@@ -7,6 +7,7 @@ meta arches["386", "amd64"]
77
88include <linux/kvm.h>
99include <linux/kvm_host.h>
10+ include <asm/kvm.h>
1011include <asm/mce.h>
1112
1213# kvm_syz_vm is a VM handler used by syzos-related pseudo-syscalls. It is actually an opaque pointer under the hood.
@@ -312,6 +313,25 @@ ioctl$KVM_SEV_SNP_LAUNCH_START(fd fd_kvmvm, cmd const[KVM_MEMORY_ENCRYPT_OP], ar
312313ioctl$KVM_SEV_SNP_LAUNCH_UPDATE(fd fd_kvmvm, cmd const[KVM_MEMORY_ENCRYPT_OP], arg ptr[inout, kvm_memory_encrypt_op[KVM_SEV_SNP_LAUNCH_UPDATE, ptr[in, kvm_sev_snp_launch_update]]])
313314ioctl$KVM_SEV_SNP_LAUNCH_FINISH(fd fd_kvmvm, cmd const[KVM_MEMORY_ENCRYPT_OP], arg ptr[inout, kvm_memory_encrypt_op[KVM_SEV_SNP_LAUNCH_FINISH, ptr[in, kvm_sev_snp_launch_finish]]])
314315
316+ # TDX-related (based on Documentation/virt/kvm/x86/intel-tdx.rst).
317+ kvm_tdx_init_mem_region_flags = KVM_TDX_MEASURE_MEMORY_REGION
318+
319+ kvm_tdx_empty_flags = 0
320+
321+ type kvm_tdx_cmd[ID, FLAGS, DATA] {
322+ id const[ID, int32]
323+ flags flags[FLAGS, int32]
324+ data DATA
325+ hw_error int64 (out)
326+ }
327+
328+ ioctl$KVM_TDX_CAPABILITIES(fd fd_kvmvm, cmd const[KVM_MEMORY_ENCRYPT_OP], arg ptr[inout, kvm_tdx_cmd[KVM_TDX_CAPABILITIES, kvm_tdx_empty_flags, ptr[out, kvm_tdx_capabilities]]])
329+ ioctl$KVM_TDX_INIT_VM(fd fd_kvmvm, cmd const[KVM_MEMORY_ENCRYPT_OP], arg ptr[inout, kvm_tdx_cmd[KVM_TDX_INIT_VM, kvm_tdx_empty_flags, ptr[in, kvm_tdx_init_vm]]])
330+ ioctl$KVM_TDX_INIT_VCPU(fd fd_kvmcpu, cmd const[KVM_MEMORY_ENCRYPT_OP], arg ptr[inout, kvm_tdx_cmd[KVM_TDX_INIT_VCPU, kvm_tdx_empty_flags, int64]])
331+ ioctl$KVM_TDX_INIT_MEM_REGION(fd fd_kvmvm, cmd const[KVM_MEMORY_ENCRYPT_OP], arg ptr[inout, kvm_tdx_cmd[KVM_TDX_INIT_MEM_REGION, kvm_tdx_init_mem_region_flags, ptr[in, kvm_tdx_init_mem_region]]])
332+ ioctl$KVM_TDX_FINALIZE_VM(fd fd_kvmvm, cmd const[KVM_MEMORY_ENCRYPT_OP], arg ptr[inout, kvm_tdx_cmd[KVM_TDX_FINALIZE_VM, kvm_tdx_empty_flags, const[0, intptr]]])
333+ ioctl$KVM_TDX_GET_CPUID(fd fd_kvmcpu, cmd const[KVM_MEMORY_ENCRYPT_OP], arg ptr[inout, kvm_tdx_cmd[KVM_TDX_GET_CPUID, kvm_tdx_empty_flags, ptr[inout, kvm_cpuid2]]])
334+
315335# Apparently KVM_MEMORY_ENCRYPT_REG_REGION and KVM_MEMORY_ENCRYPT_UNREG_REGION are VM ioctls, despite
316336# https://docs.kernel.org/virt/kvm/api.html#kvm-memory-encrypt-reg-region says they are system.
317337ioctl$KVM_MEMORY_ENCRYPT_REG_REGION(fd fd_kvmvm, cmd const[KVM_MEMORY_ENCRYPT_REG_REGION], arg ptr[in, kvm_enc_region])
@@ -471,6 +491,36 @@ kvm_sev_snp_launch_finish {
471491 pad1 array[const[0, int64], 4]
472492}
473493
494+ kvm_tdx_capabilities {
495+ supported_attrs int64
496+ supported_xfam int64
497+ kernel_tdvmcallinfo_1_r11 int64
498+ user_tdvmcallinfo_1_r11 int64
499+ kernel_tdvmcallinfo_1_r12 int64
500+ user_tdvmcallinfo_1_r12 int64
501+ reserved array[const[0, int64], 250]
502+ cpuid kvm_cpuid2
503+ }
504+
505+ # From arch/x86/include/asm/shared/tdx.h.
506+ tdx_attrs = 0, TDX_ATTR_DEBUG, TDX_ATTR_HGS_PLUS_PROF, TDX_ATTR_PERF_PROF, TDX_ATTR_PMT_PROF, TDX_ATTR_ICSSD, TDX_ATTR_LASS, TDX_ATTR_SEPT_VE_DISABLE, TDX_ATTR_MIGRTABLE, TDX_ATTR_PKS, TDX_ATTR_KL, TDX_ATTR_TPA, TDX_ATTR_PERFMON
507+
508+ kvm_tdx_init_vm {
509+ attributes flags[tdx_attrs, int64]
510+ xfam int64
511+ mrconfigid array[int64, 6]
512+ mrowner array[int64, 6]
513+ mrownerconfig array[int64, 6]
514+ reserved array[const[0, int64], 12]
515+ cpuid kvm_cpuid2
516+ }
517+
518+ kvm_tdx_init_mem_region {
519+ source_addr vma64
520+ gpa flags[kvm_guest_addrs, int64]
521+ nr_pages int64
522+ }
523+
474524kvm_enc_region {
475525 addr flags[kvm_guest_addrs, int64]
476526 size flags[kvm_guest_addr_size, int64]
0 commit comments