[v2,03/58] target/i386: Parse TDX vm type

Message ID	20230818095041.1973309-4-xiaoyao.li@intel.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <kvm-owner@vger.kernel.org> From: Xiaoyao Li <xiaoyao.li@intel.com> To: Paolo Bonzini <pbonzini@redhat.com>, Richard Henderson <richard.henderson@linaro.org>, "Michael S. Tsirkin" <mst@redhat.com>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, Igor Mammedov <imammedo@redhat.com>, Ani Sinha <anisinha@redhat.com>, Peter Xu <peterx@redhat.com>, David Hildenbrand <david@redhat.com>, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@linaro.org>, =?utf-8?q?Dani?= =?utf-8?q?el_P=2E_Berrang=C3=A9?= <berrange@redhat.com>, Cornelia Huck <cohuck@redhat.com>, Eric Blake <eblake@redhat.com>, Markus Armbruster <armbru@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>, Gerd Hoffmann <kraxel@redhat.com> Cc: qemu-devel@nongnu.org, kvm@vger.kernel.org, Eduardo Habkost <eduardo@habkost.net>, Laszlo Ersek <lersek@redhat.com>, xiaoyao.li@intel.com, Isaku Yamahata <isaku.yamahata@gmail.com>, erdemaktas@google.com, Chenyi Qiang <chenyi.qiang@intel.com> Subject: [PATCH v2 03/58] target/i386: Parse TDX vm type Date: Fri, 18 Aug 2023 05:49:46 -0400 Message-Id: <20230818095041.1973309-4-xiaoyao.li@intel.com> In-Reply-To: <20230818095041.1973309-1-xiaoyao.li@intel.com> References: <20230818095041.1973309-1-xiaoyao.li@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	TDX QEMU support \| expand [v2,00/58] TDX QEMU support [v2,01/58] * HACK * linux-headers: Update headers to pull in TDX API changes [v2,02/58] i386: Introduce tdx-guest object [v2,03/58] target/i386: Parse TDX vm type [v2,04/58] target/i386: Introduce kvm_confidential_guest_init() [v2,05/58] i386/tdx: Implement tdx_kvm_init() to initialize TDX VM context [v2,06/58] i386/tdx: Get tdx_capabilities via KVM_TDX_CAPABILITIES [v2,07/58] i386/tdx: Introduce is_tdx_vm() helper and cache tdx_guest object [v2,08/58] i386/tdx: Adjust the supported CPUID based on TDX restrictions [v2,09/58] i386/tdx: Update tdx_cpuid_lookup[].tdx_fixed0/1 by tdx_caps.cpuid_config[] [v2,10/58] i386/tdx: Integrate tdx_caps->xfam_fixed0/1 into tdx_cpuid_lookup [v2,11/58] i386/tdx: Integrate tdx_caps->attrs_fixed0/1 to tdx_cpuid_lookup [v2,12/58] i386/kvm: Move architectural CPUID leaf generation to separate helper [v2,13/58] kvm: Introduce kvm_arch_pre_create_vcpu() [v2,14/58] i386/tdx: Initialize TDX before creating TD vcpus [v2,15/58] i386/tdx: Add property sept-ve-disable for tdx-guest object [v2,16/58] i386/tdx: Make sept_ve_disable set by default [v2,17/58] i386/tdx: Wire CPU features up with attributes of TD guest [v2,18/58] i386/tdx: Validate TD attributes [v2,19/58] qom: implement property helper for sha384 [v2,20/58] i386/tdx: Allows mrconfigid/mrowner/mrownerconfig for TDX_INIT_VM [v2,21/58] i386/tdx: Implement user specified tsc frequency [v2,22/58] i386/tdx: Set kvm_readonly_mem_enabled to false for TDX VM [v2,23/58] i386/tdx: Make memory type private by default [v2,24/58] i386/tdx: Create kvm gmem for TD [v2,25/58] kvm/tdx: Don't complain when converting vMMIO region to shared [v2,26/58] kvm/tdx: Ignore memory conversion to shared of unassigned region [v2,27/58] i386/tdvf: Introduce function to parse TDVF metadata [v2,28/58] i386/tdx: Parse TDVF metadata for TDX VM [v2,29/58] i386/tdx: Skip BIOS shadowing setup [v2,30/58] i386/tdx: Don't initialize pc.rom for TDX VMs [v2,31/58] i386/tdx: Track mem_ptr for each firmware entry of TDVF [v2,32/58] i386/tdx: Track RAM entries for TDX VM [v2,33/58] headers: Add definitions from UEFI spec for volumes, resources, etc... [v2,34/58] i386/tdx: Setup the TD HOB list [v2,35/58] i386/tdx: Add TDVF memory via KVM_TDX_INIT_MEM_REGION [v2,36/58] memory: Introduce memory_region_init_ram_gmem() [v2,37/58] i386/tdx: register TDVF as private memory [v2,38/58] i386/tdx: Call KVM_TDX_INIT_VCPU to initialize TDX vcpu [v2,39/58] i386/tdx: Finalize TDX VM [v2,40/58] i386/tdx: handle TDG.VP.VMCALL<SetupEventNotifyInterrupt> [v2,41/58] i386/tdx: handle TDG.VP.VMCALL<GetQuote> [v2,42/58] i386/tdx: register the fd read callback with the main loop to read the quote data [v2,43/58] i386/tdx: setup a timer for the qio channel [v2,44/58] i386/tdx: handle TDG.VP.VMCALL<MapGPA> hypercall [v2,45/58] i386/tdx: Limit the range size for MapGPA [v2,46/58] i386/tdx: Handle TDG.VP.VMCALL<REPORT_FATAL_ERROR> [v2,47/58] i386/tdx: Wire REPORT_FATAL_ERROR with GuestPanic facility [v2,48/58] i386/tdx: Disable SMM for TDX VMs [v2,49/58] i386/tdx: Disable PIC for TDX VMs [v2,50/58] i386/tdx: Don't allow system reset for TDX VMs [v2,51/58] i386/tdx: LMCE is not supported for TDX [v2,52/58] hw/i386: add eoi_intercept_unsupported member to X86MachineState [v2,53/58] hw/i386: add option to forcibly report edge trigger in acpi tables [v2,54/58] i386/tdx: Don't synchronize guest tsc for TDs [v2,55/58] i386/tdx: Only configure MSR_IA32_UCODE_REV in kvm_init_msrs() for TDs [v2,56/58] i386/tdx: Skip kvm_put_apicbase() for TDs [v2,57/58] i386/tdx: Don't get/put guest state for TDX VMs [v2,58/58] docs: Add TDX documentation

Message ID

20230818095041.1973309-4-xiaoyao.li@intel.com (mailing list archive)

State

New, archived

Headers

From: Xiaoyao Li <xiaoyao.li@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 "Michael S. Tsirkin" <mst@redhat.com>,
 Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
 Igor Mammedov <imammedo@redhat.com>, Ani Sinha <anisinha@redhat.com>,
 Peter Xu <peterx@redhat.com>, David Hildenbrand <david@redhat.com>,
	=?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@linaro.org>, =?utf-8?q?Dani?=
	=?utf-8?q?el_P=2E_Berrang=C3=A9?= <berrange@redhat.com>,
 Cornelia Huck <cohuck@redhat.com>, Eric Blake <eblake@redhat.com>,
 Markus Armbruster <armbru@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>,
 Gerd Hoffmann <kraxel@redhat.com>
Cc: qemu-devel@nongnu.org, kvm@vger.kernel.org,
        Eduardo Habkost <eduardo@habkost.net>,
        Laszlo Ersek <lersek@redhat.com>, xiaoyao.li@intel.com,
        Isaku Yamahata <isaku.yamahata@gmail.com>,
        erdemaktas@google.com, Chenyi Qiang <chenyi.qiang@intel.com>
Subject: [PATCH v2 03/58] target/i386: Parse TDX vm type
Date: Fri, 18 Aug 2023 05:49:46 -0400
Message-Id: <20230818095041.1973309-4-xiaoyao.li@intel.com>
In-Reply-To: <20230818095041.1973309-1-xiaoyao.li@intel.com>
References: <20230818095041.1973309-1-xiaoyao.li@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

TDX QEMU support | expand

Commit Message

Xiaoyao Li Aug. 18, 2023, 9:49 a.m. UTC

TDX VM requires VM type KVM_X86_TDX_VM to be passed to
kvm_ioctl(KVM_CREATE_VM).

If tdx-guest object is specified to confidential-guest-support, like,

  qemu -machine ...,confidential-guest-support=tdx0 \
       -object tdx-guest,id=tdx0,...

it parses VM type as KVM_X86_TDX_VM.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 target/i386/kvm/kvm.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

Comments

Daniel P. Berrangé Aug. 21, 2023, 8:27 a.m. UTC | #1

On Fri, Aug 18, 2023 at 05:49:46AM -0400, Xiaoyao Li wrote:
> TDX VM requires VM type KVM_X86_TDX_VM to be passed to
> kvm_ioctl(KVM_CREATE_VM).
> 
> If tdx-guest object is specified to confidential-guest-support, like,
> 
>   qemu -machine ...,confidential-guest-support=tdx0 \
>        -object tdx-guest,id=tdx0,...
> 
> it parses VM type as KVM_X86_TDX_VM.
> 
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> ---
>  target/i386/kvm/kvm.c | 10 +++++++++-
>  1 file changed, 9 insertions(+), 1 deletion(-)
> 
> diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
> index 62f237068a3a..77f4772afe6c 100644
> --- a/target/i386/kvm/kvm.c
> +++ b/target/i386/kvm/kvm.c
> @@ -32,6 +32,7 @@
>  #include "sysemu/runstate.h"
>  #include "kvm_i386.h"
>  #include "sev.h"
> +#include "tdx.h"
>  #include "xen-emu.h"
>  #include "hyperv.h"
>  #include "hyperv-proto.h"
> @@ -158,6 +159,7 @@ static int kvm_get_one_msr(X86CPU *cpu, int index, uint64_t *value);
>  static const char* vm_type_name[] = {
>      [KVM_X86_DEFAULT_VM] = "default",
>      [KVM_X86_SW_PROTECTED_VM] = "sw-protected-vm",
> +    [KVM_X86_TDX_VM] = "tdx",
>  };
>  
>  int kvm_get_vm_type(MachineState *ms, const char *vm_type)
> @@ -170,12 +172,18 @@ int kvm_get_vm_type(MachineState *ms, const char *vm_type)
>              kvm_type = KVM_X86_DEFAULT_VM;
>          } else if (!g_ascii_strcasecmp(vm_type, "sw-protected-vm")) {
>              kvm_type = KVM_X86_SW_PROTECTED_VM;
> -        } else {
> +        } else if (!g_ascii_strcasecmp(vm_type, "tdx")) {
> +            kvm_type = KVM_X86_TDX_VM;
> +        }else {
>              error_report("Unknown kvm-type specified '%s'", vm_type);
>              exit(1);
>          }
>      }

This whole block of code should go away - as this should not exist
as a user visible property. It should be sufficient to use the
tdx-guest object type to identify use of TDX.

>  
> +    if (ms->cgs && object_dynamic_cast(OBJECT(ms->cgs), TYPE_TDX_GUEST)) {
> +        kvm_type = KVM_X86_TDX_VM;
> +    }
> +
>      /*
>       * old KVM doesn't support KVM_CAP_VM_TYPES and KVM_X86_DEFAULT_VM
>       * is always supported
> -- 
> 2.34.1
> 

With regards,
Daniel

Xiaoyao Li Aug. 21, 2023, 1:37 p.m. UTC | #2

On 8/21/2023 4:27 PM, Daniel P. Berrangé wrote:
> On Fri, Aug 18, 2023 at 05:49:46AM -0400, Xiaoyao Li wrote:
>> TDX VM requires VM type KVM_X86_TDX_VM to be passed to
>> kvm_ioctl(KVM_CREATE_VM).
>>
>> If tdx-guest object is specified to confidential-guest-support, like,
>>
>>    qemu -machine ...,confidential-guest-support=tdx0 \
>>         -object tdx-guest,id=tdx0,...
>>
>> it parses VM type as KVM_X86_TDX_VM.
>>
>> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
>> ---
>>   target/i386/kvm/kvm.c | 10 +++++++++-
>>   1 file changed, 9 insertions(+), 1 deletion(-)
>>
>> diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
>> index 62f237068a3a..77f4772afe6c 100644
>> --- a/target/i386/kvm/kvm.c
>> +++ b/target/i386/kvm/kvm.c
>> @@ -32,6 +32,7 @@
>>   #include "sysemu/runstate.h"
>>   #include "kvm_i386.h"
>>   #include "sev.h"
>> +#include "tdx.h"
>>   #include "xen-emu.h"
>>   #include "hyperv.h"
>>   #include "hyperv-proto.h"
>> @@ -158,6 +159,7 @@ static int kvm_get_one_msr(X86CPU *cpu, int index, uint64_t *value);
>>   static const char* vm_type_name[] = {
>>       [KVM_X86_DEFAULT_VM] = "default",
>>       [KVM_X86_SW_PROTECTED_VM] = "sw-protected-vm",
>> +    [KVM_X86_TDX_VM] = "tdx",
>>   };
>>   
>>   int kvm_get_vm_type(MachineState *ms, const char *vm_type)
>> @@ -170,12 +172,18 @@ int kvm_get_vm_type(MachineState *ms, const char *vm_type)
>>               kvm_type = KVM_X86_DEFAULT_VM;
>>           } else if (!g_ascii_strcasecmp(vm_type, "sw-protected-vm")) {
>>               kvm_type = KVM_X86_SW_PROTECTED_VM;
>> -        } else {
>> +        } else if (!g_ascii_strcasecmp(vm_type, "tdx")) {
>> +            kvm_type = KVM_X86_TDX_VM;
>> +        }else {
>>               error_report("Unknown kvm-type specified '%s'", vm_type);
>>               exit(1);
>>           }
>>       }
> 
> This whole block of code should go away - as this should not exist
> as a user visible property. It should be sufficient to use the
> tdx-guest object type to identify use of TDX.
> 

yes, agreed.

It's here because this series is based on the gmem series, which 
introduced property. I'm sorry that I forgot to mention it in the commit 
message.

Next gmem series will drop the implementation of kvm-type property [1] 
and above code will be dropped in next version as well.

[1] 
https://lore.kernel.org/qemu-devel/9b3a3e88-21f4-bfd2-a9c3-60a25832e698@intel.com/

diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 62f237068a3a..77f4772afe6c 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -32,6 +32,7 @@ 
 #include "sysemu/runstate.h"
 #include "kvm_i386.h"
 #include "sev.h"
+#include "tdx.h"
 #include "xen-emu.h"
 #include "hyperv.h"
 #include "hyperv-proto.h"
@@ -158,6 +159,7 @@  static int kvm_get_one_msr(X86CPU *cpu, int index, uint64_t *value);
 static const char* vm_type_name[] = {
     [KVM_X86_DEFAULT_VM] = "default",
     [KVM_X86_SW_PROTECTED_VM] = "sw-protected-vm",
+    [KVM_X86_TDX_VM] = "tdx",
 };
 
 int kvm_get_vm_type(MachineState *ms, const char *vm_type)
@@ -170,12 +172,18 @@  int kvm_get_vm_type(MachineState *ms, const char *vm_type)
             kvm_type = KVM_X86_DEFAULT_VM;
         } else if (!g_ascii_strcasecmp(vm_type, "sw-protected-vm")) {
             kvm_type = KVM_X86_SW_PROTECTED_VM;
-        } else {
+        } else if (!g_ascii_strcasecmp(vm_type, "tdx")) {
+            kvm_type = KVM_X86_TDX_VM;
+        }else {
             error_report("Unknown kvm-type specified '%s'", vm_type);
             exit(1);
         }
     }
 
+    if (ms->cgs && object_dynamic_cast(OBJECT(ms->cgs), TYPE_TDX_GUEST)) {
+        kvm_type = KVM_X86_TDX_VM;
+    }
+
     /*
      * old KVM doesn't support KVM_CAP_VM_TYPES and KVM_X86_DEFAULT_VM
      * is always supported

[v2,03/58] target/i386: Parse TDX vm type

Commit Message

Comments

Patch