From: Binbin Wu <binbin.wu@linux.intel.com>
To: Xiaoyao Li <xiaoyao.li@intel.com>,
"Edgecombe, Rick P" <rick.p.edgecombe@intel.com>,
"seanjc@google.com" <seanjc@google.com>
Cc: "mikko.ylinen@linux.intel.com" <mikko.ylinen@linux.intel.com>,
"Huang, Kai" <kai.huang@intel.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>,
"Chatre, Reinette" <reinette.chatre@intel.com>,
"Lindgren, Tony" <tony.lindgren@intel.com>,
"Hunter, Adrian" <adrian.hunter@intel.com>,
"Zhao, Yan Y" <yan.y.zhao@intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"Yamahata, Isaku" <isaku.yamahata@intel.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Shutemov, Kirill" <kirill.shutemov@intel.com>
Subject: Re: [RFC PATCH 4/4] KVM: TDX: Check KVM exit on KVM_HC_MAP_GPA_RANGE when TD finalize
Date: Thu, 12 Jun 2025 00:00:18 +0800 [thread overview]
Message-ID: <b4d89b67-0c83-42c7-90d1-3a2c1431a933@linux.intel.com> (raw)
In-Reply-To: <a7929151-0a1f-4349-99b5-186c187710ff@intel.com>
On 6/11/2025 10:26 PM, Xiaoyao Li wrote:
> On 6/11/2025 10:04 PM, Edgecombe, Rick P wrote:
>> On Wed, 2025-06-11 at 22:01 +0800, Xiaoyao Li wrote:
>>>>> So, when the TDX guest calls MapGPA and KVM finds userspace doesn't opt-in
>>>>> KVM_HC_MAP_GPA_RANGE, just return error to userspace?
>>>>
>>>> Why can't KVM just do what it already does, and return an error to the
>>>> guest?
>>>
>>> Because GHCI requires it must be supported. No matter with the old GHCI
>>> that only allows <GetTdVmCallInfo> to succeed and the success of
>>> <GetTdVmCallInfo> means all the TDVMCALL leafs are support, or the
>>> proposed updated GHCI that defines <MapGpa> as one of the base API/leaf,
>>> and the base API must be supported by VMM.
>>>
>>> Binbin wants to honor it.
>>
>> But KVM doesn't need to support all ways that userspace could meet the GHCI
>> spec. If userspace opts-in to the exit, they will meet the spec. If they
>> configure KVM differently then they wont, but this is their decision.
>
> I agree with you and Sean. And I'm trying to answer Sean's question on behalf of Binbin.
Yes, it was my thought.
>
> Strictly speaking, KVM can be blamed for some reason. Because it is KVM that returns success for <GetTdVmCallInfo> unconditionally when r12 == 0 to report that all the (base) leafs are supported.
>
> But I totally agree with KVM cannot guarantee userspace will behave correctly. Even with this patch that KVM mandates the userspace to enable user exit of KVM_HC_MAP_GPA_RANGE, it's still possible for a misbehaved userspace to error to TD guest on KVM_HC_MAP_GPA_RANGE and breaks the semantics of successful <GetTdVmCallInfo>.
>
> So I'm with you and Sean.
>
Also see my reply
https://lore.kernel.org/kvm/ba611f52-9817-46ff-b16b-a9ef7404a51d@linux.intel.com/
In the next version, how about combining this patch to patch 1 to use
TDVMCALL_STATUS_SUBFUNC_UNSUPPORTED if userspace doesn't opt-in
KVM_HC_MAP_GPA_RANGE?
next prev parent reply other threads:[~2025-06-11 16:00 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-10 2:14 [RFC PATCH 0/4] TDX attestation support and GHCI fixup Binbin Wu
2025-06-10 2:14 ` [RFC PATCH 1/4] KVM: TDX: Add new TDVMCALL status code for unsupported subfuncs Binbin Wu
2025-06-10 2:14 ` [RFC PATCH 2/4] KVM: TDX: Handle TDG.VP.VMCALL<GetQuote> Binbin Wu
2025-06-10 2:14 ` [RFC PATCH 3/4] KVM: TDX: Exit to userspace for GetTdVmCallInfo Binbin Wu
2025-06-10 9:16 ` Xiaoyao Li
2025-06-10 16:50 ` Edgecombe, Rick P
2025-06-10 16:54 ` Edgecombe, Rick P
2025-06-11 2:04 ` Binbin Wu
2025-06-11 2:37 ` Xiaoyao Li
2025-06-11 14:17 ` Edgecombe, Rick P
2025-06-11 14:34 ` Xiaoyao Li
2025-06-11 14:41 ` Edgecombe, Rick P
2025-06-11 1:37 ` Binbin Wu
2025-06-11 2:17 ` Xiaoyao Li
2025-06-11 14:54 ` Sean Christopherson
2025-06-11 14:58 ` Edgecombe, Rick P
2025-06-11 16:26 ` Sean Christopherson
2025-06-11 16:53 ` Edgecombe, Rick P
2025-06-11 18:13 ` Sean Christopherson
2025-06-11 18:52 ` Edgecombe, Rick P
2025-06-12 8:27 ` Huang, Kai
2025-06-12 15:26 ` Edgecombe, Rick P
2025-06-20 18:27 ` Edgecombe, Rick P
2025-06-10 2:14 ` [RFC PATCH 4/4] KVM: TDX: Check KVM exit on KVM_HC_MAP_GPA_RANGE when TD finalize Binbin Wu
2025-06-10 17:01 ` Edgecombe, Rick P
2025-06-10 19:58 ` Sean Christopherson
2025-06-11 1:22 ` Binbin Wu
2025-06-11 13:36 ` Sean Christopherson
2025-06-11 14:01 ` Xiaoyao Li
2025-06-11 14:04 ` Edgecombe, Rick P
2025-06-11 14:26 ` Xiaoyao Li
2025-06-11 16:00 ` Binbin Wu [this message]
2025-06-11 15:33 ` Binbin Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b4d89b67-0c83-42c7-90d1-3a2c1431a933@linux.intel.com \
--to=binbin.wu@linux.intel.com \
--cc=adrian.hunter@intel.com \
--cc=isaku.yamahata@intel.com \
--cc=jiewen.yao@intel.com \
--cc=kai.huang@intel.com \
--cc=kirill.shutemov@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mikko.ylinen@linux.intel.com \
--cc=pbonzini@redhat.com \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=tony.lindgren@intel.com \
--cc=xiaoyao.li@intel.com \
--cc=yan.y.zhao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).