Commit 0b75889b authored by Isaku Yamahata's avatar Isaku Yamahata Committed by Paolo Bonzini
Browse files

KVM: TDX: Add a method to ignore hypercall patching 



Because guest TD memory is protected, VMM patching guest binary for
hypercall instruction isn't possible.  Add a method to ignore hypercall
patching.  Note: guest TD kernel needs to be modified to use
TDG.VP.VMCALL for hypercall.

Signed-off-by: default avatarIsaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: default avatarBinbin Wu <binbin.wu@linux.intel.com>
Message-ID: <20250227012021.1778144-18-binbin.wu@linux.intel.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 79264ff0

arch/x86/kvm/vmx/main.c

+14 −1
Original line number Diff line number Diff line
@@ -673,6 +673,19 @@ static u32 vt_get_interrupt_shadow(struct kvm_vcpu *vcpu) 
	return vmx_get_interrupt_shadow(vcpu);

}



static void vt_patch_hypercall(struct kvm_vcpu *vcpu,

				  unsigned char *hypercall)

{

	/*

	 * Because guest memory is protected, guest can't be patched. TD kernel

	 * is modified to use TDG.VP.VMCALL for hypercall.

	 */

	if (is_td_vcpu(vcpu))

		return;



	vmx_patch_hypercall(vcpu, hypercall);

}



static void vt_inject_irq(struct kvm_vcpu *vcpu, bool reinjected)

{

	if (is_td_vcpu(vcpu))
@@ -952,7 +965,7 @@ struct kvm_x86_ops vt_x86_ops __initdata = { 
	.update_emulated_instruction = vmx_update_emulated_instruction,

	.set_interrupt_shadow = vt_set_interrupt_shadow,

	.get_interrupt_shadow = vt_get_interrupt_shadow,

	.patch_hypercall = vmx_patch_hypercall,

	.patch_hypercall = vt_patch_hypercall,

	.inject_irq = vt_inject_irq,

	.inject_nmi = vt_inject_nmi,

	.inject_exception = vt_inject_exception,