Re: [RFC PATCH v5 025/104] KVM: TDX: Add place holder for TDX VM specific mem_enc_op ioctl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Apr 05, 2022 at 02:50:29PM +0200,
Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote:

> On 3/4/22 20:48, isaku.yamahata@xxxxxxxxx wrote:
> > From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
> > 
> > Add a place holder function for TDX specific VM-scoped ioctl as mem_enc_op.
> > TDX specific sub-commands will be added to retrieve/pass TDX specific
> > parameters.
> > 
> > KVM_MEMORY_ENCRYPT_OP was introduced for VM-scoped operations specific for
> > guest state-protected VM.  It defined subcommands for technology-specific
> > operations under KVM_MEMORY_ENCRYPT_OP.  Despite its name, the subcommands
> > are not limited to memory encryption, but various technology-specific
> > operations are defined.  It's natural to repurpose KVM_MEMORY_ENCRYPT_OP
> > for TDX specific operations and define subcommands.
> > 
> > TDX requires VM-scoped, and VCPU-scoped TDX-specific operations for device
> > model, for example, qemu.  Getting system-wide parameters, TDX-specific VM
> > initialization, and TDX-specific vCPU initialization.  Which requires KVM
> > vCPU-scoped operations in addition to the existing VM-scoped operations.
> > 
> > Signed-off-by: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
> > ---
> >   arch/x86/include/uapi/asm/kvm.h       | 11 +++++++++++
> >   arch/x86/kvm/vmx/main.c               | 10 ++++++++++
> >   arch/x86/kvm/vmx/tdx.c                | 24 ++++++++++++++++++++++++
> >   arch/x86/kvm/vmx/x86_ops.h            |  4 ++++
> >   tools/arch/x86/include/uapi/asm/kvm.h | 11 +++++++++++
> >   5 files changed, 60 insertions(+)
> > 
> > diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
> > index 71a5851475e7..2ad61caf4e0b 100644
> > --- a/arch/x86/include/uapi/asm/kvm.h
> > +++ b/arch/x86/include/uapi/asm/kvm.h
> > @@ -528,4 +528,15 @@ struct kvm_pmu_event_filter {
> >   #define KVM_X86_DEFAULT_VM	0
> >   #define KVM_X86_TDX_VM		1
> > +/* Trust Domain eXtension sub-ioctl() commands. */
> > +enum kvm_tdx_cmd_id {
> > +	KVM_TDX_CMD_NR_MAX,
> > +};
> > +
> > +struct kvm_tdx_cmd {
> > +	__u32 id;
> > +	__u32 metadata;
> > +	__u64 data;
> > +};
> 
> Please include some initial documentation here already, for example it is
> not clear what "metadata" is.
> 
> Also please add
> 
> 	u32 error;
> 	u32 unused;
> 
> for two reasons: 1) consistency with kvm_sev_cmd 2) error codes should be
> returned to userspace and not just sent through pr_tdx_error.

Sure.
For now metadata is only used to specify flags specific to id.
So I'll rename it to flags.
-- 
Isaku Yamahata <isaku.yamahata@xxxxxxxxx>



[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux