From patchwork Thu Feb 29 06:36:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13576551 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD5E65025E for ; Thu, 29 Feb 2024 06:40:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.15 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709188851; cv=none; b=X7tUDACeb2DORc9rlV+7zjVFY2uBDvobEuCbU3v9I0s4a0/bAeJmD2nbTvOQ1/sqLTC8cqFHon+Bch0oxcEwxclaOWyU+klAZWcTQU0ZSuX+Qx/zexoHvLQWL1vFlBvbfhQXAofWSeiEWokP0uVXfvAf6bsXlanpJX9NOeJ8JUg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709188851; c=relaxed/simple; bh=r6CX0MD3a31aAOb2PFTUkMtwVtojPqksFz3dczKEH18=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=E9BKpcctFlWBp8/hLE8iZGchxD3C7Dno9odJX/0So37y0NhOGpun/gr+5omr04AfjXMT4RlEuYw7tWfAzBBCFU2EqcqHo2nnBMyn2TfdV14tQ1Jr3vmFolW2L0etq2dIyGo7Yg4HJXDIKJESA2r0Ple1HtgN2qaVW7Av8CNnjmw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Z76FRbYS; arc=none smtp.client-ip=192.198.163.15 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Z76FRbYS" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1709188849; x=1740724849; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=r6CX0MD3a31aAOb2PFTUkMtwVtojPqksFz3dczKEH18=; b=Z76FRbYSd4bz+vQzdC2IMgacDInUmTVixzjZzI9ObGBuyC86Iezo80KI By9DoVpEfwL90srugt7yPMT0GzEddtNvVJ8t0yKnWjDmWuugytk32g7gK riynoWliYO6jUkayumSf1qm30g0BNZJonSbwCjraL1CviAkhjhiNx2zX2 WB34vAjk9IvmA8ZoYX+GIWaVFUtabeTTpRQkyM+9dFypC6wj491FLaozB nD2k6EXxThrWd6mz50X+IUaHNA6YBG0IqjunCH2ufzB576SZIU2koVS62 t+hVhHo42rYHmlQKwW7tq2V3YOVUn9Hb32iCAiEmDTLPQA8BiNm9rZvc4 Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10998"; a="3802803" X-IronPort-AV: E=Sophos;i="6.06,192,1705392000"; d="scan'208";a="3802803" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by fmvoesa109.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Feb 2024 22:40:46 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.06,192,1705392000"; d="scan'208";a="8075551" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by orviesa007.jf.intel.com with ESMTP; 28 Feb 2024 22:40:38 -0800 From: Xiaoyao Li To: Paolo Bonzini , David Hildenbrand , Igor Mammedov , Eduardo Habkost , Marcel Apfelbaum , =?utf-8?q?Philippe_Mathieu-D?= =?utf-8?q?aud=C3=A9?= , Yanan Wang , "Michael S. Tsirkin" , Richard Henderson , Ani Sinha , Peter Xu , Cornelia Huck , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Eric Blake , Markus Armbruster , Marcelo Tosatti Cc: kvm@vger.kernel.org, qemu-devel@nongnu.org, Michael Roth , Claudio Fontana , Gerd Hoffmann , Isaku Yamahata , Chenyi Qiang , xiaoyao.li@intel.com Subject: [PATCH v5 29/65] i386/tdx: Validate TD attributes Date: Thu, 29 Feb 2024 01:36:50 -0500 Message-Id: <20240229063726.610065-30-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240229063726.610065-1-xiaoyao.li@intel.com> References: <20240229063726.610065-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Validate TD attributes with tdx_caps that fixed-0 bits must be zero and fixed-1 bits must be set. Besides, sanity check the attribute bits that have not been supported by QEMU yet. e.g., debug bit, it will be allowed in the future when debug TD support lands in QEMU. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- Changes in v3: - using error_setg() for error report; (Daniel) --- target/i386/kvm/tdx.c | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 1c12cda002b8..d0ad4f57b5d0 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -32,6 +32,7 @@ (1U << KVM_FEATURE_PV_SCHED_YIELD) | \ (1U << KVM_FEATURE_MSI_EXT_DEST_ID)) +#define TDX_TD_ATTRIBUTES_DEBUG BIT_ULL(0) #define TDX_TD_ATTRIBUTES_SEPT_VE_DISABLE BIT_ULL(28) #define TDX_TD_ATTRIBUTES_PKS BIT_ULL(30) #define TDX_TD_ATTRIBUTES_PERFMON BIT_ULL(63) @@ -479,13 +480,34 @@ static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) return 0; } -static void setup_td_guest_attributes(X86CPU *x86cpu) +static int tdx_validate_attributes(TdxGuest *tdx, Error **errp) +{ + if (((tdx->attributes & tdx_caps->attrs_fixed0) | tdx_caps->attrs_fixed1) != + tdx->attributes) { + error_setg(errp, "Invalid attributes 0x%lx for TDX VM " + "(fixed0 0x%llx, fixed1 0x%llx)", + tdx->attributes, tdx_caps->attrs_fixed0, + tdx_caps->attrs_fixed1); + return -1; + } + + if (tdx->attributes & TDX_TD_ATTRIBUTES_DEBUG) { + error_setg(errp, "Current QEMU doesn't support attributes.debug[bit 0] for TDX VM"); + return -1; + } + + return 0; +} + +static int setup_td_guest_attributes(X86CPU *x86cpu, Error **errp) { CPUX86State *env = &x86cpu->env; tdx_guest->attributes |= (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_PKS) ? TDX_TD_ATTRIBUTES_PKS : 0; tdx_guest->attributes |= x86cpu->enable_pmu ? TDX_TD_ATTRIBUTES_PERFMON : 0; + + return tdx_validate_attributes(tdx_guest, errp); } int tdx_pre_create_vcpu(CPUState *cpu, Error **errp) @@ -512,7 +534,10 @@ int tdx_pre_create_vcpu(CPUState *cpu, Error **errp) return r; } - setup_td_guest_attributes(x86cpu); + r = setup_td_guest_attributes(x86cpu, errp); + if (r) { + return r; + } init_vm->cpuid.nent = kvm_x86_arch_cpuid(env, init_vm->cpuid.entries, 0);