lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cc443335-442d-4ed0-aa01-a6bf5c27b39c@intel.com>
Date: Fri, 20 Jun 2025 09:20:55 +0800
From: Xiaoyao Li <xiaoyao.li@...el.com>
To: Paolo Bonzini <pbonzini@...hat.com>, linux-kernel@...r.kernel.org,
 kvm@...r.kernel.org, seanjc@...gle.com
Cc: rick.p.edgecombe@...el.com, kai.huang@...el.com, adrian.hunter@...el.com,
 reinette.chatre@...el.com, tony.lindgren@...el.com,
 isaku.yamahata@...el.com, yan.y.zhao@...el.com,
 mikko.ylinen@...ux.intel.com, kirill.shutemov@...el.com,
 jiewen.yao@...el.com, binbin.wu@...ux.intel.com
Subject: Re: [PATCH 3/3] KVM: TDX: Exit to userspace for GetTdVmCallInfo

On 6/20/2025 2:01 AM, Paolo Bonzini wrote:
> From: Binbin Wu <binbin.wu@...ux.intel.com>
> 
> Exit to userspace for TDG.VP.VMCALL<GetTdVmCallInfo> via KVM_EXIT_TDX,
> to allow userspace to provide information about the support of
> TDVMCALLs when r12 is 1 for the TDVMCALLs beyond the GHCI base API.
> 
> GHCI spec defines the GHCI base TDVMCALLs: <GetTdVmCallInfo>, <MapGPA>,
> <ReportFatalError>, <Instruction.CPUID>, <#VE.RequestMMIO>,
> <Instruction.HLT>, <Instruction.IO>, <Instruction.RDMSR> and
> <Instruction.WRMSR>. They must be supported by VMM to support TDX guests.
> 
> For GetTdVmCallInfo
> - When leaf (r12) to enumerate TDVMCALL functionality is set to 0,
>    successful execution indicates all GHCI base TDVMCALLs listed above are
>    supported.
> 
>    Update the KVM TDX document with the set of the GHCI base APIs.
> 
> - When leaf (r12) to enumerate TDVMCALL functionality is set to 1, it
>    indicates the TDX guest is querying the supported TDVMCALLs beyond
>    the GHCI base TDVMCALLs.
>    Exit to userspace to let userspace set the TDVMCALL sub-function bit(s)
>    accordingly to the leaf outputs.  KVM could set the TDVMCALL bit(s)
>    supported by itself when the TDVMCALLs don't need support from userspace
>    after returning from userspace and before entering guest. Currently, no
>    such TDVMCALLs implemented, KVM just sets the values returned from
>    userspace.
> 
> Suggested-by: Paolo Bonzini <pbonzini@...hat.com>
> Signed-off-by: Binbin Wu <binbin.wu@...ux.intel.com>
> [Adjust userspace API. - Paolo]
> Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>
> ---
>   Documentation/virt/kvm/api.rst | 15 +++++++++++++-
>   arch/x86/kvm/vmx/tdx.c         | 38 ++++++++++++++++++++++++++++++----
>   include/uapi/linux/kvm.h       |  5 +++++
>   3 files changed, 53 insertions(+), 5 deletions(-)
> 
> diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
> index 3643d853a634..2b1656907356 100644
> --- a/Documentation/virt/kvm/api.rst
> +++ b/Documentation/virt/kvm/api.rst
> @@ -7190,6 +7190,11 @@ The valid value for 'flags' is:
>   					u64 gpa;
>   					u64 size;
>   				} get_quote;
> +				struct {
> +					u64 ret;
> +					u64 leaf;
> +					u64 r11, r12, r13, r14;
> +				} get_tdvmcall_info;
>   			};
>   		} tdx;
> 
> @@ -7216,9 +7221,17 @@ queued successfully, the TDX guest can poll the status field in the
>   shared-memory area to check whether the Quote generation is completed or
>   not. When completed, the generated Quote is returned via the same buffer.
>   
> +* ``TDVMCALL_GET_TD_VM_CALL_INFO``: the guest has requested the support
> +status of TDVMCALLs.  The output values for the given leaf should be
> +placed in fields from ``r11`` to ``r14`` of the ``get_tdvmcall_info``
> +field of the union.  This TDVMCALL must succeed, therefore KVM leaves
> +``ret`` equal to ``TDVMCALL_STATUS_SUCCESS`` and ``r11`` to ``r14``
> +equal to zero on entry.
> +
>   KVM may add support for more values in the future that may cause a userspace
>   exit, even without calls to ``KVM_ENABLE_CAP`` or similar.  In this case,
> -it will enter with output fields already valid; in the common case, the
> +it will enter with output fields already valid as mentioned for
> +``TDVMCALL_GET_TD_VM_CALL_INFO`` above; in the common case, the
>   ``unknown.ret`` field of the union will be ``TDVMCALL_STATUS_SUBFUNC_UNSUPPORTED``.
>   Userspace need not do anything if it does not wish to support a TDVMCALL.
>   ::
> diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
> index 6878a76069f8..5804d1b1ea0e 100644
> --- a/arch/x86/kvm/vmx/tdx.c
> +++ b/arch/x86/kvm/vmx/tdx.c
> @@ -1451,18 +1451,49 @@ static int tdx_emulate_mmio(struct kvm_vcpu *vcpu)
>   	return 1;
>   }
>   
> +static int tdx_complete_get_td_vm_call_info(struct kvm_vcpu *vcpu)
> +{
> +	struct vcpu_tdx *tdx = to_tdx(vcpu);
> +
> +	tdvmcall_set_return_code(vcpu, vcpu->run->tdx.get_tdvmcall_info.ret);
> +
> +	/*
> +	 * For now, there is no TDVMCALL beyond GHCI base API supported by KVM
> +	 * directly without the support from userspace, just set the value
> +	 * returned from userspace.
> +	 */
> +	tdx->vp_enter_args.r11 = vcpu->run->tdx.get_tdvmcall_info.r11;
> +	tdx->vp_enter_args.r12 = vcpu->run->tdx.get_tdvmcall_info.r12;
> +	tdx->vp_enter_args.r13 = vcpu->run->tdx.get_tdvmcall_info.r13;
> +	tdx->vp_enter_args.r14 = vcpu->run->tdx.get_tdvmcall_info.r14;
> +
> +	return 1;
> +}
> +
>   static int tdx_get_td_vm_call_info(struct kvm_vcpu *vcpu)
>   {
>   	struct vcpu_tdx *tdx = to_tdx(vcpu);
>   
> -	if (tdx->vp_enter_args.r12)
> -		tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_INVALID_OPERAND);
> -	else {
> +	switch (tdx->vp_enter_args.r12) {
> +	case 1:
> +		vcpu->run->tdx.get_tdvmcall_info.leaf = tdx->vp_enter_args.r12;
> +		vcpu->run->exit_reason = KVM_EXIT_TDX;
> +		vcpu->run->tdx.flags = 0;
> +		vcpu->run->tdx.nr = TDVMCALL_GET_TD_VM_CALL_INFO;
> +		vcpu->run->tdx.get_tdvmcall_info.ret = TDVMCALL_STATUS_SUCCESS;
> +		vcpu->run->tdx.get_tdvmcall_info.r11 = 0;
> +		vcpu->run->tdx.get_tdvmcall_info.r12 = 0;
> +		vcpu->run->tdx.get_tdvmcall_info.r13 = 0;
> +		vcpu->run->tdx.get_tdvmcall_info.r14 = 0;
> +		vcpu->arch.complete_userspace_io = tdx_complete_get_td_vm_call_info;
> +		return 0;
> +	default:
>   		tdx->vp_enter_args.r11 = 0;
> +		tdx->vp_enter_args.r12 = 0;
>   		tdx->vp_enter_args.r13 = 0;
>   		tdx->vp_enter_args.r14 = 0;
> +		return 1;

Though it looks OK to return all-0 for r12 == 0 and undefined case of 
r12 > 1, I prefer returning TDVMCALL_STATUS_INVALID_OPERAND for 
undefined case.

So please make above "case 0:", and make the "default:" return 
TDVMCALL_STATUS_INVALID_OPERAND

>   	}
> -	return 1;
>   }
>   
>   static int tdx_complete_simple(struct kvm_vcpu *vcpu)
> diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
> index 6708bc88ae69..fb3b4cd8d662 100644
> --- a/include/uapi/linux/kvm.h
> +++ b/include/uapi/linux/kvm.h
> @@ -461,6 +461,11 @@ struct kvm_run {
>   					__u64 gpa;
>   					__u64 size;
>   				} get_quote;
> +				struct {
> +					__u64 ret;
> +					__u64 leaf;
> +					__u64 r11, r12, r13, r14;
> +				} get_tdvmcall_info;
>   			};
>   		} tdx;
>   		/* Fix the size of the union. */

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ