TDX VMs have protected state. Accordingly, set arch.has_protected_state to
true.
This will cause the following IOCTL functions to return an error:
kvm_arch_vcpu_ioctl() case KVM_GET_SREGS2
kvm_arch_vcpu_ioctl() case KVM_SET_SREGS2
kvm_arch_vcpu_ioctl_get_regs()
kvm_arch_vcpu_ioctl_set_regs()
kvm_arch_vcpu_ioctl_get_sregs()
kvm_arch_vcpu_ioctl_set_sregs()
kvm_vcpu_ioctl_x86_get_debugregs()
kvm_vcpu_ioctl_x86_set_debugregs
kvm_vcpu_ioctl_x86_get_xcrs()
kvm_vcpu_ioctl_x86_set_xcrs()
In addition, the following will error for confidential FPU state:
kvm_vcpu_ioctl_x86_get_xsave ()
kvm_vcpu_ioctl_x86_get_xsave2()
kvm_vcpu_ioctl_x86_set_xsave()
kvm_arch_vcpu_ioctl_get_fpu()
kvm_arch_vcpu_ioctl_set_fpu()
And finally, in accordance with commit 66155de93bcf ("KVM: x86: Disallow
read-only memslots for SEV-ES and SEV-SNP (and TDX)"), read-only
memslots will be disallowed.
Signed-off-by: Adrian Hunter <adrian.hunter@xxxxxxxxx>
---
TD vcpu enter/exit v2:
- New patch
---
arch/x86/kvm/vmx/tdx.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index ea9498028212..a7ebdafdfd82 100644
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -553,6 +553,7 @@ int tdx_vm_init(struct kvm *kvm)
{
struct kvm_tdx *kvm_tdx = to_kvm_tdx(kvm);
+ kvm->arch.has_protected_state = true;
kvm->arch.has_private_mem = true;
/*
--
2.43.0
