[v3,27/49] i386/sev: Set ms->require_guest_memfd for SNP

Message ID	20240320083945.991426-28-michael.roth@amd.com (mailing list archive)
State	New, archived
Headers	show Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2058.outbound.protection.outlook.com [40.107.223.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D2E8439AFE for <kvm@vger.kernel.org>; Wed, 20 Mar 2024 08:48:10 +0000 (UTC) Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C From: Michael Roth <michael.roth@amd.com> To: <qemu-devel@nongnu.org> CC: <kvm@vger.kernel.org>, Tom Lendacky <thomas.lendacky@amd.com>, "Paolo Bonzini" <pbonzini@redhat.com>, =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= <berrange@redhat.com>, Markus Armbruster <armbru@redhat.com>, Pankaj Gupta <pankaj.gupta@amd.com>, Xiaoyao Li <xiaoyao.li@intel.com>, Isaku Yamahata <isaku.yamahata@linux.intel.com> Subject: [PATCH v3 27/49] i386/sev: Set ms->require_guest_memfd for SNP Date: Wed, 20 Mar 2024 03:39:23 -0500 Message-ID: <20240320083945.991426-28-michael.roth@amd.com> In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com> References: <20240320083945.991426-1-michael.roth@amd.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	Add AMD Secure Nested Paging (SEV-SNP) support \| expand [RFC,v3,00/49] Add AMD Secure Nested Paging (SEV-SNP) support [v3,01/49] Revert "linux-headers hack" from sevinit2 base tree [v3,02/49] scripts/update-linux-headers: Add setup_data.h to import list [v3,03/49] scripts/update-linux-headers: Add bits.h to file imports [v3,04/49,HACK] linux-headers: Update headers for 6.8 + kvm-coco-queue + SNP [v3,05/49,TEMP] hw/i386: Remove redeclaration of struct setup_data [v3,06/49] RAMBlock: Add support of KVM private guest memfd [v3,07/49] HostMem: Add mechanism to opt in kvm guest memfd via MachineState [v3,08/49] trace/kvm: Split address space and slot id in trace_kvm_set_user_memory() [v3,09/49] kvm: Enable KVM_SET_USER_MEMORY_REGION2 for memslot [v3,10/49] kvm: Introduce support for memory_attributes [v3,11/49] physmem: Introduce ram_block_discard_guest_memfd_range() [v3,12/49] kvm: handle KVM_EXIT_MEMORY_FAULT [v3,13/49,FIXUP] "kvm: handle KVM_EXIT_MEMORY_FAULT": drop qemu_host_page_size [v3,14/49] trace/kvm: Add trace for page convertion between shared and private [v3,15/49] kvm/memory: Make memory type private by default if it has guest memfd backend [v3,16/49] memory: Introduce memory_region_init_ram_guest_memfd() [v3,17/49] pci-host/q35: Move PAM initialization above SMRAM initialization [v3,18/49] q35: Introduce smm_ranges property for q35-pci-host [v3,19/49] kvm: Make kvm_convert_memory() obey ram_block_discard_is_enabled() [v3,20/49] trace/kvm: Add trace for KVM_EXIT_MEMORY_FAULT [v3,21/49] i386/sev: Introduce "sev-common" type to encapsulate common SEV state [v3,22/49] i386/sev: Introduce 'sev-snp-guest' object [v3,23/49] i386/sev: Add a sev_snp_enabled() helper [v3,24/49] target/i386: Add handling for KVM_X86_SNP_VM VM type [v3,25/49] i386/sev: Skip RAMBlock notifiers for SNP [v3,26/49] i386/sev: Skip machine-init-done notifiers for SNP [v3,27/49] i386/sev: Set ms->require_guest_memfd for SNP [v3,28/49] i386/sev: Disable SMM for SNP [v3,29/49] i386/sev: Don't disable block discarding for SNP [v3,30/49] i386/cpu: Set SEV-SNP CPUID bit when SNP enabled [v3,31/49] i386/sev: Update query-sev QAPI format to handle SEV-SNP [v3,32/49] i386/sev: Don't return launch measurements for SEV-SNP guests [v3,33/49] kvm: Make kvm_convert_memory() non-static [v3,34/49] i386/sev: Add KVM_EXIT_VMGEXIT handling for Page State Changes [v3,35/49] i386/sev: Add KVM_EXIT_VMGEXIT handling for Page State Changes (MSR-based) [v3,36/49] i386/sev: Add KVM_EXIT_VMGEXIT handling for Extended Guest Requests [v3,37/49] i386/sev: Add the SNP launch start context [v3,38/49] i386/sev: Add handling to encrypt/finalize guest launch data [v3,39/49] i386/sev: Set CPU state to protected once SNP guest payload is finalized [v3,40/49] hw/i386/sev: Add function to get SEV metadata from OVMF header [v3,41/49] i386/sev: Add support for populating OVMF metadata pages [v3,42/49] i386/sev: Add support for SNP CPUID validation [v3,43/49] qapi, i386: Move kernel-hashes to SevCommonProperties [v3,44/49] i386/sev: Extract build_kernel_loader_hashes [v3,45/49] i386/sev: Reorder struct declarations [v3,46/49] i386/sev: Allow measured direct kernel boot on SNP [v3,47/49] hw/i386/sev: Add support to encrypt BIOS when SEV-SNP is enabled [v3,48/49] hw/i386/sev: Use guest_memfd for legacy ROMs [v3,49/49] hw/i386: Add support for loading BIOS using guest_memfd

Message ID

20240320083945.991426-28-michael.roth@amd.com (mailing list archive)

State

New, archived

Headers

Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
From: Michael Roth <michael.roth@amd.com>
To: <qemu-devel@nongnu.org>
CC: <kvm@vger.kernel.org>, Tom Lendacky <thomas.lendacky@amd.com>,
 "Paolo Bonzini" <pbonzini@redhat.com>,
 =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= <berrange@redhat.com>,
 Markus Armbruster <armbru@redhat.com>, Pankaj Gupta <pankaj.gupta@amd.com>,
 Xiaoyao Li <xiaoyao.li@intel.com>,
 Isaku Yamahata <isaku.yamahata@linux.intel.com>
Subject: [PATCH v3 27/49] i386/sev: Set ms->require_guest_memfd for SNP
Date: Wed, 20 Mar 2024 03:39:23 -0500
Message-ID: <20240320083945.991426-28-michael.roth@amd.com>
In-Reply-To: <20240320083945.991426-1-michael.roth@amd.com>
References: <20240320083945.991426-1-michael.roth@amd.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2024 08:48:07.6496
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 9ab5a55b-073c-4680-da0f-08dc48ba770c
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	MWH0EPF000A672E.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR12MB5971

Series

Add AMD Secure Nested Paging (SEV-SNP) support | expand

Commit Message

Michael Roth March 20, 2024, 8:39 a.m. UTC

SNP requires guest_memfd for private guest memory, so enable it so that
the appropriate guest_memfd backend will be available for normal RAM
regions.

Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 target/i386/sev.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Paolo Bonzini March 20, 2024, 9:48 a.m. UTC | #1

On 3/20/24 09:39, Michael Roth wrote:
> SNP requires guest_memfd for private guest memory, so enable it so that
> the appropriate guest_memfd backend will be available for normal RAM
> regions.
> 
> Signed-off-by: Michael Roth <michael.roth@amd.com>
> ---
>   target/i386/sev.c | 5 +++++
>   1 file changed, 5 insertions(+)
> 
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index e4deb7b41e..b06c796aae 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -880,6 +880,7 @@ out:
>   static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
>   {
>       SevCommonState *sev_common = SEV_COMMON(cgs);
> +    MachineState *ms = MACHINE(qdev_get_machine());
>       char *devname;
>       int ret, fw_error, cmd;
>       uint32_t ebx;
> @@ -1000,6 +1001,10 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
>           qemu_add_machine_init_done_notifier(&sev_machine_done_notify);
>       }
>   
> +    if (sev_snp_enabled()) {
> +        ms->require_guest_memfd = true;
> +    }

Likewise, this and the following patch should be done in the 
sev-snp-guest's override of kvm_init.

Paolo

>       qemu_add_vm_change_state_handler(sev_vm_state_change, sev_common);
>   
>       cgs->ready = true;

diff --git a/target/i386/sev.c b/target/i386/sev.c
index e4deb7b41e..b06c796aae 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -880,6 +880,7 @@  out:
 static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
 {
     SevCommonState *sev_common = SEV_COMMON(cgs);
+    MachineState *ms = MACHINE(qdev_get_machine());
     char *devname;
     int ret, fw_error, cmd;
     uint32_t ebx;
@@ -1000,6 +1001,10 @@  static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
         qemu_add_machine_init_done_notifier(&sev_machine_done_notify);
     }
 
+    if (sev_snp_enabled()) {
+        ms->require_guest_memfd = true;
+    }
+
     qemu_add_vm_change_state_handler(sev_vm_state_change, sev_common);
 
     cgs->ready = true;

[v3,27/49] i386/sev: Set ms->require_guest_memfd for SNP

Commit Message

Comments

Patch