Re: [RFC PATCH 13/15] KVM: TDX: Support event-notify interrupts only with userspace quoting

[Adrian Hunter]

On 22/05/2026 06:41, Xu Yilun wrote:
> From: Peter Fang <peter.fang@xxxxxxxxx>
> 
> Tie userspace SetupEventNotifyInterrupt support to userspace Quote
> generation. Delivering event-notify interrupts via userspace breaks if
> KVM never exits to userspace in the first place.

Breaks how exactly?

Seems like a TDX guest has no way to know whether the VMM will use
the Event Notify Interrupt anyway, so it cannot rely upon it, so
it should already handle the case when the interrupt does not fire.

> 
> No known guest currently requires event-notify interrupt support, so
> defer adding in-kernel support for now. Linux TDX guests use polling
> only.

If no guest is using it, then why does it need special treatment?

> 
> Update the KVM API Documentation to reflect the change.
> 
> Signed-off-by: Peter Fang <peter.fang@xxxxxxxxx>
> Signed-off-by: Xu Yilun <yilun.xu@xxxxxxxxxxxxxxx>
> ---
>  Documentation/virt/kvm/api.rst |  8 +++++++-
>  arch/x86/kvm/vmx/tdx.c         | 20 +++++++++++++++++---
>  2 files changed, 24 insertions(+), 4 deletions(-)
> 
> diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
> index 52bbbb553ce1..8a02745a36ee 100644
> --- a/Documentation/virt/kvm/api.rst
> +++ b/Documentation/virt/kvm/api.rst
> @@ -7335,6 +7335,9 @@ inputs and outputs of the TDVMCALL.  Currently the following values of
>     queued successfully, the TDX guest can poll the status field in the
>     shared-memory area to check whether the Quote generation is completed or
>     not. When completed, the generated Quote is returned via the same buffer.
> +   If the host kernel generates Quotes through the TDX Quoting service provided
> +   by the TDX module, KVM processes the GetQuote request and it will not appear
> +   in userspace.

There is an Attestation section in Documentation/virt/kvm/x86/intel-tdx.rst
that could be updated too.

> +                  KVM only supports version 1 of the GetQuote request.

Is that relevant here?

>  
>   * ``TDVMCALL_GET_TD_VM_CALL_INFO``: the guest has requested the support
>     status of TDVMCALLs.  The output values for the given leaf should be
> @@ -7342,7 +7345,10 @@ inputs and outputs of the TDVMCALL.  Currently the following values of
>     field of the union.
>  
>   * ``TDVMCALL_SETUP_EVENT_NOTIFY_INTERRUPT``: the guest has requested to
> -   set up a notification interrupt for vector ``vector``.
> +   set up a notification interrupt for vector ``vector``.  Since this TDVMCALL
> +   is used to optimize ``TDVMCALL_GET_QUOTE``, KVM disables this support in
> +   userspace VMM if ``TDVMCALL_GET_QUOTE`` is completely handled in the kernel.
> +   KVM may add kernel support for this in the future.

Is that really necessary?

>  
>  KVM may add support for more values in the future that may cause a userspace
>  exit, even without calls to ``KVM_ENABLE_CAP`` or similar.  In this case,