From patchwork Fri Aug 18 09:50:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13357882 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E70A8C71149 for ; Fri, 18 Aug 2023 14:12:44 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qX05h-0004t4-Dx; Fri, 18 Aug 2023 10:04:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qWwGi-0004wn-C9 for qemu-devel@nongnu.org; Fri, 18 Aug 2023 05:59:49 -0400 Received: from mgamail.intel.com ([192.55.52.120]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qWwGS-0000In-Ke for qemu-devel@nongnu.org; Fri, 18 Aug 2023 05:59:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1692352772; x=1723888772; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=uNo7+NyR81+K5fUdIN/+i7RIlVlk02u9iCispLP0OnQ=; b=hoI9fq+NciELgH2/W38ZFnXByzv1iDtESltpehhWeCjERwZJ4d9ZKkb1 6wrTEL1ZCaiA4DPXOcgTrmSuPXvY7CWhkZhye8hSEUmhy93C2IJAnQ91+ /JoMRmChCuKQA+xVey6Jun5hoP4p2nBpniHHLQrI1nk0KZ4sGg7T+rKFJ dZGosrnNr4TlK2gDfnATKlxFeV2SBZQYVhImEgQll5dhAFx5juqu2mLYc QFGF0QnwED9zmAIvyZN4gYDH7YToLjnDn2h0WBu9Q7b/Unx+F/ak8vFlb viY32r/KHMRGVs2+6e5pb1+0LvIAk9gUlr4kfF133+P/MS9SiQ3fmabRx A==; X-IronPort-AV: E=McAfee;i="6600,9927,10805"; a="371966814" X-IronPort-AV: E=Sophos;i="6.01,182,1684825200"; d="scan'208";a="371966814" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Aug 2023 02:58:37 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10805"; a="849235601" X-IronPort-AV: E=Sophos;i="6.01,182,1684825200"; d="scan'208";a="849235601" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.46]) by fmsmga002.fm.intel.com with ESMTP; 18 Aug 2023 02:58:32 -0700 From: Xiaoyao Li To: Paolo Bonzini , Richard Henderson , "Michael S. Tsirkin" , Marcel Apfelbaum , Igor Mammedov , Ani Sinha , Peter Xu , David Hildenbrand , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , =?utf-8?q?Dani?= =?utf-8?q?el_P=2E_Berrang=C3=A9?= , Cornelia Huck , Eric Blake , Markus Armbruster , Marcelo Tosatti , Gerd Hoffmann Cc: qemu-devel@nongnu.org, kvm@vger.kernel.org, Eduardo Habkost , Laszlo Ersek , xiaoyao.li@intel.com, Isaku Yamahata , erdemaktas@google.com, Chenyi Qiang Subject: [PATCH v2 48/58] i386/tdx: Disable SMM for TDX VMs Date: Fri, 18 Aug 2023 05:50:31 -0400 Message-Id: <20230818095041.1973309-49-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230818095041.1973309-1-xiaoyao.li@intel.com> References: <20230818095041.1973309-1-xiaoyao.li@intel.com> MIME-Version: 1.0 Received-SPF: pass client-ip=192.55.52.120; envelope-from=xiaoyao.li@intel.com; helo=mgamail.intel.com X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.021, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org TDX doesn't support SMM and VMM cannot emulate SMM for TDX VMs because VMM cannot manipulate TDX VM's memory. Disable SMM for TDX VMs and error out if user requests to enable SMM. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- target/i386/kvm/tdx.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 7efaa13f59e2..f9d03ab0f461 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -678,9 +678,17 @@ static Notifier tdx_machine_done_notify = { int tdx_kvm_init(MachineState *ms, Error **errp) { + X86MachineState *x86ms = X86_MACHINE(ms); TdxGuest *tdx = (TdxGuest *)object_dynamic_cast(OBJECT(ms->cgs), TYPE_TDX_GUEST); + if (x86ms->smm == ON_OFF_AUTO_AUTO) { + x86ms->smm = ON_OFF_AUTO_OFF; + } else if (x86ms->smm == ON_OFF_AUTO_ON) { + error_setg(errp, "TDX VM doesn't support SMM"); + return -EINVAL; + } + if (!tdx_caps) { get_tdx_capabilities(); }