KVM: TDX: Allow userspace to return errors to guest for MAPGPA

MAPGPA request from TDX VMs gets split into chunks by KVM using a loop
of userspace exits until the complete range is handled.

In some cases userspace VMM might decide to break the MAPGPA operation
and continue it later. For example: in the case of intrahost migration
userspace might decide to continue the MAPGPA operation after the
migration is completed.

Allow userspace to signal to TDX guests that the MAPGPA operation should
be retried the next time the guest is scheduled.

This is potentially a breaking change since if userspace sets
hypercall.ret to a value other than EBUSY or EINVAL an EINVAL error code
will be returned to userspace. As of now QEMU never sets hypercall.ret
to a non-zero value after handling KVM_EXIT_HYPERCALL so this change
should be safe.

Reviewed-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Vishal Annapurve <vannapurve@google.com>
Co-developed-by: Sagi Shahar <sagis@google.com>
Signed-off-by: Sagi Shahar <sagis@google.com>
Link: https://patch.msgid.link/20260305222627.4193305-2-sagis@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
index 52bbbb553ce107bea5f34b65ee64a34319467686..1a5a82ab0d66184099f49dd84710df643af18661 100644 (file)
--- a/Documentation/virt/kvm/api.rst
+++ b/Documentation/virt/kvm/api.rst
@@ -8818,6 +8818,9 @@ block sizes is exposed in KVM_CAP_ARM_SUPPORTED_BLOCK_SIZES as a
 
 This capability, if enabled, will cause KVM to exit to userspace
 with KVM_EXIT_HYPERCALL exit reason to process some hypercalls.
+Userspace may fail the hypercall by setting hypercall.ret to EINVAL
+or may request the hypercall to be retried the next time the guest run
+by setting hypercall.ret to EAGAIN.
 
 Calling KVM_CHECK_EXTENSION for this capability will return a bitmask
 of hypercalls that can be configured to exit to userspace.

diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index 5fb3f606501ba2138b0c2bded78e9833397fee82..738fd5ea92575013b24148bd7cfea8537be6eb7d 100644 (file)
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -1188,12 +1188,22 @@ static void __tdx_map_gpa(struct vcpu_tdx *tdx);
 
 static int tdx_complete_vmcall_map_gpa(struct kvm_vcpu *vcpu)
 {
+       u64 hypercall_ret = READ_ONCE(vcpu->run->hypercall.ret);
        struct vcpu_tdx *tdx = to_tdx(vcpu);
+       long rc;
 
-       if (vcpu->run->hypercall.ret) {
-               tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_INVALID_OPERAND);
-               tdx->vp_enter_args.r11 = tdx->map_gpa_next;
-               return 1;
+       switch (hypercall_ret) {
+       case 0:
+               break;
+       case EAGAIN:
+               rc = TDVMCALL_STATUS_RETRY;
+               goto propagate_error;
+       case EINVAL:
+               rc = TDVMCALL_STATUS_INVALID_OPERAND;
+               goto propagate_error;
+       default:
+               WARN_ON_ONCE(kvm_is_valid_map_gpa_range_ret(hypercall_ret));
+               return -EINVAL;
        }
 
        tdx->map_gpa_next += TDX_MAP_GPA_MAX_LEN;
@@ -1206,13 +1216,17 @@ static int tdx_complete_vmcall_map_gpa(struct kvm_vcpu *vcpu)
         * TDVMCALL_MAP_GPA, see comments in tdx_protected_apic_has_interrupt().
         */
        if (kvm_vcpu_has_events(vcpu)) {
-               tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_RETRY);
-               tdx->vp_enter_args.r11 = tdx->map_gpa_next;
-               return 1;
+               rc = TDVMCALL_STATUS_RETRY;
+               goto propagate_error;
        }
 
        __tdx_map_gpa(tdx);
        return 0;
+
+propagate_error:
+       tdvmcall_set_return_code(vcpu, rc);
+       tdx->vp_enter_args.r11 = tdx->map_gpa_next;
+       return 1;
 }
 
 static void __tdx_map_gpa(struct vcpu_tdx *tdx)

diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index 38a905fa86de29550608b2b0d0a8577c5558466e..aa7d5b757fb548cc8617e7cfd507da477d7bdd41 100644 (file)
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -754,6 +754,12 @@ static inline void kvm_prepare_emulated_mmio_exit(struct kvm_vcpu *vcpu,
                                         frag->data, vcpu->mmio_is_write);
 }
 
+static inline bool kvm_is_valid_map_gpa_range_ret(u64 hypercall_ret)
+{
+       return !hypercall_ret || hypercall_ret == EINVAL ||
+              hypercall_ret == EAGAIN;
+}
+
 static inline bool user_exit_on_hypercall(struct kvm *kvm, unsigned long hc_nr)
 {
        return kvm->arch.hypercall_exit_enabled & BIT(hc_nr);