On 5/22/2026 7:16 AM, Lisa Wang wrote:
From: Sagi Shahar <[email protected]>
Add tdx_init_vm() to handle the mandatory VM-level initialization
sequence required for Intel TDX.
For TDX, the guest's CPUID configuration must be "sealed" during
KVM_TDX_INIT_VM before any vCPUs are created. This is necessary because
the TDX hardware directly virtualizes CPUID and includes the
configuration in the guest's initial security measurement.
The helper calculates the required CPUID values by filtering the host-
supported bits (kvm_get_supported_cpuid) against the "directly
configurable" bits reported by KVM_TDX_CAPABILITIES, ensuring
compliance with the strict requirements of the TDH.MNG.INIT SEAMCALL.
Co-developed-by: Isaku Yamahata <[email protected]>
Signed-off-by: Isaku Yamahata <[email protected]>
Co-developed-by: Rick Edgecombe <[email protected]>
Signed-off-by: Rick Edgecombe <[email protected]>
Signed-off-by: Sagi Shahar <[email protected]>
Reviewed-by: Ira Weiny <[email protected]>
Signed-off-by: Lisa Wang <[email protected]>
---
.../selftests/kvm/include/x86/tdx/tdx_util.h | 30 +++++
tools/testing/selftests/kvm/lib/x86/processor.c | 3 +
tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c | 137 +++++++++++++++++++++
3 files changed, 170 insertions(+)
diff --git a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h
b/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h
index f647e6ca6b34..48d4bd36c35b 100644
--- a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h
+++ b/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h
@@ -11,4 +11,34 @@ static inline bool is_tdx_vm(struct kvm_vm *vm)
return vm->type == KVM_X86_TDX_VM;
}
+/*
+ * TDX ioctls
+ * Use underscores to avoid collisions with struct member names.
+ */
+#define __tdx_vm_ioctl(vm, cmd, _flags, arg) \
+({ \
+ int r; \
+ \
+ union { \
+ struct kvm_tdx_cmd c; \
+ unsigned long raw; \
+ } tdx_cmd = { .c = { \
+ .id = (cmd), \
+ .flags = (u32)(_flags), \
+ .data = (u64)(arg), \
+ } }; \
+ \
+ r = __vm_ioctl(vm, KVM_MEMORY_ENCRYPT_OP, &tdx_cmd.raw); \
+ r ?: tdx_cmd.c.hw_error; \
+})
It looks __tdx_vm_ioctl() can be implemented as the static inline function.
Given all the existing xxx_ioctl() are implmeneted as MACRO, I'm OK with it.
+
+#define tdx_vm_ioctl(vm, cmd, flags, arg) \
+({ \
+ int ret = __tdx_vm_ioctl(vm, cmd, flags, arg); \
+ \
+ __TEST_ASSERT_VM_VCPU_IOCTL(!ret, #cmd, ret, vm); \
+})
+
+void tdx_init_vm(struct kvm_vm *vm, u64 attributes);
+
#endif /* SELFTESTS_TDX_TDX_UTIL_H */
diff --git a/tools/testing/selftests/kvm/lib/x86/processor.c
b/tools/testing/selftests/kvm/lib/x86/processor.c
index b68ad1dc7e02..8d06e7186df1 100644
--- a/tools/testing/selftests/kvm/lib/x86/processor.c
+++ b/tools/testing/selftests/kvm/lib/x86/processor.c
@@ -802,6 +802,9 @@ void kvm_arch_vm_post_create(struct kvm_vm *vm, unsigned
int nr_vcpus)
vm_sev_ioctl(vm, KVM_SEV_INIT2, &init);
}
+ if (is_tdx_vm(vm))
+ tdx_init_vm(vm, 0);
+
r = __vm_ioctl(vm, KVM_GET_TSC_KHZ, NULL);
TEST_ASSERT(r > 0, "KVM_GET_TSC_KHZ did not provide a valid TSC
frequency.");
guest_tsc_khz = r;
diff --git a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c
b/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c
new file mode 100644
index 000000000000..868ff62e22f2
--- /dev/null
+++ b/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c
@@ -0,0 +1,137 @@
+// SPDX-License-Identifier: GPL-2.0-only
+
+#include "kvm_util.h"
+#include "processor.h"
+#include "tdx/tdx_util.h"
+
+static struct kvm_tdx_capabilities *tdx_read_capabilities(struct kvm_vm *vm)
+{
+ struct kvm_tdx_capabilities *tdx_cap = NULL;
+ int nr_cpuid_configs = 4;
+ int rc = -1;
+ int i;
+
+ do {
+ nr_cpuid_configs *= 2;
+
+ tdx_cap = realloc(tdx_cap, sizeof(*tdx_cap) +
+ sizeof(tdx_cap->cpuid) +
No need to add sizeof(tdx_cap->cpuid). It's included by sizeof(*tdx_cap)
+ (sizeof(struct kvm_cpuid_entry2) *
nr_cpuid_configs));
+ TEST_ASSERT(tdx_cap,
+ "Could not allocate memory for tdx capability
nr_cpuid_configs %d\n",
+ nr_cpuid_configs);
+
+ tdx_cap->cpuid.nent = nr_cpuid_configs;
+ rc = __tdx_vm_ioctl(vm, KVM_TDX_CAPABILITIES, 0, tdx_cap);
+ } while (rc < 0 && errno == E2BIG);
+
+ TEST_ASSERT(rc == 0, "KVM_TDX_CAPABILITIES failed: %d %d",
+ rc, errno);
+
+ pr_debug("tdx_cap: supported_attrs: 0x%016llx\n"
+ "tdx_cap: supported_xfam 0x%016llx\n",
+ tdx_cap->supported_attrs, tdx_cap->supported_xfam);
+
+ for (i = 0; i < tdx_cap->cpuid.nent; i++) {
+ const struct kvm_cpuid_entry2 *config =
&tdx_cap->cpuid.entries[i];
+
+ pr_debug("cpuid config[%d]: leaf 0x%x sub_leaf 0x%x eax 0x%08x ebx
0x%08x ecx 0x%08x edx 0x%08x\n",
+ i, config->function, config->index,
+ config->eax, config->ebx, config->ecx, config->edx);
+ }
The debug info will be printed everytime the function is called, which
is unnecessary.
Ideally, the kvm_tdx_capabilities can be cached like what is done for
kvm_supported_cpuid.
+ return tdx_cap;
+}
+
+static struct kvm_cpuid_entry2 *tdx_find_cpuid_config(struct
kvm_tdx_capabilities *cap,
+ u32 leaf, u32 sub_leaf)
+{
+ struct kvm_cpuid_entry2 *config;
+ u32 i;
+
+ for (i = 0; i < cap->cpuid.nent; i++) {
+ config = &cap->cpuid.entries[i];
+
+ if (config->function == leaf && config->index == sub_leaf)
+ return config;
+ }
+
+ return NULL;
+}
No need to introduce a new fucntin. We can use get_cpuid_entry().
