[PATCH v2 2/2] KVM: TDX: WARN if a SEAMCALL VM-Exit makes its way out to KVM

From: Sean Christopherson
Date: Thu Oct 16 2025 - 14:22:49 EST

Next message: Matthew Wilcox: "Re: [PATCH RFC 1/2] pgtable: add pte_clrhuge() implementation for arm64 and riscv"
Previous message: Sean Christopherson: "[PATCH v2 1/2] KVM: VMX: Inject #UD if guest tries to execute SEAMCALL or TDCALL"
In reply to: Huang, Kai: "Re: [PATCH v2 1/2] KVM: VMX: Inject #UD if guest tries to execute SEAMCALL or TDCALL"
Next in thread: Xiaoyao Li: "Re: [PATCH v2 2/2] KVM: TDX: WARN if a SEAMCALL VM-Exit makes its way out to KVM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

WARN if KVM observes a SEAMCALL VM-Exit while running a TD guest, as the
TDX-Module is supposed to inject a #UD, per the "Unconditionally Blocked
Instructions" section of the TDX-Module base specification.

Reported-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
---
arch/x86/kvm/vmx/tdx.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index 097304bf1e1d..ffcfe95f224f 100644
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -2148,6 +2148,9 @@ int tdx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t fastpath)
* - If it's not an MSMI, no need to do anything here.
*/
return 1;
+ case EXIT_REASON_SEAMCALL:
+ WARN_ON_ONCE(1);
+ break;
default:
break;
}
--
2.51.0.858.gf9c4a03a3a-goog

Next message: Matthew Wilcox: "Re: [PATCH RFC 1/2] pgtable: add pte_clrhuge() implementation for arm64 and riscv"
Previous message: Sean Christopherson: "[PATCH v2 1/2] KVM: VMX: Inject #UD if guest tries to execute SEAMCALL or TDCALL"
In reply to: Huang, Kai: "Re: [PATCH v2 1/2] KVM: VMX: Inject #UD if guest tries to execute SEAMCALL or TDCALL"
Next in thread: Xiaoyao Li: "Re: [PATCH v2 2/2] KVM: TDX: WARN if a SEAMCALL VM-Exit makes its way out to KVM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]