Re: [RFC PATCH 13/15] KVM: TDX: Support event-notify interrupts only with userspace quoting

[Peter Fang]

On Thu, Jun 11, 2026 at 10:36:52PM +0300, Adrian Hunter wrote:
> On 22/05/2026 06:41, Xu Yilun wrote:
> > From: Peter Fang <peter.fang@xxxxxxxxx>
> > 
> > Tie userspace SetupEventNotifyInterrupt support to userspace Quote
> > generation. Delivering event-notify interrupts via userspace breaks if
> > KVM never exits to userspace in the first place.
> 
> Breaks how exactly?
> 
> Seems like a TDX guest has no way to know whether the VMM will use
> the Event Notify Interrupt anyway, so it cannot rely upon it, so
> it should already handle the case when the interrupt does not fire.

Hm that's an interesting point. But isn't the whole point of
SetupEventNotifyInterrupt to set up a contract with the host VMM? The
GHCI spec is quite loose about this.

If we say "the host VMM is not required to honor this contract", then
maybe this doesn't truly break anything. But then this stance kind of
makes this whole feature moot, or at least not very useful?

Not adding this patch feels like making this problem worse, right?
Because now we will have platforms that won't ever fire these
interrupts, and the host still tells the guest SetupEventNotifyInterrupt
is supported.

> 
> > 
> > No known guest currently requires event-notify interrupt support, so
> > defer adding in-kernel support for now. Linux TDX guests use polling
> > only.
> 
> If no guest is using it, then why does it need special treatment?

Just to maintain status quo basically. Seems like previously there was
some interest in adding this support to the guest at some point. This
patch simply turns off this feature when quoting is not done in
userspace. But platforms that do quoting in userspace (e.g. don't
support DICE extension) can observe the same behavior as today, if/when
such a guest comes into existence.

> 
> > 
> > @@ -7335,6 +7335,9 @@ inputs and outputs of the TDVMCALL.  Currently the following values of
> >     queued successfully, the TDX guest can poll the status field in the
> >     shared-memory area to check whether the Quote generation is completed or
> >     not. When completed, the generated Quote is returned via the same buffer.
> > +   If the host kernel generates Quotes through the TDX Quoting service provided
> > +   by the TDX module, KVM processes the GetQuote request and it will not appear
> > +   in userspace.
> 
> There is an Attestation section in Documentation/virt/kvm/x86/intel-tdx.rst
> that could be updated too.

Can you please point me to it? I couldn't find that section in that
file.

> 
> > +                  KVM only supports version 1 of the GetQuote request.
> 
> Is that relevant here?

Documenting this came up during some internal discussions. But yeah it
looks a bit out of place. I can remove it.

> 
> >  
> >   * ``TDVMCALL_GET_TD_VM_CALL_INFO``: the guest has requested the support
> >     status of TDVMCALLs.  The output values for the given leaf should be
> > @@ -7342,7 +7345,10 @@ inputs and outputs of the TDVMCALL.  Currently the following values of
> >     field of the union.
> >  
> >   * ``TDVMCALL_SETUP_EVENT_NOTIFY_INTERRUPT``: the guest has requested to
> > -   set up a notification interrupt for vector ``vector``.
> > +   set up a notification interrupt for vector ``vector``.  Since this TDVMCALL
> > +   is used to optimize ``TDVMCALL_GET_QUOTE``, KVM disables this support in
> > +   userspace VMM if ``TDVMCALL_GET_QUOTE`` is completely handled in the kernel.
> > +   KVM may add kernel support for this in the future.
> 
> Is that really necessary?

I think this is related to the discussion above about how hard host VMM
should try to honor the SetupEventNotifyInterrupt contract.

>