On Sat, 2024-03-23 at 04:27 +0000, Huang, Kai wrote: > > vt_vcpu_mem_enc_ioctl() checks non-TDX case and returns -ENOTTY. We know that > > the guest is TD. > > But the command is not supported, right? > > I roughly recall I saw somewhere that in such case we should return -ENOTTY, but > I cannot find the link now. > > But I found this old link uses -ENOTTY: > > https://lwn.net/Articles/58719/ > > So, just fyi. The AMD version of this returns -EINVAL when the subcommand is not implemented. I don't think the TDX side should need to necessarily match that. Is the case of concern when in a future where there are more subcommands that are only supported when some other mode is enabled? The man page says: ENOTTY The specified request does not apply to the kind of object that the file descriptor fd references. If a future command does not apply for the TDX mode, then an upgraded kernel could start returning ENOTTY instead of EINVAL. Hmm. We could always have the option of making KVM_MEMORY_ENCRYPT_OP_FOO for some future mode foo if there were compatibility issues, so I don't think we would be stuck either way. After thinking about it, I'd make a weak vote to leave it. No strong opinion though.
