On 20/02/25 14:35, Xiaoyao Li wrote:
> On 1/29/2025 5:58 PM, Adrian Hunter wrote:
>> TDX VMs have protected state. Accordingly, set arch.has_protected_state to
>> true.
>>
>> This will cause the following IOCTL functions to return an error:
>>
>> kvm_arch_vcpu_ioctl() case KVM_GET_SREGS2
>> kvm_arch_vcpu_ioctl() case KVM_SET_SREGS2
>> kvm_arch_vcpu_ioctl_get_regs()
>> kvm_arch_vcpu_ioctl_set_regs()
>> kvm_arch_vcpu_ioctl_get_sregs()
>> kvm_arch_vcpu_ioctl_set_sregs()
>> kvm_vcpu_ioctl_x86_get_debugregs()
>> kvm_vcpu_ioctl_x86_set_debugregs
>> kvm_vcpu_ioctl_x86_get_xcrs()
>> kvm_vcpu_ioctl_x86_set_xcrs()
>>
>> In addition, the following will error for confidential FPU state:
>>
>> kvm_vcpu_ioctl_x86_get_xsave ()
>> kvm_vcpu_ioctl_x86_get_xsave2()
>> kvm_vcpu_ioctl_x86_set_xsave()
>> kvm_arch_vcpu_ioctl_get_fpu()
>> kvm_arch_vcpu_ioctl_set_fpu()
>>
>> And finally, in accordance with commit 66155de93bcf ("KVM: x86: Disallow
>> read-only memslots for SEV-ES and SEV-SNP (and TDX)"), read-only
>> memslots will be disallowed.
>>
>> Signed-off-by: Adrian Hunter <adrian.hunter@xxxxxxxxx>
>> ---
>> TD vcpu enter/exit v2:
>> - New patch
>> ---
>> arch/x86/kvm/vmx/tdx.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
>> index ea9498028212..a7ebdafdfd82 100644
>> --- a/arch/x86/kvm/vmx/tdx.c
>> +++ b/arch/x86/kvm/vmx/tdx.c
>> @@ -553,6 +553,7 @@ int tdx_vm_init(struct kvm *kvm)
>> {
>> struct kvm_tdx *kvm_tdx = to_kvm_tdx(kvm);
>> + kvm->arch.has_protected_state = true;
>
> This can be squashed into the one that implements the tdx_vm_init();
This has been done in kvm-coco-queue.
We have re-based on kvm-coco-queue so we in-sync on this.
