More Intel TDX Code Merged For KVM In Linux 6.16
([Virtualization] 8 Hours Ago
Trust Domain Extensions)
- Reference: 0001555205
- News link: https://www.phoronix.com/news/Intel-TDX-VMCALL-Linux-6.16
- Source link:
Merged minutes ago ahead of the Linux 6.16-rc3 release due out shortly was this week's batch of Kernel-based Virtual Machine (KVM) updates. Beyond the usual KVM fixes merged for the week, a bit of feature code was pulled in by Linus Torvalds for this post-merge-window phase.
Merged back during the Linux 6.16 merge window was [1]TDX host support for KVM finally making it to the mainline kernel. This allows using the TDX module to run confidential guest VMs on modern Intel Xeon server processors after years of work getting the code to this stage.
Now merged today ahead of Linux 6.16-rc3 is a bit more work. In particular, completing the API for handling complex TDVMCALLs in user-space. Per today's [2]pull request :
"x86 TDX:
- Complete API for handling complex TDVMCALLs in userspace. This was delayed because the spec lacked a way for userspace to deny supporting these calls; the new exit code is now approved."
TDVMCALLs with Trust Domain Extensions are used to communicate between the TDX guest and the host/VMM (KVM).
KVM: TDX: Add new TDVMCALL status code for unsupported subfuncs
KVM: TDX: Handle TDG.VP.VMCALL
KVM: TDX: Exit to userspace for GetTdVmCallInfo
This latest Intel TDX work is now merged ahead of the imminent Linux 6.16-rc3 release.
[1] https://www.phoronix.com/news/Intel-TDX-Host-KVM-Linux-6.16
[2] https://lore.kernel.org/lkml/20250622073328.201148-1-pbonzini@redhat.com/
Merged back during the Linux 6.16 merge window was [1]TDX host support for KVM finally making it to the mainline kernel. This allows using the TDX module to run confidential guest VMs on modern Intel Xeon server processors after years of work getting the code to this stage.
Now merged today ahead of Linux 6.16-rc3 is a bit more work. In particular, completing the API for handling complex TDVMCALLs in user-space. Per today's [2]pull request :
"x86 TDX:
- Complete API for handling complex TDVMCALLs in userspace. This was delayed because the spec lacked a way for userspace to deny supporting these calls; the new exit code is now approved."
TDVMCALLs with Trust Domain Extensions are used to communicate between the TDX guest and the host/VMM (KVM).
KVM: TDX: Add new TDVMCALL status code for unsupported subfuncs
KVM: TDX: Handle TDG.VP.VMCALL
KVM: TDX: Exit to userspace for GetTdVmCallInfo
This latest Intel TDX work is now merged ahead of the imminent Linux 6.16-rc3 release.
[1] https://www.phoronix.com/news/Intel-TDX-Host-KVM-Linux-6.16
[2] https://lore.kernel.org/lkml/20250622073328.201148-1-pbonzini@redhat.com/
phoronix