twice with the last one not being correct for EAGAIN.
>
> Doh, thanks for the catch. I guess a break for the EINVAL case as well would
> be more consistent then.
>
> switch (hypercall_ret) {
> case EAGAIN:
> tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_RETRY);
> break;
> case EINVAL:
> tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_INVALID_OPERAND);
> break;
> case 0:
> break;
> case default:
> WARN_ON_ONCE(kvm_is_valid_map_gpa_range_ret(hypercall_ret));
> return -EINVAL;
> }
>
> tdx->vp_enter_args.r11 = tdx->map_gpa_next;
> return 1;
Heh, except then KVM will fail to handle the next chunk on success. I like the
idea of a switch statement, so what if we add that and dedup the error handling?
static int tdx_complete_vmcall_map_gpa(struct kvm_vcpu *vcpu)
{
u64 hypercall_ret = READ_ONCE(vcpu->run->hypercall.ret);
struct vcpu_tdx *tdx = to_tdx(vcpu);
long rc;
switch (hypercall_ret) {
case 0:
break;
case EAGAIN:
rc = TDVMCALL_STATUS_RETRY;
goto propagate_error;
case EINVAL:
rc = TDVMCALL_STATUS_INVALID_OPERAND;
goto propagate_error;
default:
WARN_ON_ONCE(kvm_is_valid_map_gpa_range_ret(hypercall_ret));
return -EINVAL;
}
tdx->map_gpa_next += TDX_MAP_GPA_MAX_LEN;
if (tdx->map_gpa_next >= tdx->map_gpa_end)
return 1;
/*
* Stop processing the remaining part if there is a pending interrupt,
* which could be qualified to deliver. Skip checking pending RVI for
* TDVMCALL_MAP_GPA, see comments in tdx_protected_apic_has_interrupt().
*/
if (kvm_vcpu_has_events(vcpu)) {
rc = TDVMCALL_STATUS_RETRY;
goto propagate_error;
}
__tdx_map_gpa(tdx);
return 0;
propagate_error:
tdvmcall_set_return_code(vcpu, rc);
tdx->vp_enter_args.r11 = tdx->map_gpa_next;
return 1;
}
next prev parent reply other threads:[~2026-02-17 19:20 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-06 22:28 [PATCH v3 0/2] Extend KVM_HC_MAP_GPA_RANGE api to allow retry Sagi Shahar
2026-02-06 22:28 ` [PATCH v3 1/2] KVM: TDX: Allow userspace to return errors to guest for MAPGPA Sagi Shahar
2026-02-17 18:05 ` Michael Roth
2026-02-17 18:45 ` Tom Lendacky
2026-02-17 19:16 ` Michael Roth
2026-02-17 19:20 ` Sean Christopherson [this message]
2026-03-05 22:27 ` Sagi Shahar
2026-02-06 22:28 ` [PATCH v3 2/2] KVM: SEV: Restrict userspace return codes for KVM_HC_MAP_GPA_RANGE Sagi Shahar
2026-02-17 18:19 ` Michael Roth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aZS_ePUyLcTyZ4Am@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kas@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=sagis@google.com \
--cc=tglx@kernel.org \
--cc=thomas.lendacky@amd.com \
--cc=vannapurve@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox