On Tue, Oct 28, 2025, Sagi Shahar wrote:
From: Ackerley Tng ackerleytng@google.com
ucalls for non-Coco VMs work by having the guest write to the rdi register, then perform an io instruction to exit to the host. The host then reads rdi using kvm_get_regs().
CPU registers can't be read using kvm_get_regs() for TDX, so TDX guests use MMIO to pass the struct ucall's hva to the host. MMIO was chosen because it is one of the simplest (hence unlikely to fail) mechanisms that support passing 8 bytes from guest to host.
Uh, I beg to differ. Stop following the GHCI verbatim. The protocols defined by the GHCB and GHCI specs are horrific, but necessary, evils. They exist to define guest<=>host ABIs+contracts so that guests can communicate with hypervisors, without massive fragmentation in the ecosystem. But as mentioned in an ealier mail, KVM selftests don't care so much about ABIs and contracts because we control both the guest and the host.
The GHCI matters only for the guest<=>KVM contract, it matters not at all for guest<=>VMM communication for KVM selfetsts.
Simply set RCX (the mask of GPRs to preserve) to the maximal value for _all_ TDG.VP.VMCALL invocations. There's zero reason for KVM selftests guests to hide state from the host. Then TDX guests can do port I/O and pass the address of the ucall structure in RDX, just as regular guests do. I.e. there's zero need to change ucall_arch_get_ucall(), at all. We'll want to modify ucall_arch_do_ucall() so that we don't need to wire up a #VE handler for every test, but that's easy enough to do.
Side topic, that's also one of the easiest TDX selftests that can be written: verify the TDX-Module and KVM honor the spec and preserve registers according to RCX, e.g. that KVM doesn't clobber registers just because they're not defined to some magic purpose in the GHCI.
SEV-ES+ will need to come up with a slightly different approach because there's no way to automagically expose RDI to the host, but that's an SEV-ES+ problem.