From patchwork Fri Jan 24 13:20:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949497 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0D286C0218B for ; Fri, 24 Jan 2025 13:49:01 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tbJuP-0008AI-E3; Fri, 24 Jan 2025 08:39:41 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tbJuD-0007Cp-0p for qemu-devel@nongnu.org; Fri, 24 Jan 2025 08:39:33 -0500 Received: from mgamail.intel.com ([198.175.65.13]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tbJuB-00041c-FA for qemu-devel@nongnu.org; Fri, 24 Jan 2025 08:39:28 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725968; x=1769261968; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=3htOvA2jbpLNtRYP7pYOxr4oRukBQDBcMamKFay85SU=; b=BSXXmaiZ6NuJdIZ8NHP7X3f+oduP4kekm4d57yTepth5qwPb6G4rtFlb 8lfO3CpfFj77sJSjCIFlila3oUzct7KFe+Jbtw6HjBrI8Cv9Aj9A1wsXU HCupCJBsgVItU6mv4I6napllDFwJOgGXj4HvTq56CWgyiBJmv01DP7M6m ivFI4IiLszSw+mQu2TawfRN+an/RCcD7dun9myy0qoPojkzxSdzkoOrUX QavH8EXz8REtF40lZBQjKFyw4z5GLK4yvadPtxmbDEt0txD2ALXTWA3WO TXdWSYT9WVbs8H57vutoy5vdW5Uzxa2gN6WhXEX5KKeFbEaoYc6WD6Vpg g==; X-CSE-ConnectionGUID: PvTlucndR7ShawZT4CPGJg== X-CSE-MsgGUID: v9k2MfykQ1m2QyXFyvyNNw== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246502" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246502" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:39:11 -0800 X-CSE-ConnectionGUID: GBAGZD3TTzGavPdm4Wq8KA== X-CSE-MsgGUID: GpGGeVBJSaWU8VbW4hQpRQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804403" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:39:07 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 34/52] i386/tdx: Disable SMM for TDX VMs Date: Fri, 24 Jan 2025 08:20:30 -0500 Message-Id: <20250124132048.3229049-35-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> MIME-Version: 1.0 Received-SPF: pass client-ip=198.175.65.13; envelope-from=xiaoyao.li@intel.com; helo=mgamail.intel.com X-Spam_score_int: -63 X-Spam_score: -6.4 X-Spam_bar: ------ X-Spam_report: (-6.4 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-2.996, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.998, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org TDX doesn't support SMM and VMM cannot emulate SMM for TDX VMs because VMM cannot manipulate TDX VM's memory. Disable SMM for TDX VMs and error out if user requests to enable SMM. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- target/i386/kvm/tdx.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index f4d95b0a4029..10059ec8cf92 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -365,11 +365,20 @@ static Notifier tdx_machine_done_notify = { static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { + MachineState *ms = MACHINE(qdev_get_machine()); + X86MachineState *x86ms = X86_MACHINE(ms); TdxGuest *tdx = TDX_GUEST(cgs); int r = 0; kvm_mark_guest_state_protected(); + if (x86ms->smm == ON_OFF_AUTO_AUTO) { + x86ms->smm = ON_OFF_AUTO_OFF; + } else if (x86ms->smm == ON_OFF_AUTO_ON) { + error_setg(errp, "TDX VM doesn't support SMM"); + return -EINVAL; + } + if (!tdx_caps) { r = get_tdx_capabilities(errp); if (r) {