On Tue, Apr 05, 2022 at 02:50:29PM +0200, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > On 3/4/22 20:48, isaku.yamahata@xxxxxxxxx wrote: > > From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx> > > > > Add a place holder function for TDX specific VM-scoped ioctl as mem_enc_op. > > TDX specific sub-commands will be added to retrieve/pass TDX specific > > parameters. > > > > KVM_MEMORY_ENCRYPT_OP was introduced for VM-scoped operations specific for > > guest state-protected VM. It defined subcommands for technology-specific > > operations under KVM_MEMORY_ENCRYPT_OP. Despite its name, the subcommands > > are not limited to memory encryption, but various technology-specific > > operations are defined. It's natural to repurpose KVM_MEMORY_ENCRYPT_OP > > for TDX specific operations and define subcommands. > > > > TDX requires VM-scoped, and VCPU-scoped TDX-specific operations for device > > model, for example, qemu. Getting system-wide parameters, TDX-specific VM > > initialization, and TDX-specific vCPU initialization. Which requires KVM > > vCPU-scoped operations in addition to the existing VM-scoped operations. > > > > Signed-off-by: Isaku Yamahata <isaku.yamahata@xxxxxxxxx> > > --- > > arch/x86/include/uapi/asm/kvm.h | 11 +++++++++++ > > arch/x86/kvm/vmx/main.c | 10 ++++++++++ > > arch/x86/kvm/vmx/tdx.c | 24 ++++++++++++++++++++++++ > > arch/x86/kvm/vmx/x86_ops.h | 4 ++++ > > tools/arch/x86/include/uapi/asm/kvm.h | 11 +++++++++++ > > 5 files changed, 60 insertions(+) > > > > diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h > > index 71a5851475e7..2ad61caf4e0b 100644 > > --- a/arch/x86/include/uapi/asm/kvm.h > > +++ b/arch/x86/include/uapi/asm/kvm.h > > @@ -528,4 +528,15 @@ struct kvm_pmu_event_filter { > > #define KVM_X86_DEFAULT_VM 0 > > #define KVM_X86_TDX_VM 1 > > +/* Trust Domain eXtension sub-ioctl() commands. */ > > +enum kvm_tdx_cmd_id { > > + KVM_TDX_CMD_NR_MAX, > > +}; > > + > > +struct kvm_tdx_cmd { > > + __u32 id; > > + __u32 metadata; > > + __u64 data; > > +}; > > Please include some initial documentation here already, for example it is > not clear what "metadata" is. > > Also please add > > u32 error; > u32 unused; > > for two reasons: 1) consistency with kvm_sev_cmd 2) error codes should be > returned to userspace and not just sent through pr_tdx_error. Sure. For now metadata is only used to specify flags specific to id. So I'll rename it to flags. -- Isaku Yamahata <isaku.yamahata@xxxxxxxxx>