Received: by 2002:a05:6500:1b8f:b0:1fa:5c73:8e2d with SMTP id df15csp116344lqb;
        Tue, 28 May 2024 10:16:36 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCVqgCYp3vzchtGKv+nNM4tOdDDlmPrlbJxIzrOKbcDIQfg7OVEdEL3FDkG+FEeE42yPpsg5srFtq+G/vXmqSKK6wlXniPptwhbFjcGZpA==
X-Google-Smtp-Source: AGHT+IFZXxTw28hfb4m9UHBDxHcNSBbHGKVUrW0FU64ZQ/rcGItvXQjEEy4afpVW9lN4ru2vXecw
X-Received: by 2002:a17:903:2013:b0:1f4:86b2:9b8a with SMTP id d9443c01a7336-1f486b29e9cmr49623735ad.30.1716916596715;
        Tue, 28 May 2024 10:16:36 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1716916596; cv=pass;
        d=google.com; s=arc-20160816;
        b=XtXJ5z6iu/QRnTWdAj5WzMs6XU7LoD4PGsPI+1BMMh9J3m4oCmmeJs3psO7hycPyVH
         Rh+p7olTP1kEy9M6ik/7Dnw82WdCQ4QgnWoR36jX6n0i/6RtHdsC6RQP1IZSWixJRsb+
         BvDJXKQTwnnjNFiBvZgNLUrsiQ7Gj1mQVmGBOxu2Dba8P6qDCedH4mWjn+tXmqtV0igi
         n+sqPOE/TMfSv31eQnzA6eveFWKmDrdgRXXnRbsmdwdu7wi+K5VcrL2+Ltz/qsIO1GS4
         jQko3eLJXYwgmrHFL3USCZ68GzgvxXeeS+c/93box9cPlB4wDITJKoEH6pu+PoQ8KIIm
         UO0Q==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-transfer-encoding:content-disposition
         :mime-version:list-unsubscribe:list-subscribe:list-id:precedence
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=Km5+U1cMYQFEV+IeNiB/XxMgJkfhtJSwDUx6wVxVv/A=;
        fh=cuB3V4uSoJ/P7Kv6wvkV/vZmUA2ctOxJpq1K6ECcXI8=;
        b=v0G55IaJLPrjCjOTYUe5jAQALGzyzipn+q2pSn5VMM6Lbf0rskIu72v71oYOPBww0V
         pCwsYdY0NQa1XUHapMl5liAy+t/2Q1zN3wURgpbm0kwCjyTgiGrM24nL8naBtw5h9pfc
         eigQArvXb6ODpLnB4kjIXU50+eR46mQW1mGAW7kAsUpxQMzNMfS3L+xJfY+1q/pPruIE
         RKd0ufbCXLXYByy9TaoeGsTw4VE+4G7xRIsL737MgxT2Mxx6d/FqAMQxSKD/rtzeDZlc
         tfFuJ5iXjky1E3EBy58oI7kGu07H253OKMwW8VjjikVleHGTxp1PPRZU0QSFFblgzzmU
         m8zA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=kbJ0qTOC;
       arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com);
       spf=pass (google.com: domain of linux-kernel+bounces-192799-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-192799-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel+bounces-192799-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1])
        by mx.google.com with ESMTPS id d9443c01a7336-1f44c996563si81706565ad.341.2024.05.28.10.16.36
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 28 May 2024 10:16:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-192799-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=kbJ0qTOC;
       arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com);
       spf=pass (google.com: domain of linux-kernel+bounces-192799-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-192799-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id E4D76286B69
	for <linux.lists.archive@gmail.com>; Tue, 28 May 2024 17:16:24 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 8D339174EC7;
	Tue, 28 May 2024 17:16:16 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="kbJ0qTOC"
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.10])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3009823BF;
	Tue, 28 May 2024 17:16:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.10
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716916575; cv=none; b=K/qBG+xbL4JAi6YtFRMzavl6AregPi1nmZLqAn6kajdwS4WC6w2Pl+XhY/pwi0+X/acRV8gf6apGwtU8SZJKAyY7ac7mEKIuox3JDfeBifvk2s1zKbATwzCXiWAY1CMDwtYO6MzG65uJnE6ujkjDSkwzMEC/rLySlhho5RHyGJI=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716916575; c=relaxed/simple;
	bh=Or6uWrOuLzhTuj50EEBT2/wQLVqQ+kLlFEZ5TAS64OU=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=Z7/unHpvQIIjDnEx5l8szGM4r2aT+jGd6y/79nKAygkUHmNAHs4RTX1DRrPj6ua38jr6aaNX6Pcb8w41hYoARfLfmajbAPGlfLoIG9dma48HPNzNyFMVlZ5/QTnyC17Q1RTsN2jPJbDnlnv/20GVNjLhgzh9wxvWmRg68UOAlp4=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=kbJ0qTOC; arc=none smtp.client-ip=192.198.163.10
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1716916574; x=1748452574;
  h=date:from:to:cc:subject:message-id:references:
   mime-version:content-transfer-encoding:in-reply-to;
  bh=Or6uWrOuLzhTuj50EEBT2/wQLVqQ+kLlFEZ5TAS64OU=;
  b=kbJ0qTOCGKHM6tdaLyV5F4hcRihzj3KBczoSyxk0kaxKRwAw4WanZ9N4
   mrMZE8bon4bwoqdiEQN9TJgnFQW+DGpizJ6XwAyjqvfVzA0nXUGgn/iJ3
   so72rPEs/LztZqAPEuJ878hRbnOiu+EprdRxWQ/ICo5TH3YYoULuzs5fG
   fY0UrmIobk9vLv2IIUbM9Bqbv+KSs8TbzbVrpodNQTZBqkGnt43Zd/d71
   1bvDWm4FlUIIkopUuqqY5QQW7l121tulOjyYegV1xtdIc4BKCiVw/0hQ5
   rdN7WwNphWQs98vQpQVUehLjvz0vNMpSeqgf3QDbMv70+5tWjWPS3FbrP
   w==;
X-CSE-ConnectionGUID: /X+oGZGVSiq8Qt02V4HLiQ==
X-CSE-MsgGUID: b6punY0qR0azhgYU3etFGg==
X-IronPort-AV: E=McAfee;i="6600,9927,11085"; a="24695126"
X-IronPort-AV: E=Sophos;i="6.08,196,1712646000"; 
   d="scan'208";a="24695126"
Received: from fmviesa004.fm.intel.com ([10.60.135.144])
  by fmvoesa104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 May 2024 10:16:13 -0700
X-CSE-ConnectionGUID: D57IhtI8QgW3uXhmkndhgQ==
X-CSE-MsgGUID: xuMfQJNMS/qeAGV5537ZFA==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.08,196,1712646000"; 
   d="scan'208";a="39646966"
Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.54])
  by fmviesa004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 May 2024 10:16:13 -0700
Date: Tue, 28 May 2024 10:16:12 -0700
From: Isaku Yamahata <isaku.yamahata@intel.com>
To: Binbin Wu <binbin.wu@linux.intel.com>
Cc: Isaku Yamahata <isaku.yamahata@intel.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Sean Christopherson <seanjc@google.com>,
	Chao Gao <chao.gao@intel.com>, kvm@vger.kernel.org,
	linux-kernel@vger.kernel.org, isaku.yamahata@gmail.com,
	erdemaktas@google.com, Sagi Shahar <sagis@google.com>,
	Kai Huang <kai.huang@intel.com>, chen.bo@intel.com,
	hang.yuan@intel.com, tina.zhang@intel.com,
	isaku.yamahata@linux.intel.com
Subject: Re: [PATCH v19 105/130] KVM: TDX: handle KVM hypercall with
 TDG.VP.VMCALL
Message-ID: <20240528171612.GA454482@ls.amr.corp.intel.com>
References: <cover.1708933498.git.isaku.yamahata@intel.com>
 <ab54980da397e6e9b7b8d6636dc88c11c303364f.1708933498.git.isaku.yamahata@intel.com>
 <ZgvHXk/jiWzTrcWM@chao-email>
 <20240404012726.GP2444378@ls.amr.corp.intel.com>
 <8d489a08-784b-410d-8714-3c0ffc8dfb39@linux.intel.com>
 <20240417070240.GF3039520@ls.amr.corp.intel.com>
 <6a7b865f-9513-4dd2-9aff-e8f19dea6d90@linux.intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <6a7b865f-9513-4dd2-9aff-e8f19dea6d90@linux.intel.com>

On Mon, May 27, 2024 at 08:57:28AM +0800,
Binbin Wu <binbin.wu@linux.intel.com> wrote:

> 
> 
> On 4/17/2024 3:02 PM, Isaku Yamahata wrote:
> > On Wed, Apr 17, 2024 at 02:16:57PM +0800,
> > Binbin Wu <binbin.wu@linux.intel.com> wrote:
> > 
> > > 
> > > On 4/4/2024 9:27 AM, Isaku Yamahata wrote:
> > > > On Tue, Apr 02, 2024 at 04:52:46PM +0800,
> > > > Chao Gao <chao.gao@intel.com> wrote:
> > > > 
> > > > > > +static int tdx_emulate_vmcall(struct kvm_vcpu *vcpu)
> > > > > > +{
> > > > > > +	unsigned long nr, a0, a1, a2, a3, ret;
> > > > > > +
> > > > > do you need to emulate xen/hyper-v hypercalls here?
> > > > No. kvm_emulate_hypercall() handles xen/hyper-v hypercalls,
> > > > __kvm_emulate_hypercall() doesn't.
> > > So for TDX, kvm doesn't support xen/hyper-v, right?
> > > 
> > > Then, should KVM_CAP_XEN_HVM and KVM_CAP_HYPERV be filtered out for TDX?
> > That's right. We should update kvm_vm_ioctl_check_extension() and
> > kvm_vcpu_ioctl_enable_cap().  I didn't pay attention to them.
> Currently, QEMU checks the capabilities for Hyper-v/Xen via
> kvm_check_extension(), which is the global version.
> Only modifications in KVM can't hide these capabilities. It needs userspace
> to use VM or vCPU version to check the capabilities for Hyper-v and Xen.
> Is it a change of ABI when the old global version is still workable, but
> userspace switches to use VM/vCPU version to check capabilities for Hyper-v
> and Xen?
> Are there objections if both QEMU and KVM are modified in order to
> hide Hyper-v/Xen capabilities for TDX?

I think it's okay for KVM_X86_TDX_VM as long as we don't change the value for
KVM_X86_DEFAULT_VM.  Because vm_type KVM_X86_TDX_VM is different from the
default and the document (Documentation/virt/kvm/api.rst), 4.4
KVM_CHECK_EXTENSION explicitly encourages VM version.

  Based on their initialization different VMs may have different capabilities.
  It is thus encouraged to use the vm ioctl to query for capabilities (available
  with KVM_CAP_CHECK_EXTENSION_VM on the vm fd)

The change to qemu will be mostly trivial with the quick check.
-- 
Isaku Yamahata <isaku.yamahata@intel.com>