tdx: use timer virtualization for lower VTLs (#2483) #2570
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Implements microsoft#2028 This PR implements hardware timer virtualization for lower VTLs on TDX CVM usingL2-VM TSC deadline timer, an architectural capability provided by TDX module. This improves the CVM performance by eliminating guest exits to hypervisor for timer arming and expiry notifications for lower VTL's timer requirements. The related changes in OHCL-kernel is implemented by microsoft/OHCL-Linux-Kernel#107 This allows VTL2 to set an execution deadline for lower VTLs. If the lower VTL is running when the deadline time arrives, it exits to VTL2 with exit reason `VmxExitBasic::TIMER_EXPIRED`. If the TSC deadline is in the past during entry into lower VTL (i.e., TSC deadline value is lower than the current virtual TSC value), it will immediately exit back to VTL2 with exit reason `VmxExitBasic::TIMER_EXPIRED`. The TSC deadline is set using `TDG.VP.WR` for `TDVPS.TSC_DEADLINE[L2-VM Index]`. - With these changes, openvmm evaluates earliest deadline across all lower VTLs and sets it in a `tdx_vp_context ->tdx_l2_tsc_deadline_state ` that is shared with `mshv_vtl` driver. - During entry into lower VTL, `mshv_vtl` driver makes the `TDG.VP.WR` call to set the deadline when an update is needed. - Added `HardwareIsolatedGuestTimer` trait as an abstraction for managing lower VTL timer deadlines. - Moved current `VmTime` interface as default/fallback implementation into this trait. - Added `TdxTscDeadlineService` to implement the TDX specific timer virtualization.
github-actions
bot
added
release_1.7.2511
|
This PR modifies files containing For more on why we check whole files, instead of just diffs, check out the Rustonomicon |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR enables timer virtualization for lower VTLs in TDX environments, implementing hardware-accelerated timer management through TDX's L2-VM TSC Deadline Timer capability.
Key Changes:
- Adds TDX L2-VM TSC deadline timer service for hardware-accelerated timer virtualization
- Introduces new HCL capability flag (
HCL_CAP_LOWER_VTL_TIMER_VIRT) to detect kernel support - Adds configuration option to disable timer virtualization via
OPENHCL_DISABLE_LOWER_VTL_TIMER_VIRT
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| vm/x86/x86defs/src/vmx.rs | Adds TIMER_EXPIRED exit reason constant for TDX timer expiration events |
| openhcl/virt_mshv_vtl/src/processor/tdx/mod.rs | Implements TdxTscDeadlineService for hardware timer virtualization and integrates it with TDX backing |
| openhcl/virt_mshv_vtl/src/processor/snp/mod.rs | Updates SNP backing to use VmTimeGuestTimer for timer management |
| openhcl/virt_mshv_vtl/src/processor/mod.rs | Adds lower_vtl_timer_virt_available parameter and timer deadline methods to HardwareIsolatedBacking trait |
| openhcl/virt_mshv_vtl/src/processor/hardware_cvm/mod.rs | Introduces HardwareIsolatedGuestTimer trait and VmTimeGuestTimer implementation as fallback |
| openhcl/virt_mshv_vtl/src/lib.rs | Adds logic to detect and enable lower VTL timer virtualization based on HCL capabilities |
| openhcl/underhill_core/src/worker.rs | Passes disable_lower_vtl_timer_virt configuration to partition parameters |
| openhcl/underhill_core/src/options.rs | Adds command-line option for disabling lower VTL timer virtualization |
| openhcl/underhill_core/src/lib.rs | Threads disable_lower_vtl_timer_virt configuration through to worker |
| openhcl/hcl/src/protocol.rs | Defines tdx_l2_tsc_deadline_state structure and adds it to TDX VP context |
| openhcl/hcl/src/ioctl/tdx.rs | Adds accessors for TDX L2 TSC deadline state in processor runner |
| openhcl/hcl/src/ioctl.rs | Adds HCL capability check for lower VTL timer virtualization support |
| tmk/tmk_vmm/src/paravisor_vmm.rs | Disables lower VTL timer virtualization for TMK VMM (with TODO to match OpenHCL defaults) |
| flowey/flowey_lib_hvlite/src/_jobs/cfg_versions.rs | Updates OpenHCL kernel stable version to 6.12.52.4 |
smalis-msft
approved these changes
Dec 16, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Cherry-pick of PR #2483 to support timer virtualization for lower VTLs.
Issue - #2028