Loading
virt: tdx-guest: Return error for GetQuote failures
Currently, the GetQuote request handler returns explicit errors for hypercall-level failures and timeouts, but it ignores some VMM failures (e.g., GET_QUOTE_SERVICE_UNAVAILABLE), for which it returns success with a zero-length Quote. This makes error handling in userspace more complex. The VMM reports failures via the status field in the shared GPA header, which is inaccessible to userspace because only the Quote payload is exposed to userspace. Parse the status field in the kernel and return an error for Quote failures. This preserves existing ABI behavior as userspace already treats a zero-length Quote as a failure. Refer to GHCI specification [1], section "TDG.VP.VMCALL <GetQuote>", Table 3-10 and Table 3-11 for details on the GPA header and GetQuote status codes. Closes: https://lore.kernel.org/linux-coco/6bdf569c-684a-4459-af7c-4430691804eb@linux.intel.com/T/#u Closes: https://github.com/confidential-containers/guest-components/issues/823 Fixes: f4738f56 ("virt: tdx-guest: Add Quote generation support using TSM_REPORTS") Reported-by:Xiaoyao Li <xiaoyao.li@intel.com> Signed-off-by:
Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> Signed-off-by:
Dave Hansen <dave.hansen@linux.intel.com> Reviewed-by:
Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Reviewed-by:
Dan Williams <dan.j.williams@intel.com> Acked-by:
Kai Huang <kai.huang@intel.com> Tested-by:
Mikko Ylinen <mikko.ylinen@linux.intel.com> Link: https://cdrdv2.intel.com/v1/dl/getContent/858626 # [1] Link: https://patch.msgid.link/20260116230315.4023504-1-sathyanarayanan.kuppuswamy@linux.intel.com