[v5,36/65] i386/tdx: load TDVF for TD guest

Message ID	20240229063726.610065-37-xiaoyao.li@intel.com (mailing list archive)
State	New, archived
Headers	show Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9260F46447 for <kvm@vger.kernel.org>; Thu, 29 Feb 2024 06:41:31 +0000 (UTC) From: Xiaoyao Li <xiaoyao.li@intel.com> To: Paolo Bonzini <pbonzini@redhat.com>, David Hildenbrand <david@redhat.com>, Igor Mammedov <imammedo@redhat.com>, Eduardo Habkost <eduardo@habkost.net>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, =?utf-8?q?Philippe_Mathieu-D?= =?utf-8?q?aud=C3=A9?= <philmd@linaro.org>, Yanan Wang <wangyanan55@huawei.com>, "Michael S. Tsirkin" <mst@redhat.com>, Richard Henderson <richard.henderson@linaro.org>, Ani Sinha <anisinha@redhat.com>, Peter Xu <peterx@redhat.com>, Cornelia Huck <cohuck@redhat.com>, =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= <berrange@redhat.com>, Eric Blake <eblake@redhat.com>, Markus Armbruster <armbru@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com> Cc: kvm@vger.kernel.org, qemu-devel@nongnu.org, Michael Roth <michael.roth@amd.com>, Claudio Fontana <cfontana@suse.de>, Gerd Hoffmann <kraxel@redhat.com>, Isaku Yamahata <isaku.yamahata@gmail.com>, Chenyi Qiang <chenyi.qiang@intel.com>, xiaoyao.li@intel.com Subject: [PATCH v5 36/65] i386/tdx: load TDVF for TD guest Date: Thu, 29 Feb 2024 01:36:57 -0500 Message-Id: <20240229063726.610065-37-xiaoyao.li@intel.com> In-Reply-To: <20240229063726.610065-1-xiaoyao.li@intel.com> References: <20240229063726.610065-1-xiaoyao.li@intel.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	QEMU Guest memfd + QEMU TDX support \| expand [v5,00/65] QEMU Guest memfd + QEMU TDX support [v5,01/65] linux-headers: Update to Linux v6.8-rc5 [v5,02/65] RAMBlock: Add support of KVM private guest memfd [v5,03/65] HostMem: Add mechanism to opt in kvm guest memfd via MachineState [v5,04/65] trace/kvm: Split address space and slot id in trace_kvm_set_user_memory() [v5,05/65] kvm: Enable KVM_SET_USER_MEMORY_REGION2 for memslot [v5,06/65] kvm: Introduce support for memory_attributes [v5,07/65] physmem: Introduce ram_block_discard_guest_memfd_range() [v5,08/65] kvm: handle KVM_EXIT_MEMORY_FAULT [v5,09/65] trace/kvm: Add trace for page convertion between shared and private [v5,10/65] kvm/memory: Make memory type private by default if it has guest memfd backend [v5,11/65] * HACK * linux-headers: Update headers to pull in TDX API changes [v5,12/65] i386: Introduce tdx-guest object [v5,13/65] target/i386: Implement mc->kvm_type() to get VM type [v5,14/65] i386/tdx: Implement tdx_kvm_init() to initialize TDX VM context [v5,15/65] i386/tdx: Get tdx_capabilities via KVM_TDX_CAPABILITIES [v5,16/65] i386/tdx: Introduce is_tdx_vm() helper and cache tdx_guest object [v5,17/65] i386/tdx: Adjust the supported CPUID based on TDX restrictions [v5,18/65] i386/tdx: Make Intel-PT unsupported for TD guest [v5,19/65] i386/tdx: Update tdx_cpuid_lookup[].tdx_fixed0/1 by tdx_caps.cpuid_config[] [v5,20/65] i386/tdx: Integrate tdx_caps->xfam_fixed0/1 into tdx_cpuid_lookup [v5,21/65] i386/tdx: Integrate tdx_caps->attrs_fixed0/1 to tdx_cpuid_lookup [v5,22/65] i386/kvm: Move architectural CPUID leaf generation to separate helper [v5,23/65] kvm: Introduce kvm_arch_pre_create_vcpu() [v5,24/65] i386/tdx: Initialize TDX before creating TD vcpus [v5,25/65] i386/tdx: Add property sept-ve-disable for tdx-guest object [v5,26/65] i386/tdx: Make sept_ve_disable set by default [v5,27/65] i386/tdx: Wire CPU features up with attributes of TD guest [v5,28/65] i386/tdx: Disable pmu for TD guest [v5,29/65] i386/tdx: Validate TD attributes [v5,30/65] i386/tdx: Support user configurable mrconfigid/mrowner/mrownerconfig [v5,31/65] i386/tdx: Implement user specified tsc frequency [v5,32/65] i386/tdx: Set kvm_readonly_mem_enabled to false for TDX VM [v5,33/65] kvm/tdx: Don't complain when converting vMMIO region to shared [v5,34/65] kvm/tdx: Ignore memory conversion to shared of unassigned region [v5,35/65] memory: Introduce memory_region_init_ram_guest_memfd() [v5,36/65] i386/tdx: load TDVF for TD guest [v5,37/65] i386/tdvf: Introduce function to parse TDVF metadata [v5,38/65] i386/tdx: Parse TDVF metadata for TDX VM [v5,39/65] i386/tdx: Skip BIOS shadowing setup [v5,40/65] i386/tdx: Don't initialize pc.rom for TDX VMs [v5,41/65] i386/tdx: Track mem_ptr for each firmware entry of TDVF [v5,42/65] i386/tdx: Track RAM entries for TDX VM [v5,43/65] headers: Add definitions from UEFI spec for volumes, resources, etc... [v5,44/65] i386/tdx: Setup the TD HOB list [v5,45/65] i386/tdx: Populate TDVF private memory via KVM_MEMORY_MAPPING [v5,46/65] i386/tdx: Call KVM_TDX_INIT_VCPU to initialize TDX vcpu [v5,47/65] i386/tdx: Finalize TDX VM [v5,48/65] i386/tdx: handle TDG.VP.VMCALL<SetupEventNotifyInterrupt> [v5,49/65] i386/tdx: handle TDG.VP.VMCALL<GetQuote> [v5,50/65] i386/tdx: handle TDG.VP.VMCALL<MapGPA> hypercall [v5,51/65] i386/tdx: Handle TDG.VP.VMCALL<REPORT_FATAL_ERROR> [v5,52/65] i386/tdx: Wire TDX_REPORT_FATAL_ERROR with GuestPanic facility [v5,53/65] pci-host/q35: Move PAM initialization above SMRAM initialization [v5,54/65] q35: Introduce smm_ranges property for q35-pci-host [v5,55/65] i386/tdx: Disable SMM for TDX VMs [v5,56/65] i386/tdx: Disable PIC for TDX VMs [v5,57/65] i386/tdx: Don't allow system reset for TDX VMs [v5,58/65] i386/tdx: LMCE is not supported for TDX [v5,59/65] hw/i386: add eoi_intercept_unsupported member to X86MachineState [v5,60/65] hw/i386: add option to forcibly report edge trigger in acpi tables [v5,61/65] i386/tdx: Don't synchronize guest tsc for TDs [v5,62/65] i386/tdx: Only configure MSR_IA32_UCODE_REV in kvm_init_msrs() for TDs [v5,63/65] i386/tdx: Skip kvm_put_apicbase() for TDs [v5,64/65] i386/tdx: Don't get/put guest state for TDX VMs [v5,65/65] docs: Add TDX documentation

Message ID

20240229063726.610065-37-xiaoyao.li@intel.com (mailing list archive)

State

New, archived

Headers

From: Xiaoyao Li <xiaoyao.li@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>, David Hildenbrand <david@redhat.com>,
 Igor Mammedov <imammedo@redhat.com>, Eduardo Habkost <eduardo@habkost.net>,
 Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, =?utf-8?q?Philippe_Mathieu-D?=
	=?utf-8?q?aud=C3=A9?= <philmd@linaro.org>,
 Yanan Wang <wangyanan55@huawei.com>, "Michael S. Tsirkin" <mst@redhat.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Ani Sinha <anisinha@redhat.com>, Peter Xu <peterx@redhat.com>,
 Cornelia Huck <cohuck@redhat.com>,
 =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= <berrange@redhat.com>,
 Eric Blake <eblake@redhat.com>, Markus Armbruster <armbru@redhat.com>,
 Marcelo Tosatti <mtosatti@redhat.com>
Cc: kvm@vger.kernel.org,
	qemu-devel@nongnu.org,
	Michael Roth <michael.roth@amd.com>,
	Claudio Fontana <cfontana@suse.de>,
	Gerd Hoffmann <kraxel@redhat.com>,
	Isaku Yamahata <isaku.yamahata@gmail.com>,
	Chenyi Qiang <chenyi.qiang@intel.com>,
	xiaoyao.li@intel.com
Subject: [PATCH v5 36/65] i386/tdx: load TDVF for TD guest
Date: Thu, 29 Feb 2024 01:36:57 -0500
Message-Id: <20240229063726.610065-37-xiaoyao.li@intel.com>
In-Reply-To: <20240229063726.610065-1-xiaoyao.li@intel.com>
References: <20240229063726.610065-1-xiaoyao.li@intel.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

QEMU Guest memfd + QEMU TDX support | expand

Commit Message

Xiaoyao Li Feb. 29, 2024, 6:36 a.m. UTC

From: Chao Peng <chao.p.peng@linux.intel.com>

TDVF(OVMF) needs to run at private memory for TD guest. TDX cannot
support pflash device since it doesn't support read-only private memory.
Thus load TDVF(OVMF) with -bios option for TDs.

Use memory_region_init_ram_guest_memfd() to allocate the MemoryRegion
for TDVF because it needs to be located at private memory.

Also store the MemoryRegion pointer of TDVF since the shared ramblock of
it can be discared after it gets copied to private ramblock.

Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com>
Co-developed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 hw/i386/x86.c         | 13 +++++++++++--
 target/i386/kvm/tdx.c |  7 +++++++
 target/i386/kvm/tdx.h |  3 +++
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index fa7095310f37..5a0cadc88c4f 100644
--- a/hw/i386/x86.c
+++ b/hw/i386/x86.c
@@ -47,6 +47,7 @@ 
 #include "hw/intc/i8259.h"
 #include "hw/rtc/mc146818rtc.h"
 #include "target/i386/sev.h"
+#include "kvm/tdx.h"
 
 #include "hw/acpi/cpu_hotplug.h"
 #include "hw/irq.h"
@@ -1157,9 +1158,17 @@  void x86_bios_rom_init(MachineState *ms, const char *default_firmware,
         (bios_size % 65536) != 0) {
         goto bios_error;
     }
+
     bios = g_malloc(sizeof(*bios));
-    memory_region_init_ram(bios, NULL, "pc.bios", bios_size, &error_fatal);
-    if (sev_enabled()) {
+    if (is_tdx_vm()) {
+        memory_region_init_ram_guest_memfd(bios, NULL, "pc.bios", bios_size,
+                                           &error_fatal);
+        tdx_set_tdvf_region(bios);
+    } else {
+        memory_region_init_ram(bios, NULL, "pc.bios", bios_size, &error_fatal);
+    }
+
+    if (sev_enabled() || is_tdx_vm()) {
         /*
          * The concept of a "reset" simply doesn't exist for
          * confidential computing guests, we have to destroy and
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index 13f069171db7..7c8e14e3cc58 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -19,6 +19,7 @@ 
 #include "standard-headers/asm-x86/kvm_para.h"
 #include "sysemu/kvm.h"
 #include "sysemu/sysemu.h"
+#include "exec/ramblock.h"
 
 #include "hw/i386/x86.h"
 #include "kvm_i386.h"
@@ -463,6 +464,12 @@  static void update_tdx_cpuid_lookup_by_tdx_caps(void)
             (tdx_caps->xfam_fixed1 & CPUID_XSTATE_XSS_MASK) >> 32;
 }
 
+void tdx_set_tdvf_region(MemoryRegion *tdvf_mr)
+{
+    assert(!tdx_guest->tdvf_mr);
+    tdx_guest->tdvf_mr = tdvf_mr;
+}
+
 static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
 {
     MachineState *ms = MACHINE(qdev_get_machine());
diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h
index 2697e6bdfb1d..c021223001a5 100644
--- a/target/i386/kvm/tdx.h
+++ b/target/i386/kvm/tdx.h
@@ -24,6 +24,8 @@  typedef struct TdxGuest {
     char *mrconfigid;       /* base64 encoded sha348 digest */
     char *mrowner;          /* base64 encoded sha348 digest */
     char *mrownerconfig;    /* base64 encoded sha348 digest */
+
+    MemoryRegion *tdvf_mr;
 } TdxGuest;
 
 #ifdef CONFIG_TDX
@@ -35,5 +37,6 @@  bool is_tdx_vm(void);
 void tdx_get_supported_cpuid(uint32_t function, uint32_t index, int reg,
                              uint32_t *ret);
 int tdx_pre_create_vcpu(CPUState *cpu, Error **errp);
+void tdx_set_tdvf_region(MemoryRegion *tdvf_mr);
 
 #endif /* QEMU_I386_TDX_H */

[v5,36/65] i386/tdx: load TDVF for TD guest

Commit Message

Patch