hypervisor: Implement retrieval of TDX capabilities

Extend the Hypervisor API in order to retrieve the TDX capabilities from
the underlying hypervisor.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>

hypervisor/src/hypervisor.rs

@@ -12,6 +12,8 @@ use crate::vm::Vm;
 use crate::x86_64::CpuId;
 #[cfg(target_arch = "x86_64")]
 use crate::x86_64::MsrList;
+#[cfg(feature = "tdx")]
+use crate::TdxCapabilities;
 use std::sync::Arc;
 use thiserror::Error;
 
@@ -59,6 +61,11 @@ pub enum HypervisorError {
     ///
     #[error("Checking extensions:{0}")]
     CheckExtensions(#[source] anyhow::Error),
+    ///
+    /// Failed to retrieve TDX capabilities
+    ///
+    #[error("Failed to retrieve TDX capabilities:{0}")]
+    TdxCapabilities(#[source] anyhow::Error),
 }
 
 ///
@@ -105,4 +112,9 @@ pub trait Hypervisor: Send + Sync {
     /// Retrieve AArch64 host maximum IPA size supported by KVM.
     ///
     fn get_host_ipa_limit(&self) -> i32;
+    ///
+    /// Retrieve TDX capabilities
+    ///
+    #[cfg(feature = "tdx")]
+    fn tdx_capabilities(&self) -> Result<TdxCapabilities>;
 }

hypervisor/src/kvm/mod.rs

@@ -107,7 +107,6 @@ ioctl_iowr_nr!(KVM_MEMORY_ENCRYPT_OP, KVMIO, 0xba, std::os::raw::c_ulong);
 #[cfg(feature = "tdx")]
 #[repr(u32)]
 enum TdxCommand {
-    #[allow(dead_code)]
     Capabilities = 0,
     InitVm,
     InitVcpu,
@@ -127,6 +126,34 @@ pub enum TdxExitStatus {
     InvalidOperand,
 }
 
+#[cfg(feature = "tdx")]
+const TDX_MAX_NR_CPUID_CONFIGS: usize = 6;
+
+#[cfg(feature = "tdx")]
+#[repr(C)]
+#[derive(Debug, Default)]
+pub struct TdxCpuidConfig {
+    pub leaf: u32,
+    pub sub_leaf: u32,
+    pub eax: u32,
+    pub ebx: u32,
+    pub ecx: u32,
+    pub edx: u32,
+}
+
+#[cfg(feature = "tdx")]
+#[repr(C)]
+#[derive(Debug, Default)]
+pub struct TdxCapabilities {
+    pub attrs_fixed0: u64,
+    pub attrs_fixed1: u64,
+    pub xfam_fixed0: u64,
+    pub xfam_fixed1: u64,
+    pub nr_cpuid_configs: u32,
+    pub padding: u32,
+    pub cpuid_configs: [TdxCpuidConfig; TDX_MAX_NR_CPUID_CONFIGS],
+}
+
 #[derive(Clone, Copy, Debug, PartialEq, Deserialize, Serialize)]
 pub struct KvmVmState {}
 
@@ -762,6 +789,27 @@ impl hypervisor::Hypervisor for KvmHypervisor {
     fn get_host_ipa_limit(&self) -> i32 {
         self.kvm.get_host_ipa_limit()
     }
+
+    ///
+    /// Retrieve TDX capabilities
+    ///
+    #[cfg(feature = "tdx")]
+    fn tdx_capabilities(&self) -> hypervisor::Result<TdxCapabilities> {
+        let data = TdxCapabilities {
+            nr_cpuid_configs: TDX_MAX_NR_CPUID_CONFIGS as u32,
+            ..Default::default()
+        };
+
+        tdx_command(
+            &self.kvm.as_raw_fd(),
+            TdxCommand::Capabilities,
+            0,
+            &data as *const _ as u64,
+        )
+        .map_err(|e| hypervisor::HypervisorError::TdxCapabilities(e.into()))?;
+
+        Ok(data)
+    }
 }
 /// Vcpu struct for KVM
 pub struct KvmVcpu {

hypervisor/src/lib.rs

@@ -51,6 +51,8 @@ mod device;
 pub use crate::hypervisor::{Hypervisor, HypervisorError};
 pub use cpu::{HypervisorCpuError, Vcpu, VmExit};
 pub use device::{Device, HypervisorDeviceError};
+#[cfg(feature = "tdx")]
+pub use kvm::TdxCapabilities;
 #[cfg(feature = "kvm")]
 pub use kvm::*;
 #[cfg(all(feature = "mshv", target_arch = "x86_64"))]