From patchwork Thu Mar 17 13:58:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 12784118 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 865DBC433F5 for ; Thu, 17 Mar 2022 14:18:52 +0000 (UTC) Received: from localhost ([::1]:47010 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nUqxn-0004qq-Cw for qemu-devel@archiver.kernel.org; Thu, 17 Mar 2022 10:18:51 -0400 Received: from eggs.gnu.org ([209.51.188.92]:57148) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nUqgh-0000fi-DY for qemu-devel@nongnu.org; Thu, 17 Mar 2022 10:01:13 -0400 Received: from mga12.intel.com ([192.55.52.136]:25019) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nUqgf-0004LN-DH for qemu-devel@nongnu.org; Thu, 17 Mar 2022 10:01:11 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1647525669; x=1679061669; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ot2UhC4Ngkt9x2qNK3E3XsueHhOSstt/gdRmDwhsnY4=; b=ZwurcF5FnMZuObs6Nha2sJe7vZHYGvvvnClNwIVZgTtXGroLoU3L+kHy oD+VH+5QwgFUAxUpiSxQtDxPDOy09GeLB7aqW9pBv2U2aQp8qhxIyfVun 6nt+T0nD3AHooh2ntiiuPmwQt75A0n1w3yC4kR/++GJ4gxB5p9mYqYw3a 6ESNtb3541KNPK8/6xbqFk5wKKIhefwQTtE6Dm+HTodtOMUS7zLtN+hqE 49bIopQ2HSo5Y1WrKLFukpK0vgP48cjv7tpOzZnf8km9sL+QD3wtyGBZp RIMsF0/lXSiYxcV3ODJUnRHtPTxlV6rN+UVOa88f0dVmCGLDylS/ozET0 w==; X-IronPort-AV: E=McAfee;i="6200,9189,10288"; a="236816943" X-IronPort-AV: E=Sophos;i="5.90,188,1643702400"; d="scan'208";a="236816943" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Mar 2022 07:00:29 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,188,1643702400"; d="scan'208";a="541378246" Received: from lxy-dell.sh.intel.com ([10.239.159.55]) by orsmga007.jf.intel.com with ESMTP; 17 Mar 2022 07:00:25 -0700 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , "Michael S. Tsirkin" , Marcel Apfelbaum , Cornelia Huck , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Marcelo Tosatti , Laszlo Ersek , Gerd Hoffmann , Eric Blake Subject: [RFC PATCH v3 16/36] i386/tdx: Set kvm_readonly_mem_enabled to false for TDX VM Date: Thu, 17 Mar 2022 21:58:53 +0800 Message-Id: <20220317135913.2166202-17-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20220317135913.2166202-1-xiaoyao.li@intel.com> References: <20220317135913.2166202-1-xiaoyao.li@intel.com> MIME-Version: 1.0 Received-SPF: pass client-ip=192.55.52.136; envelope-from=xiaoyao.li@intel.com; helo=mga12.intel.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.998, HK_RANDOM_FROM=0.998, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: isaku.yamahata@intel.com, kvm@vger.kernel.org, Connor Kuehl , seanjc@google.com, xiaoyao.li@intel.com, qemu-devel@nongnu.org, erdemaktas@google.com Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" TDX only supports readonly for shared memory but not for private memory. In the view of QEMU, it has no idea whether a memslot is used by shared memory of private. Thus just mark kvm_readonly_mem_enabled to false to TDX VM for simplicity. Note, pflash has dependency on readonly capability from KVM while TDX wants to reuse pflash interface to load TDVF (as OVMF). Excuse TDX VM for readonly check in pflash. Signed-off-by: Xiaoyao Li --- hw/i386/pc_sysfw.c | 2 +- target/i386/kvm/tdx.c | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index c8b17af95353..75b34d02cb4f 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -245,7 +245,7 @@ void pc_system_firmware_init(PCMachineState *pcms, /* Machine property pflash0 not set, use ROM mode */ x86_bios_rom_init(MACHINE(pcms), "bios.bin", rom_memory, false); } else { - if (kvm_enabled() && !kvm_readonly_mem_enabled()) { + if (kvm_enabled() && (!kvm_readonly_mem_enabled() && !is_tdx_vm())) { /* * Older KVM cannot execute from device memory. So, flash * memory cannot be used unless the readonly memory kvm diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 94a9c1ea7e9c..1bb8211e74e6 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -115,6 +115,15 @@ int tdx_kvm_init(MachineState *ms, Error **errp) get_tdx_capabilities(); } + /* + * Set kvm_readonly_mem_allowed to false, because TDX only supports readonly + * memory for shared memory but not for private memory. Besides, whether a + * memslot is private or shared is not determined by QEMU. + * + * Thus, just mark readonly memory not supported for simplicity. + */ + kvm_readonly_mem_allowed = false; + tdx_guest = tdx; return 0;