| Message ID | 20240322181116.1228416-12-pbonzini@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | x86, kvm: common confidential computing subset | expand |
On Fri, Mar 22, 2024 at 07:11:01PM +0100, Paolo Bonzini wrote: > Right now, the system reset is concluded by a call to > cpu_synchronize_all_post_reset() in order to sync any changes > that the machine reset callback applied to the CPU state. > > However, for VMs with encrypted state such as SEV-ES guests (currently > the only case of guests with non-resettable CPUs) this cannot be done, > because guest state has already been finalized by machine-init-done notifiers. > cpu_synchronize_all_post_reset() does nothing on these guests, and actually > we would like to make it fail if called once guest has been encrypted. > So, assume that boards that support non-resettable CPUs do not touch > CPU state and that all such setup is done before, at the time of > cpu_synchronize_all_post_init(). > > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> > --- > system/runstate.c | 15 ++++++++++++++- > roms/edk2 | 2 +- > 2 files changed, 15 insertions(+), 2 deletions(-) Accidental submodule change here : > diff --git a/roms/edk2 b/roms/edk2 > index edc6681206c..819cfc6b42a 160000 > --- a/roms/edk2 > +++ b/roms/edk2 > @@ -1 +1 @@ > -Subproject commit edc6681206c1a8791981a2f911d2fb8b3d2f5768 > +Subproject commit 819cfc6b42a68790a23509e4fcc58ceb70e1965e > -- > 2.44.0 > > With regards, Daniel
On 22/3/24 19:11, Paolo Bonzini wrote: > Right now, the system reset is concluded by a call to > cpu_synchronize_all_post_reset() in order to sync any changes > that the machine reset callback applied to the CPU state. > > However, for VMs with encrypted state such as SEV-ES guests (currently > the only case of guests with non-resettable CPUs) this cannot be done, > because guest state has already been finalized by machine-init-done notifiers. > cpu_synchronize_all_post_reset() does nothing on these guests, and actually > we would like to make it fail if called once guest has been encrypted. > So, assume that boards that support non-resettable CPUs do not touch > CPU state and that all such setup is done before, at the time of > cpu_synchronize_all_post_init(). > > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> > --- > system/runstate.c | 15 ++++++++++++++- > roms/edk2 | 2 +- Without submodule change: Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> > 2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/system/runstate.c b/system/runstate.c index d6ab860ecaa..cb4905a40fc 100644 --- a/system/runstate.c +++ b/system/runstate.c @@ -501,7 +501,20 @@ void qemu_system_reset(ShutdownCause reason) default: qapi_event_send_reset(shutdown_caused_by_guest(reason), reason); } - cpu_synchronize_all_post_reset(); + + /* + * Some boards use the machine reset callback to point CPUs to the firmware + * entry point. Assume that this is not the case for boards that support + * non-resettable CPUs (currently used only for confidential guests), in + * which case cpu_synchronize_all_post_init() is enough because + * it does _more_ than cpu_synchronize_all_post_reset(). + */ + if (cpus_are_resettable()) { + cpu_synchronize_all_post_reset(); + } else { + assert(runstate_check(RUN_STATE_PRELAUNCH)); + } + vm_set_suspended(false); } diff --git a/roms/edk2 b/roms/edk2 index edc6681206c..819cfc6b42a 160000 --- a/roms/edk2 +++ b/roms/edk2 @@ -1 +1 @@ -Subproject commit edc6681206c1a8791981a2f911d2fb8b3d2f5768 +Subproject commit 819cfc6b42a68790a23509e4fcc58ceb70e1965e
Right now, the system reset is concluded by a call to cpu_synchronize_all_post_reset() in order to sync any changes that the machine reset callback applied to the CPU state. However, for VMs with encrypted state such as SEV-ES guests (currently the only case of guests with non-resettable CPUs) this cannot be done, because guest state has already been finalized by machine-init-done notifiers. cpu_synchronize_all_post_reset() does nothing on these guests, and actually we would like to make it fail if called once guest has been encrypted. So, assume that boards that support non-resettable CPUs do not touch CPU state and that all such setup is done before, at the time of cpu_synchronize_all_post_init(). Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> --- system/runstate.c | 15 ++++++++++++++- roms/edk2 | 2 +- 2 files changed, 15 insertions(+), 2 deletions(-)