diff mbox series

[RFC,v4,24/36] i386/tdx: Add TDVF memory via KVM_TDX_INIT_MEM_REGION

Message ID 20220512031803.3315890-25-xiaoyao.li@intel.com (mailing list archive)
State New, archived
Headers show
Series TDX QEMU support | expand

Commit Message

Xiaoyao Li May 12, 2022, 3:17 a.m. UTC
From: Isaku Yamahata <isaku.yamahata@intel.com>

TDVF firmware (CODE and VARS) needs to be added/copied to TD's private
memory via KVM_TDX_INIT_MEM_REGION, as well as TD HOB and TEMP memory.

Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 target/i386/kvm/tdx.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

Comments

Isaku Yamahata May 12, 2022, 6:34 p.m. UTC | #1
On Thu, May 12, 2022 at 11:17:51AM +0800,
Xiaoyao Li <xiaoyao.li@intel.com> wrote:

> From: Isaku Yamahata <isaku.yamahata@intel.com>
> 
> TDVF firmware (CODE and VARS) needs to be added/copied to TD's private
> memory via KVM_TDX_INIT_MEM_REGION, as well as TD HOB and TEMP memory.
> 
> Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> ---
>  target/i386/kvm/tdx.c | 24 ++++++++++++++++++++++++
>  1 file changed, 24 insertions(+)
> 
> diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
> index 3e18ace90bf7..567ee12e88f0 100644
> --- a/target/i386/kvm/tdx.c
> +++ b/target/i386/kvm/tdx.c
> @@ -240,6 +240,7 @@ static void tdx_finalize_vm(Notifier *notifier, void *unused)
>  {
>      TdxFirmware *tdvf = &tdx_guest->tdvf;
>      TdxFirmwareEntry *entry;
> +    int r;
>  
>      tdx_init_ram_entries();
>  
> @@ -265,6 +266,29 @@ static void tdx_finalize_vm(Notifier *notifier, void *unused)
>            sizeof(TdxRamEntry), &tdx_ram_entry_compare);
>  
>      tdvf_hob_create(tdx_guest, tdx_get_hob_entry(tdx_guest));
> +
> +    for_each_tdx_fw_entry(tdvf, entry) {
> +        struct kvm_tdx_init_mem_region mem_region = {
> +            .source_addr = (__u64)entry->mem_ptr,
> +            .gpa = entry->address,
> +            .nr_pages = entry->size / 4096,
> +        };
> +
> +        __u32 metadata = entry->attributes & TDVF_SECTION_ATTRIBUTES_MR_EXTEND ?
> +                         KVM_TDX_MEASURE_MEMORY_REGION : 0;

Please use flags instead of metadata.


> +        r = tdx_vm_ioctl(KVM_TDX_INIT_MEM_REGION, metadata, &mem_region);
> +        if (r < 0) {
> +             error_report("KVM_TDX_INIT_MEM_REGION failed %s", strerror(-r));
> +             exit(1);
> +        }
> +
> +        if (entry->type == TDVF_SECTION_TYPE_TD_HOB ||
> +            entry->type == TDVF_SECTION_TYPE_TEMP_MEM) {
> +            qemu_ram_munmap(-1, entry->mem_ptr, entry->size);
> +            entry->mem_ptr = NULL;
> +        }
> +    }
>  }
>  
>  static Notifier tdx_machine_done_notify = {
> -- 
> 2.27.0
> 
>
Xiaoyao Li May 13, 2022, 12:46 a.m. UTC | #2
On 5/13/2022 2:34 AM, Isaku Yamahata wrote:
> On Thu, May 12, 2022 at 11:17:51AM +0800,
> Xiaoyao Li <xiaoyao.li@intel.com> wrote:
> 
>> From: Isaku Yamahata <isaku.yamahata@intel.com>
>>
>> TDVF firmware (CODE and VARS) needs to be added/copied to TD's private
>> memory via KVM_TDX_INIT_MEM_REGION, as well as TD HOB and TEMP memory.
>>
>> Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
>> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
>> ---
>>   target/i386/kvm/tdx.c | 24 ++++++++++++++++++++++++
>>   1 file changed, 24 insertions(+)
>>
>> diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
>> index 3e18ace90bf7..567ee12e88f0 100644
>> --- a/target/i386/kvm/tdx.c
>> +++ b/target/i386/kvm/tdx.c
>> @@ -240,6 +240,7 @@ static void tdx_finalize_vm(Notifier *notifier, void *unused)
>>   {
>>       TdxFirmware *tdvf = &tdx_guest->tdvf;
>>       TdxFirmwareEntry *entry;
>> +    int r;
>>   
>>       tdx_init_ram_entries();
>>   
>> @@ -265,6 +266,29 @@ static void tdx_finalize_vm(Notifier *notifier, void *unused)
>>             sizeof(TdxRamEntry), &tdx_ram_entry_compare);
>>   
>>       tdvf_hob_create(tdx_guest, tdx_get_hob_entry(tdx_guest));
>> +
>> +    for_each_tdx_fw_entry(tdvf, entry) {
>> +        struct kvm_tdx_init_mem_region mem_region = {
>> +            .source_addr = (__u64)entry->mem_ptr,
>> +            .gpa = entry->address,
>> +            .nr_pages = entry->size / 4096,
>> +        };
>> +
>> +        __u32 metadata = entry->attributes & TDVF_SECTION_ATTRIBUTES_MR_EXTEND ?
>> +                         KVM_TDX_MEASURE_MEMORY_REGION : 0;
> 
> Please use flags instead of metadata.

Sure. Will change it.

> 
>> +        r = tdx_vm_ioctl(KVM_TDX_INIT_MEM_REGION, metadata, &mem_region);
>> +        if (r < 0) {
>> +             error_report("KVM_TDX_INIT_MEM_REGION failed %s", strerror(-r));
>> +             exit(1);
>> +        }
>> +
>> +        if (entry->type == TDVF_SECTION_TYPE_TD_HOB ||
>> +            entry->type == TDVF_SECTION_TYPE_TEMP_MEM) {
>> +            qemu_ram_munmap(-1, entry->mem_ptr, entry->size);
>> +            entry->mem_ptr = NULL;
>> +        }
>> +    }
>>   }
>>   
>>   static Notifier tdx_machine_done_notify = {
>> -- 
>> 2.27.0
>>
>>
>
Gerd Hoffmann May 24, 2022, 7:57 a.m. UTC | #3
On Thu, May 12, 2022 at 11:17:51AM +0800, Xiaoyao Li wrote:
> From: Isaku Yamahata <isaku.yamahata@intel.com>
> 
> TDVF firmware (CODE and VARS) needs to be added/copied to TD's private
> memory via KVM_TDX_INIT_MEM_REGION, as well as TD HOB and TEMP memory.
> 
> Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>

Acked-by: Gerd Hoffmann <kraxel@redhat.com>
diff mbox series

Patch

diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index 3e18ace90bf7..567ee12e88f0 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -240,6 +240,7 @@  static void tdx_finalize_vm(Notifier *notifier, void *unused)
 {
     TdxFirmware *tdvf = &tdx_guest->tdvf;
     TdxFirmwareEntry *entry;
+    int r;
 
     tdx_init_ram_entries();
 
@@ -265,6 +266,29 @@  static void tdx_finalize_vm(Notifier *notifier, void *unused)
           sizeof(TdxRamEntry), &tdx_ram_entry_compare);
 
     tdvf_hob_create(tdx_guest, tdx_get_hob_entry(tdx_guest));
+
+    for_each_tdx_fw_entry(tdvf, entry) {
+        struct kvm_tdx_init_mem_region mem_region = {
+            .source_addr = (__u64)entry->mem_ptr,
+            .gpa = entry->address,
+            .nr_pages = entry->size / 4096,
+        };
+
+        __u32 metadata = entry->attributes & TDVF_SECTION_ATTRIBUTES_MR_EXTEND ?
+                         KVM_TDX_MEASURE_MEMORY_REGION : 0;
+
+        r = tdx_vm_ioctl(KVM_TDX_INIT_MEM_REGION, metadata, &mem_region);
+        if (r < 0) {
+             error_report("KVM_TDX_INIT_MEM_REGION failed %s", strerror(-r));
+             exit(1);
+        }
+
+        if (entry->type == TDVF_SECTION_TYPE_TD_HOB ||
+            entry->type == TDVF_SECTION_TYPE_TEMP_MEM) {
+            qemu_ram_munmap(-1, entry->mem_ptr, entry->size);
+            entry->mem_ptr = NULL;
+        }
+    }
 }
 
 static Notifier tdx_machine_done_notify = {