sys/linux: add Intel TDX descriptions

Initial support for Intel TDX as per
https://docs.kernel.org/virt/kvm/x86/intel-tdx.html

Author: ramosian-glider

sys/linux/dev_kvm_amd64.txt

@@ -312,6 +312,26 @@ ioctl$KVM_SEV_SNP_LAUNCH_START(fd fd_kvmvm, cmd const[KVM_MEMORY_ENCRYPT_OP], ar
 ioctl$KVM_SEV_SNP_LAUNCH_UPDATE(fd fd_kvmvm, cmd const[KVM_MEMORY_ENCRYPT_OP], arg ptr[inout, kvm_memory_encrypt_op[KVM_SEV_SNP_LAUNCH_UPDATE, ptr[in, kvm_sev_snp_launch_update]]])
 ioctl$KVM_SEV_SNP_LAUNCH_FINISH(fd fd_kvmvm, cmd const[KVM_MEMORY_ENCRYPT_OP], arg ptr[inout, kvm_memory_encrypt_op[KVM_SEV_SNP_LAUNCH_FINISH, ptr[in, kvm_sev_snp_launch_finish]]])
 
+# TDX-related (based on Documentation/virt/kvm/x86/intel-tdx.rst)
+define KVM_TDX_MEASURE_MEMORY_REGION	(1 << 0)
+kvm_tdx_init_mem_region_flags = KVM_TDX_MEASURE_MEMORY_REGION
+
+kvm_tdx_empty_flags = 0
+
+type kvm_tdx_cmd[ID, FLAGS, DATA] {
+	id		const[ID, int32]
+	flags		flags[FLAGS, int32]
+	data		DATA
+	hw_error	int64	(out)
+}
+
+ioctl$KVM_TDX_CAPABILITIES(fd fd_kvmvm, cmd const[KVM_MEMORY_ENCRYPT_OP], arg ptr[inout, kvm_tdx_cmd[KVM_TDX_CAPABILITIES, kvm_tdx_empty_flags, ptr[out, kvm_tdx_capabilities]]])
+ioctl$KVM_TDX_INIT_VM(fd fd_kvmvm, cmd const[KVM_MEMORY_ENCRYPT_OP], arg ptr[inout, kvm_tdx_cmd[KVM_TDX_INIT_VM, kvm_tdx_empty_flags, ptr[in, kvm_tdx_init_vm]]])
+ioctl$KVM_TDX_INIT_VCPU(fd fd_kvmcpu, cmd const[KVM_MEMORY_ENCRYPT_OP], arg ptr[inout, kvm_tdx_cmd[KVM_TDX_INIT_VCPU, kvm_tdx_empty_flags, int64]])
+ioctl$KVM_TDX_INIT_MEM_REGION(fd fd_kvmvm, cmd const[KVM_MEMORY_ENCRYPT_OP], arg ptr[inout, kvm_tdx_cmd[KVM_TDX_INIT_MEM_REGION, kvm_tdx_init_mem_region_flags, ptr[in, kvm_tdx_init_mem_region]]])
+ioctl$KVM_TDX_FINALIZE_VM(fd fd_kvmvm, cmd const[KVM_MEMORY_ENCRYPT_OP], arg ptr[inout, kvm_tdx_cmd[KVM_TDX_FINALIZE_VM, kvm_tdx_empty_flags, const[0, intptr]]])
+ioctl$KVM_TDX_GET_CPUID(fd fd_kvmcpu, cmd const[KVM_MEMORY_ENCRYPT_OP], arg ptr[inout, kvm_tdx_cmd[KVM_TDX_GET_CPUID, kvm_tdx_empty_flags, ptr[inout, kvm_cpuid2]]])
+
 # Apparently KVM_MEMORY_ENCRYPT_REG_REGION and KVM_MEMORY_ENCRYPT_UNREG_REGION are VM ioctls, despite
 # https://docs.kernel.org/virt/kvm/api.html#kvm-memory-encrypt-reg-region says they are system.
 ioctl$KVM_MEMORY_ENCRYPT_REG_REGION(fd fd_kvmvm, cmd const[KVM_MEMORY_ENCRYPT_REG_REGION], arg ptr[in, kvm_enc_region])
@@ -471,6 +491,33 @@ kvm_sev_snp_launch_finish {
 	pad1		array[const[0, int64], 4]
 }
 
+kvm_tdx_capabilities {
+	supported_attrs			int64
+	supported_xfam			int64
+	kernel_tdvmcallinfo_1_r11	int64
+	user_tdvmcallinfo_1_r11		int64
+	kernel_tdvmcallinfo_1_r12	int64
+	user_tdvmcallinfo_1_r12		int64
+	reserved			array[const[0, int64], 250]
+	cpuid				kvm_cpuid2
+}
+
+kvm_tdx_init_vm {
+	attributes	int64
+	xfam		int64
+	mrconfigid	array[int64, 6]
+	mrowner		array[int64, 6]
+	mrownerconfig	array[int64, 6]
+	reserved	array[const[0, int64], 12]
+	cpuid		kvm_cpuid2
+}
+
+kvm_tdx_init_mem_region {
+	source_addr	vma64
+	gpa		flags[kvm_guest_addrs, int64]
+	nr_pages	int64
+}
+
 kvm_enc_region {
 	addr	flags[kvm_guest_addrs, int64]
 	size	flags[kvm_guest_addr_size, int64]

sys/linux/dev_kvm_amd64.txt.const

@@ -164,6 +164,13 @@ KVM_STATE_NESTED_SMM_VMXON = 2
 KVM_STATE_NESTED_SVM_VMCB_SIZE = 4096
 KVM_STATE_NESTED_VMX_VMCS_SIZE = 4096
 KVM_STATE_VMX_PREEMPTION_TIMER_DEADLINE = 1
+KVM_TDX_CAPABILITIES = 0
+KVM_TDX_FINALIZE_VM = 4
+KVM_TDX_GET_CPUID = 5
+KVM_TDX_INIT_MEM_REGION = 3
+KVM_TDX_INIT_VCPU = 2
+KVM_TDX_INIT_VM = 1
+KVM_TDX_MEASURE_MEMORY_REGION = 1
 KVM_TPR_ACCESS_REPORTING = 3223891602
 KVM_TRANSLATE = 3222843013
 KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK = 2