On Tue, Apr 05, 2022 at 02:50:29PM +0200,
Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote:
> On 3/4/22 20:48, isaku.yamahata@xxxxxxxxx wrote:
> > From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
> >
> > Add a place holder function for TDX specific VM-scoped ioctl as mem_enc_op.
> > TDX specific sub-commands will be added to retrieve/pass TDX specific
> > parameters.
> >
> > KVM_MEMORY_ENCRYPT_OP was introduced for VM-scoped operations specific for
> > guest state-protected VM. It defined subcommands for technology-specific
> > operations under KVM_MEMORY_ENCRYPT_OP. Despite its name, the subcommands
> > are not limited to memory encryption, but various technology-specific
> > operations are defined. It's natural to repurpose KVM_MEMORY_ENCRYPT_OP
> > for TDX specific operations and define subcommands.
> >
> > TDX requires VM-scoped, and VCPU-scoped TDX-specific operations for device
> > model, for example, qemu. Getting system-wide parameters, TDX-specific VM
> > initialization, and TDX-specific vCPU initialization. Which requires KVM
> > vCPU-scoped operations in addition to the existing VM-scoped operations.
> >
> > Signed-off-by: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
> > ---
> > arch/x86/include/uapi/asm/kvm.h | 11 +++++++++++
> > arch/x86/kvm/vmx/main.c | 10 ++++++++++
> > arch/x86/kvm/vmx/tdx.c | 24 ++++++++++++++++++++++++
> > arch/x86/kvm/vmx/x86_ops.h | 4 ++++
> > tools/arch/x86/include/uapi/asm/kvm.h | 11 +++++++++++
> > 5 files changed, 60 insertions(+)
> >
> > diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
> > index 71a5851475e7..2ad61caf4e0b 100644
> > --- a/arch/x86/include/uapi/asm/kvm.h
> > +++ b/arch/x86/include/uapi/asm/kvm.h
> > @@ -528,4 +528,15 @@ struct kvm_pmu_event_filter {
> > #define KVM_X86_DEFAULT_VM 0
> > #define KVM_X86_TDX_VM 1
> > +/* Trust Domain eXtension sub-ioctl() commands. */
> > +enum kvm_tdx_cmd_id {
> > + KVM_TDX_CMD_NR_MAX,
> > +};
> > +
> > +struct kvm_tdx_cmd {
> > + __u32 id;
> > + __u32 metadata;
> > + __u64 data;
> > +};
>
> Please include some initial documentation here already, for example it is
> not clear what "metadata" is.
>
> Also please add
>
> u32 error;
> u32 unused;
>
> for two reasons: 1) consistency with kvm_sev_cmd 2) error codes should be
> returned to userspace and not just sent through pr_tdx_error.
Sure.
For now metadata is only used to specify flags specific to id.
So I'll rename it to flags.
--
Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
