Re: [PATCH v19 105/130] KVM: TDX: handle KVM hypercall with TDG.VP.VMCALL

From: Binbin Wu
Date: Sun May 26 2024 - 20:57:44 EST




On 4/17/2024 3:02 PM, Isaku Yamahata wrote:
On Wed, Apr 17, 2024 at 02:16:57PM +0800,
Binbin Wu <binbin.wu@xxxxxxxxxxxxxxx> wrote:


On 4/4/2024 9:27 AM, Isaku Yamahata wrote:
On Tue, Apr 02, 2024 at 04:52:46PM +0800,
Chao Gao <chao.gao@xxxxxxxxx> wrote:

+static int tdx_emulate_vmcall(struct kvm_vcpu *vcpu)
+{
+ unsigned long nr, a0, a1, a2, a3, ret;
+
do you need to emulate xen/hyper-v hypercalls here?
No. kvm_emulate_hypercall() handles xen/hyper-v hypercalls,
__kvm_emulate_hypercall() doesn't.
So for TDX, kvm doesn't support xen/hyper-v, right?

Then, should KVM_CAP_XEN_HVM and KVM_CAP_HYPERV be filtered out for TDX?
That's right. We should update kvm_vm_ioctl_check_extension() and
kvm_vcpu_ioctl_enable_cap(). I didn't pay attention to them.
Currently, QEMU checks the capabilities for Hyper-v/Xen via kvm_check_extension(), which is the global version.
Only modifications in KVM can't hide these capabilities. It needs userspace to use VM or vCPU version to check the capabilities for Hyper-v and Xen.
Is it a change of ABI when the old global version is still workable, but userspace switches to use VM/vCPU version to check capabilities for Hyper-v and Xen?
Are there objections if both QEMU and KVM are modified in order to hide Hyper-v/Xen capabilities for TDX?