Received: by 2002:a05:6500:1b8f:b0:1fa:5c73:8e2d with SMTP id df15csp116344lqb; Tue, 28 May 2024 10:16:36 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVqgCYp3vzchtGKv+nNM4tOdDDlmPrlbJxIzrOKbcDIQfg7OVEdEL3FDkG+FEeE42yPpsg5srFtq+G/vXmqSKK6wlXniPptwhbFjcGZpA== X-Google-Smtp-Source: AGHT+IFZXxTw28hfb4m9UHBDxHcNSBbHGKVUrW0FU64ZQ/rcGItvXQjEEy4afpVW9lN4ru2vXecw X-Received: by 2002:a17:903:2013:b0:1f4:86b2:9b8a with SMTP id d9443c01a7336-1f486b29e9cmr49623735ad.30.1716916596715; Tue, 28 May 2024 10:16:36 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716916596; cv=pass; d=google.com; s=arc-20160816; b=XtXJ5z6iu/QRnTWdAj5WzMs6XU7LoD4PGsPI+1BMMh9J3m4oCmmeJs3psO7hycPyVH Rh+p7olTP1kEy9M6ik/7Dnw82WdCQ4QgnWoR36jX6n0i/6RtHdsC6RQP1IZSWixJRsb+ BvDJXKQTwnnjNFiBvZgNLUrsiQ7Gj1mQVmGBOxu2Dba8P6qDCedH4mWjn+tXmqtV0igi n+sqPOE/TMfSv31eQnzA6eveFWKmDrdgRXXnRbsmdwdu7wi+K5VcrL2+Ltz/qsIO1GS4 jQko3eLJXYwgmrHFL3USCZ68GzgvxXeeS+c/93box9cPlB4wDITJKoEH6pu+PoQ8KIIm UO0Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=Km5+U1cMYQFEV+IeNiB/XxMgJkfhtJSwDUx6wVxVv/A=; fh=cuB3V4uSoJ/P7Kv6wvkV/vZmUA2ctOxJpq1K6ECcXI8=; b=v0G55IaJLPrjCjOTYUe5jAQALGzyzipn+q2pSn5VMM6Lbf0rskIu72v71oYOPBww0V pCwsYdY0NQa1XUHapMl5liAy+t/2Q1zN3wURgpbm0kwCjyTgiGrM24nL8naBtw5h9pfc eigQArvXb6ODpLnB4kjIXU50+eR46mQW1mGAW7kAsUpxQMzNMfS3L+xJfY+1q/pPruIE RKd0ufbCXLXYByy9TaoeGsTw4VE+4G7xRIsL737MgxT2Mxx6d/FqAMQxSKD/rtzeDZlc tfFuJ5iXjky1E3EBy58oI7kGu07H253OKMwW8VjjikVleHGTxp1PPRZU0QSFFblgzzmU m8zA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=kbJ0qTOC; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-192799-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-192799-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id d9443c01a7336-1f44c996563si81706565ad.341.2024.05.28.10.16.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 May 2024 10:16:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-192799-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=kbJ0qTOC; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-192799-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-192799-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id E4D76286B69 for ; Tue, 28 May 2024 17:16:24 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8D339174EC7; Tue, 28 May 2024 17:16:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="kbJ0qTOC" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3009823BF; Tue, 28 May 2024 17:16:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.10 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716916575; cv=none; b=K/qBG+xbL4JAi6YtFRMzavl6AregPi1nmZLqAn6kajdwS4WC6w2Pl+XhY/pwi0+X/acRV8gf6apGwtU8SZJKAyY7ac7mEKIuox3JDfeBifvk2s1zKbATwzCXiWAY1CMDwtYO6MzG65uJnE6ujkjDSkwzMEC/rLySlhho5RHyGJI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716916575; c=relaxed/simple; bh=Or6uWrOuLzhTuj50EEBT2/wQLVqQ+kLlFEZ5TAS64OU=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=Z7/unHpvQIIjDnEx5l8szGM4r2aT+jGd6y/79nKAygkUHmNAHs4RTX1DRrPj6ua38jr6aaNX6Pcb8w41hYoARfLfmajbAPGlfLoIG9dma48HPNzNyFMVlZ5/QTnyC17Q1RTsN2jPJbDnlnv/20GVNjLhgzh9wxvWmRg68UOAlp4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=kbJ0qTOC; arc=none smtp.client-ip=192.198.163.10 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1716916574; x=1748452574; h=date:from:to:cc:subject:message-id:references: mime-version:content-transfer-encoding:in-reply-to; bh=Or6uWrOuLzhTuj50EEBT2/wQLVqQ+kLlFEZ5TAS64OU=; b=kbJ0qTOCGKHM6tdaLyV5F4hcRihzj3KBczoSyxk0kaxKRwAw4WanZ9N4 mrMZE8bon4bwoqdiEQN9TJgnFQW+DGpizJ6XwAyjqvfVzA0nXUGgn/iJ3 so72rPEs/LztZqAPEuJ878hRbnOiu+EprdRxWQ/ICo5TH3YYoULuzs5fG fY0UrmIobk9vLv2IIUbM9Bqbv+KSs8TbzbVrpodNQTZBqkGnt43Zd/d71 1bvDWm4FlUIIkopUuqqY5QQW7l121tulOjyYegV1xtdIc4BKCiVw/0hQ5 rdN7WwNphWQs98vQpQVUehLjvz0vNMpSeqgf3QDbMv70+5tWjWPS3FbrP w==; X-CSE-ConnectionGUID: /X+oGZGVSiq8Qt02V4HLiQ== X-CSE-MsgGUID: b6punY0qR0azhgYU3etFGg== X-IronPort-AV: E=McAfee;i="6600,9927,11085"; a="24695126" X-IronPort-AV: E=Sophos;i="6.08,196,1712646000"; d="scan'208";a="24695126" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by fmvoesa104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 May 2024 10:16:13 -0700 X-CSE-ConnectionGUID: D57IhtI8QgW3uXhmkndhgQ== X-CSE-MsgGUID: xuMfQJNMS/qeAGV5537ZFA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,196,1712646000"; d="scan'208";a="39646966" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.54]) by fmviesa004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 May 2024 10:16:13 -0700 Date: Tue, 28 May 2024 10:16:12 -0700 From: Isaku Yamahata To: Binbin Wu Cc: Isaku Yamahata , Paolo Bonzini , Sean Christopherson , Chao Gao , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, isaku.yamahata@gmail.com, erdemaktas@google.com, Sagi Shahar , Kai Huang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com, isaku.yamahata@linux.intel.com Subject: Re: [PATCH v19 105/130] KVM: TDX: handle KVM hypercall with TDG.VP.VMCALL Message-ID: <20240528171612.GA454482@ls.amr.corp.intel.com> References: <20240404012726.GP2444378@ls.amr.corp.intel.com> <8d489a08-784b-410d-8714-3c0ffc8dfb39@linux.intel.com> <20240417070240.GF3039520@ls.amr.corp.intel.com> <6a7b865f-9513-4dd2-9aff-e8f19dea6d90@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <6a7b865f-9513-4dd2-9aff-e8f19dea6d90@linux.intel.com> On Mon, May 27, 2024 at 08:57:28AM +0800, Binbin Wu wrote: > > > On 4/17/2024 3:02 PM, Isaku Yamahata wrote: > > On Wed, Apr 17, 2024 at 02:16:57PM +0800, > > Binbin Wu wrote: > > > > > > > > On 4/4/2024 9:27 AM, Isaku Yamahata wrote: > > > > On Tue, Apr 02, 2024 at 04:52:46PM +0800, > > > > Chao Gao wrote: > > > > > > > > > > +static int tdx_emulate_vmcall(struct kvm_vcpu *vcpu) > > > > > > +{ > > > > > > + unsigned long nr, a0, a1, a2, a3, ret; > > > > > > + > > > > > do you need to emulate xen/hyper-v hypercalls here? > > > > No. kvm_emulate_hypercall() handles xen/hyper-v hypercalls, > > > > __kvm_emulate_hypercall() doesn't. > > > So for TDX, kvm doesn't support xen/hyper-v, right? > > > > > > Then, should KVM_CAP_XEN_HVM and KVM_CAP_HYPERV be filtered out for TDX? > > That's right. We should update kvm_vm_ioctl_check_extension() and > > kvm_vcpu_ioctl_enable_cap(). I didn't pay attention to them. > Currently, QEMU checks the capabilities for Hyper-v/Xen via > kvm_check_extension(), which is the global version. > Only modifications in KVM can't hide these capabilities. It needs userspace > to use VM or vCPU version to check the capabilities for Hyper-v and Xen. > Is it a change of ABI when the old global version is still workable, but > userspace switches to use VM/vCPU version to check capabilities for Hyper-v > and Xen? > Are there objections if both QEMU and KVM are modified in order to > hide Hyper-v/Xen capabilities for TDX? I think it's okay for KVM_X86_TDX_VM as long as we don't change the value for KVM_X86_DEFAULT_VM. Because vm_type KVM_X86_TDX_VM is different from the default and the document (Documentation/virt/kvm/api.rst), 4.4 KVM_CHECK_EXTENSION explicitly encourages VM version. Based on their initialization different VMs may have different capabilities. It is thus encouraged to use the vm ioctl to query for capabilities (available with KVM_CAP_CHECK_EXTENSION_VM on the vm fd) The change to qemu will be mostly trivial with the quick check. -- Isaku Yamahata