hypervisor: Implement retrieval of TDX capabilities

Extend the Hypervisor API in order to retrieve the TDX capabilities from the underlying hypervisor. Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2024-10-02 11:35:46 +00:00 · 2022-03-30 12:06:52 +02:00 · 2022-03-30 12:06:52 +02:00 · b0077f0b5e
commit b0077f0b5e
parent f310dc0916
3 changed files with 63 additions and 1 deletions
--- a/hypervisor/src/hypervisor.rs
+++ b/hypervisor/src/hypervisor.rs
@ -12,6 +12,8 @@ use crate::vm::Vm;
 use crate::x86_64::CpuId;
 #[cfg(target_arch = "x86_64")]
 use crate::x86_64::MsrList;
+#[cfg(feature = "tdx")]
+use crate::TdxCapabilities;
 use std::sync::Arc;
 use thiserror::Error;

@ -59,6 +61,11 @@ pub enum HypervisorError {
    ///
    #[error("Checking extensions:{0}")]
    CheckExtensions(#[source] anyhow::Error),
+    ///
+    /// Failed to retrieve TDX capabilities
+    ///
+    #[error("Failed to retrieve TDX capabilities:{0}")]
+    TdxCapabilities(#[source] anyhow::Error),
 }

 ///
@ -105,4 +112,9 @@ pub trait Hypervisor: Send + Sync {
    /// Retrieve AArch64 host maximum IPA size supported by KVM.
    ///
    fn get_host_ipa_limit(&self) -> i32;
+    ///
+    /// Retrieve TDX capabilities
+    ///
+    #[cfg(feature = "tdx")]
+    fn tdx_capabilities(&self) -> Result<TdxCapabilities>;
 }
--- a/hypervisor/src/kvm/mod.rs
+++ b/hypervisor/src/kvm/mod.rs
@ -107,7 +107,6 @@ ioctl_iowr_nr!(KVM_MEMORY_ENCRYPT_OP, KVMIO, 0xba, std::os::raw::c_ulong);
 #[cfg(feature = "tdx")]
 #[repr(u32)]
 enum TdxCommand {
-    #[allow(dead_code)]
    Capabilities = 0,
    InitVm,
    InitVcpu,
@ -127,6 +126,34 @@ pub enum TdxExitStatus {
    InvalidOperand,
 }

+#[cfg(feature = "tdx")]
+const TDX_MAX_NR_CPUID_CONFIGS: usize = 6;
+
+#[cfg(feature = "tdx")]
+#[repr(C)]
+#[derive(Debug, Default)]
+pub struct TdxCpuidConfig {
+    pub leaf: u32,
+    pub sub_leaf: u32,
+    pub eax: u32,
+    pub ebx: u32,
+    pub ecx: u32,
+    pub edx: u32,
+}
+
+#[cfg(feature = "tdx")]
+#[repr(C)]
+#[derive(Debug, Default)]
+pub struct TdxCapabilities {
+    pub attrs_fixed0: u64,
+    pub attrs_fixed1: u64,
+    pub xfam_fixed0: u64,
+    pub xfam_fixed1: u64,
+    pub nr_cpuid_configs: u32,
+    pub padding: u32,
+    pub cpuid_configs: [TdxCpuidConfig; TDX_MAX_NR_CPUID_CONFIGS],
+}
+
 #[derive(Clone, Copy, Debug, PartialEq, Deserialize, Serialize)]
 pub struct KvmVmState {}

@ -762,6 +789,27 @@ impl hypervisor::Hypervisor for KvmHypervisor {
    fn get_host_ipa_limit(&self) -> i32 {
        self.kvm.get_host_ipa_limit()
    }
+
+    ///
+    /// Retrieve TDX capabilities
+    ///
+    #[cfg(feature = "tdx")]
+    fn tdx_capabilities(&self) -> hypervisor::Result<TdxCapabilities> {
+        let data = TdxCapabilities {
+            nr_cpuid_configs: TDX_MAX_NR_CPUID_CONFIGS as u32,
+            ..Default::default()
+        };
+
+        tdx_command(
+            &self.kvm.as_raw_fd(),
+            TdxCommand::Capabilities,
+            0,
+            &data as *const _ as u64,
+        )
+        .map_err(|e| hypervisor::HypervisorError::TdxCapabilities(e.into()))?;
+
+        Ok(data)
+    }
 }
 /// Vcpu struct for KVM
 pub struct KvmVcpu {
--- a/hypervisor/src/lib.rs
+++ b/hypervisor/src/lib.rs
@ -51,6 +51,8 @@ mod device;
 pub use crate::hypervisor::{Hypervisor, HypervisorError};
 pub use cpu::{HypervisorCpuError, Vcpu, VmExit};
 pub use device::{Device, HypervisorDeviceError};
+#[cfg(feature = "tdx")]
+pub use kvm::TdxCapabilities;
 #[cfg(feature = "kvm")]
 pub use kvm::*;
 #[cfg(all(feature = "mshv", target_arch = "x86_64"))]