From patchwork Tue Jun 4 06:43:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684796 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5BE86C27C52 for ; Tue, 4 Jun 2024 06:51:22 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENuI-0001vt-Tj; Tue, 04 Jun 2024 02:44:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuD-0001vN-9u for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:25 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuB-0007DW-Cq for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483462; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iKT6IARhOSF18hfyR8oDplmJ8TdlS5OJky1bfHLBpe8=; b=AvXrPEvDyWE58VTmDWNl02R6ORevXqcpJvBHUczoQUosLz4xEyLGZBhLMKTXVDzR1Q5JQh n5JkZUYBY79EGXOmWXOXZ9s6sfW8GqyLrLRZXl1tuRAtKmB5Mc9W/tmw7YdPp6nPLCxJ4E N68FEi9+jtWjlY32oAsqOfzIluUfJ2E= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-223-2tHstuVDMKaTewRlsNSNqw-1; Tue, 04 Jun 2024 02:44:18 -0400 X-MC-Unique: 2tHstuVDMKaTewRlsNSNqw-1 Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-a68eb60d73cso16095266b.2 for ; Mon, 03 Jun 2024 23:44:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483456; x=1718088256; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iKT6IARhOSF18hfyR8oDplmJ8TdlS5OJky1bfHLBpe8=; b=aiSrYuhjznulTkbTfAAduPWWru/pR3nCrXNeFNznXEaNCR0oV+m48+3OxEOe6T+3vF o+puOUFgRmq8jTXDWldazJ2zS6Oynhq+7/ALwAimLMaHbh6Dzuss46DK5yqbjWjD/D8e 45jyvpjq1UG69uqu5ctYtrOG8XN7+BOSfbMfA2mafev8eaE0R4NuTF8HKYBFVz9dgplC w4U5Wlx5HC3F3iq4cahEZFbl5PP9o/364o6m+SHpyP8S7UFcBn84sIHXzwiK9bSxvxPl fRhZdLuV5EhT+J0fyxJbpcr8vdh6iEs6L7O1hrmouqvhq4LqTdEYGNuGRAiLxGl0Q9I7 YagA== X-Gm-Message-State: AOJu0YyZXSj74TnqEzWO9eaNpi6SY9f1I4/Ex1e1ATdksyLuVS6TPw2l fRFNiV3PitpW6Ua18wyqv2D5kaY5d0TP+PCPvOC0e+Shdmf4n+VOlj4HtjJICZzxfJS/ZupoyjI 07VWGIYlxrpQ1f/TCu8G9JeA7BSNbSMcFbVnhKmRO/Qi04qBaZSB2fs+fndqF4nemIHFnfxsR8h xCEvaOvPzHBKDBOWK2Jxh62BBMTu6PCv8bbpfd X-Received: by 2002:a17:906:dfc1:b0:a68:bdab:48e4 with SMTP id a640c23a62f3a-a68bdab4adcmr487512066b.1.1717483456421; Mon, 03 Jun 2024 23:44:16 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHWNDABUKVfnf4FRvg8m/OJxoGDEaFsZiCwYDzgItLe5ZtqQxkAe27FYwRMhjA3O2gFdNe4zg== X-Received: by 2002:a17:906:dfc1:b0:a68:bdab:48e4 with SMTP id a640c23a62f3a-a68bdab4adcmr487510666b.1.1717483455699; Mon, 03 Jun 2024 23:44:15 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a67e6f02e45sm587182366b.29.2024.06.03.23.44.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:44:14 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PULL 01/45] virtio-blk: remove SCSI passthrough functionality Date: Tue, 4 Jun 2024 08:43:25 +0200 Message-ID: <20240604064409.957105-2-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org The legacy SCSI passthrough functionality has never been enabled for VIRTIO 1.0 and was deprecated more than four years ago. Get rid of it---almost, because QEMU is advertising it unconditionally for legacy virtio-blk devices. Just parse the header and return a nonzero status. Signed-off-by: Paolo Bonzini --- docs/about/deprecated.rst | 10 -- docs/about/removed-features.rst | 8 ++ hw/block/virtio-blk.c | 166 +++----------------------------- hw/core/machine.c | 2 - 4 files changed, 19 insertions(+), 167 deletions(-) diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index 40585ca7d55..4980d721cf4 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -296,16 +296,6 @@ Device options Emulated device options ''''''''''''''''''''''' -``-device virtio-blk,scsi=on|off`` (since 5.0) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The virtio-blk SCSI passthrough feature is a legacy VIRTIO feature. VIRTIO 1.0 -and later do not support it because the virtio-scsi device was introduced for -full SCSI support. Use virtio-scsi instead when SCSI passthrough is required. - -Note this also applies to ``-device virtio-blk-pci,scsi=on|off``, which is an -alias. - ``-device nvme-ns,eui64-default=on|off`` (since 7.1) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst index fba0cfb0b02..ae6269eb562 100644 --- a/docs/about/removed-features.rst +++ b/docs/about/removed-features.rst @@ -510,6 +510,14 @@ than zero. Removed along with the ``compression`` migration capability. +``-device virtio-blk,scsi=on|off`` (since 9.1) +'''''''''''''''''''''''''''''''''''''''''''''' + +The virtio-blk SCSI passthrough feature is a legacy VIRTIO feature. VIRTIO 1.0 +and later do not support it because the virtio-scsi device was introduced for +full SCSI support. Use virtio-scsi instead when SCSI passthrough is required. + + User-mode emulator command line arguments ----------------------------------------- diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c index bb86e65f652..73bdfd6122a 100644 --- a/hw/block/virtio-blk.c +++ b/hw/block/virtio-blk.c @@ -172,57 +172,6 @@ static void virtio_blk_discard_write_zeroes_complete(void *opaque, int ret) virtio_blk_free_request(req); } -#ifdef __linux__ - -typedef struct { - VirtIOBlockReq *req; - struct sg_io_hdr hdr; -} VirtIOBlockIoctlReq; - -static void virtio_blk_ioctl_complete(void *opaque, int status) -{ - VirtIOBlockIoctlReq *ioctl_req = opaque; - VirtIOBlockReq *req = ioctl_req->req; - VirtIOBlock *s = req->dev; - VirtIODevice *vdev = VIRTIO_DEVICE(s); - struct virtio_scsi_inhdr *scsi; - struct sg_io_hdr *hdr; - - scsi = (void *)req->elem.in_sg[req->elem.in_num - 2].iov_base; - - if (status) { - status = VIRTIO_BLK_S_UNSUPP; - virtio_stl_p(vdev, &scsi->errors, 255); - goto out; - } - - hdr = &ioctl_req->hdr; - /* - * From SCSI-Generic-HOWTO: "Some lower level drivers (e.g. ide-scsi) - * clear the masked_status field [hence status gets cleared too, see - * block/scsi_ioctl.c] even when a CHECK_CONDITION or COMMAND_TERMINATED - * status has occurred. However they do set DRIVER_SENSE in driver_status - * field. Also a (sb_len_wr > 0) indicates there is a sense buffer. - */ - if (hdr->status == 0 && hdr->sb_len_wr > 0) { - hdr->status = CHECK_CONDITION; - } - - virtio_stl_p(vdev, &scsi->errors, - hdr->status | (hdr->msg_status << 8) | - (hdr->host_status << 16) | (hdr->driver_status << 24)); - virtio_stl_p(vdev, &scsi->residual, hdr->resid); - virtio_stl_p(vdev, &scsi->sense_len, hdr->sb_len_wr); - virtio_stl_p(vdev, &scsi->data_len, hdr->dxfer_len); - -out: - virtio_blk_req_complete(req, status); - virtio_blk_free_request(req); - g_free(ioctl_req); -} - -#endif - static VirtIOBlockReq *virtio_blk_get_request(VirtIOBlock *s, VirtQueue *vq) { VirtIOBlockReq *req = virtqueue_pop(vq, sizeof(VirtIOBlockReq)); @@ -233,20 +182,14 @@ static VirtIOBlockReq *virtio_blk_get_request(VirtIOBlock *s, VirtQueue *vq) return req; } -static int virtio_blk_handle_scsi_req(VirtIOBlockReq *req) +static void virtio_blk_handle_scsi(VirtIOBlockReq *req) { - int status = VIRTIO_BLK_S_OK; - struct virtio_scsi_inhdr *scsi = NULL; + int status; + struct virtio_scsi_inhdr *scsi; VirtIOBlock *blk = req->dev; VirtIODevice *vdev = VIRTIO_DEVICE(blk); VirtQueueElement *elem = &req->elem; -#ifdef __linux__ - int i; - VirtIOBlockIoctlReq *ioctl_req; - BlockAIOCB *acb; -#endif - /* * We require at least one output segment each for the virtio_blk_outhdr * and the SCSI command block. @@ -262,95 +205,16 @@ static int virtio_blk_handle_scsi_req(VirtIOBlockReq *req) /* * The scsi inhdr is placed in the second-to-last input segment, just * before the regular inhdr. + * + * Just put anything nonzero so that the ioctl fails in the guest. */ scsi = (void *)elem->in_sg[elem->in_num - 2].iov_base; - - if (!virtio_has_feature(blk->host_features, VIRTIO_BLK_F_SCSI)) { - status = VIRTIO_BLK_S_UNSUPP; - goto fail; - } - - /* - * No support for bidirection commands yet. - */ - if (elem->out_num > 2 && elem->in_num > 3) { - status = VIRTIO_BLK_S_UNSUPP; - goto fail; - } - -#ifdef __linux__ - ioctl_req = g_new0(VirtIOBlockIoctlReq, 1); - ioctl_req->req = req; - ioctl_req->hdr.interface_id = 'S'; - ioctl_req->hdr.cmd_len = elem->out_sg[1].iov_len; - ioctl_req->hdr.cmdp = elem->out_sg[1].iov_base; - ioctl_req->hdr.dxfer_len = 0; - - if (elem->out_num > 2) { - /* - * If there are more than the minimally required 2 output segments - * there is write payload starting from the third iovec. - */ - ioctl_req->hdr.dxfer_direction = SG_DXFER_TO_DEV; - ioctl_req->hdr.iovec_count = elem->out_num - 2; - - for (i = 0; i < ioctl_req->hdr.iovec_count; i++) { - ioctl_req->hdr.dxfer_len += elem->out_sg[i + 2].iov_len; - } - - ioctl_req->hdr.dxferp = elem->out_sg + 2; - - } else if (elem->in_num > 3) { - /* - * If we have more than 3 input segments the guest wants to actually - * read data. - */ - ioctl_req->hdr.dxfer_direction = SG_DXFER_FROM_DEV; - ioctl_req->hdr.iovec_count = elem->in_num - 3; - for (i = 0; i < ioctl_req->hdr.iovec_count; i++) { - ioctl_req->hdr.dxfer_len += elem->in_sg[i].iov_len; - } - - ioctl_req->hdr.dxferp = elem->in_sg; - } else { - /* - * Some SCSI commands don't actually transfer any data. - */ - ioctl_req->hdr.dxfer_direction = SG_DXFER_NONE; - } - - ioctl_req->hdr.sbp = elem->in_sg[elem->in_num - 3].iov_base; - ioctl_req->hdr.mx_sb_len = elem->in_sg[elem->in_num - 3].iov_len; - - acb = blk_aio_ioctl(blk->blk, SG_IO, &ioctl_req->hdr, - virtio_blk_ioctl_complete, ioctl_req); - if (!acb) { - g_free(ioctl_req); - status = VIRTIO_BLK_S_UNSUPP; - goto fail; - } - return -EINPROGRESS; -#else - abort(); -#endif + virtio_stl_p(vdev, &scsi->errors, 255); + status = VIRTIO_BLK_S_UNSUPP; fail: - /* Just put anything nonzero so that the ioctl fails in the guest. */ - if (scsi) { - virtio_stl_p(vdev, &scsi->errors, 255); - } - return status; -} - -static void virtio_blk_handle_scsi(VirtIOBlockReq *req) -{ - int status; - - status = virtio_blk_handle_scsi_req(req); - if (status != -EINPROGRESS) { - virtio_blk_req_complete(req, status); - virtio_blk_free_request(req); - } + virtio_blk_req_complete(req, status); + virtio_blk_free_request(req); } static inline void submit_requests(VirtIOBlock *s, MultiReqBuffer *mrb, @@ -1379,13 +1243,9 @@ static uint64_t virtio_blk_get_features(VirtIODevice *vdev, uint64_t features, virtio_add_feature(&features, VIRTIO_BLK_F_GEOMETRY); virtio_add_feature(&features, VIRTIO_BLK_F_TOPOLOGY); virtio_add_feature(&features, VIRTIO_BLK_F_BLK_SIZE); - if (virtio_has_feature(features, VIRTIO_F_VERSION_1)) { - if (virtio_has_feature(s->host_features, VIRTIO_BLK_F_SCSI)) { - error_setg(errp, "Please set scsi=off for virtio-blk devices in order to use virtio 1.0"); - return 0; - } - } else { + if (!virtio_has_feature(features, VIRTIO_F_VERSION_1)) { virtio_clear_feature(&features, VIRTIO_F_ANY_LAYOUT); + /* Added for historical reasons, removing it could break migration. */ virtio_add_feature(&features, VIRTIO_BLK_F_SCSI); } @@ -2132,10 +1992,6 @@ static Property virtio_blk_properties[] = { DEFINE_PROP_STRING("serial", VirtIOBlock, conf.serial), DEFINE_PROP_BIT64("config-wce", VirtIOBlock, host_features, VIRTIO_BLK_F_CONFIG_WCE, true), -#ifdef __linux__ - DEFINE_PROP_BIT64("scsi", VirtIOBlock, host_features, - VIRTIO_BLK_F_SCSI, false), -#endif DEFINE_PROP_BIT("request-merging", VirtIOBlock, conf.request_merging, 0, true), DEFINE_PROP_UINT16("num-queues", VirtIOBlock, conf.num_queues, diff --git a/hw/core/machine.c b/hw/core/machine.c index 8087026b45d..17292b13e62 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -265,8 +265,6 @@ GlobalProperty hw_compat_2_5[] = { const size_t hw_compat_2_5_len = G_N_ELEMENTS(hw_compat_2_5); GlobalProperty hw_compat_2_4[] = { - /* Optional because the 'scsi' property is Linux-only */ - { "virtio-blk-device", "scsi", "true", .optional = true }, { "e1000", "extra_mac_registers", "off" }, { "virtio-pci", "x-disable-pcie", "on" }, { "virtio-pci", "migrate-extra", "off" }, From patchwork Tue Jun 4 06:43:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684754 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B1C05C25B7E for ; Tue, 4 Jun 2024 06:45:39 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENuJ-0001wD-MD; Tue, 04 Jun 2024 02:44:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuF-0001vk-Fy for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:28 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuE-0007F2-1m for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483465; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GddOmQhfFORfG9tr7FCmbGqF9ZpbvN878cxtrbolbpk=; b=AvXKQ8l2kMrwdO665qkJ6STkNgliTMwuvYtX4hCZ6Tg2n+Gpj5ymzxoOA2E8SXZdoc/5rs WYpuEz4y3mxxErsMdnVMIsKrDdDhERXSfMWcscKhDzBsCGDCVUN5cHT58pVthAQwW90YFd kaaBYW2hrQNNkF6nCDSBeQDC5jyWVyI= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-126-dLELeqeDMimLeNR7P8DAyw-1; Tue, 04 Jun 2024 02:44:21 -0400 X-MC-Unique: dLELeqeDMimLeNR7P8DAyw-1 Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-57a2fb28a23so364397a12.3 for ; Mon, 03 Jun 2024 23:44:21 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483459; x=1718088259; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GddOmQhfFORfG9tr7FCmbGqF9ZpbvN878cxtrbolbpk=; b=eezPfgQKxprucopD+lcAylV/6CWXOq/UUJB8dQK5EaVhN277btNTQXTFyM7tkTV3tK ld0LAr1akozAlUh5RFWrCnQJUHChDZV6NP/1+LCS6PA98OsqqcsRnMx1aNmtUD0Ve8ml I3+7zExOqqT+jx6upIMdYFccZQRIesHp0cOHaNmAfaO9nDnJz6ikhUIBucJ5iCfdINpo mtfA0MP1zz6SvYpNokvwzKW+I/BiK2fVBcuPwgGOsv02/3xPDcckpZBxa8MQqtKYd6qu K6JtKrK5eIyPKWfn1On7I5CPPVpyGrQBm1V35UeWzjgAPhcQZof5WNfiUhaJ1UaKH9XI 173w== X-Gm-Message-State: AOJu0YxeC+hyejwx/Gtupg1mbBVMqtj/Y6HZjqffcylwtLzVvHoxeCZZ gAV2Ftx9ciT+XEIlQP3AzCNFlO/yDA+Gn/NbtQMJ5PS7UIORv+A1t7HKBWm3CHW+F1FlsWK7Or4 WuBqvXLxucaM/pBOCBccSiI0Hvl3rLF6tlNaRsv7AiDmKtaGbBzhYyruQDRt4DI9OStoroMmOpA OvvQ0DuzKpro3tkbpu1BGdBM7NY32hAgwXKpzR X-Received: by 2002:a50:d657:0:b0:57a:33a5:9b78 with SMTP id 4fb4d7f45d1cf-57a364496famr6712362a12.34.1717483459105; Mon, 03 Jun 2024 23:44:19 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE6qTOubZSr3iChSRpbVUfHkF1qu7yCO0E5Unc72e0Mhg1Q1E2SpwpSkCHAFe0ltklZoaeigA== X-Received: by 2002:a50:d657:0:b0:57a:33a5:9b78 with SMTP id 4fb4d7f45d1cf-57a364496famr6712350a12.34.1717483458700; Mon, 03 Jun 2024 23:44:18 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57a31c6d301sm6675233a12.76.2024.06.03.23.44.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:44:17 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Richard Henderson Subject: [PULL 02/45] host/i386: nothing looks at CPUINFO_SSE4 Date: Tue, 4 Jun 2024 08:43:26 +0200 Message-ID: <20240604064409.957105-3-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org The only user was the SSE4.1 variant of buffer_is_zero, which has been removed; code to compute CPUINFO_SSE4 is dead. Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Richard Henderson Signed-off-by: Paolo Bonzini --- host/include/i386/host/cpuinfo.h | 1 - util/cpuinfo-i386.c | 1 - 2 files changed, 2 deletions(-) diff --git a/host/include/i386/host/cpuinfo.h b/host/include/i386/host/cpuinfo.h index b89e6d2e55a..9386c749881 100644 --- a/host/include/i386/host/cpuinfo.h +++ b/host/include/i386/host/cpuinfo.h @@ -16,7 +16,6 @@ #define CPUINFO_BMI1 (1u << 5) #define CPUINFO_BMI2 (1u << 6) #define CPUINFO_SSE2 (1u << 7) -#define CPUINFO_SSE4 (1u << 8) #define CPUINFO_AVX1 (1u << 9) #define CPUINFO_AVX2 (1u << 10) #define CPUINFO_AVX512F (1u << 11) diff --git a/util/cpuinfo-i386.c b/util/cpuinfo-i386.c index 9fddb18303d..18ab747a6d2 100644 --- a/util/cpuinfo-i386.c +++ b/util/cpuinfo-i386.c @@ -36,7 +36,6 @@ unsigned __attribute__((constructor)) cpuinfo_init(void) info |= (d & bit_CMOV ? CPUINFO_CMOV : 0); info |= (d & bit_SSE2 ? CPUINFO_SSE2 : 0); - info |= (c & bit_SSE4_1 ? CPUINFO_SSE4 : 0); info |= (c & bit_MOVBE ? CPUINFO_MOVBE : 0); info |= (c & bit_POPCNT ? CPUINFO_POPCNT : 0); info |= (c & bit_PCLMUL ? CPUINFO_PCLMUL : 0); From patchwork Tue Jun 4 06:43:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684759 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0E347C25B7E for ; Tue, 4 Jun 2024 06:46:16 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENuK-0001x1-8P; Tue, 04 Jun 2024 02:44:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuJ-0001wl-Hs for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:31 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuH-0007FQ-3Q for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483468; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mbdPSgBMmEM0sdVEMRqo/qJllKiAjUzu7KbdlzjNJEg=; b=XZn/Wtxy1vLud19l5vwelTba4a8wOkiNxNS5JeGXz/0RXWyASpEz/MM3+WccV+Kc0HSrYN ojh0r4THYXRGSj7IHHvuNHVcgbtkkrMG0Nvm/GCKkAOoznXQJwA9l2F2h6Hs5b2CRMy9P9 cK8Sny2vIeYUQDXEd3YGEoYojnsGpX4= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-8-2sWfsubgOVywUv1X9ji8ww-1; Tue, 04 Jun 2024 02:44:24 -0400 X-MC-Unique: 2sWfsubgOVywUv1X9ji8ww-1 Received: by mail-ed1-f69.google.com with SMTP id 4fb4d7f45d1cf-57a69a573a4so299879a12.2 for ; Mon, 03 Jun 2024 23:44:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483462; x=1718088262; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mbdPSgBMmEM0sdVEMRqo/qJllKiAjUzu7KbdlzjNJEg=; b=BcyOC0tHRqP5h8A3vTtOQL0Fy8lEG3A0URqhsYyWbIpVWHV2DlCWyasPOhNa4p6KL0 CtbhQtmwN0y+hZGd4uUUYwwmAfx7+2hnazuSWkaKjo/EaawrutJI0Nef20/6cF+VI19R M7MHNebQVeYVML0KBR592jQQUu9G0VsSJwJiJjorlxpsCNSl/tWLvOWuKuZy6a1wl1b0 5+BUWO7rl/P8jusr3UZ4GN+0J1NSJXa68ZuRdICvBHFe/faqoEcxqlLAso8jM4cQ8m3p yKZDpequleZEPN5N2xe6oIejfOfAOwMlCfclDuQulfB78JCnuJtZalu2+/xWi5OPkfUI WuaQ== X-Gm-Message-State: AOJu0Yz87X+Ed7kE9dzez1TPzWssIkL9w6uMW1bPzK9O3j1/WEFdVPzi 6ITgClgf3RFPOHd5gG3tlScUqk5oaZEgRGcEz0MMECrv6S58fIS1cr+lrqdZ49OlxxBqtREpyZ9 pN3+fx5pxyhevM1LZX3NDPPbjnLf/W3xUbuG4R6dhqoENP/uOl3SUxFACwv/LlEVkJnt/VuEEza 8MrjJ49ZEosK6LkRVpaJkNNNZvKR4eOiERcjvR X-Received: by 2002:a50:d64a:0:b0:578:5f1b:421a with SMTP id 4fb4d7f45d1cf-57a36543114mr6806799a12.27.1717483462669; Mon, 03 Jun 2024 23:44:22 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHDb3cA0XpT+jwPEXHZBoZm8OlRq6U5je13py0Pf0K7g6DfMHwfxPrUYAsRbS+bwe39U8MyBA== X-Received: by 2002:a50:d64a:0:b0:578:5f1b:421a with SMTP id 4fb4d7f45d1cf-57a36543114mr6806786a12.27.1717483462233; Mon, 03 Jun 2024 23:44:22 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57a4606f159sm5515256a12.43.2024.06.03.23.44.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:44:20 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Richard Henderson Subject: [PULL 03/45] meson: assume x86-64-v2 baseline ISA Date: Tue, 4 Jun 2024 08:43:27 +0200 Message-ID: <20240604064409.957105-4-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org x86-64-v2 processors were released in 2008, assume that we have one. Unfortunately there is no GCC flag to enable all the features without disabling what came after; so enable them one by one. Reviewed-by: Richard Henderson Signed-off-by: Paolo Bonzini --- meson.build | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/meson.build b/meson.build index 63866071445..d80203f1cde 100644 --- a/meson.build +++ b/meson.build @@ -336,9 +336,13 @@ if host_arch == 'i386' and not cc.links(''' qemu_common_flags = ['-march=i486'] + qemu_common_flags endif -# ??? Only extremely old AMD cpus do not have cmpxchg16b. -# If we truly care, we should simply detect this case at -# runtime and generate the fallback to serial emulation. +# Assume x86-64-v2 (minus CMPXCHG16B for 32-bit code) +if host_arch == 'i386' + qemu_common_flags = ['-mfpmath=sse'] + qemu_common_flags +endif +if host_arch in ['i386', 'x86_64'] + qemu_common_flags = ['-mpopcnt', '-msse4.2'] + qemu_common_flags +endif if host_arch == 'x86_64' qemu_common_flags = ['-mcx16'] + qemu_common_flags endif From patchwork Tue Jun 4 06:43:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684800 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 98109C25B7E for ; Tue, 4 Jun 2024 06:51:57 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENuP-0001yP-Qk; Tue, 04 Jun 2024 02:44:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuO-0001y4-Qu for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:36 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuN-0007Fp-9V for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483474; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=p/55UBJHPP0pMfaMY7gMW8buEJYTanSZ8PJmFCw0e2U=; b=EbIKPb54VRRAT5L7tyBZSU5vDVt2AWgqZUqynM9987SABsBSyqBbJcfn8ULFH7LNK9gluv 9TOwsMu7QQ59x2mH/uPaqd1RG9+TcFa5OvtzLjaD5Trqjt2Xlc5EnrbZHN6iG/DiSYZLiC hrDYWEN3ggnIxSa8uUMse/Wi4QfkvHM= Received: from mail-lf1-f72.google.com (mail-lf1-f72.google.com [209.85.167.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-675-KLy0m_I2MnCRgUiIsNYkUw-1; Tue, 04 Jun 2024 02:44:28 -0400 X-MC-Unique: KLy0m_I2MnCRgUiIsNYkUw-1 Received: by mail-lf1-f72.google.com with SMTP id 2adb3069b0e04-52b98d73cf9so1313982e87.1 for ; Mon, 03 Jun 2024 23:44:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483466; x=1718088266; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=p/55UBJHPP0pMfaMY7gMW8buEJYTanSZ8PJmFCw0e2U=; b=VFKEXIIA63ix56rALgYUTSYQS0V8DYJ1vtmyN18TLQhS7t9dXkMklLm5P7nCiD/Hr5 VWcNO3qnt843nlIlpDHe5qckgFHmfVGTMRbs6/pwsq5sht24eORgEfNEjkN29rb6GmkO VCV3vFqNiNbLMX8/uuIqwveTsY50sMxl/2u2w9GEOVA2MfQb+Z5bS9QFiwtb3oCSX22l S8dT1U+RhmEb8EWMf6HkaqkqGEoghmsDrA/oZkMi45Izrqg4B5q00wfGuORN8PZ8OqqA lK3aWpH4ZhhM2AMdMT9aSFzgn9XavCzhiIukW/8qdlkB1Kh+qTbIpLLsbwrlf3+dRt5Q WxbQ== X-Gm-Message-State: AOJu0Yyx7jQQ1zGOuTrAyXlks8uM0S7X+jDOf/lk/vTTBAvDgBqQyfGm PTrwsPg3EI9ocWEHVIzby29R+8OurOYl7H77EBgrSdLX0+nCVPSIOkDzi9M6D4y6NUgqpuol4Aq nEzyeQcSZ5hriIRLB3tRFLCn/9RInAkfZ5aUboIVl6nWtaXqQcUeQGisYajgUDBioiMkrOeR2bB 1cwHheif/M7dfjY3swmMiWo9+ujnQLQGsDDxg7 X-Received: by 2002:a19:4354:0:b0:529:b6c3:be9e with SMTP id 2adb3069b0e04-52b895217c9mr9184857e87.9.1717483466532; Mon, 03 Jun 2024 23:44:26 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGRDasS5jYE+hqoRdKRlitDs5LYgGcsTzuc7JC8xJ7IkT1+pRVWkPjM894yZ1los0NCQKnVdg== X-Received: by 2002:a19:4354:0:b0:529:b6c3:be9e with SMTP id 2adb3069b0e04-52b895217c9mr9184842e87.9.1717483466099; Mon, 03 Jun 2024 23:44:26 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68ae9bf7e2sm462040966b.213.2024.06.03.23.44.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:44:24 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Richard Henderson Subject: [PULL 04/45] host/i386: assume presence of CMOV Date: Tue, 4 Jun 2024 08:43:28 +0200 Message-ID: <20240604064409.957105-5-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org QEMU now requires an x86-64-v2 host, which always has CMOV. Use it freely in TCG generated code. Reviewed-by: Richard Henderson Signed-off-by: Paolo Bonzini --- host/include/i386/host/cpuinfo.h | 1 - util/cpuinfo-i386.c | 1 - tcg/i386/tcg-target.c.inc | 15 +-------------- 3 files changed, 1 insertion(+), 16 deletions(-) diff --git a/host/include/i386/host/cpuinfo.h b/host/include/i386/host/cpuinfo.h index 9386c749881..81771733eaa 100644 --- a/host/include/i386/host/cpuinfo.h +++ b/host/include/i386/host/cpuinfo.h @@ -9,7 +9,6 @@ /* Digested version of */ #define CPUINFO_ALWAYS (1u << 0) /* so cpuinfo is nonzero */ -#define CPUINFO_CMOV (1u << 1) #define CPUINFO_MOVBE (1u << 2) #define CPUINFO_LZCNT (1u << 3) #define CPUINFO_POPCNT (1u << 4) diff --git a/util/cpuinfo-i386.c b/util/cpuinfo-i386.c index 18ab747a6d2..90f92a42dc8 100644 --- a/util/cpuinfo-i386.c +++ b/util/cpuinfo-i386.c @@ -34,7 +34,6 @@ unsigned __attribute__((constructor)) cpuinfo_init(void) if (max >= 1) { __cpuid(1, a, b, c, d); - info |= (d & bit_CMOV ? CPUINFO_CMOV : 0); info |= (d & bit_SSE2 ? CPUINFO_SSE2 : 0); info |= (c & bit_MOVBE ? CPUINFO_MOVBE : 0); info |= (c & bit_POPCNT ? CPUINFO_POPCNT : 0); diff --git a/tcg/i386/tcg-target.c.inc b/tcg/i386/tcg-target.c.inc index 59235b4f387..9a54ef7f8db 100644 --- a/tcg/i386/tcg-target.c.inc +++ b/tcg/i386/tcg-target.c.inc @@ -157,12 +157,6 @@ static TCGReg tcg_target_call_oarg_reg(TCGCallReturnKind kind, int slot) #define SOFTMMU_RESERVE_REGS \ (tcg_use_softmmu ? (1 << TCG_REG_L0) | (1 << TCG_REG_L1) : 0) -/* For 64-bit, we always know that CMOV is available. */ -#if TCG_TARGET_REG_BITS == 64 -# define have_cmov true -#else -# define have_cmov (cpuinfo & CPUINFO_CMOV) -#endif #define have_bmi2 (cpuinfo & CPUINFO_BMI2) #define have_lzcnt (cpuinfo & CPUINFO_LZCNT) @@ -1815,14 +1809,7 @@ static void tcg_out_setcond2(TCGContext *s, const TCGArg *args, static void tcg_out_cmov(TCGContext *s, int jcc, int rexw, TCGReg dest, TCGReg v1) { - if (have_cmov) { - tcg_out_modrm(s, OPC_CMOVCC | jcc | rexw, dest, v1); - } else { - TCGLabel *over = gen_new_label(); - tcg_out_jxx(s, jcc ^ 1, over, 1); - tcg_out_mov(s, TCG_TYPE_I32, dest, v1); - tcg_out_label(s, over); - } + tcg_out_modrm(s, OPC_CMOVCC | jcc | rexw, dest, v1); } static void tcg_out_movcond(TCGContext *s, int rexw, TCGCond cond, From patchwork Tue Jun 4 06:43:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684802 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 185BBC25B7E for ; Tue, 4 Jun 2024 06:52:02 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENuP-0001yF-8v; Tue, 04 Jun 2024 02:44:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuN-0001xX-Ea for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:35 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuM-0007Fl-0K for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483473; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jnre2UF7/f5unB3VrXj0N5RhP/b8i4wPnG8jXCu2p4Y=; b=AW64SsAgfvD3RkLNSxu9ET1rq2xamIP5Fl+kSlLQwgnm1O937V+4A4qQsWRqVrPCJUklQA HpkPxjPjcZPCgIuQz4zviYlZUNvHdsEau56LKyOwVJivFHwktq+PTZCli+YO3JR8vsRng5 oAcbop8j7lki3v9zf9yPPzXT+AWcuAI= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-222-Vw_6IhouPZ66uwKiy1hPzg-1; Tue, 04 Jun 2024 02:44:30 -0400 X-MC-Unique: Vw_6IhouPZ66uwKiy1hPzg-1 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-a68f654dc69so107864566b.1 for ; Mon, 03 Jun 2024 23:44:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483469; x=1718088269; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jnre2UF7/f5unB3VrXj0N5RhP/b8i4wPnG8jXCu2p4Y=; b=UE9g4/xGbt063dIpT2jW/laDComxRRrxi2eEC7SSll864Xr3SsjtTpNxBB2BmJSPKl tvx6ifkRGTC2pusPYfunmvtuL+IwPgaslUr3hTuAvfrU/E/QWttOl5ICXntFHbHCpJ1p B+nWXKfxgAUORMhBhVpy0eLcu2hGzbT17Bsv6TN5eV/AvPaaeXyF9H7PDTHIP2W1hfGy 60DEvLesPbC2wpRcKOYVjkoSEpJo+F8kL+2MP3RyOq4NOqkfhZurT5f+lxvzhHkDC1jR 9OWk6ymrSERuPJGiWmB5dBKE2aRgwpZC3xpezqbFxMdJqO+0UCf7ncoa7L6Wz5j+edlM Mdiw== X-Gm-Message-State: AOJu0Yx5CvkVYg8rcRbaFHb7A8IPbhA2/2M5vNxRmyNFmOBSJgmuQa42 JWwhGuM+HtBLA+AL0zoc/t2rSZBDeeUdsZGnDGFKGlDfnpUv9S4+d0uPV3jNEE/btwFwCT+vYb/ 4IX81Na3k1v1/9EHrNVzrBe4ZktK0/2yGswngFw+9dmYm8b7hYUA/QAooR6wUyp+CxFwqhP/3qA ba8HhMYfJ9AqAvDBo9j/UQm8S79IpKUMAsI5Hh X-Received: by 2002:a17:907:940b:b0:a69:2bce:e41e with SMTP id a640c23a62f3a-a692bcee4bemr282320466b.9.1717483468929; Mon, 03 Jun 2024 23:44:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFw9YQl6f71DA6i9PendEh30fTQFobGQh5qPn6O5dlLLub2Q9COeoYRVKF2PJC1BZkNCizNFw== X-Received: by 2002:a17:907:940b:b0:a69:2bce:e41e with SMTP id a640c23a62f3a-a692bcee4bemr282319766b.9.1717483468608; Mon, 03 Jun 2024 23:44:28 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a691122859esm233259166b.224.2024.06.03.23.44.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:44:28 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Richard Henderson Subject: [PULL 05/45] host/i386: assume presence of SSE2 Date: Tue, 4 Jun 2024 08:43:29 +0200 Message-ID: <20240604064409.957105-6-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org QEMU now requires an x86-64-v2 host, which has SSE2. Use it freely in buffer_is_zero. Reviewed-by: Richard Henderson Signed-off-by: Paolo Bonzini --- host/include/i386/host/cpuinfo.h | 1 - util/bufferiszero.c | 4 ++-- util/cpuinfo-i386.c | 1 - 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/host/include/i386/host/cpuinfo.h b/host/include/i386/host/cpuinfo.h index 81771733eaa..72f6fad61e5 100644 --- a/host/include/i386/host/cpuinfo.h +++ b/host/include/i386/host/cpuinfo.h @@ -14,7 +14,6 @@ #define CPUINFO_POPCNT (1u << 4) #define CPUINFO_BMI1 (1u << 5) #define CPUINFO_BMI2 (1u << 6) -#define CPUINFO_SSE2 (1u << 7) #define CPUINFO_AVX1 (1u << 9) #define CPUINFO_AVX2 (1u << 10) #define CPUINFO_AVX512F (1u << 11) diff --git a/util/bufferiszero.c b/util/bufferiszero.c index 74864f7b782..11c080e02cf 100644 --- a/util/bufferiszero.c +++ b/util/bufferiszero.c @@ -188,14 +188,14 @@ static biz_accel_fn const accel_table[] = { static unsigned best_accel(void) { +#ifdef CONFIG_AVX2_OPT unsigned info = cpuinfo_init(); -#ifdef CONFIG_AVX2_OPT if (info & CPUINFO_AVX2) { return 2; } #endif - return info & CPUINFO_SSE2 ? 1 : 0; + return 1; } #elif defined(__aarch64__) && defined(__ARM_NEON) diff --git a/util/cpuinfo-i386.c b/util/cpuinfo-i386.c index 90f92a42dc8..ca74ef04f54 100644 --- a/util/cpuinfo-i386.c +++ b/util/cpuinfo-i386.c @@ -34,7 +34,6 @@ unsigned __attribute__((constructor)) cpuinfo_init(void) if (max >= 1) { __cpuid(1, a, b, c, d); - info |= (d & bit_SSE2 ? CPUINFO_SSE2 : 0); info |= (c & bit_MOVBE ? CPUINFO_MOVBE : 0); info |= (c & bit_POPCNT ? CPUINFO_POPCNT : 0); info |= (c & bit_PCLMUL ? CPUINFO_PCLMUL : 0); From patchwork Tue Jun 4 06:43:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684755 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C49F8C25B7E for ; Tue, 4 Jun 2024 06:45:46 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENuQ-00021c-VT; Tue, 04 Jun 2024 02:44:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuP-0001yG-8F for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:37 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuN-0007Fy-SF for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483475; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PqRHhSmhqOho/JuUmdj0d/FeC7VO5aHrFPmub5RDLS4=; b=Rbezkeyobzv/6HzpBzKnt5aFcal+lzXjvz7vN3zSWRFFoUqMQFeaJp18Zj8XT8yej8Lh9U TKi7NjeaW/Aah+BFY5zQ8AcV5tcUP8f+ZlhcXV9TpNV7oW3eTDp5pIvhCBQKAzNzHG8maM N2FmNqZShkSm9l+bTZ0jJmDuKF/JnCc= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-44-2qL_hYraOFi54CkWPV7QBg-1; Tue, 04 Jun 2024 02:44:33 -0400 X-MC-Unique: 2qL_hYraOFi54CkWPV7QBg-1 Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-57a2ffddca3so1672431a12.1 for ; Mon, 03 Jun 2024 23:44:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483471; x=1718088271; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PqRHhSmhqOho/JuUmdj0d/FeC7VO5aHrFPmub5RDLS4=; b=lete7xyYFnpkVF0BErb0QxnJYE7ZctZBSBRgpVAzf3ftzSPJFJ8xPKA1rDDF/E8ldN lYo9PuU50ar7C9zrbZI9zHUBqLLLJ5Ugly1jNBZqYKltp0E36BbM4ryflu8PzNFHc0Ix njnK5VDnLsAeFlhb0526ShF1w4IMcA1rh5p1pNywePEVozjrzHybyo8+yPwhvL7eAlrz iF3vzWhJyAP9zcWRvAYgHqvQNSA09eCTTEjWGCP7vs2lqi3KGEgktRM7oBawXqDFokyL FcvXOSNpYaJHHa+fFJ/nDB8SFLqp9CxcjKVquj7YPwGWOVmPBJrTsVHsEAoCVRhzimtE VZJw== X-Gm-Message-State: AOJu0YzB9no2hNeQswaEWDB/7atQ9K7DVb8qgJwCAU0W3i6W0BbrtiOw nCBzM6bfOIGKspmpuCrzYhYwIvM22R5LEHD1DZmiXkXHcuwnsMoLCFRIUGxLqBFO4nARY2XAO6t Z1clfGi2keeFOn5bA6WxlfoWAs+yCScWRXCtZe1t0nsBUQ5CKXSb3I54xBC1EzbrxtfiwgVrnPJ FM6p/WL+t+mZF3fnHay+rHKMNhyrlst5jNH3+R X-Received: by 2002:a50:9f41:0:b0:57a:2430:67eb with SMTP id 4fb4d7f45d1cf-57a3644b40bmr7453367a12.28.1717483471490; Mon, 03 Jun 2024 23:44:31 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEGA0z2vvrlFgK78vmDfXqJwIIeaAq8LZ9Rzbnn9oHKA08nVRPptFoJ025pkNZAEbfFlZBTRw== X-Received: by 2002:a50:9f41:0:b0:57a:2430:67eb with SMTP id 4fb4d7f45d1cf-57a3644b40bmr7453360a12.28.1717483471097; Mon, 03 Jun 2024 23:44:31 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57a5dc1e2d6sm3753569a12.59.2024.06.03.23.44.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:44:30 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Richard Henderson Subject: [PULL 06/45] host/i386: assume presence of SSSE3 Date: Tue, 4 Jun 2024 08:43:30 +0200 Message-ID: <20240604064409.957105-7-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org QEMU now requires an x86-64-v2 host, which has SSSE3 instructions (notably, PSHUFB which is used by QEMU's AES implementation). Do not bother checking it. Reviewed-by: Richard Henderson Signed-off-by: Paolo Bonzini --- util/cpuinfo-i386.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util/cpuinfo-i386.c b/util/cpuinfo-i386.c index ca74ef04f54..6d474a6259a 100644 --- a/util/cpuinfo-i386.c +++ b/util/cpuinfo-i386.c @@ -38,8 +38,8 @@ unsigned __attribute__((constructor)) cpuinfo_init(void) info |= (c & bit_POPCNT ? CPUINFO_POPCNT : 0); info |= (c & bit_PCLMUL ? CPUINFO_PCLMUL : 0); - /* Our AES support requires PSHUFB as well. */ - info |= ((c & bit_AES) && (c & bit_SSSE3) ? CPUINFO_AES : 0); + /* NOTE: our AES support requires SSSE3 (PSHUFB) as well. */ + info |= (c & bit_AES) ? CPUINFO_AES : 0; /* For AVX features, we must check available and usable. */ if ((c & bit_AVX) && (c & bit_OSXSAVE)) { From patchwork Tue Jun 4 06:43:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684776 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 79820C27C52 for ; Tue, 4 Jun 2024 06:48:58 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENuZ-0002X4-5L; Tue, 04 Jun 2024 02:44:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuW-0002IZ-BV for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:44 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuU-0007GH-Lv for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483479; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6XSdwd3ltLaWRrXGvIyrs7D5fgELs79u9sjmvlyV4yk=; b=BwzfA+jjWNNfMYmnhR/jri98MIw6vANCKuDKJnUldZGygRurakeX1Q+UKJbotyq2sTvGk3 P/y3qCKvh1xOB0Kf8j9jk3iKoXHmtTQEADC/H/LPaBUchBc2gzCK+W4yfuqDcEk5LCyTYu EEpk5nMQrnVYMpR5sWZnMZt1OTlV28o= Received: from mail-lf1-f70.google.com (mail-lf1-f70.google.com [209.85.167.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-322-Pj8JY8aMNWWvDhxmrDEqdg-1; Tue, 04 Jun 2024 02:44:36 -0400 X-MC-Unique: Pj8JY8aMNWWvDhxmrDEqdg-1 Received: by mail-lf1-f70.google.com with SMTP id 2adb3069b0e04-5234e83c4a6so400978e87.0 for ; Mon, 03 Jun 2024 23:44:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483474; x=1718088274; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6XSdwd3ltLaWRrXGvIyrs7D5fgELs79u9sjmvlyV4yk=; b=Nr6PVmxTCod1wVDqdvTSrpzM5eZ661FOStF1Hb+ePipB/U6IcowBwAeN2snstuAfjS 4KQQv1O6z5jTNlGSGClHGljSICEq2uBPRJx8X91Kcjapk2DBbXjtwI0NtBNeoT3T525O F/BBi/Bnm5Dbvz0XVofvc8S8LQiBWtt0eaLLUJknChP5akIx8OqyttdV49azTkVrOoTi I0YGMaSx11jx7o5KtcGpD5d9sue4JNiK36fX1htsDZz2UQbajnTEuW2pOMpSdhnKh73o 6pook2AzfpKmDXMFXOPFWLpWhxnChXCgSHx6E1kmc90kf6RP9v/uYfhLPWyHZgZONVRW b3Ng== X-Gm-Message-State: AOJu0YyQpp4TDqJ76zsZ/MeuWmgj4WHmZaLS1fm/pVtBHbPhFszyuvgG Eg3x/ULD5aLbQO6ETARRxBQUEWf2AVXnoYK2TCNLe7eLFcNod0aPIm4yWCtqhvnHk734GrwFiki EndnTvK1FmlVXG/OSPxOMmsI/jaEdDv7snLcuWs7ICtGhbhL8974vgemHUa/RvOJyrOPbpJW8o0 KvFiQ+0Oekv3yw0fNzNwA+NLCyL5on5eC2LOj3 X-Received: by 2002:a05:6512:21c:b0:52b:8610:a7fd with SMTP id 2adb3069b0e04-52b8980f6a3mr6174274e87.67.1717483474632; Mon, 03 Jun 2024 23:44:34 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFXN/ZAYlM+kG0rR/iFwbAiu3iLP3zmHqtuA7+i/HH/jijP8KwhEil3WZ9x8QYm+KQD52LvGw== X-Received: by 2002:a05:6512:21c:b0:52b:8610:a7fd with SMTP id 2adb3069b0e04-52b8980f6a3mr6174263e87.67.1717483474235; Mon, 03 Jun 2024 23:44:34 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57a31b9943asm6737965a12.14.2024.06.03.23.44.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:44:33 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Richard Henderson Subject: [PULL 07/45] host/i386: assume presence of POPCNT Date: Tue, 4 Jun 2024 08:43:31 +0200 Message-ID: <20240604064409.957105-8-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org QEMU now requires an x86-64-v2 host, which has the POPCNT instruction. Use it freely in TCG-generated code. Reviewed-by: Richard Henderson Signed-off-by: Paolo Bonzini --- host/include/i386/host/cpuinfo.h | 1 - tcg/i386/tcg-target.h | 5 ++--- util/cpuinfo-i386.c | 1 - 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/host/include/i386/host/cpuinfo.h b/host/include/i386/host/cpuinfo.h index 72f6fad61e5..c1e94d75ce1 100644 --- a/host/include/i386/host/cpuinfo.h +++ b/host/include/i386/host/cpuinfo.h @@ -11,7 +11,6 @@ #define CPUINFO_ALWAYS (1u << 0) /* so cpuinfo is nonzero */ #define CPUINFO_MOVBE (1u << 2) #define CPUINFO_LZCNT (1u << 3) -#define CPUINFO_POPCNT (1u << 4) #define CPUINFO_BMI1 (1u << 5) #define CPUINFO_BMI2 (1u << 6) #define CPUINFO_AVX1 (1u << 9) diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h index 2f67a97e059..ecc69827287 100644 --- a/tcg/i386/tcg-target.h +++ b/tcg/i386/tcg-target.h @@ -111,7 +111,6 @@ typedef enum { #endif #define have_bmi1 (cpuinfo & CPUINFO_BMI1) -#define have_popcnt (cpuinfo & CPUINFO_POPCNT) #define have_avx1 (cpuinfo & CPUINFO_AVX1) #define have_avx2 (cpuinfo & CPUINFO_AVX2) #define have_movbe (cpuinfo & CPUINFO_MOVBE) @@ -143,7 +142,7 @@ typedef enum { #define TCG_TARGET_HAS_nor_i32 0 #define TCG_TARGET_HAS_clz_i32 1 #define TCG_TARGET_HAS_ctz_i32 1 -#define TCG_TARGET_HAS_ctpop_i32 have_popcnt +#define TCG_TARGET_HAS_ctpop_i32 1 #define TCG_TARGET_HAS_deposit_i32 1 #define TCG_TARGET_HAS_extract_i32 1 #define TCG_TARGET_HAS_sextract_i32 1 @@ -178,7 +177,7 @@ typedef enum { #define TCG_TARGET_HAS_nor_i64 0 #define TCG_TARGET_HAS_clz_i64 1 #define TCG_TARGET_HAS_ctz_i64 1 -#define TCG_TARGET_HAS_ctpop_i64 have_popcnt +#define TCG_TARGET_HAS_ctpop_i64 1 #define TCG_TARGET_HAS_deposit_i64 1 #define TCG_TARGET_HAS_extract_i64 1 #define TCG_TARGET_HAS_sextract_i64 0 diff --git a/util/cpuinfo-i386.c b/util/cpuinfo-i386.c index 6d474a6259a..8f2694d88f2 100644 --- a/util/cpuinfo-i386.c +++ b/util/cpuinfo-i386.c @@ -35,7 +35,6 @@ unsigned __attribute__((constructor)) cpuinfo_init(void) __cpuid(1, a, b, c, d); info |= (c & bit_MOVBE ? CPUINFO_MOVBE : 0); - info |= (c & bit_POPCNT ? CPUINFO_POPCNT : 0); info |= (c & bit_PCLMUL ? CPUINFO_PCLMUL : 0); /* NOTE: our AES support requires SSSE3 (PSHUFB) as well. */ From patchwork Tue Jun 4 06:43:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684787 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id F29FFC41513 for ; Tue, 4 Jun 2024 06:50:06 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENuX-0002R4-Ka; Tue, 04 Jun 2024 02:44:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuW-0002Hj-7p for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:44 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuU-0007GL-Lw for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483480; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=I7mdmU+ZL8VSYWs6nhwkEFB6lBfA8fHVc8t5bF9lQSw=; b=DKe33pG6B1s5hBULdXNu1CBrl3oL2KixGsRE/MhRXBlkNQpaVSWpyOn6Y+esPhdPUU+GJo EI/71m6VBm0f801owDFoApCddPpLNTQDxG7kSQcLokO9n/Dh1flqXYTYmuMD/nXatEHZKg EXv2c2kej0wScrSxTJLgue8kJPLTE+k= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-586-UzJTKk0bNZKF4HjBQ6fqeQ-1; Tue, 04 Jun 2024 02:44:39 -0400 X-MC-Unique: UzJTKk0bNZKF4HjBQ6fqeQ-1 Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-57a5af3e160so313256a12.2 for ; Mon, 03 Jun 2024 23:44:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483477; x=1718088277; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=I7mdmU+ZL8VSYWs6nhwkEFB6lBfA8fHVc8t5bF9lQSw=; b=XGy3P5D2sJi+ApZaD3S841e/+L/7+FaC1xSXk908buz14+cydoT6JSeR2wndQTtL7B fTyevZ9zAWVRl6DSkUn/V5fFauyWGewsIGBKYOsRx/sFxEhVkWeT+TU+WlZ7GrdekxK2 awVIHrtUkfOSfLPEdoT05bF0zJgtAdt9SOClGMXRmoHVZ9SUPAQ+GImIKJAFcXSaCzNV MpcjznyRSDOw/1XDnkG9dn9ya8it69hdoFBJfoXNlS4Oss7iM28zvU29hnNfMOc4FW/D BlgDEQMHKytpc7DL3W0W1QBEvbCo7f9XtIAH3Hbt8tdJV/xzLTxEqE69fQe0GeudBF6/ gukg== X-Gm-Message-State: AOJu0YyjTObSRVJT0PqL3wnPqIk6gOaNMqiYu06oJiS52dkvcFfO6lHs ngn6Y9CFwohiuyA7PNlqirNR7vnk1UrcFZ16USC9g9SXa2ehNWP0QeptS0yx5xBxahgbUI4J3fn 8hSWeGjFV9MfwQbMmwyFm7yAT9UNZccWW3coaQgh32w4WVgYaj9SkW9nlXPWN23UFZNvwA+u4J9 421XtV7NQzwxdpUd+Ba54k3pG87u7r+cWXVxq6 X-Received: by 2002:a50:ab59:0:b0:579:b6d:b8ba with SMTP id 4fb4d7f45d1cf-57a3639596dmr7673349a12.22.1717483477264; Mon, 03 Jun 2024 23:44:37 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGzhsbCvuvCIpdXV2UP0exMEMeVYatSUJptRIAuNlfH+KwMt9DctvvJbBJ0bRvZXmecMruShw== X-Received: by 2002:a50:ab59:0:b0:579:b6d:b8ba with SMTP id 4fb4d7f45d1cf-57a3639596dmr7673333a12.22.1717483476913; Mon, 03 Jun 2024 23:44:36 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57a5cbece23sm3960207a12.61.2024.06.03.23.44.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:44:36 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Xinyu Li , Xinyu Li , Zhao Liu Subject: [PULL 08/45] target/i386: fix SSE and SSE2 feature check Date: Tue, 4 Jun 2024 08:43:32 +0200 Message-ID: <20240604064409.957105-9-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Xinyu Li Features check of CPUID_SSE and CPUID_SSE2 should use cpuid_features, rather than cpuid_ext_features. Signed-off-by: Xinyu Li Reviewed-by: Zhao Liu Message-ID: <20240602100904.2137939-1-lixinyu20s@ict.ac.cn> Signed-off-by: Paolo Bonzini --- target/i386/tcg/decode-new.c.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc index 27dc1bb146b..0ec849b0035 100644 --- a/target/i386/tcg/decode-new.c.inc +++ b/target/i386/tcg/decode-new.c.inc @@ -2041,9 +2041,9 @@ static bool has_cpuid_feature(DisasContext *s, X86CPUIDFeature cpuid) case X86_FEAT_PCLMULQDQ: return (s->cpuid_ext_features & CPUID_EXT_PCLMULQDQ); case X86_FEAT_SSE: - return (s->cpuid_ext_features & CPUID_SSE); + return (s->cpuid_features & CPUID_SSE); case X86_FEAT_SSE2: - return (s->cpuid_ext_features & CPUID_SSE2); + return (s->cpuid_features & CPUID_SSE2); case X86_FEAT_SSE3: return (s->cpuid_ext_features & CPUID_EXT_SSE3); case X86_FEAT_SSSE3: From patchwork Tue Jun 4 06:43:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684769 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DF1DCC27C52 for ; Tue, 4 Jun 2024 06:47:18 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENuZ-0002Yg-Ex; Tue, 04 Jun 2024 02:44:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuX-0002RU-K7 for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:45 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuV-0007Gd-Vj for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483483; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2wxg0TmdWBIMkB5gATygWJjbihr1KIw55S7JfhXI7Mc=; b=XPaabTUkVzWvvilOAiuAe6nsJEwUGKYOj7JuUlvkKO2ZY/kWoDVCUDDn3tapaCByDzaPgr MxUYwExcdKnjNEXu7dLtw506Xp3AYcjNyL1yAybgjkVP6fhWH3J1IPAFshLfiLU976Ebc5 nipKAUdpWoC2sPyLoEJCE++rYn7xDrQ= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-677-e5sYnl01Noyjc2C1eSuazw-1; Tue, 04 Jun 2024 02:44:41 -0400 X-MC-Unique: e5sYnl01Noyjc2C1eSuazw-1 Received: by mail-ed1-f69.google.com with SMTP id 4fb4d7f45d1cf-57a67830ea4so332735a12.0 for ; Mon, 03 Jun 2024 23:44:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483479; x=1718088279; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2wxg0TmdWBIMkB5gATygWJjbihr1KIw55S7JfhXI7Mc=; b=NKV+M0tpMSgzR5Es/8M/FjZInvQ2p473ofBrnc+HdbiA3Nru0x3BSWwJb3eCz33zqt aMpyrFc4Jdn8zj2YlOd94j5nahRRf1PUKOKGpHe0OMlZwpXsTYGlROUo1u+0bPhvfPa8 sEpzABMpiIjll49mOFPKNp9DX7PjxeApyHig4iQz441mcFE8fpHYNXgs0MZoDGPvlvcK 2S86rI9gq4Fy3zjYwDoJ7uPaNhdiH5yDibxWMbv6sV325BzO56Bf8th6uslnIFUU/vnA 9E2Kru58kivZ4qcPYsfAnhkpJzPuJAHVL1n8mrDC4lh6VbMW0n3IqR5dnJ1WPWdl6TFk 8OBA== X-Gm-Message-State: AOJu0YygJXirlRCT86zEtBf8OfhWfeNiSup6oTqtsXmFwCouGGTF9jLO W9rGC06/Eo7DI/HkjRrqJYrNc88KIKirFTUHJQvmRyEzESe4G6ftNlSjRiZGnK+dOOeKVfKs6yv NokCveWcVKYRMcuYvA0YIZ703Iyw+CHF9udv9dwbHTXu5L9S08TlAtJXAXHkhIU0E8AffFIGwBJ RK3Ff+cyRH3ETrQN59OZkK5w56CIn6ocRbZnbP X-Received: by 2002:a50:99d5:0:b0:579:be37:fa68 with SMTP id 4fb4d7f45d1cf-57a3638cde3mr8560880a12.20.1717483479652; Mon, 03 Jun 2024 23:44:39 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF30g8J9XsZnV0Pnh4gKhkP4GeXh3shhTfesLGISVfjr6rLzXVP51rQu6YZYGmEJxCdsNUaMg== X-Received: by 2002:a50:99d5:0:b0:579:be37:fa68 with SMTP id 4fb4d7f45d1cf-57a3638cde3mr8560868a12.20.1717483479138; Mon, 03 Jun 2024 23:44:39 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57a31b991b1sm6699965a12.5.2024.06.03.23.44.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:44:38 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Xinyu Li , Xinyu Li Subject: [PULL 09/45] target/i386: fix memory opsize for Mov to/from Seg Date: Tue, 4 Jun 2024 08:43:33 +0200 Message-ID: <20240604064409.957105-10-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Xinyu Li This commit fixes an issue with MOV instructions (0x8C and 0x8E) involving segment registers; MOV to segment register's source is 16-bit, while MOV from segment register has to explicitly set the memory operand size to 16 bits. Introduce a new flag X86_SPECIAL_Op0_Mw to handle this specification correctly. Signed-off-by: Xinyu Li Message-ID: <20240602100528.2135717-1-lixinyu20s@ict.ac.cn> Fixes: 5e9e21bcc4d ("target/i386: move 60-BF opcodes to new decoder", 2024-05-07) Signed-off-by: Paolo Bonzini --- target/i386/tcg/decode-new.h | 3 +++ target/i386/tcg/decode-new.c.inc | 13 +++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/target/i386/tcg/decode-new.h b/target/i386/tcg/decode-new.h index 51ef0e621b9..1f90cf96407 100644 --- a/target/i386/tcg/decode-new.h +++ b/target/i386/tcg/decode-new.h @@ -203,6 +203,9 @@ typedef enum X86InsnSpecial { /* When loaded into s->T0, register operand 1 is zero/sign extended. */ X86_SPECIAL_SExtT0, X86_SPECIAL_ZExtT0, + + /* Memory operand size of MOV from segment register is MO_16 */ + X86_SPECIAL_Op0_Mw, } X86InsnSpecial; /* diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.c.inc index 0ec849b0035..0ff0866e8f3 100644 --- a/target/i386/tcg/decode-new.c.inc +++ b/target/i386/tcg/decode-new.c.inc @@ -202,6 +202,7 @@ #define avx_movx .special = X86_SPECIAL_AVXExtMov, #define sextT0 .special = X86_SPECIAL_SExtT0, #define zextT0 .special = X86_SPECIAL_ZExtT0, +#define op0_Mw .special = X86_SPECIAL_Op0_Mw, #define vex1 .vex_class = 1, #define vex1_rep3 .vex_class = 1, .vex_special = X86_VEX_REPScalar, @@ -1576,9 +1577,10 @@ static const X86OpEntry opcodes_root[256] = { [0x89] = X86_OP_ENTRY3(MOV, E,v, G,v, None, None), [0x8A] = X86_OP_ENTRY3(MOV, G,b, E,b, None, None), [0x8B] = X86_OP_ENTRY3(MOV, G,v, E,v, None, None), - [0x8C] = X86_OP_ENTRY3(MOV, E,v, S,w, None, None), + /* Missing in Table A-2: memory destination is always 16-bit. */ + [0x8C] = X86_OP_ENTRY3(MOV, E,v, S,w, None, None, op0_Mw), [0x8D] = X86_OP_ENTRY3(LEA, G,v, M,v, None, None, noseg), - [0x8E] = X86_OP_ENTRY3(MOV, S,w, E,v, None, None), + [0x8E] = X86_OP_ENTRY3(MOV, S,w, E,w, None, None), [0x8F] = X86_OP_GROUPw(group1A, E,v), [0x98] = X86_OP_ENTRY1(CBW, 0,v), /* rAX */ @@ -2514,6 +2516,13 @@ static void disas_insn(DisasContext *s, CPUState *cpu) s->override = -1; break; + case X86_SPECIAL_Op0_Mw: + assert(decode.op[0].unit == X86_OP_INT); + if (decode.op[0].has_ea) { + decode.op[0].ot = MO_16; + } + break; + default: break; } From patchwork Tue Jun 4 06:43:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684797 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4CA80C25B7E for ; Tue, 4 Jun 2024 06:51:34 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENud-0002pu-6L; Tue, 04 Jun 2024 02:44:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENua-0002g9-TE for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:48 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuZ-0007H6-GI for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483487; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9KuYC4l98tp+GN7sW9Yoq96D/6Jc6WoIXh7OieOEmCQ=; b=FmV5JaqKjnUVMQdNX0elrvM6dAfrFbaOlx/+BzG650ymWdxUHGR7NQ2VS3siE1AKuwoMDQ 5nCDOomqO/uxPDHWmGGBw33mkUUuVnRqKqBGvhLJXvT+42/dzxDRwGZpCOZAPYmGlu5hHE S+kIj4ox5YsWwzQAMZpYZhs4lGjyrZU= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-614-ilalQQUaNsuTE-p7rEnJgA-1; Tue, 04 Jun 2024 02:44:44 -0400 X-MC-Unique: ilalQQUaNsuTE-p7rEnJgA-1 Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-a68abbd0c78so160199866b.0 for ; Mon, 03 Jun 2024 23:44:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483482; x=1718088282; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9KuYC4l98tp+GN7sW9Yoq96D/6Jc6WoIXh7OieOEmCQ=; b=UVbcvDbbjvA5+pojGG7VH0rpGJ7+6IpgU02PYURwqbhL1yvZYdcQGubsRCImkqSVWC b57JJ95KVoPq0hEhX53eoOBh6HNjVkhyHw6XTPzqTyHITjAspjtBlE4W6yArglaIFIpF f2Ggn2y6pqYH/r7rr+Bv1PNaYyWEkODkM179z43ONu6eAYm5unaAGBeZQm7aDfmTUPjz adB1qjRF6QHKxXg7yP6ZLTdsa5f14O6L3GGLHoCRhYTsduEwMaHFYU1rE2ayPrZ/ZD3b mB8XVyErrsgfMhqzunXp89CvSTOoePsIXWHQnKfmj2vT2qQkZgnDswutvH3R83GjJY88 ZoPQ== X-Gm-Message-State: AOJu0YwZpRzHHIKii3G3Ho9GYRTvPQ8sZrYUQWihgeg+b85swmbtaViB 2VrWGcfDd0iPxIOo+71vJyGxxVY+p6bjPSIsZr2Ff9Ddmz7S+w28ZaEKWDFKoJ+REEvlzA+FP+4 4pZiscK3zd/OdZB4G0E+ywsXZlIMqmQjBtmqrA7GM13P6X9iKZT3USx9scu+o5q4q2Mpah1g4eU wiAxVPz5rvTZ4OBdh8GiwgGMLAvV4W1b4pAQiQ X-Received: by 2002:a17:907:9867:b0:a59:d4f0:cfc3 with SMTP id a640c23a62f3a-a682204a7a5mr663859966b.59.1717483482654; Mon, 03 Jun 2024 23:44:42 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHhiYZ9cJHIOtcLVmaKHnip+Ko9s4rcUsxMwwJpC9S0rx8qQrbOonfut7ax8R/gMNS1jw9PpA== X-Received: by 2002:a17:907:9867:b0:a59:d4f0:cfc3 with SMTP id a640c23a62f3a-a682204a7a5mr663859266b.59.1717483482276; Mon, 03 Jun 2024 23:44:42 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68b59e925csm443108666b.220.2024.06.03.23.44.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:44:41 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Zhao Liu , Xinyu Li Subject: [PULL 10/45] target/i386/tcg: Fix RDPID feature check Date: Tue, 4 Jun 2024 08:43:34 +0200 Message-ID: <20240604064409.957105-11-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Zhao Liu DisasContext.cpuid_ext_features indicates CPUID.01H.ECX. Use DisasContext.cpuid_7_0_ecx_features field to check RDPID feature bit (CPUID_7_0_ECX_RDPID). Fixes: 6750485bf42a ("target/i386: implement RDPID in TCG") Inspired-by: Xinyu Li Signed-off-by: Zhao Liu Message-ID: <20240603080723.1256662-1-zhao1.liu@intel.com> Signed-off-by: Paolo Bonzini --- target/i386/tcg/translate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c index 6dedfe94c04..0486ab69112 100644 --- a/target/i386/tcg/translate.c +++ b/target/i386/tcg/translate.c @@ -3199,7 +3199,7 @@ static void disas_insn_old(DisasContext *s, CPUState *cpu, int b) goto illegal_op; } if (s->prefix & PREFIX_REPZ) { - if (!(s->cpuid_ext_features & CPUID_7_0_ECX_RDPID)) { + if (!(s->cpuid_7_0_ecx_features & CPUID_7_0_ECX_RDPID)) { goto illegal_op; } gen_helper_rdpid(s->T0, tcg_env); From patchwork Tue Jun 4 06:43:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684768 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 026A1C41513 for ; Tue, 4 Jun 2024 06:47:19 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENuk-0002yO-Kn; Tue, 04 Jun 2024 02:44:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENui-0002x5-Az for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:56 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENug-0007Hi-SG for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483494; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HiB4Hw6azSkFPrbk6MCCFjkMKXK9lBPN9bXi9w7Jn5M=; b=UWy8mcsZ0hto8fJ4op0RHn7KvM4C/oU2zloG1kBdrx4a7pw77Q7EDnmDtby4udtwNgVTSp edjhBHomN9xi1ejLcCUR775Q9wSY9iQtuqfl/lXXCbxVn9XB8+sw6BaSnDQNdCR384nU9X AfblNHPKLA/v9RtUESzh6X2VjHMcDio= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-33-JURd1l2hNYi9o6xEnsCSLw-1; Tue, 04 Jun 2024 02:44:47 -0400 X-MC-Unique: JURd1l2hNYi9o6xEnsCSLw-1 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-a68e0faf0e6so124981366b.2 for ; Mon, 03 Jun 2024 23:44:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483485; x=1718088285; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HiB4Hw6azSkFPrbk6MCCFjkMKXK9lBPN9bXi9w7Jn5M=; b=d6N32xT3lOcgwqYeD1QQ/PZUZ8mYjiAOrI6QCwUL7QWQOLnPmxQxGsBQ+fWlHItb/T 53OCJhl5n9AB9alM/uwJY+J0csXwl8uDH7Wn1BB4YT2GgTlhr9gTgInDC/heGQadGCZ3 xRc1Zq1cg8ZZgRgQ+qUDIoeOmu6O3JN320YpBzXvgcukKLldDrVNhPI4tQlmE3ohU2uy Ht0vfG8N0bug+FtXVcLgUCA49sOPQd3QdsbnCicZP18FHeU4UL6lGxnpDqiC9haD4FWr uM+LW9pN0/aFPVRkDPCkfU2PJKTaTSjWWV5mVOQhDZVxTAsJNJIFm8QiyCfws5El9tqN YkyA== X-Gm-Message-State: AOJu0YytYsz6sw4dDsq6rJ8VkXtFfecon9SVn1Xr5CtMoJeYz8z/8AA3 +p4eMuuAtwBS4PThY4YSWaS20ds2qLM/8aA5bToD6MOdAfAs9o0OfjKehOyOuD0XEeDY1QpViaZ DkymNG+68PxJylRK6Mqgkx5DEqEJZ4BH8YInUQ1pX89w48M6Av0Yyg2+up4Iv7QqZjRj1EWd0rB nJlvx0KJzggbiyh2JZmG7zleDogujf45bZuqUj X-Received: by 2002:a17:906:f144:b0:a68:c3fe:c8ff with SMTP id a640c23a62f3a-a68c3fecacamr563210866b.17.1717483485284; Mon, 03 Jun 2024 23:44:45 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG7Sdld/MdeyvJ55F9HYttwz3opkQ2TbPOPX+0uPM4gufad4nGXugqtr1AFaiT0wzK0e0INRw== X-Received: by 2002:a17:906:f144:b0:a68:c3fe:c8ff with SMTP id a640c23a62f3a-a68c3fecacamr563209766b.17.1717483484866; Mon, 03 Jun 2024 23:44:44 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68f76cd1fbsm319301766b.223.2024.06.03.23.44.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:44:44 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Thomas Huth Subject: [PULL 11/45] target/i386: fix xsave.flat from kvm-unit-tests Date: Tue, 4 Jun 2024 08:43:35 +0200 Message-ID: <20240604064409.957105-12-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org xsave.flat checks that "executing the XSETBV instruction causes a general- protection fault (#GP) if ECX = 0 and EAX[2:1] has the value 10b". QEMU allows that option, so the test fails. Add the condition. Cc: qemu-stable@nongnu.org Fixes: 892544317fe ("target/i386: implement XSAVE and XRSTOR of AVX registers", 2022-10-18) Reported-by: Thomas Huth Signed-off-by: Paolo Bonzini --- target/i386/tcg/fpu_helper.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/target/i386/tcg/fpu_helper.c b/target/i386/tcg/fpu_helper.c index e322293371c..e1b850f3fc2 100644 --- a/target/i386/tcg/fpu_helper.c +++ b/target/i386/tcg/fpu_helper.c @@ -3142,6 +3142,11 @@ void helper_xsetbv(CPUX86State *env, uint32_t ecx, uint64_t mask) goto do_gpf; } + /* SSE can be disabled, but only if AVX is disabled too. */ + if ((mask & (XSTATE_SSE_MASK | XSTATE_YMM_MASK)) == XSTATE_YMM_MASK) { + goto do_gpf; + } + /* Disallow enabling unimplemented features. */ cpu_x86_cpuid(env, 0x0d, 0, &ena_lo, &dummy, &dummy, &ena_hi); ena = ((uint64_t)ena_hi << 32) | ena_lo; From patchwork Tue Jun 4 06:43:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684772 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 095AAC25B7E for ; Tue, 4 Jun 2024 06:48:30 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENuj-0002xf-DD; Tue, 04 Jun 2024 02:44:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuf-0002v4-QJ for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:53 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENue-0007HX-An for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483491; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pZD7vE8gF0Y5V60aNmYypp+fbL0TaGRRhrBUq5pD118=; b=W0J8LUcG+pzyuaE0oCbEoFAd+vYNj7+xcncCQMX7jne5xkegytVRgGKTkUbsxbhV4iYKJA umUIq4KeOn+1NIzd9j5OVUvc6nBPsShnK3nxlyKG3mDdbVmZdDESp9MXKg87tD63tP2X1o gVWGiGPjZX8TqDt7i9HicNYZY5bIcLI= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-477--zeLSUPGOkuo_YpRDpFGOQ-1; Tue, 04 Jun 2024 02:44:49 -0400 X-MC-Unique: -zeLSUPGOkuo_YpRDpFGOQ-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-a68ee264225so92309566b.1 for ; Mon, 03 Jun 2024 23:44:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483487; x=1718088287; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pZD7vE8gF0Y5V60aNmYypp+fbL0TaGRRhrBUq5pD118=; b=Wa0UElhzy6NkttQ1UukY+W2sDGI5rtc+wghzEJlndLvrR9LVNaiPPOipEfTG9oPpOn 1ewKr0e/X7aXfRQxQI5sNx1twoiE3I7TecusLtbb47MmYHF7n6t/uako+DCWKrXCBGHD PVNw/rTEnKiwlsKnQ+tFYQDK6SM7xL2VrCJKmBe6srd/SunWlbZDmoaWqdUK0j8zcXxV tASVuxvqJNrbsBCCEYxO8tVnjHNJVSnMucw9q0Jyf3sSBiydVB4ZkPgfgYIASPniPmhc VRa77KUwPQa4Og+G9LuNKPYFGqA3uW51+kX9772K35+ayRkrA3/5Thcl4Hz6rZHgiI90 4DJA== X-Gm-Message-State: AOJu0YzYzyBaoTVSSVs6IkJu9GLl+i0zGUZ1FWHIN0UmR0fRQHSxYYUX hqXJ3Z77bEUe2oaOcQJvlz62GnrYZD6zGx7ra2a6no6PxKgFnAdxB9JSczsxK/G3A8glrC6FLYM hD42tZ7Ch6qEFKaMPEMsxkP6cUqy3RjI+9BZXics1R453DLM5VXR5ATGNs9UQdoy+HlrO9e77NU wcY+oolIeKFc8TMmYLaF6mjJv4qISGu2abpRBo X-Received: by 2002:a17:906:2a91:b0:a68:689e:db4c with SMTP id a640c23a62f3a-a68689ee2bbmr623275566b.55.1717483487691; Mon, 03 Jun 2024 23:44:47 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHawltmXHutgxyWDFfJ1efGdkkpjDIfu12XRUbKoZlS462Y24DI7nx7gWSwhO8jRNOv5/v3BQ== X-Received: by 2002:a17:906:2a91:b0:a68:689e:db4c with SMTP id a640c23a62f3a-a68689ee2bbmr623274166b.55.1717483487291; Mon, 03 Jun 2024 23:44:47 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68e1bcfb95sm382718966b.107.2024.06.03.23.44.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:44:46 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Thomas Huth Subject: [PULL 12/45] update-linux-headers: fix forwarding to asm-generic headers Date: Tue, 4 Jun 2024 08:43:36 +0200 Message-ID: <20240604064409.957105-13-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Afer commit 3efc75ad9d9 ("scripts/update-linux-headers.sh: Remove temporary directory inbetween", 2024-05-29), updating linux-headers/ results in errors such as cp: cannot stat '/tmp/tmp.1A1Eejh1UE/headers/include/asm/bitsperlong.h': No such file or directory because Loongarch does not have an asm/bitsperlong.h file and uses the generic version. Before commit 3efc75ad9d9, the missing file would incorrectly cause stale files to be included in linux-headers/. The files were never committed to qemu.git, but were wrong nevertheless. The build would just use the system version of the files, which is opposite to the idea of importing Linux header files into QEMU's tree. Create forwarding headers, resembling the ones that are generated during a kernel build by scripts/Makefile.asm-generic, if a file is only installed under include/asm-generic/. Reviewed-by: Thomas Huth Signed-off-by: Paolo Bonzini --- scripts/update-linux-headers.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh index 23afe8c08ad..57a48837aa4 100755 --- a/scripts/update-linux-headers.sh +++ b/scripts/update-linux-headers.sh @@ -118,7 +118,14 @@ for arch in $ARCHLIST; do rm -rf "$output/linux-headers/asm-$arch" mkdir -p "$output/linux-headers/asm-$arch" for header in kvm.h unistd.h bitsperlong.h mman.h; do - cp "$hdrdir/include/asm/$header" "$output/linux-headers/asm-$arch" + if test -f "$hdrdir/include/asm/$header"; then + cp "$hdrdir/include/asm/$header" "$output/linux-headers/asm-$arch" + elif test -f "$hdrdir/include/asm-generic/$header"; then + # not installed as , but used as such in kernel sources + cat <$output/linux-headers/asm-$arch/$header +#include +EOF + fi done if [ $arch = mips ]; then From patchwork Tue Jun 4 06:43:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684758 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 95302C27C52 for ; Tue, 4 Jun 2024 06:46:12 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENuk-0002yU-Pf; Tue, 04 Jun 2024 02:44:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENui-0002xe-UD for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:57 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuh-0007Hm-Aa for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483494; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kdwTvsCx7edNSXKoA8pOZOCc+yJ4yzpVxsliOREE4sg=; b=R5pDZ9KMhYsTksuElkIy7KD16j78dearu89iWjx/7nwVDNQfU55RPIXtMBgHqRLBvi5sfd mCN4AkCLBTFNnxT6b5Bzu/QLvkXh12oc/m6EPI9NvBwXVp9RfTDnmuEwAQG/wA9tvkXHRV aBihqS2wejfk5zNb3HZKPXoJWtK7oUc= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-594-8mIpo79APAqC-0mAFPQIlw-1; Tue, 04 Jun 2024 02:44:53 -0400 X-MC-Unique: 8mIpo79APAqC-0mAFPQIlw-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-a6929fc5b52so44951466b.0 for ; Mon, 03 Jun 2024 23:44:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483491; x=1718088291; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kdwTvsCx7edNSXKoA8pOZOCc+yJ4yzpVxsliOREE4sg=; b=soyQDz34opwCE+iRt1VKXiwps7yGs5NPohOds1Zdu7Mh48pz4qIdBcsnfy95YhMTL3 qFEKUo2AJVXmq0vhwCPW+f9VXExaCKR+M+33ZFXDXOf0RC5qOvK7T3jkJrnK1hSxakCa iEAgtqxzZmdwAAU5bSr/YmECv0XUpOMbyNpde1p7zqmHpdtTW8myvN/9SgclvtwVLPzX 6giF2LKFi4bH7r4tzT9y70dUz++p9lqFUKj/SiJR9EIl4HzOfaVOoJdr3b6Ds+8X/zen /MPd/XTwWyOBIAiUFokNQdrXoGZzN0G1jSKeiVsRM+sdJNtWzw2D1lQdLCJTMPDPzrZp ETCA== X-Gm-Message-State: AOJu0Yxz+TnlN85UixkoPuWvzcNZzs3qyyiYiwi/rN6TOrcke5hWmjW3 poKmSFY5OIe9tDr/l0aLvqq8uG8p7EPgxcycmuFqJbxOudrp4m8/nJb2N0pS+jCFPgiYxS7UMc2 hd97T4Bk2/P1+tX87nce4O0d7hhnBYpT31SREIF+yN/MJfF+Qik8kc7yh1tMKEHlsMPVeT2NCEI HBBerxVNjU8+8bi2UZGFFoPFWcZ30HckH2YUOb X-Received: by 2002:a17:906:a1c3:b0:a66:dca6:43f6 with SMTP id a640c23a62f3a-a6820136b23mr805614366b.27.1717483490725; Mon, 03 Jun 2024 23:44:50 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEhSl8mchuuOuzv0kfTTNNk0cmtjRedJIyrDvbhGeRrQwb5iUytSzd1Zw39dHKuBeRFGk0j5g== X-Received: by 2002:a17:906:a1c3:b0:a66:dca6:43f6 with SMTP id a640c23a62f3a-a6820136b23mr805612666b.27.1717483490387; Mon, 03 Jun 2024 23:44:50 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68b59e925csm443122366b.220.2024.06.03.23.44.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:44:49 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Thomas Huth Subject: [PULL 13/45] update-linux-headers: move pvpanic.h to correct directory Date: Tue, 4 Jun 2024 08:43:37 +0200 Message-ID: <20240604064409.957105-14-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Linux has , not . Use the same directory for QEMU's include/standard-headers/ copy. Reviewed-by: Thomas Huth Signed-off-by: Paolo Bonzini --- include/standard-headers/{linux => misc}/pvpanic.h | 0 hw/misc/pvpanic-isa.c | 2 +- hw/misc/pvpanic-pci.c | 2 +- hw/misc/pvpanic.c | 2 +- scripts/update-linux-headers.sh | 6 ++++-- 5 files changed, 7 insertions(+), 5 deletions(-) rename include/standard-headers/{linux => misc}/pvpanic.h (100%) diff --git a/include/standard-headers/linux/pvpanic.h b/include/standard-headers/misc/pvpanic.h similarity index 100% rename from include/standard-headers/linux/pvpanic.h rename to include/standard-headers/misc/pvpanic.h diff --git a/hw/misc/pvpanic-isa.c b/hw/misc/pvpanic-isa.c index ccec50f61bb..b4f84c41109 100644 --- a/hw/misc/pvpanic-isa.c +++ b/hw/misc/pvpanic-isa.c @@ -21,7 +21,7 @@ #include "hw/misc/pvpanic.h" #include "qom/object.h" #include "hw/isa/isa.h" -#include "standard-headers/linux/pvpanic.h" +#include "standard-headers/misc/pvpanic.h" #include "hw/acpi/acpi_aml_interface.h" OBJECT_DECLARE_SIMPLE_TYPE(PVPanicISAState, PVPANIC_ISA_DEVICE) diff --git a/hw/misc/pvpanic-pci.c b/hw/misc/pvpanic-pci.c index 83be95d0d24..4d44a881dad 100644 --- a/hw/misc/pvpanic-pci.c +++ b/hw/misc/pvpanic-pci.c @@ -21,7 +21,7 @@ #include "hw/misc/pvpanic.h" #include "qom/object.h" #include "hw/pci/pci_device.h" -#include "standard-headers/linux/pvpanic.h" +#include "standard-headers/misc/pvpanic.h" OBJECT_DECLARE_SIMPLE_TYPE(PVPanicPCIState, PVPANIC_PCI_DEVICE) diff --git a/hw/misc/pvpanic.c b/hw/misc/pvpanic.c index 1540e9091a4..80289ecf5fe 100644 --- a/hw/misc/pvpanic.c +++ b/hw/misc/pvpanic.c @@ -21,7 +21,7 @@ #include "hw/qdev-properties.h" #include "hw/misc/pvpanic.h" #include "qom/object.h" -#include "standard-headers/linux/pvpanic.h" +#include "standard-headers/misc/pvpanic.h" static void handle_event(int event) { diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh index 57a48837aa4..7e93acb3b5f 100755 --- a/scripts/update-linux-headers.sh +++ b/scripts/update-linux-headers.sh @@ -231,10 +231,12 @@ for i in "$hdrdir"/include/linux/*virtio*.h \ "$hdrdir/include/linux/const.h" \ "$hdrdir/include/linux/kernel.h" \ "$hdrdir/include/linux/vhost_types.h" \ - "$hdrdir/include/linux/sysinfo.h" \ - "$hdrdir/include/misc/pvpanic.h"; do + "$hdrdir/include/linux/sysinfo.h"; do cp_portable "$i" "$output/include/standard-headers/linux" done +mkdir -p "$output/include/standard-headers/misc" +cp_portable "$hdrdir/include/misc/pvpanic.h" \ + "$output/include/standard-headers/misc" mkdir -p "$output/include/standard-headers/drm" cp_portable "$hdrdir/include/drm/drm_fourcc.h" \ "$output/include/standard-headers/drm" From patchwork Tue Jun 4 06:43:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684761 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 16BD4C27C52 for ; Tue, 4 Jun 2024 06:46:41 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENum-00032O-TC; Tue, 04 Jun 2024 02:45:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENul-00030p-L4 for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:59 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuj-0007Ib-Uv for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:44:59 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483497; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MDyhAP+n0w/5RDBBwdEvijayFSHRRMGqLWqQctd9oMc=; b=WTII0MYhZujVTVN5ioWhI55M+yLTXneqtpcs0MRP/YBV97+i9OCZI/0X8YeyXLYg7IqCpU 3KxFeFayfPFO+z7P+RmurLqvjdPONf59RWZVOnrP9aYcHVI0E1OP3fGzd7A0HtkpfG+fNH /XlMaCNsmf1Ld2psIIEcifjS3bLwmNA= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-660-BGbOoF6wPSutT3NGIIL2cA-1; Tue, 04 Jun 2024 02:44:56 -0400 X-MC-Unique: BGbOoF6wPSutT3NGIIL2cA-1 Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-a6861bb1c0bso193836566b.3 for ; Mon, 03 Jun 2024 23:44:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483494; x=1718088294; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MDyhAP+n0w/5RDBBwdEvijayFSHRRMGqLWqQctd9oMc=; b=t/ILoPpgx9K/jyjEJPXEiI0912ymTD+XaNuOpuXOLXVUM9cX6CbqtNR5F1/Nm5qUNC i88H1Ax2Pv3qYygznUUEsG3F0O8ca9LABYK3YAGa3pMESc+ZVdz0ch8/7SPjGb3UWO1e QIVcpPjDhahO425SS1wZDP3bKKPcB1O6TKK1AsSOkYcgJU3vStHdn0V+2z8mO1WVspA3 u0+cqN0AC+2NIHgt5fbiYG9DVsxNTysUyXsjONl73QtUb5aKajRENmvpldpnMeH6Ze0M GtqIWe1r6lEiFp24U+W/TnyPsv+FXTzo5Z1FsOJtj5sDz48RT0DdIr8m1LcO/YhYc0Yd LHSQ== X-Gm-Message-State: AOJu0YwObO/CD9GO2sPF0EdD2vTUFhga6l+pWh894/vz8A+Fl1Ym2HVP bTkn/PScx/YK2ijQ5GP0n1lRxlb8GfwdCoD9W6LiJMpxCEejhzM/vaURu4tTFHkvfXLsOHrtth/ FzMeCUF8c6Ur74bEAkPpl5qQia0SYc0YVETfd0EzpBV1xlJBieX/mR8bA3CreFsx7ZPKOL0mpoL /e9Ovut2XvtFUE/h0fg+n0l6yxgOftH1Xhy1q4 X-Received: by 2002:a17:906:408a:b0:a68:43a6:fbdf with SMTP id a640c23a62f3a-a6843a6febfmr619271366b.49.1717483493975; Mon, 03 Jun 2024 23:44:53 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFwFiU7ge6+oSqyQqtrFCqjNNzq0vu3U4tNqhRRWyXNnN09yLxvqIvNyWQTlmusU803vi6lnQ== X-Received: by 2002:a17:906:408a:b0:a68:43a6:fbdf with SMTP id a640c23a62f3a-a6843a6febfmr619270166b.49.1717483493508; Mon, 03 Jun 2024 23:44:53 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68e9eed9b1sm354950666b.131.2024.06.03.23.44.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:44:52 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Pankaj Gupta , Michael Roth Subject: [PULL 14/45] linux-headers: Update to current kvm/next Date: Tue, 4 Jun 2024 08:43:38 +0200 Message-ID: <20240604064409.957105-15-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Pankaj Gupta This updates kernel headers to commit 6f627b425378 ("KVM: SVM: Add module parameter to enable SEV-SNP", 2024-05-12). The SNP host patches will be included in Linux 6.11, to be released next July. Also brings in an linux-headers/linux/vhost.h fix from v6.9-rc4. Co-developed-by: Michael Roth Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-3-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- linux-headers/asm-loongarch/kvm.h | 4 +++ linux-headers/asm-riscv/kvm.h | 1 + linux-headers/asm-x86/kvm.h | 52 ++++++++++++++++++++++++++++++- linux-headers/linux/vhost.h | 15 ++++----- 4 files changed, 64 insertions(+), 8 deletions(-) diff --git a/linux-headers/asm-loongarch/kvm.h b/linux-headers/asm-loongarch/kvm.h index 109785922cf..f9abef38231 100644 --- a/linux-headers/asm-loongarch/kvm.h +++ b/linux-headers/asm-loongarch/kvm.h @@ -17,6 +17,8 @@ #define KVM_COALESCED_MMIO_PAGE_OFFSET 1 #define KVM_DIRTY_LOG_PAGE_OFFSET 64 +#define KVM_GUESTDBG_USE_SW_BP 0x00010000 + /* * for KVM_GET_REGS and KVM_SET_REGS */ @@ -72,6 +74,8 @@ struct kvm_fpu { #define KVM_REG_LOONGARCH_COUNTER (KVM_REG_LOONGARCH_KVM | KVM_REG_SIZE_U64 | 1) #define KVM_REG_LOONGARCH_VCPU_RESET (KVM_REG_LOONGARCH_KVM | KVM_REG_SIZE_U64 | 2) +/* Debugging: Special instruction for software breakpoint */ +#define KVM_REG_LOONGARCH_DEBUG_INST (KVM_REG_LOONGARCH_KVM | KVM_REG_SIZE_U64 | 3) #define LOONGARCH_REG_SHIFT 3 #define LOONGARCH_REG_64(TYPE, REG) (TYPE | KVM_REG_SIZE_U64 | (REG << LOONGARCH_REG_SHIFT)) diff --git a/linux-headers/asm-riscv/kvm.h b/linux-headers/asm-riscv/kvm.h index b1c503c2959..e878e7cc397 100644 --- a/linux-headers/asm-riscv/kvm.h +++ b/linux-headers/asm-riscv/kvm.h @@ -167,6 +167,7 @@ enum KVM_RISCV_ISA_EXT_ID { KVM_RISCV_ISA_EXT_ZFA, KVM_RISCV_ISA_EXT_ZTSO, KVM_RISCV_ISA_EXT_ZACAS, + KVM_RISCV_ISA_EXT_SSCOFPMF, KVM_RISCV_ISA_EXT_MAX, }; diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h index 31c95c2dfe4..1c8f9182348 100644 --- a/linux-headers/asm-x86/kvm.h +++ b/linux-headers/asm-x86/kvm.h @@ -695,6 +695,11 @@ enum sev_cmd_id { /* Second time is the charm; improved versions of the above ioctls. */ KVM_SEV_INIT2, + /* SNP-specific commands */ + KVM_SEV_SNP_LAUNCH_START = 100, + KVM_SEV_SNP_LAUNCH_UPDATE, + KVM_SEV_SNP_LAUNCH_FINISH, + KVM_SEV_NR_MAX, }; @@ -709,7 +714,9 @@ struct kvm_sev_cmd { struct kvm_sev_init { __u64 vmsa_features; __u32 flags; - __u32 pad[9]; + __u16 ghcb_version; + __u16 pad1; + __u32 pad2[8]; }; struct kvm_sev_launch_start { @@ -820,6 +827,48 @@ struct kvm_sev_receive_update_data { __u32 pad2; }; +struct kvm_sev_snp_launch_start { + __u64 policy; + __u8 gosvw[16]; + __u16 flags; + __u8 pad0[6]; + __u64 pad1[4]; +}; + +/* Kept in sync with firmware values for simplicity. */ +#define KVM_SEV_SNP_PAGE_TYPE_NORMAL 0x1 +#define KVM_SEV_SNP_PAGE_TYPE_ZERO 0x3 +#define KVM_SEV_SNP_PAGE_TYPE_UNMEASURED 0x4 +#define KVM_SEV_SNP_PAGE_TYPE_SECRETS 0x5 +#define KVM_SEV_SNP_PAGE_TYPE_CPUID 0x6 + +struct kvm_sev_snp_launch_update { + __u64 gfn_start; + __u64 uaddr; + __u64 len; + __u8 type; + __u8 pad0; + __u16 flags; + __u32 pad1; + __u64 pad2[4]; +}; + +#define KVM_SEV_SNP_ID_BLOCK_SIZE 96 +#define KVM_SEV_SNP_ID_AUTH_SIZE 4096 +#define KVM_SEV_SNP_FINISH_DATA_SIZE 32 + +struct kvm_sev_snp_launch_finish { + __u64 id_block_uaddr; + __u64 id_auth_uaddr; + __u8 id_block_en; + __u8 auth_key_en; + __u8 vcek_disabled; + __u8 host_data[KVM_SEV_SNP_FINISH_DATA_SIZE]; + __u8 pad0[3]; + __u16 flags; + __u64 pad1[4]; +}; + #define KVM_X2APIC_API_USE_32BIT_IDS (1ULL << 0) #define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK (1ULL << 1) @@ -870,5 +919,6 @@ struct kvm_hyperv_eventfd { #define KVM_X86_SW_PROTECTED_VM 1 #define KVM_X86_SEV_VM 2 #define KVM_X86_SEV_ES_VM 3 +#define KVM_X86_SNP_VM 4 #endif /* _ASM_X86_KVM_H */ diff --git a/linux-headers/linux/vhost.h b/linux-headers/linux/vhost.h index bea69739061..b95dd84eef2 100644 --- a/linux-headers/linux/vhost.h +++ b/linux-headers/linux/vhost.h @@ -179,12 +179,6 @@ /* Get the config size */ #define VHOST_VDPA_GET_CONFIG_SIZE _IOR(VHOST_VIRTIO, 0x79, __u32) -/* Get the count of all virtqueues */ -#define VHOST_VDPA_GET_VQS_COUNT _IOR(VHOST_VIRTIO, 0x80, __u32) - -/* Get the number of virtqueue groups. */ -#define VHOST_VDPA_GET_GROUP_NUM _IOR(VHOST_VIRTIO, 0x81, __u32) - /* Get the number of address spaces. */ #define VHOST_VDPA_GET_AS_NUM _IOR(VHOST_VIRTIO, 0x7A, unsigned int) @@ -228,10 +222,17 @@ #define VHOST_VDPA_GET_VRING_DESC_GROUP _IOWR(VHOST_VIRTIO, 0x7F, \ struct vhost_vring_state) + +/* Get the count of all virtqueues */ +#define VHOST_VDPA_GET_VQS_COUNT _IOR(VHOST_VIRTIO, 0x80, __u32) + +/* Get the number of virtqueue groups. */ +#define VHOST_VDPA_GET_GROUP_NUM _IOR(VHOST_VIRTIO, 0x81, __u32) + /* Get the queue size of a specific virtqueue. * userspace set the vring index in vhost_vring_state.index * kernel set the queue size in vhost_vring_state.num */ -#define VHOST_VDPA_GET_VRING_SIZE _IOWR(VHOST_VIRTIO, 0x80, \ +#define VHOST_VDPA_GET_VRING_SIZE _IOWR(VHOST_VIRTIO, 0x82, \ struct vhost_vring_state) #endif From patchwork Tue Jun 4 06:43:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684760 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 39D23C25B7E for ; Tue, 4 Jun 2024 06:46:22 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENus-000385-1W; Tue, 04 Jun 2024 02:45:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENup-00033l-NT for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:03 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENun-0007J2-OM for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483501; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+G34f1WIn8F8g0esxlR58hldLKEcQHT7tF7se0puCJI=; b=VbPCjMArkRUogkHFFIcF6Fas3AFNqRMqbW6YQr8yOaL+WP/J3jrT0XcaZLhkHpa5g2mjFt XyEOFfGy/ipDC//22bWga+LnysK+tzNMoVsGncCualqmTkTjTgjqY/4C0KRvqdsrNP1/gY O3/U/XS34Z071xKWGBYG8GP6nUQfZaw= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-656-omY619JeMNu15vszmYYeBw-1; Tue, 04 Jun 2024 02:44:59 -0400 X-MC-Unique: omY619JeMNu15vszmYYeBw-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-a68abbd0c78so160212266b.0 for ; Mon, 03 Jun 2024 23:44:59 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483498; x=1718088298; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+G34f1WIn8F8g0esxlR58hldLKEcQHT7tF7se0puCJI=; b=Bp2SHlHQnn+nsaBlMEvYNKdwXns74BF1gAcBHnVsvROe5RWD9jMRzPaBYtALMQTqmN 8JhiHzAdsloSi9Da47HF7jjmqByo80eeyIr82rXBnOy7qWfy+vJv4zVMi3iWgoih76Vx FH+6ea90Q9h6SDgfubOeUB/nFtc7lkvLh4MsPdD56e/23xWZT6VzqkS4FV/e8vLGOU9o Vvd6+Xtd+U9DW9hXSDoXiH3r0tPstw6PGUrjAcl28sUmMJyo/tgQj3gr+aSIWCUtdgP8 EbGyB8pubWhV1Wa9JiIxdAE/JXsx8/wRwEHpbA6jX0sUKOe+jdY5xheiCxBwjSONnqeU F34w== X-Gm-Message-State: AOJu0YyGmEOb/fn7Gh8npeqxQuaZyvdtX/Rx3xx3GYBkFNlS+6UoScF6 lG1hmueXbhJ9MuMmvab5k4EGiPDcIC0+UGXG9NAL/F9s4ILrQgZpL9s87Nefi4lKII1k7t0ByQC Vpur12jJFRnreSHkvP6z7JS0QLKBZupM+CORVtBMJM377uACgDJW+Ct86Lmm3w/AjuUHbmOcjev Ndmip7gYBLAhT9/AFtqDLFAAdPzM3Wy4q4Qniy X-Received: by 2002:a17:906:7f9a:b0:a5a:84c8:7710 with SMTP id a640c23a62f3a-a6822049b07mr677774066b.55.1717483497937; Mon, 03 Jun 2024 23:44:57 -0700 (PDT) X-Google-Smtp-Source: AGHT+IENOprgd/rraqUR8dY8/UEVkAlv6s3PO+OQwpvPxJMshqmlh/WuRruV2q7G4mznNta+Y0AQGw== X-Received: by 2002:a17:906:7f9a:b0:a5a:84c8:7710 with SMTP id a640c23a62f3a-a6822049b07mr677772766b.55.1717483497493; Mon, 03 Jun 2024 23:44:57 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68f56506dcsm324993966b.57.2024.06.03.23.44.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:44:55 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Thomas Huth Subject: [PULL 15/45] update-linux-headers: import linux/kvm_para.h header Date: Tue, 4 Jun 2024 08:43:39 +0200 Message-ID: <20240604064409.957105-16-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Right now QEMU is importing arch/x86/include/uapi/asm/kvm_para.h because it includes definitions for kvmclock and for KVM CPUID bits. However, other definitions for KVM hypercall values and return codes are included in include/uapi/linux/kvm_para.h and they will be used by SEV-SNP. To ensure that it is possible to include both and "standard-headers/asm-x86/kvm_para.h" without conflicts, provide linux/kvm_para.h as a portable header too, and forward linux-headers/ files to those in include/standard-headers. Note that will include architecture-specific definitions as well, but "standard-headers/linux/kvm_para.h" will not because it can be used in architecture-independent files. This could easily be extended to other architectures, but right now they do not need any symbol in their specific kvm_para.h files. Reviewed-by: Thomas Huth Signed-off-by: Paolo Bonzini --- include/standard-headers/linux/kvm_para.h | 38 +++++++++++++++++++++++ linux-headers/asm-x86/kvm_para.h | 1 + linux-headers/linux/kvm_para.h | 2 ++ scripts/update-linux-headers.sh | 22 ++++++++++++- 4 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 include/standard-headers/linux/kvm_para.h create mode 100644 linux-headers/asm-x86/kvm_para.h create mode 100644 linux-headers/linux/kvm_para.h diff --git a/include/standard-headers/linux/kvm_para.h b/include/standard-headers/linux/kvm_para.h new file mode 100644 index 00000000000..015c1663021 --- /dev/null +++ b/include/standard-headers/linux/kvm_para.h @@ -0,0 +1,38 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef __LINUX_KVM_PARA_H +#define __LINUX_KVM_PARA_H + +/* + * This header file provides a method for making a hypercall to the host + * Architectures should define: + * - kvm_hypercall0, kvm_hypercall1... + * - kvm_arch_para_features + * - kvm_para_available + */ + +/* Return values for hypercalls */ +#define KVM_ENOSYS 1000 +#define KVM_EFAULT EFAULT +#define KVM_EINVAL EINVAL +#define KVM_E2BIG E2BIG +#define KVM_EPERM EPERM +#define KVM_EOPNOTSUPP 95 + +#define KVM_HC_VAPIC_POLL_IRQ 1 +#define KVM_HC_MMU_OP 2 +#define KVM_HC_FEATURES 3 +#define KVM_HC_PPC_MAP_MAGIC_PAGE 4 +#define KVM_HC_KICK_CPU 5 +#define KVM_HC_MIPS_GET_CLOCK_FREQ 6 +#define KVM_HC_MIPS_EXIT_VM 7 +#define KVM_HC_MIPS_CONSOLE_OUTPUT 8 +#define KVM_HC_CLOCK_PAIRING 9 +#define KVM_HC_SEND_IPI 10 +#define KVM_HC_SCHED_YIELD 11 +#define KVM_HC_MAP_GPA_RANGE 12 + +/* + * hypercalls use architecture specific + */ + +#endif /* __LINUX_KVM_PARA_H */ diff --git a/linux-headers/asm-x86/kvm_para.h b/linux-headers/asm-x86/kvm_para.h new file mode 100644 index 00000000000..1d3e0e0b07a --- /dev/null +++ b/linux-headers/asm-x86/kvm_para.h @@ -0,0 +1 @@ +#include "standard-headers/asm-x86/kvm_para.h" diff --git a/linux-headers/linux/kvm_para.h b/linux-headers/linux/kvm_para.h new file mode 100644 index 00000000000..6a1e672259c --- /dev/null +++ b/linux-headers/linux/kvm_para.h @@ -0,0 +1,2 @@ +#include "standard-headers/linux/kvm_para.h" +#include diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh index 7e93acb3b5f..c34ac6454ef 100755 --- a/scripts/update-linux-headers.sh +++ b/scripts/update-linux-headers.sh @@ -63,6 +63,7 @@ cp_portable() { -e 'linux/kernel' \ -e 'linux/sysinfo' \ -e 'asm/setup_data.h' \ + -e 'asm/kvm_para.h' \ > /dev/null then echo "Unexpected #include in input file $f". @@ -70,6 +71,15 @@ cp_portable() { fi header=$(basename "$f"); + + if test -z "$arch"; then + # Let users of include/standard-headers/linux/ headers pick the + # asm-* header that they care about + arch_cmd='/]*\)>/d' + else + arch_cmd='s/]*\)>/"standard-headers\/asm-'$arch'\/\1"/' + fi + sed -e 's/__aligned_u64/__u64 __attribute__((aligned(8)))/g' \ -e 's/__u\([0-9][0-9]*\)/uint\1_t/g' \ -e 's/u\([0-9][0-9]*\)/uint\1_t/g' \ @@ -78,7 +88,7 @@ cp_portable() { -e 's/__be\([0-9][0-9]*\)/uint\1_t/g' \ -e 's/"\(input-event-codes\.h\)"/"standard-headers\/linux\/\1"/' \ -e 's/]*\)>/"standard-headers\/linux\/\1"/' \ - -e 's/]*\)>/"standard-headers\/asm-'$arch'\/\1"/' \ + -e "$arch_cmd" \ -e 's/__bitwise//' \ -e 's/__attribute__((packed))/QEMU_PACKED/' \ -e 's/__inline__/inline/' \ @@ -158,7 +168,12 @@ EOF cp "$hdrdir/include/asm/unistd_32.h" "$output/linux-headers/asm-x86/" cp "$hdrdir/include/asm/unistd_x32.h" "$output/linux-headers/asm-x86/" cp "$hdrdir/include/asm/unistd_64.h" "$output/linux-headers/asm-x86/" + cp_portable "$hdrdir/include/asm/kvm_para.h" "$output/include/standard-headers/asm-$arch" + cat <$output/linux-headers/asm-$arch/kvm_para.h +#include "standard-headers/asm-$arch/kvm_para.h" +EOF + # Remove everything except the macros from bootparam.h avoiding the # unnecessary import of several video/ist/etc headers sed -e '/__ASSEMBLY__/,/__ASSEMBLY__/d' \ @@ -208,6 +223,10 @@ if [ -d "$linux/LICENSES" ]; then done fi +cat <$output/linux-headers/linux/kvm_para.h +#include "standard-headers/linux/kvm_para.h" +#include +EOF cat <$output/linux-headers/linux/virtio_config.h #include "standard-headers/linux/virtio_config.h" EOF @@ -230,6 +249,7 @@ for i in "$hdrdir"/include/linux/*virtio*.h \ "$hdrdir/include/linux/ethtool.h" \ "$hdrdir/include/linux/const.h" \ "$hdrdir/include/linux/kernel.h" \ + "$hdrdir/include/linux/kvm_para.h" \ "$hdrdir/include/linux/vhost_types.h" \ "$hdrdir/include/linux/sysinfo.h"; do cp_portable "$i" "$output/include/standard-headers/linux" From patchwork Tue Jun 4 06:43:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684781 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 30DECC27C55 for ; Tue, 4 Jun 2024 06:49:30 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENut-0003Do-Qc; Tue, 04 Jun 2024 02:45:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENus-00038p-2m for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:06 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuq-0007Tx-AX for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483503; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MELx3a4wImL1JG8cbryKCbUuCn7aSkqRfzZzglKDbxQ=; b=EsHyXdk+H12fwf7gGkAbpwjMJd++uj1zzw4+ivLXBIW9imEmhccr3rXRPnpM80hqHf7ooo LLkn3jpHyrckBxi7Js4kBGxQqkthk2JidQt7UcWm1ggh2pc7mRzL4vU8ZiS/Y6IKm9ufRF 7zufxnTS5dOI69ESVv2KYiPXDP4pKlY= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-604-iSGYBXzwPqu0TDbJh4gRwQ-1; Tue, 04 Jun 2024 02:45:02 -0400 X-MC-Unique: iSGYBXzwPqu0TDbJh4gRwQ-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-a6840dde124so353556566b.1 for ; Mon, 03 Jun 2024 23:45:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483500; x=1718088300; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MELx3a4wImL1JG8cbryKCbUuCn7aSkqRfzZzglKDbxQ=; b=OJ01sZ186cZGH0x4QkGR2iA8pN2azLGvygWUcnFLkrl7RcWwKDfrgCk7CoW4K0OBRn Q0M7jKDyijFuubSFtwDOdy2jZ20LQqDRc7J70YKpAzDOAwbwi13iOSgPq4wDbqat10+L jgaBWgMIETlK2XxORXc6ejDk7CCeYv/dBnpnGWs/R5WUPXuufgEjox2NW98ObOtC99A/ ZgT+wSsby3LPr7grIW1rXZYCWmaZzkEtGqqS5OVWRnk8DRpEgTSphwSfNktfSMrihsv/ pvDuL2MWVhVdj0dG+NcKaZ6WX33NlNPzhmXA+MOuLLpfDcrDZtQjrRH8tJlHiVPW+alN BQ4w== X-Gm-Message-State: AOJu0YyriQYHe9are9sj/7ZQZ3TbrjOhPieAIrVhR+L0d8GZYBqTAYfw 8S40uHkdoF7kKdGnaGv0i6efyqiROqYGeBkKhlc0OVa/r29KuBj9PHYSTdDYyQWsXbDFUn/FBVe Q/OFYIPZNACTiKushqf3E9PK5MF+IJ3BXUJNDVMxtc+EPIBjNYeFhJnQbqpOwSlet/pglMFTk4d ajaHtTVW8pocHkta3xK8+eoXtpL6brvAKUnWSx X-Received: by 2002:a17:906:f299:b0:a59:c698:41ae with SMTP id a640c23a62f3a-a69545681d7mr130022966b.34.1717483500463; Mon, 03 Jun 2024 23:45:00 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF6Q+VT4oWH8leYvid1PjpB2EftMUvVziXppNecf89ZrhGIrNCKkOarmxQO4X8p/UNG0frFsQ== X-Received: by 2002:a17:906:f299:b0:a59:c698:41ae with SMTP id a640c23a62f3a-a69545681d7mr130021266b.34.1717483499960; Mon, 03 Jun 2024 23:44:59 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a691364322csm228016966b.109.2024.06.03.23.44.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:44:59 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PULL 16/45] machine: allow early use of machine_require_guest_memfd Date: Tue, 4 Jun 2024 08:43:40 +0200 Message-ID: <20240604064409.957105-17-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Ask the ConfidentialGuestSupport object whether to use guest_memfd for KVM-backend private memory. This bool can be set in instance_init (or user_complete) so that it is available when the machine is created. Signed-off-by: Paolo Bonzini --- include/exec/confidential-guest-support.h | 5 +++++ include/hw/boards.h | 1 - hw/core/machine.c | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/include/exec/confidential-guest-support.h b/include/exec/confidential-guest-support.h index e5b188cffbf..02dc4e518f0 100644 --- a/include/exec/confidential-guest-support.h +++ b/include/exec/confidential-guest-support.h @@ -31,6 +31,11 @@ OBJECT_DECLARE_TYPE(ConfidentialGuestSupport, struct ConfidentialGuestSupport { Object parent; + /* + * True if the machine should use guest_memfd for RAM. + */ + bool require_guest_memfd; + /* * ready: flag set by CGS initialization code once it's ready to * start executing instructions in a potentially-secure diff --git a/include/hw/boards.h b/include/hw/boards.h index 2fa800f11ae..73ad319d7da 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -375,7 +375,6 @@ struct MachineState { char *dt_compatible; bool dump_guest_core; bool mem_merge; - bool require_guest_memfd; bool usb; bool usb_disabled; char *firmware; diff --git a/hw/core/machine.c b/hw/core/machine.c index 17292b13e62..77a356f232f 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -1216,7 +1216,7 @@ bool machine_mem_merge(MachineState *machine) bool machine_require_guest_memfd(MachineState *machine) { - return machine->require_guest_memfd; + return machine->cgs && machine->cgs->require_guest_memfd; } static char *cpu_slot_to_string(const CPUArchId *cpu) From patchwork Tue Jun 4 06:43:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684792 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D6B13C27C53 for ; Tue, 4 Jun 2024 06:50:18 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENv3-0003Wn-1N; Tue, 04 Jun 2024 02:45:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuv-0003Lm-No for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:09 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENut-0007Uk-Oh for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483507; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gL7H6TrSHsDkCBwd59AyjrEB8aK2tm0LoE7ROoerM98=; b=Li655TP/RTa5WK0/dDnUt+LL/Wu0QZoCcjhb3+S4AmE/PsvJUq2awS+jOYm+wb1a+JmV/w pvsGTewNbW3lUhGD0lSdNV2rDFHnkuvIUceJo+IobNQYUjobIdE3a5x/pElxUY68NyA8g6 pean7eJoBWX03rGEsMQYS2sYRfUNzdc= Received: from mail-lj1-f200.google.com (mail-lj1-f200.google.com [209.85.208.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-688-sMieBnRZNti30nyL4XTAqw-1; Tue, 04 Jun 2024 02:45:05 -0400 X-MC-Unique: sMieBnRZNti30nyL4XTAqw-1 Received: by mail-lj1-f200.google.com with SMTP id 38308e7fff4ca-2ea91ce9225so34707141fa.3 for ; Mon, 03 Jun 2024 23:45:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483503; x=1718088303; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gL7H6TrSHsDkCBwd59AyjrEB8aK2tm0LoE7ROoerM98=; b=H6rKAkCxIjaRSQOPeOQSLnDVtZ/NEiEQaLrWmYBaYroCH6R7063qfEon9H5JzjS/vy OhpmW75PTYrl2VT2rXus3wfcrZ05t+9w1Tofh+uDS7/X8CnoUuL7a8aOi93WeAHiTDGO 0bmnOejnl2NJBv6ozCKzLXcUVsuuXBkKlhmJaimoRyqp0CrrR5zVCbunv54rzzR9wjnY amRCajDMt8VWlrNHLVZbkFT60P7rw9Kw+R6NsewsAgp7pqyGVdzomxWs5qOP+mVCzFpv gOCBzXG9R9+YnxB2RHvIGiAkv/aVc7o/kPKB76RY4FjZLq6DZcYOCMAKihPUrII+OUWF lgxQ== X-Gm-Message-State: AOJu0Yy+9bYqfnwJA5UbmtH7Q8i3qSKhdSRky08z2mjY6vVJN5ecSrTe +WooYQ9qKkdcoFuXUEIKoinaTGdXL7KMa07btckzbyCmuAzkEzyu/YPPxu02Qoo8O7UL5T+bS6Q bXxCaXrG3Vdrr7gOqLbOxul4F0ZXwTpzExGxCilQkfqwbTWCrkEa7Q4Szzlvdj38u/ofD6ixeLz PP9ZePr2N0aLe7C9IaQfdCfw3zp7HGen34yyyc X-Received: by 2002:a2e:3202:0:b0:2ea:83b1:bf70 with SMTP id 38308e7fff4ca-2ea951df832mr90800411fa.37.1717483503085; Mon, 03 Jun 2024 23:45:03 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHG2EFb3kpWeBCqXRCEX8l1FvNmNvGFoav8wXYBgU0trykJYsFWc6EhHUQLNDU52BsSkAXFtQ== X-Received: by 2002:a2e:3202:0:b0:2ea:83b1:bf70 with SMTP id 38308e7fff4ca-2ea951df832mr90800261fa.37.1717483502629; Mon, 03 Jun 2024 23:45:02 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68f8110912sm322669466b.17.2024.06.03.23.45.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:02 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Pankaj Gupta Subject: [PULL 17/45] i386/sev: Replace error_report with error_setg Date: Tue, 4 Jun 2024 08:43:41 +0200 Message-ID: <20240604064409.957105-18-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Pankaj Gupta Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-2-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index d30b68c11e4..67ed32e5ea9 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -952,13 +952,13 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) if (sev_es_enabled()) { if (!kvm_kernel_irqchip_allowed()) { - error_report("%s: SEV-ES guests require in-kernel irqchip support", - __func__); + error_setg(errp, "%s: SEV-ES guests require in-kernel irqchip" + "support", __func__); goto err; } if (!(status.flags & SEV_STATUS_FLAGS_CONFIG_ES)) { - error_report("%s: guest policy requires SEV-ES, but " + error_setg(errp, "%s: guest policy requires SEV-ES, but " "host SEV-ES support unavailable", __func__); goto err; From patchwork Tue Jun 4 06:43:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684771 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 86064C27C52 for ; Tue, 4 Jun 2024 06:47:23 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENv3-0003ab-Jz; Tue, 04 Jun 2024 02:45:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENv0-0003Qy-RK for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:14 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuw-0007Vp-Pr for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483510; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qT4lx0hXwBoH3iO8Z5ckHNy8tb53i2gxGziTfxvq2x8=; b=AAgJ4c7iBnGddFMCI9CNclRtKpbWNtY+NzW750lcEmQ7ne4DkgPkLztqRP9/rcjxRY8ZDx eKAkNMw5EdDfkCUc0EOYoxNAnHygSbc51l/HAgLgaqdZkSTgXptSK3Q2F2vjc9V0Y6/ZEb t5OCQFldfESErLYmRMoPsfO6lbuWZBE= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-116-NithIj0iPoCFiueC96KCfA-1; Tue, 04 Jun 2024 02:45:08 -0400 X-MC-Unique: NithIj0iPoCFiueC96KCfA-1 Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-a68c8de89d3so127210066b.1 for ; Mon, 03 Jun 2024 23:45:08 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483507; x=1718088307; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qT4lx0hXwBoH3iO8Z5ckHNy8tb53i2gxGziTfxvq2x8=; b=XqUxEydPgWq0xzllBPxLGNkslmE/1x65aWTAdwhQjhcloDSqk/8P0MpH/3SWkSOrNB le7KWh44WXNx2JaFqkJGM9Qw9XFGKYEwA6D0xjj2dME8TxWi9kD/IdPk79H8krSCCvMw nmXnV5QqPUPnh0XkQV/tuvYQfTsq0KG5Sg43uFeqDT2zlkT4Jbsl6uk2IYZDCSn1FxOf EfeThK+LPSKEZ+R5xIKXQTTL4gyyjVtm/QVrLA9Z3korkcMrKnG3jrRc24UpoRzI/NCg ucqsPTDH4V2+LjY6soKj9cWIoCw0quGLSf4tCDqUO7k0SOl4uP6F5uXUhLuPr+e8dJ34 i01A== X-Gm-Message-State: AOJu0YxkqZlD4S1ooXeAy4nkSD2k8SCprOXlyc+OrMx63LUvMV5k+a9k 2grkIsxqAsJZyS6lurOE1nAGb2G2p4IG6SwJpDcoRJ9gtrtiewmYF5y/6iq53sC75iRS+I2a0Pc VqNkQe/mxSv3vv5HcBEPTORXUvMA/FVqUOpCv5MNWWkWOXwmDFQWjiYjK1izEXmpYYcXUQqMeKp cymkoGo/NKDDiZDnKgrn9Ny3w9otzS4jU3gHrD X-Received: by 2002:a17:906:c38b:b0:a68:aaee:5fe6 with SMTP id a640c23a62f3a-a68aaee6145mr423016266b.38.1717483506469; Mon, 03 Jun 2024 23:45:06 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEGBoz7EiGeJUuSQLJrINW9NDYbnSuTgX/nl6PdpuTY0fGqVFj2T7u4rL/Q5dMr+r40TqV0KQ== X-Received: by 2002:a17:906:c38b:b0:a68:aaee:5fe6 with SMTP id a640c23a62f3a-a68aaee6145mr423014566b.38.1717483505849; Mon, 03 Jun 2024 23:45:05 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68c7892dd5sm411802766b.43.2024.06.03.23.45.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:04 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Michael Roth , Dov Murik , Markus Armbruster , Pankaj Gupta Subject: [PULL 18/45] i386/sev: Introduce "sev-common" type to encapsulate common SEV state Date: Tue, 4 Jun 2024 08:43:42 +0200 Message-ID: <20240604064409.957105-19-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Michael Roth Currently all SEV/SEV-ES functionality is managed through a single 'sev-guest' QOM type. With upcoming support for SEV-SNP, taking this same approach won't work well since some of the properties/state managed by 'sev-guest' is not applicable to SEV-SNP, which will instead rely on a new QOM type with its own set of properties/state. To prepare for this, this patch moves common state into an abstract 'sev-common' parent type to encapsulate properties/state that are common to both SEV/SEV-ES and SEV-SNP, leaving only SEV/SEV-ES-specific properties/state in the current 'sev-guest' type. This should not affect current behavior or command-line options. As part of this patch, some related changes are also made: - a static 'sev_guest' variable is currently used to keep track of the 'sev-guest' instance. SEV-SNP would similarly introduce an 'sev_snp_guest' static variable. But these instances are now available via qdev_get_machine()->cgs, so switch to using that instead and drop the static variable. - 'sev_guest' is currently used as the name for the static variable holding a pointer to the 'sev-guest' instance. Re-purpose the name as a local variable referring the 'sev-guest' instance, and use that consistently throughout the code so it can be easily distinguished from sev-common/sev-snp-guest instances. - 'sev' is generally used as the name for local variables holding a pointer to the 'sev-guest' instance. In cases where that now points to common state, use the name 'sev_common'; in cases where that now points to state specific to 'sev-guest' instance, use the name 'sev_guest' In order to enable kernel-hashes for SNP, pull it from SevGuestProperties to its parent SevCommonProperties so it will be available for both SEV and SNP. Signed-off-by: Michael Roth Co-developed-by: Dov Murik Signed-off-by: Dov Murik Acked-by: Markus Armbruster (QAPI schema) Co-developed-by: Pankaj Gupta Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-5-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- qapi/qom.json | 40 ++-- target/i386/sev.h | 3 + target/i386/sev.c | 493 ++++++++++++++++++++++++++-------------------- 3 files changed, 303 insertions(+), 233 deletions(-) diff --git a/qapi/qom.json b/qapi/qom.json index 38dde6d785a..056b38f491b 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -875,20 +875,12 @@ 'data': { '*filename': 'str' } } ## -# @SevGuestProperties: +# @SevCommonProperties: # -# Properties for sev-guest objects. +# Properties common to objects that are derivatives of sev-common. # # @sev-device: SEV device to use (default: "/dev/sev") # -# @dh-cert-file: guest owners DH certificate (encoded with base64) -# -# @session-file: guest owners session parameters (encoded with base64) -# -# @policy: SEV policy value (default: 0x1) -# -# @handle: SEV firmware handle (default: 0) -# # @cbitpos: C-bit location in page table entry (default: 0) # # @reduced-phys-bits: number of bits in physical addresses that become @@ -898,6 +890,27 @@ # designated guest firmware page for measured boot with -kernel # (default: false) (since 6.2) # +# Since: 9.1 +## +{ 'struct': 'SevCommonProperties', + 'data': { '*sev-device': 'str', + '*cbitpos': 'uint32', + 'reduced-phys-bits': 'uint32', + '*kernel-hashes': 'bool' } } + +## +# @SevGuestProperties: +# +# Properties for sev-guest objects. +# +# @dh-cert-file: guest owners DH certificate (encoded with base64) +# +# @session-file: guest owners session parameters (encoded with base64) +# +# @policy: SEV policy value (default: 0x1) +# +# @handle: SEV firmware handle (default: 0) +# # @legacy-vm-type: Use legacy KVM_SEV_INIT KVM interface for creating the VM. # The newer KVM_SEV_INIT2 interface syncs additional vCPU # state when initializing the VMSA structures, which will @@ -909,14 +922,11 @@ # Since: 2.12 ## { 'struct': 'SevGuestProperties', - 'data': { '*sev-device': 'str', - '*dh-cert-file': 'str', + 'base': 'SevCommonProperties', + 'data': { '*dh-cert-file': 'str', '*session-file': 'str', '*policy': 'uint32', '*handle': 'uint32', - '*cbitpos': 'uint32', - 'reduced-phys-bits': 'uint32', - '*kernel-hashes': 'bool', '*legacy-vm-type': 'bool' } } ## diff --git a/target/i386/sev.h b/target/i386/sev.h index 9e10d09539a..668374eef31 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -20,6 +20,9 @@ #include "exec/confidential-guest-support.h" +#define TYPE_SEV_COMMON "sev-common" +#define TYPE_SEV_GUEST "sev-guest" + #define SEV_POLICY_NODBG 0x1 #define SEV_POLICY_NOKS 0x2 #define SEV_POLICY_ES 0x4 diff --git a/target/i386/sev.c b/target/i386/sev.c index 67ed32e5ea9..33e606eea00 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -40,9 +40,36 @@ #include "hw/i386/pc.h" #include "exec/address-spaces.h" -#define TYPE_SEV_GUEST "sev-guest" -OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST) +OBJECT_DECLARE_TYPE(SevCommonState, SevCommonStateClass, SEV_COMMON) +OBJECT_DECLARE_TYPE(SevGuestState, SevCommonStateClass, SEV_GUEST) +struct SevCommonState { + X86ConfidentialGuest parent_obj; + + int kvm_type; + + /* configuration parameters */ + char *sev_device; + uint32_t cbitpos; + uint32_t reduced_phys_bits; + bool kernel_hashes; + + /* runtime state */ + uint8_t api_major; + uint8_t api_minor; + uint8_t build_id; + int sev_fd; + SevState state; + + uint32_t reset_cs; + uint32_t reset_ip; + bool reset_data_valid; +}; + +struct SevCommonStateClass { + X86ConfidentialGuestClass parent_class; + +}; /** * SevGuestState: @@ -55,32 +82,15 @@ OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST) * -machine ...,memory-encryption=sev0 */ struct SevGuestState { - X86ConfidentialGuest parent_obj; - - int kvm_type; + SevCommonState parent_obj; + gchar *measurement; /* configuration parameters */ - char *sev_device; + uint32_t handle; uint32_t policy; char *dh_cert_file; char *session_file; - uint32_t cbitpos; - uint32_t reduced_phys_bits; - bool kernel_hashes; bool legacy_vm_type; - - /* runtime state */ - uint32_t handle; - uint8_t api_major; - uint8_t api_minor; - uint8_t build_id; - int sev_fd; - SevState state; - gchar *measurement; - - uint32_t reset_cs; - uint32_t reset_ip; - bool reset_data_valid; }; #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ @@ -128,7 +138,6 @@ typedef struct QEMU_PACKED PaddedSevHashTable { QEMU_BUILD_BUG_ON(sizeof(PaddedSevHashTable) % 16 != 0); -static SevGuestState *sev_guest; static Error *sev_mig_blocker; static const char *const sev_fw_errlist[] = { @@ -209,21 +218,21 @@ fw_error_to_str(int code) } static bool -sev_check_state(const SevGuestState *sev, SevState state) +sev_check_state(const SevCommonState *sev_common, SevState state) { - assert(sev); - return sev->state == state ? true : false; + assert(sev_common); + return sev_common->state == state ? true : false; } static void -sev_set_guest_state(SevGuestState *sev, SevState new_state) +sev_set_guest_state(SevCommonState *sev_common, SevState new_state) { assert(new_state < SEV_STATE__MAX); - assert(sev); + assert(sev_common); - trace_kvm_sev_change_state(SevState_str(sev->state), + trace_kvm_sev_change_state(SevState_str(sev_common->state), SevState_str(new_state)); - sev->state = new_state; + sev_common->state = new_state; } static void @@ -290,121 +299,61 @@ static struct RAMBlockNotifier sev_ram_notifier = { .ram_block_removed = sev_ram_block_removed, }; -static void -sev_guest_finalize(Object *obj) -{ -} - -static char * -sev_guest_get_session_file(Object *obj, Error **errp) -{ - SevGuestState *s = SEV_GUEST(obj); - - return s->session_file ? g_strdup(s->session_file) : NULL; -} - -static void -sev_guest_set_session_file(Object *obj, const char *value, Error **errp) -{ - SevGuestState *s = SEV_GUEST(obj); - - s->session_file = g_strdup(value); -} - -static char * -sev_guest_get_dh_cert_file(Object *obj, Error **errp) -{ - SevGuestState *s = SEV_GUEST(obj); - - return g_strdup(s->dh_cert_file); -} - -static void -sev_guest_set_dh_cert_file(Object *obj, const char *value, Error **errp) -{ - SevGuestState *s = SEV_GUEST(obj); - - s->dh_cert_file = g_strdup(value); -} - -static char * -sev_guest_get_sev_device(Object *obj, Error **errp) -{ - SevGuestState *sev = SEV_GUEST(obj); - - return g_strdup(sev->sev_device); -} - -static void -sev_guest_set_sev_device(Object *obj, const char *value, Error **errp) -{ - SevGuestState *sev = SEV_GUEST(obj); - - sev->sev_device = g_strdup(value); -} - -static bool sev_guest_get_kernel_hashes(Object *obj, Error **errp) -{ - SevGuestState *sev = SEV_GUEST(obj); - - return sev->kernel_hashes; -} - -static void sev_guest_set_kernel_hashes(Object *obj, bool value, Error **errp) -{ - SevGuestState *sev = SEV_GUEST(obj); - - sev->kernel_hashes = value; -} - -static bool sev_guest_get_legacy_vm_type(Object *obj, Error **errp) -{ - return SEV_GUEST(obj)->legacy_vm_type; -} - -static void sev_guest_set_legacy_vm_type(Object *obj, bool value, Error **errp) -{ - SEV_GUEST(obj)->legacy_vm_type = value; -} - bool sev_enabled(void) { - return !!sev_guest; + ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; + + return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_COMMON); } bool sev_es_enabled(void) { - return sev_enabled() && (sev_guest->policy & SEV_POLICY_ES); + ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; + + return sev_enabled() && (SEV_GUEST(cgs)->policy & SEV_POLICY_ES); } uint32_t sev_get_cbit_position(void) { - return sev_guest ? sev_guest->cbitpos : 0; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + + return sev_common ? sev_common->cbitpos : 0; } uint32_t sev_get_reduced_phys_bits(void) { - return sev_guest ? sev_guest->reduced_phys_bits : 0; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + + return sev_common ? sev_common->reduced_phys_bits : 0; } static SevInfo *sev_get_info(void) { SevInfo *info; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + SevGuestState *sev_guest = + (SevGuestState *)object_dynamic_cast(OBJECT(sev_common), + TYPE_SEV_GUEST); info = g_new0(SevInfo, 1); info->enabled = sev_enabled(); if (info->enabled) { - info->api_major = sev_guest->api_major; - info->api_minor = sev_guest->api_minor; - info->build_id = sev_guest->build_id; - info->policy = sev_guest->policy; - info->state = sev_guest->state; - info->handle = sev_guest->handle; + if (sev_guest) { + info->handle = sev_guest->handle; + } + info->api_major = sev_common->api_major; + info->api_minor = sev_common->api_minor; + info->build_id = sev_common->build_id; + info->state = sev_common->state; + /* we only report the lower 32-bits of policy for SNP, ok for now... */ + info->policy = + (uint32_t)object_property_get_uint(OBJECT(sev_common), + "policy", NULL); } return info; @@ -530,6 +479,8 @@ static SevCapability *sev_get_capabilities(Error **errp) size_t pdh_len = 0, cert_chain_len = 0, cpu0_id_len = 0; uint32_t ebx; int fd; + SevCommonState *sev_common; + char *sev_device; if (!kvm_enabled()) { error_setg(errp, "KVM not enabled"); @@ -540,12 +491,21 @@ static SevCapability *sev_get_capabilities(Error **errp) return NULL; } - fd = open(DEFAULT_SEV_DEVICE, O_RDWR); + sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + if (!sev_common) { + error_setg(errp, "SEV is not configured"); + } + + sev_device = object_property_get_str(OBJECT(sev_common), "sev-device", + &error_abort); + fd = open(sev_device, O_RDWR); if (fd < 0) { error_setg_errno(errp, errno, "SEV: Failed to open %s", DEFAULT_SEV_DEVICE); + g_free(sev_device); return NULL; } + g_free(sev_device); if (sev_get_pdh_info(fd, &pdh_data, &pdh_len, &cert_chain_data, &cert_chain_len, errp)) { @@ -588,7 +548,7 @@ static SevAttestationReport *sev_get_attestation_report(const char *mnonce, { struct kvm_sev_attestation_report input = {}; SevAttestationReport *report = NULL; - SevGuestState *sev = sev_guest; + SevCommonState *sev_common; g_autofree guchar *data = NULL; g_autofree guchar *buf = NULL; gsize len; @@ -613,8 +573,10 @@ static SevAttestationReport *sev_get_attestation_report(const char *mnonce, return NULL; } + sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + /* Query the report length */ - ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, &input, &err); if (ret < 0) { if (err != SEV_RET_INVALID_LEN) { @@ -630,7 +592,7 @@ static SevAttestationReport *sev_get_attestation_report(const char *mnonce, memcpy(input.mnonce, buf, sizeof(input.mnonce)); /* Query the report */ - ret = sev_ioctl(sev->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_GET_ATTESTATION_REPORT, &input, &err); if (ret) { error_setg_errno(errp, errno, "SEV: Failed to get attestation report" @@ -670,26 +632,27 @@ sev_read_file_base64(const char *filename, guchar **data, gsize *len) } static int -sev_launch_start(SevGuestState *sev) +sev_launch_start(SevGuestState *sev_guest) { gsize sz; int ret = 1; int fw_error, rc; struct kvm_sev_launch_start start = { - .handle = sev->handle, .policy = sev->policy + .handle = sev_guest->handle, .policy = sev_guest->policy }; guchar *session = NULL, *dh_cert = NULL; + SevCommonState *sev_common = SEV_COMMON(sev_guest); - if (sev->session_file) { - if (sev_read_file_base64(sev->session_file, &session, &sz) < 0) { + if (sev_guest->session_file) { + if (sev_read_file_base64(sev_guest->session_file, &session, &sz) < 0) { goto out; } start.session_uaddr = (unsigned long)session; start.session_len = sz; } - if (sev->dh_cert_file) { - if (sev_read_file_base64(sev->dh_cert_file, &dh_cert, &sz) < 0) { + if (sev_guest->dh_cert_file) { + if (sev_read_file_base64(sev_guest->dh_cert_file, &dh_cert, &sz) < 0) { goto out; } start.dh_uaddr = (unsigned long)dh_cert; @@ -697,15 +660,15 @@ sev_launch_start(SevGuestState *sev) } trace_kvm_sev_launch_start(start.policy, session, dh_cert); - rc = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_START, &start, &fw_error); + rc = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_START, &start, &fw_error); if (rc < 0) { error_report("%s: LAUNCH_START ret=%d fw_error=%d '%s'", __func__, ret, fw_error, fw_error_to_str(fw_error)); goto out; } - sev_set_guest_state(sev, SEV_STATE_LAUNCH_UPDATE); - sev->handle = start.handle; + sev_set_guest_state(sev_common, SEV_STATE_LAUNCH_UPDATE); + sev_guest->handle = start.handle; ret = 0; out: @@ -715,7 +678,7 @@ out: } static int -sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len) +sev_launch_update_data(SevGuestState *sev_guest, uint8_t *addr, uint64_t len) { int ret, fw_error; struct kvm_sev_launch_update_data update; @@ -727,7 +690,7 @@ sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len) update.uaddr = (uintptr_t)addr; update.len = len; trace_kvm_sev_launch_update_data(addr, len); - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, + ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, &update, &fw_error); if (ret) { error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'", @@ -738,11 +701,12 @@ sev_launch_update_data(SevGuestState *sev, uint8_t *addr, uint64_t len) } static int -sev_launch_update_vmsa(SevGuestState *sev) +sev_launch_update_vmsa(SevGuestState *sev_guest) { int ret, fw_error; - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL, &fw_error); + ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_UPDATE_VMSA, + NULL, &fw_error); if (ret) { error_report("%s: LAUNCH_UPDATE_VMSA ret=%d fw_error=%d '%s'", __func__, ret, fw_error, fw_error_to_str(fw_error)); @@ -754,18 +718,19 @@ sev_launch_update_vmsa(SevGuestState *sev) static void sev_launch_get_measure(Notifier *notifier, void *unused) { - SevGuestState *sev = sev_guest; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + SevGuestState *sev_guest = SEV_GUEST(sev_common); int ret, error; g_autofree guchar *data = NULL; struct kvm_sev_launch_measure measurement = {}; - if (!sev_check_state(sev, SEV_STATE_LAUNCH_UPDATE)) { + if (!sev_check_state(sev_common, SEV_STATE_LAUNCH_UPDATE)) { return; } if (sev_es_enabled()) { /* measure all the VM save areas before getting launch_measure */ - ret = sev_launch_update_vmsa(sev); + ret = sev_launch_update_vmsa(sev_guest); if (ret) { exit(1); } @@ -773,7 +738,7 @@ sev_launch_get_measure(Notifier *notifier, void *unused) } /* query the measurement blob length */ - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_MEASURE, &measurement, &error); if (!measurement.len) { error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", @@ -785,7 +750,7 @@ sev_launch_get_measure(Notifier *notifier, void *unused) measurement.uaddr = (unsigned long)data; /* get the measurement blob */ - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_MEASURE, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_MEASURE, &measurement, &error); if (ret) { error_report("%s: LAUNCH_MEASURE ret=%d fw_error=%d '%s'", @@ -793,17 +758,19 @@ sev_launch_get_measure(Notifier *notifier, void *unused) return; } - sev_set_guest_state(sev, SEV_STATE_LAUNCH_SECRET); + sev_set_guest_state(sev_common, SEV_STATE_LAUNCH_SECRET); /* encode the measurement value and emit the event */ - sev->measurement = g_base64_encode(data, measurement.len); - trace_kvm_sev_launch_measurement(sev->measurement); + sev_guest->measurement = g_base64_encode(data, measurement.len); + trace_kvm_sev_launch_measurement(sev_guest->measurement); } static char *sev_get_launch_measurement(void) { + SevGuestState *sev_guest = SEV_GUEST(MACHINE(qdev_get_machine())->cgs); + if (sev_guest && - sev_guest->state >= SEV_STATE_LAUNCH_SECRET) { + SEV_COMMON(sev_guest)->state >= SEV_STATE_LAUNCH_SECRET) { return g_strdup(sev_guest->measurement); } @@ -832,19 +799,20 @@ static Notifier sev_machine_done_notify = { }; static void -sev_launch_finish(SevGuestState *sev) +sev_launch_finish(SevGuestState *sev_guest) { int ret, error; trace_kvm_sev_launch_finish(); - ret = sev_ioctl(sev->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, &error); + ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, + &error); if (ret) { error_report("%s: LAUNCH_FINISH ret=%d fw_error=%d '%s'", __func__, ret, error, fw_error_to_str(error)); exit(1); } - sev_set_guest_state(sev, SEV_STATE_RUNNING); + sev_set_guest_state(SEV_COMMON(sev_guest), SEV_STATE_RUNNING); /* add migration blocker */ error_setg(&sev_mig_blocker, @@ -855,38 +823,40 @@ sev_launch_finish(SevGuestState *sev) static void sev_vm_state_change(void *opaque, bool running, RunState state) { - SevGuestState *sev = opaque; + SevCommonState *sev_common = opaque; if (running) { - if (!sev_check_state(sev, SEV_STATE_RUNNING)) { - sev_launch_finish(sev); + if (!sev_check_state(sev_common, SEV_STATE_RUNNING)) { + sev_launch_finish(SEV_GUEST(sev_common)); } } } static int sev_kvm_type(X86ConfidentialGuest *cg) { - SevGuestState *sev = SEV_GUEST(cg); + SevCommonState *sev_common = SEV_COMMON(cg); + SevGuestState *sev_guest = SEV_GUEST(sev_common); int kvm_type; - if (sev->kvm_type != -1) { + if (sev_common->kvm_type != -1) { goto out; } - kvm_type = (sev->policy & SEV_POLICY_ES) ? KVM_X86_SEV_ES_VM : KVM_X86_SEV_VM; - if (kvm_is_vm_type_supported(kvm_type) && !sev->legacy_vm_type) { - sev->kvm_type = kvm_type; + kvm_type = (sev_guest->policy & SEV_POLICY_ES) ? + KVM_X86_SEV_ES_VM : KVM_X86_SEV_VM; + if (kvm_is_vm_type_supported(kvm_type) && !sev_guest->legacy_vm_type) { + sev_common->kvm_type = kvm_type; } else { - sev->kvm_type = KVM_X86_DEFAULT_VM; + sev_common->kvm_type = KVM_X86_DEFAULT_VM; } out: - return sev->kvm_type; + return sev_common->kvm_type; } static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { - SevGuestState *sev = SEV_GUEST(cgs); + SevCommonState *sev_common = SEV_COMMON(cgs); char *devname; int ret, fw_error, cmd; uint32_t ebx; @@ -899,8 +869,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) return -1; } - sev_guest = sev; - sev->state = SEV_STATE_UNINIT; + sev_common->state = SEV_STATE_UNINIT; host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); host_cbitpos = ebx & 0x3f; @@ -910,9 +879,9 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) * register of CPUID 0x8000001F. No need to verify the range as the * comparison against the host value accomplishes that. */ - if (host_cbitpos != sev->cbitpos) { + if (host_cbitpos != sev_common->cbitpos) { error_setg(errp, "%s: cbitpos check failed, host '%d' requested '%d'", - __func__, host_cbitpos, sev->cbitpos); + __func__, host_cbitpos, sev_common->cbitpos); goto err; } @@ -921,16 +890,17 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) * the EBX register of CPUID 0x8000001F, so verify the supplied value * is in the range of 1 to 63. */ - if (sev->reduced_phys_bits < 1 || sev->reduced_phys_bits > 63) { + if (sev_common->reduced_phys_bits < 1 || + sev_common->reduced_phys_bits > 63) { error_setg(errp, "%s: reduced_phys_bits check failed," " it should be in the range of 1 to 63, requested '%d'", - __func__, sev->reduced_phys_bits); + __func__, sev_common->reduced_phys_bits); goto err; } - devname = object_property_get_str(OBJECT(sev), "sev-device", NULL); - sev->sev_fd = open(devname, O_RDWR); - if (sev->sev_fd < 0) { + devname = object_property_get_str(OBJECT(sev_common), "sev-device", NULL); + sev_common->sev_fd = open(devname, O_RDWR); + if (sev_common->sev_fd < 0) { error_setg(errp, "%s: Failed to open %s '%s'", __func__, devname, strerror(errno)); g_free(devname); @@ -938,7 +908,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } g_free(devname); - ret = sev_platform_ioctl(sev->sev_fd, SEV_PLATFORM_STATUS, &status, + ret = sev_platform_ioctl(sev_common->sev_fd, SEV_PLATFORM_STATUS, &status, &fw_error); if (ret) { error_setg(errp, "%s: failed to get platform status ret=%d " @@ -946,9 +916,9 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) fw_error_to_str(fw_error)); goto err; } - sev->build_id = status.build; - sev->api_major = status.api_major; - sev->api_minor = status.api_minor; + sev_common->build_id = status.build; + sev_common->api_major = status.api_major; + sev_common->api_minor = status.api_minor; if (sev_es_enabled()) { if (!kvm_kernel_irqchip_allowed()) { @@ -966,14 +936,14 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } trace_kvm_sev_init(); - if (sev_kvm_type(X86_CONFIDENTIAL_GUEST(sev)) == KVM_X86_DEFAULT_VM) { + if (sev_kvm_type(X86_CONFIDENTIAL_GUEST(sev_common)) == KVM_X86_DEFAULT_VM) { cmd = sev_es_enabled() ? KVM_SEV_ES_INIT : KVM_SEV_INIT; - ret = sev_ioctl(sev->sev_fd, cmd, NULL, &fw_error); + ret = sev_ioctl(sev_common->sev_fd, cmd, NULL, &fw_error); } else { struct kvm_sev_init args = { 0 }; - ret = sev_ioctl(sev->sev_fd, KVM_SEV_INIT2, &args, &fw_error); + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_INIT2, &args, &fw_error); } if (ret) { @@ -982,7 +952,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) goto err; } - ret = sev_launch_start(sev); + sev_launch_start(SEV_GUEST(sev_common)); if (ret) { error_setg(errp, "%s: failed to create encryption context", __func__); goto err; @@ -990,13 +960,12 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) ram_block_notifier_add(&sev_ram_notifier); qemu_add_machine_init_done_notifier(&sev_machine_done_notify); - qemu_add_vm_change_state_handler(sev_vm_state_change, sev); + qemu_add_vm_change_state_handler(sev_vm_state_change, sev_common); cgs->ready = true; return 0; err: - sev_guest = NULL; ram_block_discard_disable(false); return -1; } @@ -1004,13 +973,15 @@ err: int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) { - if (!sev_guest) { + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + + if (!sev_common) { return 0; } /* if SEV is in update state then encrypt the data else do nothing */ - if (sev_check_state(sev_guest, SEV_STATE_LAUNCH_UPDATE)) { - int ret = sev_launch_update_data(sev_guest, ptr, len); + if (sev_check_state(sev_common, SEV_STATE_LAUNCH_UPDATE)) { + int ret = sev_launch_update_data(SEV_GUEST(sev_common), ptr, len); if (ret < 0) { error_setg(errp, "SEV: Failed to encrypt pflash rom"); return ret; @@ -1030,16 +1001,17 @@ int sev_inject_launch_secret(const char *packet_hdr, const char *secret, void *hva; gsize hdr_sz = 0, data_sz = 0; MemoryRegion *mr = NULL; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); - if (!sev_guest) { + if (!sev_common) { error_setg(errp, "SEV not enabled for guest"); return 1; } /* secret can be injected only in this state */ - if (!sev_check_state(sev_guest, SEV_STATE_LAUNCH_SECRET)) { + if (!sev_check_state(sev_common, SEV_STATE_LAUNCH_SECRET)) { error_setg(errp, "SEV: Not in correct state. (LSECRET) %x", - sev_guest->state); + sev_common->state); return 1; } @@ -1073,7 +1045,7 @@ int sev_inject_launch_secret(const char *packet_hdr, const char *secret, trace_kvm_sev_launch_secret(gpa, input.guest_uaddr, input.trans_uaddr, input.trans_len); - ret = sev_ioctl(sev_guest->sev_fd, KVM_SEV_LAUNCH_SECRET, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_SECRET, &input, &error); if (ret) { error_setg(errp, "SEV: failed to inject secret ret=%d fw_error=%d '%s'", @@ -1180,9 +1152,10 @@ void sev_es_set_reset_vector(CPUState *cpu) { X86CPU *x86; CPUX86State *env; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); /* Only update if we have valid reset information */ - if (!sev_guest || !sev_guest->reset_data_valid) { + if (!sev_common || !sev_common->reset_data_valid) { return; } @@ -1194,11 +1167,11 @@ void sev_es_set_reset_vector(CPUState *cpu) x86 = X86_CPU(cpu); env = &x86->env; - cpu_x86_load_seg_cache(env, R_CS, 0xf000, sev_guest->reset_cs, 0xffff, + cpu_x86_load_seg_cache(env, R_CS, 0xf000, sev_common->reset_cs, 0xffff, DESC_P_MASK | DESC_S_MASK | DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK); - env->eip = sev_guest->reset_ip; + env->eip = sev_common->reset_ip; } int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size) @@ -1206,6 +1179,7 @@ int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size) CPUState *cpu; uint32_t addr; int ret; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); if (!sev_es_enabled()) { return 0; @@ -1219,9 +1193,9 @@ int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size) } if (addr) { - sev_guest->reset_cs = addr & 0xffff0000; - sev_guest->reset_ip = addr & 0x0000ffff; - sev_guest->reset_data_valid = true; + sev_common->reset_cs = addr & 0xffff0000; + sev_common->reset_ip = addr & 0x0000ffff; + sev_common->reset_data_valid = true; CPU_FOREACH(cpu) { sev_es_set_reset_vector(cpu); @@ -1267,12 +1241,13 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) hwaddr mapped_len = sizeof(*padded_ht); MemTxAttrs attrs = { 0 }; bool ret = true; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); /* * Only add the kernel hashes if the sev-guest configuration explicitly * stated kernel-hashes=on. */ - if (!sev_guest->kernel_hashes) { + if (!sev_common->kernel_hashes) { return false; } @@ -1363,8 +1338,30 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) return ret; } +static char * +sev_common_get_sev_device(Object *obj, Error **errp) +{ + return g_strdup(SEV_COMMON(obj)->sev_device); +} + static void -sev_guest_class_init(ObjectClass *oc, void *data) +sev_common_set_sev_device(Object *obj, const char *value, Error **errp) +{ + SEV_COMMON(obj)->sev_device = g_strdup(value); +} + +static bool sev_common_get_kernel_hashes(Object *obj, Error **errp) +{ + return SEV_COMMON(obj)->kernel_hashes; +} + +static void sev_common_set_kernel_hashes(Object *obj, bool value, Error **errp) +{ + SEV_COMMON(obj)->kernel_hashes = value; +} + +static void +sev_common_class_init(ObjectClass *oc, void *data) { ConfidentialGuestSupportClass *klass = CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc); X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); @@ -1373,10 +1370,87 @@ sev_guest_class_init(ObjectClass *oc, void *data) x86_klass->kvm_type = sev_kvm_type; object_class_property_add_str(oc, "sev-device", - sev_guest_get_sev_device, - sev_guest_set_sev_device); + sev_common_get_sev_device, + sev_common_set_sev_device); object_class_property_set_description(oc, "sev-device", "SEV device to use"); + object_class_property_add_bool(oc, "kernel-hashes", + sev_common_get_kernel_hashes, + sev_common_set_kernel_hashes); + object_class_property_set_description(oc, "kernel-hashes", + "add kernel hashes to guest firmware for measured Linux boot"); +} + +static void +sev_common_instance_init(Object *obj) +{ + SevCommonState *sev_common = SEV_COMMON(obj); + + sev_common->kvm_type = -1; + + sev_common->sev_device = g_strdup(DEFAULT_SEV_DEVICE); + + object_property_add_uint32_ptr(obj, "cbitpos", &sev_common->cbitpos, + OBJ_PROP_FLAG_READWRITE); + object_property_add_uint32_ptr(obj, "reduced-phys-bits", + &sev_common->reduced_phys_bits, + OBJ_PROP_FLAG_READWRITE); +} + +/* sev guest info common to sev/sev-es/sev-snp */ +static const TypeInfo sev_common_info = { + .parent = TYPE_X86_CONFIDENTIAL_GUEST, + .name = TYPE_SEV_COMMON, + .instance_size = sizeof(SevCommonState), + .instance_init = sev_common_instance_init, + .class_size = sizeof(SevCommonStateClass), + .class_init = sev_common_class_init, + .abstract = true, + .interfaces = (InterfaceInfo[]) { + { TYPE_USER_CREATABLE }, + { } + } +}; + +static char * +sev_guest_get_dh_cert_file(Object *obj, Error **errp) +{ + return g_strdup(SEV_GUEST(obj)->dh_cert_file); +} + +static void +sev_guest_set_dh_cert_file(Object *obj, const char *value, Error **errp) +{ + SEV_GUEST(obj)->dh_cert_file = g_strdup(value); +} + +static char * +sev_guest_get_session_file(Object *obj, Error **errp) +{ + SevGuestState *sev_guest = SEV_GUEST(obj); + + return sev_guest->session_file ? g_strdup(sev_guest->session_file) : NULL; +} + +static void +sev_guest_set_session_file(Object *obj, const char *value, Error **errp) +{ + SEV_GUEST(obj)->session_file = g_strdup(value); +} + +static bool sev_guest_get_legacy_vm_type(Object *obj, Error **errp) +{ + return SEV_GUEST(obj)->legacy_vm_type; +} + +static void sev_guest_set_legacy_vm_type(Object *obj, bool value, Error **errp) +{ + SEV_GUEST(obj)->legacy_vm_type = value; +} + +static void +sev_guest_class_init(ObjectClass *oc, void *data) +{ object_class_property_add_str(oc, "dh-cert-file", sev_guest_get_dh_cert_file, sev_guest_set_dh_cert_file); @@ -1387,11 +1461,6 @@ sev_guest_class_init(ObjectClass *oc, void *data) sev_guest_set_session_file); object_class_property_set_description(oc, "session-file", "guest owners session parameters (encoded with base64)"); - object_class_property_add_bool(oc, "kernel-hashes", - sev_guest_get_kernel_hashes, - sev_guest_set_kernel_hashes); - object_class_property_set_description(oc, "kernel-hashes", - "add kernel hashes to guest firmware for measured Linux boot"); object_class_property_add_bool(oc, "legacy-vm-type", sev_guest_get_legacy_vm_type, sev_guest_set_legacy_vm_type); @@ -1402,41 +1471,29 @@ sev_guest_class_init(ObjectClass *oc, void *data) static void sev_guest_instance_init(Object *obj) { - SevGuestState *sev = SEV_GUEST(obj); + SevGuestState *sev_guest = SEV_GUEST(obj); - sev->kvm_type = -1; - - sev->sev_device = g_strdup(DEFAULT_SEV_DEVICE); - sev->policy = DEFAULT_GUEST_POLICY; - object_property_add_uint32_ptr(obj, "policy", &sev->policy, + sev_guest->policy = DEFAULT_GUEST_POLICY; + object_property_add_uint32_ptr(obj, "handle", &sev_guest->handle, OBJ_PROP_FLAG_READWRITE); - object_property_add_uint32_ptr(obj, "handle", &sev->handle, - OBJ_PROP_FLAG_READWRITE); - object_property_add_uint32_ptr(obj, "cbitpos", &sev->cbitpos, - OBJ_PROP_FLAG_READWRITE); - object_property_add_uint32_ptr(obj, "reduced-phys-bits", - &sev->reduced_phys_bits, + object_property_add_uint32_ptr(obj, "policy", &sev_guest->policy, OBJ_PROP_FLAG_READWRITE); object_apply_compat_props(obj); } -/* sev guest info */ +/* guest info specific sev/sev-es */ static const TypeInfo sev_guest_info = { - .parent = TYPE_X86_CONFIDENTIAL_GUEST, + .parent = TYPE_SEV_COMMON, .name = TYPE_SEV_GUEST, .instance_size = sizeof(SevGuestState), - .instance_finalize = sev_guest_finalize, - .class_init = sev_guest_class_init, .instance_init = sev_guest_instance_init, - .interfaces = (InterfaceInfo[]) { - { TYPE_USER_CREATABLE }, - { } - } + .class_init = sev_guest_class_init, }; static void sev_register_types(void) { + type_register_static(&sev_common_info); type_register_static(&sev_guest_info); } From patchwork Tue Jun 4 06:43:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684765 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5D6D9C27C52 for ; Tue, 4 Jun 2024 06:46:58 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENv3-0003cb-Rm; Tue, 04 Jun 2024 02:45:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENv1-0003RI-28 for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:15 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENuz-0007W6-5M for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483512; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9eBpKMwv8ZIHObCcWR1NvCyq4TOAmQm+iQ+YMChwrck=; b=MkYG3Wb0D53OimwVV3W5oVCymjL4E1uS4Zd7U42jue1+JAg/ET9rFnR4FzlzIvEzapB2UO m4m9gmqg7ICJaqSyBmx0C7fIWxrQNZSCweHGyVyQH8woeQL7lX6tHiHHYDXCXdDHTA1/Wn RVQgs/aFODaIrLCUKFKfQCUON9jtZ4o= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-686-Ue3BDUaDOUCyD4Q7JtO6cQ-1; Tue, 04 Jun 2024 02:45:11 -0400 X-MC-Unique: Ue3BDUaDOUCyD4Q7JtO6cQ-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-a6912c4ddb1so13735266b.1 for ; Mon, 03 Jun 2024 23:45:10 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483509; x=1718088309; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9eBpKMwv8ZIHObCcWR1NvCyq4TOAmQm+iQ+YMChwrck=; b=GFStmx6umkMwwParbRwuArcs8oXcB+BLhgED3iTbp8P76LtXAJUt/yethFHw7lDort do3SsDJIoZmjbTl8kgyfAOCX9JYuaAow/N0Js4YRizhxQZxPNpJJTtPGwDhOH01ZsMcz wNKOv9MHG60pAQ9KCiRbDLijl6i7hsu0G5Lofbwt5dMMRxLqVL3w3kTXhK0AL7Q846dZ f7QYhj605cFJZGhzfi8Pfdhn7oPbJw1F9TbR+SkI4DikbEFawQb9lH8985LZp+s7nlRy z9KPMhFPXaFxtwwXMJVqqMqGXpvpDIAr8zMQmx/+YLAIq66WnkzIKL7hxjaHeQ/aNe/7 tVeQ== X-Gm-Message-State: AOJu0Yyqpr9zge/apwBOth+YsIUKuw9H8AGBWDAE5cGShJpA5n7FHAzI G1oZraI355qdLAhDaxPPNCjfUZkz9ozzioAc3pfFHYyqhSjgHVxkQ5nHVR2nNzNQ7Y965gDQQFd /gE8sHDd9+zroLRHmXNSf9c7MdP1Il9AVDxQ9oKHQDgQ73eU1StccFMMgOWrhR9eYB5xJb3BRCN KJCPDXdvn2GDFnmvypt+FW3As2KV+PRSxR5a5B X-Received: by 2002:a17:907:830f:b0:a59:ba2b:590e with SMTP id a640c23a62f3a-a6821d64589mr532735166b.48.1717483508837; Mon, 03 Jun 2024 23:45:08 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG6fnb4LHOMoAN/4J1za5ggJwAH9edSZdn6z6CuQWbYHIormQLr3eHTJR50hLMcuLdcaAb33A== X-Received: by 2002:a17:907:830f:b0:a59:ba2b:590e with SMTP id a640c23a62f3a-a6821d64589mr532734166b.48.1717483508447; Mon, 03 Jun 2024 23:45:08 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68b59e925csm443157166b.220.2024.06.03.23.45.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:07 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Pankaj Gupta Subject: [PULL 19/45] i386/sev: Move sev_launch_update to separate class method Date: Tue, 4 Jun 2024 08:43:43 +0200 Message-ID: <20240604064409.957105-20-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Pankaj Gupta When sev-snp-guest objects are introduced there will be a number of differences in how the launch data is handled compared to the existing sev-guest object. Move sev_launch_start() to a class method to make it easier to implement SNP-specific launch update functionality later. Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-6-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 33e606eea00..b2aa0d6f99b 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -69,6 +69,8 @@ struct SevCommonState { struct SevCommonStateClass { X86ConfidentialGuestClass parent_class; + /* public */ + int (*launch_start)(SevCommonState *sev_common); }; /** @@ -632,16 +634,16 @@ sev_read_file_base64(const char *filename, guchar **data, gsize *len) } static int -sev_launch_start(SevGuestState *sev_guest) +sev_launch_start(SevCommonState *sev_common) { gsize sz; int ret = 1; int fw_error, rc; + SevGuestState *sev_guest = SEV_GUEST(sev_common); struct kvm_sev_launch_start start = { .handle = sev_guest->handle, .policy = sev_guest->policy }; guchar *session = NULL, *dh_cert = NULL; - SevCommonState *sev_common = SEV_COMMON(sev_guest); if (sev_guest->session_file) { if (sev_read_file_base64(sev_guest->session_file, &session, &sz) < 0) { @@ -862,6 +864,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) uint32_t ebx; uint32_t host_cbitpos; struct sev_user_data_status status = {}; + SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(cgs); ret = ram_block_discard_disable(true); if (ret) { @@ -952,7 +955,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) goto err; } - sev_launch_start(SEV_GUEST(sev_common)); + ret = klass->launch_start(sev_common); if (ret) { error_setg(errp, "%s: failed to create encryption context", __func__); goto err; @@ -1451,6 +1454,10 @@ static void sev_guest_set_legacy_vm_type(Object *obj, bool value, Error **errp) static void sev_guest_class_init(ObjectClass *oc, void *data) { + SevCommonStateClass *klass = SEV_COMMON_CLASS(oc); + + klass->launch_start = sev_launch_start; + object_class_property_add_str(oc, "dh-cert-file", sev_guest_get_dh_cert_file, sev_guest_set_dh_cert_file); From patchwork Tue Jun 4 06:43:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684757 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B8870C25B7E for ; Tue, 4 Jun 2024 06:45:59 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENv6-0003kg-Ow; Tue, 04 Jun 2024 02:45:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENv4-0003e8-0T for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:18 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENv2-0007WN-0M for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483515; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=igvy5MjawADq4B5bigVhVsctbwF1BmPBU2i5wDuvoNw=; b=PqhylQH+VFbscby68iNn1zZJf6f4az8WOJOmoGiNOgP5oYcLEHYgv6tttUMQ95Eq9RZY79 H5osreajzmKFPl8KK5dIArZo/m/21XwygeL1wErHBAb3IyFnazKyEoURQ+QiDPuwp05KG2 vWkBUirzMaYkXnLYlc4TkVtEqM8VbFg= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-509-gd1mdqT8On-wuXyIuVmGdA-1; Tue, 04 Jun 2024 02:45:13 -0400 X-MC-Unique: gd1mdqT8On-wuXyIuVmGdA-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-a6905050583so97003266b.0 for ; Mon, 03 Jun 2024 23:45:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483512; x=1718088312; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=igvy5MjawADq4B5bigVhVsctbwF1BmPBU2i5wDuvoNw=; b=WwWWQ3NoxQdfNW0Aar5XEDueZyJQI1PUBsTYtK9aTDwaINDefm/7dBfnPBtJ5P5dIf 6rxAuIqEg9b4Fd3cI5uUGtV4CFBkl6KvsxI/BPh8iG3xvYpRcbgqTWdD4LFQ4VcOKfaY ZntX74UgkojwcqYOKfG6Y2ghUTPB7708z/POrtUHuombP0VhDdocdJ7v9AnQien3eIGS SG6oOk4innlBWgOxu9ymffvzwvQemPJe69mMIHcqF7nGlsopw1J+S56eqVJq1JidEWbP 4CjCd7natGwmW9ut82xaJWHU71RLPQfsApwO3HpXYURCMkdSByHr3gveswTA2kVNA+r8 +CsA== X-Gm-Message-State: AOJu0Yx3OCRp05ZxGz7xb/x9cAuEjtk6C0tmF7mbctp/OquaGmbjIdOX lrTWF3ya3Qu0XH1cY8lLMY2+o3lym4J1/gAwVSPVtN55I1SqNpGdWlIVwZrYmQRkeWbK5OqVQNw W8R9Fz0oFIsY88AA4lVYSq6LsECMG27fsJSXXytglC7XuGdNxMbQdT7KfTv7fHAl5jDW9+DJtzy S4x+1670N9Lu73sF3SfU2qGDmVL5wnnAC0oki9 X-Received: by 2002:a17:906:670b:b0:a69:67e3:57e6 with SMTP id a640c23a62f3a-a6967e35b07mr29309566b.49.1717483511879; Mon, 03 Jun 2024 23:45:11 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFvvOW3MRqpYvtIdHt86T6NL8grWnMNUUd4UEAaWtrQYlS+xr2n0F69nabah24Ifu5bNckVXQ== X-Received: by 2002:a17:906:670b:b0:a69:67e3:57e6 with SMTP id a640c23a62f3a-a6967e35b07mr29308566b.49.1717483511478; Mon, 03 Jun 2024 23:45:11 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68aa93dfbdsm467308966b.196.2024.06.03.23.45.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:10 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Pankaj Gupta Subject: [PULL 20/45] i386/sev: Move sev_launch_finish to separate class method Date: Tue, 4 Jun 2024 08:43:44 +0200 Message-ID: <20240604064409.957105-21-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Pankaj Gupta When sev-snp-guest objects are introduced there will be a number of differences in how the launch finish is handled compared to the existing sev-guest object. Move sev_launch_finish() to a class method to make it easier to implement SNP-specific launch update functionality later. Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-7-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index b2aa0d6f99b..28a018ed833 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -71,6 +71,7 @@ struct SevCommonStateClass { /* public */ int (*launch_start)(SevCommonState *sev_common); + void (*launch_finish)(SevCommonState *sev_common); }; /** @@ -801,12 +802,12 @@ static Notifier sev_machine_done_notify = { }; static void -sev_launch_finish(SevGuestState *sev_guest) +sev_launch_finish(SevCommonState *sev_common) { int ret, error; trace_kvm_sev_launch_finish(); - ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_FINISH, 0, &error); if (ret) { error_report("%s: LAUNCH_FINISH ret=%d fw_error=%d '%s'", @@ -814,7 +815,7 @@ sev_launch_finish(SevGuestState *sev_guest) exit(1); } - sev_set_guest_state(SEV_COMMON(sev_guest), SEV_STATE_RUNNING); + sev_set_guest_state(sev_common, SEV_STATE_RUNNING); /* add migration blocker */ error_setg(&sev_mig_blocker, @@ -826,10 +827,11 @@ static void sev_vm_state_change(void *opaque, bool running, RunState state) { SevCommonState *sev_common = opaque; + SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(opaque); if (running) { if (!sev_check_state(sev_common, SEV_STATE_RUNNING)) { - sev_launch_finish(SEV_GUEST(sev_common)); + klass->launch_finish(sev_common); } } } @@ -1457,6 +1459,7 @@ sev_guest_class_init(ObjectClass *oc, void *data) SevCommonStateClass *klass = SEV_COMMON_CLASS(oc); klass->launch_start = sev_launch_start; + klass->launch_finish = sev_launch_finish; object_class_property_add_str(oc, "dh-cert-file", sev_guest_get_dh_cert_file, From patchwork Tue Jun 4 06:43:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684756 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 78648C27C52 for ; Tue, 4 Jun 2024 06:45:57 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENvC-00045M-2p; Tue, 04 Jun 2024 02:45:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENv9-0003zh-CP for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:23 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENv6-0007Wk-NY for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483520; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0jNCLcd504FxAEHcD8i/gKCn0CcmYGcfMu+sEXBAAJE=; b=T/ofWmX8baM4XBovCn/1rLePZanAOKBJA8c2Y3Yp6f3L/3++QyC0CrRr+i8OjtpHXP9Qp7 Qa1pxtjJiYvnYR4eq98B0jg5ErxukTYWx3WtOYy4OaIOz/ooZFi9BAaploGWafRORn5MuW ogCx4cIS5Wj3Gwi73DEKY8IW4BJOBws= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-96-S7vzXDK7O3O15ZZLj2E4KQ-1; Tue, 04 Jun 2024 02:45:16 -0400 X-MC-Unique: S7vzXDK7O3O15ZZLj2E4KQ-1 Received: by mail-ed1-f71.google.com with SMTP id 4fb4d7f45d1cf-57a22ad0d04so935789a12.3 for ; Mon, 03 Jun 2024 23:45:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483514; x=1718088314; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0jNCLcd504FxAEHcD8i/gKCn0CcmYGcfMu+sEXBAAJE=; b=ky4dDUaGRumoYxqOL9pxIFMcydLJAWzKpN6IB1Qkgj1WAVeYp9EU7Ne3ENRcVR0ucr 75eWMsUaEt2Ui7LzxOAkAGfxBL4QiS5RrxGqVjeN6QZ70w839wHPpJLdc+zt/MWN9+RT DQt9BIEb0VKu1b8YujpJ828LctIgrZ8VFfzO4uilkYqyhGteAU0NnCpvktORtVSbZWCE fu0yHrkRAv46tvIx3sxdprzyrl6FICb4BovaM2NJLkPrD/V0h/6yURGWYgJfJSmleDlk zb1r6sB2f3rcvTeB40h9dqcHcqaoZTTpUGhtgvlrXtg+0aAPYZmkBjx5WlzsfPBoB03g /Ljg== X-Gm-Message-State: AOJu0YxQAg3D39RKKUL5hch3ZAfw+CmztKk3LsPxQNjua+fbdJz5jgEI Aa5C4hgZrJt/UOXoyJQj/tUVj/3ZeydaDWUqrXw0n8Q+Saz4WPkVkYEQQevSmVwsQan1o3F+APH l1yzuuUohtidxM531FyRlAigo+0huZ2RnQ+tCiZmtyWRbqkw9JqeYSIP/1FKqWcw04hiiG4gUhd rXwG0b23g9HElPc2iBOCdH5Y1Ztfp01OYBLEwJ X-Received: by 2002:a50:d641:0:b0:573:55cc:2f50 with SMTP id 4fb4d7f45d1cf-57a36442156mr9837035a12.37.1717483514499; Mon, 03 Jun 2024 23:45:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE0CW4tVdw2yrivh33PhaW6OsP8Xv8AJKZwD4A3/mbomQkt4HSZKNaloKMkWu0A2Z8dWiay3g== X-Received: by 2002:a50:d641:0:b0:573:55cc:2f50 with SMTP id 4fb4d7f45d1cf-57a36442156mr9837016a12.37.1717483513967; Mon, 03 Jun 2024 23:45:13 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57a4f172062sm5004706a12.90.2024.06.03.23.45.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:13 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Brijesh Singh , Michael Roth , Markus Armbruster , Pankaj Gupta Subject: [PULL 21/45] i386/sev: Introduce 'sev-snp-guest' object Date: Tue, 4 Jun 2024 08:43:45 +0200 Message-ID: <20240604064409.957105-22-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Brijesh Singh SEV-SNP support relies on a different set of properties/state than the existing 'sev-guest' object. This patch introduces the 'sev-snp-guest' object, which can be used to configure an SEV-SNP guest. For example, a default-configured SEV-SNP guest with no additional information passed in for use with attestation: -object sev-snp-guest,id=sev0 or a fully-specified SEV-SNP guest where all spec-defined binary blobs are passed in as base64-encoded strings: -object sev-snp-guest,id=sev0, \ policy=0x30000, \ init-flags=0, \ id-block=YWFhYWFhYWFhYWFhYWFhCg==, \ id-auth=CxHK/OKLkXGn/KpAC7Wl1FSiisWDbGTEKz..., \ author-key-enabled=on, \ host-data=LNkCWBRC5CcdGXirbNUV1OrsR28s..., \ guest-visible-workarounds=AA==, \ See the QAPI schema updates included in this patch for more usage details. In some cases these blobs may be up to 4096 characters, but this is generally well below the default limit for linux hosts where command-line sizes are defined by the sysconf-configurable ARG_MAX value, which defaults to 2097152 characters for Ubuntu hosts, for example. Signed-off-by: Brijesh Singh Co-developed-by: Michael Roth Acked-by: Markus Armbruster (for QAPI schema) Signed-off-by: Michael Roth Co-developed-by: Pankaj Gupta Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-8-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- docs/system/i386/amd-memory-encryption.rst | 70 +++++- qapi/qom.json | 58 +++++ target/i386/sev.h | 1 + target/i386/sev.c | 253 +++++++++++++++++++++ 4 files changed, 380 insertions(+), 2 deletions(-) diff --git a/docs/system/i386/amd-memory-encryption.rst b/docs/system/i386/amd-memory-encryption.rst index e9bc142bc13..748f5094baf 100644 --- a/docs/system/i386/amd-memory-encryption.rst +++ b/docs/system/i386/amd-memory-encryption.rst @@ -25,8 +25,8 @@ support for notifying a guest's operating system when certain types of VMEXITs are about to occur. This allows the guest to selectively share information with the hypervisor to satisfy the requested function. -Launching ---------- +Launching (SEV and SEV-ES) +-------------------------- Boot images (such as bios) must be encrypted before a guest can be booted. The ``MEMORY_ENCRYPT_OP`` ioctl provides commands to encrypt the images: ``LAUNCH_START``, @@ -161,6 +161,72 @@ The value of GCTX.LD is If kernel hashes are not used, or SEV-ES is disabled, use empty blobs for ``kernel_hashes_blob`` and ``vmsas_blob`` as needed. +Launching (SEV-SNP) +------------------- +Boot images (such as bios) must be encrypted before a guest can be booted. The +``MEMORY_ENCRYPT_OP`` ioctl provides commands to encrypt the images: +``SNP_LAUNCH_START``, ``SNP_LAUNCH_UPDATE``, and ``SNP_LAUNCH_FINISH``. These +three commands communicate with SEV-SNP firmware to generate a fresh memory +encryption key for the VM, encrypt the boot images for a successful launch. For +more details on the SEV-SNP firmware interfaces used by these commands please +see the SEV-SNP Firmware ABI. + +``SNP_LAUNCH_START`` is called first to create a cryptographic launch context +within the firmware. To create this context, the guest owner must provide a +guest policy and other parameters as described in the SEV-SNP firmware +specification. The launch parameters should be specified as described in the +QAPI schema for the sev-snp-guest object. + +The ``SNP_LAUNCH_START`` uses the following parameters, which can be configured +by the corresponding parameters documented in the QAPI schema for the +'sev-snp-guest' object. + ++--------+-------+----------+-------------------------------------------------+ +| key | type | default | meaning | ++---------------------------+-------------------------------------------------+ +| policy | hex | 0x30000 | a 64-bit guest policy | ++---------------------------+-------------------------------------------------+ +| guest-visible-workarounds | string| 0 | 16-byte base64 encoded string| +| | | | for guest OS visible | +| | | | workarounds. | ++---------------------------+-------------------------------------------------+ + +``SNP_LAUNCH_UPDATE`` encrypts the memory region using the cryptographic context +created via the ``SNP_LAUNCH_START`` command. If required, this command can be +called multiple times to encrypt different memory regions. The command also +calculates the measurement of the memory contents as it encrypts. + +``SNP_LAUNCH_FINISH`` finalizes the guest launch flow. Optionally, while +finalizing the launch the firmware can perform checks on the launch digest +computing through the ``SNP_LAUNCH_UPDATE``. To perform the check the user must +supply the id block, authentication blob and host data that should be included +in the attestation report. See the SEV-SNP spec for further details. + +The ``SNP_LAUNCH_FINISH`` uses the following parameters, which can be configured +by the corresponding parameters documented in the QAPI schema for the +'sev-snp-guest' object. + ++--------------------+-------+----------+-------------------------------------+ +| key | type | default | meaning | ++--------------------+-------+----------+-------------------------------------+ +| id-block | string| none | base64 encoded ID block | ++--------------------+-------+----------+-------------------------------------+ +| id-auth | string| none | base64 encoded authentication | +| | | | information | ++--------------------+-------+----------+-------------------------------------+ +| author-key-enabled | bool | 0 | auth block contains author key | ++--------------------+-------+----------+-------------------------------------+ +| host_data | string| none | host provided data | ++--------------------+-------+----------+-------------------------------------+ + +To launch a SEV-SNP guest (additional parameters are documented in the QAPI +schema for the 'sev-snp-guest' object):: + + # ${QEMU} \ + -machine ...,confidential-guest-support=sev0 \ + -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1 + + Debugging --------- diff --git a/qapi/qom.json b/qapi/qom.json index 056b38f491b..8bd299265e3 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -929,6 +929,62 @@ '*handle': 'uint32', '*legacy-vm-type': 'bool' } } +## +# @SevSnpGuestProperties: +# +# Properties for sev-snp-guest objects. Most of these are direct +# arguments for the KVM_SNP_* interfaces documented in the Linux +# kernel source under +# Documentation/arch/x86/amd-memory-encryption.rst, which are in turn +# closely coupled with the SNP_INIT/SNP_LAUNCH_* firmware commands +# documented in the SEV-SNP Firmware ABI Specification (Rev 0.9). +# +# More usage information is also available in the QEMU source tree +# under docs/amd-memory-encryption. +# +# @policy: the 'POLICY' parameter to the SNP_LAUNCH_START command, as +# defined in the SEV-SNP firmware ABI (default: 0x30000) +# +# @guest-visible-workarounds: 16-byte, base64-encoded blob to report +# hypervisor-defined workarounds, corresponding to the 'GOSVW' +# parameter of the SNP_LAUNCH_START command defined in the SEV-SNP +# firmware ABI (default: all-zero) +# +# @id-block: 96-byte, base64-encoded blob to provide the 'ID Block' +# structure for the SNP_LAUNCH_FINISH command defined in the +# SEV-SNP firmware ABI (default: all-zero) +# +# @id-auth: 4096-byte, base64-encoded blob to provide the 'ID +# Authentication Information Structure' for the SNP_LAUNCH_FINISH +# command defined in the SEV-SNP firmware ABI (default: all-zero) +# +# @author-key-enabled: true if 'id-auth' blob contains the 'AUTHOR_KEY' +# field defined SEV-SNP firmware ABI (default: false) +# +# @host-data: 32-byte, base64-encoded, user-defined blob to provide to +# the guest, as documented for the 'HOST_DATA' parameter of the +# SNP_LAUNCH_FINISH command in the SEV-SNP firmware ABI (default: +# all-zero) +# +# @vcek-disabled: Guests are by default allowed to choose between VLEK +# (Versioned Loaded Endorsement Key) or VCEK (Versioned Chip +# Endorsement Key) when requesting attestation reports from +# firmware. Set this to true to disable the use of VCEK. +# (default: false) (since: 9.1) +# +# Since: 9.1 +## +{ 'struct': 'SevSnpGuestProperties', + 'base': 'SevCommonProperties', + 'data': { + '*policy': 'uint64', + '*guest-visible-workarounds': 'str', + '*id-block': 'str', + '*id-auth': 'str', + '*author-key-enabled': 'bool', + '*host-data': 'str', + '*vcek-disabled': 'bool' } } + ## # @ThreadContextProperties: # @@ -1007,6 +1063,7 @@ { 'name': 'secret_keyring', 'if': 'CONFIG_SECRET_KEYRING' }, 'sev-guest', + 'sev-snp-guest', 'thread-context', 's390-pv-guest', 'throttle-group', @@ -1077,6 +1134,7 @@ 'secret_keyring': { 'type': 'SecretKeyringProperties', 'if': 'CONFIG_SECRET_KEYRING' }, 'sev-guest': 'SevGuestProperties', + 'sev-snp-guest': 'SevSnpGuestProperties', 'thread-context': 'ThreadContextProperties', 'throttle-group': 'ThrottleGroupProperties', 'tls-creds-anon': 'TlsCredsAnonProperties', diff --git a/target/i386/sev.h b/target/i386/sev.h index 668374eef31..bedc667eeba 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -22,6 +22,7 @@ #define TYPE_SEV_COMMON "sev-common" #define TYPE_SEV_GUEST "sev-guest" +#define TYPE_SEV_SNP_GUEST "sev-snp-guest" #define SEV_POLICY_NODBG 0x1 #define SEV_POLICY_NOKS 0x2 diff --git a/target/i386/sev.c b/target/i386/sev.c index 28a018ed833..a81b3228d4c 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -42,6 +42,7 @@ OBJECT_DECLARE_TYPE(SevCommonState, SevCommonStateClass, SEV_COMMON) OBJECT_DECLARE_TYPE(SevGuestState, SevCommonStateClass, SEV_GUEST) +OBJECT_DECLARE_TYPE(SevSnpGuestState, SevCommonStateClass, SEV_SNP_GUEST) struct SevCommonState { X86ConfidentialGuest parent_obj; @@ -96,8 +97,22 @@ struct SevGuestState { bool legacy_vm_type; }; +struct SevSnpGuestState { + SevCommonState parent_obj; + + /* configuration parameters */ + char *guest_visible_workarounds; + char *id_block; + char *id_auth; + char *host_data; + + struct kvm_sev_snp_launch_start kvm_start_conf; + struct kvm_sev_snp_launch_finish kvm_finish_conf; +}; + #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ #define DEFAULT_SEV_DEVICE "/dev/sev" +#define DEFAULT_SEV_SNP_POLICY 0x30000 #define SEV_INFO_BLOCK_GUID "00f771de-1a7e-4fcb-890e-68c77e2fb44e" typedef struct __attribute__((__packed__)) SevInfoBlock { @@ -1500,11 +1515,249 @@ static const TypeInfo sev_guest_info = { .class_init = sev_guest_class_init, }; +static void +sev_snp_guest_get_policy(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + visit_type_uint64(v, name, + (uint64_t *)&SEV_SNP_GUEST(obj)->kvm_start_conf.policy, + errp); +} + +static void +sev_snp_guest_set_policy(Object *obj, Visitor *v, const char *name, + void *opaque, Error **errp) +{ + visit_type_uint64(v, name, + (uint64_t *)&SEV_SNP_GUEST(obj)->kvm_start_conf.policy, + errp); +} + +static char * +sev_snp_guest_get_guest_visible_workarounds(Object *obj, Error **errp) +{ + return g_strdup(SEV_SNP_GUEST(obj)->guest_visible_workarounds); +} + +static void +sev_snp_guest_set_guest_visible_workarounds(Object *obj, const char *value, + Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + struct kvm_sev_snp_launch_start *start = &sev_snp_guest->kvm_start_conf; + g_autofree guchar *blob; + gsize len; + + g_free(sev_snp_guest->guest_visible_workarounds); + + /* store the base64 str so we don't need to re-encode in getter */ + sev_snp_guest->guest_visible_workarounds = g_strdup(value); + + blob = qbase64_decode(sev_snp_guest->guest_visible_workarounds, + -1, &len, errp); + if (!blob) { + return; + } + + if (len != sizeof(start->gosvw)) { + error_setg(errp, "parameter length of %lu exceeds max of %lu", + len, sizeof(start->gosvw)); + return; + } + + memcpy(start->gosvw, blob, len); +} + +static char * +sev_snp_guest_get_id_block(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return g_strdup(sev_snp_guest->id_block); +} + +static void +sev_snp_guest_set_id_block(Object *obj, const char *value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf; + gsize len; + + g_free(sev_snp_guest->id_block); + g_free((guchar *)finish->id_block_uaddr); + + /* store the base64 str so we don't need to re-encode in getter */ + sev_snp_guest->id_block = g_strdup(value); + + finish->id_block_uaddr = + (uint64_t)qbase64_decode(sev_snp_guest->id_block, -1, &len, errp); + + if (!finish->id_block_uaddr) { + return; + } + + if (len != KVM_SEV_SNP_ID_BLOCK_SIZE) { + error_setg(errp, "parameter length of %lu not equal to %u", + len, KVM_SEV_SNP_ID_BLOCK_SIZE); + return; + } + + finish->id_block_en = (len) ? 1 : 0; +} + +static char * +sev_snp_guest_get_id_auth(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return g_strdup(sev_snp_guest->id_auth); +} + +static void +sev_snp_guest_set_id_auth(Object *obj, const char *value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf; + gsize len; + + g_free(sev_snp_guest->id_auth); + g_free((guchar *)finish->id_auth_uaddr); + + /* store the base64 str so we don't need to re-encode in getter */ + sev_snp_guest->id_auth = g_strdup(value); + + finish->id_auth_uaddr = + (uint64_t)qbase64_decode(sev_snp_guest->id_auth, -1, &len, errp); + + if (!finish->id_auth_uaddr) { + return; + } + + if (len > KVM_SEV_SNP_ID_AUTH_SIZE) { + error_setg(errp, "parameter length:ID_AUTH %lu exceeds max of %u", + len, KVM_SEV_SNP_ID_AUTH_SIZE); + return; + } +} + +static bool +sev_snp_guest_get_author_key_enabled(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return !!sev_snp_guest->kvm_finish_conf.auth_key_en; +} + +static void +sev_snp_guest_set_author_key_enabled(Object *obj, bool value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + sev_snp_guest->kvm_finish_conf.auth_key_en = value; +} + +static bool +sev_snp_guest_get_vcek_disabled(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return !!sev_snp_guest->kvm_finish_conf.vcek_disabled; +} + +static void +sev_snp_guest_set_vcek_disabled(Object *obj, bool value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + sev_snp_guest->kvm_finish_conf.vcek_disabled = value; +} + +static char * +sev_snp_guest_get_host_data(Object *obj, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + return g_strdup(sev_snp_guest->host_data); +} + +static void +sev_snp_guest_set_host_data(Object *obj, const char *value, Error **errp) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + struct kvm_sev_snp_launch_finish *finish = &sev_snp_guest->kvm_finish_conf; + g_autofree guchar *blob; + gsize len; + + g_free(sev_snp_guest->host_data); + + /* store the base64 str so we don't need to re-encode in getter */ + sev_snp_guest->host_data = g_strdup(value); + + blob = qbase64_decode(sev_snp_guest->host_data, -1, &len, errp); + + if (!blob) { + return; + } + + if (len != sizeof(finish->host_data)) { + error_setg(errp, "parameter length of %lu not equal to %lu", + len, sizeof(finish->host_data)); + return; + } + + memcpy(finish->host_data, blob, len); +} + +static void +sev_snp_guest_class_init(ObjectClass *oc, void *data) +{ + object_class_property_add(oc, "policy", "uint64", + sev_snp_guest_get_policy, + sev_snp_guest_set_policy, NULL, NULL); + object_class_property_add_str(oc, "guest-visible-workarounds", + sev_snp_guest_get_guest_visible_workarounds, + sev_snp_guest_set_guest_visible_workarounds); + object_class_property_add_str(oc, "id-block", + sev_snp_guest_get_id_block, + sev_snp_guest_set_id_block); + object_class_property_add_str(oc, "id-auth", + sev_snp_guest_get_id_auth, + sev_snp_guest_set_id_auth); + object_class_property_add_bool(oc, "author-key-enabled", + sev_snp_guest_get_author_key_enabled, + sev_snp_guest_set_author_key_enabled); + object_class_property_add_bool(oc, "vcek-required", + sev_snp_guest_get_vcek_disabled, + sev_snp_guest_set_vcek_disabled); + object_class_property_add_str(oc, "host-data", + sev_snp_guest_get_host_data, + sev_snp_guest_set_host_data); +} + +static void +sev_snp_guest_instance_init(Object *obj) +{ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + + /* default init/start/finish params for kvm */ + sev_snp_guest->kvm_start_conf.policy = DEFAULT_SEV_SNP_POLICY; +} + +/* guest info specific to sev-snp */ +static const TypeInfo sev_snp_guest_info = { + .parent = TYPE_SEV_COMMON, + .name = TYPE_SEV_SNP_GUEST, + .instance_size = sizeof(SevSnpGuestState), + .class_init = sev_snp_guest_class_init, + .instance_init = sev_snp_guest_instance_init, +}; + static void sev_register_types(void) { type_register_static(&sev_common_info); type_register_static(&sev_guest_info); + type_register_static(&sev_snp_guest_info); } type_init(sev_register_types); From patchwork Tue Jun 4 06:43:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684774 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5DAEAC25B7E for ; Tue, 4 Jun 2024 06:48:57 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENva-0004FE-3P; Tue, 04 Jun 2024 02:45:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvB-00045j-GY for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:25 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvA-0007XL-0m for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483523; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=tsVpLdbmx/uPeSaF81fFP7gyNO79Fr2K1Tb3dOWWZos=; b=dN1GTR9nQutqHib0rsmxfMLu8LIPCigmZ4R4V6H7jIqO4Uhv8ZHDfj1DNQQpbLtaG1ig02 D7kcvysblljQ0hbn2vkU/3ckxsieyR3xZtcyFWR+kXX7BHQBae/apvygSWCWtHecmVFrTy CqGSRbKinTi2bCsUTKxtaCE3lX49/OI= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-474-8KReu0TsMMqUrVI9AYnB8w-1; Tue, 04 Jun 2024 02:45:19 -0400 X-MC-Unique: 8KReu0TsMMqUrVI9AYnB8w-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-a68b41fb17cso228170966b.0 for ; Mon, 03 Jun 2024 23:45:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483517; x=1718088317; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tsVpLdbmx/uPeSaF81fFP7gyNO79Fr2K1Tb3dOWWZos=; b=V5lyU/uUFw/XgZB9N6xnAlI3ODc9uY6lhR8e0/qRSKK6jyKQovvWoMDbyktYl27niV W2acO68bxSDiBO7Vu74QOyKG6iRv2Xg6C7id4S4KIpFO/+Mz8M2S+hdX5hoOe6QzigbO lcwYwxn+elturguypuUhpLYnnXxSpIOxDhBYvnQc6i2VsvOJmkuDCbROnxJy0//F94iC NT9WQBMT8XnAbdomsNqcjqha+9+996DeZs6eFfsNlT3oPsvNvhMvzhIjpQZjFXQW3Tak Kt92SLhCRv6SAw4Mm/YYz1nAp6RpvRdchz/tZbznVJjvHtJmAWJn6NpJlpkQLUuXP47z 0gMw== X-Gm-Message-State: AOJu0YwTJfiQ1HgAx/9Jrduzqt2YYZ4D/AqPRHYiIwQVrbVj63qIr9d9 ZkStBeVFIqbYhm71L1gz+Ewb0Olw504mcDc+Mj2f7bARkhEo13BigquyK64S/c2DgXTOhLBxk+/ cxXJejihk9cbL5N9iypgqNDbaU1ptPKrrl19GFBhbmWdmAGepcOYOhnDNM+8eec/umIzV/snTNX SmPs8upCcrUrpYJs5TeFLs8yAViPjsR7Jf/gS0 X-Received: by 2002:a17:906:16d2:b0:a68:b5ea:171c with SMTP id a640c23a62f3a-a69542a0f0bmr128002766b.16.1717483517574; Mon, 03 Jun 2024 23:45:17 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHCkyL+1eb4HhYrUjYTM1c6MEz6bRO5hWqWuOjWTRHopjBThP9l2GzNsYdZE3xRqAfvLdGQ8w== X-Received: by 2002:a17:906:16d2:b0:a68:b5ea:171c with SMTP id a640c23a62f3a-a69542a0f0bmr128001066b.16.1717483517210; Mon, 03 Jun 2024 23:45:17 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68ed879eacsm351732466b.99.2024.06.03.23.45.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:16 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Michael Roth , Pankaj Gupta Subject: [PULL 22/45] i386/sev: Add a sev_snp_enabled() helper Date: Tue, 4 Jun 2024 08:43:46 +0200 Message-ID: <20240604064409.957105-23-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Michael Roth Add a simple helper to check if the current guest type is SNP. Also have SNP-enabled imply that SEV-ES is enabled as well, and fix up any places where the sev_es_enabled() check is expecting a pure/non-SNP guest. Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-9-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.h | 2 ++ target/i386/sev.c | 13 ++++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.h b/target/i386/sev.h index bedc667eeba..94295ee74f7 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -45,9 +45,11 @@ typedef struct SevKernelLoaderContext { #ifdef CONFIG_SEV bool sev_enabled(void); bool sev_es_enabled(void); +bool sev_snp_enabled(void); #else #define sev_enabled() 0 #define sev_es_enabled() 0 +#define sev_snp_enabled() 0 #endif uint32_t sev_get_cbit_position(void); diff --git a/target/i386/sev.c b/target/i386/sev.c index a81b3228d4c..4edfedc1393 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -325,12 +325,21 @@ sev_enabled(void) return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_COMMON); } +bool +sev_snp_enabled(void) +{ + ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; + + return !!object_dynamic_cast(OBJECT(cgs), TYPE_SEV_SNP_GUEST); +} + bool sev_es_enabled(void) { ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; - return sev_enabled() && (SEV_GUEST(cgs)->policy & SEV_POLICY_ES); + return sev_snp_enabled() || + (sev_enabled() && SEV_GUEST(cgs)->policy & SEV_POLICY_ES); } uint32_t @@ -946,7 +955,9 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) "support", __func__); goto err; } + } + if (sev_es_enabled() && !sev_snp_enabled()) { if (!(status.flags & SEV_STATUS_FLAGS_CONFIG_ES)) { error_setg(errp, "%s: guest policy requires SEV-ES, but " "host SEV-ES support unavailable", From patchwork Tue Jun 4 06:43:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684767 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9437FC25B7E for ; Tue, 4 Jun 2024 06:47:09 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENwR-0005OB-JT; Tue, 04 Jun 2024 02:46:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvF-0004DI-4L for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:34 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvC-0007Z5-KL for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:28 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483526; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=F96vCbKTWnHFnpkB8xUgBzHfJZX2/SvjrcR+hO1orlo=; b=JXftRmf+aGqpgUnVv40/gsFaovAqANGa1BgZDoyzgMVgOj6SO2HVOx5SgA4aLt/zVqVOS/ vczNONHd5h5NzRbwmIG0iy2IyVOA0x+tkOxUpWW5GVydOiOYCJDof+1kWUSrHuFLWD8SX4 jPMvqgzLts5MdEip1bwur0GwNwt/ylA= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-408-2GeEnBhqNMi46ifBKUlfRQ-1; Tue, 04 Jun 2024 02:45:22 -0400 X-MC-Unique: 2GeEnBhqNMi46ifBKUlfRQ-1 Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-35e0f069ad4so2754335f8f.1 for ; Mon, 03 Jun 2024 23:45:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483521; x=1718088321; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=F96vCbKTWnHFnpkB8xUgBzHfJZX2/SvjrcR+hO1orlo=; b=xFqavJWIra4ez7UQE+OO0U5pXknE/01sj5OKxpPXBubpZUD6feLN6gOC5yht8gHTEY 1qoliR9XDZ9/MAJKaboRMZjNYB2crIdxtyAuYhcDkbFyHoN3+7ADnbevQet8WMP3JBuw uqZgfaeQeLFYaz3k2azZPxfuP0+QpxpK53WQBEKfZTxlfurhJMYFy3WaOm5jmXzHkwd1 OCU+r/+2FmDsJ1eM14SEtcJsruhBCZMgrUkaDzfxfWx0x/evvJNEKokL7wfK6qU96StT axkm4EH4qv+J2VtrN6yabfKnzqm3fXcAwLgq+OV9UZYMLiyNJJ+GZaf/tzwfdBFFroHS 5gXQ== X-Gm-Message-State: AOJu0Yzx+evnoTaUIgUh5fk+4vqHPaDxxeMN71RglZec7cDxIpDcBi6c AAJ0PB+MWsT6CE6r4/dcZH9UsOPor5ycSruI3yfoNr0PLcx1ASNZk8cnjIEah9BdV0M9+xmIGdk 0E18DGKu5mZJJiqGYwCrW9bdoHLrckeqPMzQ2YaiGAFBKWk9utnSamDCk1HjIXbQimgCN76hFV4 cX3IU7PuD/sAo7/AqUEB/esU+6VXYxdu33R9gt X-Received: by 2002:adf:f844:0:b0:354:fab6:3103 with SMTP id ffacd0b85a97d-35e0f34ebebmr8760554f8f.60.1717483520702; Mon, 03 Jun 2024 23:45:20 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGUwn/JZmwBYGE4+tw/lc6TDBi0VNxTnTrCcNJXup/KqBrUzvnwfgc7uTZYI60m80WxJrjQJw== X-Received: by 2002:adf:f844:0:b0:354:fab6:3103 with SMTP id ffacd0b85a97d-35e0f34ebebmr8760528f8f.60.1717483520195; Mon, 03 Jun 2024 23:45:20 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a67eb3444bfsm579142366b.201.2024.06.03.23.45.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:19 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Pankaj Gupta , Michael Roth Subject: [PULL 23/45] i386/sev: Add sev_kvm_init() override for SEV class Date: Tue, 4 Jun 2024 08:43:47 +0200 Message-ID: <20240604064409.957105-24-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Pankaj Gupta Some aspects of the init routine SEV are specific to SEV and not applicable for SNP guests, so move the SEV-specific bits into separate class method and retain only the common functionality. Co-developed-by: Michael Roth Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-10-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 72 +++++++++++++++++++++++++++++++++-------------- 1 file changed, 51 insertions(+), 21 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 4edfedc1393..5519de1c6b2 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -73,6 +73,7 @@ struct SevCommonStateClass { /* public */ int (*launch_start)(SevCommonState *sev_common); void (*launch_finish)(SevCommonState *sev_common); + int (*kvm_init)(ConfidentialGuestSupport *cgs, Error **errp); }; /** @@ -882,7 +883,7 @@ out: return sev_common->kvm_type; } -static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) +static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { SevCommonState *sev_common = SEV_COMMON(cgs); char *devname; @@ -892,12 +893,6 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) struct sev_user_data_status status = {}; SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(cgs); - ret = ram_block_discard_disable(true); - if (ret) { - error_report("%s: cannot disable RAM discard", __func__); - return -1; - } - sev_common->state = SEV_STATE_UNINIT; host_cpuid(0x8000001F, 0, NULL, &ebx, NULL, NULL); @@ -911,7 +906,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) if (host_cbitpos != sev_common->cbitpos) { error_setg(errp, "%s: cbitpos check failed, host '%d' requested '%d'", __func__, host_cbitpos, sev_common->cbitpos); - goto err; + return -1; } /* @@ -924,7 +919,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) error_setg(errp, "%s: reduced_phys_bits check failed," " it should be in the range of 1 to 63, requested '%d'", __func__, sev_common->reduced_phys_bits); - goto err; + return -1; } devname = object_property_get_str(OBJECT(sev_common), "sev-device", NULL); @@ -933,7 +928,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) error_setg(errp, "%s: Failed to open %s '%s'", __func__, devname, strerror(errno)); g_free(devname); - goto err; + return -1; } g_free(devname); @@ -943,7 +938,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) error_setg(errp, "%s: failed to get platform status ret=%d " "fw_error='%d: %s'", __func__, ret, fw_error, fw_error_to_str(fw_error)); - goto err; + return -1; } sev_common->build_id = status.build; sev_common->api_major = status.api_major; @@ -953,7 +948,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) if (!kvm_kernel_irqchip_allowed()) { error_setg(errp, "%s: SEV-ES guests require in-kernel irqchip" "support", __func__); - goto err; + return -1; } } @@ -962,7 +957,7 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) error_setg(errp, "%s: guest policy requires SEV-ES, but " "host SEV-ES support unavailable", __func__); - goto err; + return -1; } } @@ -980,25 +975,59 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) if (ret) { error_setg(errp, "%s: failed to initialize ret=%d fw_error=%d '%s'", __func__, ret, fw_error, fw_error_to_str(fw_error)); - goto err; + return -1; } ret = klass->launch_start(sev_common); if (ret) { error_setg(errp, "%s: failed to create encryption context", __func__); - goto err; + return -1; + } + + if (klass->kvm_init && klass->kvm_init(cgs, errp)) { + return -1; } - ram_block_notifier_add(&sev_ram_notifier); - qemu_add_machine_init_done_notifier(&sev_machine_done_notify); qemu_add_vm_change_state_handler(sev_vm_state_change, sev_common); cgs->ready = true; return 0; -err: - ram_block_discard_disable(false); - return -1; +} + +static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) +{ + int ret; + + /* + * SEV/SEV-ES rely on pinned memory to back guest RAM so discarding + * isn't actually possible. With SNP, only guest_memfd pages are used + * for private guest memory, so discarding of shared memory is still + * possible.. + */ + ret = ram_block_discard_disable(true); + if (ret) { + error_setg(errp, "%s: cannot disable RAM discard", __func__); + return -1; + } + + /* + * SEV uses these notifiers to register/pin pages prior to guest use, + * but SNP relies on guest_memfd for private pages, which has its + * own internal mechanisms for registering/pinning private memory. + */ + ram_block_notifier_add(&sev_ram_notifier); + + /* + * The machine done notify event is used for SEV guests to get the + * measurement of the encrypted images. When SEV-SNP is enabled, the + * measurement is part of the guest attestation process where it can + * be collected without any reliance on the VMM. So skip registering + * the notifier for SNP in favor of using guest attestation instead. + */ + qemu_add_machine_init_done_notifier(&sev_machine_done_notify); + + return 0; } int @@ -1397,7 +1426,7 @@ sev_common_class_init(ObjectClass *oc, void *data) ConfidentialGuestSupportClass *klass = CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc); X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); - klass->kvm_init = sev_kvm_init; + klass->kvm_init = sev_common_kvm_init; x86_klass->kvm_type = sev_kvm_type; object_class_property_add_str(oc, "sev-device", @@ -1486,6 +1515,7 @@ sev_guest_class_init(ObjectClass *oc, void *data) klass->launch_start = sev_launch_start; klass->launch_finish = sev_launch_finish; + klass->kvm_init = sev_kvm_init; object_class_property_add_str(oc, "dh-cert-file", sev_guest_get_dh_cert_file, From patchwork Tue Jun 4 06:43:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684766 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id BE9CFC25B7E for ; Tue, 4 Jun 2024 06:47:02 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENw9-00050E-IC; Tue, 04 Jun 2024 02:46:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvH-0004Dg-QQ for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:35 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvE-0007ZF-Uk for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483527; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GA/y1DfJBKS/73xmbANVgak1mNgSJBh5Ul2xMCcB2+g=; b=NpfkNyK0qyl6o+OWXxgTPzVratYw6zFlDWxDSiBLRWv90UMuSW8gsGc43DyFxlpfuakxaI 2hHDKQ0lB+tcXkzZq4VCoP1Q4Fgb5wKck3krxxNtxJKbl7swudG8qbwXULVcQlTRfn2pIG mVE8WOLJb5My8jsiaEDWcxOzjwlLtFU= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-130--a3WzyhcPp2vnlZVXKd3Pg-1; Tue, 04 Jun 2024 02:45:25 -0400 X-MC-Unique: -a3WzyhcPp2vnlZVXKd3Pg-1 Received: by mail-ed1-f69.google.com with SMTP id 4fb4d7f45d1cf-57a50752cd2so2136300a12.0 for ; Mon, 03 Jun 2024 23:45:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483523; x=1718088323; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GA/y1DfJBKS/73xmbANVgak1mNgSJBh5Ul2xMCcB2+g=; b=tStHYDwE+dnCqGbSZ2CbfSvGaKruCxJujGy0aiyt2UnWDRi/PfkAH+aS0QKtHPbq5Y lvlsFMAbbTRnmf/s8txJX2F3fLWyrK0S34lCKCLbzN2+HGljjX4bXxiEovNR/JP9vxCW l1dUbnBKCI7Lv8B6bPT+hXP5b7ATQlxSN1Z6VOLXuMFNzRiM4NRDOLTMM/b0m5m1CwMN lB2mPjTEczitgL2oTUIs9sAQ61iSyZv7JmgRzAXFxbgbivsz89OnrL5MuW7kMMkRA3Ci rUtQpOyP13UNpAv5Ne4RKXNLQHtLvruUsCZ7EbXMX0LaZe3DUYpxiSX0x87REMrMoUzH t95w== X-Gm-Message-State: AOJu0YwyWG3CfWZViVFVhznuOE6H8GkwkbiirW20+erJNvQYInQdkuzn VHF5WWAzQnud875V5ceaHdDX51GT19+7Bwtbsqh3PTItZIl4m/3z57xF6TDekqPGm8tpK5kOEZ1 tDGviEsOozUhz3/kTTYjKhxcY6W7Be8EdGBfxbihF6p02HXyFIOQ+UxQ24pmwsqG/rTMlVQpevv yPsxnZ8NyaGFtD0ByzKq7SBa6uymASMi4Fk5fB X-Received: by 2002:a50:c342:0:b0:57a:27e8:deb with SMTP id 4fb4d7f45d1cf-57a7a6cb931mr1197299a12.12.1717483523330; Mon, 03 Jun 2024 23:45:23 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEWf0N3cqQxPlLvmtGV2qSglFItVfTZbCr13g4iaCwITCG7HCv+qeJAvA9Ut3biBSuyBP7e7Q== X-Received: by 2002:a50:c342:0:b0:57a:27e8:deb with SMTP id 4fb4d7f45d1cf-57a7a6cb931mr1197282a12.12.1717483522711; Mon, 03 Jun 2024 23:45:22 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57a31c9c16fsm6803084a12.88.2024.06.03.23.45.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:22 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Pankaj Gupta , Michael Roth Subject: [PULL 24/45] i386/sev: Add snp_kvm_init() override for SNP class Date: Tue, 4 Jun 2024 08:43:48 +0200 Message-ID: <20240604064409.957105-25-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Pankaj Gupta SNP does not support SMM and requires guest_memfd for private guest memory, so add SNP specific kvm_init() functionality in snp_kvm_init() class method. Signed-off-by: Michael Roth Co-developed-by: Pankaj Gupta Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-11-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 5519de1c6b2..6525b3c1a0e 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -885,12 +885,12 @@ out: static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { - SevCommonState *sev_common = SEV_COMMON(cgs); char *devname; int ret, fw_error, cmd; uint32_t ebx; uint32_t host_cbitpos; struct sev_user_data_status status = {}; + SevCommonState *sev_common = SEV_COMMON(cgs); SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(cgs); sev_common->state = SEV_STATE_UNINIT; @@ -1030,6 +1030,21 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) return 0; } +static int sev_snp_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) +{ + MachineState *ms = MACHINE(qdev_get_machine()); + X86MachineState *x86ms = X86_MACHINE(ms); + + if (x86ms->smm == ON_OFF_AUTO_AUTO) { + x86ms->smm = ON_OFF_AUTO_OFF; + } else if (x86ms->smm == ON_OFF_AUTO_ON) { + error_setg(errp, "SEV-SNP does not support SMM."); + return -1; + } + + return 0; +} + int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) { @@ -1752,6 +1767,10 @@ sev_snp_guest_set_host_data(Object *obj, const char *value, Error **errp) static void sev_snp_guest_class_init(ObjectClass *oc, void *data) { + SevCommonStateClass *klass = SEV_COMMON_CLASS(oc); + + klass->kvm_init = sev_snp_kvm_init; + object_class_property_add(oc, "policy", "uint64", sev_snp_guest_get_policy, sev_snp_guest_set_policy, NULL, NULL); @@ -1778,8 +1797,11 @@ sev_snp_guest_class_init(ObjectClass *oc, void *data) static void sev_snp_guest_instance_init(Object *obj) { + ConfidentialGuestSupport *cgs = CONFIDENTIAL_GUEST_SUPPORT(obj); SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(obj); + cgs->require_guest_memfd = true; + /* default init/start/finish params for kvm */ sev_snp_guest->kvm_start_conf.policy = DEFAULT_SEV_SNP_POLICY; } From patchwork Tue Jun 4 06:43:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684785 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 898B0C25B7E for ; Tue, 4 Jun 2024 06:49:58 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENwe-0005xS-Df; Tue, 04 Jun 2024 02:46:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvK-0004Ed-IQ for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:39 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvG-0007ZQ-A5 for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483528; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cRhGc1/va0BMldmkMOF8FLn+sf/je1bF2hCX4br1ZJY=; b=awAIjqrHHgbSHotFqRIO46/z3SVaADlO8LBNZQvKG+L8iOeJOqUxpU4deoQZ++fItxvc6v eZYjfhOuhmK++2ODmzIb4c9vbrra9aWHNv3YwwfivTt7GkCR34zebbinV6xSCzerN3d6ia HFQQZNL7T5IHqc03k4x6ZWk126stw4M= Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-180-nE3Mse_9Nou50Om3tSAONg-1; Tue, 04 Jun 2024 02:45:27 -0400 X-MC-Unique: nE3Mse_9Nou50Om3tSAONg-1 Received: by mail-ed1-f72.google.com with SMTP id 4fb4d7f45d1cf-5785176c796so2507501a12.3 for ; Mon, 03 Jun 2024 23:45:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483526; x=1718088326; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cRhGc1/va0BMldmkMOF8FLn+sf/je1bF2hCX4br1ZJY=; b=iL3accBQYm7VfjJ+gJOe8KPD1ofB/K1kOJr58ih9bvCm4kjNN2ufw7hnafi6e/p46d mzCwnt/48N5iEk0QMKZrzdfGDXqynskpXMAV+Qsz1I19CFD3ivsbvu8SavG9UrGYWZTb nUtOn6MHTjL78tEFmal3QXUdg4zk2RD+DhXfPv98BN8zCxwk4Hi+mh3xcFmgCFSA44RP Oo2moWFReZvC+HkbgBd65nppkYr//wYXyO6YCIgsLEIksuliAl1miVquNDPJzqn5gVB4 PUQ2pT6ImFM6iqQSC6BnkBW1rO7FkprphDmLgWdKnmjcQidj1Xl0BFippzT7q3+iUhFm qDaA== X-Gm-Message-State: AOJu0YxoY89m42q9J6aWnepFfeOovfAqgsYKXGyaHc7DUq/QF1JjFXcL COGAVeBBJYfkf43H5EswzVq5NOvbtaUOl8qG7HU5XdSNkMC2UqcRxv7ectUCeIc3jHd7lf9k2Ra hIbvgfcYKkwCIXKSjGVB3RIm60nNE923NNL2RV+XliXXhe+Iek1IaA9rUfzOvmJryo8r+Po0DsL QJMVDXZ7ENqBc1mEJA5hfFU0hOn0Ahhb3By07Y X-Received: by 2002:a50:bb03:0:b0:57a:1c44:581c with SMTP id 4fb4d7f45d1cf-57a84cb3b01mr296823a12.32.1717483525940; Mon, 03 Jun 2024 23:45:25 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGugWw5niIMHRfoA3JtZEatt3gMCB9XyYuhB0Jd7BN7brHFsX9r/9YrtVGC3PRalegtJwIZKA== X-Received: by 2002:a50:bb03:0:b0:57a:1c44:581c with SMTP id 4fb4d7f45d1cf-57a84cb3b01mr296804a12.32.1717483525379; Mon, 03 Jun 2024 23:45:25 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57a31be7c04sm6829600a12.58.2024.06.03.23.45.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:25 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Michael Roth , Pankaj Gupta Subject: [PULL 25/45] i386/cpu: Set SEV-SNP CPUID bit when SNP enabled Date: Tue, 4 Jun 2024 08:43:49 +0200 Message-ID: <20240604064409.957105-26-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Michael Roth SNP guests will rely on this bit to determine certain feature support. Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-12-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/cpu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index bc2dceb647f..914bef442c7 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -6979,6 +6979,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, if (sev_enabled()) { *eax = 0x2; *eax |= sev_es_enabled() ? 0x8 : 0; + *eax |= sev_snp_enabled() ? 0x10 : 0; *ebx = sev_get_cbit_position() & 0x3f; /* EBX[5:0] */ *ebx |= (sev_get_reduced_phys_bits() & 0x3f) << 6; /* EBX[11:6] */ } From patchwork Tue Jun 4 06:43:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684777 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 18C3DC27C53 for ; Tue, 4 Jun 2024 06:48:58 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENwV-0005XQ-PQ; Tue, 04 Jun 2024 02:46:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvL-0004Ei-RH for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:41 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvK-0007Zu-CF for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483532; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=P3zBoQP1hiY+/+l3optnBxCNybf1DH1hAS8jMLWIU5Q=; b=Xo8mvFc8i+b1xI+Wufgc6oynk6GOYuPk3VRb81qpTqxCihr4B2Fvc3Eiotj5hJWYVO2UeY rLkqX3XIc6pX/GUtDtJ1IZ2EEfD9yogGxJFxdN1uhvGx65/ayMwDw5qlm6/LgDR7EVxIWJ yr7eWbphhsa4nE4NAzgXfCTEb/OQ11o= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-619-Ap-Mm33eMHSU1TcASXvIpg-1; Tue, 04 Jun 2024 02:45:29 -0400 X-MC-Unique: Ap-Mm33eMHSU1TcASXvIpg-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-a68ee264225so92329066b.1 for ; Mon, 03 Jun 2024 23:45:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483528; x=1718088328; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=P3zBoQP1hiY+/+l3optnBxCNybf1DH1hAS8jMLWIU5Q=; b=mneN0t22bo2F3Cz3/wGUEFIA8/mzkIxPG7z6K1DDxHQGwAsN8zLHXonbyhuikcbOGu v+XhTnk8R3OtM7fN7/kAkB0g3NhOhrkWuvzWtF6Pa90prVE3/EqQ1PhOkGyYnHvcOhrt mk7xdG+eKLVI1TtSLhdNhgXoWQ2tREylkSkqN8bz4EBsUZDodWPk9GzBhiQvZnyKVUG1 MUlghJL/ZOQKHRRBi433lNppxoLaEzMumV9yF2AGgpq2pH+V4pXyWwNRUmom34Rsq+lb 8rLlJ4SBgqkKYnYSl/PY24fMgix3tR44m2imyOQSZr0cischUX4JoJ9eb7iuQpXqTAC6 cqIw== X-Gm-Message-State: AOJu0YxGOoXeFBJ9hTyH/m8+LWd7wn1YAIMsXNaNz21lsDOSyJa0bBkX BsKwxX46BGARtMW+GqStM3S7FCa5rRG4YKHQpghlDz5LeP0VAJ4/uOtu/JrJu5xlzqy1ql5YfIR zUkkr0wqUCwlKpBJpd5VuCksw0S0D3oQAy4S7QqcX3d2pDPNUGVSuKrZ1B6wtYpZgYU4s+TTWUR r8/oYxxizEVJ/5O1zndpvXooYkXv3j2qBzZDxv X-Received: by 2002:a17:907:9046:b0:a68:413b:36f1 with SMTP id a640c23a62f3a-a68413b3739mr676303466b.32.1717483528252; Mon, 03 Jun 2024 23:45:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGI3Uhjh83MQCKuTSMBdkT288C9oJxw+fB58J2xHQ/WKBJTbyCNsZGlsyGZtr9xP/Rch0WVyw== X-Received: by 2002:a17:907:9046:b0:a68:413b:36f1 with SMTP id a640c23a62f3a-a68413b3739mr676301966b.32.1717483527859; Mon, 03 Jun 2024 23:45:27 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68ca4d6570sm401527466b.28.2024.06.03.23.45.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:27 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Michael Roth , Pankaj Gupta Subject: [PULL 26/45] i386/sev: Don't return launch measurements for SEV-SNP guests Date: Tue, 4 Jun 2024 08:43:50 +0200 Message-ID: <20240604064409.957105-27-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Michael Roth For SEV-SNP guests, launch measurement is queried from within the guest during attestation, so don't attempt to return it as part of query-sev-launch-measure. Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-13-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 6525b3c1a0e..c3daaf1ad50 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -795,7 +795,9 @@ sev_launch_get_measure(Notifier *notifier, void *unused) static char *sev_get_launch_measurement(void) { - SevGuestState *sev_guest = SEV_GUEST(MACHINE(qdev_get_machine())->cgs); + ConfidentialGuestSupport *cgs = MACHINE(qdev_get_machine())->cgs; + SevGuestState *sev_guest = + (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUEST); if (sev_guest && SEV_COMMON(sev_guest)->state >= SEV_STATE_LAUNCH_SECRET) { From patchwork Tue Jun 4 06:43:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684789 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 14C69C27C53 for ; Tue, 4 Jun 2024 06:50:15 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENw5-0004jw-CD; Tue, 04 Jun 2024 02:46:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvL-0004Ej-Sg for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:40 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvK-0007Zz-Br for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483533; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0FtFMf2zANvlKiTEbIODyYK7bqgLhlm5mAbr7EpnP2A=; b=Pstwc3t9lNnCltjTd4OonCrjSKvGry2sc1N4KLAlH8V2krNKF8UgUfjL1BWMbpGwW5Qe+W ADrCRxnRrjFMga8prUx4ir0Gp7ZguCsW8c1/gvQzt5E2n9tgJM8YzVzdNP9DEy4X+9ItC5 7lr7Kh/sAjzQgqEBWWrzw6rWBU5Uk8M= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-554-K7ukP_CROt2LP7PMTRJSmQ-1; Tue, 04 Jun 2024 02:45:32 -0400 X-MC-Unique: K7ukP_CROt2LP7PMTRJSmQ-1 Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-57a52cb6d86so322250a12.1 for ; Mon, 03 Jun 2024 23:45:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483530; x=1718088330; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0FtFMf2zANvlKiTEbIODyYK7bqgLhlm5mAbr7EpnP2A=; b=q3O3XeP3W/HtfaAP7KNxHlXCscnqOeAXjUmYGfvsT8A8Yd3fwXkr09NwG5+VZaJsMP WlLaopGFqq0pdf3goc9iXyD1JaKcUvt/mioF202vtuzozGku1gtJq8bsThAW5DZxtec4 jU7c5DjvrCK+AaoxYYgHt3Qo5YZLOMW/s/5FHYtQmZwXYvl2LcfgsjoKfPN7DlnR46tK ycnErNzrgE3vfUWyAratWILMKb/unw0uBXcpA+ZjnueIK6MEN41eZJgCbp5p6fQYFi9k qfWBqKHYJCjMuZ4QfIeVt7xYXFOqsy49zzjsJy2Xt5Wl+ERIWMy89pBSpd8EDMf+Z3Xj wo0g== X-Gm-Message-State: AOJu0Yx3nR+1vPjCePjYUzUQfm5fpbfNvOT2b7vwQgc4ef6YFW6lLI3M cFFhNmiw56CGxYYSgKtHiNcpbQFE2hZeGnjorRhScsoVZPq21okkoeFdOtGA9zvtMDiQZ3XToGC WSGWqJ9Yp6n1WdfLLt/K/j097vnW61SH/OqO0PTJhnKa6vbAkvubtEyv+ity4ussNIq+vXxRJbd qfvXJvMFlnfXCa09ko6ocZypNLDupAy8TlVXMl X-Received: by 2002:a50:9518:0:b0:57a:2e93:fe80 with SMTP id 4fb4d7f45d1cf-57a3638e699mr7020937a12.18.1717483530586; Mon, 03 Jun 2024 23:45:30 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF/5eN0Z+DGTyDA5aNfx90+JeVLPhJxYdd7KlNFaCh06wnI+vLaZaRs/ET5eaU009pBeBEIQQ== X-Received: by 2002:a50:9518:0:b0:57a:2e93:fe80 with SMTP id 4fb4d7f45d1cf-57a3638e699mr7020927a12.18.1717483530293; Mon, 03 Jun 2024 23:45:30 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57a52f5cbd3sm4484351a12.12.2024.06.03.23.45.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:29 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Pankaj Gupta Subject: [PULL 27/45] i386/sev: Add a class method to determine KVM VM type for SNP guests Date: Tue, 4 Jun 2024 08:43:51 +0200 Message-ID: <20240604064409.957105-28-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org SEV guests can use either KVM_X86_DEFAULT_VM, KVM_X86_SEV_VM, or KVM_X86_SEV_ES_VM depending on the configuration and what the host kernel supports. SNP guests on the other hand can only ever use KVM_X86_SNP_VM, so split determination of VM type out into a separate class method that can be set accordingly for sev-guest vs. sev-snp-guest objects and add handling for SNP. Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-14-pankaj.gupta@amd.com> [Remove unnecessary function pointer declaration. - Paolo] Signed-off-by: Paolo Bonzini --- target/i386/kvm/kvm.c | 1 + target/i386/sev.c | 15 ++++++++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 6c864e4611f..23a003aaa7e 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -167,6 +167,7 @@ static const char *vm_type_name[] = { [KVM_X86_DEFAULT_VM] = "default", [KVM_X86_SEV_VM] = "SEV", [KVM_X86_SEV_ES_VM] = "SEV-ES", + [KVM_X86_SNP_VM] = "SEV-SNP", }; bool kvm_is_vm_type_supported(int type) diff --git a/target/i386/sev.c b/target/i386/sev.c index c3daaf1ad50..072cc4f8530 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -885,6 +885,11 @@ out: return sev_common->kvm_type; } +static int sev_snp_kvm_type(X86ConfidentialGuest *cg) +{ + return KVM_X86_SNP_VM; +} + static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { char *devname; @@ -894,6 +899,8 @@ static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) struct sev_user_data_status status = {}; SevCommonState *sev_common = SEV_COMMON(cgs); SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(cgs); + X86ConfidentialGuestClass *x86_klass = + X86_CONFIDENTIAL_GUEST_GET_CLASS(cgs); sev_common->state = SEV_STATE_UNINIT; @@ -964,7 +971,7 @@ static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } trace_kvm_sev_init(); - if (sev_kvm_type(X86_CONFIDENTIAL_GUEST(sev_common)) == KVM_X86_DEFAULT_VM) { + if (x86_klass->kvm_type(X86_CONFIDENTIAL_GUEST(sev_common)) == KVM_X86_DEFAULT_VM) { cmd = sev_es_enabled() ? KVM_SEV_ES_INIT : KVM_SEV_INIT; ret = sev_ioctl(sev_common->sev_fd, cmd, NULL, &fw_error); @@ -1441,10 +1448,8 @@ static void sev_common_class_init(ObjectClass *oc, void *data) { ConfidentialGuestSupportClass *klass = CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc); - X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); klass->kvm_init = sev_common_kvm_init; - x86_klass->kvm_type = sev_kvm_type; object_class_property_add_str(oc, "sev-device", sev_common_get_sev_device, @@ -1529,10 +1534,12 @@ static void sev_guest_class_init(ObjectClass *oc, void *data) { SevCommonStateClass *klass = SEV_COMMON_CLASS(oc); + X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); klass->launch_start = sev_launch_start; klass->launch_finish = sev_launch_finish; klass->kvm_init = sev_kvm_init; + x86_klass->kvm_type = sev_kvm_type; object_class_property_add_str(oc, "dh-cert-file", sev_guest_get_dh_cert_file, @@ -1770,8 +1777,10 @@ static void sev_snp_guest_class_init(ObjectClass *oc, void *data) { SevCommonStateClass *klass = SEV_COMMON_CLASS(oc); + X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); klass->kvm_init = sev_snp_kvm_init; + x86_klass->kvm_type = sev_snp_kvm_type; object_class_property_add(oc, "policy", "uint64", sev_snp_guest_get_policy, From patchwork Tue Jun 4 06:43:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684791 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 141E6C27C52 for ; Tue, 4 Jun 2024 06:50:18 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENx0-0007ze-A3; Tue, 04 Jun 2024 02:47:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvY-0004OL-14 for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:51 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvU-0007b6-LE for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483544; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=h3kk6qDClWUbQZl0B321Mu8iHJPjC3lDTl307Q8JEmA=; b=jNXy4mAIAD6XUVFotp0ZuiiUo6qGyDEnntyLSiypdqV7K6jHgPvOF5yum1hbqkzITaAyQN odaY7a6yJx/lloPY4XIPEIzfKDllCGw12aFeMdGE3ah5xdAX7lshizuvGh2avRjpmY829T uilGRo0jqAIKEvvrBQWkgAL6vbzV6RY= Received: from mail-lf1-f69.google.com (mail-lf1-f69.google.com [209.85.167.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-681-WYORbEgDNE2w6i2669bw4w-1; Tue, 04 Jun 2024 02:45:35 -0400 X-MC-Unique: WYORbEgDNE2w6i2669bw4w-1 Received: by mail-lf1-f69.google.com with SMTP id 2adb3069b0e04-52b9267d9d6so1824659e87.2 for ; Mon, 03 Jun 2024 23:45:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483533; x=1718088333; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=h3kk6qDClWUbQZl0B321Mu8iHJPjC3lDTl307Q8JEmA=; b=ApZciwpeR+mbrO6I01DDNZk2WaSjZfkiGhPHpLFR6JkFw39ro4zRYEKSb1eHcerOTS l6ZIFgP1+ivFYy6fkv5u/yCM+2Ih2l8nyg+XDjdcKiH7NXx7gDi0dlrU8uEl1PzW9Yie 2Xpb9FtB0l63jYKoEAaTDvu3U/OehgtUKFM6VzNX9H4EWidk8ukUvi2jpJOZ8FheTJ6C YnjIaMofQgUfJalzI12pPyC7nUlFnoq2qdu5bdLmzeUCPrH7u9lrFqILtM+VBXSszMQk UPUfAgtIalzq9BRv0pYkO7ToZnJCe7tRej0SGTaitbf8srcKMuQYyor0XXenNpeU54Nm 3MDw== X-Gm-Message-State: AOJu0YyBkvrtU/jt3JkGlIqGJw1O60z695q2qNvAouPKKU/qzh6zS0KG im3FK/cEUxKSUNTfGO2TBMRqdAo3QV3bF/84Q1fp25H0tplNrNKwyLZsYqZ3+Qe6ugPHMtG1ImX TM9SEmxjFpWBcmMKIbGSuEgI66PJb/xv5UKk4ppw/4cIQOhg10J0d9S68dndkk8W7m4QLGYQQtr FsnxTyMs9Z3J61BSqQ2eTOdkGlkOJm/s1QRX6J X-Received: by 2002:ac2:5dc1:0:b0:51c:778f:b569 with SMTP id 2adb3069b0e04-52b8956362bmr8294294e87.29.1717483533115; Mon, 03 Jun 2024 23:45:33 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH6w+yFphJKXxZ7Hv1uk/Se2vv1lMWFUixy72s1hKJDznmempiWcF2D8FFKTHJI4rK1wpspwg== X-Received: by 2002:ac2:5dc1:0:b0:51c:778f:b569 with SMTP id 2adb3069b0e04-52b8956362bmr8294284e87.29.1717483532673; Mon, 03 Jun 2024 23:45:32 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a6959f932b4sm67763466b.171.2024.06.03.23.45.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:32 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Michael Roth , Pankaj Gupta Subject: [PULL 28/45] i386/sev: Update query-sev QAPI format to handle SEV-SNP Date: Tue, 4 Jun 2024 08:43:52 +0200 Message-ID: <20240604064409.957105-29-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Michael Roth Most of the current 'query-sev' command is relevant to both legacy SEV/SEV-ES guests and SEV-SNP guests, with 2 exceptions: - 'policy' is a 64-bit field for SEV-SNP, not 32-bit, and the meaning of the bit positions has changed - 'handle' is not relevant to SEV-SNP To address this, this patch adds a new 'sev-type' field that can be used as a discriminator to select between SEV and SEV-SNP-specific fields/formats without breaking compatibility for existing management tools (so long as management tools that add support for launching SEV-SNP guest update their handling of query-sev appropriately). The corresponding HMP command has also been fixed up similarly. Signed-off-by: Michael Roth Co-developed-by:Pankaj Gupta Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-15-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- qapi/misc-target.json | 72 ++++++++++++++++++++++++++++++++++--------- target/i386/sev.h | 3 ++ target/i386/sev.c | 57 +++++++++++++++++++++------------- 3 files changed, 97 insertions(+), 35 deletions(-) diff --git a/qapi/misc-target.json b/qapi/misc-target.json index 4e0a6492a9a..2d7d4d89bd5 100644 --- a/qapi/misc-target.json +++ b/qapi/misc-target.json @@ -47,6 +47,50 @@ 'send-update', 'receive-update' ], 'if': 'TARGET_I386' } +## +# @SevGuestType: +# +# An enumeration indicating the type of SEV guest being run. +# +# @sev: The guest is a legacy SEV or SEV-ES guest. +# +# @sev-snp: The guest is an SEV-SNP guest. +# +# Since: 6.2 +## +{ 'enum': 'SevGuestType', + 'data': [ 'sev', 'sev-snp' ], + 'if': 'TARGET_I386' } + +## +# @SevGuestInfo: +# +# Information specific to legacy SEV/SEV-ES guests. +# +# @policy: SEV policy value +# +# @handle: SEV firmware handle +# +# Since: 2.12 +## +{ 'struct': 'SevGuestInfo', + 'data': { 'policy': 'uint32', + 'handle': 'uint32' }, + 'if': 'TARGET_I386' } + +## +# @SevSnpGuestInfo: +# +# Information specific to SEV-SNP guests. +# +# @snp-policy: SEV-SNP policy value +# +# Since: 9.1 +## +{ 'struct': 'SevSnpGuestInfo', + 'data': { 'snp-policy': 'uint64' }, + 'if': 'TARGET_I386' } + ## # @SevInfo: # @@ -60,25 +104,25 @@ # # @build-id: SEV FW build id # -# @policy: SEV policy value -# # @state: SEV guest state # -# @handle: SEV firmware handle +# @sev-type: Type of SEV guest being run # # Since: 2.12 ## -{ 'struct': 'SevInfo', - 'data': { 'enabled': 'bool', - 'api-major': 'uint8', - 'api-minor' : 'uint8', - 'build-id' : 'uint8', - 'policy' : 'uint32', - 'state' : 'SevState', - 'handle' : 'uint32' - }, - 'if': 'TARGET_I386' -} +{ 'union': 'SevInfo', + 'base': { 'enabled': 'bool', + 'api-major': 'uint8', + 'api-minor' : 'uint8', + 'build-id' : 'uint8', + 'state' : 'SevState', + 'sev-type' : 'SevGuestType' }, + 'discriminator': 'sev-type', + 'data': { + 'sev': 'SevGuestInfo', + 'sev-snp': 'SevSnpGuestInfo' }, + 'if': 'TARGET_I386' } + ## # @query-sev: diff --git a/target/i386/sev.h b/target/i386/sev.h index 94295ee74f7..5dc4767b1e9 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -31,6 +31,9 @@ #define SEV_POLICY_DOMAIN 0x10 #define SEV_POLICY_SEV 0x20 +#define SEV_SNP_POLICY_SMT 0x10000 +#define SEV_SNP_POLICY_DBG 0x80000 + typedef struct SevKernelLoaderContext { char *setup_data; size_t setup_size; diff --git a/target/i386/sev.c b/target/i386/sev.c index 072cc4f8530..43d1c48bd9e 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -363,25 +363,27 @@ static SevInfo *sev_get_info(void) { SevInfo *info; SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); - SevGuestState *sev_guest = - (SevGuestState *)object_dynamic_cast(OBJECT(sev_common), - TYPE_SEV_GUEST); info = g_new0(SevInfo, 1); info->enabled = sev_enabled(); if (info->enabled) { - if (sev_guest) { - info->handle = sev_guest->handle; - } info->api_major = sev_common->api_major; info->api_minor = sev_common->api_minor; info->build_id = sev_common->build_id; info->state = sev_common->state; - /* we only report the lower 32-bits of policy for SNP, ok for now... */ - info->policy = - (uint32_t)object_property_get_uint(OBJECT(sev_common), - "policy", NULL); + + if (sev_snp_enabled()) { + info->sev_type = SEV_GUEST_TYPE_SEV_SNP; + info->u.sev_snp.snp_policy = + object_property_get_uint(OBJECT(sev_common), "policy", NULL); + } else { + info->sev_type = SEV_GUEST_TYPE_SEV; + info->u.sev.handle = SEV_GUEST(sev_common)->handle; + info->u.sev.policy = + (uint32_t)object_property_get_uint(OBJECT(sev_common), + "policy", NULL); + } } return info; @@ -404,20 +406,33 @@ void hmp_info_sev(Monitor *mon, const QDict *qdict) { SevInfo *info = sev_get_info(); - if (info && info->enabled) { - monitor_printf(mon, "handle: %d\n", info->handle); - monitor_printf(mon, "state: %s\n", SevState_str(info->state)); - monitor_printf(mon, "build: %d\n", info->build_id); - monitor_printf(mon, "api version: %d.%d\n", - info->api_major, info->api_minor); - monitor_printf(mon, "debug: %s\n", - info->policy & SEV_POLICY_NODBG ? "off" : "on"); - monitor_printf(mon, "key-sharing: %s\n", - info->policy & SEV_POLICY_NOKS ? "off" : "on"); - } else { + if (!info || !info->enabled) { monitor_printf(mon, "SEV is not enabled\n"); + goto out; } + monitor_printf(mon, "SEV type: %s\n", SevGuestType_str(info->sev_type)); + monitor_printf(mon, "state: %s\n", SevState_str(info->state)); + monitor_printf(mon, "build: %d\n", info->build_id); + monitor_printf(mon, "api version: %d.%d\n", info->api_major, + info->api_minor); + + if (sev_snp_enabled()) { + monitor_printf(mon, "debug: %s\n", + info->u.sev_snp.snp_policy & SEV_SNP_POLICY_DBG ? "on" + : "off"); + monitor_printf(mon, "SMT allowed: %s\n", + info->u.sev_snp.snp_policy & SEV_SNP_POLICY_SMT ? "on" + : "off"); + } else { + monitor_printf(mon, "handle: %d\n", info->u.sev.handle); + monitor_printf(mon, "debug: %s\n", + info->u.sev.policy & SEV_POLICY_NODBG ? "off" : "on"); + monitor_printf(mon, "key-sharing: %s\n", + info->u.sev.policy & SEV_POLICY_NOKS ? "off" : "on"); + } + +out: qapi_free_SevInfo(info); } From patchwork Tue Jun 4 06:43:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684783 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 13DCCC27C53 for ; Tue, 4 Jun 2024 06:49:36 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENww-0007y3-6q; Tue, 04 Jun 2024 02:47:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvb-0004Pg-OP for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:53 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvZ-0007bo-MJ for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483548; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0CNITmejgwIObTGjnEo5dtWm4cNO8mpBT6GYtJujk54=; b=LET9G+ujPUgdRZWcFGmvHSGUllwf1JVZ3OHYNh+ACkBG8nHOT2t981T1mIFbRiezh8c7ne FhDhWnu725BOF3lUKvpvOec0yq90QVobYV5ooMELP8fL1fWmtiaEgX3SvQpPpyccCgAhZq RTg1hWhXd8ytaChlu+uuDOMt587QIpQ= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-21-VeoDzl3bNGKUMOrwjjxLEw-1; Tue, 04 Jun 2024 02:45:37 -0400 X-MC-Unique: VeoDzl3bNGKUMOrwjjxLEw-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-a68afe5b95dso149731166b.2 for ; Mon, 03 Jun 2024 23:45:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483535; x=1718088335; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0CNITmejgwIObTGjnEo5dtWm4cNO8mpBT6GYtJujk54=; b=LQ7cc9l8EgbuwLmIrXA5jchWxGCUzeG1N6lRVImhECXQPANi36TAICkG5kPRrmbVsP 2LAjdn3sAdl9ZPguJpl9NFlOlklvX5ZrUGQxYqOdTfe+iFSkQCKBBw+mGeb3Y1HdCMgV 1Ufmoys01O2xUkf4QjZ3Kc6Yk8a5X1wHxy3NgSyy5wryqgk22R1tROIdASq0I0rjEbEJ +A/0eF1J8GwfOg+pHAQZxxnEVjZmVQD8hxc61zWS9oE5w97t0+CVL/DGrRa+wkuJWQq+ I3yrZhhzUlta6KBrWolKSb+ewq70fWHjKsNhwNqWd5fnps6CGNFWIRVIeccwI7ST6ka+ WBTg== X-Gm-Message-State: AOJu0YxMplxunF6Xr9/3ihZ59alTvsgMWfA++zu8QDKvOSuOJOrXWoQm Pq4V1e4HYOPBmHm0FAS/23ZR2voToUx1z5oXtJnlWEFQFsF6tbPcUS7CVm755V8+XPRvJ5c9tt3 O/nRiDjYDAldl6v3YwMIHdf7i0t6R5kcbAsJqipvfZxQOD/Ar2HNik3wQBQTf+aXWoquoUMdPHy 0kA72iypzLEldqEuE83o0yk3JdZAq/++OmNxxw X-Received: by 2002:a17:906:bcd8:b0:a68:f493:4b58 with SMTP id a640c23a62f3a-a68f4934d07mr372397066b.40.1717483535461; Mon, 03 Jun 2024 23:45:35 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEsVfzFUIWzr3mcAZ+Xl0ZX5chBrGi/Uk7gmxbKAp37T3VGOZBeaWTJPtCYaLV1wq8crFEWYw== X-Received: by 2002:a17:906:bcd8:b0:a68:f493:4b58 with SMTP id a640c23a62f3a-a68f4934d07mr372395866b.40.1717483535076; Mon, 03 Jun 2024 23:45:35 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68e6b5cdf8sm363755066b.81.2024.06.03.23.45.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:34 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Brijesh Singh , Michael Roth , Pankaj Gupta Subject: [PULL 29/45] i386/sev: Add the SNP launch start context Date: Tue, 4 Jun 2024 08:43:53 +0200 Message-ID: <20240604064409.957105-30-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Brijesh Singh The SNP_LAUNCH_START is called first to create a cryptographic launch context within the firmware. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth Co-developed-by: Pankaj Gupta Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-16-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 39 +++++++++++++++++++++++++++++++++++++++ target/i386/trace-events | 1 + 2 files changed, 40 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index 43d1c48bd9e..e89b87d2f55 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -39,6 +39,7 @@ #include "confidential-guest.h" #include "hw/i386/pc.h" #include "exec/address-spaces.h" +#include "qemu/queue.h" OBJECT_DECLARE_TYPE(SevCommonState, SevCommonStateClass, SEV_COMMON) OBJECT_DECLARE_TYPE(SevGuestState, SevCommonStateClass, SEV_GUEST) @@ -115,6 +116,16 @@ struct SevSnpGuestState { #define DEFAULT_SEV_DEVICE "/dev/sev" #define DEFAULT_SEV_SNP_POLICY 0x30000 +typedef struct SevLaunchUpdateData { + QTAILQ_ENTRY(SevLaunchUpdateData) next; + hwaddr gpa; + void *hva; + uint64_t len; + int type; +} SevLaunchUpdateData; + +static QTAILQ_HEAD(, SevLaunchUpdateData) launch_update; + #define SEV_INFO_BLOCK_GUID "00f771de-1a7e-4fcb-890e-68c77e2fb44e" typedef struct __attribute__((__packed__)) SevInfoBlock { /* SEV-ES Reset Vector Address */ @@ -674,6 +685,31 @@ sev_read_file_base64(const char *filename, guchar **data, gsize *len) return 0; } +static int +sev_snp_launch_start(SevCommonState *sev_common) +{ + int fw_error, rc; + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(sev_common); + struct kvm_sev_snp_launch_start *start = &sev_snp_guest->kvm_start_conf; + + trace_kvm_sev_snp_launch_start(start->policy, + sev_snp_guest->guest_visible_workarounds); + + rc = sev_ioctl(sev_common->sev_fd, KVM_SEV_SNP_LAUNCH_START, + start, &fw_error); + if (rc < 0) { + error_report("%s: SNP_LAUNCH_START ret=%d fw_error=%d '%s'", + __func__, rc, fw_error, fw_error_to_str(fw_error)); + return 1; + } + + QTAILQ_INIT(&launch_update); + + sev_set_guest_state(sev_common, SEV_STATE_LAUNCH_UPDATE); + + return 0; +} + static int sev_launch_start(SevCommonState *sev_common) { @@ -1003,6 +1039,7 @@ static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } ret = klass->launch_start(sev_common); + if (ret) { error_setg(errp, "%s: failed to create encryption context", __func__); return -1; @@ -1794,9 +1831,11 @@ sev_snp_guest_class_init(ObjectClass *oc, void *data) SevCommonStateClass *klass = SEV_COMMON_CLASS(oc); X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); + klass->launch_start = sev_snp_launch_start; klass->kvm_init = sev_snp_kvm_init; x86_klass->kvm_type = sev_snp_kvm_type; + object_class_property_add(oc, "policy", "uint64", sev_snp_guest_get_policy, sev_snp_guest_set_policy, NULL, NULL); diff --git a/target/i386/trace-events b/target/i386/trace-events index 2cd8726eebb..cb26d8a9257 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -11,3 +11,4 @@ kvm_sev_launch_measurement(const char *value) "data %s" kvm_sev_launch_finish(void) "" kvm_sev_launch_secret(uint64_t hpa, uint64_t hva, uint64_t secret, int len) "hpa 0x%" PRIx64 " hva 0x%" PRIx64 " data 0x%" PRIx64 " len %d" kvm_sev_attestation_report(const char *mnonce, const char *data) "mnonce %s data %s" +kvm_sev_snp_launch_start(uint64_t policy, char *gosvw) "policy 0x%" PRIx64 " gosvw %s" From patchwork Tue Jun 4 06:43:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684780 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6A057C41513 for ; Tue, 4 Jun 2024 06:49:29 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENwn-0006Tw-S4; Tue, 04 Jun 2024 02:47:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvT-0004Ka-Om for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:48 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvR-0007ar-RZ for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483541; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vMPOLamSRHQE7IaaVLuvYJHjbkszPghyVoT4hxWvYC4=; b=ek+jKqaauw2NZ3q9SOp/6VrBwK2oQj7uBwwHVdxOfh/s0pSRLr+Phg67jMDNhD72wIMSPm r64dcn/sM6KwiRusTp5X2MRq0Od2+OozJ+W5WObO4u3RwzyfdTLogf4oWXcCG0PUax0iD1 WNFPpcnSkiMDEXjPwb0x5lZpsHp0lF4= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-604-ydpJTyzvMMKKsquPwGO5iA-1; Tue, 04 Jun 2024 02:45:40 -0400 X-MC-Unique: ydpJTyzvMMKKsquPwGO5iA-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-a68cc214ac7so103219166b.2 for ; Mon, 03 Jun 2024 23:45:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483538; x=1718088338; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vMPOLamSRHQE7IaaVLuvYJHjbkszPghyVoT4hxWvYC4=; b=UE16a5tHuH8/2IbM1yOpBnWKp1E1w0B4WO5gsltoWCkQS9D2RxeaZzS5CGd6osDToB TDHLk34GPM3bYmOg9GBe+1EFE+QVkPFy8LCvN/fbKcsno6VwNifYk2vK2eO1lfaCDFdK beb/4oQtuQ98gaW6gK1EnXTBCkdq0VFa1z13r6GUOyLLHQUEtMEVhsmrfE3+GEe2ZhzH 8KHU/CaV1yfiuaOVMBBOlM2FVf3OvqsoBdLABpOXjwRT8v8Q/JFhFUg/yrtvx/oy6CLr kfOHmiwoS+8oRSigI9w0wqLxcZTgZFPEsOwsKcDCwIZGLYtHXeftiFRG9iqB0oBN8+4n Ts/w== X-Gm-Message-State: AOJu0YxjqLAfk1qf/WFKke+YLWJd6IaOtM417WutXQO2YDk4fXSPdBZc wHdBqObuKkft8DdfZ870eaLOTZw9ffxUAPhQio5oJkS/i+DHQQhd0p9l1lI4huKrMzifRsuhcPi k3JUgGtrlKTeOUNG9ua2HD/lDqSZg95al9Ex41CDxFXmy00V2MhOs9th0FdQUFZX2T2YDbNvK9K 4HYrtzFiFGhs4bxwdMyRTwEC21Gm+DzCbm85zy X-Received: by 2002:a17:906:f585:b0:a68:f0ce:9f2e with SMTP id a640c23a62f3a-a68f0cea079mr433530666b.44.1717483538240; Mon, 03 Jun 2024 23:45:38 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEKle5H+3DrBU9+OF2gPlcaVM44gOko9Z9cDrlWegkVah7ZgLJD1D73IM3Sb43xe69JS89bCg== X-Received: by 2002:a17:906:f585:b0:a68:f0ce:9f2e with SMTP id a640c23a62f3a-a68f0cea079mr433528566b.44.1717483537829; Mon, 03 Jun 2024 23:45:37 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a69043af942sm277148966b.72.2024.06.03.23.45.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:37 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Brijesh Singh , Michael Roth , Pankaj Gupta Subject: [PULL 30/45] i386/sev: Add handling to encrypt/finalize guest launch data Date: Tue, 4 Jun 2024 08:43:54 +0200 Message-ID: <20240604064409.957105-31-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Brijesh Singh Process any queued up launch data and encrypt/measure it into the SNP guest instance prior to initial guest launch. This also updates the KVM_SEV_SNP_LAUNCH_UPDATE call to handle partial update responses. Signed-off-by: Brijesh Singh Co-developed-by: Michael Roth Signed-off-by: Michael Roth Co-developed-by: Pankaj Gupta Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-17-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 112 ++++++++++++++++++++++++++++++++++++++- target/i386/trace-events | 2 + 2 files changed, 113 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index e89b87d2f55..ef2e592ca76 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -756,6 +756,76 @@ out: return ret; } +static const char * +snp_page_type_to_str(int type) +{ + switch (type) { + case KVM_SEV_SNP_PAGE_TYPE_NORMAL: return "Normal"; + case KVM_SEV_SNP_PAGE_TYPE_ZERO: return "Zero"; + case KVM_SEV_SNP_PAGE_TYPE_UNMEASURED: return "Unmeasured"; + case KVM_SEV_SNP_PAGE_TYPE_SECRETS: return "Secrets"; + case KVM_SEV_SNP_PAGE_TYPE_CPUID: return "Cpuid"; + default: return "unknown"; + } +} + +static int +sev_snp_launch_update(SevSnpGuestState *sev_snp_guest, + SevLaunchUpdateData *data) +{ + int ret, fw_error; + struct kvm_sev_snp_launch_update update = {0}; + + if (!data->hva || !data->len) { + error_report("SNP_LAUNCH_UPDATE called with invalid address" + "/ length: %p / %lx", + data->hva, data->len); + return 1; + } + + update.uaddr = (__u64)(unsigned long)data->hva; + update.gfn_start = data->gpa >> TARGET_PAGE_BITS; + update.len = data->len; + update.type = data->type; + + /* + * KVM_SEV_SNP_LAUNCH_UPDATE requires that GPA ranges have the private + * memory attribute set in advance. + */ + ret = kvm_set_memory_attributes_private(data->gpa, data->len); + if (ret) { + error_report("SEV-SNP: failed to configure initial" + "private guest memory"); + goto out; + } + + while (update.len || ret == -EAGAIN) { + trace_kvm_sev_snp_launch_update(update.uaddr, update.gfn_start << + TARGET_PAGE_BITS, update.len, + snp_page_type_to_str(update.type)); + + ret = sev_ioctl(SEV_COMMON(sev_snp_guest)->sev_fd, + KVM_SEV_SNP_LAUNCH_UPDATE, + &update, &fw_error); + if (ret && ret != -EAGAIN) { + error_report("SNP_LAUNCH_UPDATE ret=%d fw_error=%d '%s'", + ret, fw_error, fw_error_to_str(fw_error)); + break; + } + } + +out: + if (!ret && update.gfn_start << TARGET_PAGE_BITS != data->gpa + data->len) { + error_report("SEV-SNP: expected update of GPA range %lx-%lx," + "got GPA range %lx-%llx", + data->gpa, data->gpa + data->len, data->gpa, + update.gfn_start << TARGET_PAGE_BITS); + ret = -EIO; + } + + return ret; +} + static int sev_launch_update_data(SevGuestState *sev_guest, uint8_t *addr, uint64_t len) { @@ -901,6 +971,46 @@ sev_launch_finish(SevCommonState *sev_common) migrate_add_blocker(&sev_mig_blocker, &error_fatal); } +static void +sev_snp_launch_finish(SevCommonState *sev_common) +{ + int ret, error; + Error *local_err = NULL; + SevLaunchUpdateData *data; + SevSnpGuestState *sev_snp = SEV_SNP_GUEST(sev_common); + struct kvm_sev_snp_launch_finish *finish = &sev_snp->kvm_finish_conf; + + QTAILQ_FOREACH(data, &launch_update, next) { + ret = sev_snp_launch_update(sev_snp, data); + if (ret) { + exit(1); + } + } + + trace_kvm_sev_snp_launch_finish(sev_snp->id_block, sev_snp->id_auth, + sev_snp->host_data); + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_SNP_LAUNCH_FINISH, + finish, &error); + if (ret) { + error_report("SNP_LAUNCH_FINISH ret=%d fw_error=%d '%s'", + ret, error, fw_error_to_str(error)); + exit(1); + } + + sev_set_guest_state(sev_common, SEV_STATE_RUNNING); + + /* add migration blocker */ + error_setg(&sev_mig_blocker, + "SEV-SNP: Migration is not implemented"); + ret = migrate_add_blocker(&sev_mig_blocker, &local_err); + if (local_err) { + error_report_err(local_err); + error_free(sev_mig_blocker); + exit(1); + } +} + + static void sev_vm_state_change(void *opaque, bool running, RunState state) { @@ -1832,10 +1942,10 @@ sev_snp_guest_class_init(ObjectClass *oc, void *data) X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); klass->launch_start = sev_snp_launch_start; + klass->launch_finish = sev_snp_launch_finish; klass->kvm_init = sev_snp_kvm_init; x86_klass->kvm_type = sev_snp_kvm_type; - object_class_property_add(oc, "policy", "uint64", sev_snp_guest_get_policy, sev_snp_guest_set_policy, NULL, NULL); diff --git a/target/i386/trace-events b/target/i386/trace-events index cb26d8a9257..06b44ead2e2 100644 --- a/target/i386/trace-events +++ b/target/i386/trace-events @@ -12,3 +12,5 @@ kvm_sev_launch_finish(void) "" kvm_sev_launch_secret(uint64_t hpa, uint64_t hva, uint64_t secret, int len) "hpa 0x%" PRIx64 " hva 0x%" PRIx64 " data 0x%" PRIx64 " len %d" kvm_sev_attestation_report(const char *mnonce, const char *data) "mnonce %s data %s" kvm_sev_snp_launch_start(uint64_t policy, char *gosvw) "policy 0x%" PRIx64 " gosvw %s" +kvm_sev_snp_launch_update(uint64_t src, uint64_t gpa, uint64_t len, const char *type) "src 0x%" PRIx64 " gpa 0x%" PRIx64 " len 0x%" PRIx64 " (%s page)" +kvm_sev_snp_launch_finish(char *id_block, char *id_auth, char *host_data) "id_block %s id_auth %s host_data %s" From patchwork Tue Jun 4 06:43:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684788 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C6FEEC25B7E for ; Tue, 4 Jun 2024 06:50:13 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENwy-0007zW-7q; Tue, 04 Jun 2024 02:47:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvY-0004OK-0a for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:51 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvU-0007b1-MG for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483543; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=G+5YuaYqczcNUvBp8yw5yH3zRumXmt77AmFK67q+NU4=; b=i/ZbrBwwPKTZRO2PaEGlLmzBozPMfF0/lcx9xWC3utIsDcl1ownZ5JJrMbCfmeUrFK5uLO AZzScacPJueNURqVRruero+v+frzNxd0QGeN3rUSNTQ2xLmdsfP8q+5KbesW1P5p4XOmZd yWvjF4foJCHJBlopbIwpyJLUw8UN2FI= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-591-NXqn4NDrNHuhJ7jlx4RzMw-1; Tue, 04 Jun 2024 02:45:42 -0400 X-MC-Unique: NXqn4NDrNHuhJ7jlx4RzMw-1 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-a6905050583so97018166b.0 for ; Mon, 03 Jun 2024 23:45:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483541; x=1718088341; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=G+5YuaYqczcNUvBp8yw5yH3zRumXmt77AmFK67q+NU4=; b=P/dLZbObOhDlmx2LsEBJ4TapKkpZnpxdYJ8iTUPY9hFYURmN8Bc3KMlmg0DO+fDSHc 331FLxhoqPdlC6Dmeu/X/WIdWBoytbmDtkfVfwL69UwcWwG0w8ieKaREiB7AGoPUF87n 2oRH2UKjt6k/+RVH46FUrHUv52/M2Zr+i5iP38uhN1xX8fJuObz4ZaIPVJqeGoObc9cx DKVI19yPlVvIvsdlSRKNWuOVIuEMbZMbf3v9nqk3RbGcKtopLIzkR2MnLa7vCYikgDhP YBWOwGK7uT15PoaGUI6aMJP134hEbE1J1KOx6684e6rcOPhLDJfj4fXHdXOl9euZZsca 6RZw== X-Gm-Message-State: AOJu0Yz9mtsxxB3CxbiSMkjVn0bWWtKB9JYKlujxtUcHHPFoK4hU3oMk GxJEMwZgYBUTK3dmV875ofrcKxlt8AACQIBaDFl5GbRWNxYEB0L4XJLlHzEElfkZn/w15SGhJgu o3NdW4dCCrJjHX8oXiZusAOzVsbs1PKDX5m8I57cfF3erSuMOJK0VEmMHUMeFqRS9Hp189xK20u 8d/xAY5ISckDrnPCB6pxpTjeWpnSxf90bIpBP+ X-Received: by 2002:a17:906:6a15:b0:a68:f614:ce4f with SMTP id a640c23a62f3a-a68f614d046mr439978566b.21.1717483540779; Mon, 03 Jun 2024 23:45:40 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFcVM153EwFrp5U0WJ4kJY5b6Q698+fFJE8mRQT0XOIUpiFfoiK1/gwuIyQ8Mrss1H0M6PUiw== X-Received: by 2002:a17:906:6a15:b0:a68:f614:ce4f with SMTP id a640c23a62f3a-a68f614d046mr439976866b.21.1717483540353; Mon, 03 Jun 2024 23:45:40 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68e7dc0f95sm364709966b.108.2024.06.03.23.45.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:39 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Michael Roth , Pankaj Gupta Subject: [PULL 31/45] i386/sev: Set CPU state to protected once SNP guest payload is finalized Date: Tue, 4 Jun 2024 08:43:55 +0200 Message-ID: <20240604064409.957105-32-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Michael Roth Once KVM_SNP_LAUNCH_FINISH is called the vCPU state is copied into the vCPU's VMSA page and measured/encrypted. Any attempt to read/write CPU state afterward will only be acting on the initial data and so are effectively no-ops. Set the vCPU state to protected at this point so that QEMU don't continue trying to re-sync vCPU data during guest runtime. Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-18-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index ef2e592ca76..e84e4395a53 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -997,6 +997,7 @@ sev_snp_launch_finish(SevCommonState *sev_common) exit(1); } + kvm_mark_guest_state_protected(); sev_set_guest_state(sev_common, SEV_STATE_RUNNING); /* add migration blocker */ From patchwork Tue Jun 4 06:43:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684790 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 21183C41513 for ; Tue, 4 Jun 2024 06:50:18 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENwP-0005LE-RI; Tue, 04 Jun 2024 02:46:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvZ-0004Of-SG for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:51 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvW-0007bE-U5 for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:49 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483546; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mbF+J+6p2qLufxqQCI+qOqAN8ivwoYU4rcfnA1GAKJY=; b=OL+msViBW3hIp1zhLNiZfkV9fxq4U1Uo14OYxUL5hsmiPeymrfX0lO98+AvwDxnemDr/t9 QeOPBLLw1YGl52+jWDoTqQFAIHt2myKxOYB9NjkoDDczQuN59PbgSnlc5ZKaXAHM01AWLN y1l2yc27lM/nVOHmPtK5HEsNlluQnec= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-652-ZYcgEePTPWeE87E06gaZMg-1; Tue, 04 Jun 2024 02:45:45 -0400 X-MC-Unique: ZYcgEePTPWeE87E06gaZMg-1 Received: by mail-ed1-f71.google.com with SMTP id 4fb4d7f45d1cf-57a32f2f782so333486a12.1 for ; Mon, 03 Jun 2024 23:45:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483543; x=1718088343; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mbF+J+6p2qLufxqQCI+qOqAN8ivwoYU4rcfnA1GAKJY=; b=w7OiZOKkaWccQdCc9pg04GKQSHbbL9E4O3LjRR8gUzc0WhuAsHwhD0TUsILATB4BgG Z/5XDkmv/P4AQmh9zb6TSxon5eCtgTpT03mDurx6lW1/6iOzXwXA8nY0tuys7ynvQH+3 /4q3c9jyY+lEWHObzBbRvVcXgyi5HFVapKFLKReom0bXo1FjINzm6/sVjSmQMVDHcXRR M252A/nm3r90P8qqjucuGZ9oI7O9b6oUlGW+IwUEvADiqS28PMes8ClxCfxBTBUlJXfV B08LNpg+YYh1BM/sj/q1k6BVNenAwMXyERc0knz/zpTDcYs7EQh1p+NAelxZfJh+H3Px uNiQ== X-Gm-Message-State: AOJu0Yzrkp0p7iviMmpWLeNsdBWpLe0WVe0RZS/s736rLz0KdUY8qyOz iAkSkL3jdYL6SZwfRcJ2z4aM99FMtRevOE1TE0jliX2b1q2dkSm6VbdP0fzWgAWisRTldwOPqEp qGy35XgDGLnjrxP2ey+OOt97Fgn+FZNs0+lP7qlYmCp+cFAXHeqpCFqy2/MujSuy4yvrAZ0nO9P vY9N+VTdAv7Pf71f1FCN597aB188hoUiJvOaVO X-Received: by 2002:a50:8dc8:0:b0:57a:1c9:bf65 with SMTP id 4fb4d7f45d1cf-57a36542c15mr6934237a12.31.1717483543295; Mon, 03 Jun 2024 23:45:43 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEArvPLCgbo0ogTlcku11c7Vjhsf5DKhPgRzVJSeW4hFT/Z9n62uT911zOD3QRbjty18m+ytg== X-Received: by 2002:a50:8dc8:0:b0:57a:1c9:bf65 with SMTP id 4fb4d7f45d1cf-57a36542c15mr6934223a12.31.1717483542937; Mon, 03 Jun 2024 23:45:42 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57a31c9cc44sm6835472a12.84.2024.06.03.23.45.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:42 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Brijesh Singh , Michael Roth , Pankaj Gupta Subject: [PULL 32/45] hw/i386/sev: Add function to get SEV metadata from OVMF header Date: Tue, 4 Jun 2024 08:43:56 +0200 Message-ID: <20240604064409.957105-33-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Brijesh Singh A recent version of OVMF expanded the reset vector GUID list to add SEV-specific metadata GUID. The SEV metadata describes the reserved memory regions such as the secrets and CPUID page used during the SEV-SNP guest launch. The pc_system_get_ovmf_sev_metadata_ptr() is used to retieve the SEV metadata pointer from the OVMF GUID list. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-19-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- include/hw/i386/pc.h | 26 ++++++++++++++++++++++++++ target/i386/sev.h | 2 ++ hw/i386/pc_sysfw.c | 4 ++++ target/i386/sev-sysemu-stub.c | 4 ++++ target/i386/sev.c | 32 ++++++++++++++++++++++++++++++++ 5 files changed, 68 insertions(+) diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index ad9c3d9ba84..c653b8eeb24 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -164,6 +164,32 @@ void pc_acpi_smi_interrupt(void *opaque, int irq, int level); #define PCI_HOST_ABOVE_4G_MEM_SIZE "above-4g-mem-size" #define PCI_HOST_PROP_SMM_RANGES "smm-ranges" +typedef enum { + SEV_DESC_TYPE_UNDEF, + /* The section contains the region that must be validated by the VMM. */ + SEV_DESC_TYPE_SNP_SEC_MEM, + /* The section contains the SNP secrets page */ + SEV_DESC_TYPE_SNP_SECRETS, + /* The section contains address that can be used as a CPUID page */ + SEV_DESC_TYPE_CPUID, + +} ovmf_sev_metadata_desc_type; + +typedef struct __attribute__((__packed__)) OvmfSevMetadataDesc { + uint32_t base; + uint32_t len; + ovmf_sev_metadata_desc_type type; +} OvmfSevMetadataDesc; + +typedef struct __attribute__((__packed__)) OvmfSevMetadata { + uint8_t signature[4]; + uint32_t len; + uint32_t version; + uint32_t num_desc; + OvmfSevMetadataDesc descs[]; +} OvmfSevMetadata; + +OvmfSevMetadata *pc_system_get_ovmf_sev_metadata_ptr(void); void pc_pci_as_mapping_init(MemoryRegion *system_memory, MemoryRegion *pci_address_space); diff --git a/target/i386/sev.h b/target/i386/sev.h index 5dc4767b1e9..cc12824dd65 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -66,4 +66,6 @@ int sev_inject_launch_secret(const char *hdr, const char *secret, int sev_es_save_reset_vector(void *flash_ptr, uint64_t flash_size); void sev_es_set_reset_vector(CPUState *cpu); +void pc_system_parse_sev_metadata(uint8_t *flash_ptr, size_t flash_size); + #endif diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index ac88ad4eb91..9b8671c4412 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -260,6 +260,10 @@ void x86_firmware_configure(void *ptr, int size) pc_system_parse_ovmf_flash(ptr, size); if (sev_enabled()) { + + /* Copy the SEV metadata table (if it exists) */ + pc_system_parse_sev_metadata(ptr, size); + ret = sev_es_save_reset_vector(ptr, size); if (ret) { error_report("failed to locate and/or save reset vector"); diff --git a/target/i386/sev-sysemu-stub.c b/target/i386/sev-sysemu-stub.c index 96e1c15cc3f..fc1c57c4113 100644 --- a/target/i386/sev-sysemu-stub.c +++ b/target/i386/sev-sysemu-stub.c @@ -67,3 +67,7 @@ void hmp_info_sev(Monitor *mon, const QDict *qdict) { monitor_printf(mon, "SEV is not available in this QEMU\n"); } + +void pc_system_parse_sev_metadata(uint8_t *flash_ptr, size_t flash_size) +{ +} diff --git a/target/i386/sev.c b/target/i386/sev.c index e84e4395a53..17281bb2c74 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -597,6 +597,38 @@ SevCapability *qmp_query_sev_capabilities(Error **errp) return sev_get_capabilities(errp); } +static OvmfSevMetadata *ovmf_sev_metadata_table; + +#define OVMF_SEV_META_DATA_GUID "dc886566-984a-4798-A75e-5585a7bf67cc" +typedef struct __attribute__((__packed__)) OvmfSevMetadataOffset { + uint32_t offset; +} OvmfSevMetadataOffset; + +OvmfSevMetadata *pc_system_get_ovmf_sev_metadata_ptr(void) +{ + return ovmf_sev_metadata_table; +} + +void pc_system_parse_sev_metadata(uint8_t *flash_ptr, size_t flash_size) +{ + OvmfSevMetadata *metadata; + OvmfSevMetadataOffset *data; + + if (!pc_system_ovmf_table_find(OVMF_SEV_META_DATA_GUID, (uint8_t **)&data, + NULL)) { + return; + } + + metadata = (OvmfSevMetadata *)(flash_ptr + flash_size - data->offset); + if (memcmp(metadata->signature, "ASEV", 4) != 0 || + metadata->len < sizeof(OvmfSevMetadata) || + metadata->len > flash_size - data->offset) { + return; + } + + ovmf_sev_metadata_table = g_memdup2(metadata, metadata->len); +} + static SevAttestationReport *sev_get_attestation_report(const char *mnonce, Error **errp) { From patchwork Tue Jun 4 06:43:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684786 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2B567C27C52 for ; Tue, 4 Jun 2024 06:50:06 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENx5-00087v-GL; Tue, 04 Jun 2024 02:47:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvb-0004Ph-Oi for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:53 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvZ-0007bm-M6 for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483548; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fdzc0pnme++SQh28YLBWqEPjMSsoA3eLg+edwlgf8UI=; b=B7LfIYJi3qCRH+Sl1YTCE9oVr2jtGEWWuQaNrIPwjtPPL0TORaiZvwNfmxFhZk4UGGkZSR X70PxuwQ3ZIAjXLuww/gbVWpYgaSQ2PG7OQugQX9gYR4vmPvF+hXq5sd1+HHVrex7rUAYw H8sKjip8UAJ1GODYt7tQlmOPvKKHg/g= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-663-xF_kAWUjNOWGLnfo3jo6ZA-1; Tue, 04 Jun 2024 02:45:47 -0400 X-MC-Unique: xF_kAWUjNOWGLnfo3jo6ZA-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-a6840dde124so353644566b.1 for ; Mon, 03 Jun 2024 23:45:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483546; x=1718088346; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fdzc0pnme++SQh28YLBWqEPjMSsoA3eLg+edwlgf8UI=; b=MX/fwvcm6zProuk7HNkSg+DRa+6ak1Xt+v8jZk8vNvgtm/sIrRCEgb0uVt9nZPp6eM 9RXIwiaC+gAE9Lc/LxvUc6mnMJ1dtrVoD0ctz2WhorAUwCxEcpBYZVk8LP+27zcYJnZL a3jbEf+hCLobSTiQcq6mkohLqFvJn18E2VOrGwEf3LuYqW5IDGYnNbRzvdziXluK5+dn ICYDdgNxqTTq1bFGxVJZnsD5pi+UOCc/0X/VrHV7JWcP5Ys16m4VB+T1xYwwYytZiWPa kY+DhY8GgyecdP17Ir6vwDMayxPg4ewp724KiApWwyz+2zmGrw08S0Q652wRLoD562fO pbZg== X-Gm-Message-State: AOJu0Ywi8VCiraPuyMkS9nS2AUalIGzr4hLZAacNYsQ/8JV+fKg0q7GQ hk70wN9Zf4p7VIa392OOOZYVNEYLoz4fC29YhYTNpNSLK1W7ARk94Ub2Yqf6yHmwbZj/pjQEvI3 qQ9APRsl5wpDlHINVrjjWy/Kyho02WAoEOxWpQXqejG9xhUL7Iy+aKMZDlMeYlERnMzWdfCDHMZ x8IaKTZmb3w78h4xEtGA40CSDgrm4iJxwzVTD3 X-Received: by 2002:a17:907:36c:b0:a65:2b64:f84a with SMTP id a640c23a62f3a-a69546b0a23mr122950866b.25.1717483545787; Mon, 03 Jun 2024 23:45:45 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHMJL2vePRvJXiQ9VNn+qDYdfNVtvBaD9K2HF91LoWdjkGZvpP0r6NfVIDWy6i4WX5QSltPaQ== X-Received: by 2002:a17:907:36c:b0:a65:2b64:f84a with SMTP id a640c23a62f3a-a69546b0a23mr122949166b.25.1717483545352; Mon, 03 Jun 2024 23:45:45 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a681c4f2b6fsm576670566b.144.2024.06.03.23.45.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:44 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Brijesh Singh , Michael Roth , Pankaj Gupta Subject: [PULL 33/45] i386/sev: Add support for populating OVMF metadata pages Date: Tue, 4 Jun 2024 08:43:57 +0200 Message-ID: <20240604064409.957105-34-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Brijesh Singh OVMF reserves various pages so they can be pre-initialized/validated prior to launching the guest. Add support for populating these pages with the expected content. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth Co-developed-by: Pankaj Gupta Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-20-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index 17281bb2c74..c57534fca2b 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1003,15 +1003,89 @@ sev_launch_finish(SevCommonState *sev_common) migrate_add_blocker(&sev_mig_blocker, &error_fatal); } +static int +snp_launch_update_data(uint64_t gpa, void *hva, uint32_t len, int type) +{ + SevLaunchUpdateData *data; + + data = g_new0(SevLaunchUpdateData, 1); + data->gpa = gpa; + data->hva = hva; + data->len = len; + data->type = type; + + QTAILQ_INSERT_TAIL(&launch_update, data, next); + + return 0; +} + +static int +snp_metadata_desc_to_page_type(int desc_type) +{ + switch (desc_type) { + /* Add the umeasured prevalidated pages as a zero page */ + case SEV_DESC_TYPE_SNP_SEC_MEM: return KVM_SEV_SNP_PAGE_TYPE_ZERO; + case SEV_DESC_TYPE_SNP_SECRETS: return KVM_SEV_SNP_PAGE_TYPE_SECRETS; + case SEV_DESC_TYPE_CPUID: return KVM_SEV_SNP_PAGE_TYPE_CPUID; + default: + return KVM_SEV_SNP_PAGE_TYPE_ZERO; + } +} + +static void +snp_populate_metadata_pages(SevSnpGuestState *sev_snp, + OvmfSevMetadata *metadata) +{ + OvmfSevMetadataDesc *desc; + int type, ret, i; + void *hva; + MemoryRegion *mr = NULL; + + for (i = 0; i < metadata->num_desc; i++) { + desc = &metadata->descs[i]; + + type = snp_metadata_desc_to_page_type(desc->type); + + hva = gpa2hva(&mr, desc->base, desc->len, NULL); + if (!hva) { + error_report("%s: Failed to get HVA for GPA 0x%x sz 0x%x", + __func__, desc->base, desc->len); + exit(1); + } + + ret = snp_launch_update_data(desc->base, hva, desc->len, type); + if (ret) { + error_report("%s: Failed to add metadata page gpa 0x%x+%x type %d", + __func__, desc->base, desc->len, desc->type); + exit(1); + } + } +} + static void sev_snp_launch_finish(SevCommonState *sev_common) { int ret, error; Error *local_err = NULL; + OvmfSevMetadata *metadata; SevLaunchUpdateData *data; SevSnpGuestState *sev_snp = SEV_SNP_GUEST(sev_common); struct kvm_sev_snp_launch_finish *finish = &sev_snp->kvm_finish_conf; + /* + * To boot the SNP guest, the hypervisor is required to populate the CPUID + * and Secrets page before finalizing the launch flow. The location of + * the secrets and CPUID page is available through the OVMF metadata GUID. + */ + metadata = pc_system_get_ovmf_sev_metadata_ptr(); + if (metadata == NULL) { + error_report("%s: Failed to locate SEV metadata header", __func__); + exit(1); + } + + /* Populate all the metadata pages */ + snp_populate_metadata_pages(sev_snp, metadata); + QTAILQ_FOREACH(data, &launch_update, next) { ret = sev_snp_launch_update(sev_snp, data); if (ret) { From patchwork Tue Jun 4 06:43:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684784 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4E533C25B7E for ; Tue, 4 Jun 2024 06:49:54 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENwb-0005sc-QG; Tue, 04 Jun 2024 02:46:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvj-0004Xn-CK for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:03 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvc-0007cC-KU for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:45:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483552; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yQxTyCkViFqK9megWi2GDlafsm2LHU0mRoruP/ycIy0=; b=DqNehMoPnqpv3GLHhRaGrBuQSzpMphtfv5uLwiKVLkprnNPSRCUWR/NOZGQ2Eh75LZp9kB cIMohC90zGhP1pJHcx4u4T5CjiHX88AKsX0mnJucjYAKfNeqhar4MQ/smrGZc0jyNUGCsR /NtpggNB8Cq0LYU+OzFGntwj7LYa/qY= Received: from mail-lf1-f69.google.com (mail-lf1-f69.google.com [209.85.167.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-607-o4gh8EWnPyeQJ7mmhh5pgA-1; Tue, 04 Jun 2024 02:45:50 -0400 X-MC-Unique: o4gh8EWnPyeQJ7mmhh5pgA-1 Received: by mail-lf1-f69.google.com with SMTP id 2adb3069b0e04-52b84eb911dso3182086e87.0 for ; Mon, 03 Jun 2024 23:45:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483548; x=1718088348; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yQxTyCkViFqK9megWi2GDlafsm2LHU0mRoruP/ycIy0=; b=rJWFvjpNqahnrgHR0jh8bSCn5dcqAEHaz9lww4QRwb4MSAwNmrI2H04kHyM01Uy2fs dqYy5jtzguU8RuKceo68+MoMJPid7OFrY2UgDX7EsKS1F4zgLZ6xgO+8EDOnKEK5fkYB tiXbe864wO4F55ZwiSBOpFcphhWbwTVrXJOsWbYr2J3tPARpTZtxzd1XBesMVaSxXPqc /J54j5KuIikxbkrctmGqJ+axq70ANaQL6VH4qqdisGvTV8YbyCqThEAslJVG5TLgb1cK FuRTjeQ65WonlcCc3z+5rI9Sa1jh91ntriMXgPbF6wFj8hHwM8YnrIg460SFE/LuHdjn fU4Q== X-Gm-Message-State: AOJu0YxifrWkiFYqKh3k80l7Hr6+HCyi2vTd74tdMfgbC+HoqeAQ3YuI pMv9ZqWspF5gZXcRhqrFZj0ddbK1huX3HA/1VvNMdY6vq8Qr4sdAGDUfgmm+69zA+YAy+/lBlPp z+sdU+3XviTjjmgtrKxnIbkSKWgNsDdAA8821+v8cxlChFkpgz9Vf6xy3VH8IaFPjOuJQ5Cvawb T5SLz0nDEU8g9hyhr0LBYpr3qLrDruYB8+DsKH X-Received: by 2002:a05:6512:7b:b0:52b:8843:b084 with SMTP id 2adb3069b0e04-52b896bfa33mr7463253e87.47.1717483548385; Mon, 03 Jun 2024 23:45:48 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFM1Qtu3YZM5185bh8mBy+tZLZLHFna0aaQXvn57Y/jiYRFD+Wtr96dinCcWnjRKnxBtsdsIQ== X-Received: by 2002:a05:6512:7b:b0:52b:8843:b084 with SMTP id 2adb3069b0e04-52b896bfa33mr7463232e87.47.1717483547879; Mon, 03 Jun 2024 23:45:47 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57a31b99445sm6719543a12.18.2024.06.03.23.45.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:47 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Michael Roth , Pankaj Gupta Subject: [PULL 34/45] i386/sev: Add support for SNP CPUID validation Date: Tue, 4 Jun 2024 08:43:58 +0200 Message-ID: <20240604064409.957105-35-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Michael Roth SEV-SNP firmware allows a special guest page to be populated with a table of guest CPUID values so that they can be validated through firmware before being loaded into encrypted guest memory where they can be used in place of hypervisor-provided values[1]. As part of SEV-SNP guest initialization, use this interface to validate the CPUID entries reported by KVM_GET_CPUID2 prior to initial guest start and populate the CPUID page reserved by OVMF with the resulting encrypted data. [1] SEV SNP Firmware ABI Specification, Rev. 0.8, 8.13.2.6 Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-21-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 164 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 162 insertions(+), 2 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index c57534fca2b..06401f0526f 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -200,6 +200,36 @@ static const char *const sev_fw_errlist[] = { #define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist) +/* doesn't expose this, so re-use the max from kvm.c */ +#define KVM_MAX_CPUID_ENTRIES 100 + +typedef struct KvmCpuidInfo { + struct kvm_cpuid2 cpuid; + struct kvm_cpuid_entry2 entries[KVM_MAX_CPUID_ENTRIES]; +} KvmCpuidInfo; + +#define SNP_CPUID_FUNCTION_MAXCOUNT 64 +#define SNP_CPUID_FUNCTION_UNKNOWN 0xFFFFFFFF + +typedef struct { + uint32_t eax_in; + uint32_t ecx_in; + uint64_t xcr0_in; + uint64_t xss_in; + uint32_t eax; + uint32_t ebx; + uint32_t ecx; + uint32_t edx; + uint64_t reserved; +} __attribute__((packed)) SnpCpuidFunc; + +typedef struct { + uint32_t count; + uint32_t reserved1; + uint64_t reserved2; + SnpCpuidFunc entries[SNP_CPUID_FUNCTION_MAXCOUNT]; +} __attribute__((packed)) SnpCpuidInfo; + static int sev_ioctl(int fd, int cmd, void *data, int *error) { @@ -788,6 +818,35 @@ out: return ret; } +static void +sev_snp_cpuid_report_mismatches(SnpCpuidInfo *old, + SnpCpuidInfo *new) +{ + size_t i; + + if (old->count != new->count) { + error_report("SEV-SNP: CPUID validation failed due to count mismatch," + "provided: %d, expected: %d", old->count, new->count); + return; + } + + for (i = 0; i < old->count; i++) { + SnpCpuidFunc *old_func, *new_func; + + old_func = &old->entries[i]; + new_func = &new->entries[i]; + + if (memcmp(old_func, new_func, sizeof(SnpCpuidFunc))) { + error_report("SEV-SNP: CPUID validation failed for function 0x%x, index: 0x%x" + "provided: eax:0x%08x, ebx: 0x%08x, ecx: 0x%08x, edx: 0x%08x" + "expected: eax:0x%08x, ebx: 0x%08x, ecx: 0x%08x, edx: 0x%08x", + old_func->eax_in, old_func->ecx_in, + old_func->eax, old_func->ebx, old_func->ecx, old_func->edx, + new_func->eax, new_func->ebx, new_func->ecx, new_func->edx); + } + } +} + static const char * snp_page_type_to_str(int type) { @@ -806,6 +865,7 @@ sev_snp_launch_update(SevSnpGuestState *sev_snp_guest, SevLaunchUpdateData *data) { int ret, fw_error; + SnpCpuidInfo snp_cpuid_info; struct kvm_sev_snp_launch_update update = {0}; if (!data->hva || !data->len) { @@ -815,6 +875,11 @@ sev_snp_launch_update(SevSnpGuestState *sev_snp_guest, return 1; } + if (data->type == KVM_SEV_SNP_PAGE_TYPE_CPUID) { + /* Save a copy for comparison in case the LAUNCH_UPDATE fails */ + memcpy(&snp_cpuid_info, data->hva, sizeof(snp_cpuid_info)); + } + update.uaddr = (__u64)(unsigned long)data->hva; update.gfn_start = data->gpa >> TARGET_PAGE_BITS; update.len = data->len; @@ -842,6 +907,11 @@ sev_snp_launch_update(SevSnpGuestState *sev_snp_guest, if (ret && ret != -EAGAIN) { error_report("SNP_LAUNCH_UPDATE ret=%d fw_error=%d '%s'", ret, fw_error, fw_error_to_str(fw_error)); + + if (data->type == KVM_SEV_SNP_PAGE_TYPE_CPUID) { + sev_snp_cpuid_report_mismatches(&snp_cpuid_info, data->hva); + error_report("SEV-SNP: failed update CPUID page"); + } break; } } @@ -1004,7 +1074,8 @@ sev_launch_finish(SevCommonState *sev_common) } static int -snp_launch_update_data(uint64_t gpa, void *hva, uint32_t len, int type) +snp_launch_update_data(uint64_t gpa, void *hva, + uint32_t len, int type) { SevLaunchUpdateData *data; @@ -1019,6 +1090,90 @@ snp_launch_update_data(uint64_t gpa, void *hva, uint32_t len, int type) return 0; } +static int +sev_snp_cpuid_info_fill(SnpCpuidInfo *snp_cpuid_info, + const KvmCpuidInfo *kvm_cpuid_info) +{ + size_t i; + + if (kvm_cpuid_info->cpuid.nent > SNP_CPUID_FUNCTION_MAXCOUNT) { + error_report("SEV-SNP: CPUID entry count (%d) exceeds max (%d)", + kvm_cpuid_info->cpuid.nent, SNP_CPUID_FUNCTION_MAXCOUNT); + return -1; + } + + memset(snp_cpuid_info, 0, sizeof(*snp_cpuid_info)); + + for (i = 0; i < kvm_cpuid_info->cpuid.nent; i++) { + const struct kvm_cpuid_entry2 *kvm_cpuid_entry; + SnpCpuidFunc *snp_cpuid_entry; + + kvm_cpuid_entry = &kvm_cpuid_info->entries[i]; + snp_cpuid_entry = &snp_cpuid_info->entries[i]; + + snp_cpuid_entry->eax_in = kvm_cpuid_entry->function; + if (kvm_cpuid_entry->flags == KVM_CPUID_FLAG_SIGNIFCANT_INDEX) { + snp_cpuid_entry->ecx_in = kvm_cpuid_entry->index; + } + snp_cpuid_entry->eax = kvm_cpuid_entry->eax; + snp_cpuid_entry->ebx = kvm_cpuid_entry->ebx; + snp_cpuid_entry->ecx = kvm_cpuid_entry->ecx; + snp_cpuid_entry->edx = kvm_cpuid_entry->edx; + + /* + * Guest kernels will calculate EBX themselves using the 0xD + * subfunctions corresponding to the individual XSAVE areas, so only + * encode the base XSAVE size in the initial leaves, corresponding + * to the initial XCR0=1 state. + */ + if (snp_cpuid_entry->eax_in == 0xD && + (snp_cpuid_entry->ecx_in == 0x0 || snp_cpuid_entry->ecx_in == 0x1)) { + snp_cpuid_entry->ebx = 0x240; + snp_cpuid_entry->xcr0_in = 1; + snp_cpuid_entry->xss_in = 0; + } + } + + snp_cpuid_info->count = i; + + return 0; +} + +static int +snp_launch_update_cpuid(uint32_t cpuid_addr, void *hva, uint32_t cpuid_len) +{ + KvmCpuidInfo kvm_cpuid_info = {0}; + SnpCpuidInfo snp_cpuid_info; + CPUState *cs = first_cpu; + int ret; + uint32_t i = 0; + + assert(sizeof(snp_cpuid_info) <= cpuid_len); + + /* get the cpuid list from KVM */ + do { + kvm_cpuid_info.cpuid.nent = ++i; + ret = kvm_vcpu_ioctl(cs, KVM_GET_CPUID2, &kvm_cpuid_info); + } while (ret == -E2BIG); + + if (ret) { + error_report("SEV-SNP: unable to query CPUID values for CPU: '%s'", + strerror(-ret)); + return 1; + } + + ret = sev_snp_cpuid_info_fill(&snp_cpuid_info, &kvm_cpuid_info); + if (ret) { + error_report("SEV-SNP: failed to generate CPUID table information"); + return 1; + } + + memcpy(hva, &snp_cpuid_info, sizeof(snp_cpuid_info)); + + return snp_launch_update_data(cpuid_addr, hva, cpuid_len, + KVM_SEV_SNP_PAGE_TYPE_CPUID); +} + static int snp_metadata_desc_to_page_type(int desc_type) { @@ -1053,7 +1208,12 @@ snp_populate_metadata_pages(SevSnpGuestState *sev_snp, exit(1); } - ret = snp_launch_update_data(desc->base, hva, desc->len, type); + if (type == KVM_SEV_SNP_PAGE_TYPE_CPUID) { + ret = snp_launch_update_cpuid(desc->base, hva, desc->len); + } else { + ret = snp_launch_update_data(desc->base, hva, desc->len, type); + } + if (ret) { error_report("%s: Failed to add metadata page gpa 0x%x+%x type %d", __func__, desc->base, desc->len, desc->type); From patchwork Tue Jun 4 06:43:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684801 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id CB534C27C52 for ; Tue, 4 Jun 2024 06:51:59 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENwm-0006MH-Dn; Tue, 04 Jun 2024 02:47:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvm-0004Yl-Qc for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:04 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvk-0007ci-SB for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483559; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8bt9EMAvb2uqqlG2EVvh0go+BINiKLQvUIsp6j0IIbQ=; b=RRLpxGdGoYEraUWprkwGdxZuSjWRN7HnG6fdhVeReie4DhKCL7m1N2Uam9gIGZ3c7wnH+Z pneZN4QAmTadgUWWRKVPPIPP4UuFzsooLGVms9EJzZizgR6EEyP+xTTfg99NPFyou/W7hy VX+7bWBQj299SWWkHHoY2r8Y/MCle7o= Received: from mail-lf1-f71.google.com (mail-lf1-f71.google.com [209.85.167.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-632-Q_ngoZHJOIyKbhFsJP2nVQ-1; Tue, 04 Jun 2024 02:45:52 -0400 X-MC-Unique: Q_ngoZHJOIyKbhFsJP2nVQ-1 Received: by mail-lf1-f71.google.com with SMTP id 2adb3069b0e04-52b950b3dc7so2001850e87.0 for ; Mon, 03 Jun 2024 23:45:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483551; x=1718088351; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8bt9EMAvb2uqqlG2EVvh0go+BINiKLQvUIsp6j0IIbQ=; b=MOVxU4gdg6NH2c6VaA/4EtynysBeTYVX+hAPV0xAhUasQQJ1HPwwiHtsyQNz2kzV69 VMJZGiYXBj1S92+GvGar4NIw8BBC4qUlZ6IkCHZsXI666FYRZ3Gb099C4mFFRQVajnaP 6Wd0Jm8k7bLbkfJdNkYPOFcXUo6uUtKI0tBngQ7NEuY1t9isW0WcYGS+3qcr0HD5+wbF AbDQ8joo17uwxaNa4U7oz3xRT1rgeLUg6DgLLcmzv0zdCMr9gyNTfDYapw7yp9FRqQ0p 8k0OIVFZOqs/Rek9XpWbIWFYrjThTjEkDRqlqM6voObY3WhoXdTkDnWpLn2E+3bWCBdv kXJw== X-Gm-Message-State: AOJu0Yzc3tWUdJGSO3w5L3RnH/gR3I+zhm5A4W4SEp2uA2pj1NvxXGMa 63C4wlNDJ5Jnu8quSiX9N9Q+vUJaPN+MvU+3HJpQsgfmqZ21Koean1kv2vyuTm9cOSZ2zIIEXKD kzvUWXhGMSF/WVz8LBtoyH06D+Du9M1hlzx8tq0lNspjgcSK2W8vMmGRILK1Zu4aa6M+aR7wYDY uDd1AIXiDoLSNmXvgOTzk6CzhZMnXPa42Rop6l X-Received: by 2002:a19:2d1b:0:b0:52b:8c88:2d73 with SMTP id 2adb3069b0e04-52b8c882e43mr7124679e87.52.1717483550811; Mon, 03 Jun 2024 23:45:50 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEbRr9D2dml/HvZIidIMaZJD6E+zQe2s0UM/Pv4pblvRIT+bBNC3JoJAXdOHQwA2XV0XBB7GA== X-Received: by 2002:a19:2d1b:0:b0:52b:8c88:2d73 with SMTP id 2adb3069b0e04-52b8c882e43mr7124665e87.52.1717483550382; Mon, 03 Jun 2024 23:45:50 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68ce1e4462sm394866466b.197.2024.06.03.23.45.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:49 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Brijesh Singh , Michael Roth , Pankaj Gupta Subject: [PULL 35/45] hw/i386/sev: Add support to encrypt BIOS when SEV-SNP is enabled Date: Tue, 4 Jun 2024 08:43:59 +0200 Message-ID: <20240604064409.957105-36-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Brijesh Singh As with SEV, an SNP guest requires that the BIOS be part of the initial encrypted/measured guest payload. Extend sev_encrypt_flash() to handle the SNP case and plumb through the GPA of the BIOS location since this is needed for SNP. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-25-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- include/hw/i386/x86.h | 2 +- target/i386/sev.h | 2 +- hw/i386/pc_sysfw.c | 12 +++++++----- hw/i386/x86-common.c | 2 +- target/i386/sev-sysemu-stub.c | 2 +- target/i386/sev.c | 5 +++-- 6 files changed, 14 insertions(+), 11 deletions(-) diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h index b006f16b8d3..d43cb3908e6 100644 --- a/include/hw/i386/x86.h +++ b/include/hw/i386/x86.h @@ -154,6 +154,6 @@ void ioapic_init_gsi(GSIState *gsi_state, Object *parent); DeviceState *ioapic_init_secondary(GSIState *gsi_state); /* pc_sysfw.c */ -void x86_firmware_configure(void *ptr, int size); +void x86_firmware_configure(hwaddr gpa, void *ptr, int size); #endif diff --git a/target/i386/sev.h b/target/i386/sev.h index cc12824dd65..858005a119c 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -59,7 +59,7 @@ uint32_t sev_get_cbit_position(void); uint32_t sev_get_reduced_phys_bits(void); bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp); -int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp); +int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp); int sev_inject_launch_secret(const char *hdr, const char *secret, uint64_t gpa, Error **errp); diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index 9b8671c4412..7cdbafc8d22 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -148,6 +148,8 @@ static void pc_system_flash_map(PCMachineState *pcms, assert(PC_MACHINE_GET_CLASS(pcms)->pci_enabled); for (i = 0; i < ARRAY_SIZE(pcms->flash); i++) { + hwaddr gpa; + system_flash = pcms->flash[i]; blk = pflash_cfi01_get_blk(system_flash); if (!blk) { @@ -177,11 +179,11 @@ static void pc_system_flash_map(PCMachineState *pcms, } total_size += size; + gpa = 0x100000000ULL - total_size; /* where the flash is mapped */ qdev_prop_set_uint32(DEVICE(system_flash), "num-blocks", size / FLASH_SECTOR_SIZE); sysbus_realize_and_unref(SYS_BUS_DEVICE(system_flash), &error_fatal); - sysbus_mmio_map(SYS_BUS_DEVICE(system_flash), 0, - 0x100000000ULL - total_size); + sysbus_mmio_map(SYS_BUS_DEVICE(system_flash), 0, gpa); if (i == 0) { flash_mem = pflash_cfi01_get_memory(system_flash); @@ -196,7 +198,7 @@ static void pc_system_flash_map(PCMachineState *pcms, if (sev_enabled()) { flash_ptr = memory_region_get_ram_ptr(flash_mem); flash_size = memory_region_size(flash_mem); - x86_firmware_configure(flash_ptr, flash_size); + x86_firmware_configure(gpa, flash_ptr, flash_size); } } } @@ -249,7 +251,7 @@ void pc_system_firmware_init(PCMachineState *pcms, pc_system_flash_cleanup_unused(pcms); } -void x86_firmware_configure(void *ptr, int size) +void x86_firmware_configure(hwaddr gpa, void *ptr, int size) { int ret; @@ -270,6 +272,6 @@ void x86_firmware_configure(void *ptr, int size) exit(1); } - sev_encrypt_flash(ptr, size, &error_fatal); + sev_encrypt_flash(gpa, ptr, size, &error_fatal); } } diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index ee9046d9a80..f41cb0a6a8b 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -1013,7 +1013,7 @@ void x86_bios_rom_init(X86MachineState *x86ms, const char *default_firmware, */ void *ptr = memory_region_get_ram_ptr(&x86ms->bios); load_image_size(filename, ptr, bios_size); - x86_firmware_configure(ptr, bios_size); + x86_firmware_configure(0x100000000ULL - bios_size, ptr, bios_size); } else { memory_region_set_readonly(&x86ms->bios, !isapc_ram_fw); ret = rom_add_file_fixed(bios_name, (uint32_t)(-bios_size), -1); diff --git a/target/i386/sev-sysemu-stub.c b/target/i386/sev-sysemu-stub.c index fc1c57c4113..d5bf886e799 100644 --- a/target/i386/sev-sysemu-stub.c +++ b/target/i386/sev-sysemu-stub.c @@ -42,7 +42,7 @@ void qmp_sev_inject_launch_secret(const char *packet_header, const char *secret, error_setg(errp, "SEV is not available in this QEMU"); } -int sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) +int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp) { g_assert_not_reached(); } diff --git a/target/i386/sev.c b/target/i386/sev.c index 06401f0526f..7b5c4b4874d 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1484,7 +1484,7 @@ static int sev_snp_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } int -sev_encrypt_flash(uint8_t *ptr, uint64_t len, Error **errp) +sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp) { SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); @@ -1841,7 +1841,8 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) /* zero the excess data so the measurement can be reliably calculated */ memset(padded_ht->padding, 0, sizeof(padded_ht->padding)); - if (sev_encrypt_flash((uint8_t *)padded_ht, sizeof(*padded_ht), errp) < 0) { + if (sev_encrypt_flash(area->base, (uint8_t *)padded_ht, + sizeof(*padded_ht), errp) < 0) { ret = false; } From patchwork Tue Jun 4 06:44:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684778 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E5BFBC25B7E for ; Tue, 4 Jun 2024 06:49:27 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENxA-0008Fe-8g; Tue, 04 Jun 2024 02:47:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvr-0004aS-7o for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:10 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvp-0007dY-8T for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483564; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=a5Ds/6wWvA9ZKtpiIlGskchmOiVTlP+K7u7gXRzsSMY=; b=hAevIqmijKdUBHeiFpTIaNICEQvHG7fif0xXxcJI2S5bYdFpxArpS+V2IVZHRCDj0oOC6g Rv0OcFgb548zPZABpT3wHWieOW1Aik4xB23Aiz6832VZ2I21SiwAeFf58xuV09V/4NaVoi 3aHGmzVZg7Lf+cGHuggllN/sK8zi6Q0= Received: from mail-lf1-f70.google.com (mail-lf1-f70.google.com [209.85.167.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-38-nshKZAjFOaCk5rqqs-k1ew-1; Tue, 04 Jun 2024 02:45:55 -0400 X-MC-Unique: nshKZAjFOaCk5rqqs-k1ew-1 Received: by mail-lf1-f70.google.com with SMTP id 2adb3069b0e04-52b9ea6e320so908563e87.0 for ; Mon, 03 Jun 2024 23:45:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483553; x=1718088353; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=a5Ds/6wWvA9ZKtpiIlGskchmOiVTlP+K7u7gXRzsSMY=; b=PLKIbfqd0L43vcQJEm6JWavhaxjNr4wkMMQHd+ehpnHlIbspLZUjGr9GrZioPIApL4 C3P/TEfONu1n5xfMeYk8hButx+ZjP4YAiBBExOnTesFK1aURH1s/FVooA+vm6TmVbrNU B0Hpkn0VQpUJUGWfV9SBhlJQvcFWHVyeomL1n+jFm6KuK934TJ/ZVa2Gkh4KIURwQwwf PBvB1la5RCoganE/FXlciiTCMPQxsOkBOKr18LkDq29n7Q73PDVQt6sF7sx75Ou1/mNR JPj0gtlQvlwK3BH1aHwHQtgnO7F2VPFIIfhOZLysOmJKEYspZI0frAijEcAaqAMq8C7/ aDaQ== X-Gm-Message-State: AOJu0Yzp5tLUXvHHb+XPLI0CUZm+UGvNTw6RbywRcjauYI329rmJAdH5 jBwoozO24FxU4OQYOX//mhNvG7LNkv5UuYqbEQAWScye9dotTOo1IQS0MZAX0EbBvHjP1iyt6LK GzEaT+7YtMTBdy2uHK3rS1eCDGG0pEMe6NpdgRYkmemGenXyZBDx/SFRC0ijh4I7cET8AwVbyEl V7Mm83pezRiaMMkGBCJh8G8FGEG2lFCtBw4mWc X-Received: by 2002:a19:a40a:0:b0:522:3551:35f5 with SMTP id 2adb3069b0e04-52b89564058mr6809315e87.14.1717483553163; Mon, 03 Jun 2024 23:45:53 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGYuP3B4KhN8yWm1LlyvQnT5a4yV7w4AR6/oWkIMPnwLZWxINl+R4RxYtkYMgS2Bxn9y3V+9Q== X-Received: by 2002:a19:a40a:0:b0:522:3551:35f5 with SMTP id 2adb3069b0e04-52b89564058mr6809304e87.14.1717483552794; Mon, 03 Jun 2024 23:45:52 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57a31bb8219sm6658159a12.22.2024.06.03.23.45.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:52 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Pankaj Gupta Subject: [PULL 36/45] i386/sev: Invoke launch_updata_data() for SEV class Date: Tue, 4 Jun 2024 08:44:00 +0200 Message-ID: <20240604064409.957105-37-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Add launch_update_data() in SevCommonStateClass and invoke as sev_launch_update_data() for SEV object. Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-26-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 7b5c4b4874d..8834cf9441a 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -74,6 +74,7 @@ struct SevCommonStateClass { /* public */ int (*launch_start)(SevCommonState *sev_common); void (*launch_finish)(SevCommonState *sev_common); + int (*launch_update_data)(SevCommonState *sev_common, hwaddr gpa, uint8_t *ptr, uint64_t len); int (*kvm_init)(ConfidentialGuestSupport *cgs, Error **errp); }; @@ -929,7 +930,7 @@ out: } static int -sev_launch_update_data(SevGuestState *sev_guest, uint8_t *addr, uint64_t len) +sev_launch_update_data(SevCommonState *sev_common, hwaddr gpa, uint8_t *addr, uint64_t len) { int ret, fw_error; struct kvm_sev_launch_update_data update; @@ -941,7 +942,7 @@ sev_launch_update_data(SevGuestState *sev_guest, uint8_t *addr, uint64_t len) update.uaddr = (uintptr_t)addr; update.len = len; trace_kvm_sev_launch_update_data(addr, len); - ret = sev_ioctl(SEV_COMMON(sev_guest)->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, + ret = sev_ioctl(sev_common->sev_fd, KVM_SEV_LAUNCH_UPDATE_DATA, &update, &fw_error); if (ret) { error_report("%s: LAUNCH_UPDATE ret=%d fw_error=%d '%s'", @@ -1487,6 +1488,7 @@ int sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp) { SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(sev_common); if (!sev_common) { return 0; @@ -1494,7 +1496,9 @@ sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp) /* if SEV is in update state then encrypt the data else do nothing */ if (sev_check_state(sev_common, SEV_STATE_LAUNCH_UPDATE)) { - int ret = sev_launch_update_data(SEV_GUEST(sev_common), ptr, len); + int ret; + + ret = klass->launch_update_data(sev_common, gpa, ptr, len); if (ret < 0) { error_setg(errp, "SEV: Failed to encrypt pflash rom"); return ret; @@ -1968,6 +1972,7 @@ sev_guest_class_init(ObjectClass *oc, void *data) klass->launch_start = sev_launch_start; klass->launch_finish = sev_launch_finish; + klass->launch_update_data = sev_launch_update_data; klass->kvm_init = sev_kvm_init; x86_klass->kvm_type = sev_kvm_type; From patchwork Tue Jun 4 06:44:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684799 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 47770C27C52 for ; Tue, 4 Jun 2024 06:51:52 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENwq-0006r9-5H; Tue, 04 Jun 2024 02:47:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvo-0004ZT-0D for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:08 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvl-0007cq-SW for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483560; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uoy71PGVhW2t6jto2xgSYpTI6VjhvKq7Bsd1mn8lHa4=; b=RzCVYqHDmleECnTIphUxBLrRA0p+k2HfYyZNrci9hF8QrgwuwfE3d9LcD/gg1oZOfVJEWd +q//v5EgRP998xbCEXzUiOVRlW3XqDIBO8ZsHcKlDdwlG/sg2+N8z7SCPOiCK0C69ZC5Z5 GYyTX7o25QWsHJuMA/cWsIz6E2sUj84= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-151-pADdj1WDPXunDkA9NjGngg-1; Tue, 04 Jun 2024 02:45:57 -0400 X-MC-Unique: pADdj1WDPXunDkA9NjGngg-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-a68b2e99c38so157928966b.0 for ; Mon, 03 Jun 2024 23:45:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483556; x=1718088356; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uoy71PGVhW2t6jto2xgSYpTI6VjhvKq7Bsd1mn8lHa4=; b=PiZzG9YqBc6MBlhG74NWQ82VKct0LsgiLwZxGaVwaImgdvWP/qKMjqsUEk2ppB7mZ5 8vOBMK69BHu+38uHsgM1SbPqfT6y2jSmoXmyB4U5UYiNE9viYT8Mm1cpNdMIkjFHIjFO Zm7TZiC1eqcVGwOdOCFtzWO9KGW8SIrqODKDq79M8/VzbwVcyjwnszJmEn1pSnLyywrK gBX4Uhe6vqkRYUs7aF6l0TJ4vdKbDQ7i4IqLMYnzZM5x6LzSVhaNi1++ZRhZFCq1yPKb jJo1gopEt8g+gai9p3yNXTWuPtaGaiMoMReZ8PDYjihAimqmp6DzMrJUniWlcj7Cu3Oi awrQ== X-Gm-Message-State: AOJu0YwOWZrytNp18rEftuPcPKkbDnIZNwxxHpiJoj/AVpFEzHIAD48O yEN06bIVG7pgm6GX9v/enyJbWnan5uT2WrF797eWUm+B0j8M/dZps5s3izOzGK57NmgXywUC+0k qcgtna1fytSSnQk1TDO/l0IMqogiInaSOYMKechU7Xyj97qzozb/1p+2sLH1VS7ognjh50qZO1T J0+Zng1AWD7DMO3JJnBQvH5vC4mjljw5xYtP0i X-Received: by 2002:a17:906:7004:b0:a68:b73d:30d0 with SMTP id a640c23a62f3a-a68b73d3801mr578750866b.6.1717483556148; Mon, 03 Jun 2024 23:45:56 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHrzs7n388rS/uiupio23/9t7AgEDPVJETZu/fipCe7jEJQtphm7G+//LzaL13SIqHSj/XkLg== X-Received: by 2002:a17:906:7004:b0:a68:b73d:30d0 with SMTP id a640c23a62f3a-a68b73d3801mr578749466b.6.1717483555809; Mon, 03 Jun 2024 23:45:55 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68fbf068fesm310585866b.26.2024.06.03.23.45.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:54 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Pankaj Gupta Subject: [PULL 37/45] i386/sev: Invoke launch_updata_data() for SNP class Date: Tue, 4 Jun 2024 08:44:01 +0200 Message-ID: <20240604064409.957105-38-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Pankaj Gupta Invoke as sev_snp_launch_update_data() for SNP object. Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-27-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index 8834cf9441a..eaf5fc6c6b5 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1091,6 +1091,15 @@ snp_launch_update_data(uint64_t gpa, void *hva, return 0; } +static int +sev_snp_launch_update_data(SevCommonState *sev_common, hwaddr gpa, + uint8_t *ptr, uint64_t len) +{ + int ret = snp_launch_update_data(gpa, ptr, len, + KVM_SEV_SNP_PAGE_TYPE_NORMAL); + return ret; +} + static int sev_snp_cpuid_info_fill(SnpCpuidInfo *snp_cpuid_info, const KvmCpuidInfo *kvm_cpuid_info) @@ -2216,6 +2225,7 @@ sev_snp_guest_class_init(ObjectClass *oc, void *data) klass->launch_start = sev_snp_launch_start; klass->launch_finish = sev_snp_launch_finish; + klass->launch_update_data = sev_snp_launch_update_data; klass->kvm_init = sev_snp_kvm_init; x86_klass->kvm_type = sev_snp_kvm_type; From patchwork Tue Jun 4 06:44:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684782 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5722FC27C52 for ; Tue, 4 Jun 2024 06:49:29 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENwe-0005zJ-RO; Tue, 04 Jun 2024 02:46:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvo-0004Zl-D3 for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:10 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvm-0007d7-LY for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483562; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LdwuL9IxTqKpuTaLb6wL129nWEIn7FeiWV2X8h+dwIU=; b=L6JDV/Bn6A1ezdHf6Q8I89SAvYcB0iQI2OfXiaTgF4FLB6X3RQu3B4avrPzrrXkOfUaOTk 9FRTweN1puDR3hQzz3FCEU2yoJXtvc7ac1v2Imc2kRKgX7uGpvRb8LeRm5zwXdVJtN6abB by3Z+NAYRoKCHSTN4hFxhwBFvu+aaJQ= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-16-BNMr9aWOOWqOweRZhr4qnQ-1; Tue, 04 Jun 2024 02:46:00 -0400 X-MC-Unique: BNMr9aWOOWqOweRZhr4qnQ-1 Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-a68c5f8f523so118549566b.2 for ; Mon, 03 Jun 2024 23:46:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483558; x=1718088358; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LdwuL9IxTqKpuTaLb6wL129nWEIn7FeiWV2X8h+dwIU=; b=jncF7IoboMFZQK36T/XMHSSpJ0hUq4dz+Sc0zC4Oe4oh6xrr8fGf+h+dczNyNQxkII 4joRhsV6JIk+YJSn81Ws9nhLv0j59hRassuOVDHBVqb7hoEu/1RJprck5CUO3yq5Kmk0 G+dsYFVS3yyNyj+S1l9JKvrVOA0bOXsMy/mQeUXaFEym1gI+sx0LAz2Kz+2sDenoXdEz iHKtHB91QnFGiyeGobIR6Bj/wd36DE2nvxW2RhUnx696u5f7SsvwI5lIDTXS1xsDagq7 6ttY1x1uneX+j88NZX3c70sSJJKkeb+CJRY5Efjl34mQJWmj5Idh2Bn1NN3/S04MXC+5 wJ7w== X-Gm-Message-State: AOJu0Yzn7W5n43O0fresD/7/SVWbxN9TdeX2LtWLmjxsY3p1FwKe2IKX W8m86yDdxLp4Yj8NzTNPUBdpGUIeHlhnbpNMWBuoqa/CE9akjbR4JgIR3hfYnROv1MfbMd44uAa bxkHN2b4jHBKJy0Hulp7PmQ5qoxwoc+Imu/c2igfjg8V90dTjcDa95UWYjhUwdyDv6TfNh5Sa1D Rymf74T5w+i9Z37m5J1BzjJUWoiOWooFjgHmmP X-Received: by 2002:a17:906:815:b0:a68:a788:edd3 with SMTP id a640c23a62f3a-a68a788ef67mr704938666b.19.1717483558572; Mon, 03 Jun 2024 23:45:58 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFnKvD8DnvKl0jhoVlIlKCemuYbWXS8NTUxZwhCxjU8n872CPR8JqtodELcmEGjs/KsEkkedQ== X-Received: by 2002:a17:906:815:b0:a68:a788:edd3 with SMTP id a640c23a62f3a-a68a788ef67mr704937266b.19.1717483558142; Mon, 03 Jun 2024 23:45:58 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68bfe84c67sm428104666b.62.2024.06.03.23.45.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:45:57 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Michael Roth , Pankaj Gupta Subject: [PULL 38/45] i386/kvm: Add KVM_EXIT_HYPERCALL handling for KVM_HC_MAP_GPA_RANGE Date: Tue, 4 Jun 2024 08:44:02 +0200 Message-ID: <20240604064409.957105-39-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Michael Roth KVM_HC_MAP_GPA_RANGE will be used to send requests to userspace for private/shared memory attribute updates requested by the guest. Implement handling for that use-case along with some basic infrastructure for enabling specific hypercall events. Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-31-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/kvm/kvm_i386.h | 1 + target/i386/kvm/kvm.c | 55 ++++++++++++++++++++++++++++++++++++ target/i386/kvm/trace-events | 1 + 3 files changed, 57 insertions(+) diff --git a/target/i386/kvm/kvm_i386.h b/target/i386/kvm/kvm_i386.h index 6b44844d95d..34fc60774b8 100644 --- a/target/i386/kvm/kvm_i386.h +++ b/target/i386/kvm/kvm_i386.h @@ -33,6 +33,7 @@ bool kvm_has_smm(void); bool kvm_enable_x2apic(void); bool kvm_hv_vpindex_settable(void); +bool kvm_enable_hypercall(uint64_t enable_mask); bool kvm_enable_sgx_provisioning(KVMState *s); bool kvm_hyperv_expand_features(X86CPU *cpu, Error **errp); diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 23a003aaa7e..ede3ef1225f 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -21,6 +21,7 @@ #include #include +#include #include "standard-headers/asm-x86/kvm_para.h" #include "hw/xen/interface/arch-x86/cpuid.h" @@ -209,6 +210,13 @@ int kvm_get_vm_type(MachineState *ms) return kvm_type; } +bool kvm_enable_hypercall(uint64_t enable_mask) +{ + KVMState *s = KVM_STATE(current_accel()); + + return !kvm_vm_enable_cap(s, KVM_CAP_EXIT_HYPERCALL, 0, enable_mask); +} + bool kvm_has_smm(void) { return kvm_vm_check_extension(kvm_state, KVM_CAP_X86_SMM); @@ -5322,6 +5330,50 @@ static bool host_supports_vmx(void) return ecx & CPUID_EXT_VMX; } +/* + * Currently the handling here only supports use of KVM_HC_MAP_GPA_RANGE + * to service guest-initiated memory attribute update requests so that + * KVM_SET_MEMORY_ATTRIBUTES can update whether or not a page should be + * backed by the private memory pool provided by guest_memfd, and as such + * is only applicable to guest_memfd-backed guests (e.g. SNP/TDX). + * + * Other other use-cases for KVM_HC_MAP_GPA_RANGE, such as for SEV live + * migration, are not implemented here currently. + * + * For the guest_memfd use-case, these exits will generally be synthesized + * by KVM based on platform-specific hypercalls, like GHCB requests in the + * case of SEV-SNP, and not issued directly within the guest though the + * KVM_HC_MAP_GPA_RANGE hypercall. So in this case, KVM_HC_MAP_GPA_RANGE is + * not actually advertised to guests via the KVM CPUID feature bit, as + * opposed to SEV live migration where it would be. Since it is unlikely the + * SEV live migration use-case would be useful for guest-memfd backed guests, + * because private/shared page tracking is already provided through other + * means, these 2 use-cases should be treated as being mutually-exclusive. + */ +static int kvm_handle_hc_map_gpa_range(struct kvm_run *run) +{ + uint64_t gpa, size, attributes; + + if (!machine_require_guest_memfd(current_machine)) + return -EINVAL; + + gpa = run->hypercall.args[0]; + size = run->hypercall.args[1] * TARGET_PAGE_SIZE; + attributes = run->hypercall.args[2]; + + trace_kvm_hc_map_gpa_range(gpa, size, attributes, run->hypercall.flags); + + return kvm_convert_memory(gpa, size, attributes & KVM_MAP_GPA_RANGE_ENCRYPTED); +} + +static int kvm_handle_hypercall(struct kvm_run *run) +{ + if (run->hypercall.nr == KVM_HC_MAP_GPA_RANGE) + return kvm_handle_hc_map_gpa_range(run); + + return -EINVAL; +} + #define VMX_INVALID_GUEST_STATE 0x80000021 int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run) @@ -5417,6 +5469,9 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run) ret = kvm_xen_handle_exit(cpu, &run->xen); break; #endif + case KVM_EXIT_HYPERCALL: + ret = kvm_handle_hypercall(run); + break; default: fprintf(stderr, "KVM: unknown exit reason %d\n", run->exit_reason); ret = -1; diff --git a/target/i386/kvm/trace-events b/target/i386/kvm/trace-events index b365a8e8e28..74a6234ff7f 100644 --- a/target/i386/kvm/trace-events +++ b/target/i386/kvm/trace-events @@ -5,6 +5,7 @@ kvm_x86_fixup_msi_error(uint32_t gsi) "VT-d failed to remap interrupt for GSI %" kvm_x86_add_msi_route(int virq) "Adding route entry for virq %d" kvm_x86_remove_msi_route(int virq) "Removing route entry for virq %d" kvm_x86_update_msi_routes(int num) "Updated %d MSI routes" +kvm_hc_map_gpa_range(uint64_t gpa, uint64_t size, uint64_t attributes, uint64_t flags) "gpa 0x%" PRIx64 " size 0x%" PRIx64 " attributes 0x%" PRIx64 " flags 0x%" PRIx64 # xen-emu.c kvm_xen_hypercall(int cpu, uint8_t cpl, uint64_t input, uint64_t a0, uint64_t a1, uint64_t a2, uint64_t ret) "xen_hypercall: cpu %d cpl %d input %" PRIu64 " a0 0x%" PRIx64 " a1 0x%" PRIx64 " a2 0x%" PRIx64" ret 0x%" PRIx64 From patchwork Tue Jun 4 06:44:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684798 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1C4FFC25B7E for ; Tue, 4 Jun 2024 06:51:39 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENwo-0006YG-1L; Tue, 04 Jun 2024 02:47:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvq-0004aQ-1b for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:10 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvo-0007dQ-FU for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483564; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PZ/rj7m6cLO7de6ZysToEWwgEswsxdau5PmjJS2f+S0=; b=WMndHJCqcmvWanL6/8rTpGTrk+cQka/zoATbDfc+w80CS+vex/69zNiJMVxQbSwWD0SFhB a5k96fgXSc1Pbp9smuEP90RH+6iOt6CZRlSCeIOI2q3hwsCiAzMuvqwyxPfcyze8elGkEA WccF1gyZyOzRqEog8LJsiErL5uGcV4M= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-408-NU2cPqtqPeCiLKnx_fBFmQ-1; Tue, 04 Jun 2024 02:46:02 -0400 X-MC-Unique: NU2cPqtqPeCiLKnx_fBFmQ-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-a6929fc5b52so45032666b.0 for ; Mon, 03 Jun 2024 23:46:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483561; x=1718088361; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PZ/rj7m6cLO7de6ZysToEWwgEswsxdau5PmjJS2f+S0=; b=ZnD/8yx2gNh1q+Lvhqe/BRhL9oAMiIrL85/nwjNNTU4NFPmSylBgwIWtW9+As8CQma NEeAM5TjGJcKQul4MmTZOkrUTzyVzeOq/3+VaHZR9qVPwgRiMhAbNUNQp6fmwdij+daB zwvHSS+So8b5JjDoX26Qochi+2iW/1DV7C3I6SLFDJx6uWjBavMGqkK/IrMSU3c3E3iw vAS9Jju6U58bsdlYVOGuMTGdG5H6ZCVGDcp9GxDX3pAE45uI7DZv34QahgQmMsGiPoat 40ZHh9BUfxkpTjchLCmFMDbuL/eJRW/6mwdG0Nu8SWTdtcSlJCcRlKPquwRbP9i2DtZ4 J2CQ== X-Gm-Message-State: AOJu0YxeBMOosKIzwVg7ovSH8rIJwfeMjX4a+cWhGh7H6zIbcbsV66Mv kpZvHASW5cOfBXO5VcNMNtRjFOBACQpFpl6SfGN3v5Rxm6ZbjyckCflxlTffIT5JNykJFv//YJG uy7n152Q0R9LvpnZi/MeJOARZKy3aX3B5QV8vSAVNq9YJC/J8QA0JjolWRBsvkO9pXPq1nA4cRU WCQ7373f7WXCPhS+qOPi+sHI7nJvqoapSGgaKt X-Received: by 2002:a17:906:644b:b0:a64:41ba:e7ee with SMTP id a640c23a62f3a-a682022b606mr799117566b.32.1717483561136; Mon, 03 Jun 2024 23:46:01 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGBuoyF8wBBN8za6E8s5M+GsmQ++6rvnfHmCsUpbdXA/437glGoC0gxH3BCcVABu0WAX/fYGA== X-Received: by 2002:a17:906:644b:b0:a64:41ba:e7ee with SMTP id a640c23a62f3a-a682022b606mr799116566b.32.1717483560807; Mon, 03 Jun 2024 23:46:00 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a6866a69125sm542203666b.118.2024.06.03.23.46.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:46:00 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Michael Roth , Pankaj Gupta Subject: [PULL 39/45] i386/sev: Enable KVM_HC_MAP_GPA_RANGE hcall for SNP guests Date: Tue, 4 Jun 2024 08:44:03 +0200 Message-ID: <20240604064409.957105-40-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Michael Roth KVM will forward GHCB page-state change requests to userspace in the form of KVM_HC_MAP_GPA_RANGE, so make sure the hypercall handling is enabled for SNP guests. Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-32-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index eaf5fc6c6b5..abb63062ac6 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -14,6 +14,7 @@ #include "qemu/osdep.h" #include +#include #include #include @@ -758,6 +759,10 @@ sev_snp_launch_start(SevCommonState *sev_common) trace_kvm_sev_snp_launch_start(start->policy, sev_snp_guest->guest_visible_workarounds); + if (!kvm_enable_hypercall(BIT_ULL(KVM_HC_MAP_GPA_RANGE))) { + return 1; + } + rc = sev_ioctl(sev_common->sev_fd, KVM_SEV_SNP_LAUNCH_START, start, &fw_error); if (rc < 0) { From patchwork Tue Jun 4 06:44:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684793 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B1B86C25B7E for ; Tue, 4 Jun 2024 06:50:21 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENws-0007Gq-KR; Tue, 04 Jun 2024 02:47:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvt-0004e7-Sa for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:13 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvs-0007dm-2D for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483567; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lo/3ikAn9rcrJ9CdEidY1h4ZPRHmzUcZc1MlRn3C+HM=; b=dLMKoaKBSiwjUQzN/0kmWV48r12F8ey8+afdLZFaiuyvhHzVn7nBuL8jAVW146tf8XrVQL ibSDLE6rpcOM77n9uc4Q4gYq78tdyjpIJ4FgMrHcy3SG+ebM+gjOvA5ZDo4qLJ7hN76JQM bt2bDUxF8B26WeT5KvghfWS3Fqkbt60= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-351-RGbMZRfQNTmZUD1tJPQQ7Q-1; Tue, 04 Jun 2024 02:46:05 -0400 X-MC-Unique: RGbMZRfQNTmZUD1tJPQQ7Q-1 Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-57a620e4a55so798621a12.0 for ; Mon, 03 Jun 2024 23:46:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483564; x=1718088364; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lo/3ikAn9rcrJ9CdEidY1h4ZPRHmzUcZc1MlRn3C+HM=; b=LMUjKFnVlObA5rPm5iEeTdy7Btz934ICa58g31CmDchVOer3KQITb/qqyrBNLO6VpY 1QCxoD1Tjzemc2kiplQwqJGMDUtgamcygC6tVOpkUAT1my76Y1Z3lsrRV566eKLSFlbN 4h35Er7KKm6S4WDI6GbJOkemJVWAj2blLpvBMCaKU+Ti1kK+UzVhgr/wppgmgaKjYz/L tNbRJF7etdNaszWQQ6q+mWQvz93Dz5QLbS9HKCSsJrAcdV5MACXCDsHGEJQltTMu+k7O d5v8UDe+ff0BS9ZxMShp+hkjrlLRUqFepK36plesOyTWhTDB80GCgsbERIMjjNzrxxFE JW4A== X-Gm-Message-State: AOJu0YzPWngzMHUH0A8SCr2mLKvm7PzcBR0r+IAlDW4F42IHYlt6dMQT f3YCy2TXfRHtrok7Dw89aQq6hq0iJsQxMPJ64uUge57tFM+J8xa8RA5ALjCRQNluHvxpbOQabhs 08+S6gQrc/iRrXfzgpOLT1nf7Vx+Z+oDN2IsDmFBVUWB4cimpmlFxNbnsueD5uUZOurVQ+wtmg/ KWsFuVuKl5nywASYOza3geR5NtvNPD95JbceyE X-Received: by 2002:a50:d757:0:b0:57a:859e:4d81 with SMTP id 4fb4d7f45d1cf-57a859e4ef8mr142344a12.28.1717483563771; Mon, 03 Jun 2024 23:46:03 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGT9XGFkiJ/jwiFpmi9hgbngzdVvSNRU38C85DmBpUM1emXzWzkn8jal5zgleqUUIrpvTmjDg== X-Received: by 2002:a50:d757:0:b0:57a:859e:4d81 with SMTP id 4fb4d7f45d1cf-57a859e4ef8mr142325a12.28.1717483563383; Mon, 03 Jun 2024 23:46:03 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57a5fff9bc0sm3356392a12.97.2024.06.03.23.46.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:46:02 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Dov Murik , Michael Roth , Pankaj Gupta Subject: [PULL 40/45] i386/sev: Extract build_kernel_loader_hashes Date: Tue, 4 Jun 2024 08:44:04 +0200 Message-ID: <20240604064409.957105-41-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Dov Murik Extract the building of the kernel hashes table out from sev_add_kernel_loader_hashes() to allow building it in other memory areas (for SNP support). No functional change intended. Signed-off-by: Dov Murik Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-22-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 102 ++++++++++++++++++++++++++-------------------- 1 file changed, 58 insertions(+), 44 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index abb63062ac6..73f94067155 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1754,45 +1754,16 @@ static const QemuUUID sev_cmdline_entry_guid = { 0x4d, 0x36, 0xab, 0x2a) }; -/* - * Add the hashes of the linux kernel/initrd/cmdline to an encrypted guest page - * which is included in SEV's initial memory measurement. - */ -bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) +static bool build_kernel_loader_hashes(PaddedSevHashTable *padded_ht, + SevKernelLoaderContext *ctx, + Error **errp) { - uint8_t *data; - SevHashTableDescriptor *area; SevHashTable *ht; - PaddedSevHashTable *padded_ht; uint8_t cmdline_hash[HASH_SIZE]; uint8_t initrd_hash[HASH_SIZE]; uint8_t kernel_hash[HASH_SIZE]; uint8_t *hashp; size_t hash_len = HASH_SIZE; - hwaddr mapped_len = sizeof(*padded_ht); - MemTxAttrs attrs = { 0 }; - bool ret = true; - SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); - - /* - * Only add the kernel hashes if the sev-guest configuration explicitly - * stated kernel-hashes=on. - */ - if (!sev_common->kernel_hashes) { - return false; - } - - if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) { - error_setg(errp, "SEV: kernel specified but guest firmware " - "has no hashes table GUID"); - return false; - } - area = (SevHashTableDescriptor *)data; - if (!area->base || area->size < sizeof(PaddedSevHashTable)) { - error_setg(errp, "SEV: guest firmware hashes table area is invalid " - "(base=0x%x size=0x%x)", area->base, area->size); - return false; - } /* * Calculate hash of kernel command-line with the terminating null byte. If @@ -1829,16 +1800,6 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) } assert(hash_len == HASH_SIZE); - /* - * Populate the hashes table in the guest's memory at the OVMF-designated - * area for the SEV hashes table - */ - padded_ht = address_space_map(&address_space_memory, area->base, - &mapped_len, true, attrs); - if (!padded_ht || mapped_len != sizeof(*padded_ht)) { - error_setg(errp, "SEV: cannot map hashes table guest memory area"); - return false; - } ht = &padded_ht->ht; ht->guid = sev_hash_table_header_guid; @@ -1859,8 +1820,61 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) /* zero the excess data so the measurement can be reliably calculated */ memset(padded_ht->padding, 0, sizeof(padded_ht->padding)); - if (sev_encrypt_flash(area->base, (uint8_t *)padded_ht, - sizeof(*padded_ht), errp) < 0) { + return true; +} + +/* + * Add the hashes of the linux kernel/initrd/cmdline to an encrypted guest page + * which is included in SEV's initial memory measurement. + */ +bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) +{ + uint8_t *data; + SevHashTableDescriptor *area; + PaddedSevHashTable *padded_ht; + hwaddr mapped_len = sizeof(*padded_ht); + MemTxAttrs attrs = { 0 }; + bool ret = true; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + + /* + * Only add the kernel hashes if the sev-guest configuration explicitly + * stated kernel-hashes=on. + */ + if (!sev_common->kernel_hashes) { + return false; + } + + if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) { + error_setg(errp, "SEV: kernel specified but guest firmware " + "has no hashes table GUID"); + return false; + } + + area = (SevHashTableDescriptor *)data; + if (!area->base || area->size < sizeof(PaddedSevHashTable)) { + error_setg(errp, "SEV: guest firmware hashes table area is invalid " + "(base=0x%x size=0x%x)", area->base, area->size); + return false; + } + + /* + * Populate the hashes table in the guest's memory at the OVMF-designated + * area for the SEV hashes table + */ + padded_ht = address_space_map(&address_space_memory, area->base, + &mapped_len, true, attrs); + if (!padded_ht || mapped_len != sizeof(*padded_ht)) { + error_setg(errp, "SEV: cannot map hashes table guest memory area"); + return false; + } + + if (build_kernel_loader_hashes(padded_ht, ctx, errp)) { + if (sev_encrypt_flash(area->base, (uint8_t *)padded_ht, + sizeof(*padded_ht), errp) < 0) { + ret = false; + } + } else { ret = false; } From patchwork Tue Jun 4 06:44:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684775 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 68DF4C41513 for ; Tue, 4 Jun 2024 06:48:57 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENwp-0006ho-6T; Tue, 04 Jun 2024 02:47:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvw-0004ho-Ti for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:14 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvv-0007eD-8I for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483570; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=l8+XYqbQTMPq1BB+V1VrxOpCjz6T/cPUIIwIMJWLfJo=; b=MDULS0ci4k1FnbAJxTswIb5ghYefWkff8eh0XbDIxl43IYhSVgEuMgRYviSIiD0PoM3wlj kZHwfKhdKRFfPvP7/XYiKRgvGRvKu9+/pttKUU7kZQywzHCRZSAV4RsVjBEOk4voixAIga cRBkMBdLIemig4lYmww/Y8Vz8u/OiTo= Received: from mail-lf1-f72.google.com (mail-lf1-f72.google.com [209.85.167.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-292-4kar3kWoOISHjfII_ZGM6g-1; Tue, 04 Jun 2024 02:46:08 -0400 X-MC-Unique: 4kar3kWoOISHjfII_ZGM6g-1 Received: by mail-lf1-f72.google.com with SMTP id 2adb3069b0e04-52b90dc90easo2143334e87.3 for ; Mon, 03 Jun 2024 23:46:08 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483566; x=1718088366; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=l8+XYqbQTMPq1BB+V1VrxOpCjz6T/cPUIIwIMJWLfJo=; b=rSiXVWtYQ26cqWqMMpAGPOECaU32OFuI5rSD1e1+LPvmd1Oo/cOeR+wzyAQy9bUXG3 y9UNgg5ERKxad5iE7S1b93UcsU+t3izh+OsdSHM/mmHaZ9C2eqOsY6VLZe8gx7QNlPs0 mGWQveHuSIXNZobolCP+krrTb25nn84RJWMUQ2IM3kmgC7wYNn9TuVtf8LaHyxdvmWVu 143vEn3WvTMFQQ//zawwjbBpMJcNfJJlqe1jaPHUPOQkijEPa+htb0hVnq0Vk0TDeDf6 HAYqTTG091wAKzHlnVbbnx6dMhX9/ZrK3cMaL96L/4g/RAsE8YYhdbq1jkiHKlYQ5FCD ffAQ== X-Gm-Message-State: AOJu0YytkD0fv9gl87cUzSI6edIqor61YWHOUcazrb1sUhpRNFf4Uqdq Ymk9y3dWqTejkTjVcmJjTvEd0NeD2HWY/TN72mCw1YUr35ORwuG/lfDj08BDb5gsQ3YQ1RJWWTX lm3eIX1wuIKg5PhPM7yK/ICBmbK8rIVmfCfejJsSWywUCDjOc+1ILy1mFn9lLMjUtaNv0vU0j6b svJvUETESpsLiGqaNWBZhXt7aBQec4fENTNPdg X-Received: by 2002:a05:6512:5d0:b0:524:652e:1696 with SMTP id 2adb3069b0e04-52b896cac46mr7672214e87.60.1717483566388; Mon, 03 Jun 2024 23:46:06 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHlywvBJ8xrnNB8E69+mDsuaQjlEWpJxczr73wqULn8rzWPA59KqjG2cvRRXfYW8qt1hmYvdQ== X-Received: by 2002:a05:6512:5d0:b0:524:652e:1696 with SMTP id 2adb3069b0e04-52b896cac46mr7672196e87.60.1717483565918; Mon, 03 Jun 2024 23:46:05 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57a31bb8247sm6720784a12.30.2024.06.03.23.46.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:46:05 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Dov Murik , Michael Roth , Pankaj Gupta Subject: [PULL 41/45] i386/sev: Reorder struct declarations Date: Tue, 4 Jun 2024 08:44:05 +0200 Message-ID: <20240604064409.957105-42-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Dov Murik Move the declaration of PaddedSevHashTable before SevSnpGuest so we can add a new such field to the latter. No functional change intended. Signed-off-by: Dov Murik Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-23-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- target/i386/sev.c | 84 +++++++++++++++++++++++------------------------ 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 73f94067155..3fce4c08ebb 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -46,6 +46,48 @@ OBJECT_DECLARE_TYPE(SevCommonState, SevCommonStateClass, SEV_COMMON) OBJECT_DECLARE_TYPE(SevGuestState, SevCommonStateClass, SEV_GUEST) OBJECT_DECLARE_TYPE(SevSnpGuestState, SevCommonStateClass, SEV_SNP_GUEST) +/* hard code sha256 digest size */ +#define HASH_SIZE 32 + +typedef struct QEMU_PACKED SevHashTableEntry { + QemuUUID guid; + uint16_t len; + uint8_t hash[HASH_SIZE]; +} SevHashTableEntry; + +typedef struct QEMU_PACKED SevHashTable { + QemuUUID guid; + uint16_t len; + SevHashTableEntry cmdline; + SevHashTableEntry initrd; + SevHashTableEntry kernel; +} SevHashTable; + +/* + * Data encrypted by sev_encrypt_flash() must be padded to a multiple of + * 16 bytes. + */ +typedef struct QEMU_PACKED PaddedSevHashTable { + SevHashTable ht; + uint8_t padding[ROUND_UP(sizeof(SevHashTable), 16) - sizeof(SevHashTable)]; +} PaddedSevHashTable; + +QEMU_BUILD_BUG_ON(sizeof(PaddedSevHashTable) % 16 != 0); + +#define SEV_INFO_BLOCK_GUID "00f771de-1a7e-4fcb-890e-68c77e2fb44e" +typedef struct __attribute__((__packed__)) SevInfoBlock { + /* SEV-ES Reset Vector Address */ + uint32_t reset_addr; +} SevInfoBlock; + +#define SEV_HASH_TABLE_RV_GUID "7255371f-3a3b-4b04-927b-1da6efa8d454" +typedef struct QEMU_PACKED SevHashTableDescriptor { + /* SEV hash table area guest address */ + uint32_t base; + /* SEV hash table area size (in bytes) */ + uint32_t size; +} SevHashTableDescriptor; + struct SevCommonState { X86ConfidentialGuest parent_obj; @@ -128,48 +170,6 @@ typedef struct SevLaunchUpdateData { static QTAILQ_HEAD(, SevLaunchUpdateData) launch_update; -#define SEV_INFO_BLOCK_GUID "00f771de-1a7e-4fcb-890e-68c77e2fb44e" -typedef struct __attribute__((__packed__)) SevInfoBlock { - /* SEV-ES Reset Vector Address */ - uint32_t reset_addr; -} SevInfoBlock; - -#define SEV_HASH_TABLE_RV_GUID "7255371f-3a3b-4b04-927b-1da6efa8d454" -typedef struct QEMU_PACKED SevHashTableDescriptor { - /* SEV hash table area guest address */ - uint32_t base; - /* SEV hash table area size (in bytes) */ - uint32_t size; -} SevHashTableDescriptor; - -/* hard code sha256 digest size */ -#define HASH_SIZE 32 - -typedef struct QEMU_PACKED SevHashTableEntry { - QemuUUID guid; - uint16_t len; - uint8_t hash[HASH_SIZE]; -} SevHashTableEntry; - -typedef struct QEMU_PACKED SevHashTable { - QemuUUID guid; - uint16_t len; - SevHashTableEntry cmdline; - SevHashTableEntry initrd; - SevHashTableEntry kernel; -} SevHashTable; - -/* - * Data encrypted by sev_encrypt_flash() must be padded to a multiple of - * 16 bytes. - */ -typedef struct QEMU_PACKED PaddedSevHashTable { - SevHashTable ht; - uint8_t padding[ROUND_UP(sizeof(SevHashTable), 16) - sizeof(SevHashTable)]; -} PaddedSevHashTable; - -QEMU_BUILD_BUG_ON(sizeof(PaddedSevHashTable) % 16 != 0); - static Error *sev_mig_blocker; static const char *const sev_fw_errlist[] = { From patchwork Tue Jun 4 06:44:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684770 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A85B8C27C53 for ; Tue, 4 Jun 2024 06:47:23 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENww-0007yi-UX; Tue, 04 Jun 2024 02:47:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvz-0004mu-Cd for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:20 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvx-0007eO-G8 for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483573; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=15EXu4vw0Eg5jrFDQ9InlnGmqmmoGShg6u4MR7nWG+Q=; b=Zzd245zuS3W1XgVsuDqCaM96Zd0C9lEXwdoF9DZXYiwzMMp7yvBokkCLlTTyDu79PETmQX YlOHZLVYIcuuFukvqv5M55TZiq7W8PrZ/r/r+EFK4LIJAPmuNDI/LE0MWhlfURDMOM4sOP 1nP42BNB18oBguzWwb9dConsLHYX0Jg= Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-368-rMUyVgbPPwOG0KqAb7n_qw-1; Tue, 04 Jun 2024 02:46:11 -0400 X-MC-Unique: rMUyVgbPPwOG0KqAb7n_qw-1 Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-a68bc8444f7so73350966b.1 for ; Mon, 03 Jun 2024 23:46:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483569; x=1718088369; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=15EXu4vw0Eg5jrFDQ9InlnGmqmmoGShg6u4MR7nWG+Q=; b=jlOuxuObOsy3+zfPE0a/FJ3Z7F4pKmuu/TiTiJt10xApTuPmuKTR9oADWRZ0jkU0// QxyRnsHUJ1XQZEgudIPobRMDcIcZxs2DxJSSJv9231T/jLrXESPrbVDtB5ueqfheXbjZ GNxj2UHqO10ti33x4JDm/23qDwAScvaJhj4QsNAnkd+LqHgx/yyKU84XOayWNLtA1iAz 4jEKc5/o2cd5JZxI7L0Ss4dJz7AzCUOiWD/rh1Z0zuGImT3/CGqjm1eclb/gBQisarjv Rtjq65TYBWsLN/tzvBcYvfDfKwGJvgejBbV4asMSGP33WUWV2ZKmXGcm6zJXV4//6IzP HEDg== X-Gm-Message-State: AOJu0Yx6WbJVya7oP8KSjJJp2v6mpU7hYIcM6754r+o4bDIgU4aTtctv sBqRGFrfg0KuCR2Welhgy558+ud3EhvOJvmBlGRMmbi8eBssLgoV2DSAfOnxrLyiI5K/bI0WMMI R0QjGe27zMUoMj1I4kSf3XQutCXPlWRY2ko0yO/nglSwmyOECwTk+v+ROvSj4m7+uhpQcZ4cJDI oX1jFLS4tf8H2kfu8ve85Kh5ByjjeolfYzLkbc X-Received: by 2002:a50:d4d6:0:b0:578:5756:1519 with SMTP id 4fb4d7f45d1cf-57a3637f588mr9668001a12.16.1717483568819; Mon, 03 Jun 2024 23:46:08 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFM3uKBIDz5fRwGVprnCP1O8rVtB2HhQyXRuCbrkg2UkFPpQ3rKOHM1RvtXVOighnzPFP158A== X-Received: by 2002:a50:d4d6:0:b0:578:5756:1519 with SMTP id 4fb4d7f45d1cf-57a3637f588mr9667985a12.16.1717483568371; Mon, 03 Jun 2024 23:46:08 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57a5dc1e2d6sm3756274a12.59.2024.06.03.23.46.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:46:07 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Dov Murik , Michael Roth , Pankaj Gupta Subject: [PULL 42/45] i386/sev: Allow measured direct kernel boot on SNP Date: Tue, 4 Jun 2024 08:44:06 +0200 Message-ID: <20240604064409.957105-43-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Dov Murik In SNP, the hashes page designated with a specific metadata entry published in AmdSev OVMF. Therefore, if the user enabled kernel hashes (for measured direct boot), QEMU should prepare the content of hashes table, and during the processing of the metadata entry it copy the content into the designated page and encrypt it. Note that in SNP (unlike SEV and SEV-ES) the measurements is done in whole 4KB pages. Therefore QEMU zeros the whole page that includes the hashes table, and fills in the kernel hashes area in that page, and then encrypts the whole page. The rest of the page is reserved for SEV launch secrets which are not usable anyway on SNP. If the user disabled kernel hashes, QEMU pre-validates the kernel hashes page as a zero page. Signed-off-by: Dov Murik Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-24-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- include/hw/i386/pc.h | 2 + target/i386/sev.c | 113 ++++++++++++++++++++++++++++++++----------- 2 files changed, 86 insertions(+), 29 deletions(-) diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index c653b8eeb24..ca7904ac2c4 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -172,6 +172,8 @@ typedef enum { SEV_DESC_TYPE_SNP_SECRETS, /* The section contains address that can be used as a CPUID page */ SEV_DESC_TYPE_CPUID, + /* The section contains the region for kernel hashes for measured direct boot */ + SEV_DESC_TYPE_SNP_KERNEL_HASHES = 0x10, } ovmf_sev_metadata_desc_type; diff --git a/target/i386/sev.c b/target/i386/sev.c index 3fce4c08ebb..004c667ac14 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -115,6 +115,10 @@ struct SevCommonStateClass { X86ConfidentialGuestClass parent_class; /* public */ + bool (*build_kernel_loader_hashes)(SevCommonState *sev_common, + SevHashTableDescriptor *area, + SevKernelLoaderContext *ctx, + Error **errp); int (*launch_start)(SevCommonState *sev_common); void (*launch_finish)(SevCommonState *sev_common); int (*launch_update_data)(SevCommonState *sev_common, hwaddr gpa, uint8_t *ptr, uint64_t len); @@ -154,6 +158,9 @@ struct SevSnpGuestState { struct kvm_sev_snp_launch_start kvm_start_conf; struct kvm_sev_snp_launch_finish kvm_finish_conf; + + uint32_t kernel_hashes_offset; + PaddedSevHashTable *kernel_hashes_data; }; #define DEFAULT_GUEST_POLICY 0x1 /* disable debug */ @@ -1189,6 +1196,23 @@ snp_launch_update_cpuid(uint32_t cpuid_addr, void *hva, uint32_t cpuid_len) KVM_SEV_SNP_PAGE_TYPE_CPUID); } +static int +snp_launch_update_kernel_hashes(SevSnpGuestState *sev_snp, uint32_t addr, + void *hva, uint32_t len) +{ + int type = KVM_SEV_SNP_PAGE_TYPE_ZERO; + if (sev_snp->parent_obj.kernel_hashes) { + assert(sev_snp->kernel_hashes_data); + assert((sev_snp->kernel_hashes_offset + + sizeof(*sev_snp->kernel_hashes_data)) <= len); + memset(hva, 0, len); + memcpy(hva + sev_snp->kernel_hashes_offset, sev_snp->kernel_hashes_data, + sizeof(*sev_snp->kernel_hashes_data)); + type = KVM_SEV_SNP_PAGE_TYPE_NORMAL; + } + return snp_launch_update_data(addr, hva, len, type); +} + static int snp_metadata_desc_to_page_type(int desc_type) { @@ -1225,6 +1249,9 @@ snp_populate_metadata_pages(SevSnpGuestState *sev_snp, if (type == KVM_SEV_SNP_PAGE_TYPE_CPUID) { ret = snp_launch_update_cpuid(desc->base, hva, desc->len); + } else if (desc->type == SEV_DESC_TYPE_SNP_KERNEL_HASHES) { + ret = snp_launch_update_kernel_hashes(sev_snp, desc->base, hva, + desc->len); } else { ret = snp_launch_update_data(desc->base, hva, desc->len, type); } @@ -1823,40 +1850,31 @@ static bool build_kernel_loader_hashes(PaddedSevHashTable *padded_ht, return true; } -/* - * Add the hashes of the linux kernel/initrd/cmdline to an encrypted guest page - * which is included in SEV's initial memory measurement. - */ -bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) +static bool sev_snp_build_kernel_loader_hashes(SevCommonState *sev_common, + SevHashTableDescriptor *area, + SevKernelLoaderContext *ctx, + Error **errp) +{ + /* + * SNP: Populate the hashes table in an area that later in + * snp_launch_update_kernel_hashes() will be copied to the guest memory + * and encrypted. + */ + SevSnpGuestState *sev_snp_guest = SEV_SNP_GUEST(sev_common); + sev_snp_guest->kernel_hashes_offset = area->base & ~TARGET_PAGE_MASK; + sev_snp_guest->kernel_hashes_data = g_new0(PaddedSevHashTable, 1); + return build_kernel_loader_hashes(sev_snp_guest->kernel_hashes_data, ctx, errp); +} + +static bool sev_build_kernel_loader_hashes(SevCommonState *sev_common, + SevHashTableDescriptor *area, + SevKernelLoaderContext *ctx, + Error **errp) { - uint8_t *data; - SevHashTableDescriptor *area; PaddedSevHashTable *padded_ht; hwaddr mapped_len = sizeof(*padded_ht); MemTxAttrs attrs = { 0 }; bool ret = true; - SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); - - /* - * Only add the kernel hashes if the sev-guest configuration explicitly - * stated kernel-hashes=on. - */ - if (!sev_common->kernel_hashes) { - return false; - } - - if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) { - error_setg(errp, "SEV: kernel specified but guest firmware " - "has no hashes table GUID"); - return false; - } - - area = (SevHashTableDescriptor *)data; - if (!area->base || area->size < sizeof(PaddedSevHashTable)) { - error_setg(errp, "SEV: guest firmware hashes table area is invalid " - "(base=0x%x size=0x%x)", area->base, area->size); - return false; - } /* * Populate the hashes table in the guest's memory at the OVMF-designated @@ -1884,6 +1902,41 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) return ret; } +/* + * Add the hashes of the linux kernel/initrd/cmdline to an encrypted guest page + * which is included in SEV's initial memory measurement. + */ +bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp) +{ + uint8_t *data; + SevHashTableDescriptor *area; + SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs); + SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(sev_common); + + /* + * Only add the kernel hashes if the sev-guest configuration explicitly + * stated kernel-hashes=on. + */ + if (!sev_common->kernel_hashes) { + return false; + } + + if (!pc_system_ovmf_table_find(SEV_HASH_TABLE_RV_GUID, &data, NULL)) { + error_setg(errp, "SEV: kernel specified but guest firmware " + "has no hashes table GUID"); + return false; + } + + area = (SevHashTableDescriptor *)data; + if (!area->base || area->size < sizeof(PaddedSevHashTable)) { + error_setg(errp, "SEV: guest firmware hashes table area is invalid " + "(base=0x%x size=0x%x)", area->base, area->size); + return false; + } + + return klass->build_kernel_loader_hashes(sev_common, area, ctx, errp); +} + static char * sev_common_get_sev_device(Object *obj, Error **errp) { @@ -1998,6 +2051,7 @@ sev_guest_class_init(ObjectClass *oc, void *data) SevCommonStateClass *klass = SEV_COMMON_CLASS(oc); X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); + klass->build_kernel_loader_hashes = sev_build_kernel_loader_hashes; klass->launch_start = sev_launch_start; klass->launch_finish = sev_launch_finish; klass->launch_update_data = sev_launch_update_data; @@ -2242,6 +2296,7 @@ sev_snp_guest_class_init(ObjectClass *oc, void *data) SevCommonStateClass *klass = SEV_COMMON_CLASS(oc); X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); + klass->build_kernel_loader_hashes = sev_snp_build_kernel_loader_hashes; klass->launch_start = sev_snp_launch_start; klass->launch_finish = sev_snp_launch_finish; klass->launch_update_data = sev_snp_launch_update_data; From patchwork Tue Jun 4 06:44:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684795 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 760C1C27C52 for ; Tue, 4 Jun 2024 06:50:27 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENwq-0006u2-Ik; Tue, 04 Jun 2024 02:47:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENw1-0004qh-BW for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:20 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENvz-0007em-TW for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483575; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Uq2q9uxyAktwdcKYIxqUTltXlnnz0rVwX7EaTrp/tnM=; b=N3eQ/XqJ+KVCvu4leU2wabvzIm5RMw0dsR8+Mo6T4tdgTwfpuFQecU4m/gDNhzlPjJq7Wc hUwIi17L5uHkkPADEhppLBNkC+lGt9ZDiOOzFbZtg4Hy/VEo5aVVzcfPwCxDS/GXvXtY7C ++j1w0NRtoe3vZE9x7UrsGkoRDgzQuk= Received: from mail-lj1-f199.google.com (mail-lj1-f199.google.com [209.85.208.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-319-HJ0qzlGrO9eBzsKR8cYQOg-1; Tue, 04 Jun 2024 02:46:14 -0400 X-MC-Unique: HJ0qzlGrO9eBzsKR8cYQOg-1 Received: by mail-lj1-f199.google.com with SMTP id 38308e7fff4ca-2eaa6f40e15so19454341fa.2 for ; Mon, 03 Jun 2024 23:46:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483572; x=1718088372; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Uq2q9uxyAktwdcKYIxqUTltXlnnz0rVwX7EaTrp/tnM=; b=swcl/1v8h53gRpVlBaP4zbLIhxAxGVsV4RL0sU+lD5KRZkOKbVINTiI2uX/AqZSCFZ 2AkBMIn4fTC2y3KWm9NWJini5uDxHRJfrcQ+Blt23rLEjQncy934cKQzmVNMV/3ZT/Tm 7VX7qGFUrukoMpQSx8qwsP+ddedrrj5yynfYq8AfUa2snWKhsjNEqbYry/U6uz6xn8GF 0OaxPwJYx/Mq0Z5C8sjZ7xUFe7kQHRg3tgqmNDk24ZOF18ErZIrDZgyyhmE5+iU3nPJa P93VMBjXfzt9SdwjqCeejZqnzZz0FEEjp4M2mMG5fnBBoJu390XaEHV56z282idTsoMi 5twA== X-Gm-Message-State: AOJu0Yyqc0TjOhwuLfYLtWVL5UvlgrMtCoWsD5xRSoe9xz+rMmBu4AWy 8iDW4rhM8cfDo85rW2D8JdfXNW4LrLTqfSZRj5TwcL8TZUjv5Oxm7IwJ7rImPjcZyZ13kfxKqPf yq7RJn3HHHxWEdSVTFcehhsA4YTNW/GrtKF7kMnAt8+yc/ssIU6Bnytc7CYHK9p4RrLTfO/bUG4 xExTJA1MQavKT/ZWuQIv4tPJckKG/tHzgjUSUo X-Received: by 2002:a2e:9d88:0:b0:2e1:9c57:195a with SMTP id 38308e7fff4ca-2ea951de27fmr90810561fa.32.1717483572081; Mon, 03 Jun 2024 23:46:12 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFPVSJacDWONa1Gd79Mcp5QwQL4/P46iBjL4ndcvKW/Tw1hXRofs0kZFlHIRgu0Ntnp0JDTUg== X-Received: by 2002:a2e:9d88:0:b0:2e1:9c57:195a with SMTP id 38308e7fff4ca-2ea951de27fmr90810401fa.32.1717483571710; Mon, 03 Jun 2024 23:46:11 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a67ea586910sm582398766b.113.2024.06.03.23.46.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:46:10 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Xiaoyao Li , Michael Roth , Pankaj Gupta Subject: [PULL 43/45] memory: Introduce memory_region_init_ram_guest_memfd() Date: Tue, 4 Jun 2024 08:44:07 +0200 Message-ID: <20240604064409.957105-44-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Xiaoyao Li Introduce memory_region_init_ram_guest_memfd() to allocate private guset memfd on the MemoryRegion initialization. It's for the use case of TDVF, which must be private on TDX case. Signed-off-by: Xiaoyao Li Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-4-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- include/exec/memory.h | 6 ++++++ system/memory.c | 24 ++++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/include/exec/memory.h b/include/exec/memory.h index 9cdd64e9c69..1be58f694c9 100644 --- a/include/exec/memory.h +++ b/include/exec/memory.h @@ -1638,6 +1638,12 @@ bool memory_region_init_ram(MemoryRegion *mr, uint64_t size, Error **errp); +bool memory_region_init_ram_guest_memfd(MemoryRegion *mr, + Object *owner, + const char *name, + uint64_t size, + Error **errp); + /** * memory_region_init_rom: Initialize a ROM memory region. * diff --git a/system/memory.c b/system/memory.c index 9540caa8a1f..74cd73ebc78 100644 --- a/system/memory.c +++ b/system/memory.c @@ -3649,6 +3649,30 @@ bool memory_region_init_ram(MemoryRegion *mr, return true; } +bool memory_region_init_ram_guest_memfd(MemoryRegion *mr, + Object *owner, + const char *name, + uint64_t size, + Error **errp) +{ + DeviceState *owner_dev; + + if (!memory_region_init_ram_flags_nomigrate(mr, owner, name, size, + RAM_GUEST_MEMFD, errp)) { + return false; + } + /* This will assert if owner is neither NULL nor a DeviceState. + * We only want the owner here for the purposes of defining a + * unique name for migration. TODO: Ideally we should implement + * a naming scheme for Objects which are not DeviceStates, in + * which case we can relax this restriction. + */ + owner_dev = DEVICE(owner); + vmstate_register_ram(mr, owner_dev); + + return true; +} + bool memory_region_init_rom(MemoryRegion *mr, Object *owner, const char *name, From patchwork Tue Jun 4 06:44:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684779 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 16D49C27C53 for ; Tue, 4 Jun 2024 06:49:29 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENxZ-0000SE-DD; Tue, 04 Jun 2024 02:47:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENw5-0004vP-B4 for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:22 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENw2-0007ex-V5 for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483578; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/X80aa+kiFbSRDqQh6cNU/i3xHWccd9vQvylfLP0Pq4=; b=DypvTpz4R+ESuz7aFqQIKi5u/UV3ezgwsUSUZNO51IlCXWmr6card/xH0cAHKs1zwKnzk8 QoqPmLn/mq2uzOkBVhUGuCah/BQvDvukv9nT0IfoshtfQQyX8/k0E1yF9gm/dHzdfaCW9M 7W34GtyrrNxQteeM42j1zC2TyCRglkA= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-128-H3k53xJmOAiZb3DkpB1-WQ-1; Tue, 04 Jun 2024 02:46:16 -0400 X-MC-Unique: H3k53xJmOAiZb3DkpB1-WQ-1 Received: by mail-ed1-f71.google.com with SMTP id 4fb4d7f45d1cf-579c69260bbso1661620a12.0 for ; Mon, 03 Jun 2024 23:46:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483574; x=1718088374; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/X80aa+kiFbSRDqQh6cNU/i3xHWccd9vQvylfLP0Pq4=; b=nNpJm7a+DZS0hVUGPyKHC7BWpuhtNgPDjuQAvZUro8qiUKlB6btMcuhAOXlQyAAz13 6n3lVtsDJAoZkt0r+Lx7zJqwPb49ZB/dRz58pBkn84kiZ75sCi83QanNmp7l67bMqJLx 0x7kF4L+DQXpiaElTQfiRcFvP9FCYxtr2MNlh2G8mqr+7o+6B9svCKAHxgm9hnmx7v2W dXCG7CbyuwNNBsYvvDRBCL6w2PggnatWP0gTu131gi6V9NBKh2BAcPU/byk4gNzCCIhY BEIqQKQW2m7/UUhuaDl+0RWkBbv+0zo/cOwjAEMGXqtpEhtEA1L3nafWmMWN0JwS3Hln Dzmw== X-Gm-Message-State: AOJu0YzuHkcXSD5xS9EPQ77ysWYTVYiy4n0e3tn63Dy95G2vJjCuF+IA iObQkklk+qyE8rJyT0Ko5eef7TL1ILKX6T0Rtai93Kw6u9C2QlstzpSl1SWLVXWHL1bcB/57YSf HaNKs8qQlF0Shf3S+zf8RnlDfVJZN+NxoSbCQQeg9JNrit1XgZvDDSWeCaRsQ77l+npZDyEaWib YP7PvTZk/rfAg60+bFBBHyquddhnPnkfngRITD X-Received: by 2002:a17:906:3285:b0:a67:403a:4bf7 with SMTP id a640c23a62f3a-a682022f933mr897204766b.26.1717483574707; Mon, 03 Jun 2024 23:46:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEFhZZ3IAIa1VY2AK974K/c76EJgSIV6kg8wrA+8gChW6UPanqzZKiaAGTjXpHifjvpPnKmBA== X-Received: by 2002:a17:906:3285:b0:a67:403a:4bf7 with SMTP id a640c23a62f3a-a682022f933mr897203666b.26.1717483574389; Mon, 03 Jun 2024 23:46:14 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a68b5e8b0fasm441448066b.214.2024.06.03.23.46.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:46:14 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Michael Roth , Pankaj Gupta Subject: [PULL 44/45] hw/i386/sev: Use guest_memfd for legacy ROMs Date: Tue, 4 Jun 2024 08:44:08 +0200 Message-ID: <20240604064409.957105-45-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.133.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Michael Roth Current SNP guest kernels will attempt to access these regions with with C-bit set, so guest_memfd is needed to handle that. Otherwise, kvm_convert_memory() will fail when the guest kernel tries to access it and QEMU attempts to call KVM_SET_MEMORY_ATTRIBUTES to set these ranges to private. Whether guests should actually try to access ROM regions in this way (or need to deal with legacy ROM regions at all), is a separate issue to be addressed on kernel side, but current SNP guest kernels will exhibit this behavior and so this handling is needed to allow QEMU to continue running existing SNP guest kernels. Signed-off-by: Michael Roth [pankaj: Added sev_snp_enabled() check] Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-28-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- hw/i386/pc.c | 14 ++++++++++---- hw/i386/pc_sysfw.c | 19 +++++++++++++------ 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 7b638da7aaa..0469af00a78 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -62,6 +62,7 @@ #include "hw/mem/memory-device.h" #include "e820_memory_layout.h" #include "trace.h" +#include "sev.h" #include CONFIG_DEVICES #ifdef CONFIG_XEN_EMU @@ -1022,10 +1023,15 @@ void pc_memory_init(PCMachineState *pcms, pc_system_firmware_init(pcms, rom_memory); option_rom_mr = g_malloc(sizeof(*option_rom_mr)); - memory_region_init_ram(option_rom_mr, NULL, "pc.rom", PC_ROM_SIZE, - &error_fatal); - if (pcmc->pci_enabled) { - memory_region_set_readonly(option_rom_mr, true); + if (machine_require_guest_memfd(machine)) { + memory_region_init_ram_guest_memfd(option_rom_mr, NULL, "pc.rom", + PC_ROM_SIZE, &error_fatal); + } else { + memory_region_init_ram(option_rom_mr, NULL, "pc.rom", PC_ROM_SIZE, + &error_fatal); + if (pcmc->pci_enabled) { + memory_region_set_readonly(option_rom_mr, true); + } } memory_region_add_subregion_overlap(rom_memory, PC_ROM_MIN_VGA, diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index 7cdbafc8d22..ef80281d28b 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -40,8 +40,8 @@ #define FLASH_SECTOR_SIZE 4096 -static void pc_isa_bios_init(MemoryRegion *isa_bios, MemoryRegion *rom_memory, - MemoryRegion *flash_mem) +static void pc_isa_bios_init(PCMachineState *pcms, MemoryRegion *isa_bios, + MemoryRegion *rom_memory, MemoryRegion *flash_mem) { int isa_bios_size; uint64_t flash_size; @@ -51,8 +51,13 @@ static void pc_isa_bios_init(MemoryRegion *isa_bios, MemoryRegion *rom_memory, /* map the last 128KB of the BIOS in ISA space */ isa_bios_size = MIN(flash_size, 128 * KiB); - memory_region_init_ram(isa_bios, NULL, "isa-bios", isa_bios_size, - &error_fatal); + if (machine_require_guest_memfd(MACHINE(pcms))) { + memory_region_init_ram_guest_memfd(isa_bios, NULL, "isa-bios", + isa_bios_size, &error_fatal); + } else { + memory_region_init_ram(isa_bios, NULL, "isa-bios", isa_bios_size, + &error_fatal); + } memory_region_add_subregion_overlap(rom_memory, 0x100000 - isa_bios_size, isa_bios, @@ -65,7 +70,9 @@ static void pc_isa_bios_init(MemoryRegion *isa_bios, MemoryRegion *rom_memory, ((uint8_t*)flash_ptr) + (flash_size - isa_bios_size), isa_bios_size); - memory_region_set_readonly(isa_bios, true); + if (!machine_require_guest_memfd(current_machine)) { + memory_region_set_readonly(isa_bios, true); + } } static PFlashCFI01 *pc_pflash_create(PCMachineState *pcms, @@ -191,7 +198,7 @@ static void pc_system_flash_map(PCMachineState *pcms, x86_isa_bios_init(&x86ms->isa_bios, rom_memory, flash_mem, true); } else { - pc_isa_bios_init(&x86ms->isa_bios, rom_memory, flash_mem); + pc_isa_bios_init(pcms, &x86ms->isa_bios, rom_memory, flash_mem); } /* Encrypt the pflash boot ROM */ From patchwork Tue Jun 4 06:44:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Bonzini X-Patchwork-Id: 13684794 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 180BAC27C52 for ; Tue, 4 Jun 2024 06:50:23 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sENx1-000844-O7; Tue, 04 Jun 2024 02:47:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENw8-00054w-MK for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:29 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sENw7-0007fN-6N for qemu-devel@nongnu.org; Tue, 04 Jun 2024 02:46:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717483582; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mkSjX6Tgf/hIveuNh1PWp+shd4Akyf2hePPEwewEYlA=; b=Hqt9+IPM1Rqld738jTOps5J3IwFd8yYD9nLRLM26hg6zOTC5k7aqc2H2tw6s322yTl41su 182ZhmeECKaNCGiLNfyoZ0IU2CrdIRBIuX5Cq9lvQ3AsZZWmHLby71wbnHhWR2vGND12K/ tpZvuqAKEjLnoBEr43PpC+M/R5ssJEI= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-465-mY1NHqpOOjOQCvhreFYZfw-1; Tue, 04 Jun 2024 02:46:18 -0400 X-MC-Unique: mY1NHqpOOjOQCvhreFYZfw-1 Received: by mail-ej1-f69.google.com with SMTP id a640c23a62f3a-a68c70ab413so247045766b.1 for ; Mon, 03 Jun 2024 23:46:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717483577; x=1718088377; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mkSjX6Tgf/hIveuNh1PWp+shd4Akyf2hePPEwewEYlA=; b=GLQQE2uVtpsj5T6ml01bQkJu1eRU84TbQnKGesjnAGYHjC8WZqmac1oTCoTAD46PZ5 eJcNxr0VTmkxe6ASHbJyWT3eIB88tvu/5zH4t0VK4ZPiZniuna+yr66o9mpkktWUQlFg hVm30iS4UhkWluVh/qeE4QQ+XfFPtEnTnLyKouquOELk7HcT6qtNtt/Fx8QG1n8l/X/j aCDoPZDtvalcayfM+mlQVvje1+U8CmZEc1JKi3UXZfovqbs88JSGznZb8wrPAHE/ZaKg cwfI0hCg6FWakMV6x9KgFuT5RXSpnChBTZIwtPEgBO9lVYQdcXHSAtbDPkgRUMCKR7m5 7Dsg== X-Gm-Message-State: AOJu0Yws6T9bU61wBZySOT2ai+wr6BDP+udhPSv3+D2V7Jlc7s7V4raY dkyqaKYbBHeAqnRnYnvTAKSI9ysT//+DG7FJzbmxoDolH1eo0VMax66TgmI9aqDRKdR9pSByJt9 f5VGFdLPT+So7bY4Utcr+vPTGV0qnys0TE5xm+FQVAEazcrhP7E7JKhFRzN336jkHtFfedzmA11 NKxqs6cUBKRkKvdw5XdZg1TqjNh/nlLaawNdz2 X-Received: by 2002:a17:906:3995:b0:a68:c375:bc03 with SMTP id a640c23a62f3a-a695457434dmr116862866b.38.1717483577197; Mon, 03 Jun 2024 23:46:17 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF/ad+iRFFwYT815k1/vRouNlMS1mIqD7fCb6m/0C1rgr/04nT38pGTAdd6GPfXz1R1LpzARA== X-Received: by 2002:a17:906:3995:b0:a68:c375:bc03 with SMTP id a640c23a62f3a-a695457434dmr116862066b.38.1717483576853; Mon, 03 Jun 2024 23:46:16 -0700 (PDT) Received: from avogadro.local ([151.81.115.112]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a691a8f98ffsm201174266b.123.2024.06.03.23.46.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Jun 2024 23:46:16 -0700 (PDT) From: Paolo Bonzini To: qemu-devel@nongnu.org Cc: Michael Roth , Pankaj Gupta Subject: [PULL 45/45] hw/i386: Add support for loading BIOS using guest_memfd Date: Tue, 4 Jun 2024 08:44:09 +0200 Message-ID: <20240604064409.957105-46-pbonzini@redhat.com> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com> References: <20240604064409.957105-1-pbonzini@redhat.com> MIME-Version: 1.0 Received-SPF: pass client-ip=170.10.129.124; envelope-from=pbonzini@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Michael Roth When guest_memfd is enabled, the BIOS is generally part of the initial encrypted guest image and will be accessed as private guest memory. Add the necessary changes to set up the associated RAM region with a guest_memfd backend to allow for this. Current support centers around using -bios to load the BIOS data. Support for loading the BIOS via pflash requires additional enablement since those interfaces rely on the use of ROM memory regions which make use of the KVM_MEM_READONLY memslot flag, which is not supported for guest_memfd-backed memslots. Signed-off-by: Michael Roth Signed-off-by: Pankaj Gupta Message-ID: <20240530111643.1091816-29-pankaj.gupta@amd.com> Signed-off-by: Paolo Bonzini --- hw/i386/x86-common.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index f41cb0a6a8b..c0c66a0eb52 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -1001,8 +1001,13 @@ void x86_bios_rom_init(X86MachineState *x86ms, const char *default_firmware, (bios_size % 65536) != 0) { goto bios_error; } - memory_region_init_ram(&x86ms->bios, NULL, "pc.bios", bios_size, - &error_fatal); + if (machine_require_guest_memfd(MACHINE(x86ms))) { + memory_region_init_ram_guest_memfd(&x86ms->bios, NULL, "pc.bios", + bios_size, &error_fatal); + } else { + memory_region_init_ram(&x86ms->bios, NULL, "pc.bios", + bios_size, &error_fatal); + } if (sev_enabled()) { /* * The concept of a "reset" simply doesn't exist for @@ -1023,9 +1028,11 @@ void x86_bios_rom_init(X86MachineState *x86ms, const char *default_firmware, } g_free(filename); - /* map the last 128KB of the BIOS in ISA space */ - x86_isa_bios_init(&x86ms->isa_bios, rom_memory, &x86ms->bios, - !isapc_ram_fw); + if (!machine_require_guest_memfd(MACHINE(x86ms))) { + /* map the last 128KB of the BIOS in ISA space */ + x86_isa_bios_init(&x86ms->isa_bios, rom_memory, &x86ms->bios, + !isapc_ram_fw); + } /* map all the bios at the top of memory */ memory_region_add_subregion(rom_memory,