From patchwork Fri Jan 24 13:19:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949391 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A80824206B for ; Fri, 24 Jan 2025 13:37:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725827; cv=none; b=XrVJxvYq2qZtdBz1F/5+xbgMtsDLszwV9zLd+nBfzIKiodqx+Oqb24bz6eCVN0smbp0jP1FFloca03dmp3W79Q88ij1aE8PLp512rmYsLZeMuOGFdsTUkRfh3iHJyNOAw2idOEAUoBv3JlgR1QAcvbbbXJ/RqxmGVs5WxzaRUuI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725827; c=relaxed/simple; bh=k4KI7JqdKXwSaj6F8A12dq8VgP78I35tk6J67g1GTA8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=fhMvn1WzGb8A9Gu5je0MxCEbJh6ktzps6Z10w98WTqDFdlIqR+YxuqsH9r4FEF+3KzMNY4BgYbcI8b9sa6muCRDp4U7W37pMFwxDDWzAIV6WanJjCYHV06TX+5jqfjZwxrq5v7hWw9UrLYAnwfwBanHLvyAuQo7BBEva3snOYYs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=dh3F/s+O; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="dh3F/s+O" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725826; x=1769261826; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=k4KI7JqdKXwSaj6F8A12dq8VgP78I35tk6J67g1GTA8=; b=dh3F/s+OU6N1hiZiwmLpwEOtIuKlp4UQDaRSuDJwd7FCN/ODLmXfnCYu rjLOm8MR1k0KtT3r9kyxP2SXUohzoi2XmzAbWRt6wW37sHW5sTs3xlQ+t 5rUgIEpaekv9RDvyd+Id9BiKeKNGlPc9XNw1CIz+lIpUsve/GWmODcvyp mSBsX6E/x8ulj8BwTipOblyB9Lk1O4o3z/Qg6BnZLOus1uZHwUPEycTDO 0sBStf3WyQya/ku7nZbAthSZQ475ficj/tmTPHVcquNs7Jva+NDXyYTz9 y0NxL1SQfWltTs38mvxFIikXNmbXUZ9QwNJ0Rbu161TzHimELOSy/TfMj w==; X-CSE-ConnectionGUID: wKbnASmYS7mUeLBbIMAOug== X-CSE-MsgGUID: ra9YFJpqQJi7IMR0HDVj/A== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246176" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246176" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:37:06 -0800 X-CSE-ConnectionGUID: nT6XmjO6Th61FL7urozFDw== X-CSE-MsgGUID: lcLbrOt9SHyKhDI8nyXAlg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804098" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:37:01 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 01/52] *** HACK *** linux-headers: Update headers to pull in TDX API changes Date: Fri, 24 Jan 2025 08:19:57 -0500 Message-Id: <20250124132048.3229049-2-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Pull in recent TDX updates, which are not backwards compatible. It's just to make this series runnable. It will be updated by script scripts/update-linux-headers.sh once TDX support is upstreamed in linux kernel Signed-off-by: Xiaoyao Li --- linux-headers/asm-x86/kvm.h | 70 +++++++++++++++++++++++++++++++++++++ linux-headers/linux/kvm.h | 1 + 2 files changed, 71 insertions(+) diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h index 96589490c426..baca2d479365 100644 --- a/linux-headers/asm-x86/kvm.h +++ b/linux-headers/asm-x86/kvm.h @@ -923,5 +923,75 @@ struct kvm_hyperv_eventfd { #define KVM_X86_SEV_VM 2 #define KVM_X86_SEV_ES_VM 3 #define KVM_X86_SNP_VM 4 +#define KVM_X86_TDX_VM 5 + +/* Trust Domain eXtension sub-ioctl() commands. */ +enum kvm_tdx_cmd_id { + KVM_TDX_CAPABILITIES = 0, + KVM_TDX_INIT_VM, + KVM_TDX_INIT_VCPU, + KVM_TDX_INIT_MEM_REGION, + KVM_TDX_FINALIZE_VM, + KVM_TDX_GET_CPUID, + + KVM_TDX_CMD_NR_MAX, +}; + +struct kvm_tdx_cmd { + /* enum kvm_tdx_cmd_id */ + __u32 id; + /* flags for sub-commend. If sub-command doesn't use this, set zero. */ + __u32 flags; + /* + * data for each sub-command. An immediate or a pointer to the actual + * data in process virtual address. If sub-command doesn't use it, + * set zero. + */ + __u64 data; + /* + * Auxiliary error code. The sub-command may return TDX SEAMCALL + * status code in addition to -Exxx. + * Defined for consistency with struct kvm_sev_cmd. + */ + __u64 hw_error; +}; + +struct kvm_tdx_capabilities { + __u64 supported_attrs; + __u64 supported_xfam; + __u64 reserved[254]; + struct kvm_cpuid2 cpuid; +}; + +struct kvm_tdx_init_vm { + __u64 attributes; + __u64 xfam; + __u64 mrconfigid[6]; /* sha384 digest */ + __u64 mrowner[6]; /* sha384 digest */ + __u64 mrownerconfig[6]; /* sha384 digest */ + + /* The total space for TD_PARAMS before the CPUIDs is 256 bytes */ + __u64 reserved[12]; + + /* + * Call KVM_TDX_INIT_VM before vcpu creation, thus before + * KVM_SET_CPUID2. + * This configuration supersedes KVM_SET_CPUID2s for VCPUs because the + * TDX module directly virtualizes those CPUIDs without VMM. The user + * space VMM, e.g. qemu, should make KVM_SET_CPUID2 consistent with + * those values. If it doesn't, KVM may have wrong idea of vCPUIDs of + * the guest, and KVM may wrongly emulate CPUIDs or MSRs that the TDX + * module doesn't virtualize. + */ + struct kvm_cpuid2 cpuid; +}; + +#define KVM_TDX_MEASURE_MEMORY_REGION _BITULL(0) + +struct kvm_tdx_init_mem_region { + __u64 source_addr; + __u64 gpa; + __u64 nr_pages; +}; #endif /* _ASM_X86_KVM_H */ diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h index 3bcd4eabe324..b325122505b5 100644 --- a/linux-headers/linux/kvm.h +++ b/linux-headers/linux/kvm.h @@ -369,6 +369,7 @@ struct kvm_run { #define KVM_SYSTEM_EVENT_WAKEUP 4 #define KVM_SYSTEM_EVENT_SUSPEND 5 #define KVM_SYSTEM_EVENT_SEV_TERM 6 +#define KVM_SYSTEM_EVENT_TDX_FATAL 7 __u32 type; __u32 ndata; union { From patchwork Fri Jan 24 13:19:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949392 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8B99C288CC for ; Fri, 24 Jan 2025 13:37:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725831; cv=none; b=mMc+kKaaq3LgQ8DkC/JAMqoz+OpQmjG7ZiT0RgVDQeMG19HmE2dAGej5LaT320c5V09hBm1dv2Qu7SNftOcLZpr0Xck0DGPCqeO1Gzs4MjLgffuxelm2MqTuuNPKYfcLQD+YmeVeYpLC8g8ZIfnoxu/lUJul2VUtFbY0+OKKaYc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725831; c=relaxed/simple; bh=xzih++adOsaHe0umhusAizXMSAWafcak7ZcTqRe6TaA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=GbJ0Y8dHBehw4+dtS6CGSAzs+ncbwm/e9NBNg1+4byqImLKZ5MAYpmRXFmCVEb9nYF4AsrLu7DNUfWIfUVi0J9YeaWJlc8KP3jk2PICBClCyrIoXqpdN916eVCpSknbmZ7Ge6AOAeBUTsZ/eRzgIiYFWCvgPhZ1cKoaC9fFujbM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=RfwUMHPm; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="RfwUMHPm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725830; x=1769261830; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=xzih++adOsaHe0umhusAizXMSAWafcak7ZcTqRe6TaA=; b=RfwUMHPmw/NZpNnev0zS8wQSJ0DEK2q2Vq1CvQuJXf8wayCu3X13C4Uy qiP/vNFomZyXVpAH2TWX7I/J4tJlwqlKbOKyjMcOMbzb39Ab8wbZKD1TZ j1kTDeFwrWecJubYKparqm0PUYRIMUK0RVv3QdHRn/cV/kjn6fNu37R96 Sroq57COR/oBOHl8t0OUIgKa3Tl478SOVRJHYQr3ZLHIsy6dMAAKy2Iv1 nlz3JphYaCXH7VZitX24jE+CG+oaZl5EJMa5FvyI4ACVITsfyLr/fh2Wf cUrhywuQJkByFkIszuiVQh+lY2jWtdYXuQqQGEaFlT4HDEJRKiG8YDgxe g==; X-CSE-ConnectionGUID: xVbN5sEGTIyOBGX8seWQZA== X-CSE-MsgGUID: v6tY9OzCTCaJABOuOl95zA== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246188" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246188" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:37:10 -0800 X-CSE-ConnectionGUID: Nm7eKvjHREmqOmskLGOi6A== X-CSE-MsgGUID: 6n9CO0z/TQiDEkPFpj3iSw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804106" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:37:05 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 02/52] i386: Introduce tdx-guest object Date: Fri, 24 Jan 2025 08:19:58 -0500 Message-Id: <20250124132048.3229049-3-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Introduce tdx-guest object which inherits X86_CONFIDENTIAL_GUEST, and will be used to create TDX VMs (TDs) by qemu -machine ...,confidential-guest-support=tdx0 \ -object tdx-guest,id=tdx0 It has one QAPI member 'attributes' defined, which allows user to set TD's attributes directly. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann Acked-by: Markus Armbruster --- Changes in v7: - update QAPI version to 10.0; - update to use SPDX tags for license info; - update copyright to 2025; Chanegs in v6: - Make tdx-guest inherits X86_CONFIDENTIAL_GUEST; - set cgs->require_guest_memfd; - allow attributes settable via QAPI; - update QAPI version to since 9.2; Changes in v4: - update the new qapi `since` filed from 8.2 to 9.0 Changes in v1 - make @attributes not user-settable --- configs/devices/i386-softmmu/default.mak | 1 + hw/i386/Kconfig | 5 +++ qapi/qom.json | 15 +++++++++ target/i386/kvm/meson.build | 2 ++ target/i386/kvm/tdx.c | 43 ++++++++++++++++++++++++ target/i386/kvm/tdx.h | 21 ++++++++++++ 6 files changed, 87 insertions(+) create mode 100644 target/i386/kvm/tdx.c create mode 100644 target/i386/kvm/tdx.h diff --git a/configs/devices/i386-softmmu/default.mak b/configs/devices/i386-softmmu/default.mak index 4faf2f0315e2..bc0479a7e0a3 100644 --- a/configs/devices/i386-softmmu/default.mak +++ b/configs/devices/i386-softmmu/default.mak @@ -18,6 +18,7 @@ #CONFIG_QXL=n #CONFIG_SEV=n #CONFIG_SGA=n +#CONFIG_TDX=n #CONFIG_TEST_DEVICES=n #CONFIG_TPM_CRB=n #CONFIG_TPM_TIS_ISA=n diff --git a/hw/i386/Kconfig b/hw/i386/Kconfig index d34ce07b215d..cce9521ba934 100644 --- a/hw/i386/Kconfig +++ b/hw/i386/Kconfig @@ -10,6 +10,10 @@ config SGX bool depends on KVM +config TDX + bool + depends on KVM + config PC bool imply APPLESMC @@ -26,6 +30,7 @@ config PC imply QXL imply SEV imply SGX + imply TDX imply TEST_DEVICES imply TPM_CRB imply TPM_TIS_ISA diff --git a/qapi/qom.json b/qapi/qom.json index 28ce24cd8d08..e3a5e9330b54 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -1047,6 +1047,19 @@ '*host-data': 'str', '*vcek-disabled': 'bool' } } +## +# @TdxGuestProperties: +# +# Properties for tdx-guest objects. +# +# @attributes: The 'attributes' of a TD guest that is passed to +# KVM_TDX_INIT_VM +# +# Since: 10.0 +## +{ 'struct': 'TdxGuestProperties', + 'data': { '*attributes': 'uint64' } } + ## # @ThreadContextProperties: # @@ -1132,6 +1145,7 @@ 'sev-snp-guest', 'thread-context', 's390-pv-guest', + 'tdx-guest', 'throttle-group', 'tls-creds-anon', 'tls-creds-psk', @@ -1204,6 +1218,7 @@ 'if': 'CONFIG_SECRET_KEYRING' }, 'sev-guest': 'SevGuestProperties', 'sev-snp-guest': 'SevSnpGuestProperties', + 'tdx-guest': 'TdxGuestProperties', 'thread-context': 'ThreadContextProperties', 'throttle-group': 'ThrottleGroupProperties', 'tls-creds-anon': 'TlsCredsAnonProperties', diff --git a/target/i386/kvm/meson.build b/target/i386/kvm/meson.build index 3996cafaf29f..466bccb9cb17 100644 --- a/target/i386/kvm/meson.build +++ b/target/i386/kvm/meson.build @@ -8,6 +8,8 @@ i386_kvm_ss.add(files( i386_kvm_ss.add(when: 'CONFIG_XEN_EMU', if_true: files('xen-emu.c')) +i386_kvm_ss.add(when: 'CONFIG_TDX', if_true: files('tdx.c')) + i386_system_ss.add(when: 'CONFIG_HYPERV', if_true: files('hyperv.c'), if_false: files('hyperv-stub.c')) i386_system_ss.add_all(when: 'CONFIG_KVM', if_true: i386_kvm_ss) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c new file mode 100644 index 000000000000..ec84ae2947bb --- /dev/null +++ b/target/i386/kvm/tdx.c @@ -0,0 +1,43 @@ +/* + * QEMU TDX support + * + * Copyright (c) 2025 Intel Corporation + * + * Author: + * Xiaoyao Li + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "qemu/osdep.h" +#include "qom/object_interfaces.h" + +#include "tdx.h" + +/* tdx guest */ +OBJECT_DEFINE_TYPE_WITH_INTERFACES(TdxGuest, + tdx_guest, + TDX_GUEST, + X86_CONFIDENTIAL_GUEST, + { TYPE_USER_CREATABLE }, + { NULL }) + +static void tdx_guest_init(Object *obj) +{ + ConfidentialGuestSupport *cgs = CONFIDENTIAL_GUEST_SUPPORT(obj); + TdxGuest *tdx = TDX_GUEST(obj); + + cgs->require_guest_memfd = true; + tdx->attributes = 0; + + object_property_add_uint64_ptr(obj, "attributes", &tdx->attributes, + OBJ_PROP_FLAG_READWRITE); +} + +static void tdx_guest_finalize(Object *obj) +{ +} + +static void tdx_guest_class_init(ObjectClass *oc, void *data) +{ +} diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h new file mode 100644 index 000000000000..f3b725336161 --- /dev/null +++ b/target/i386/kvm/tdx.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ + +#ifndef QEMU_I386_TDX_H +#define QEMU_I386_TDX_H + +#include "confidential-guest.h" + +#define TYPE_TDX_GUEST "tdx-guest" +#define TDX_GUEST(obj) OBJECT_CHECK(TdxGuest, (obj), TYPE_TDX_GUEST) + +typedef struct TdxGuestClass { + X86ConfidentialGuestClass parent_class; +} TdxGuestClass; + +typedef struct TdxGuest { + X86ConfidentialGuest parent_obj; + + uint64_t attributes; /* TD attributes */ +} TdxGuest; + +#endif /* QEMU_I386_TDX_H */ From patchwork Fri Jan 24 13:19:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949393 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E2AC4288CC for ; Fri, 24 Jan 2025 13:37:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725834; cv=none; b=m6475Ux0IKD/XDKO6doT72VilpktMXwfWgtKj7oNJ8KZLQLoiBNFEw/rYTjT0Z+7gwVK1RsMXG8JJISsoeH6sDL+RR0YN7C7q10ckfS6X5CpWosCmvHE/swUCcu9g5gnCzzyFO9QyaJad4Gvi25jeZXNpEcBut7FTEEdz3GgmjU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725834; c=relaxed/simple; bh=BZUvfQp9mnJI50UJFjmIm2ZYfyW4FPAxqgosh1xyGt4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Ot4cCo70MploWZofdiXH/U7FP3CHJAdAeX8G22Mesv0VfdnEE7/tfvGQTniOhz2TSAXlrHqrWiSsg83mFnb4TLzxmkQkRkqjNnaonvDm9H3H1m63cKvvb0poCDaQqTLfic9Vu1jQ7eEkoMdq6dOnO45TLemwYXtwGTxlun7c22c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=WBVIYlxq; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="WBVIYlxq" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725833; x=1769261833; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=BZUvfQp9mnJI50UJFjmIm2ZYfyW4FPAxqgosh1xyGt4=; b=WBVIYlxqgw/SsASnZQYNkrkkjKa+ZYrSs+EvkoReLxZHDsa0Q0CZr/yi r0LnN3RQ9IVkyIVXNfX0T25d+UqRp6B72qj1ApXtSwT9oqs0IIyatIWug R7m6Q4U/Rz3TRKWlroWjy6XtS5wg9c7e6qNCdsnjgH4vcbvebv+S+LW1g b5xsSF+HQfk15AnC9hA5+kE2oAcDgK1BoEqrCbu+FISCHu9yYeNPwCmEO SYV+U0JUFOHnRxBvQs8kHfOpwYpi/A+jGrMu3wZclh7FlanZQdqwCOAYI kapRTWyI7hAKuoxGIVsdhyVkE+wPRLixqp3vxR5O35Hl9EpjPr1/YHOIr w==; X-CSE-ConnectionGUID: GRTTXzVbQR+2ZxEALUZLFQ== X-CSE-MsgGUID: 42RRrMa2Rfu1UuYuNsP0RQ== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246195" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246195" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:37:13 -0800 X-CSE-ConnectionGUID: /dzKgrkJSOi+NkXxLcTFyQ== X-CSE-MsgGUID: jSTFy9RQSH6OtrKHF47l4g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804135" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:37:09 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 03/52] i386/tdx: Implement tdx_kvm_type() for TDX Date: Fri, 24 Jan 2025 08:19:59 -0500 Message-Id: <20250124132048.3229049-4-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 TDX VM requires VM type to be KVM_X86_TDX_VM. Implement tdx_kvm_type() as X86ConfidentialGuestClass->kvm_type. Signed-off-by: Xiaoyao Li --- Changes in v6: - new added patch; --- target/i386/kvm/kvm.c | 1 + target/i386/kvm/tdx.c | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 6c749d4ee812..4f1cfb529c19 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -191,6 +191,7 @@ static const char *vm_type_name[] = { [KVM_X86_SEV_VM] = "SEV", [KVM_X86_SEV_ES_VM] = "SEV-ES", [KVM_X86_SNP_VM] = "SEV-SNP", + [KVM_X86_TDX_VM] = "TDX", }; bool kvm_is_vm_type_supported(int type) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index ec84ae2947bb..d785c1f6d173 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -12,8 +12,17 @@ #include "qemu/osdep.h" #include "qom/object_interfaces.h" +#include "kvm_i386.h" #include "tdx.h" +static int tdx_kvm_type(X86ConfidentialGuest *cg) +{ + /* Do the object check */ + TDX_GUEST(cg); + + return KVM_X86_TDX_VM; +} + /* tdx guest */ OBJECT_DEFINE_TYPE_WITH_INTERFACES(TdxGuest, tdx_guest, @@ -40,4 +49,7 @@ static void tdx_guest_finalize(Object *obj) static void tdx_guest_class_init(ObjectClass *oc, void *data) { + X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); + + x86_klass->kvm_type = tdx_kvm_type; } From patchwork Fri Jan 24 13:20:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949394 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7FB7A288CC for ; Fri, 24 Jan 2025 13:37:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725838; cv=none; b=EcIwweTve1RSTUllSVI4WN5rwRGF3Ow+kqWYfkbkYlTQIVcetV1797J32SDXiJcKS86vXrw+o0GupBMczVmhwhkk685rkkF8b/diYeO3EyvZYMYj4NdGdD4tYIs+E4NwJ76s1G2PlJC6pr+4hJ6P2dFhYOn1ympBybtI4ttc9KA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725838; c=relaxed/simple; bh=i9LA0fuEWyXT3xhCEP6n86n3NtpzUzrXs/78mYcqsME=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ayuYmvbGQ4sTSjcD1EnykHNGX9ai4Z82xnvZ+6Py3LSbroModCwIAwjpc/Mp9MNOkLjHGB7B/tPZY3AJd/epEf7qcfFs+Ca9K4gWByD0GG+WiFfOwevrh04+IqoyfGXHuRK77x/jQvnt9pLEDBHtn4vqANfmXZNvZoWzx+8WBEo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=VUkDsua4; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="VUkDsua4" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725837; x=1769261837; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=i9LA0fuEWyXT3xhCEP6n86n3NtpzUzrXs/78mYcqsME=; b=VUkDsua4ZJUkqEgIIGJiPZnlwxMBRamqRByYOpzylj+6G1qNXUGwRDnA 66hj7jzn+fJrcgnvrETcyJOkMrf8yr6F/FMwb5aIuVrPe72dOJ4s2rLuh 39E6heH9qjE1XPFG/KRdMml5KdCnfLv19dtd2/FAPVTEvAblXZEMGqqMi ZMPCmsbCXjtK33yNProjnkrXODrz4lQxen/yr1mimjH20Mc6YwGamgBf3 Fq1OFtOvGtCYGDb1bV3HWLjitp4i4sJDNrkchEwIcxOL9sAioFzxEIClS b2A94uzAmHkrLQ8cPYuvpyGtRcc+hrwZ7/1gkIj2pOds1Sny/8xT6Q0HE w==; X-CSE-ConnectionGUID: olVcg8jTRvuqWd7hSPLgEw== X-CSE-MsgGUID: IraEXB5eScKVN8EWo0EEww== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246203" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246203" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:37:17 -0800 X-CSE-ConnectionGUID: LXPp8NS6T+eY4He+6eGZug== X-CSE-MsgGUID: VaujTO9MSPe0H47yz7hBpg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804141" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:37:13 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 04/52] i386/tdx: Implement tdx_kvm_init() to initialize TDX VM context Date: Fri, 24 Jan 2025 08:20:00 -0500 Message-Id: <20250124132048.3229049-5-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Implement TDX specific ConfidentialGuestSupportClass::kvm_init() callback, tdx_kvm_init(). Mark guest state is proctected for TDX VM. More TDX specific initialization will be added later. Signed-off-by: Xiaoyao Li --- Changes in v6: - remove Acked-by from Gerd since the patch changed due to use ConfidentialGuestSupportClass::kvm_init(); --- target/i386/kvm/kvm.c | 11 +---------- target/i386/kvm/tdx.c | 10 ++++++++++ 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 4f1cfb529c19..1af4710556ad 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -3206,16 +3206,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s) Error *local_err = NULL; /* - * Initialize SEV context, if required - * - * If no memory encryption is requested (ms->cgs == NULL) this is - * a no-op. - * - * It's also a no-op if a non-SEV confidential guest support - * mechanism is selected. SEV is the only mechanism available to - * select on x86 at present, so this doesn't arise, but if new - * mechanisms are supported in future (e.g. TDX), they'll need - * their own initialization either here or elsewhere. + * Initialize confidential guest (SEV/TDX) context, if required */ if (ms->cgs) { ret = confidential_guest_kvm_init(ms->cgs, &local_err); diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index d785c1f6d173..4ff94860815d 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -12,9 +12,17 @@ #include "qemu/osdep.h" #include "qom/object_interfaces.h" +#include "hw/i386/x86.h" #include "kvm_i386.h" #include "tdx.h" +static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) +{ + kvm_mark_guest_state_protected(); + + return 0; +} + static int tdx_kvm_type(X86ConfidentialGuest *cg) { /* Do the object check */ @@ -49,7 +57,9 @@ static void tdx_guest_finalize(Object *obj) static void tdx_guest_class_init(ObjectClass *oc, void *data) { + ConfidentialGuestSupportClass *klass = CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc); X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); + klass->kvm_init = tdx_kvm_init; x86_klass->kvm_type = tdx_kvm_type; } From patchwork Fri Jan 24 13:20:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949395 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 41BED288CC for ; Fri, 24 Jan 2025 13:37:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725841; cv=none; b=k6OrT7lvPfX61tbmZT9TbxGa68T5sFuucf80Ykt/EaEhkGI+hFlwYM2eIL9BKCJWRIkztlUviYKA2rtNQdvoVluM+YxL9JA1dg/pJRhPXMwELbrde2zQAD4mzfkJO9PcAi0QDeB3PEgWnVgy09m8ULWdtoWQeZz30dyHYMmVIFY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725841; c=relaxed/simple; bh=k4V8oG5ItKiBPMuefyxMwf+rMugMTp2lqqN5KAQVQWo=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Ydw3UqwHSFdfJlyDoK0DcI/kstKfRFph8SXnQt7NLUtm8xnvSFVEgnS3Pws0fqHqqYIZriCYjlvep+N8RXdHlPf3fmk9OU+SIYzJDCEM1Rt/6cTmNFPUqX6Et6u71oiU3uKoKAuKbcyJ/0bqQaMDhjy/NvYM+eQllLt6d0Hvrbw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=jn8itZ4n; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="jn8itZ4n" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725841; x=1769261841; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=k4V8oG5ItKiBPMuefyxMwf+rMugMTp2lqqN5KAQVQWo=; b=jn8itZ4nxg1wNQIPEdmS2MYwteqe8aFxquc4MXCrKbn8zvE5u/4y80x1 KitrZIOV1ZOP/Ds6DGSE0Jigk04la7Ac0f2ff5QWu2MTDOOFr9sRT7OTD qlkmhS9o6cSSQM5ABBXOKmkjo12blNB0UvFayK7CQIRyk014X5cGaxnNG blivo+PZ8VR45qfr759MMPssX2n0NAa5w7eGK2YGN9Ozx+go9hjnkUnIz tme3HB+/PLJsG82aV9GGM8xslKr+jGMOMC7NxXfmW5yAVTbn4L93yE/s3 wgK07gQRdhLq/KEC0a+R7LgFEdjCaG/MQtsHwbm1e/k3qbaEubgmVWv6Q g==; X-CSE-ConnectionGUID: mtUJ5CWWTaiEA+5ZGwhQgA== X-CSE-MsgGUID: QULiHn3nRteaJwONR7btsQ== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246209" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246209" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:37:20 -0800 X-CSE-ConnectionGUID: uPndi56ASZy9YU6jFIrLgQ== X-CSE-MsgGUID: ixYciDPoSJ6ojcSR8/bQ1w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804147" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:37:16 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 05/52] i386/tdx: Get tdx_capabilities via KVM_TDX_CAPABILITIES Date: Fri, 24 Jan 2025 08:20:01 -0500 Message-Id: <20250124132048.3229049-6-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 KVM provides TDX capabilities via sub command KVM_TDX_CAPABILITIES of IOCTL(KVM_MEMORY_ENCRYPT_OP). Get the capabilities when initializing TDX context. It will be used to validate user's setting later. Since there is no interface reporting how many cpuid configs contains in KVM_TDX_CAPABILITIES, QEMU chooses to try starting with a known number and abort when it exceeds KVM_MAX_CPUID_ENTRIES. Besides, introduce the interfaces to invoke TDX "ioctls" at VCPU scope in preparation. Signed-off-by: Xiaoyao Li --- Changes in v7: - refine and unifiy the error handling; (Daniel) Changes in v6: - Pass CPUState * to tdx_vcpu_ioctl(); - update commit message to remove platform scope thing; - dump hw_error when it's non-zero to help debug; Changes in v4: - use {} to initialize struct kvm_tdx_cmd, to avoid memset(); - remove tdx_platform_ioctl() because no user; Changes in v3: - rename __tdx_ioctl() to tdx_ioctl_internal() - Pass errp in get_tdx_capabilities(); changes in v2: - Make the error message more clear; changes in v1: - start from nr_cpuid_configs = 6 for the loop; - stop the loop when nr_cpuid_configs exceeds KVM_MAX_CPUID_ENTRIES; --- target/i386/kvm/kvm.c | 2 - target/i386/kvm/kvm_i386.h | 2 + target/i386/kvm/tdx.c | 107 ++++++++++++++++++++++++++++++++++++- 3 files changed, 108 insertions(+), 3 deletions(-) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 1af4710556ad..b4fa35405fe1 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -1779,8 +1779,6 @@ static int hyperv_init_vcpu(X86CPU *cpu) static Error *invtsc_mig_blocker; -#define KVM_MAX_CPUID_ENTRIES 100 - static void kvm_init_xsave(CPUX86State *env) { if (has_xsave2) { diff --git a/target/i386/kvm/kvm_i386.h b/target/i386/kvm/kvm_i386.h index 88565e8dbac1..ed1e61fb8ba9 100644 --- a/target/i386/kvm/kvm_i386.h +++ b/target/i386/kvm/kvm_i386.h @@ -13,6 +13,8 @@ #include "system/kvm.h" +#define KVM_MAX_CPUID_ENTRIES 100 + /* always false if !CONFIG_KVM */ #define kvm_pit_in_kernel() \ (kvm_irqchip_in_kernel() && !kvm_irqchip_is_split()) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 4ff94860815d..bd212abab865 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -10,17 +10,122 @@ */ #include "qemu/osdep.h" +#include "qemu/error-report.h" +#include "qapi/error.h" #include "qom/object_interfaces.h" #include "hw/i386/x86.h" #include "kvm_i386.h" #include "tdx.h" +static struct kvm_tdx_capabilities *tdx_caps; + +enum tdx_ioctl_level { + TDX_VM_IOCTL, + TDX_VCPU_IOCTL, +}; + +static int tdx_ioctl_internal(enum tdx_ioctl_level level, void *state, + int cmd_id, __u32 flags, void *data, + Error **errp) +{ + struct kvm_tdx_cmd tdx_cmd = {}; + int r; + + const char* tdx_ioctl_name[] = { + [KVM_TDX_CAPABILITIES] = "KVM_TDX_CAPABILITIES", + [KVM_TDX_INIT_VM] = "KVM_TDX_INIT_VM", + [KVM_TDX_INIT_VCPU] = "KVM_TDX_INIT_VCPU", + [KVM_TDX_INIT_MEM_REGION] = "KVM_TDX_INIT_MEM_REGION", + [KVM_TDX_FINALIZE_VM] = "KVM_TDX_FINALIZE_VM", + [KVM_TDX_GET_CPUID] = "KVM_TDX_GET_CPUID", + }; + + tdx_cmd.id = cmd_id; + tdx_cmd.flags = flags; + tdx_cmd.data = (__u64)(unsigned long)data; + + switch (level) { + case TDX_VM_IOCTL: + r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &tdx_cmd); + break; + case TDX_VCPU_IOCTL: + r = kvm_vcpu_ioctl(state, KVM_MEMORY_ENCRYPT_OP, &tdx_cmd); + break; + default: + error_setg(errp, "Invalid tdx_ioctl_level %d", level); + return -EINVAL; + } + + if (r < 0) { + error_setg_errno(errp, -r, "TDX ioctl %s failed, hw_errors: 0x%llx", + tdx_ioctl_name[cmd_id], tdx_cmd.hw_error); + } + return r; +} + +static inline int tdx_vm_ioctl(int cmd_id, __u32 flags, void *data, + Error **errp) +{ + return tdx_ioctl_internal(TDX_VM_IOCTL, NULL, cmd_id, flags, data, errp); +} + +static inline int tdx_vcpu_ioctl(CPUState *cpu, int cmd_id, __u32 flags, + void *data, Error **errp) +{ + return tdx_ioctl_internal(TDX_VCPU_IOCTL, cpu, cmd_id, flags, data, errp); +} + +static int get_tdx_capabilities(Error **errp) +{ + struct kvm_tdx_capabilities *caps; + /* 1st generation of TDX reports 6 cpuid configs */ + int nr_cpuid_configs = 6; + size_t size; + int r; + + do { + Error *local_err = NULL; + size = sizeof(struct kvm_tdx_capabilities) + + nr_cpuid_configs * sizeof(struct kvm_cpuid_entry2); + caps = g_malloc0(size); + caps->cpuid.nent = nr_cpuid_configs; + + r = tdx_vm_ioctl(KVM_TDX_CAPABILITIES, 0, caps, &local_err); + if (r == -E2BIG) { + g_free(caps); + nr_cpuid_configs *= 2; + if (nr_cpuid_configs > KVM_MAX_CPUID_ENTRIES) { + error_report("KVM TDX seems broken that number of CPUID entries" + " in kvm_tdx_capabilities exceeds limit: %d", + KVM_MAX_CPUID_ENTRIES); + error_propagate(errp, local_err); + return r; + } + error_free(local_err); + } else if (r < 0) { + g_free(caps); + error_propagate(errp, local_err); + return r; + } + } while (r == -E2BIG); + + tdx_caps = caps; + + return 0; +} + static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { + int r = 0; + kvm_mark_guest_state_protected(); - return 0; + if (!tdx_caps) { + r = get_tdx_capabilities(errp); + } + + return r; } static int tdx_kvm_type(X86ConfidentialGuest *cg) From patchwork Fri Jan 24 13:20:02 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949396 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AA61370820 for ; Fri, 24 Jan 2025 13:37:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725845; cv=none; b=UigSsx4TYVe10JxKqTKNepRDxkvDrtMZac4GBf8ypfu+Um6snGn1BpzxIUwAlA3m3Gfw9qXSeQsUW1M/gtdJhQNHLhdxMeeLoZ/XqTM2PwHWDaXZz6hkikSK6D5Q9O7D09LIEnEeboAUVha32K2KZR/4itBztkU/JzFa1+MZY8c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725845; c=relaxed/simple; bh=kOLxy+1q1FMsBAjiiHfhF45L2YtjT1s5c0pCcuUrZl8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=k4LL2YEwvPPWs4vsuYI2jBtGaC6HsrUUa6hILAPD+gg0ldEYqjMSfs9muaIHi1wN5wEvqGoLcAFqaW3OxfDQbh7PVF1dupqV3jPsQ7Ux8rmEDaThgzTgdbB9PTWYcceVrvP1mv7sOHbHl5stdjujOZJd0kxBNpB3eBk623X+6Fo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=CnooZ1Di; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="CnooZ1Di" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725844; x=1769261844; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=kOLxy+1q1FMsBAjiiHfhF45L2YtjT1s5c0pCcuUrZl8=; b=CnooZ1DibK+gZL9qX03i1Oz+hBgvJkqusVIb+IihqUgy4h0j8Lzd7LDl cfe+tj8CEaLpRaRG/4q6UMFqnwJBb42rl9b5fKeFYs2ggVQdEA6HMEh4w 7qIA9VIeGCvXpLtAHwkVzyt7heg0ODs/YmPOUfZMswVVnxJNvrJBiFgXN Ztv4yFWwof7Vu/0IcMaltQqj/ppsYaEsTbyYlNSUc3Fg2psyB0rR8A0ze dlXrzHnPCj6B/aGohjyqntUkt8YBlT3ZkgYfD5hMngnXi3BKvbPck70Kt C3ZpDixU2dL8KryVzRP/Lo6BwArzJnFdtC1v90/bz3NvTjD6cZ1WmRbOz w==; X-CSE-ConnectionGUID: kMgTdTi0QC66M+9P1Pfb7A== X-CSE-MsgGUID: MtJWugQaQEamwxNWdemKeA== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246215" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246215" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:37:24 -0800 X-CSE-ConnectionGUID: D8KtQIbUT/Gawb5IdLWJKQ== X-CSE-MsgGUID: Ac6D1dICQUeA26wOEa8tZQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804160" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:37:20 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 06/52] i386/tdx: Introduce is_tdx_vm() helper and cache tdx_guest object Date: Fri, 24 Jan 2025 08:20:02 -0500 Message-Id: <20250124132048.3229049-7-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 It will need special handling for TDX VMs all around the QEMU. Introduce is_tdx_vm() helper to query if it's a TDX VM. Cache tdx_guest object thus no need to cast from ms->cgs every time. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann Reviewed-by: Isaku Yamahata --- changes in v3: - replace object_dynamic_cast with TDX_GUEST(); --- target/i386/kvm/tdx.c | 15 ++++++++++++++- target/i386/kvm/tdx.h | 10 ++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index bd212abab865..53eec6553333 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -18,8 +18,16 @@ #include "kvm_i386.h" #include "tdx.h" +static TdxGuest *tdx_guest; + static struct kvm_tdx_capabilities *tdx_caps; +/* Valid after kvm_arch_init()->confidential_guest_kvm_init()->tdx_kvm_init() */ +bool is_tdx_vm(void) +{ + return !!tdx_guest; +} + enum tdx_ioctl_level { TDX_VM_IOCTL, TDX_VCPU_IOCTL, @@ -117,15 +125,20 @@ static int get_tdx_capabilities(Error **errp) static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { + TdxGuest *tdx = TDX_GUEST(cgs); int r = 0; kvm_mark_guest_state_protected(); if (!tdx_caps) { r = get_tdx_capabilities(errp); + if (r) { + return r; + } } - return r; + tdx_guest = tdx; + return 0; } static int tdx_kvm_type(X86ConfidentialGuest *cg) diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h index f3b725336161..de8ae9196163 100644 --- a/target/i386/kvm/tdx.h +++ b/target/i386/kvm/tdx.h @@ -3,6 +3,10 @@ #ifndef QEMU_I386_TDX_H #define QEMU_I386_TDX_H +#ifndef CONFIG_USER_ONLY +#include CONFIG_DEVICES /* CONFIG_TDX */ +#endif + #include "confidential-guest.h" #define TYPE_TDX_GUEST "tdx-guest" @@ -18,4 +22,10 @@ typedef struct TdxGuest { uint64_t attributes; /* TD attributes */ } TdxGuest; +#ifdef CONFIG_TDX +bool is_tdx_vm(void); +#else +#define is_tdx_vm() 0 +#endif /* CONFIG_TDX */ + #endif /* QEMU_I386_TDX_H */ From patchwork Fri Jan 24 13:20:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949397 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 716A1433CE for ; Fri, 24 Jan 2025 13:37:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725849; cv=none; b=ha9WqXyOkEvI65x91cdp3mNxpcw2QoNAjNeiVBsYpGHEA7IHSebgON3d8TQJpOas2XalknEyhdbIvR+f+7y1OFbxcnuJYbK3I315fGrA9NRrEijDJPLmxy9W9cgA5CcN+efCmX6YMt6XBxvquraLVBW4VQ15Wj8dCAZ72xlZp1M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725849; c=relaxed/simple; bh=h1PWiv/L1IuFr20MhYBHyD675z/d2kYThO8tL6y/HPs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=FA6ixsMRMdv2UAIkXoSPHiaacGsdbWS6b3VRLRHZM7gUz9I1pJ8wKQBh1h4KO6ihfBvn+HMqMnTkhXm6m/dmMxWiwLO9P1c+KjLrraR8rwO3BEmNwwSZUM5JoUCnZe36eHvn//eagnJywzSIYzduqcQ9AV4ug+dyBwMEh9VTjCI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=lOpMrGqD; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="lOpMrGqD" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725848; x=1769261848; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=h1PWiv/L1IuFr20MhYBHyD675z/d2kYThO8tL6y/HPs=; b=lOpMrGqDCVfTFz+jmdHrsk3SZMn03FXGGOtS+38jSve+6rvGOA9y//T5 qYR9zgSsQrbCMjt1RB3CoaiR/rGOECWuLvBVf+eA0KItya+Eb3FKvxj4m tfaqvtJHGXb82N2IgNeg+R4xjOlsMPh3ofBSMZ+qyL+CPbt9fq3nSHuVQ WXz1YacSHRALRJItC9RrMVGGWMx4uCCq3esoX3tfUxVOIkndfw23PK6p3 a8e7f8XrrsowAxBPTiMzLIVra7T1fa6U9j10CFjoJUr6IF3lKtH9TdfNO 0S2ZxmLGL9VKhp9lc0kbftx/OvSAUlxCQSQCYUKOuOfE7LuMSh0ptUB05 A==; X-CSE-ConnectionGUID: 1GtN+7ZzQHS+ZQsKMYpG4Q== X-CSE-MsgGUID: 2j4igr1GTrOh86g9WZE/Vw== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246221" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246221" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:37:28 -0800 X-CSE-ConnectionGUID: MsCf1MsRQSWFcaU71Vk2NQ== X-CSE-MsgGUID: qls930X2TAWCgloTWwl5sQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804165" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:37:23 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 07/52] kvm: Introduce kvm_arch_pre_create_vcpu() Date: Fri, 24 Jan 2025 08:20:03 -0500 Message-Id: <20250124132048.3229049-8-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Introduce kvm_arch_pre_create_vcpu(), to perform arch-dependent work prior to create any vcpu. This is for i386 TDX because it needs call TDX_INIT_VM before creating any vcpu. The specific implemnet of i386 will be added in the future patch. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- Changes in v7: - Implement stub for all the ARCHes instead of defining it with weak attribute; (Philippe) Changes in v3: - pass @errp to kvm_arch_pre_create_vcpu(); (Per Daniel) --- accel/kvm/kvm-all.c | 5 +++++ include/system/kvm.h | 1 + target/arm/kvm.c | 5 +++++ target/i386/kvm/kvm.c | 5 +++++ target/loongarch/kvm/kvm.c | 5 +++++ target/mips/kvm.c | 5 +++++ target/ppc/kvm.c | 5 +++++ target/riscv/kvm/kvm-cpu.c | 5 +++++ target/s390x/kvm/kvm.c | 5 +++++ 9 files changed, 41 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index c65b790433cb..45867dbe0839 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -540,6 +540,11 @@ int kvm_init_vcpu(CPUState *cpu, Error **errp) trace_kvm_init_vcpu(cpu->cpu_index, kvm_arch_vcpu_id(cpu)); + ret = kvm_arch_pre_create_vcpu(cpu, errp); + if (ret < 0) { + goto err; + } + ret = kvm_create_vcpu(cpu); if (ret < 0) { error_setg_errno(errp, -ret, diff --git a/include/system/kvm.h b/include/system/kvm.h index ab17c09a551f..d7dfa25493a2 100644 --- a/include/system/kvm.h +++ b/include/system/kvm.h @@ -374,6 +374,7 @@ int kvm_arch_get_default_type(MachineState *ms); int kvm_arch_init(MachineState *ms, KVMState *s); +int kvm_arch_pre_create_vcpu(CPUState *cpu, Error **errp); int kvm_arch_init_vcpu(CPUState *cpu); int kvm_arch_destroy_vcpu(CPUState *cpu); diff --git a/target/arm/kvm.c b/target/arm/kvm.c index da30bdbb2349..93f1a7245b3f 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -1874,6 +1874,11 @@ static int kvm_arm_sve_set_vls(ARMCPU *cpu) #define ARM_CPU_ID_MPIDR 3, 0, 0, 0, 5 +int kvm_arch_pre_create_vcpu(CPUState *cpu, Error **errp) +{ + return 0; +} + int kvm_arch_init_vcpu(CPUState *cs) { int ret; diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index b4fa35405fe1..1a4dd19e24ab 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -2050,6 +2050,11 @@ full: abort(); } +int kvm_arch_pre_create_vcpu(CPUState *cpu, Error **errp) +{ + return 0; +} + int kvm_arch_init_vcpu(CPUState *cs) { struct { diff --git a/target/loongarch/kvm/kvm.c b/target/loongarch/kvm/kvm.c index a3f55155b030..91c3c67cdb72 100644 --- a/target/loongarch/kvm/kvm.c +++ b/target/loongarch/kvm/kvm.c @@ -973,6 +973,11 @@ static int kvm_cpu_check_pmu(CPUState *cs, Error **errp) return 0; } +int kvm_arch_pre_create_vcpu(CPUState *cpu, Error **errp) +{ + return 0; +} + int kvm_arch_init_vcpu(CPUState *cs) { uint64_t val; diff --git a/target/mips/kvm.c b/target/mips/kvm.c index d67b7c1a8ecb..ec53acb51a1f 100644 --- a/target/mips/kvm.c +++ b/target/mips/kvm.c @@ -61,6 +61,11 @@ int kvm_arch_irqchip_create(KVMState *s) return 0; } +int kvm_arch_pre_create_vcpu(CPUState *cpu, Error **errp) +{ + return 0; +} + int kvm_arch_init_vcpu(CPUState *cs) { CPUMIPSState *env = cpu_env(cs); diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c index 966c2c657234..758298d565d2 100644 --- a/target/ppc/kvm.c +++ b/target/ppc/kvm.c @@ -477,6 +477,11 @@ static void kvmppc_hw_debug_points_init(CPUPPCState *cenv) } } +int kvm_arch_pre_create_vcpu(CPUState *cpu, Error **errp) +{ + return 0; +} + int kvm_arch_init_vcpu(CPUState *cs) { PowerPCCPU *cpu = POWERPC_CPU(cs); diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c index 23ce77935940..55be7542e726 100644 --- a/target/riscv/kvm/kvm-cpu.c +++ b/target/riscv/kvm/kvm-cpu.c @@ -1362,6 +1362,11 @@ static int kvm_vcpu_enable_sbi_dbcn(RISCVCPU *cpu, CPUState *cs) return kvm_set_one_reg(cs, kvm_sbi_dbcn.kvm_reg_id, ®); } +int kvm_arch_pre_create_vcpu(CPUState *cpu, Error **errp) +{ + return 0; +} + int kvm_arch_init_vcpu(CPUState *cs) { int ret = 0; diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c index 4d56e653ddf6..1f592733f4e2 100644 --- a/target/s390x/kvm/kvm.c +++ b/target/s390x/kvm/kvm.c @@ -404,6 +404,11 @@ unsigned long kvm_arch_vcpu_id(CPUState *cpu) return cpu->cpu_index; } +int kvm_arch_pre_create_vcpu(CPUState *cpu, Error **errp) +{ + return 0; +} + int kvm_arch_init_vcpu(CPUState *cs) { unsigned int max_cpus = MACHINE(qdev_get_machine())->smp.max_cpus; From patchwork Fri Jan 24 13:20:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949398 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 805F4433CE for ; Fri, 24 Jan 2025 13:37:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725853; cv=none; b=D0NEGXNpqc0oB/WbbijSDugzsuHLNXfFRR/+fcuMk+RwMf7gL8d/DZcsLaVjP9miX7wiSUrnqGkNPdCgFIzTt2xltKLlA7CvpMUOBa1ticykBuZXKnYv4EX1ip4B7q1F2la0d0nOxMcfQ8n6H3dE8a5/S7UqVr6kNv7pKqaEC5w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725853; c=relaxed/simple; bh=ZouDOCVPQiy1zqqpa+x8ITHgYXhhl2FOCHzR+xxDXno=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ewq4hJjZo3QIwN54OeY2RFM5zK+se+Q+H1x2Tr3hp/qY0DwsSgbdQ0gPanjUBhVp59Ht7o3Et3bDQKdleqUKbpx9fcBpFup/6WgA9YB3Quf226zXrzbqYRkDeNxsZTCLuEO/XhXEIkH9V6NVuqPZZl/uXdppA7BvH2ByFIv/bKQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=AoRADvSm; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="AoRADvSm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725852; x=1769261852; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ZouDOCVPQiy1zqqpa+x8ITHgYXhhl2FOCHzR+xxDXno=; b=AoRADvSmZPJMypuENci+BWKNcUSDioPon1pmRQgDFLOMuicBDsAW5p6l Psl98Pjc+mqFI73l6xGctx+rI1MjzNKjnBzZspx1TSQJ8vAdpyUzoNabq xKCcx/byIDn1OCiUWolEIuXh2KjQkiiUAI6mM+RyoQ45rILqN1435gI91 ysQDojHkeS4vpFMmZdbO4dKGUpF4APvAP//rncCoDjDGOarreL3R65pUE 2xzu9AzOsAAkzMYNx5zjhfzkq4HYWuuGgpQWWhWXDZDNK7C/oqBPip1qY wVYh8QK7KOxmZC8poX5d/hjTwB9qT8QlF9ifDucv7z4btZVPo4xVf1e8P Q==; X-CSE-ConnectionGUID: ONvvm4kPTIWvg+33mAgzBw== X-CSE-MsgGUID: bulD5qvSRDygcIsW0tQgKA== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246230" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246230" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:37:32 -0800 X-CSE-ConnectionGUID: FFU8bFS3SWK/YhPSVlwFhw== X-CSE-MsgGUID: 1bsOIRIyS76bAXlSZKZhDQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804170" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:37:27 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 08/52] i386/tdx: Initialize TDX before creating TD vcpus Date: Fri, 24 Jan 2025 08:20:04 -0500 Message-Id: <20250124132048.3229049-9-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Invoke KVM_TDX_INIT in kvm_arch_pre_create_vcpu() that KVM_TDX_INIT configures global TD configurations, e.g. the canonical CPUID config, and must be executed prior to creating vCPUs. Use kvm_x86_arch_cpuid() to setup the CPUID settings for TDX VM. Note, this doesn't address the fact that QEMU may change the CPUID configuration when creating vCPUs, i.e. punts on refactoring QEMU to provide a stable CPUID config prior to kvm_arch_init(). Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann Acked-by: Markus Armbruster --- Changes in v7: - Add comments to explain why KVM_TDX_INIT_VM should retry on -EAGAIN; - Add retry limit of 10000 times for -EAGAIN on KVM_TDX_INIT_VM; Changes in v6: - setup xfam explicitly to fit with new uapi; - use tdx_caps->cpuid to filter the input of cpuids because now KVM only allows the leafs that reported via KVM_TDX_GET_CAPABILITIES; Changes in v4: - mark init_vm with g_autofree() and use QEMU_LOCK_GUARD() to eliminate the goto labels; (Daniel) Changes in v3: - Pass @errp in tdx_pre_create_vcpu() and pass error info to it. (Daniel) --- accel/kvm/kvm-all.c | 8 +++ target/i386/kvm/kvm.c | 16 +++--- target/i386/kvm/kvm_i386.h | 5 ++ target/i386/kvm/meson.build | 2 +- target/i386/kvm/tdx-stub.c | 10 ++++ target/i386/kvm/tdx.c | 103 ++++++++++++++++++++++++++++++++++++ target/i386/kvm/tdx.h | 6 +++ 7 files changed, 143 insertions(+), 7 deletions(-) create mode 100644 target/i386/kvm/tdx-stub.c diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 45867dbe0839..e35a9fbd687e 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -540,8 +540,15 @@ int kvm_init_vcpu(CPUState *cpu, Error **errp) trace_kvm_init_vcpu(cpu->cpu_index, kvm_arch_vcpu_id(cpu)); + /* + * tdx_pre_create_vcpu() may call cpu_x86_cpuid(). It in turn may call + * kvm_vm_ioctl(). Set cpu->kvm_state in advance to avoid NULL pointer + * dereference. + */ + cpu->kvm_state = s; ret = kvm_arch_pre_create_vcpu(cpu, errp); if (ret < 0) { + cpu->kvm_state = NULL; goto err; } @@ -550,6 +557,7 @@ int kvm_init_vcpu(CPUState *cpu, Error **errp) error_setg_errno(errp, -ret, "kvm_init_vcpu: kvm_create_vcpu failed (%lu)", kvm_arch_vcpu_id(cpu)); + cpu->kvm_state = NULL; goto err; } diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 1a4dd19e24ab..a537699bb7df 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -38,6 +38,7 @@ #include "kvm_i386.h" #include "../confidential-guest.h" #include "sev.h" +#include "tdx.h" #include "xen-emu.h" #include "hyperv.h" #include "hyperv-proto.h" @@ -414,9 +415,9 @@ static uint32_t cpuid_entry_get_reg(struct kvm_cpuid_entry2 *entry, int reg) /* Find matching entry for function/index on kvm_cpuid2 struct */ -static struct kvm_cpuid_entry2 *cpuid_find_entry(struct kvm_cpuid2 *cpuid, - uint32_t function, - uint32_t index) +struct kvm_cpuid_entry2 *cpuid_find_entry(struct kvm_cpuid2 *cpuid, + uint32_t function, + uint32_t index) { int i; for (i = 0; i < cpuid->nent; ++i) { @@ -1821,9 +1822,8 @@ static void kvm_init_nested_state(CPUX86State *env) } } -static uint32_t kvm_x86_build_cpuid(CPUX86State *env, - struct kvm_cpuid_entry2 *entries, - uint32_t cpuid_i) +uint32_t kvm_x86_build_cpuid(CPUX86State *env, struct kvm_cpuid_entry2 *entries, + uint32_t cpuid_i) { uint32_t limit, i, j; uint32_t unused; @@ -2052,6 +2052,10 @@ full: int kvm_arch_pre_create_vcpu(CPUState *cpu, Error **errp) { + if (is_tdx_vm()) { + return tdx_pre_create_vcpu(cpu, errp); + } + return 0; } diff --git a/target/i386/kvm/kvm_i386.h b/target/i386/kvm/kvm_i386.h index ed1e61fb8ba9..dc696cb7238a 100644 --- a/target/i386/kvm/kvm_i386.h +++ b/target/i386/kvm/kvm_i386.h @@ -59,6 +59,11 @@ uint64_t kvm_swizzle_msi_ext_dest_id(uint64_t address); void kvm_update_msi_routes_all(void *private, bool global, uint32_t index, uint32_t mask); +struct kvm_cpuid_entry2 *cpuid_find_entry(struct kvm_cpuid2 *cpuid, + uint32_t function, + uint32_t index); +uint32_t kvm_x86_build_cpuid(CPUX86State *env, struct kvm_cpuid_entry2 *entries, + uint32_t cpuid_i); #endif /* CONFIG_KVM */ void kvm_pc_setup_irq_routing(bool pci_enabled); diff --git a/target/i386/kvm/meson.build b/target/i386/kvm/meson.build index 466bccb9cb17..3f44cdedb758 100644 --- a/target/i386/kvm/meson.build +++ b/target/i386/kvm/meson.build @@ -8,7 +8,7 @@ i386_kvm_ss.add(files( i386_kvm_ss.add(when: 'CONFIG_XEN_EMU', if_true: files('xen-emu.c')) -i386_kvm_ss.add(when: 'CONFIG_TDX', if_true: files('tdx.c')) +i386_kvm_ss.add(when: 'CONFIG_TDX', if_true: files('tdx.c'), if_false: files('tdx-stub.c')) i386_system_ss.add(when: 'CONFIG_HYPERV', if_true: files('hyperv.c'), if_false: files('hyperv-stub.c')) diff --git a/target/i386/kvm/tdx-stub.c b/target/i386/kvm/tdx-stub.c new file mode 100644 index 000000000000..2344433594ea --- /dev/null +++ b/target/i386/kvm/tdx-stub.c @@ -0,0 +1,10 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ + +#include "qemu/osdep.h" + +#include "tdx.h" + +int tdx_pre_create_vcpu(CPUState *cpu, Error **errp) +{ + return -EINVAL; +} diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 53eec6553333..b8a85f2333ad 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -149,6 +149,107 @@ static int tdx_kvm_type(X86ConfidentialGuest *cg) return KVM_X86_TDX_VM; } +static int setup_td_xfam(X86CPU *x86cpu, Error **errp) +{ + CPUX86State *env = &x86cpu->env; + uint64_t xfam; + + xfam = env->features[FEAT_XSAVE_XCR0_LO] | + env->features[FEAT_XSAVE_XCR0_HI] | + env->features[FEAT_XSAVE_XSS_LO] | + env->features[FEAT_XSAVE_XSS_HI]; + + if (xfam & ~tdx_caps->supported_xfam) { + error_setg(errp, "Invalid XFAM 0x%lx for TDX VM (supported: 0x%llx))", + xfam, tdx_caps->supported_xfam); + return -1; + } + + tdx_guest->xfam = xfam; + return 0; +} + +static void tdx_filter_cpuid(struct kvm_cpuid2 *cpuids) +{ + int i, dest_cnt = 0; + struct kvm_cpuid_entry2 *src, *dest, *conf; + + for (i = 0; i < cpuids->nent; i++) { + src = cpuids->entries + i; + conf = cpuid_find_entry(&tdx_caps->cpuid, src->function, src->index); + if (!conf) { + continue; + } + dest = cpuids->entries + dest_cnt; + + dest->function = src->function; + dest->index = src->index; + dest->flags = src->flags; + dest->eax = src->eax & conf->eax; + dest->ebx = src->ebx & conf->ebx; + dest->ecx = src->ecx & conf->ecx; + dest->edx = src->edx & conf->edx; + + dest_cnt++; + } + cpuids->nent = dest_cnt++; +} + +int tdx_pre_create_vcpu(CPUState *cpu, Error **errp) +{ + X86CPU *x86cpu = X86_CPU(cpu); + CPUX86State *env = &x86cpu->env; + g_autofree struct kvm_tdx_init_vm *init_vm = NULL; + Error *local_err = NULL; + int retry = 10000; + int r = 0; + + QEMU_LOCK_GUARD(&tdx_guest->lock); + if (tdx_guest->initialized) { + return r; + } + + init_vm = g_malloc0(sizeof(struct kvm_tdx_init_vm) + + sizeof(struct kvm_cpuid_entry2) * KVM_MAX_CPUID_ENTRIES); + + r = setup_td_xfam(x86cpu, errp); + if (r) { + return r; + } + + init_vm->cpuid.nent = kvm_x86_build_cpuid(env, init_vm->cpuid.entries, 0); + tdx_filter_cpuid(&init_vm->cpuid); + + init_vm->attributes = tdx_guest->attributes; + init_vm->xfam = tdx_guest->xfam; + + /* + * KVM_TDX_INIT_VM gets -EAGAIN when KVM side SEAMCALL(TDH_MNG_CREATE) + * gets TDX_RND_NO_ENTROPY due to Random number generation (e.g., RDRAND or + * RDSEED) is busy. + * + * Retry for the case. + */ + do { + error_free(local_err); + local_err = NULL; + r = tdx_vm_ioctl(KVM_TDX_INIT_VM, 0, init_vm, &local_err); + } while (r == -EAGAIN && --retry); + + if (r < 0) { + if (!retry) { + error_report("Hardware RNG (Random Number Generator) is busy occupied by someone (via RDRAND/RDSEED) maliciously, " + "which leads to KVM_TDX_INIT_VM keeping failure due to lack of entropy."); + } + error_propagate(errp, local_err); + return r; + } + + tdx_guest->initialized = true; + + return 0; +} + /* tdx guest */ OBJECT_DEFINE_TYPE_WITH_INTERFACES(TdxGuest, tdx_guest, @@ -162,6 +263,8 @@ static void tdx_guest_init(Object *obj) ConfidentialGuestSupport *cgs = CONFIDENTIAL_GUEST_SUPPORT(obj); TdxGuest *tdx = TDX_GUEST(obj); + qemu_mutex_init(&tdx->lock); + cgs->require_guest_memfd = true; tdx->attributes = 0; diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h index de8ae9196163..4e2b5c61ff5b 100644 --- a/target/i386/kvm/tdx.h +++ b/target/i386/kvm/tdx.h @@ -19,7 +19,11 @@ typedef struct TdxGuestClass { typedef struct TdxGuest { X86ConfidentialGuest parent_obj; + QemuMutex lock; + + bool initialized; uint64_t attributes; /* TD attributes */ + uint64_t xfam; } TdxGuest; #ifdef CONFIG_TDX @@ -28,4 +32,6 @@ bool is_tdx_vm(void); #define is_tdx_vm() 0 #endif /* CONFIG_TDX */ +int tdx_pre_create_vcpu(CPUState *cpu, Error **errp); + #endif /* QEMU_I386_TDX_H */ From patchwork Fri Jan 24 13:20:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949399 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 300D23596F for ; Fri, 24 Jan 2025 13:37:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725856; cv=none; b=ljblrOrgROcKtuPlmUAPCymnXv/yhjovG8I7WKSvj0j+GfMc+zPfhy/IiBLCbzzYo/5xfo6dW7shUxLOCRtY0SXFPpSUROuRxxN3/ExxiaGKgaFeFr16nYSJNCbW9WapucdQehDGK8e5av3CwYJlK5JBt8248GBih7uzO2D95MY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725856; c=relaxed/simple; bh=8WMcUge9rmtOr6U0aXqB/yjkjjM2B/twbpSG8Wc/MCo=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=IhkBNlq+03X0Yy5mlobfRdlDunEmlRNkXFaVoiXrTIUtag7oKEcjqsPhlZedu3ar5DvMliMn1+oPtS4R2a0m1u+ERhUp2zjSiJYDWYFmP8k34blbdwwTqUNu7v8iA/CvD4oojdMy6vUOoSmze9u1jh9OcZe/yye1d3WPa7tz8Hk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=XOIWn+sT; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="XOIWn+sT" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725856; x=1769261856; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=8WMcUge9rmtOr6U0aXqB/yjkjjM2B/twbpSG8Wc/MCo=; b=XOIWn+sTVQnjwK0ppi+4JMTrdeRPDmTUfquhQG6kuxV7dFkUtNXR2EXj S7D7IO/hqKgQcZK6e5wlWBuztteNrg54q297RyVY/OPHXLyt6fbJiNpTa 7ryYCzpst4zo2ssnlkucP9V2gwWLUefSH0+KNuORmhxga5rjMnpJ+/PlV CsV9lRYfPhL/Iyyv/JYhj+y9u51smNZ8bdV+yAbMbpTgSN6MfhKO/w2Lb hKgzakOLjGJqpbcIeO1CfPaH7+9YvTOjUr+uCnq999HPzONHxH9Kfhtzc Fp/IL051sZKy2DaCVgaguWzCqUHsecrb0dLTGPt0hy9Rfa2dK8uN3x4dE Q==; X-CSE-ConnectionGUID: KrGma/ptQUaz7DvwiTEjOA== X-CSE-MsgGUID: NjgThYKHTlq39aAZL/66HQ== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246238" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246238" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:37:35 -0800 X-CSE-ConnectionGUID: P74qXLdRRR2cMWAUc+dSGw== X-CSE-MsgGUID: CUpxfmNmSJ6bXdmYzO8QLA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804180" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:37:31 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 09/52] i386/tdx: Add property sept-ve-disable for tdx-guest object Date: Fri, 24 Jan 2025 08:20:05 -0500 Message-Id: <20250124132048.3229049-10-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Bit 28 of TD attribute, named SEPT_VE_DISABLE. When set to 1, it disables EPT violation conversion to #VE on guest TD access of PENDING pages. Some guest OS (e.g., Linux TD guest) may require this bit as 1. Otherwise refuse to boot. Add sept-ve-disable property for tdx-guest object, for user to configure this bit. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann Acked-by: Markus Armbruster --- Changes in v4: - collect Acked-by from Markus Changes in v3: - update the comment of property @sept-ve-disable to make it more descriptive and use new format. (Daniel and Markus) --- qapi/qom.json | 8 +++++++- target/i386/kvm/tdx.c | 23 +++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/qapi/qom.json b/qapi/qom.json index e3a5e9330b54..8740626c4ee6 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -1055,10 +1055,16 @@ # @attributes: The 'attributes' of a TD guest that is passed to # KVM_TDX_INIT_VM # +# @sept-ve-disable: toggle bit 28 of TD attributes to control disabling +# of EPT violation conversion to #VE on guest TD access of PENDING +# pages. Some guest OS (e.g., Linux TD guest) may require this to +# be set, otherwise they refuse to boot. +# # Since: 10.0 ## { 'struct': 'TdxGuestProperties', - 'data': { '*attributes': 'uint64' } } + 'data': { '*attributes': 'uint64', + '*sept-ve-disable': 'bool' } } ## # @ThreadContextProperties: diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index b8a85f2333ad..214ff7409e1f 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -18,6 +18,8 @@ #include "kvm_i386.h" #include "tdx.h" +#define TDX_TD_ATTRIBUTES_SEPT_VE_DISABLE BIT_ULL(28) + static TdxGuest *tdx_guest; static struct kvm_tdx_capabilities *tdx_caps; @@ -250,6 +252,24 @@ int tdx_pre_create_vcpu(CPUState *cpu, Error **errp) return 0; } +static bool tdx_guest_get_sept_ve_disable(Object *obj, Error **errp) +{ + TdxGuest *tdx = TDX_GUEST(obj); + + return !!(tdx->attributes & TDX_TD_ATTRIBUTES_SEPT_VE_DISABLE); +} + +static void tdx_guest_set_sept_ve_disable(Object *obj, bool value, Error **errp) +{ + TdxGuest *tdx = TDX_GUEST(obj); + + if (value) { + tdx->attributes |= TDX_TD_ATTRIBUTES_SEPT_VE_DISABLE; + } else { + tdx->attributes &= ~TDX_TD_ATTRIBUTES_SEPT_VE_DISABLE; + } +} + /* tdx guest */ OBJECT_DEFINE_TYPE_WITH_INTERFACES(TdxGuest, tdx_guest, @@ -270,6 +290,9 @@ static void tdx_guest_init(Object *obj) object_property_add_uint64_ptr(obj, "attributes", &tdx->attributes, OBJ_PROP_FLAG_READWRITE); + object_property_add_bool(obj, "sept-ve-disable", + tdx_guest_get_sept_ve_disable, + tdx_guest_set_sept_ve_disable); } static void tdx_guest_finalize(Object *obj) From patchwork Fri Jan 24 13:20:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949400 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 242757080B for ; Fri, 24 Jan 2025 13:37:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725860; cv=none; b=md1DAHXFc08Y+f74sIQbIIqBa/EkiA7tzSc2J2g8OkA/1RVDysy73ioJbM0B/OOCcoolfp5FK2xAEFB0gfL9Byk6nYikKqTwKGHBF106vYDnPTTi7mxulCwSi1phXp82ylFg4RfoLRCL7GOWC7SJ3syIPWgP90V4fTAYlqcz6r0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725860; c=relaxed/simple; bh=F8ch/qHyLt2WHZ+uYLam5gSOJtfGWUCHU0mx+JtYsOU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Caj56VuKvNhW2XVp1P75TXZZ0ZU6zlJPl6YDwsR5b6AxybJqDmlW7Qt9Iqp9uTee1COP4hTOBmXJaUK37uONg9jWgcNOA+M1yC9q44IZNzi67yZLxvAcmJCm/Rp40A3BxYO12bixd8sblBUXoKcVm+0m+ZtIcfe9kGQFuiAs9/o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=YWFrOg9Y; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="YWFrOg9Y" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725860; x=1769261860; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=F8ch/qHyLt2WHZ+uYLam5gSOJtfGWUCHU0mx+JtYsOU=; b=YWFrOg9Y+lPTLr4ax6LAStQMzohtlFhL3sGtn0je5bNLL3maYMkXJDlv AQnj8detcmPXgs/xQkVZjZXfKT+Vfx0fv26XrP6aOd3zQ4rbV1ONvwyCc OF/wtIE4z4YMYaSCRcwwcMpvHj9lM+9OWTAKzuNqmTE9R2xalUavuntQc I0uYew7m0obNod5aOM3eNpGDa1SILRFTisM58BZZuFqITJNc8BhU3IloF Scaz2nZbkzgH9zfr+CfwGPUXTVbROot99lVUbQZRdg4/2AyGhkJfiyl1P GwPyhnw6OcEH/cqahKclKOGUKGUsYQI/lmmclYa8HMBRb31kwPSb45nfF Q==; X-CSE-ConnectionGUID: UiOHkY5TTXCkzhWd3yc/iw== X-CSE-MsgGUID: /GJAGQ1RTdy2FjX794/n1A== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246245" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246245" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:37:39 -0800 X-CSE-ConnectionGUID: vCehlZIdQm6+gmZkBYWjMA== X-CSE-MsgGUID: vRKtt1j1Q2ecC5GamkpXiQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804188" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:37:35 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 10/52] i386/tdx: Make sept_ve_disable set by default Date: Fri, 24 Jan 2025 08:20:06 -0500 Message-Id: <20250124132048.3229049-11-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Isaku Yamahata For TDX KVM use case, Linux guest is the most major one. It requires sept_ve_disable set. Make it default for the main use case. For other use case, it can be enabled/disabled via qemu command line. Signed-off-by: Isaku Yamahata Signed-off-by: Xiaoyao Li --- target/i386/kvm/tdx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 214ff7409e1f..dcb19a18e405 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -286,7 +286,7 @@ static void tdx_guest_init(Object *obj) qemu_mutex_init(&tdx->lock); cgs->require_guest_memfd = true; - tdx->attributes = 0; + tdx->attributes = TDX_TD_ATTRIBUTES_SEPT_VE_DISABLE; object_property_add_uint64_ptr(obj, "attributes", &tdx->attributes, OBJ_PROP_FLAG_READWRITE); From patchwork Fri Jan 24 13:20:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949401 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 770AA42AB0 for ; Fri, 24 Jan 2025 13:37:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725863; cv=none; b=Hl4gyNlYNV4T+Ra8v/fbkCkMbhkngSr3S+hNjBPrz6hwg0fHLhorAW93nQlBI2kJswd6kvZsohOb40crlJZwGMLyXozaF9VFmYWIDqqysKxRj27En4nGd1JXA7zMeNMzRKo16zTERocsBq+K0ZTZE1pUpfTfIbXFwkv5jreh8ks= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725863; c=relaxed/simple; bh=Cfpj4WCxfFDeTOSQgHq6/UjikY4uRx0YKjE6SJdKb/c=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=e9c9+T21paUnMyALY4PWkI/ovGhWgAEdHNuN9yfENbWIY3V/kFC4jwbxgSKhsWEFwaYmVk7dUk5f8P7zVvme+4boDQ6gMs1gvKB0ntyWu1hDcwtkD2UKVfVW5VN+PuaCyscJa4vJsxzh+4h6E+g3dEpZoPnWmQ1zmsG7vNIgglU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=j2dnHqOc; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="j2dnHqOc" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725863; x=1769261863; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Cfpj4WCxfFDeTOSQgHq6/UjikY4uRx0YKjE6SJdKb/c=; b=j2dnHqOcgLYnLNmqi8YLLfYngnBxSi1rBF6yMt1r4eMatiniFS4gsyqs LzrInNHPBaCKhViDZpI0UZ7CgC3o8/sgDsmOX+gAuHkSjdE8oZPHiXjhC tgYjAVOW2hOrmVJUEJFlhtP59AlZ9zTsFZ99K83LO06j+/ALHvcuOBTsy gTEWSL7B6f97QEnGqepQFzOH7Z1WOi6l4BatDuydUOuuHDFUqcB+ZNnup AWS2CDX3VurpFd8OKq3tka1SxumfPMRGG1BaTrs3OTbQ4XDgTIhgShrF4 4wUvmuyJrNxswuJKP2WBPBi9DB+RHCQnatlqzZ3lPSaRpp42e7bpp3f8X w==; X-CSE-ConnectionGUID: I+r8H5AdQkOoIWYfELXBBg== X-CSE-MsgGUID: bs7f6z+ESsG0YqaRMPM+4A== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246252" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246252" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:37:43 -0800 X-CSE-ConnectionGUID: rE3BlB5cTS6u0AEIazFIlA== X-CSE-MsgGUID: V2mWSehdQZWsGWPdWoKM1Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804196" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:37:38 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 11/52] i386/tdx: Wire CPU features up with attributes of TD guest Date: Fri, 24 Jan 2025 08:20:07 -0500 Message-Id: <20250124132048.3229049-12-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 For QEMU VMs, - PKS is configured via CPUID_7_0_ECX_PKS, e.g., -cpu xxx,+pks and - PMU is configured by x86cpu->enable_pmu, e.g., -cpu xxx,pmu=on While the bit 30 (PKS) and bit 63 (PERFMON) of TD's attributes are also used to configure the PKS and PERFMON/PMU of TD, reuse the existing configuration interfaces of 'cpu' for TD's attributes. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- target/i386/kvm/tdx.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index dcb19a18e405..653942d83bcb 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -19,6 +19,8 @@ #include "tdx.h" #define TDX_TD_ATTRIBUTES_SEPT_VE_DISABLE BIT_ULL(28) +#define TDX_TD_ATTRIBUTES_PKS BIT_ULL(30) +#define TDX_TD_ATTRIBUTES_PERFMON BIT_ULL(63) static TdxGuest *tdx_guest; @@ -151,6 +153,15 @@ static int tdx_kvm_type(X86ConfidentialGuest *cg) return KVM_X86_TDX_VM; } +static void setup_td_guest_attributes(X86CPU *x86cpu) +{ + CPUX86State *env = &x86cpu->env; + + tdx_guest->attributes |= (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_PKS) ? + TDX_TD_ATTRIBUTES_PKS : 0; + tdx_guest->attributes |= x86cpu->enable_pmu ? TDX_TD_ATTRIBUTES_PERFMON : 0; +} + static int setup_td_xfam(X86CPU *x86cpu, Error **errp) { CPUX86State *env = &x86cpu->env; @@ -214,6 +225,8 @@ int tdx_pre_create_vcpu(CPUState *cpu, Error **errp) init_vm = g_malloc0(sizeof(struct kvm_tdx_init_vm) + sizeof(struct kvm_cpuid_entry2) * KVM_MAX_CPUID_ENTRIES); + setup_td_guest_attributes(x86cpu); + r = setup_td_xfam(x86cpu, errp); if (r) { return r; From patchwork Fri Jan 24 13:20:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949402 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4FB8242AB0 for ; Fri, 24 Jan 2025 13:37:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725868; cv=none; b=df52ziaN0DWAbGO9erFNkdfeLJSaZHkRAhiX5rKH4A//EJ2QtYyTgyjUgVBbj8t0Zb/LjFtpnFEfofV3JE6p1PDQseBaFVDpO5g3+bn/C6JNoW3xjb4knbeb7AMQJN6AqaVugFCSiTJ7m0B/r30YwoAGITgHe2OHRXN4IQiRrOs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725868; c=relaxed/simple; bh=fSsAL3WOwQ9gQ4rru12HLOwZ4HFCghaKIHkuJX/Kx5E=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=Qb21z8deDOb9H4XVuLKCBBCIooQrvbPlfM7Dl8uVyla5YvYaERnPlf6/WnTUZD/7owo4gUvIoL56ah/PIm/iyEVtuEKaF4VI96zAhOdyAIC03Z8yT7T6FZ4VcRPnSibWYyRcf9+2e0i3J+rB7/GGK5bl55yPRyyB6I/1oOT2eIg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=LBdk6cKF; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="LBdk6cKF" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725867; x=1769261867; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=fSsAL3WOwQ9gQ4rru12HLOwZ4HFCghaKIHkuJX/Kx5E=; b=LBdk6cKFVYJcl1IaEYpwjyLpfjGD8NDJgL2dEJc0zI0udWK4PpO7Q5bN 8W48SZSJ7uN4/laywd0eMeVSF6Rcn2zMdL2DsZaWb5cTLl8SG2PRhhs9w knp8o5gpZgZnKh+TI9idQhHKI1xp7zO4zp+OkTWsc9UOnt8OCyjMYFnVE Z7aX81RnHyH9olk0m6zruOhFf/7ZwI1F+MqAf16tZf/32jzMZhAN5yYzO Jvy6HEeaOxQ3uMiLBmPLLvZDHeabMJ77pCj0SWmoqgXiKjAe5wVk99rHj cTfdcBf1RBhyW4x3j0uZWQ4jsE/uCyD+ZTmJNmgMKOi9HGJlTARCjOqV0 g==; X-CSE-ConnectionGUID: miNaBs7ZRiGaqmpku+s00w== X-CSE-MsgGUID: AuEKex8NTTaem+ovPs24qg== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246257" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246257" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:37:46 -0800 X-CSE-ConnectionGUID: Xg0IVMEySGOGeX/lgoAMtQ== X-CSE-MsgGUID: ChSKISCtRFG5UODlsYUscg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804204" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:37:42 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 12/52] i386/tdx: Validate TD attributes Date: Fri, 24 Jan 2025 08:20:08 -0500 Message-Id: <20250124132048.3229049-13-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Validate TD attributes with tdx_caps that only supported bits arer allowed by KVM. Besides, sanity check the attribute bits that have not been supported by QEMU yet. e.g., debug bit, it will be allowed in the future when debug TD support lands in QEMU. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- Changes in v7: - Define TDX_SUPPORTED_TD_ATTRS as QEMU supported mask, to validates user's request. (Rick) Changes in v3: - using error_setg() for error report; (Daniel) --- qapi/qom.json | 16 +++++- target/i386/kvm/tdx.c | 118 +++++++++++++++++++++++++++++++++++++++++- target/i386/kvm/tdx.h | 3 ++ 3 files changed, 134 insertions(+), 3 deletions(-) diff --git a/qapi/qom.json b/qapi/qom.json index 8740626c4ee6..a53000ca6fb4 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -1060,11 +1060,25 @@ # pages. Some guest OS (e.g., Linux TD guest) may require this to # be set, otherwise they refuse to boot. # +# @mrconfigid: ID for non-owner-defined configuration of the guest TD, +# e.g., run-time or OS configuration (base64 encoded SHA384 digest). +# Defaults to all zeros. +# +# @mrowner: ID for the guest TD’s owner (base64 encoded SHA384 digest). +# Defaults to all zeros. +# +# @mrownerconfig: ID for owner-defined configuration of the guest TD, +# e.g., specific to the workload rather than the run-time or OS +# (base64 encoded SHA384 digest). Defaults to all zeros. +# # Since: 10.0 ## { 'struct': 'TdxGuestProperties', 'data': { '*attributes': 'uint64', - '*sept-ve-disable': 'bool' } } + '*sept-ve-disable': 'bool', + '*mrconfigid': 'str', + '*mrowner': 'str', + '*mrownerconfig': 'str' } } ## # @ThreadContextProperties: diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 653942d83bcb..ed843af1d0b6 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -11,17 +11,24 @@ #include "qemu/osdep.h" #include "qemu/error-report.h" +#include "qemu/base64.h" #include "qapi/error.h" #include "qom/object_interfaces.h" +#include "crypto/hash.h" #include "hw/i386/x86.h" #include "kvm_i386.h" #include "tdx.h" +#define TDX_TD_ATTRIBUTES_DEBUG BIT_ULL(0) #define TDX_TD_ATTRIBUTES_SEPT_VE_DISABLE BIT_ULL(28) #define TDX_TD_ATTRIBUTES_PKS BIT_ULL(30) #define TDX_TD_ATTRIBUTES_PERFMON BIT_ULL(63) +#define TDX_SUPPORTED_TD_ATTRS (TDX_TD_ATTRIBUTES_SEPT_VE_DISABLE |\ + TDX_TD_ATTRIBUTES_PKS | \ + TDX_TD_ATTRIBUTES_PERFMON) + static TdxGuest *tdx_guest; static struct kvm_tdx_capabilities *tdx_caps; @@ -153,13 +160,33 @@ static int tdx_kvm_type(X86ConfidentialGuest *cg) return KVM_X86_TDX_VM; } -static void setup_td_guest_attributes(X86CPU *x86cpu) +static int tdx_validate_attributes(TdxGuest *tdx, Error **errp) +{ + if ((tdx->attributes & ~tdx_caps->supported_attrs)) { + error_setg(errp, "Invalid attributes 0x%lx for TDX VM " + "(KVM supported: 0x%llx)", tdx->attributes, + tdx_caps->supported_attrs); + return -1; + } + + if (tdx->attributes & ~TDX_SUPPORTED_TD_ATTRS) { + warn_report("Some QEMU unsupported TD attribute bits being requested:" + "requested: 0x%lx QEMU supported: 0x%llx", + tdx->attributes, TDX_SUPPORTED_TD_ATTRS); + } + + return 0; +} + +static int setup_td_guest_attributes(X86CPU *x86cpu, Error **errp) { CPUX86State *env = &x86cpu->env; tdx_guest->attributes |= (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_PKS) ? TDX_TD_ATTRIBUTES_PKS : 0; tdx_guest->attributes |= x86cpu->enable_pmu ? TDX_TD_ATTRIBUTES_PERFMON : 0; + + return tdx_validate_attributes(tdx_guest, errp); } static int setup_td_xfam(X86CPU *x86cpu, Error **errp) @@ -214,6 +241,7 @@ int tdx_pre_create_vcpu(CPUState *cpu, Error **errp) CPUX86State *env = &x86cpu->env; g_autofree struct kvm_tdx_init_vm *init_vm = NULL; Error *local_err = NULL; + size_t data_len; int retry = 10000; int r = 0; @@ -225,7 +253,40 @@ int tdx_pre_create_vcpu(CPUState *cpu, Error **errp) init_vm = g_malloc0(sizeof(struct kvm_tdx_init_vm) + sizeof(struct kvm_cpuid_entry2) * KVM_MAX_CPUID_ENTRIES); - setup_td_guest_attributes(x86cpu); + if (tdx_guest->mrconfigid) { + g_autofree uint8_t *data = qbase64_decode(tdx_guest->mrconfigid, + strlen(tdx_guest->mrconfigid), &data_len, errp); + if (!data || data_len != QCRYPTO_HASH_DIGEST_LEN_SHA384) { + error_setg(errp, "TDX: failed to decode mrconfigid"); + return -1; + } + memcpy(init_vm->mrconfigid, data, data_len); + } + + if (tdx_guest->mrowner) { + g_autofree uint8_t *data = qbase64_decode(tdx_guest->mrowner, + strlen(tdx_guest->mrowner), &data_len, errp); + if (!data || data_len != QCRYPTO_HASH_DIGEST_LEN_SHA384) { + error_setg(errp, "TDX: failed to decode mrowner"); + return -1; + } + memcpy(init_vm->mrowner, data, data_len); + } + + if (tdx_guest->mrownerconfig) { + g_autofree uint8_t *data = qbase64_decode(tdx_guest->mrownerconfig, + strlen(tdx_guest->mrownerconfig), &data_len, errp); + if (!data || data_len != QCRYPTO_HASH_DIGEST_LEN_SHA384) { + error_setg(errp, "TDX: failed to decode mrownerconfig"); + return -1; + } + memcpy(init_vm->mrownerconfig, data, data_len); + } + + r = setup_td_guest_attributes(x86cpu, errp); + if (r) { + return r; + } r = setup_td_xfam(x86cpu, errp); if (r) { @@ -283,6 +344,51 @@ static void tdx_guest_set_sept_ve_disable(Object *obj, bool value, Error **errp) } } +static char *tdx_guest_get_mrconfigid(Object *obj, Error **errp) +{ + TdxGuest *tdx = TDX_GUEST(obj); + + return g_strdup(tdx->mrconfigid); +} + +static void tdx_guest_set_mrconfigid(Object *obj, const char *value, Error **errp) +{ + TdxGuest *tdx = TDX_GUEST(obj); + + g_free(tdx->mrconfigid); + tdx->mrconfigid = g_strdup(value); +} + +static char *tdx_guest_get_mrowner(Object *obj, Error **errp) +{ + TdxGuest *tdx = TDX_GUEST(obj); + + return g_strdup(tdx->mrowner); +} + +static void tdx_guest_set_mrowner(Object *obj, const char *value, Error **errp) +{ + TdxGuest *tdx = TDX_GUEST(obj); + + g_free(tdx->mrowner); + tdx->mrowner = g_strdup(value); +} + +static char *tdx_guest_get_mrownerconfig(Object *obj, Error **errp) +{ + TdxGuest *tdx = TDX_GUEST(obj); + + return g_strdup(tdx->mrownerconfig); +} + +static void tdx_guest_set_mrownerconfig(Object *obj, const char *value, Error **errp) +{ + TdxGuest *tdx = TDX_GUEST(obj); + + g_free(tdx->mrownerconfig); + tdx->mrownerconfig = g_strdup(value); +} + /* tdx guest */ OBJECT_DEFINE_TYPE_WITH_INTERFACES(TdxGuest, tdx_guest, @@ -306,6 +412,14 @@ static void tdx_guest_init(Object *obj) object_property_add_bool(obj, "sept-ve-disable", tdx_guest_get_sept_ve_disable, tdx_guest_set_sept_ve_disable); + object_property_add_str(obj, "mrconfigid", + tdx_guest_get_mrconfigid, + tdx_guest_set_mrconfigid); + object_property_add_str(obj, "mrowner", + tdx_guest_get_mrowner, tdx_guest_set_mrowner); + object_property_add_str(obj, "mrownerconfig", + tdx_guest_get_mrownerconfig, + tdx_guest_set_mrownerconfig); } static void tdx_guest_finalize(Object *obj) diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h index 4e2b5c61ff5b..e472b11fb0dd 100644 --- a/target/i386/kvm/tdx.h +++ b/target/i386/kvm/tdx.h @@ -24,6 +24,9 @@ typedef struct TdxGuest { bool initialized; uint64_t attributes; /* TD attributes */ uint64_t xfam; + char *mrconfigid; /* base64 encoded sha348 digest */ + char *mrowner; /* base64 encoded sha348 digest */ + char *mrownerconfig; /* base64 encoded sha348 digest */ } TdxGuest; #ifdef CONFIG_TDX From patchwork Fri Jan 24 13:20:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949403 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D22D42AB0 for ; Fri, 24 Jan 2025 13:37:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725871; cv=none; b=BY0yuq04dLz0YYFsY4xc9dH7UoPhecFnav9fJMGyFUmvdX70UPaDO3wDG8aiG9NDkI0mxqYUgis/xbgJhyrL+2edAudl3l6cLj7DY9Vyp2E9+nSzC0XlDNW2tCTYg3TzUa7T8UgCTcf5jx825/wOwKLVTTedrBfmO0kaiAN5OJM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725871; c=relaxed/simple; bh=qmNZXY74mhCvcHjPeZ7Zt9Eiiug9SdAA9hSZ2NO+cEA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ugqksWeaZK3FfdbNSc3A7cZS4Z+WqAAZyL6RYIoiMXhGYQpwmTLFJEcefblfu7sWlUWjhJSEy6zzCnIZP+4SLR6GRFlp91fAuUHVSI7QTFiR/exEva583bTc1jMjdbNndejIh3iacp+AfPoAkbIDfxufYAdu2fdeskD0GZBRAMM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Sjxskbv7; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Sjxskbv7" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725870; x=1769261870; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=qmNZXY74mhCvcHjPeZ7Zt9Eiiug9SdAA9hSZ2NO+cEA=; b=Sjxskbv7wVXNSzC5OJM7WiZVyArSdJQDqtYG16eajiiYiTCmd1k7YFHr pdpY4m547op6WuaKyeZTo5SzbbHrImUdtk0TDEaTL7VIJhOIUrtwhbShF VE+F+BOLhLsLoURK3kMltcqYFFjqCRoZjlkeutOh2+C048WW3I8iMREMQ xFhDFhs+wjzKDoYKW7wh3AtpJGR+9JhTCwLF7MAiWdrYO77oTWZNZYWEH E2BqJXyb8kCSDTjwlhru6Xn3J39BzG8FDBaw77wLVPHOAWsMfjv7cNMkt zUMH7/78xRF4U0b3qMdL2oqjjkRz0YRHoC+2evnTwi7D0Zc9R+QfeEFWM Q==; X-CSE-ConnectionGUID: UGZelB2qRZGPQ9sqz3xIWw== X-CSE-MsgGUID: OMiaV9oRQFeJSkrgIJxCZA== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246273" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246273" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:37:50 -0800 X-CSE-ConnectionGUID: p75RpVOpQQqG+e6CaUHL2Q== X-CSE-MsgGUID: hw4H65BBSYm+zmpJJIXQkQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804209" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:37:46 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 13/52] i386/tdx: Set APIC bus rate to match with what TDX module enforces Date: Fri, 24 Jan 2025 08:20:09 -0500 Message-Id: <20250124132048.3229049-14-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 TDX advertises core crystal clock with cpuid[0x15] as 25MHz for TD guests and it's unchangeable from VMM. As a result, TDX guest reads the APIC timer as the same frequency, 25MHz. While KVM's default emulated frequency for APIC bus is 1GHz, set the APIC bus rate to match with TDX explicitly to ensure KVM provide correct emulated APIC timer for TD guest. Signed-off-by: Xiaoyao Li --- Changes in v6: - new patch; --- target/i386/kvm/tdx.c | 13 +++++++++++++ target/i386/kvm/tdx.h | 3 +++ 2 files changed, 16 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index ed843af1d0b6..96138c2d2b73 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -253,6 +253,19 @@ int tdx_pre_create_vcpu(CPUState *cpu, Error **errp) init_vm = g_malloc0(sizeof(struct kvm_tdx_init_vm) + sizeof(struct kvm_cpuid_entry2) * KVM_MAX_CPUID_ENTRIES); + if (!kvm_check_extension(kvm_state, KVM_CAP_X86_APIC_BUS_CYCLES_NS)) { + error_setg(errp, "KVM doesn't support KVM_CAP_X86_APIC_BUS_CYCLES_NS"); + return -EOPNOTSUPP; + } + + r = kvm_vm_enable_cap(kvm_state, KVM_CAP_X86_APIC_BUS_CYCLES_NS, + 0, TDX_APIC_BUS_CYCLES_NS); + if (r < 0) { + error_setg_errno(errp, -r, + "Unable to set core crystal clock frequency to 25MHz"); + return r; + } + if (tdx_guest->mrconfigid) { g_autofree uint8_t *data = qbase64_decode(tdx_guest->mrconfigid, strlen(tdx_guest->mrconfigid), &data_len, errp); diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h index e472b11fb0dd..d39e733d9fcc 100644 --- a/target/i386/kvm/tdx.h +++ b/target/i386/kvm/tdx.h @@ -16,6 +16,9 @@ typedef struct TdxGuestClass { X86ConfidentialGuestClass parent_class; } TdxGuestClass; +/* TDX requires bus frequency 25MHz */ +#define TDX_APIC_BUS_CYCLES_NS 40 + typedef struct TdxGuest { X86ConfidentialGuest parent_obj; From patchwork Fri Jan 24 13:20:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949404 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EA58C42AB0 for ; Fri, 24 Jan 2025 13:37:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725875; cv=none; b=Pthhi0xXuOMf0z1vVZMJ8/g00lYGoFLySqaiIeOdgrb+Mzxn+BoDCDznpo5ILSxtYqAaMHdEKWm3gY1p6PvZlAvRT4sQuaEMWywdx7CQSGT3VZzY9NEQbfFHNKR7PavuR4QmV5EMm4XqxeYmdPp49GG8eQtKAAVfjGMgsBK1FsA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725875; c=relaxed/simple; bh=QQ+mVECDFZb0mkAaU9OtvuN3aHLirivkATTtr/jbCBI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=CiCAlFLVf310TokL4I6u+DN+8kAb5YVF1/PTGkpT0Gq46XLeGvF80GcUipx9eOAkj9PsXsjx9uqyIurOyvn39StBJmOF9fKRpC80/lcVCnLsRfGSDX4TVNHAHab63zi2U7xi4FAB7xgu7VUqi44JMPnt3Pa3t5zzJP+oc1e3mw4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=d3l6XiXX; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="d3l6XiXX" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725874; x=1769261874; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=QQ+mVECDFZb0mkAaU9OtvuN3aHLirivkATTtr/jbCBI=; b=d3l6XiXXYdC8wu5sqDGtQP/iAbCCSbpIq4NF8+hoT3QnDBvsv7ObxJMv bR9FudjmY9MoMb70EjDvUIr703pczyHev3MuyWXovWBChsu3JrCh5u9MM gytHWZAyq98nlcVLdZEDI+U6jGCbj3A3ngupjMEdGbD6lZ+TClM3gFRkN zHraSO3utBWW7ga8jTgCUr6J5ESju6bgRfQ50gHbSWtqBMIlFZ9K7R9bQ txD06CJUtJbn9q/lX9zy6wNoiEL6b/W4VCp5hav9lybz++dQ9ViuaUq0Z r4NsLqqlfwfEunAlCMDfPHlGwAob9FXQ7jOfCep6Di+1EoaQamQkI0uX5 Q==; X-CSE-ConnectionGUID: ErPkLZc2QiC+dEYAYQZV9w== X-CSE-MsgGUID: i+0cCuk1QKmZ7Qa1uxuQvg== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246286" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246286" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:37:54 -0800 X-CSE-ConnectionGUID: O6LbGE7HQISg2e//eEKBdQ== X-CSE-MsgGUID: appmcy6vRWqbm5xN1V/jfQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804218" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:37:50 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 14/52] i386/tdx: Implement user specified tsc frequency Date: Fri, 24 Jan 2025 08:20:10 -0500 Message-Id: <20250124132048.3229049-15-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Reuse "-cpu,tsc-frequency=" to get user wanted tsc frequency and call VM scope VM_SET_TSC_KHZ to set the tsc frequency of TD before KVM_TDX_INIT_VM. Besides, sanity check the tsc frequency to be in the legal range and legal granularity (required by TDX module). Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- Changes in v3: - use @errp to report error info; (Daniel) Changes in v1: - Use VM scope VM_SET_TSC_KHZ to set the TSC frequency of TD since KVM side drop the @tsc_khz field in struct kvm_tdx_init_vm --- target/i386/kvm/kvm.c | 9 +++++++++ target/i386/kvm/tdx.c | 25 +++++++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index a537699bb7df..7de5014051eb 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -869,6 +869,15 @@ static int kvm_arch_set_tsc_khz(CPUState *cs) int r, cur_freq; bool set_ioctl = false; + /* + * TSC of TD vcpu is immutable, it cannot be set/changed via vcpu scope + * VM_SET_TSC_KHZ, but only be initialized via VM scope VM_SET_TSC_KHZ + * before ioctl KVM_TDX_INIT_VM in tdx_pre_create_vcpu() + */ + if (is_tdx_vm()) { + return 0; + } + if (!env->tsc_khz) { return 0; } diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 96138c2d2b73..2124284e1653 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -20,6 +20,9 @@ #include "kvm_i386.h" #include "tdx.h" +#define TDX_MIN_TSC_FREQUENCY_KHZ (100 * 1000) +#define TDX_MAX_TSC_FREQUENCY_KHZ (10 * 1000 * 1000) + #define TDX_TD_ATTRIBUTES_DEBUG BIT_ULL(0) #define TDX_TD_ATTRIBUTES_SEPT_VE_DISABLE BIT_ULL(28) #define TDX_TD_ATTRIBUTES_PKS BIT_ULL(30) @@ -266,6 +269,28 @@ int tdx_pre_create_vcpu(CPUState *cpu, Error **errp) return r; } + if (env->tsc_khz && (env->tsc_khz < TDX_MIN_TSC_FREQUENCY_KHZ || + env->tsc_khz > TDX_MAX_TSC_FREQUENCY_KHZ)) { + error_setg(errp, "Invalid TSC %ld KHz, must specify cpu_frequency " + "between [%d, %d] kHz", env->tsc_khz, + TDX_MIN_TSC_FREQUENCY_KHZ, TDX_MAX_TSC_FREQUENCY_KHZ); + return -EINVAL; + } + + if (env->tsc_khz % (25 * 1000)) { + error_setg(errp, "Invalid TSC %ld KHz, it must be multiple of 25MHz", + env->tsc_khz); + return -EINVAL; + } + + /* it's safe even env->tsc_khz is 0. KVM uses host's tsc_khz in this case */ + r = kvm_vm_ioctl(kvm_state, KVM_SET_TSC_KHZ, env->tsc_khz); + if (r < 0) { + error_setg_errno(errp, -r, "Unable to set TSC frequency to %ld kHz", + env->tsc_khz); + return r; + } + if (tdx_guest->mrconfigid) { g_autofree uint8_t *data = qbase64_decode(tdx_guest->mrconfigid, strlen(tdx_guest->mrconfigid), &data_len, errp); From patchwork Fri Jan 24 13:20:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949405 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F0FF4D599 for ; Fri, 24 Jan 2025 13:37:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725879; cv=none; b=l5/GrIkDGBVtAiL8jWLZu06MtAwrN+fm+byucd9NrcGc9KRpRDVdLDetHbR23zjhS+AZGbPeYRO/EjT3DYDJU6lIPnem2doZZfeDb80RDLuWAMZBxUdlI2f/xVyrGCT07r8e/7NJPMAK8sd0RU7c/eyfHuOjBGavFdfmQ/hNU/0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725879; c=relaxed/simple; bh=57vNewpNjlNsOGxCHvti2rQKSJRLR2ytKnQk0AXe0PQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=AvN8fkV/j5Pmy4OPjRF3/7KJC76vYQO3WgiJpDCoxOQuZcCN2CcPX7n+TvW3sl+Sf67VngKPGdW+m+Lnb27lHWf9rOIdVvUPmeAECxp4NpP8CEMHe1RMH7Y7eg12en1gqIIv9mNT1ypm17OLidtxvqRAVSm5U+xB6vEtk1wF7yw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=lRuCQ6/U; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="lRuCQ6/U" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725879; x=1769261879; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=57vNewpNjlNsOGxCHvti2rQKSJRLR2ytKnQk0AXe0PQ=; b=lRuCQ6/ULJfOmdL3trCtAxB4w7qAOdCGYkObYyhp+8+d+CeHuPJVglZc WFtPWgcv/sJ/X9KrUcKWLCUfIYur8/qYFXN/IKYBAtXddLjU6IYhajZ6b yxSOU/ORQfNy0xIIqZ6369Ja2mu9oJpIXIXB1pdom8HIXORWK6MUf695o LnQtKD3tVMtMInnG0YMXSXiYq45ico1kOvxOysWvf6513s10z33EcUec3 Dr4eKnXv/fVxg3OKDqqrEfXR9eAB8lgA/XugQAkq3HAzvQMHD1pexlvu3 4ywyq/h91abpraJb8d/0SFqTuoI/GhG3ATOYSmpPUKErhvG827nx25GCg g==; X-CSE-ConnectionGUID: r9MWZehcSf+u1XDAFInOMA== X-CSE-MsgGUID: GJ5qBUSbTQ620agxbbw93Q== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246298" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246298" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:37:58 -0800 X-CSE-ConnectionGUID: 0CXDbUQTSmOIl/OBnySsXw== X-CSE-MsgGUID: PxUwDFD5TKmZmxHT4HD22w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804234" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:37:54 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 15/52] i386/tdx: load TDVF for TD guest Date: Fri, 24 Jan 2025 08:20:11 -0500 Message-Id: <20250124132048.3229049-16-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Chao Peng TDVF(OVMF) needs to run at private memory for TD guest. TDX cannot support pflash device since it doesn't support read-only private memory. Thus load TDVF(OVMF) with -bios option for TDs. Use memory_region_init_ram_guest_memfd() to allocate the MemoryRegion for TDVF because it needs to be located at private memory. Also store the MemoryRegion pointer of TDVF since the shared ramblock of it can be discared after it gets copied to private ramblock. Signed-off-by: Chao Peng Co-developed-by: Xiaoyao Li Signed-off-by: Xiaoyao Li --- hw/i386/x86-common.c | 6 +++++- target/i386/kvm/tdx.c | 6 ++++++ target/i386/kvm/tdx.h | 3 +++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c index 008496b5b851..1f9492c2dbfd 100644 --- a/hw/i386/x86-common.c +++ b/hw/i386/x86-common.c @@ -44,6 +44,7 @@ #include "standard-headers/asm-x86/bootparam.h" #include CONFIG_DEVICES #include "kvm/kvm_i386.h" +#include "kvm/tdx.h" #ifdef CONFIG_XEN_EMU #include "hw/xen/xen.h" @@ -1035,11 +1036,14 @@ void x86_bios_rom_init(X86MachineState *x86ms, const char *default_firmware, if (machine_require_guest_memfd(MACHINE(x86ms))) { memory_region_init_ram_guest_memfd(&x86ms->bios, NULL, "pc.bios", bios_size, &error_fatal); + if (is_tdx_vm()) { + tdx_set_tdvf_region(&x86ms->bios); + } } else { memory_region_init_ram(&x86ms->bios, NULL, "pc.bios", bios_size, &error_fatal); } - if (sev_enabled()) { + if (sev_enabled() || is_tdx_vm()) { /* * The concept of a "reset" simply doesn't exist for * confidential computing guests, we have to destroy and diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 2124284e1653..f1c0553e6d4a 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -137,6 +137,12 @@ static int get_tdx_capabilities(Error **errp) return 0; } +void tdx_set_tdvf_region(MemoryRegion *tdvf_mr) +{ + assert(!tdx_guest->tdvf_mr); + tdx_guest->tdvf_mr = tdvf_mr; +} + static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { TdxGuest *tdx = TDX_GUEST(cgs); diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h index d39e733d9fcc..b73461b8d8a3 100644 --- a/target/i386/kvm/tdx.h +++ b/target/i386/kvm/tdx.h @@ -30,6 +30,8 @@ typedef struct TdxGuest { char *mrconfigid; /* base64 encoded sha348 digest */ char *mrowner; /* base64 encoded sha348 digest */ char *mrownerconfig; /* base64 encoded sha348 digest */ + + MemoryRegion *tdvf_mr; } TdxGuest; #ifdef CONFIG_TDX @@ -39,5 +41,6 @@ bool is_tdx_vm(void); #endif /* CONFIG_TDX */ int tdx_pre_create_vcpu(CPUState *cpu, Error **errp); +void tdx_set_tdvf_region(MemoryRegion *tdvf_mr); #endif /* QEMU_I386_TDX_H */ From patchwork Fri Jan 24 13:20:12 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949406 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0FDEA35947 for ; Fri, 24 Jan 2025 13:38:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725883; cv=none; b=pHAJtEpeA0QDqCzAfCfKSkpnsNzZ67gEg5xYWGFlScsyq+c2Unm4Wcv1f1Tovjwpwn3kjlFNZQnliZLYbNRNNv4EHbCIcueDCTPgTq0QUqf63SrNXyXadZSgsrBoZM6qVbVykcBI3boCInxnfJDBGsWvNqDHgr9hvlQUvORg11E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725883; c=relaxed/simple; bh=P+Pmx+LcxOT3BhV+lEew4Euzn/9Kw3olJ8jN9qlmsOQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=m5L4yzugTK9w/+Ngdba0Iw652/MXDmbI5Rr28WJrmJ/4ChdgLqPRnHrPiiS5seYyXFH4u4FATlZBfE4IwAtuym78nW9vY+Q2n3N4VBMSn6S6S+fF0G4SzBccgRBz2nBCVSXvjw7/sBzFzj8fAWnHugDgROhzihHWMhgQ/rPim8Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=FBgwtxG2; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="FBgwtxG2" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725882; x=1769261882; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=P+Pmx+LcxOT3BhV+lEew4Euzn/9Kw3olJ8jN9qlmsOQ=; b=FBgwtxG2HOwsv74Fn+8cg94LQIppGuSNfDyU5w00UXQQjkRH0iIsjmhN RtKbRaEM5SntVWWH4XnhoBTkd/9vNTWbB+mNcS1otdhp/vR+aBOhipjHS 8Oypk2uIEbI57BUM8d+2+9NQfepZkl/5DDGPWe7rlMbWH3VEmgFLudvtc 16c7+PTm/87vtpdU1PvawJe2rDN9f+O0rsYSopoIZfrU1XvEuFSyo/0H4 +4cpHyGy/WzskMfp9A6LzWj55qsFVWAoEcfdwmDXFV2LXQOIbzLNkfvAm w2x+zn12yu5Ec+r6MEUmQXv9N1axDkRXPseP6gj6bSCwvCV4sShHJAOSL w==; X-CSE-ConnectionGUID: XqMfGbhdT1CjgdpBXYtWDg== X-CSE-MsgGUID: L2E5CXZUTyuXetrNaamLjA== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246315" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246315" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:38:02 -0800 X-CSE-ConnectionGUID: 4f48dn7jS5KTz0v201XbMw== X-CSE-MsgGUID: 67GuREJASjKpvaDY/HnnRw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804243" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:37:58 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 16/52] i386/tdvf: Introduce function to parse TDVF metadata Date: Fri, 24 Jan 2025 08:20:12 -0500 Message-Id: <20250124132048.3229049-17-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Isaku Yamahata TDX VM needs to boot with its specialized firmware, Trusted Domain Virtual Firmware (TDVF). QEMU needs to parse TDVF and map it in TD guest memory prior to running the TDX VM. A TDVF Metadata in TDVF image describes the structure of firmware. QEMU refers to it to setup memory for TDVF. Introduce function tdvf_parse_metadata() to parse the metadata from TDVF image and store the info of each TDVF section. TDX metadata is located by a TDX metadata offset block, which is a GUID-ed structure. The data portion of the GUID structure contains only an 4-byte field that is the offset of TDX metadata to the end of firmware file. Select X86_FW_OVMF when TDX is enable to leverage existing functions to parse and search OVMF's GUID-ed structures. Signed-off-by: Isaku Yamahata Co-developed-by: Xiaoyao Li Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- Changes in v7: - Update license info to only use SPDX tag; - use g_autofree to avoid manually free; Changes in v6: - Drop the the data endianness change for metadata->Length; Changes in v1: - rename tdvf_parse_section_entry() to tdvf_parse_and_check_section_entry() Changes in RFC v4: - rename TDX_METADATA_GUID to TDX_METADATA_OFFSET_GUID --- hw/i386/Kconfig | 1 + hw/i386/meson.build | 1 + hw/i386/tdvf.c | 186 +++++++++++++++++++++++++++++++++++++++++ include/hw/i386/tdvf.h | 38 +++++++++ 4 files changed, 226 insertions(+) create mode 100644 hw/i386/tdvf.c create mode 100644 include/hw/i386/tdvf.h diff --git a/hw/i386/Kconfig b/hw/i386/Kconfig index cce9521ba934..eb65bda6e071 100644 --- a/hw/i386/Kconfig +++ b/hw/i386/Kconfig @@ -12,6 +12,7 @@ config SGX config TDX bool + select X86_FW_OVMF depends on KVM config PC diff --git a/hw/i386/meson.build b/hw/i386/meson.build index 10bdfde27c69..3bc1da2b6eb4 100644 --- a/hw/i386/meson.build +++ b/hw/i386/meson.build @@ -32,6 +32,7 @@ i386_ss.add(when: 'CONFIG_PC', if_true: files( 'port92.c')) i386_ss.add(when: 'CONFIG_X86_FW_OVMF', if_true: files('pc_sysfw_ovmf.c'), if_false: files('pc_sysfw_ovmf-stubs.c')) +i386_ss.add(when: 'CONFIG_TDX', if_true: files('tdvf.c')) subdir('kvm') subdir('xen') diff --git a/hw/i386/tdvf.c b/hw/i386/tdvf.c new file mode 100644 index 000000000000..887af41ff486 --- /dev/null +++ b/hw/i386/tdvf.c @@ -0,0 +1,186 @@ +/* + * Copyright (c) 2025 Intel Corporation + * Author: Isaku Yamahata + * + * Xiaoyao Li + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "qemu/osdep.h" +#include "qemu/error-report.h" + +#include "hw/i386/pc.h" +#include "hw/i386/tdvf.h" +#include "system/kvm.h" + +#define TDX_METADATA_OFFSET_GUID "e47a6535-984a-4798-865e-4685a7bf8ec2" +#define TDX_METADATA_VERSION 1 +#define TDVF_SIGNATURE 0x46564454 /* TDVF as little endian */ + +typedef struct { + uint32_t DataOffset; + uint32_t RawDataSize; + uint64_t MemoryAddress; + uint64_t MemoryDataSize; + uint32_t Type; + uint32_t Attributes; +} TdvfSectionEntry; + +typedef struct { + uint32_t Signature; + uint32_t Length; + uint32_t Version; + uint32_t NumberOfSectionEntries; + TdvfSectionEntry SectionEntries[]; +} TdvfMetadata; + +struct tdx_metadata_offset { + uint32_t offset; +}; + +static TdvfMetadata *tdvf_get_metadata(void *flash_ptr, int size) +{ + TdvfMetadata *metadata; + uint32_t offset = 0; + uint8_t *data; + + if ((uint32_t) size != size) { + return NULL; + } + + if (pc_system_ovmf_table_find(TDX_METADATA_OFFSET_GUID, &data, NULL)) { + offset = size - le32_to_cpu(((struct tdx_metadata_offset *)data)->offset); + + if (offset + sizeof(*metadata) > size) { + return NULL; + } + } else { + error_report("Cannot find TDX_METADATA_OFFSET_GUID"); + return NULL; + } + + metadata = flash_ptr + offset; + + /* Finally, verify the signature to determine if this is a TDVF image. */ + metadata->Signature = le32_to_cpu(metadata->Signature); + if (metadata->Signature != TDVF_SIGNATURE) { + error_report("Invalid TDVF signature in metadata!"); + return NULL; + } + + /* Sanity check that the TDVF doesn't overlap its own metadata. */ + metadata->Length = le32_to_cpu(metadata->Length); + if (offset + metadata->Length > size) { + return NULL; + } + + /* Only version 1 is supported/defined. */ + metadata->Version = le32_to_cpu(metadata->Version); + if (metadata->Version != TDX_METADATA_VERSION) { + return NULL; + } + + return metadata; +} + +static int tdvf_parse_and_check_section_entry(const TdvfSectionEntry *src, + TdxFirmwareEntry *entry) +{ + entry->data_offset = le32_to_cpu(src->DataOffset); + entry->data_len = le32_to_cpu(src->RawDataSize); + entry->address = le64_to_cpu(src->MemoryAddress); + entry->size = le64_to_cpu(src->MemoryDataSize); + entry->type = le32_to_cpu(src->Type); + entry->attributes = le32_to_cpu(src->Attributes); + + /* sanity check */ + if (entry->size < entry->data_len) { + error_report("Broken metadata RawDataSize 0x%x MemoryDataSize 0x%lx", + entry->data_len, entry->size); + return -1; + } + if (!QEMU_IS_ALIGNED(entry->address, TARGET_PAGE_SIZE)) { + error_report("MemoryAddress 0x%lx not page aligned", entry->address); + return -1; + } + if (!QEMU_IS_ALIGNED(entry->size, TARGET_PAGE_SIZE)) { + error_report("MemoryDataSize 0x%lx not page aligned", entry->size); + return -1; + } + + switch (entry->type) { + case TDVF_SECTION_TYPE_BFV: + case TDVF_SECTION_TYPE_CFV: + /* The sections that must be copied from firmware image to TD memory */ + if (entry->data_len == 0) { + error_report("%d section with RawDataSize == 0", entry->type); + return -1; + } + break; + case TDVF_SECTION_TYPE_TD_HOB: + case TDVF_SECTION_TYPE_TEMP_MEM: + /* The sections that no need to be copied from firmware image */ + if (entry->data_len != 0) { + error_report("%d section with RawDataSize 0x%x != 0", + entry->type, entry->data_len); + return -1; + } + break; + default: + error_report("TDVF contains unsupported section type %d", entry->type); + return -1; + } + + return 0; +} + +int tdvf_parse_metadata(TdxFirmware *fw, void *flash_ptr, int size) +{ + g_autofree TdvfSectionEntry *sections = NULL; + TdvfMetadata *metadata; + ssize_t entries_size; + int i; + + metadata = tdvf_get_metadata(flash_ptr, size); + if (!metadata) { + return -EINVAL; + } + + /* load and parse metadata entries */ + fw->nr_entries = le32_to_cpu(metadata->NumberOfSectionEntries); + if (fw->nr_entries < 2) { + error_report("Invalid number of fw entries (%u) in TDVF Metadata", + fw->nr_entries); + return -EINVAL; + } + + entries_size = fw->nr_entries * sizeof(TdvfSectionEntry); + if (metadata->Length != sizeof(*metadata) + entries_size) { + error_report("TDVF metadata len (0x%x) mismatch, expected (0x%x)", + metadata->Length, + (uint32_t)(sizeof(*metadata) + entries_size)); + return -EINVAL; + } + + fw->entries = g_new(TdxFirmwareEntry, fw->nr_entries); + sections = g_new(TdvfSectionEntry, fw->nr_entries); + + if (!memcpy(sections, (void *)metadata + sizeof(*metadata), entries_size)) { + error_report("Failed to read TDVF section entries"); + goto err; + } + + for (i = 0; i < fw->nr_entries; i++) { + if (tdvf_parse_and_check_section_entry(§ions[i], &fw->entries[i])) { + goto err; + } + } + + return 0; + +err: + fw->entries = 0; + g_free(fw->entries); + return -EINVAL; +} diff --git a/include/hw/i386/tdvf.h b/include/hw/i386/tdvf.h new file mode 100644 index 000000000000..7ebcac42a36c --- /dev/null +++ b/include/hw/i386/tdvf.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2025 Intel Corporation + * Author: Isaku Yamahata + * + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#ifndef HW_I386_TDVF_H +#define HW_I386_TDVF_H + +#include "qemu/osdep.h" + +#define TDVF_SECTION_TYPE_BFV 0 +#define TDVF_SECTION_TYPE_CFV 1 +#define TDVF_SECTION_TYPE_TD_HOB 2 +#define TDVF_SECTION_TYPE_TEMP_MEM 3 + +#define TDVF_SECTION_ATTRIBUTES_MR_EXTEND (1U << 0) +#define TDVF_SECTION_ATTRIBUTES_PAGE_AUG (1U << 1) + +typedef struct TdxFirmwareEntry { + uint32_t data_offset; + uint32_t data_len; + uint64_t address; + uint64_t size; + uint32_t type; + uint32_t attributes; +} TdxFirmwareEntry; + +typedef struct TdxFirmware { + uint32_t nr_entries; + TdxFirmwareEntry *entries; +} TdxFirmware; + +int tdvf_parse_metadata(TdxFirmware *fw, void *flash_ptr, int size); + +#endif /* HW_I386_TDVF_H */ From patchwork Fri Jan 24 13:20:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949407 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B263435947 for ; Fri, 24 Jan 2025 13:38:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725887; cv=none; b=cHCp2aeIikBpz/Nb0nxWhaSFdTtBsHQ0308IM84SD/kjecehghj0tC8LQq357xVaIFXx5kaW6LIGD1xxiuv5gImZTbvkis1J7JaNRwnDlEy+npiKOeneAS3tAI1BAKAT6lmWujQrSjan4FD5Oso21Qstaq68fN3IUjOJEmDykwQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725887; c=relaxed/simple; bh=KvZlxJMfHQpg+xP8PiG3vQkx+/0/ppfMQ8jqgGYNJts=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Urpkz2FyO7DeHsr2g0kNDbRNNXXqTOxAECZTjy674oq94EboiYNWo70iYxtdQscZujWOeUwiJWVOhNOa6Wo9lq3z1dm0UIJZP6JVv7rOaUOF7VWWFi+Dskf1majNWreMHbHzCXKqYIRdHWSRRTfefqCFZk+9myMr+ZexzERhOi0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=l6BdLleC; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="l6BdLleC" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725886; x=1769261886; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=KvZlxJMfHQpg+xP8PiG3vQkx+/0/ppfMQ8jqgGYNJts=; b=l6BdLleC0Mf6hwYc6XMOsCpJst4bNk/IK47mKv1WjZ8aMmAriejSpowI KGaaWnm//AMZSNd9ZuhiNVFJ2+OH9z9yNK2DrmQNlfGO3gHxFQP+FefL/ J40w2DyX7oRuOtK7q2KlLtpCaCF6/iCm4DWx0LLpdInN5D5o6zqEXYqv3 aP443hJB4wTh2Y1tlgUnfbQFYpw23ZZ31ZPfs4juQCWo/Y1MV6F4KRaCx GO7Z5mjkp4yb6kDuaf174bCFkR3LMMrJu3NX64ReDGVDQwp6zXB7LPab+ Xk6W/C3JQjQATNPZr+kYOTBgLqlTBcULrd2zXxdq1CUbOcXX54GonfXKL A==; X-CSE-ConnectionGUID: O8B1tUcRSKSuuDGUfDJ4lQ== X-CSE-MsgGUID: 1eIvN8EhTzSQJNS0YtNw3g== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246338" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246338" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:38:06 -0800 X-CSE-ConnectionGUID: Fjlf3TCXTKe3sRoxDNFtaQ== X-CSE-MsgGUID: XCvGpOWiQF6kwJIg5pwVLQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804258" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:38:01 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 17/52] i386/tdx: Parse TDVF metadata for TDX VM Date: Fri, 24 Jan 2025 08:20:13 -0500 Message-Id: <20250124132048.3229049-18-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 After TDVF is loaded to bios MemoryRegion, it needs parse TDVF metadata. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- hw/i386/pc_sysfw.c | 7 +++++++ target/i386/kvm/tdx-stub.c | 5 +++++ target/i386/kvm/tdx.c | 5 +++++ target/i386/kvm/tdx.h | 3 +++ 4 files changed, 20 insertions(+) diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index 1eeb58ab37f9..821396c16e91 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -37,6 +37,7 @@ #include "hw/block/flash.h" #include "system/kvm.h" #include "target/i386/sev.h" +#include "kvm/tdx.h" #define FLASH_SECTOR_SIZE 4096 @@ -280,5 +281,11 @@ void x86_firmware_configure(hwaddr gpa, void *ptr, int size) } sev_encrypt_flash(gpa, ptr, size, &error_fatal); + } else if (is_tdx_vm()) { + ret = tdx_parse_tdvf(ptr, size); + if (ret) { + error_report("failed to parse TDVF for TDX VM"); + exit(1); + } } } diff --git a/target/i386/kvm/tdx-stub.c b/target/i386/kvm/tdx-stub.c index 2344433594ea..7748b6d0a446 100644 --- a/target/i386/kvm/tdx-stub.c +++ b/target/i386/kvm/tdx-stub.c @@ -8,3 +8,8 @@ int tdx_pre_create_vcpu(CPUState *cpu, Error **errp) { return -EINVAL; } + +int tdx_parse_tdvf(void *flash_ptr, int size) +{ + return -EINVAL; +} diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index f1c0553e6d4a..73f90b0a2217 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -370,6 +370,11 @@ int tdx_pre_create_vcpu(CPUState *cpu, Error **errp) return 0; } +int tdx_parse_tdvf(void *flash_ptr, int size) +{ + return tdvf_parse_metadata(&tdx_guest->tdvf, flash_ptr, size); +} + static bool tdx_guest_get_sept_ve_disable(Object *obj, Error **errp) { TdxGuest *tdx = TDX_GUEST(obj); diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h index b73461b8d8a3..28a03c2a7b82 100644 --- a/target/i386/kvm/tdx.h +++ b/target/i386/kvm/tdx.h @@ -8,6 +8,7 @@ #endif #include "confidential-guest.h" +#include "hw/i386/tdvf.h" #define TYPE_TDX_GUEST "tdx-guest" #define TDX_GUEST(obj) OBJECT_CHECK(TdxGuest, (obj), TYPE_TDX_GUEST) @@ -32,6 +33,7 @@ typedef struct TdxGuest { char *mrownerconfig; /* base64 encoded sha348 digest */ MemoryRegion *tdvf_mr; + TdxFirmware tdvf; } TdxGuest; #ifdef CONFIG_TDX @@ -42,5 +44,6 @@ bool is_tdx_vm(void); int tdx_pre_create_vcpu(CPUState *cpu, Error **errp); void tdx_set_tdvf_region(MemoryRegion *tdvf_mr); +int tdx_parse_tdvf(void *flash_ptr, int size); #endif /* QEMU_I386_TDX_H */ From patchwork Fri Jan 24 13:20:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949408 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 989534F21D for ; Fri, 24 Jan 2025 13:38:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725891; cv=none; b=XLY2I29lrezpNlcusVmfFHrKwtFD75dw9koFL2pNMHECEcu503VPXGfRIVA5nHPon8yM9oBlTD40B1rmVfJusW13HI1YLlrhPBzLY4lzZ9u9NKRb8EDWOKRD+LJfWWHLtbk3IlJtxwJX3jV88Ofk9JbGicPB9UXLElGCxEqqDXI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725891; c=relaxed/simple; bh=HuvboPRDLbZB+Way0U2g7CeCQn9FZ60lR92Vrz/24ac=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=j5zMXIQ8mRXHEAJm0E3E69bnmO8g8Hkoj/93cqbnTqJWl33IVITX1BPRsugAVCKaDiIyOuZX6S5Pwb0iH78/FypCefWQgHoU+B0OL84+TdaxfU4vwpJmrkx5YJLVWvL7xJaMTq7TyL3TVrVrqFsCaK1ZLmkvsGAeCyYo2PYU8EQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=E47nIG7f; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="E47nIG7f" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725890; x=1769261890; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=HuvboPRDLbZB+Way0U2g7CeCQn9FZ60lR92Vrz/24ac=; b=E47nIG7f3kqkc4fDQFDi8rg89U37ho3sbqkgD4lQIo51B67ae54Upu0e mpehOnbsSYY/OYyey6vtiSoExHTvCFcp+7WYstoXuJ3YJZmLdVpOUaRVM 7HLylC4w/tSd1vBm/CqmrZKjzQ52N26nhOEUJhJxjow0DLksjv00Red7E fW/ur1MCiulFELBqTuO35XiOSgVFqYD9JQg1TcquXFKQh1sRdoc6I5vM8 2KFSeek+NdanIS3TKHe8ZrV+r81Hm/VaYas8aa9f9GgQrRgDsF8O57wn3 vzpBdlsCdSmka5r4GX/RwfUHbgoSX/wqG4gh89HSoaMnmGYJCYMsF7ZyO A==; X-CSE-ConnectionGUID: 4VuBybO9SXCP2yCCXrlo+g== X-CSE-MsgGUID: v44nAiKwSymdI0JjRtc1IQ== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246351" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246351" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:38:10 -0800 X-CSE-ConnectionGUID: 6Xjezrm4TTSM0aXpZtsPeQ== X-CSE-MsgGUID: epRjCEB6QUiuy6YVgLWgAg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804269" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:38:05 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 18/52] i386/tdx: Don't initialize pc.rom for TDX VMs Date: Fri, 24 Jan 2025 08:20:14 -0500 Message-Id: <20250124132048.3229049-19-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 For TDX, the address below 1MB are entirely general RAM. No need to initialize pc.rom memory region for TDs. Signed-off-by: Xiaoyao Li --- This is more as a workaround of the issue that for q35 machine type, the real memslot update (which requires memslot deletion )for pc.rom happens after tdx_init_memory_region. It leads to the private memory ADD'ed before get lost. I haven't work out a good solution to resolve the order issue. So just skip the pc.rom setup to avoid memslot deletion. --- hw/i386/pc.c | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/hw/i386/pc.c b/hw/i386/pc.c index b46975c8a4db..44ccc82e2472 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -43,6 +43,7 @@ #include "system/xen.h" #include "system/reset.h" #include "kvm/kvm_i386.h" +#include "kvm/tdx.h" #include "hw/xen/xen.h" #include "qapi/qmp/qlist.h" #include "qemu/error-report.h" @@ -972,21 +973,23 @@ void pc_memory_init(PCMachineState *pcms, /* Initialize PC system firmware */ pc_system_firmware_init(pcms, rom_memory); - option_rom_mr = g_malloc(sizeof(*option_rom_mr)); - if (machine_require_guest_memfd(machine)) { - memory_region_init_ram_guest_memfd(option_rom_mr, NULL, "pc.rom", - PC_ROM_SIZE, &error_fatal); - } else { - memory_region_init_ram(option_rom_mr, NULL, "pc.rom", PC_ROM_SIZE, - &error_fatal); - if (pcmc->pci_enabled) { - memory_region_set_readonly(option_rom_mr, true); + if (!is_tdx_vm()) { + option_rom_mr = g_malloc(sizeof(*option_rom_mr)); + if (machine_require_guest_memfd(machine)) { + memory_region_init_ram_guest_memfd(option_rom_mr, NULL, "pc.rom", + PC_ROM_SIZE, &error_fatal); + } else { + memory_region_init_ram(option_rom_mr, NULL, "pc.rom", PC_ROM_SIZE, + &error_fatal); + if (pcmc->pci_enabled) { + memory_region_set_readonly(option_rom_mr, true); + } } + memory_region_add_subregion_overlap(rom_memory, + PC_ROM_MIN_VGA, + option_rom_mr, + 1); } - memory_region_add_subregion_overlap(rom_memory, - PC_ROM_MIN_VGA, - option_rom_mr, - 1); fw_cfg = fw_cfg_arch_create(machine, x86ms->boot_cpus, x86ms->apic_id_limit); From patchwork Fri Jan 24 13:20:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949409 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 726584AEE2 for ; Fri, 24 Jan 2025 13:38:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725895; cv=none; b=omDqEDu3zSp7j3MMpNgPmmZA3zF2yKLElalRYLC4R25HWD3n1pd0/LH+gskkBjHLczQRzhBcSSuS0H20VATD/h+rZePclIjon/DUqvq6WZrjnW0mj6QlFzRKEH8WJYk2Hh7kuYLoQ+frA0TIQxwscmEGKaOfvprSaLxIfU1WCE0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725895; c=relaxed/simple; bh=DXpMC+tvWG2bJ2wmr3p9vzssFXm2kjDUo/t7kVqEp9k=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=JxIrUtnlpNpKx5kV2UPLtkwZwvVja34CqDVLGCYWL38ps+mMMsnrSeFg7zVxrHV3EOvnzyTOH9uCcZ4TrcxctfCxH5IPZ++CVKLk8tAnDqw8J+m7p7Yb5CkMks/lD7poQhAJFnXDdftr6yDHhwtDJnC3GCKjpDloelBW6UKAJ4I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=W4tiG91J; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="W4tiG91J" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725894; x=1769261894; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=DXpMC+tvWG2bJ2wmr3p9vzssFXm2kjDUo/t7kVqEp9k=; b=W4tiG91Jkc/mCIEbUfpMBvNm/jxaDf+NZd2wbifJbXt7zr3L6iZy+wAE V/umvs8BeImT52sBp02wMUPO7ob8h5zERDyey9FNKD+eziQcGnYenn2bg w4QKkmHWj4paXPAjPO2u1qoVVyOLt68D2GnCbA1+4IMSgdPS3dsUsOtgB 2nG/ocD6WCEGzwonTWd39sm9TebGCxq2nKQdxyKVEHYvuNp3zgaO8oIdz 89r6dDXGYMHUM3OorFovgG0F58TcPo3rXoMsbJq39iolt4ZbxUUmmkQ5h 0XZecTWqTSFGHtBFQaV1eM/tPbGMJbgBcYKMtHuIc/bckdTI90q6Zysjo g==; X-CSE-ConnectionGUID: lcSSM0JUSDCnrUUWaEoKXA== X-CSE-MsgGUID: zJJW255TT1W9C5uyl8p8LA== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246361" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246361" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:38:14 -0800 X-CSE-ConnectionGUID: AjZTTzDmQM6xqe0hhFX0zA== X-CSE-MsgGUID: D7OT/wdNTdyDe1rt+e8JQw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804275" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:38:09 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 19/52] i386/tdx: Track mem_ptr for each firmware entry of TDVF Date: Fri, 24 Jan 2025 08:20:15 -0500 Message-Id: <20250124132048.3229049-20-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 For each TDVF sections, QEMU needs to copy the content to guest private memory via KVM API (KVM_TDX_INIT_MEM_REGION). Introduce a field @mem_ptr for TdxFirmwareEntry to track the memory pointer of each TDVF sections. So that QEMU can add/copy them to guest private memory later. TDVF sections can be classified into two groups: - Firmware itself, e.g., TDVF BFV and CFV, that located separately from guest RAM. Its memory pointer is the bios pointer. - Sections located at guest RAM, e.g., TEMP_MEM and TD_HOB. mmap a new memory range for them. Register a machine_init_done callback to do the stuff. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- hw/i386/tdvf.c | 1 + include/hw/i386/tdvf.h | 7 +++++++ target/i386/kvm/tdx.c | 33 +++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+) diff --git a/hw/i386/tdvf.c b/hw/i386/tdvf.c index 887af41ff486..b693b3e6f8e2 100644 --- a/hw/i386/tdvf.c +++ b/hw/i386/tdvf.c @@ -177,6 +177,7 @@ int tdvf_parse_metadata(TdxFirmware *fw, void *flash_ptr, int size) } } + fw->mem_ptr = flash_ptr; return 0; err: diff --git a/include/hw/i386/tdvf.h b/include/hw/i386/tdvf.h index 7ebcac42a36c..e75c8d1acc68 100644 --- a/include/hw/i386/tdvf.h +++ b/include/hw/i386/tdvf.h @@ -26,13 +26,20 @@ typedef struct TdxFirmwareEntry { uint64_t size; uint32_t type; uint32_t attributes; + + void *mem_ptr; } TdxFirmwareEntry; typedef struct TdxFirmware { + void *mem_ptr; + uint32_t nr_entries; TdxFirmwareEntry *entries; } TdxFirmware; +#define for_each_tdx_fw_entry(fw, e) \ + for (e = (fw)->entries; e != (fw)->entries + (fw)->nr_entries; e++) + int tdvf_parse_metadata(TdxFirmware *fw, void *flash_ptr, int size); #endif /* HW_I386_TDVF_H */ diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 73f90b0a2217..8564b3ae905d 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -12,10 +12,14 @@ #include "qemu/osdep.h" #include "qemu/error-report.h" #include "qemu/base64.h" +#include "qemu/mmap-alloc.h" #include "qapi/error.h" #include "qom/object_interfaces.h" #include "crypto/hash.h" +#include "system/system.h" +#include "hw/i386/x86.h" +#include "hw/i386/tdvf.h" #include "hw/i386/x86.h" #include "kvm_i386.h" #include "tdx.h" @@ -143,6 +147,33 @@ void tdx_set_tdvf_region(MemoryRegion *tdvf_mr) tdx_guest->tdvf_mr = tdvf_mr; } +static void tdx_finalize_vm(Notifier *notifier, void *unused) +{ + TdxFirmware *tdvf = &tdx_guest->tdvf; + TdxFirmwareEntry *entry; + + for_each_tdx_fw_entry(tdvf, entry) { + switch (entry->type) { + case TDVF_SECTION_TYPE_BFV: + case TDVF_SECTION_TYPE_CFV: + entry->mem_ptr = tdvf->mem_ptr + entry->data_offset; + break; + case TDVF_SECTION_TYPE_TD_HOB: + case TDVF_SECTION_TYPE_TEMP_MEM: + entry->mem_ptr = qemu_ram_mmap(-1, entry->size, + qemu_real_host_page_size(), 0, 0); + break; + default: + error_report("Unsupported TDVF section %d", entry->type); + exit(1); + } + } +} + +static Notifier tdx_machine_done_notify = { + .notify = tdx_finalize_vm, +}; + static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { TdxGuest *tdx = TDX_GUEST(cgs); @@ -157,6 +188,8 @@ static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } } + qemu_add_machine_init_done_notifier(&tdx_machine_done_notify); + tdx_guest = tdx; return 0; } From patchwork Fri Jan 24 13:20:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949410 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7AAA478F33 for ; Fri, 24 Jan 2025 13:38:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725899; cv=none; b=I5xM+dGyjHxH2ZXNRBWzqhwzBDdeTXhySlZPyOzbqCRbgh3FBsNokZPb9a4nl6gNKZ0kRfTdFG+sDr40SlswXKQWBHTaewW48BV8itCZinRpZlmYluXNH/9q+lmny5vtPmjTDTDQBgL5uN+462Ip/8Fo8X2IMxFASLeCFutq4zI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725899; c=relaxed/simple; bh=96G8LB0iTAV51HmtN9mivMtrn8MuESNRQSXjh8lf74Q=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=lDxFG9PSqqcuxMUsj4DJhXifFPr2reDCCDw7rk9+WYP92O3cD3xSHXdgFXlC2+tozWa6LLOouJmIbgxtU3C425zVy4iGWrxwyUpD3qELq/ZckR5k0upeMazIX3WG3WChnM/dqyeTiB9yccosRsku/X1UoKPnv3mh0zjuvmlr02M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=He90duyd; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="He90duyd" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725898; x=1769261898; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=96G8LB0iTAV51HmtN9mivMtrn8MuESNRQSXjh8lf74Q=; b=He90duydhT9/ZTbhbywylwNcCHyYD+Af/n7z3pNFdmYtV/43TrDVtjdi PZrUtSY7s19uZdRQl6pTC8ibF1OjySQjPbbmVZ95PpOgzMcxGQGo/5iha b0ojwl0M2UjZf7sZJuq4zH5/kQatZoOC9asVNMQEOFseq8+JYOQetnuBd zQdeffctG6UVNdsZzF2U2ejAoMt51GzwlmjcYtaYe7d4EmOZzaWWmTX2Q Js+BLtsyJXoMhVUzbfi0E6CvWaOwAQQtEh940p22ab0B7veslbFK3Koi5 7fHHT1KYbeab2cOF029VyYs5u8oHSH8NQEkSafJ6qEpbSTH93HFq/WtkB Q==; X-CSE-ConnectionGUID: kioBgAuLRjmatJbsDjulcA== X-CSE-MsgGUID: +b1iaxTuRsOauKPlNQoYDw== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246374" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246374" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:38:18 -0800 X-CSE-ConnectionGUID: kfEJg5KSSNa2WTZU4jE2Nw== X-CSE-MsgGUID: 8QuQxaVvQjixa/1KFwmQnA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804292" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:38:13 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 20/52] i386/tdx: Track RAM entries for TDX VM Date: Fri, 24 Jan 2025 08:20:16 -0500 Message-Id: <20250124132048.3229049-21-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The RAM of TDX VM can be classified into two types: - TDX_RAM_UNACCEPTED: default type of TDX memory, which needs to be accepted by TDX guest before it can be used and will be all-zeros after being accepted. - TDX_RAM_ADDED: the RAM that is ADD'ed to TD guest before running, and can be used directly. E.g., TD HOB and TEMP MEM that needed by TDVF. Maintain TdxRamEntries[] which grabs the initial RAM info from e820 table and mark each RAM range as default type TDX_RAM_UNACCEPTED. Then turn the range of TD HOB and TEMP MEM to TDX_RAM_ADDED since these ranges will be ADD'ed before TD runs and no need to be accepted runtime. The TdxRamEntries[] are later used to setup the memory TD resource HOB that passes memory info from QEMU to TDVF. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- Changes in v3: - use enum TdxRamType in struct TdxRamEntry; (Isaku) - Fix the indention; (Daniel) Changes in v1: - simplify the algorithm of tdx_accept_ram_range() (Suggested-by: Gerd Hoffman) (1) Change the existing entry to cover the accepted ram range. (2) If there is room before the accepted ram range add a TDX_RAM_UNACCEPTED entry for that. (3) If there is room after the accepted ram range add a TDX_RAM_UNACCEPTED entry for that. --- target/i386/kvm/tdx.c | 111 ++++++++++++++++++++++++++++++++++++++++++ target/i386/kvm/tdx.h | 14 ++++++ 2 files changed, 125 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 8564b3ae905d..2dcdc2a7d977 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -18,6 +18,7 @@ #include "crypto/hash.h" #include "system/system.h" +#include "hw/i386/e820_memory_layout.h" #include "hw/i386/x86.h" #include "hw/i386/tdvf.h" #include "hw/i386/x86.h" @@ -147,11 +148,117 @@ void tdx_set_tdvf_region(MemoryRegion *tdvf_mr) tdx_guest->tdvf_mr = tdvf_mr; } +static void tdx_add_ram_entry(uint64_t address, uint64_t length, + enum TdxRamType type) +{ + uint32_t nr_entries = tdx_guest->nr_ram_entries; + tdx_guest->ram_entries = g_renew(TdxRamEntry, tdx_guest->ram_entries, + nr_entries + 1); + + tdx_guest->ram_entries[nr_entries].address = address; + tdx_guest->ram_entries[nr_entries].length = length; + tdx_guest->ram_entries[nr_entries].type = type; + tdx_guest->nr_ram_entries++; +} + +static int tdx_accept_ram_range(uint64_t address, uint64_t length) +{ + uint64_t head_start, tail_start, head_length, tail_length; + uint64_t tmp_address, tmp_length; + TdxRamEntry *e; + int i; + + for (i = 0; i < tdx_guest->nr_ram_entries; i++) { + e = &tdx_guest->ram_entries[i]; + + if (address + length <= e->address || + e->address + e->length <= address) { + continue; + } + + /* + * The to-be-accepted ram range must be fully contained by one + * RAM entry. + */ + if (e->address > address || + e->address + e->length < address + length) { + return -EINVAL; + } + + if (e->type == TDX_RAM_ADDED) { + return -EINVAL; + } + + break; + } + + if (i == tdx_guest->nr_ram_entries) { + return -1; + } + + tmp_address = e->address; + tmp_length = e->length; + + e->address = address; + e->length = length; + e->type = TDX_RAM_ADDED; + + head_length = address - tmp_address; + if (head_length > 0) { + head_start = tmp_address; + tdx_add_ram_entry(head_start, head_length, TDX_RAM_UNACCEPTED); + } + + tail_start = address + length; + if (tail_start < tmp_address + tmp_length) { + tail_length = tmp_address + tmp_length - tail_start; + tdx_add_ram_entry(tail_start, tail_length, TDX_RAM_UNACCEPTED); + } + + return 0; +} + +static int tdx_ram_entry_compare(const void *lhs_, const void* rhs_) +{ + const TdxRamEntry *lhs = lhs_; + const TdxRamEntry *rhs = rhs_; + + if (lhs->address == rhs->address) { + return 0; + } + if (le64_to_cpu(lhs->address) > le64_to_cpu(rhs->address)) { + return 1; + } + return -1; +} + +static void tdx_init_ram_entries(void) +{ + unsigned i, j, nr_e820_entries; + + nr_e820_entries = e820_get_table(NULL); + tdx_guest->ram_entries = g_new(TdxRamEntry, nr_e820_entries); + + for (i = 0, j = 0; i < nr_e820_entries; i++) { + uint64_t addr, len; + + if (e820_get_entry(i, E820_RAM, &addr, &len)) { + tdx_guest->ram_entries[j].address = addr; + tdx_guest->ram_entries[j].length = len; + tdx_guest->ram_entries[j].type = TDX_RAM_UNACCEPTED; + j++; + } + } + tdx_guest->nr_ram_entries = j; +} + static void tdx_finalize_vm(Notifier *notifier, void *unused) { TdxFirmware *tdvf = &tdx_guest->tdvf; TdxFirmwareEntry *entry; + tdx_init_ram_entries(); + for_each_tdx_fw_entry(tdvf, entry) { switch (entry->type) { case TDVF_SECTION_TYPE_BFV: @@ -162,12 +269,16 @@ static void tdx_finalize_vm(Notifier *notifier, void *unused) case TDVF_SECTION_TYPE_TEMP_MEM: entry->mem_ptr = qemu_ram_mmap(-1, entry->size, qemu_real_host_page_size(), 0, 0); + tdx_accept_ram_range(entry->address, entry->size); break; default: error_report("Unsupported TDVF section %d", entry->type); exit(1); } } + + qsort(tdx_guest->ram_entries, tdx_guest->nr_ram_entries, + sizeof(TdxRamEntry), &tdx_ram_entry_compare); } static Notifier tdx_machine_done_notify = { diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h index 28a03c2a7b82..36a7400e7480 100644 --- a/target/i386/kvm/tdx.h +++ b/target/i386/kvm/tdx.h @@ -20,6 +20,17 @@ typedef struct TdxGuestClass { /* TDX requires bus frequency 25MHz */ #define TDX_APIC_BUS_CYCLES_NS 40 +enum TdxRamType { + TDX_RAM_UNACCEPTED, + TDX_RAM_ADDED, +}; + +typedef struct TdxRamEntry { + uint64_t address; + uint64_t length; + enum TdxRamType type; +} TdxRamEntry; + typedef struct TdxGuest { X86ConfidentialGuest parent_obj; @@ -34,6 +45,9 @@ typedef struct TdxGuest { MemoryRegion *tdvf_mr; TdxFirmware tdvf; + + uint32_t nr_ram_entries; + TdxRamEntry *ram_entries; } TdxGuest; #ifdef CONFIG_TDX From patchwork Fri Jan 24 13:20:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949411 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 30C443594E for ; Fri, 24 Jan 2025 13:38:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725902; cv=none; b=BMTGUthXOFwB8aLrk3nGVpNkS2FfkCRJMjC0oRyUHU50YpiqHbhBTg8+HKNewnlUnKIANmeHIgr42C6D3jGVcn0+tgrPcsSpIc8UFi46/+PmMLIuw8MvbL62+jWPk4WhdzvrAlA+X7kWWcFZTKSZC47pKEnHlXNd2Xi4aAVP+wU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725902; c=relaxed/simple; bh=BWDfYdoXih8AY6i82nzgksQivupZnx5MXYglWsPoykQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=TTOh+I9ipiNJREBEzQFNWEFSGk+gE3b7/CCIAtbVNYPxIjMvw6S1csED7gMb4bHz3ztl1G8E75AcMi5r1l54MAx1lKVu4JkO0uGnqLlGPhNWozdYqoQlXwo8ncl35b9Y+SJEYFzglWukafI0THEgiHWQyzxbNqB8jL78Jib8DUc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=NbqWhWuo; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="NbqWhWuo" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725902; x=1769261902; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=BWDfYdoXih8AY6i82nzgksQivupZnx5MXYglWsPoykQ=; b=NbqWhWuotIfwEYM0lbfngA+q1aXGFJbImyHvMTd/mUr3u/bzKqNXjOEz 0LnRVDz0fF2wJIo8ZFzBU5uABgKcMBBR8+PwveqJzQ5pVjd0WZKwzRsqY pCEithDueufDdS8ZvEzP2uIKtlUsHqq5nnQLUFQx4Qcx5KHBlvUWxRIvo Ffcx3P0SGygb66CyCzF1moa/QwhbkWIlGCYSl3xrdKQWkpaLoMB/j98bl 9bFOMZh9HRkgzUcWLAKpPRdCZmwEbKqBg3/6bCw5vLZhBKHXbXO6qTBsg fridvIimYhnq91J+rEimPbjT7TLzc6KAjlNLt6qcLjFAZZ3Hr261inmIZ g==; X-CSE-ConnectionGUID: zlHvx1wzQHecB762qcLFJg== X-CSE-MsgGUID: R1xTK62JRiWycfe5WkizLQ== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246382" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246382" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:38:21 -0800 X-CSE-ConnectionGUID: Ew2wTsMfQBiuCGDqGpzQsA== X-CSE-MsgGUID: 8tkbM8KsSseO82JElQreaA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804298" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:38:17 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 21/52] headers: Add definitions from UEFI spec for volumes, resources, etc... Date: Fri, 24 Jan 2025 08:20:17 -0500 Message-Id: <20250124132048.3229049-22-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add UEFI definitions for literals, enums, structs, GUIDs, etc... that will be used by TDX to build the UEFI Hand-Off Block (HOB) that is passed to the Trusted Domain Virtual Firmware (TDVF). All values come from the UEFI specification [1], PI spec [2] and TDVF design guide[3]. [1] UEFI Specification v2.1.0 https://uefi.org/sites/default/files/resources/UEFI_Spec_2_10_Aug29.pdf [2] UEFI PI spec v1.8 https://uefi.org/sites/default/files/resources/UEFI_PI_Spec_1_8_March3.pdf [3] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-virtual-firmware-design-guide-rev-1.pdf Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- Changes in v7: - use SPDX tag; --- include/standard-headers/uefi/uefi.h | 187 +++++++++++++++++++++++++++ 1 file changed, 187 insertions(+) create mode 100644 include/standard-headers/uefi/uefi.h diff --git a/include/standard-headers/uefi/uefi.h b/include/standard-headers/uefi/uefi.h new file mode 100644 index 000000000000..5256349ec0b6 --- /dev/null +++ b/include/standard-headers/uefi/uefi.h @@ -0,0 +1,187 @@ +/* + * Copyright (C) 2025 Intel Corporation + * + * Author: Isaku Yamahata + * + * Xiaoyao Li + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#ifndef HW_I386_UEFI_H +#define HW_I386_UEFI_H + +/***************************************************************************/ +/* + * basic EFI definitions + * supplemented with UEFI Specification Version 2.8 (Errata A) + * released February 2020 + */ +/* UEFI integer is little endian */ + +typedef struct { + uint32_t Data1; + uint16_t Data2; + uint16_t Data3; + uint8_t Data4[8]; +} EFI_GUID; + +typedef enum { + EfiReservedMemoryType, + EfiLoaderCode, + EfiLoaderData, + EfiBootServicesCode, + EfiBootServicesData, + EfiRuntimeServicesCode, + EfiRuntimeServicesData, + EfiConventionalMemory, + EfiUnusableMemory, + EfiACPIReclaimMemory, + EfiACPIMemoryNVS, + EfiMemoryMappedIO, + EfiMemoryMappedIOPortSpace, + EfiPalCode, + EfiPersistentMemory, + EfiUnacceptedMemoryType, + EfiMaxMemoryType +} EFI_MEMORY_TYPE; + +#define EFI_HOB_HANDOFF_TABLE_VERSION 0x0009 + +#define EFI_HOB_TYPE_HANDOFF 0x0001 +#define EFI_HOB_TYPE_MEMORY_ALLOCATION 0x0002 +#define EFI_HOB_TYPE_RESOURCE_DESCRIPTOR 0x0003 +#define EFI_HOB_TYPE_GUID_EXTENSION 0x0004 +#define EFI_HOB_TYPE_FV 0x0005 +#define EFI_HOB_TYPE_CPU 0x0006 +#define EFI_HOB_TYPE_MEMORY_POOL 0x0007 +#define EFI_HOB_TYPE_FV2 0x0009 +#define EFI_HOB_TYPE_LOAD_PEIM_UNUSED 0x000A +#define EFI_HOB_TYPE_UEFI_CAPSULE 0x000B +#define EFI_HOB_TYPE_FV3 0x000C +#define EFI_HOB_TYPE_UNUSED 0xFFFE +#define EFI_HOB_TYPE_END_OF_HOB_LIST 0xFFFF + +typedef struct { + uint16_t HobType; + uint16_t HobLength; + uint32_t Reserved; +} EFI_HOB_GENERIC_HEADER; + +typedef uint64_t EFI_PHYSICAL_ADDRESS; +typedef uint32_t EFI_BOOT_MODE; + +typedef struct { + EFI_HOB_GENERIC_HEADER Header; + uint32_t Version; + EFI_BOOT_MODE BootMode; + EFI_PHYSICAL_ADDRESS EfiMemoryTop; + EFI_PHYSICAL_ADDRESS EfiMemoryBottom; + EFI_PHYSICAL_ADDRESS EfiFreeMemoryTop; + EFI_PHYSICAL_ADDRESS EfiFreeMemoryBottom; + EFI_PHYSICAL_ADDRESS EfiEndOfHobList; +} EFI_HOB_HANDOFF_INFO_TABLE; + +#define EFI_RESOURCE_SYSTEM_MEMORY 0x00000000 +#define EFI_RESOURCE_MEMORY_MAPPED_IO 0x00000001 +#define EFI_RESOURCE_IO 0x00000002 +#define EFI_RESOURCE_FIRMWARE_DEVICE 0x00000003 +#define EFI_RESOURCE_MEMORY_MAPPED_IO_PORT 0x00000004 +#define EFI_RESOURCE_MEMORY_RESERVED 0x00000005 +#define EFI_RESOURCE_IO_RESERVED 0x00000006 +#define EFI_RESOURCE_MEMORY_UNACCEPTED 0x00000007 +#define EFI_RESOURCE_MAX_MEMORY_TYPE 0x00000008 + +#define EFI_RESOURCE_ATTRIBUTE_PRESENT 0x00000001 +#define EFI_RESOURCE_ATTRIBUTE_INITIALIZED 0x00000002 +#define EFI_RESOURCE_ATTRIBUTE_TESTED 0x00000004 +#define EFI_RESOURCE_ATTRIBUTE_SINGLE_BIT_ECC 0x00000008 +#define EFI_RESOURCE_ATTRIBUTE_MULTIPLE_BIT_ECC 0x00000010 +#define EFI_RESOURCE_ATTRIBUTE_ECC_RESERVED_1 0x00000020 +#define EFI_RESOURCE_ATTRIBUTE_ECC_RESERVED_2 0x00000040 +#define EFI_RESOURCE_ATTRIBUTE_READ_PROTECTED 0x00000080 +#define EFI_RESOURCE_ATTRIBUTE_WRITE_PROTECTED 0x00000100 +#define EFI_RESOURCE_ATTRIBUTE_EXECUTION_PROTECTED 0x00000200 +#define EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE 0x00000400 +#define EFI_RESOURCE_ATTRIBUTE_WRITE_COMBINEABLE 0x00000800 +#define EFI_RESOURCE_ATTRIBUTE_WRITE_THROUGH_CACHEABLE 0x00001000 +#define EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE 0x00002000 +#define EFI_RESOURCE_ATTRIBUTE_16_BIT_IO 0x00004000 +#define EFI_RESOURCE_ATTRIBUTE_32_BIT_IO 0x00008000 +#define EFI_RESOURCE_ATTRIBUTE_64_BIT_IO 0x00010000 +#define EFI_RESOURCE_ATTRIBUTE_UNCACHED_EXPORTED 0x00020000 +#define EFI_RESOURCE_ATTRIBUTE_READ_ONLY_PROTECTED 0x00040000 +#define EFI_RESOURCE_ATTRIBUTE_READ_ONLY_PROTECTABLE 0x00080000 +#define EFI_RESOURCE_ATTRIBUTE_READ_PROTECTABLE 0x00100000 +#define EFI_RESOURCE_ATTRIBUTE_WRITE_PROTECTABLE 0x00200000 +#define EFI_RESOURCE_ATTRIBUTE_EXECUTION_PROTECTABLE 0x00400000 +#define EFI_RESOURCE_ATTRIBUTE_PERSISTENT 0x00800000 +#define EFI_RESOURCE_ATTRIBUTE_PERSISTABLE 0x01000000 +#define EFI_RESOURCE_ATTRIBUTE_MORE_RELIABLE 0x02000000 + +typedef uint32_t EFI_RESOURCE_TYPE; +typedef uint32_t EFI_RESOURCE_ATTRIBUTE_TYPE; + +typedef struct { + EFI_HOB_GENERIC_HEADER Header; + EFI_GUID Owner; + EFI_RESOURCE_TYPE ResourceType; + EFI_RESOURCE_ATTRIBUTE_TYPE ResourceAttribute; + EFI_PHYSICAL_ADDRESS PhysicalStart; + uint64_t ResourceLength; +} EFI_HOB_RESOURCE_DESCRIPTOR; + +typedef struct { + EFI_HOB_GENERIC_HEADER Header; + EFI_GUID Name; + + /* guid specific data follows */ +} EFI_HOB_GUID_TYPE; + +typedef struct { + EFI_HOB_GENERIC_HEADER Header; + EFI_PHYSICAL_ADDRESS BaseAddress; + uint64_t Length; +} EFI_HOB_FIRMWARE_VOLUME; + +typedef struct { + EFI_HOB_GENERIC_HEADER Header; + EFI_PHYSICAL_ADDRESS BaseAddress; + uint64_t Length; + EFI_GUID FvName; + EFI_GUID FileName; +} EFI_HOB_FIRMWARE_VOLUME2; + +typedef struct { + EFI_HOB_GENERIC_HEADER Header; + EFI_PHYSICAL_ADDRESS BaseAddress; + uint64_t Length; + uint32_t AuthenticationStatus; + bool ExtractedFv; + EFI_GUID FvName; + EFI_GUID FileName; +} EFI_HOB_FIRMWARE_VOLUME3; + +typedef struct { + EFI_HOB_GENERIC_HEADER Header; + uint8_t SizeOfMemorySpace; + uint8_t SizeOfIoSpace; + uint8_t Reserved[6]; +} EFI_HOB_CPU; + +typedef struct { + EFI_HOB_GENERIC_HEADER Header; +} EFI_HOB_MEMORY_POOL; + +typedef struct { + EFI_HOB_GENERIC_HEADER Header; + + EFI_PHYSICAL_ADDRESS BaseAddress; + uint64_t Length; +} EFI_HOB_UEFI_CAPSULE; + +#define EFI_HOB_OWNER_ZERO \ + ((EFI_GUID){ 0x00000000, 0x0000, 0x0000, \ + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }) + +#endif From patchwork Fri Jan 24 13:20:18 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949412 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 507FB3594E for ; Fri, 24 Jan 2025 13:38:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725907; cv=none; b=H/NwvJ3r7xTvs3um0RTcYGHsFNlgv6AX0EPPoyugT9e5BQ6LdN2+CHnVINZu3j5TNZ+kY0732eDtc1v1+MAfUJR2zO16nLYp1IFUfPcrjijjWmjzjgHvFPTSBPzoF9fnugm3xkdSBPjZxOCBIWRQyUm9Mg11pK0t0LtJoDVleJk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725907; c=relaxed/simple; bh=ixU51CF6UUWsmb9IHjxnBODnRzhifF9E991mS+vT1Ps=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=KYao13lxKWdUJfmKQYforVKPic7Ifiijr0Jif5AGXpv4u4GJVmvCvSiv1zo3epezdT7jyc01TMfvkGlQh+XVk2ShmRVo5FbLAkxpJylN3k8Dvf87dTi4qdESO5duIfYhMbndtPOGtdH34fbzKveXAz2cutsMqJAPI7UyBCk5Oi4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=LbAsiLqZ; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="LbAsiLqZ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725906; x=1769261906; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ixU51CF6UUWsmb9IHjxnBODnRzhifF9E991mS+vT1Ps=; b=LbAsiLqZGMn0CvyB3gviq9ZrEDHbgaLn1hNkkrFiOco8v05bs3z+d/Pg foC+Bb/B+IXmnC99uqwbndqNDD3SsxUQDBY7A8drfFiyZS56N9QsxfRVm DIPvQJeBv4DU08I+ukIRry49UMUqWB+lqg2yUcHYLx6js/lCnKK4EugKW EkxNEIMQMd+gAW4NPMU/mePTGnHHO/A55hJTLePdwZu58awwMLauC01Hb 1ZWaLiz5Kk1jgfB0JW1u6LnysIsqFctB3sNrcwU4XBNqv1ci1+9uPxnac 86LbKnkzRMSTOin7bF1CGzP3PBDusNbfZpxjY2cqFUv1xGMUM5wUtOPlp g==; X-CSE-ConnectionGUID: 8CTLDNh9TGSWWFWjPd2uXQ== X-CSE-MsgGUID: t2+ANXkVTeOoQCIcZYUvgA== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246401" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246401" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:38:25 -0800 X-CSE-ConnectionGUID: 5jMKAbHeRFqxjG/GKagFTw== X-CSE-MsgGUID: 1EZBSxV5QWmHBGZW3V2tOQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804306" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:38:21 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 22/52] i386/tdx: Setup the TD HOB list Date: Fri, 24 Jan 2025 08:20:18 -0500 Message-Id: <20250124132048.3229049-23-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The TD HOB list is used to pass the information from VMM to TDVF. The TD HOB must include PHIT HOB and Resource Descriptor HOB. More details can be found in TDVF specification and PI specification. Build the TD HOB in TDX's machine_init_done callback. Co-developed-by: Isaku Yamahata Signed-off-by: Isaku Yamahata Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- Changes in v7: - use SPDX tag for license info; - clean up the included headers; Changes in v1: - drop the code of adding mmio resources since OVMF prepares all the MMIO hob itself. --- hw/i386/meson.build | 2 +- hw/i386/tdvf-hob.c | 130 ++++++++++++++++++++++++++++++++++++++++++ hw/i386/tdvf-hob.h | 26 +++++++++ target/i386/kvm/tdx.c | 16 ++++++ 4 files changed, 173 insertions(+), 1 deletion(-) create mode 100644 hw/i386/tdvf-hob.c create mode 100644 hw/i386/tdvf-hob.h diff --git a/hw/i386/meson.build b/hw/i386/meson.build index 3bc1da2b6eb4..7896f348cff8 100644 --- a/hw/i386/meson.build +++ b/hw/i386/meson.build @@ -32,7 +32,7 @@ i386_ss.add(when: 'CONFIG_PC', if_true: files( 'port92.c')) i386_ss.add(when: 'CONFIG_X86_FW_OVMF', if_true: files('pc_sysfw_ovmf.c'), if_false: files('pc_sysfw_ovmf-stubs.c')) -i386_ss.add(when: 'CONFIG_TDX', if_true: files('tdvf.c')) +i386_ss.add(when: 'CONFIG_TDX', if_true: files('tdvf.c', 'tdvf-hob.c')) subdir('kvm') subdir('xen') diff --git a/hw/i386/tdvf-hob.c b/hw/i386/tdvf-hob.c new file mode 100644 index 000000000000..782b3d157879 --- /dev/null +++ b/hw/i386/tdvf-hob.c @@ -0,0 +1,130 @@ +/* + * Copyright (c) 2025 Intel Corporation + * Author: Isaku Yamahata + * + * Xiaoyao Li + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "qemu/osdep.h" +#include "qemu/error-report.h" +#include "standard-headers/uefi/uefi.h" +#include "hw/pci/pcie_host.h" +#include "tdvf-hob.h" + +typedef struct TdvfHob { + hwaddr hob_addr; + void *ptr; + int size; + + /* working area */ + void *current; + void *end; +} TdvfHob; + +static uint64_t tdvf_current_guest_addr(const TdvfHob *hob) +{ + return hob->hob_addr + (hob->current - hob->ptr); +} + +static void tdvf_align(TdvfHob *hob, size_t align) +{ + hob->current = QEMU_ALIGN_PTR_UP(hob->current, align); +} + +static void *tdvf_get_area(TdvfHob *hob, uint64_t size) +{ + void *ret; + + if (hob->current + size > hob->end) { + error_report("TD_HOB overrun, size = 0x%" PRIx64, size); + exit(1); + } + + ret = hob->current; + hob->current += size; + tdvf_align(hob, 8); + return ret; +} + +static void tdvf_hob_add_memory_resources(TdxGuest *tdx, TdvfHob *hob) +{ + EFI_HOB_RESOURCE_DESCRIPTOR *region; + EFI_RESOURCE_ATTRIBUTE_TYPE attr; + EFI_RESOURCE_TYPE resource_type; + + TdxRamEntry *e; + int i; + + for (i = 0; i < tdx->nr_ram_entries; i++) { + e = &tdx->ram_entries[i]; + + if (e->type == TDX_RAM_UNACCEPTED) { + resource_type = EFI_RESOURCE_MEMORY_UNACCEPTED; + attr = EFI_RESOURCE_ATTRIBUTE_TDVF_UNACCEPTED; + } else if (e->type == TDX_RAM_ADDED) { + resource_type = EFI_RESOURCE_SYSTEM_MEMORY; + attr = EFI_RESOURCE_ATTRIBUTE_TDVF_PRIVATE; + } else { + error_report("unknown TDX_RAM_ENTRY type %d", e->type); + exit(1); + } + + region = tdvf_get_area(hob, sizeof(*region)); + *region = (EFI_HOB_RESOURCE_DESCRIPTOR) { + .Header = { + .HobType = EFI_HOB_TYPE_RESOURCE_DESCRIPTOR, + .HobLength = cpu_to_le16(sizeof(*region)), + .Reserved = cpu_to_le32(0), + }, + .Owner = EFI_HOB_OWNER_ZERO, + .ResourceType = cpu_to_le32(resource_type), + .ResourceAttribute = cpu_to_le32(attr), + .PhysicalStart = cpu_to_le64(e->address), + .ResourceLength = cpu_to_le64(e->length), + }; + } +} + +void tdvf_hob_create(TdxGuest *tdx, TdxFirmwareEntry *td_hob) +{ + TdvfHob hob = { + .hob_addr = td_hob->address, + .size = td_hob->size, + .ptr = td_hob->mem_ptr, + + .current = td_hob->mem_ptr, + .end = td_hob->mem_ptr + td_hob->size, + }; + + EFI_HOB_GENERIC_HEADER *last_hob; + EFI_HOB_HANDOFF_INFO_TABLE *hit; + + /* Note, Efi{Free}Memory{Bottom,Top} are ignored, leave 'em zeroed. */ + hit = tdvf_get_area(&hob, sizeof(*hit)); + *hit = (EFI_HOB_HANDOFF_INFO_TABLE) { + .Header = { + .HobType = EFI_HOB_TYPE_HANDOFF, + .HobLength = cpu_to_le16(sizeof(*hit)), + .Reserved = cpu_to_le32(0), + }, + .Version = cpu_to_le32(EFI_HOB_HANDOFF_TABLE_VERSION), + .BootMode = cpu_to_le32(0), + .EfiMemoryTop = cpu_to_le64(0), + .EfiMemoryBottom = cpu_to_le64(0), + .EfiFreeMemoryTop = cpu_to_le64(0), + .EfiFreeMemoryBottom = cpu_to_le64(0), + .EfiEndOfHobList = cpu_to_le64(0), /* initialized later */ + }; + + tdvf_hob_add_memory_resources(tdx, &hob); + + last_hob = tdvf_get_area(&hob, sizeof(*last_hob)); + *last_hob = (EFI_HOB_GENERIC_HEADER) { + .HobType = EFI_HOB_TYPE_END_OF_HOB_LIST, + .HobLength = cpu_to_le16(sizeof(*last_hob)), + .Reserved = cpu_to_le32(0), + }; + hit->EfiEndOfHobList = tdvf_current_guest_addr(&hob); +} diff --git a/hw/i386/tdvf-hob.h b/hw/i386/tdvf-hob.h new file mode 100644 index 000000000000..4fc6a3740a57 --- /dev/null +++ b/hw/i386/tdvf-hob.h @@ -0,0 +1,26 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ + +#ifndef HW_I386_TD_HOB_H +#define HW_I386_TD_HOB_H + +#include "hw/i386/tdvf.h" +#include "target/i386/kvm/tdx.h" + +void tdvf_hob_create(TdxGuest *tdx, TdxFirmwareEntry *td_hob); + +#define EFI_RESOURCE_ATTRIBUTE_TDVF_PRIVATE \ + (EFI_RESOURCE_ATTRIBUTE_PRESENT | \ + EFI_RESOURCE_ATTRIBUTE_INITIALIZED | \ + EFI_RESOURCE_ATTRIBUTE_TESTED) + +#define EFI_RESOURCE_ATTRIBUTE_TDVF_UNACCEPTED \ + (EFI_RESOURCE_ATTRIBUTE_PRESENT | \ + EFI_RESOURCE_ATTRIBUTE_INITIALIZED | \ + EFI_RESOURCE_ATTRIBUTE_TESTED) + +#define EFI_RESOURCE_ATTRIBUTE_TDVF_MMIO \ + (EFI_RESOURCE_ATTRIBUTE_PRESENT | \ + EFI_RESOURCE_ATTRIBUTE_INITIALIZED | \ + EFI_RESOURCE_ATTRIBUTE_UNCACHEABLE) + +#endif diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 2dcdc2a7d977..cac073a6d291 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -22,6 +22,7 @@ #include "hw/i386/x86.h" #include "hw/i386/tdvf.h" #include "hw/i386/x86.h" +#include "hw/i386/tdvf-hob.h" #include "kvm_i386.h" #include "tdx.h" @@ -148,6 +149,19 @@ void tdx_set_tdvf_region(MemoryRegion *tdvf_mr) tdx_guest->tdvf_mr = tdvf_mr; } +static TdxFirmwareEntry *tdx_get_hob_entry(TdxGuest *tdx) +{ + TdxFirmwareEntry *entry; + + for_each_tdx_fw_entry(&tdx->tdvf, entry) { + if (entry->type == TDVF_SECTION_TYPE_TD_HOB) { + return entry; + } + } + error_report("TDVF metadata doesn't specify TD_HOB location."); + exit(1); +} + static void tdx_add_ram_entry(uint64_t address, uint64_t length, enum TdxRamType type) { @@ -279,6 +293,8 @@ static void tdx_finalize_vm(Notifier *notifier, void *unused) qsort(tdx_guest->ram_entries, tdx_guest->nr_ram_entries, sizeof(TdxRamEntry), &tdx_ram_entry_compare); + + tdvf_hob_create(tdx_guest, tdx_get_hob_entry(tdx_guest)); } static Notifier tdx_machine_done_notify = { From patchwork Fri Jan 24 13:20:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949413 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 71BC84D8DA for ; Fri, 24 Jan 2025 13:38:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725910; cv=none; b=bT2ig/5XZR7TnkOYWRSdIdZUY7J+6LeSn6KJg0P7eHvqhai98lD29xPx+4vEm8VXv15Qej1S9drLT7S2GnLnVXMAzOwGmEVdAKpTtcqZjI22YR4nsWCflS0BBuhzKmmC9BKW9Gwi7lV6wLW/2WQT/qTe4DkPWxE6dmhLqOYNX1Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725910; c=relaxed/simple; bh=yKX2C5oNRGllaV58Edxdk4KBInFvfS6cENAd6j8GQ0U=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=VJpCHYbS4jPMZRKq65hwUI0JjgpyDLdaJvvARLjhPERm5PCpZB/4abNnCfWIgqlJHZlXEEj+tNWpZGVMw41cNt8F1uli/+OAGXzJdbQgq9u54esBQXjCeN8Ew7g9spB9/bY8nzIPTrURNk+NKu1KHv+2xFPQCsM/TawpTF1TCbk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=gnL4xw2v; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="gnL4xw2v" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725910; x=1769261910; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=yKX2C5oNRGllaV58Edxdk4KBInFvfS6cENAd6j8GQ0U=; b=gnL4xw2vjDmC+3R4fTpBlIWFDxnvDcV87JWTBBJ8xtb0n4S/p8S3mVI7 XMoDpoLoqr2fwBEVq3Ei8pqtoVnaTzC1r8iFoh3XDdOgESv9210ynDouV 28dLOqOxDLNpdVB6SCVRBVyW5UUpcB5gH/7sItWPc/Y7br45BESyXbFa+ txxjnj4pOP5O0zeUNWhIFfh2xhAEnKwO0ft2rOC6RkH7ae/i9T5sLROHf Tp3ZuP1Ocv/u24wcY743CpGgdriPBQgcnGIYAGeDpBsruTKiqRA4BHfev 3gd7ujsIcTuMwxzqO+Uw7BHVSOl/AralcPg9LGmQj9D1BMf9lKG6Jgi94 w==; X-CSE-ConnectionGUID: Azxd6x6IRaGvSrP8qfkLiA== X-CSE-MsgGUID: aVNcX8q4RhSiIPXQhCBPuw== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246412" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246412" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:38:30 -0800 X-CSE-ConnectionGUID: 1T8BMRnETISh+Xx12Ivtcg== X-CSE-MsgGUID: 2xy4yLmjQpeP+jrArL8pZA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804310" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:38:25 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 23/52] i386/tdx: Add TDVF memory via KVM_TDX_INIT_MEM_REGION Date: Fri, 24 Jan 2025 08:20:19 -0500 Message-Id: <20250124132048.3229049-24-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Isaku Yamahata TDVF firmware (CODE and VARS) needs to be copied to TD's private memory via KVM_TDX_INIT_MEM_REGION, as well as TD HOB and TEMP memory. If the TDVF section has TDVF_SECTION_ATTRIBUTES_MR_EXTEND set in the flag, calling KVM_TDX_EXTEND_MEMORY to extend the measurement. After populating the TDVF memory, the original image located in shared ramblock can be discarded. Signed-off-by: Isaku Yamahata Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- Changes in v6: - switch back to use KVM_TDX_INIT_MEM_REGION according to KVM's change; --- target/i386/kvm/tdx.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index cac073a6d291..08320b59b62a 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -17,6 +17,7 @@ #include "qom/object_interfaces.h" #include "crypto/hash.h" #include "system/system.h" +#include "exec/ramblock.h" #include "hw/i386/e820_memory_layout.h" #include "hw/i386/x86.h" @@ -270,6 +271,9 @@ static void tdx_finalize_vm(Notifier *notifier, void *unused) { TdxFirmware *tdvf = &tdx_guest->tdvf; TdxFirmwareEntry *entry; + RAMBlock *ram_block; + Error *local_err = NULL; + int r; tdx_init_ram_entries(); @@ -295,6 +299,44 @@ static void tdx_finalize_vm(Notifier *notifier, void *unused) sizeof(TdxRamEntry), &tdx_ram_entry_compare); tdvf_hob_create(tdx_guest, tdx_get_hob_entry(tdx_guest)); + + for_each_tdx_fw_entry(tdvf, entry) { + struct kvm_tdx_init_mem_region region; + uint32_t flags; + + region = (struct kvm_tdx_init_mem_region) { + .source_addr = (uint64_t)entry->mem_ptr, + .gpa = entry->address, + .nr_pages = entry->size >> 12, + }; + + flags = entry->attributes & TDVF_SECTION_ATTRIBUTES_MR_EXTEND ? + KVM_TDX_MEASURE_MEMORY_REGION : 0; + + do { + error_free(local_err); + local_err = NULL; + r = tdx_vcpu_ioctl(first_cpu, KVM_TDX_INIT_MEM_REGION, flags, + ®ion, &local_err); + } while (r == -EAGAIN || r == -EINTR); + if (r < 0) { + error_report_err(local_err); + exit(1); + } + + if (entry->type == TDVF_SECTION_TYPE_TD_HOB || + entry->type == TDVF_SECTION_TYPE_TEMP_MEM) { + qemu_ram_munmap(-1, entry->mem_ptr, entry->size); + entry->mem_ptr = NULL; + } + } + + /* + * TDVF image has been copied into private region above via + * KVM_MEMORY_MAPPING. It becomes useless. + */ + ram_block = tdx_guest->tdvf_mr->ram_block; + ram_block_discard_range(ram_block, 0, ram_block->max_length); } static Notifier tdx_machine_done_notify = { From patchwork Fri Jan 24 13:20:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949414 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 813FC288CC for ; Fri, 24 Jan 2025 13:38:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725914; cv=none; b=mYpLP2dioRXME/MVhzuAIjP2YdiCJbgarsqZvqGP3MqA8HFOPR9axESldKHniJu88lpW2NDGi2MsK2wkLT1qwK8o1FeQQ5CmXDtF90SESj05liWP13mFh8DKTwAUbzSffxV5vPgxUT+0YYf8wwESDv+JArwQkdJfdKxH6dFwByk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725914; c=relaxed/simple; bh=ySWxl1vh6c7+aWwfbxhZe7lL3q132WHVTO3Gm/JVrxs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=AW/xYqvJnHwK1CTye8nL3iajnVGsso/H+6yqkbRtp/qarb3fj5pcej8LJc/Xt69mqDEhgWH+lS+qkwpqxl27g+PdCemsrieH9K9hMeb1NF5JHUCriBXHg9AXEiFo8gnRHdL5psotXAAEfgcP6t/4MV32jxwpd/AImFce/Oe+4ug= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Vll+XRTN; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Vll+XRTN" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725913; x=1769261913; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ySWxl1vh6c7+aWwfbxhZe7lL3q132WHVTO3Gm/JVrxs=; b=Vll+XRTNfNLfuFgQmnKPYAZ2+UKzkNTV1hwq6tL1jrWwzdbFw2eYENBA LAt2pVLQ/spV00qTMiVIasf5ifpv/a8kny719cnkGJJKE0oZLqGgTUNF7 QXQ8uG+ugh5TK4Tfb86YPiWU1I4qrnwXP++BpFWvyv4AjJiuqJ/yHpoQt j/GmCq75+SDiQ1AfdfhpZIH44B4FcuBxBbYz5fDsM/tazJ3C6Lp3YLMK7 SNeevpKpCmHueRouRtS2M3AU40PgiB0mIJfXOdJDLhU2OhV9hQtnzoh6p VfChVmq1lBuYQJYEKyk+lY9E9zR20E2ihtTUilnMH/aJ3z9xnbYmkmok7 w==; X-CSE-ConnectionGUID: EIIRIBFMQUSpa2xbOf9vUw== X-CSE-MsgGUID: eT4kQppESUS1IMeQTLvQ/g== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246419" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246419" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:38:33 -0800 X-CSE-ConnectionGUID: 5YUxK08NRQau1c6UDXrcdw== X-CSE-MsgGUID: YYL2jKnuTC+ghi0gVglBIg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804317" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:38:28 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 24/52] i386/tdx: Call KVM_TDX_INIT_VCPU to initialize TDX vcpu Date: Fri, 24 Jan 2025 08:20:20 -0500 Message-Id: <20250124132048.3229049-25-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 TDX vcpu needs to be initialized by SEAMCALL(TDH.VP.INIT) and KVM provides vcpu level IOCTL KVM_TDX_INIT_VCPU for it. KVM_TDX_INIT_VCPU needs the address of the HOB as input. Invoke it for each vcpu after HOB list is created. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- target/i386/kvm/tdx.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 08320b59b62a..99c1664d836b 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -267,6 +267,18 @@ static void tdx_init_ram_entries(void) tdx_guest->nr_ram_entries = j; } +static void tdx_post_init_vcpus(void) +{ + TdxFirmwareEntry *hob; + CPUState *cpu; + + hob = tdx_get_hob_entry(tdx_guest); + CPU_FOREACH(cpu) { + tdx_vcpu_ioctl(cpu, KVM_TDX_INIT_VCPU, 0, (void *)hob->address, + &error_fatal); + } +} + static void tdx_finalize_vm(Notifier *notifier, void *unused) { TdxFirmware *tdvf = &tdx_guest->tdvf; @@ -300,6 +312,8 @@ static void tdx_finalize_vm(Notifier *notifier, void *unused) tdvf_hob_create(tdx_guest, tdx_get_hob_entry(tdx_guest)); + tdx_post_init_vcpus(); + for_each_tdx_fw_entry(tdvf, entry) { struct kvm_tdx_init_mem_region region; uint32_t flags; From patchwork Fri Jan 24 13:20:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949415 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3BE9478F4E for ; Fri, 24 Jan 2025 13:38:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725917; cv=none; b=ptnF/apuSuawy6ymcPLySmgAewggBI8jk2JYEIRoAwxEHJvOX5U60+W314//5zUI9CntAvs1HCqHBTujlziDM3wdfbOzG0KiBylO8c/i2wRh6om8fGlTpbh6jJZBK4+wt7OReZ9Is/IiXB6xWi8ScBqRf3fznOojlw6ys/gj9xA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725917; c=relaxed/simple; bh=9LeRcYgDvW5lMsehq+j8bbe6PQs/g/hSfE4cA/e4doU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=uLLEqh2yedFCmUK0mG0IAYJqDeWkv8nUsGMXTX/0oKQdZGIRJqRzbAE8ACsQaUPGZhVBliC4Dcjem77ptfq2sN8YZPHD/i9ttwWALl0HPPG2EvY7svc1X7UXcGt+vR+ggGFhhpH0zvxLCSU7hmVYUzVBIrDGR4YaSkNQxx5I7fw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Ejs2qI4T; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Ejs2qI4T" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725917; x=1769261917; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=9LeRcYgDvW5lMsehq+j8bbe6PQs/g/hSfE4cA/e4doU=; b=Ejs2qI4TTtitu2uO5MXbSnoJs5jqt7eaOvV17m9XXWXI/hTKUHx2gb/R VE53BdVWUTNnAVj/w1lFQtfcXNarJ14AXx/Rwth5uNuusWk3SCjLcjRuo opSCEfa4Xgvde6URSnY5XYs5AKOdKCx0L6YJFi8plsDprwHS7Eity30Gl 6Jbb0QVDvOxsmzHQUwTvxVb+23NhmP7YYPUWjCrs5dIHTkE9QzRP9+URi eelQDY8ZqwR+p+L2bTyaI0RIwLqQlfGhXYQGtNGGgchfiEofHbmt0uFf/ LivpQoOUOCMglg4SqjUrr58Shf+qzclZpNEoYeOplFqcLcHsCHkq1op1m g==; X-CSE-ConnectionGUID: MXRCT/m8Qm2LsYhzvMIryg== X-CSE-MsgGUID: YYHmBLg4R0uldeEHrtgoxA== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246428" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246428" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:38:36 -0800 X-CSE-ConnectionGUID: A65DTX7TRl2FBFd2ClD4QQ== X-CSE-MsgGUID: 4nMhs+4ZReudkhpfCqarDQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804321" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:38:32 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 25/52] i386/tdx: Finalize TDX VM Date: Fri, 24 Jan 2025 08:20:21 -0500 Message-Id: <20250124132048.3229049-26-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Invoke KVM_TDX_FINALIZE_VM to finalize the TD's measurement and make the TD vCPUs runnable once machine initialization is complete. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- target/i386/kvm/tdx.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 99c1664d836b..d7f7f8301ca2 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -351,6 +351,9 @@ static void tdx_finalize_vm(Notifier *notifier, void *unused) */ ram_block = tdx_guest->tdvf_mr->ram_block; ram_block_discard_range(ram_block, 0, ram_block->max_length); + + tdx_vm_ioctl(KVM_TDX_FINALIZE_VM, 0, NULL, &error_fatal); + CONFIDENTIAL_GUEST_SUPPORT(tdx_guest)->ready = true; } static Notifier tdx_machine_done_notify = { From patchwork Fri Jan 24 13:20:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949416 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E49C335947 for ; Fri, 24 Jan 2025 13:38:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725921; cv=none; b=HJdkKe9scX4Pi6QPmPe854Bfc85dwE2oH17WMiTHUfpETVVGo05i+jXfO7ecBMQlaL5OVQ0ODIEMuKK3/zVKSitiJU7PEbt1cVMTZcwEYWk2ezPhw9+MG+sXEzgtJQGRm8S4MWASmmmWIz1KaR9vQFF1BM6dWMY6oivJFLxI7kk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725921; c=relaxed/simple; bh=yjeFsx3DLSpiqpqVn548Wr6nyNm4xYxJhSEfr1UJ2Ho=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=KEUBF5JsWXgB4xqVsMalgJ/DAnDKdTDoniQe/E+OtG8mzA5OL2Cjg9YS9Qzvl64iKZTSoqks0+Fwjxi2JkuqkXPFaHuLHEa6UMShBJElveoYiS0dSiSKmUSn22c6zHPA22WQlYlwKDZyLo4oXyTz9vPMdqyh2Q+JYJFcfRu4ZtE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Qps1qDj6; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Qps1qDj6" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725920; x=1769261920; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=yjeFsx3DLSpiqpqVn548Wr6nyNm4xYxJhSEfr1UJ2Ho=; b=Qps1qDj6zWFLmSq8u4LUDnqWQ+d8nCrH7Z3H81JcY+IS7XqtwoUSUNKc CVEht3XbYiIpti7PH12v7otV6gok+g9rKawXQqGEBPnT52+xOScKge1MU VUaTV5EumumrFZ6bHub3hY0+XmVdkjAS9setM0k3Qrwb8nH5mnn3fldc2 mCk6Lxx9aWYf7NUJNfN8gydihm1IY2oEZIiv0LyAF0TmcIKBDWwAd0PLo fm0Wi4YttkAjM2HWGktTZ19WTGGe2WwpHUrAJIzRWUNch/Hqf2d6PdlWR xA4aWtaa5+iU1+pmzUes4f9vpNr+IpQYJV5c2rjw+npCLeF4ycGLYr1kT g==; X-CSE-ConnectionGUID: isNyObOOQqeAS8TO9rNb2A== X-CSE-MsgGUID: jq9Y/29YTQmfRL7djyjSUA== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246435" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246435" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:38:40 -0800 X-CSE-ConnectionGUID: s85VyDiiTO6zeiWrug6ntg== X-CSE-MsgGUID: BGIFg/2wSx62RdhW/FXsjQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804331" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:38:36 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 26/52] i386/tdx: Enable user exit on KVM_HC_MAP_GPA_RANGE Date: Fri, 24 Jan 2025 08:20:22 -0500 Message-Id: <20250124132048.3229049-27-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 KVM translates TDG.VP.VMCALL to KVM_HC_MAP_GPA_RANGE, and QEMU needs to enable user exit on KVM_HC_MAP_GPA_RANGE in order to handle the memory conversion requested by TD guest. Signed-off-by: Xiaoyao Li --- changes in v6: - new patch; --- target/i386/kvm/tdx.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index d7f7f8301ca2..1d0cf29c39f9 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -19,6 +19,8 @@ #include "system/system.h" #include "exec/ramblock.h" +#include + #include "hw/i386/e820_memory_layout.h" #include "hw/i386/x86.h" #include "hw/i386/tdvf.h" @@ -374,6 +376,11 @@ static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) } } + /* TDX relies on KVM_HC_MAP_GPA_RANGE to handle TDG.VP.VMCALL */ + if (!kvm_enable_hypercall(BIT_ULL(KVM_HC_MAP_GPA_RANGE))) { + return -EOPNOTSUPP; + } + qemu_add_machine_init_done_notifier(&tdx_machine_done_notify); tdx_guest = tdx; From patchwork Fri Jan 24 13:20:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949417 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 61EC0482EB for ; Fri, 24 Jan 2025 13:38:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725925; cv=none; b=h0l71aOS8rEW3b9t+ViIFxcrpCer1t+ht/gVXaQ2A3hEddHbYx+R3C+3hQglUCdCu/IgmOgO4h90C2geB5U185RWB/7WU9KcrmQ08Rr3jI4wSSrSoEYupVAfcZc2Co1gfhmVOnudQGe0PcmdqZvNNYvin7EMMIrOr4wLT8LpmnA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725925; c=relaxed/simple; bh=PnMivpqsKENYPJ5DahWXLvF1ZEiK4OeXxRfzVf2Js5A=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=bEdYrlEGmMEf/ejZDr3oaBS6Y6W3UsnJyMOus7Y1nHGr3BBxdKtBj+rtwO5qS8jfO+X3YUMM0HH2T6ukEmwhm4Vm28i3nZkF8OmvtBm5op2uyWcg21WcuOU0Y1XTq/WeOwN/KhtEhgMFWyZolT2DJHjl00iD9/FnRQTRhWbZQOQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=jqyrN7w/; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="jqyrN7w/" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725925; x=1769261925; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=PnMivpqsKENYPJ5DahWXLvF1ZEiK4OeXxRfzVf2Js5A=; b=jqyrN7w/g4SvbTCneHmpCfXuu+xOyZq8+OHUaihaJmU99mLCgOmY9PND F9PWtgbmwReZ2AhH8a0zZjjDgvuRphvsyU5aWCU4f2n7PRD1KIdJHNmDP SosWCWTqnAV1L1g1ad8LOOtGzrLZkITDiF83ORIa4JtGJaHIjLHimLVOf PKUSrBc/Rya4w2oMcL1MGfdus4Nr9gnkjJXlaFVQc9RIMSQk+4kI0AdeZ K9kqtN7Ey1txikASOddbSTrNozI8jhwhmJ3CHfr+dwEgduwqtlrhQjclb 1TxxQ/Dl1QGzNpIv1FRi2sMxYPBmaxkAYDIhcvfwoJB4lhTmim0FrhPuM A==; X-CSE-ConnectionGUID: jNuUNd8gSTmPsqEnNSsDSA== X-CSE-MsgGUID: EbmJHj84TOyzICPzElcqOQ== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246450" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246450" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:38:44 -0800 X-CSE-ConnectionGUID: iD2telCRSlykT7C4RRvX3Q== X-CSE-MsgGUID: Q+yP9ClSSDGhPcs6vcezJA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804345" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:38:40 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 27/52] i386/tdx: Handle KVM_SYSTEM_EVENT_TDX_FATAL Date: Fri, 24 Jan 2025 08:20:23 -0500 Message-Id: <20250124132048.3229049-28-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 TD guest can use TDG.VP.VMCALL to request termination. KVM translates such request into KVM_EXIT_SYSTEM_EVENT with type of KVM_SYSTEM_EVENT_TDX_FATAL. Add hanlder for such exit. Parse and print the error message, and terminate the TD guest in the handler. Signed-off-by: Xiaoyao Li --- Changes in v6: - replace the patch " i386/tdx: Handle TDG.VP.VMCALL" in v5; --- target/i386/kvm/kvm.c | 10 ++++++++++ target/i386/kvm/tdx-stub.c | 5 +++++ target/i386/kvm/tdx.c | 24 ++++++++++++++++++++++++ target/i386/kvm/tdx.h | 2 ++ 4 files changed, 41 insertions(+) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 7de5014051eb..a76f34537908 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -6128,6 +6128,16 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run) case KVM_EXIT_HYPERCALL: ret = kvm_handle_hypercall(run); break; + case KVM_EXIT_SYSTEM_EVENT: + switch (run->system_event.type) { + case KVM_SYSTEM_EVENT_TDX_FATAL: + ret = tdx_handle_report_fatal_error(cpu, run); + break; + default: + ret = -1; + break; + } + break; default: fprintf(stderr, "KVM: unknown exit reason %d\n", run->exit_reason); ret = -1; diff --git a/target/i386/kvm/tdx-stub.c b/target/i386/kvm/tdx-stub.c index 7748b6d0a446..720a4ff046ee 100644 --- a/target/i386/kvm/tdx-stub.c +++ b/target/i386/kvm/tdx-stub.c @@ -13,3 +13,8 @@ int tdx_parse_tdvf(void *flash_ptr, int size) { return -EINVAL; } + +int tdx_handle_report_fatal_error(X86CPU *cpu, struct kvm_run *run) +{ + return -EINVAL; +} diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 1d0cf29c39f9..f857fddd839b 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -601,6 +601,30 @@ int tdx_parse_tdvf(void *flash_ptr, int size) return tdvf_parse_metadata(&tdx_guest->tdvf, flash_ptr, size); } +int tdx_handle_report_fatal_error(X86CPU *cpu, struct kvm_run *run) +{ + uint64_t error_code = run->system_event.data[0]; + char *message = NULL; + + if (error_code & 0xffff) { + error_report("TDX: REPORT_FATAL_ERROR: invalid error code: 0x%lx", + error_code); + return -1; + } + + /* It has optional message */ + if (run->system_event.data[2]) { +#define TDX_FATAL_MESSAGE_MAX 64 + message = g_malloc0(TDX_FATAL_MESSAGE_MAX + 1); + + memcpy(message, &run->system_event.data[2], TDX_FATAL_MESSAGE_MAX); + message[TDX_FATAL_MESSAGE_MAX] = '\0'; + } + + error_report("TD guest reports fatal error. %s", message ? : ""); + return -1; +} + static bool tdx_guest_get_sept_ve_disable(Object *obj, Error **errp) { TdxGuest *tdx = TDX_GUEST(obj); diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h index 36a7400e7480..04b5afe199f9 100644 --- a/target/i386/kvm/tdx.h +++ b/target/i386/kvm/tdx.h @@ -8,6 +8,7 @@ #endif #include "confidential-guest.h" +#include "cpu.h" #include "hw/i386/tdvf.h" #define TYPE_TDX_GUEST "tdx-guest" @@ -59,5 +60,6 @@ bool is_tdx_vm(void); int tdx_pre_create_vcpu(CPUState *cpu, Error **errp); void tdx_set_tdvf_region(MemoryRegion *tdvf_mr); int tdx_parse_tdvf(void *flash_ptr, int size); +int tdx_handle_report_fatal_error(X86CPU *cpu, struct kvm_run *run); #endif /* QEMU_I386_TDX_H */ From patchwork Fri Jan 24 13:20:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949418 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2E7BD482EB for ; Fri, 24 Jan 2025 13:38:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725929; cv=none; b=qJbTYXDyMDAjcnqsYSbfME89q+fecyNM5DTfw6J3n3D9qcHWAi7k/g309Np6lkFiddbhcTc8SweF6aV4dD8YBbxeVgcg9e4vb42qiV61+tqpHpXHTGvlUZI5pvK6rBksKBoW8Lu2nTWCCsWAPfZaOScdenYHCf/A7pDfgODthrA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725929; c=relaxed/simple; bh=85XePJaofoFgh2exxL+wI9EtRIBe+GFG6YbreIJ1ZbA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=GrJms7kl0wUiW/1+eEQ9+tXRS5CmBDor4pX8VErLboC9uKAy0ypDsshdUrmB2ezIdcRXa/3gfMXYShNFeS9HAEQkmz+HAgj6cchAUSXCex86MAaiZNXwBBOGNdf1iDqsCGldgxP7izH075m5l7XBydQkwgracy27C+4q6C6H1Xw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=LK7SeoEs; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="LK7SeoEs" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725929; x=1769261929; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=85XePJaofoFgh2exxL+wI9EtRIBe+GFG6YbreIJ1ZbA=; b=LK7SeoEsT2kF1oA3Qj3aYg+IYgxUAd/8hnwg1wMZARrsiQzb/lF+Dku4 a63IchaZRcU2jmzmPqqYw/tNf8QDnzyItJL8rqnqF+Y5Pq7DYAHhsirc8 +H5fp4Thy27GUrLZPgBOO+gvlZuP7fUv5lkVyN8pOgsYdxpFVipYTp89l p3U4Q/PpFK7EZDrKsem3p4ZfxCNS4fVKqUDEs1cw8PG6jhZUL70hwTGN3 ytBBdG7uY9UG8Zp5PP9SyHYEbCizMc0OOHyzzDV573hSq8y9SSW2L5zkj w6AQxyvi2L03yQTRTJJwYnXgQ62UKk1btsUUMT6EVNUEETLKnqeD1PcPA g==; X-CSE-ConnectionGUID: Rho807jDSd+kV13dJNjy9w== X-CSE-MsgGUID: 4B8HHJKQRwiGRKS2cLkVjQ== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246457" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246457" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:38:48 -0800 X-CSE-ConnectionGUID: mMNcARQFQ2m0Qdea8T315A== X-CSE-MsgGUID: CcvpFmjiSHeAN8kNvKqavA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804358" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:38:44 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 28/52] i386/tdx: Wire TDX_REPORT_FATAL_ERROR with GuestPanic facility Date: Fri, 24 Jan 2025 08:20:24 -0500 Message-Id: <20250124132048.3229049-29-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Integrate TDX's TDX_REPORT_FATAL_ERROR into QEMU GuestPanic facility Originated-from: Isaku Yamahata Signed-off-by: Xiaoyao Li --- Changes in v6: - change error_code of GuestPanicInformationTdx from uint64_t to uint32_t, to only contains the bit 31:0 returned in r12. Changes in v5: - mention additional error information in gpa when it presents; - refine the documentation; (Markus) Changes in v4: - refine the documentation; (Markus) Changes in v3: - Add docmentation of new type and struct; (Daniel) - refine the error message handling; (Daniel) --- qapi/run-state.json | 31 ++++++++++++++++++-- system/runstate.c | 67 +++++++++++++++++++++++++++++++++++++++++++ target/i386/kvm/tdx.c | 24 +++++++++++++++- 3 files changed, 119 insertions(+), 3 deletions(-) diff --git a/qapi/run-state.json b/qapi/run-state.json index ce95cfa46b73..e63611780a2c 100644 --- a/qapi/run-state.json +++ b/qapi/run-state.json @@ -501,10 +501,12 @@ # # @s390: s390 guest panic information type (Since: 2.12) # +# @tdx: tdx guest panic information type (Since: 9.0) +# # Since: 2.9 ## { 'enum': 'GuestPanicInformationType', - 'data': [ 'hyper-v', 's390' ] } + 'data': [ 'hyper-v', 's390', 'tdx' ] } ## # @GuestPanicInformation: @@ -519,7 +521,8 @@ 'base': {'type': 'GuestPanicInformationType'}, 'discriminator': 'type', 'data': {'hyper-v': 'GuestPanicInformationHyperV', - 's390': 'GuestPanicInformationS390'}} + 's390': 'GuestPanicInformationS390', + 'tdx' : 'GuestPanicInformationTdx'}} ## # @GuestPanicInformationHyperV: @@ -598,6 +601,30 @@ 'psw-addr': 'uint64', 'reason': 'S390CrashReason'}} +## +# @GuestPanicInformationTdx: +# +# TDX Guest panic information specific to TDX, as specified in the +# "Guest-Hypervisor Communication Interface (GHCI) Specification", +# section TDG.VP.VMCALL. +# +# @error-code: TD-specific error code +# +# @message: Human-readable error message provided by the guest. Not +# to be trusted. +# +# @gpa: guest-physical address of a page that contains more verbose +# error information, as zero-terminated string. Present when the +# "GPA valid" bit (bit 63) is set in @error-code. +# +# +# Since: 10.0 +## +{'struct': 'GuestPanicInformationTdx', + 'data': {'error-code': 'uint32', + 'message': 'str', + '*gpa': 'uint64'}} + ## # @MEMORY_FAILURE: # diff --git a/system/runstate.c b/system/runstate.c index 272801d30769..c4244c8915c6 100644 --- a/system/runstate.c +++ b/system/runstate.c @@ -565,6 +565,60 @@ static void qemu_system_wakeup(void) } } +static char *tdx_parse_panic_message(char *message) +{ + bool printable = false; + char *buf = NULL; + int len = 0, i; + + /* + * Although message is defined as a json string, we shouldn't + * unconditionally treat it as is because the guest generated it and + * it's not necessarily trustable. + */ + if (message) { + /* The caller guarantees the NULL-terminated string. */ + len = strlen(message); + + printable = len > 0; + for (i = 0; i < len; i++) { + if (!(0x20 <= message[i] && message[i] <= 0x7e)) { + printable = false; + break; + } + } + } + + if (len == 0) { + buf = g_malloc(1); + buf[0] = '\0'; + } else { + if (!printable) { + /* 3 = length of "%02x " */ + buf = g_malloc(len * 3); + for (i = 0; i < len; i++) { + if (message[i] == '\0') { + break; + } else { + sprintf(buf + 3 * i, "%02x ", message[i]); + } + } + if (i > 0) { + /* replace the last ' '(space) to NULL */ + buf[i * 3 - 1] = '\0'; + } else { + buf[0] = '\0'; + } + + } else { + buf = g_malloc(len); + memcpy(buf, message, len); + } + } + + return buf; +} + void qemu_system_guest_panicked(GuestPanicInformation *info) { qemu_log_mask(LOG_GUEST_ERROR, "Guest crashed"); @@ -606,7 +660,20 @@ void qemu_system_guest_panicked(GuestPanicInformation *info) S390CrashReason_str(info->u.s390.reason), info->u.s390.psw_mask, info->u.s390.psw_addr); + } else if (info->type == GUEST_PANIC_INFORMATION_TYPE_TDX) { + char *message = tdx_parse_panic_message(info->u.tdx.message); + qemu_log_mask(LOG_GUEST_ERROR, + "\nTDX guest reports fatal error:" + " error code: 0x%" PRIx32 " error message:\"%s\"\n", + info->u.tdx.error_code, message); + g_free(message); + if (info->u.tdx.gpa != -1ull) { + qemu_log_mask(LOG_GUEST_ERROR, "Additional error information " + "can be found at gpa page: 0x%" PRIx64 "\n", + info->u.tdx.gpa); + } } + qapi_free_GuestPanicInformation(info); } } diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index f857fddd839b..591de30eedf4 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -16,6 +16,7 @@ #include "qapi/error.h" #include "qom/object_interfaces.h" #include "crypto/hash.h" +#include "system/runstate.h" #include "system/system.h" #include "exec/ramblock.h" @@ -601,10 +602,25 @@ int tdx_parse_tdvf(void *flash_ptr, int size) return tdvf_parse_metadata(&tdx_guest->tdvf, flash_ptr, size); } +static void tdx_panicked_on_fatal_error(X86CPU *cpu, uint64_t error_code, + char *message, uint64_t gpa) +{ + GuestPanicInformation *panic_info; + + panic_info = g_new0(GuestPanicInformation, 1); + panic_info->type = GUEST_PANIC_INFORMATION_TYPE_TDX; + panic_info->u.tdx.error_code = (uint32_t) error_code; + panic_info->u.tdx.message = message; + panic_info->u.tdx.gpa = gpa; + + qemu_system_guest_panicked(panic_info); +} + int tdx_handle_report_fatal_error(X86CPU *cpu, struct kvm_run *run) { uint64_t error_code = run->system_event.data[0]; char *message = NULL; + uint64_t gpa = -1ull; if (error_code & 0xffff) { error_report("TDX: REPORT_FATAL_ERROR: invalid error code: 0x%lx", @@ -621,7 +637,13 @@ int tdx_handle_report_fatal_error(X86CPU *cpu, struct kvm_run *run) message[TDX_FATAL_MESSAGE_MAX] = '\0'; } - error_report("TD guest reports fatal error. %s", message ? : ""); +#define TDX_REPORT_FATAL_ERROR_GPA_VALID BIT_ULL(63) + if (error_code & TDX_REPORT_FATAL_ERROR_GPA_VALID) { + gpa = run->system_event.data[1]; + } + + tdx_panicked_on_fatal_error(cpu, error_code, message, gpa); + return -1; } From patchwork Fri Jan 24 13:20:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949419 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 238B982D98 for ; Fri, 24 Jan 2025 13:38:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725933; cv=none; b=YM3/0rUdfJ/kl41lCZbhQ7VcI2aESyjj0XnHy/r+V2HHNWzLkoma7jUeztQ9AqRfFwrxtD1TftQxjqo4ztza7k6PINT+EzCRgp5ysds4HGLzffOPPdjSwrJecdi6M2qh2iwVG+X/Crgff9j9O+F5EK7+QMklBazH7tNa+DTR8GQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725933; c=relaxed/simple; bh=tR1BwcYVrk3irorerAFU49kWmu5J765/vc7Xg99OXgc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=RTMJuUdp6GogWnSPCuqZLDsmtxQbYsyqAG1FkHsvGYH8qiEcIm9+g9/4lGkTGfgdH1uVtucktibhlKM77pbZa/gy7FjqaKCmJCX/Ido+C97X7jOEgF7fITDDFj+K0YU8L+QOxUrKfBsWdMz3R3zAp+LdSUjxpWoZJROI2OuG29s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=DyhvdlDg; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="DyhvdlDg" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725933; x=1769261933; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=tR1BwcYVrk3irorerAFU49kWmu5J765/vc7Xg99OXgc=; b=DyhvdlDgcUhDIscAujJs4IZG+qO9mnFqy7bCskinBrcbLZ9gqJMo16g4 xNlbbSyN447efFXD2sy7q1g/5ZTEhgoWWOxbLc0lfIJNee/iYQTtwNi2j Wu70n6ogbEM/+Y2LKihq6RtWmwJtGjQFNsvHrljabMw+seUETybdLmE6M zh8nOCNMRUFr6pRzOOjip7d8IVJL9iB3jf5MMWt+0DC4tOQUZr2H4dmD/ g/Qv9SwV3jkX9ShnaQ04tCg9q2ZBr6AB/ERVMGjPJairfwQZNUtosnz/8 LhUZtWHulxWQSHGwn7gzCbDI4uxo+p83U4F79BbE3GSlZuBGC0BpOStUr A==; X-CSE-ConnectionGUID: +vDW95TiSZCfL+xFVW20+A== X-CSE-MsgGUID: A+Voz1pdQlm4X4M0bQ/uSg== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246464" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246464" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:38:52 -0800 X-CSE-ConnectionGUID: sIRdno3xRHSOkSR1B5e4tQ== X-CSE-MsgGUID: RryqET44Te+aiODkHS5GLw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804371" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:38:48 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 29/52] i386/cpu: introduce x86_confidential_guest_cpu_instance_init() Date: Fri, 24 Jan 2025 08:20:25 -0500 Message-Id: <20250124132048.3229049-30-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To allow execute confidential guest specific cpu init operations. Signed-off-by: Xiaoyao Li --- Changes in v6: - new patch; --- target/i386/confidential-guest.h | 11 +++++++++++ target/i386/cpu.c | 10 ++++++++++ 2 files changed, 21 insertions(+) diff --git a/target/i386/confidential-guest.h b/target/i386/confidential-guest.h index 164be7633a20..a86c42a47558 100644 --- a/target/i386/confidential-guest.h +++ b/target/i386/confidential-guest.h @@ -39,6 +39,7 @@ struct X86ConfidentialGuestClass { /* */ int (*kvm_type)(X86ConfidentialGuest *cg); + void (*cpu_instance_init)(X86ConfidentialGuest *cg, CPUState *cpu); uint32_t (*mask_cpuid_features)(X86ConfidentialGuest *cg, uint32_t feature, uint32_t index, int reg, uint32_t value); }; @@ -59,6 +60,16 @@ static inline int x86_confidential_guest_kvm_type(X86ConfidentialGuest *cg) } } +static inline void x86_confidential_guest_cpu_instance_init(X86ConfidentialGuest *cg, + CPUState *cpu) +{ + X86ConfidentialGuestClass *klass = X86_CONFIDENTIAL_GUEST_GET_CLASS(cg); + + if (klass->cpu_instance_init) { + klass->cpu_instance_init(cg, cpu); + } +} + /** * x86_confidential_guest_mask_cpuid_features: * diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 252a07fe823e..a369cf90f5f6 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -36,6 +36,7 @@ #include "hw/qdev-properties.h" #include "hw/i386/topology.h" #ifndef CONFIG_USER_ONLY +#include "confidential-guest.h" #include "system/reset.h" #include "qapi/qapi-commands-machine-target.h" #include "exec/address-spaces.h" @@ -8156,6 +8157,15 @@ static void x86_cpu_post_initfn(Object *obj) } accel_cpu_instance_init(CPU(obj)); + +#ifndef CONFIG_USER_ONLY + MachineState *ms = MACHINE(object_dynamic_cast(qdev_get_machine(), + TYPE_MACHINE)); + if (ms && ms->cgs) { + x86_confidential_guest_cpu_instance_init(X86_CONFIDENTIAL_GUEST(ms->cgs), + (CPU(obj))); + } +#endif } static void x86_cpu_init_default_topo(X86CPU *cpu) From patchwork Fri Jan 24 13:20:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949420 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DED7438FB9 for ; Fri, 24 Jan 2025 13:38:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725937; cv=none; b=alEp4eQVt5JWTuVTVae5OV4T94qyqsWDABGcdKgCjQAqCrwin6or8SG1ktVP04H51zspTTLNO3ctyjF7n5J7fswnzAv3rw+ZQlWoHUNdDAeZiPBXtpGCzA8cVk1GQvvmJsbgsO0PrBrvkb2c2L7e7DKNIjaSnWXwXPNzRoS/hhk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725937; c=relaxed/simple; bh=Ivxfpdrpb34ZCT0lQieIiov7gVqJ7+V2EXqhX8vm6BM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=WWcmUVhjWMYMvu4fcm1KRdeBpTxp8lv7DWeK2yfLfnC0ZR0Wr6TOVMjtwq5B2F5zvVKR6Yr2IolnRIFiDkj3eksaLYSweDekHrKf2vNw9YzyVBg7M8fc1BnJEisDTop7WT33IeTzLG8EAqI+hQtkGoaibl/ogI0j6TDRHf0WIdg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=DjZOhWXS; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="DjZOhWXS" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725936; x=1769261936; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Ivxfpdrpb34ZCT0lQieIiov7gVqJ7+V2EXqhX8vm6BM=; b=DjZOhWXSEzLygND7BUTnCQw+G4OpD/AILshVSLjgak+7HcuqgIT+Rrcq 0lV7EFRj/WxWk6n06+k29Dk/4Yk0FG+rLiwAXQPl6QYvBbvHunspkDd9h R6lSKYCP2CWeRaUI+BO5Bvuxjnt9dkQEPjRJ2l9JnJXvf/hjmmtLPwZ1l Kw7LdWCDDVz/64g6I3qRZ/aX4KOZKep+V6dUprFDLaYJAVBYKyAfcy2s5 +HOJUPRhkUqcR1gpypBPCAbcDLiK/DtxU2PL6C7Z2r6J72fts5Vze0G5C Hnl1lsL+H86hwpPj4lnuh1NFNxQy++jWow90jkWQDJ72cVumgsmAcCpBZ g==; X-CSE-ConnectionGUID: F1HaYXosSX68w6hlR+YbEQ== X-CSE-MsgGUID: oaOY8StNTl2t4aySM3ZQUw== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246474" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246474" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:38:56 -0800 X-CSE-ConnectionGUID: dweXhYj8R0SZbpR+o8CQMQ== X-CSE-MsgGUID: Ie6BhehtRWOPDjgmEywIIA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804384" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:38:52 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 30/52] i386/tdx: implement tdx_cpu_instance_init() Date: Fri, 24 Jan 2025 08:20:26 -0500 Message-Id: <20250124132048.3229049-31-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Currently, pmu is not supported for TDX by KVM. Signed-off-by: Xiaoyao Li --- chanegs in v6: - new patch; --- target/i386/kvm/tdx.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 591de30eedf4..12c1c2503845 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -396,6 +396,11 @@ static int tdx_kvm_type(X86ConfidentialGuest *cg) return KVM_X86_TDX_VM; } +static void tdx_cpu_instance_init(X86ConfidentialGuest *cg, CPUState *cpu) +{ + object_property_set_bool(OBJECT(cpu), "pmu", false, &error_abort); +} + static int tdx_validate_attributes(TdxGuest *tdx, Error **errp) { if ((tdx->attributes & ~tdx_caps->supported_attrs)) { @@ -754,4 +759,5 @@ static void tdx_guest_class_init(ObjectClass *oc, void *data) klass->kvm_init = tdx_kvm_init; x86_klass->kvm_type = tdx_kvm_type; + x86_klass->cpu_instance_init = tdx_cpu_instance_init; } From patchwork Fri Jan 24 13:20:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949421 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F49338FB9 for ; Fri, 24 Jan 2025 13:38:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725941; cv=none; b=kvYP91M4OZSYrh4dRMjWa6ig74jgRBcnKvZhhIuxAmxnEQWRaQqFInbt3T2U/uZfBK4jEAKps28QOcLbEKW+kgOeK5F7kyeNQ/uEAdZq0BJd3QvRqIWqs7jfg3QTA39UwxfV2WIjQpELi2XzEIkIvs+efAAAAZG58sN/IMO8vUk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725941; c=relaxed/simple; bh=AIvTamkBOmKspnXO3UXE/eRzJSG4/8lw/StlhSw6xEg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=h90WvN/ssXvVFkiNy/bPvfecXq9LJjtMet/1aE/sX5Fp02/F7u5Qg8qo3x8QlLsOyCaeiBk0MCDMkNOh0KDlhP+jxf6w6fYP/pqPTVzy/hoDnR69J/lYx/jOwVPkWh8gZfZ4w0mEkaK/qLKYH8i2hdLDPiSwiPUEqxVQeU/yQLw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=lLbRk5Fb; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="lLbRk5Fb" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725940; x=1769261940; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=AIvTamkBOmKspnXO3UXE/eRzJSG4/8lw/StlhSw6xEg=; b=lLbRk5Fbk1BUx18fMUMCNUPsTjHMeSBZm6uN7LJk8c66UMDNMGgF6nEa sFfcv2DLuK0U88k5U4Jw9jUCe134Ab8ZewmM5GTqBBv4Z+FSFk39RvVJU dh8bXHX07tBmvkVFgaNKcHHp3+BvKmW66Qnsz0QVqlHdl866HVaF2hrpj PdwFBtXHpX1qdBFtmUN+Nlc9ytQ+4VXv8H3lyJAjDW/P1bz/fROdS41pZ jOXC4t8YHhoN+4eivkqbhilz6lWsE31eE6l98QHnniiJ1PpY3pXY6ca0l jIM8OfOXvBF6/9KscX/ypz7n6lB8Ka4YnAXbVenMw5sTO4i35fSCsgQE9 Q==; X-CSE-ConnectionGUID: QNObTAbeT1W/AlYRlMXKTA== X-CSE-MsgGUID: P8uO3BKSSW2gxr2iz8tPFA== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246482" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246482" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:39:00 -0800 X-CSE-ConnectionGUID: WmHn80zLQV22oN/URjP/rQ== X-CSE-MsgGUID: 4GbByw3iST+eUc/xzSjrRA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804389" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:38:55 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 31/52] i386/cpu: Introduce enable_cpuid_0x1f to force exposing CPUID 0x1f Date: Fri, 24 Jan 2025 08:20:27 -0500 Message-Id: <20250124132048.3229049-32-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Currently, QEMU exposes CPUID 0x1f to guest only when necessary, i.e., when topology level that cannot be enumerated by leaf 0xB, e.g., die or module level, are configured for the guest, e.g., -smp xx,dies=2. However, TDX architecture forces to require CPUID 0x1f to configure CPU topology. Introduce a bool flag, enable_cpuid_0x1f, in CPU for the case that requires CPUID leaf 0x1f to be exposed to guest. Introduce a new function x86_has_cpuid_0x1f(), which is the warpper of cpu->enable_cpuid_0x1f and x86_has_extended_topo() to check if it needs to enable cpuid leaf 0x1f for the guest. Signed-off-by: Xiaoyao Li --- target/i386/cpu.c | 4 ++-- target/i386/cpu.h | 9 +++++++++ target/i386/kvm/kvm.c | 2 +- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index a369cf90f5f6..4088bf63c48f 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -6725,7 +6725,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, break; case 0x1F: /* V2 Extended Topology Enumeration Leaf */ - if (!x86_has_extended_topo(env->avail_cpu_topo)) { + if (!x86_has_cpuid_0x1f(cpu)) { *eax = *ebx = *ecx = *edx = 0; break; } @@ -7588,7 +7588,7 @@ void x86_cpu_expand_features(X86CPU *cpu, Error **errp) * cpu->vendor_cpuid_only has been unset for compatibility with older * machine types. */ - if (x86_has_extended_topo(env->avail_cpu_topo) && + if (x86_has_cpuid_0x1f(cpu) && (IS_INTEL_CPU(env) || !cpu->vendor_cpuid_only)) { x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x1F); } diff --git a/target/i386/cpu.h b/target/i386/cpu.h index b26e25ba15e0..ca6295605985 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -2191,6 +2191,9 @@ struct ArchCPU { /* Compatibility bits for old machine types: */ bool enable_cpuid_0xb; + /* Force to enable cpuid 0x1f */ + bool enable_cpuid_0x1f; + /* Enable auto level-increase for all CPUID leaves */ bool full_cpuid_auto_level; @@ -2453,6 +2456,12 @@ void host_cpuid(uint32_t function, uint32_t count, uint32_t *eax, uint32_t *ebx, uint32_t *ecx, uint32_t *edx); bool cpu_has_x2apic_feature(CPUX86State *env); +static inline bool x86_has_cpuid_0x1f(X86CPU *cpu) +{ + return cpu->enable_cpuid_0x1f || + x86_has_extended_topo(cpu->env.avail_cpu_topo); +} + /* helper.c */ void x86_cpu_set_a20(X86CPU *cpu, int a20_state); void cpu_sync_avx_hflag(CPUX86State *env); diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index a76f34537908..741b50181ed9 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -1871,7 +1871,7 @@ uint32_t kvm_x86_build_cpuid(CPUX86State *env, struct kvm_cpuid_entry2 *entries, break; } case 0x1f: - if (!x86_has_extended_topo(env->avail_cpu_topo)) { + if (!x86_has_cpuid_0x1f(env_archcpu(env))) { cpuid_i--; break; } From patchwork Fri Jan 24 13:20:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949422 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 72558200CB for ; Fri, 24 Jan 2025 13:39:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725944; cv=none; b=AU4nFtR76T2rjGIRAwr9QDdlLfuJh+DxPLuF1qd5AnLTqzQPAUb2KFAfmExhGs5NJ5gKpVmopOIufscpSXDdY2EWW2IChRd+ZctxEaE0taw9qwtsE64VRHeEXAD997TTVjcMeap4SrTtG9Dt/4x2Vqxky4bKOxTAVpifpE3NSCc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725944; c=relaxed/simple; bh=gvdGEGL02d6aKTIMX6p6dptSfxOU4tPyFWKuZUDDD8w=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=s3vOTiqwAgWyHOoaeZLDwxUouwWIYsy+xN2ObNRf+2XGmT9YTSIKY2e7+w+P+WbQkcnr07+0shlaz/llLHjkERT1hCf+INVmFBnDQPR534ZtC3suj+KFEWB9gMG17fkrFaXj0eTk0vemqSjOeVFh+USrqgtjQvnX1aEqZiq7+nM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=jLTrSpwI; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="jLTrSpwI" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725944; x=1769261944; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=gvdGEGL02d6aKTIMX6p6dptSfxOU4tPyFWKuZUDDD8w=; b=jLTrSpwIV8sBnM0PcGCnzF46mXRbK7orDpgPTCxiS8by2EARF0ZsTWg8 8SXdehK6OJ5Huim7wY6aRyaXFx5ypeZBUBEPLf4ZYWuexgnNWqt66Gl5Z 8wZ8co/0efAzQuf2AG6SdbjctOHyL/tX14TlowE60PWZsnYom2K+vbLCP 5u0TLhV7OW0IEZcjQ3orOe/GS9ZV5C/1SRc1QjGe9bHFtT1jnISiUPBxy RqMh/BIlYSCayRS5VHbkBfOUsLduIVzUc+GiRzicOZHr9690plKfr+qO1 K2x6NsrpQm9dznLTSeJUqHY1TePA87C4sIqWUxWhxxdcoaV90GXclAaJz w==; X-CSE-ConnectionGUID: leYaUTfKReii/edbeF37Dg== X-CSE-MsgGUID: pwAzWP4gQn66z7Xg5NKZmg== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246489" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246489" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:39:04 -0800 X-CSE-ConnectionGUID: q6lwtWH5Sf2lGTLnpusrCg== X-CSE-MsgGUID: BrGUpB9IS+KCu6ES9ZYanA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804393" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:38:59 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 32/52] i386/tdx: Force exposing CPUID 0x1f Date: Fri, 24 Jan 2025 08:20:28 -0500 Message-Id: <20250124132048.3229049-33-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 TDX uses CPUID 0x1f to configure TD guest's CPU topology. So set enable_cpuid_0x1f for TDs. Signed-off-by: Xiaoyao Li --- target/i386/kvm/tdx.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 12c1c2503845..982ed779df4a 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -398,7 +398,11 @@ static int tdx_kvm_type(X86ConfidentialGuest *cg) static void tdx_cpu_instance_init(X86ConfidentialGuest *cg, CPUState *cpu) { + X86CPU *x86cpu = X86_CPU(cpu); + object_property_set_bool(OBJECT(cpu), "pmu", false, &error_abort); + + x86cpu->enable_cpuid_0x1f = true; } static int tdx_validate_attributes(TdxGuest *tdx, Error **errp) From patchwork Fri Jan 24 13:20:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949423 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5556B3596F for ; Fri, 24 Jan 2025 13:39:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725948; cv=none; b=lgoF9Yz+Kx2Gy8Ds+xDyuBYBQY7h3JSrnZ5blr6TMQtxrrVteq4tfptG8v/5QzvGJWuFyUq4YBgnzPHcS8lhzO2kOP+g+6q0dNlPkP3zVGb2sF+NxgeoO9vvLs7Cg+AsYABBGzeZkvwMqeeeOn/QbBok/gUxq8AWwJfkS0GLlko= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725948; c=relaxed/simple; bh=UJnACVf3T37Fmb+2OQU8K8i1iB2c5T66nUw1V5dXM4U=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=R4RsCvHZjssyDlJ0yU7Dh7t9cPYGT86hy2P7UdpdEmWnBPQBFOgL6ZWxqwgM/nzwtgjZRmotPlIXh72z0Z0BL/yNbow0PU4BppRI/R+nnYs/suDfvShNh7jNQOaFCYSZORZ6m4OuQaFmCondvnX+6O177Xjv3jH5tHhQp7KmwWo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=AQInJ6Ye; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="AQInJ6Ye" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725948; x=1769261948; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=UJnACVf3T37Fmb+2OQU8K8i1iB2c5T66nUw1V5dXM4U=; b=AQInJ6Ye55//u17K5+WUNb4wtl5SbK2COUE75Tdi+sWc1Pdss7oUUgyJ eF8bZx7NPu3afQSROz9dHLfvXWS3I3eT53Sw1gFFm8s11y1he1BIvWH3K h3+hTK37vgfM315rHpvxigNjbnW5XSUMOhvdfmWyHtfm2iF9zdiF7Ycmt +FNBGTR3xdYs+bHL0EPrM4wnV7CQroPC/TpiDlSy9FgQOdaAmTRVB6i8O fhWz6Wn9te4Xj8vDXgVWE1RVawYgtM+z4AlSrF0cJQpsmn0ARRU4icOhv 4XHzZkyaT39lhIWM2qdlg5Y/NpIqo6OhUugI22xXYUsXIrX4twMlp7RFT w==; X-CSE-ConnectionGUID: qF66athMTpqYvIgyT5C5wg== X-CSE-MsgGUID: oj9dIcEDTSOj0Dr2M5WcBw== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246495" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246495" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:39:08 -0800 X-CSE-ConnectionGUID: NZCk2prLRXuPRRpgoNNQAg== X-CSE-MsgGUID: aLb6l2I8QYiC9kP7w1rUkw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804398" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:39:03 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 33/52] i386/tdx: Set kvm_readonly_mem_enabled to false for TDX VM Date: Fri, 24 Jan 2025 08:20:29 -0500 Message-Id: <20250124132048.3229049-34-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 TDX only supports readonly for shared memory but not for private memory. In the view of QEMU, it has no idea whether a memslot is used as shared memory of private. Thus just mark kvm_readonly_mem_enabled to false to TDX VM for simplicity. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- target/i386/kvm/tdx.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 982ed779df4a..f4d95b0a4029 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -382,6 +382,15 @@ static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) return -EOPNOTSUPP; } + /* + * Set kvm_readonly_mem_allowed to false, because TDX only supports readonly + * memory for shared memory but not for private memory. Besides, whether a + * memslot is private or shared is not determined by QEMU. + * + * Thus, just mark readonly memory not supported for simplicity. + */ + kvm_readonly_mem_allowed = false; + qemu_add_machine_init_done_notifier(&tdx_machine_done_notify); tdx_guest = tdx; From patchwork Fri Jan 24 13:20:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949424 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DC7D586342 for ; Fri, 24 Jan 2025 13:39:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725952; cv=none; b=M+thCn4yrDCX2i688TFG8rOm5EhMUwTBK1LnaqFr791F5jADG6CA3IKaQWHQlX1TCFWDDtB7Or4/iUq7RMFCIkPj3RtXbxRj5uBymqzJJUDafdB+Hqiva338BPQdpn1ko64KW3PzaalMUTA4vCQO/toL7LI8shxforlGfsxplCQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725952; c=relaxed/simple; bh=3htOvA2jbpLNtRYP7pYOxr4oRukBQDBcMamKFay85SU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=STPQKlUjUqZFjXveIcltPCKdMT/WspmLZasMRI1ly+tK9w3qsoNiuF0O/SPgHVleGEn45Uf9zxB5RtcktL9cPO+hWcKswvXxAA9LFK/G4IGtfpaIYNq+nLd+QE6lSQ/lof3nmsCobxJYGepxAdamxA+OwsykaIWgCK60MPgGhss= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=LarIPoa+; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="LarIPoa+" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725951; x=1769261951; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=3htOvA2jbpLNtRYP7pYOxr4oRukBQDBcMamKFay85SU=; b=LarIPoa+lZvR8k/rtBHkI6AXdEpfQtF8kxFIxjeSUaWLn7I8WiLgVO3o xPsDlF9ZkrEDRr8QFgOZGp1cycWLJevXtB74avTlzujbsTxuqPlgnOcMN AHZuxrPwxox3UsnPIU/NXGhJbOqW7aJjqVt9RYWehoo8gpq06A6wOTSbY N/kerJcFr5/pR/RRqd6p0sLLEPWB4cOHJKix2pVV5FCWU/ewCfOsPbYCL 6VT/9jHFL83zQz8Nt4H6WDacZrSqA29QhgWNgGk9phEoKKnVyYAPv6lgd e/yLzsX+wE/1aRh1YGl+pFB/h2pIRonyiFNSX4Yh3plEmnV4mSABebgDn Q==; X-CSE-ConnectionGUID: DGQi49DWSISUpGswk1H4tQ== X-CSE-MsgGUID: 9ym7g8DJTBmINZKToIBUEg== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246501" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246501" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:39:11 -0800 X-CSE-ConnectionGUID: GBAGZD3TTzGavPdm4Wq8KA== X-CSE-MsgGUID: GpGGeVBJSaWU8VbW4hQpRQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804403" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:39:07 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 34/52] i386/tdx: Disable SMM for TDX VMs Date: Fri, 24 Jan 2025 08:20:30 -0500 Message-Id: <20250124132048.3229049-35-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 TDX doesn't support SMM and VMM cannot emulate SMM for TDX VMs because VMM cannot manipulate TDX VM's memory. Disable SMM for TDX VMs and error out if user requests to enable SMM. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- target/i386/kvm/tdx.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index f4d95b0a4029..10059ec8cf92 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -365,11 +365,20 @@ static Notifier tdx_machine_done_notify = { static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { + MachineState *ms = MACHINE(qdev_get_machine()); + X86MachineState *x86ms = X86_MACHINE(ms); TdxGuest *tdx = TDX_GUEST(cgs); int r = 0; kvm_mark_guest_state_protected(); + if (x86ms->smm == ON_OFF_AUTO_AUTO) { + x86ms->smm = ON_OFF_AUTO_OFF; + } else if (x86ms->smm == ON_OFF_AUTO_ON) { + error_setg(errp, "TDX VM doesn't support SMM"); + return -EINVAL; + } + if (!tdx_caps) { r = get_tdx_capabilities(errp); if (r) { From patchwork Fri Jan 24 13:20:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949425 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD4A63594E for ; Fri, 24 Jan 2025 13:39:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725956; cv=none; b=AYe7VhQ8kNBHpIASDTHRL1FBVgMwFx827F7+WOFjPvbIzyzmCvLuecm3cXMECLG9AQU5o3+YgemV9P+cQwqin/uoraaJOC0VbP3VZnGdBxt/Mhd69w2Ryz6I14NtfAdwuLIHwHUMn9AH5THNoRUcHD3NKAPDepVny8YVMj8WuLM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725956; c=relaxed/simple; bh=0CHytoVi2GC8eQQ7AANbOOAGWz2m8eyJezmiyRUq10I=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=nCb05EP47I3E0mVOIWLhzEgj1YGiUSOAj8HPeeFbZ5fVhN/bVYY2ImfFrypzLeSTfX8LnSjYp/lcFvCfN7WBdzJvsDB4XGTlo/IsnXktvqqcf/+YAXps/mhoMJTeu1xGNh9eu2+xlqJAzmKH3iMv2k9Q8GAkpPCyAfy4Et027Nc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=fRdF8N1i; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="fRdF8N1i" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725955; x=1769261955; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=0CHytoVi2GC8eQQ7AANbOOAGWz2m8eyJezmiyRUq10I=; b=fRdF8N1ifwbwuYOpY+FOeSNNb1aEUZkUm38sBRsy/h2OEbuuwREfJlPT ERyaGj6A+evlWghgkjw9UFXc0vcXeQsgIHcoNNV1rHPJnRno2UZf7Hfym g+tDOFqIOozAmYGvVv8wBENTyEck6sXMkY3uw6qPSOQ4D3REM+I8gSPE6 cZQyi87MFH7pLEwtUbYGMA455K13K30UFt6OdAWtB7gwwjvytB8bLvyqL tVRzijYyWxqOxJ0E0+hoU9DCYzAQN+vxkZ3SVErmIMpbswzTSE+O+gzqF dfLIMiqaaaE57vKZnP7T+1dyYdsx9+Xp5EDn3abPWhr3fIhRuKvTFaqpU Q==; X-CSE-ConnectionGUID: sxU1OQbNSPiT5rpgvhAnwg== X-CSE-MsgGUID: WePntlxsTueXkFBVp6d5zQ== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246507" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246507" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:39:15 -0800 X-CSE-ConnectionGUID: hYbMASohSQSUYNitfkfutA== X-CSE-MsgGUID: djbbnopIQ36NvvDoZQdgXQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804409" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:39:10 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 35/52] i386/tdx: Disable PIC for TDX VMs Date: Fri, 24 Jan 2025 08:20:31 -0500 Message-Id: <20250124132048.3229049-36-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Legacy PIC (8259) cannot be supported for TDX VMs since TDX module doesn't allow directly interrupt injection. Using posted interrupts for the PIC is not a viable option as the guest BIOS/kernel will not do EOI for PIC IRQs, i.e. will leave the vIRR bit set. Hence disable PIC for TDX VMs and error out if user wants PIC. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- target/i386/kvm/tdx.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 10059ec8cf92..dcbbe350ec91 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -379,6 +379,13 @@ static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) return -EINVAL; } + if (x86ms->pic == ON_OFF_AUTO_AUTO) { + x86ms->pic = ON_OFF_AUTO_OFF; + } else if (x86ms->pic == ON_OFF_AUTO_ON) { + error_setg(errp, "TDX VM doesn't support PIC"); + return -EINVAL; + } + if (!tdx_caps) { r = get_tdx_capabilities(errp); if (r) { From patchwork Fri Jan 24 13:20:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949426 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 735D93594E for ; Fri, 24 Jan 2025 13:39:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725959; cv=none; b=WEvmYxN4jtuxOPhncSOB5s8eD1A9v4SNWSX4MPQCzX7QryJMtn7Cjc8WfrFA8D+rYrdt1fO4mNkiI8stqJRSqNQqfcRA2qYSIsM+P09XdaA0qogL7YXXnvshiJ2UyT/itDRwMuZAmL9Qo5T0dtydEROPnopSN4fHYlFCu1Rqm2g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725959; c=relaxed/simple; bh=VD5cLhhOxm2rY5XZ6+nf6tMgf/SKVeJGzlvaWHkLI9U=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=fsG77C1pr0nbLJTp2UPL6530m34c/qprvt+rUv9f2LbNqRIyz2cdHqimoIpEiCPwQJZhvNlrpRCdLGh8fzJ1GGLfYB1uafr95f/41PfjB6V/JeOecYc/IeLLrxF7o+Yh7xuDx0qsoKiFIL3EPMVAaRl18ThRF+tl/Hzhf/knnWU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=aoWGBbZg; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="aoWGBbZg" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725959; x=1769261959; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=VD5cLhhOxm2rY5XZ6+nf6tMgf/SKVeJGzlvaWHkLI9U=; b=aoWGBbZgCh/D38e1Q4y56gzX143jBnj8GoHMIAl6stzv6sISKaHQrB9U j14SF7YWIgeZm7hjzPIt7FHy1ocGc0FuURhph1OKNCjBl2YShduC0Gmoe WB5RRo6vPAyPqYwZYhoM1PtQ0RyirNyPNyaYDl9vZhKxRgfe1lLZUEgjd 9SVGgdL7cc8J41XhPpIVpiIUlUk1bMcHvTDb9oZfaeGEMon3fZ8xVmkPW YQeOdA5gnlGtLaf/eyyqNZ77LgIxmEklRGuUWEX/OCFsITFw8E9V4XypQ unoF56KYSR/3aMvV2sp8IqO0MhBrq1VVrQy3O7suykeYXFHhU4srRTLw5 g==; X-CSE-ConnectionGUID: K2DQSF+lQC6W49B/2rXSFQ== X-CSE-MsgGUID: F2wVZfl9TeOCsOf+e6qsRQ== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246515" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246515" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:39:19 -0800 X-CSE-ConnectionGUID: k5hFUSl5SLWds1zHhX0NtQ== X-CSE-MsgGUID: ud8VOOXFTjingq/w1aRZCg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804414" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:39:14 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 36/52] i386/tdx: Don't synchronize guest tsc for TDs Date: Fri, 24 Jan 2025 08:20:32 -0500 Message-Id: <20250124132048.3229049-37-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Isaku Yamahata TSC of TDs is not accessible and KVM doesn't allow access of MSR_IA32_TSC for TDs. To avoid the assert() in kvm_get_tsc, make kvm_synchronize_all_tsc() noop for TDs, Signed-off-by: Isaku Yamahata Reviewed-by: Connor Kuehl Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- target/i386/kvm/kvm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 741b50181ed9..ead1d0263385 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -327,7 +327,7 @@ void kvm_synchronize_all_tsc(void) { CPUState *cpu; - if (kvm_enabled()) { + if (kvm_enabled() && !is_tdx_vm()) { CPU_FOREACH(cpu) { run_on_cpu(cpu, do_kvm_synchronize_tsc, RUN_ON_CPU_NULL); } From patchwork Fri Jan 24 13:20:33 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949427 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DF7607080B for ; Fri, 24 Jan 2025 13:39:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725963; cv=none; b=N7wgoWN2oSPwNYm61sVMj69WxquMD/YWtH7gDXAOBRv/6GhQmo7aGHOxXvUg6WxxGYmTicQF9Y5XMVp7RzOa6+Ea2O57Kg9fyB5RqhNxL9X6gpg2irKI1N2goT11qvQr8DL1cdC0vVeDVWObHMLiUrpqoJjn61EGxF1R6MfCIvE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725963; c=relaxed/simple; bh=1ZBokcORlkGr+ynt1gqXnRjHyyHWXe5wnMVgE1+YOYs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=TJTI39TWYKF3UfF4w58z3X0wZv07W48ztefGQ6OtXHdyG8LFDbvdgDDJNFfmzG7QB1GITsjSGbjTYiFsp3wQeTCVDK7hlnkyjeRalT5eGzFeF6DeYwk/r/tCyoxJmA4+OKDRzoSqVodGJoJPXt1wslhYE3il86TuCSO+1vZKTH4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=oC0Yj0D5; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="oC0Yj0D5" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725962; x=1769261962; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=1ZBokcORlkGr+ynt1gqXnRjHyyHWXe5wnMVgE1+YOYs=; b=oC0Yj0D5yHl8AXSTE7SUNlPcrX1FhPgRQBtt+VgCqcpt1Jn/dmeNjr+g Y0WhUzm1Cqz7qq6mT9krdzQf/x8PY03jvdO54q5e09JtqLKne/xCgFF0L huoMdGJw4u59SXD3fI9oKRVPfShK20D/nyL5CHZLUdGccp0RlEr0DAMqB T/Yl1prt/+j8Fd/5R/EINbj8UUmHRNYltlsSnI9uVvoTHrj2KJ+DtKDj4 smpZPPCu55jEwhkEX+V+u96PcIn5Z3/hUW/syar1+UK2qUOprzhG5jBuA v1txNjOX6xOUu9NfbXmEK9sFu22r7yWAh88baxG3aZSWQNm1cR3ciRd50 g==; X-CSE-ConnectionGUID: l73uePjxSWup7s/3jNmTkA== X-CSE-MsgGUID: cEPYSzQISgeDWTjRCJR/5g== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246522" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246522" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:39:22 -0800 X-CSE-ConnectionGUID: L2y8dTvzTU2ddyE9ud9+fA== X-CSE-MsgGUID: 5GNqz6pFR1uKwKz6iRg36Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804419" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:39:18 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 37/52] i386/tdx: Only configure MSR_IA32_UCODE_REV in kvm_init_msrs() for TDs Date: Fri, 24 Jan 2025 08:20:33 -0500 Message-Id: <20250124132048.3229049-38-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 For TDs, only MSR_IA32_UCODE_REV in kvm_init_msrs() can be configured by VMM, while the features enumerated/controlled by other MSRs except MSR_IA32_UCODE_REV in kvm_init_msrs() are not under control of VMM. Only configure MSR_IA32_UCODE_REV for TDs. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- target/i386/kvm/kvm.c | 44 ++++++++++++++++++++++--------------------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index ead1d0263385..4078ba40473e 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -3863,32 +3863,34 @@ static void kvm_init_msrs(X86CPU *cpu) CPUX86State *env = &cpu->env; kvm_msr_buf_reset(cpu); - if (has_msr_arch_capabs) { - kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES, - env->features[FEAT_ARCH_CAPABILITIES]); - } - - if (has_msr_core_capabs) { - kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY, - env->features[FEAT_CORE_CAPABILITY]); - } - - if (has_msr_perf_capabs && cpu->enable_pmu) { - kvm_msr_entry_add_perf(cpu, env->features); + + if (!is_tdx_vm()) { + if (has_msr_arch_capabs) { + kvm_msr_entry_add(cpu, MSR_IA32_ARCH_CAPABILITIES, + env->features[FEAT_ARCH_CAPABILITIES]); + } + + if (has_msr_core_capabs) { + kvm_msr_entry_add(cpu, MSR_IA32_CORE_CAPABILITY, + env->features[FEAT_CORE_CAPABILITY]); + } + + if (has_msr_perf_capabs && cpu->enable_pmu) { + kvm_msr_entry_add_perf(cpu, env->features); + } + + /* + * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but + * all kernels with MSR features should have them. + */ + if (kvm_feature_msrs && cpu_has_vmx(env)) { + kvm_msr_entry_add_vmx(cpu, env->features); + } } if (has_msr_ucode_rev) { kvm_msr_entry_add(cpu, MSR_IA32_UCODE_REV, cpu->ucode_rev); } - - /* - * Older kernels do not include VMX MSRs in KVM_GET_MSR_INDEX_LIST, but - * all kernels with MSR features should have them. - */ - if (kvm_feature_msrs && cpu_has_vmx(env)) { - kvm_msr_entry_add_vmx(cpu, env->features); - } - assert(kvm_buf_set_msrs(cpu) == 0); } From patchwork Fri Jan 24 13:20:34 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949428 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 892A67080B for ; Fri, 24 Jan 2025 13:39:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725967; cv=none; b=okh45gQViET7nEqZ0NZat/irDjWkn9Ymx/dW/FEgEvwq1oCnTPaVlI8xiC43RP6ybkw/EMUAYJEt02TJLrs7vRWmp5BymQNQbBTuhY6+7uonX8l4LSdJf6Y2kFmJ+rtJ8PK9SivU0Yutbl7LrcGcUB7mApTFoQJawGbfjCv8zT8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725967; c=relaxed/simple; bh=Td2pdCuaEFQpSTTH/BdQkkMIQipWLW2UwdU/17m7eU4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=aFIcsC8a5YwDJMbah+1MmVY56Wo4NBRNoDTxvI9jzJ3Tc84q6qnt8Oyhf0a3swXYRV9uDI26XAAf/eo5jeDue9emPC/0Q01mAItAQHpk5pwlgIu/rSkZmFcE1V4r3S1McOlmMFwlYZzFFDWtgO/m6yGY+hBkxRLhffhxaIvQ3S0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=BwCmoqOJ; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="BwCmoqOJ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725966; x=1769261966; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Td2pdCuaEFQpSTTH/BdQkkMIQipWLW2UwdU/17m7eU4=; b=BwCmoqOJGUjtQ9qrpYOdKeWSr7TpOw/aZrOdeUodWJG+ovBLU2Sywb35 m8Qur8JpgstIGEmX1aFd/4Ll6Oqf7sKukhKW3kmWfN3hPxaat/Bh27XnR u0QVaNZudHHk52/wP+kohnZlyQxhP06BO65O67jL6KJUSMlu9Yfvw8+q8 Q7nhtJnOZ1nys6uCeTABo7oythO72MGkThP5D3dqNF1L7khljvGmky4Un ExShJN1tQtbVDNiwUbrCtN7YDQKwe3/aVOZuwV396/Rl7GsvM17pkG+2S A0VC+PmFPjJM611DXvhoRmlWBT1xTtB3Ljvup4dpBgAqFQ0ZRUecrhFTe Q==; X-CSE-ConnectionGUID: o2ZXdML/T/+n38zRhlKQtA== X-CSE-MsgGUID: 7ZOfi9v1TG2kak8+HcCMLQ== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246530" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246530" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:39:26 -0800 X-CSE-ConnectionGUID: XGn4NuL3ROK2pqBS1b63dw== X-CSE-MsgGUID: W1io1APpQqeNn+HtZxbpRg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804428" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:39:21 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 38/52] i386/apic: Skip kvm_apic_put() for TDX Date: Fri, 24 Jan 2025 08:20:34 -0500 Message-Id: <20250124132048.3229049-39-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 KVM neithers allow writing to MSR_IA32_APICBASE for TDs, nor allow for KVM_SET_LAPIC[*]. Note, KVM_GET_LAPIC is also disallowed for TDX. It is called in the path do_kvm_cpu_synchronize_state() -> kvm_arch_get_registers() -> kvm_get_apic() and it's already disllowed for confidential guest through guest_state_protected. [*] https://lore.kernel.org/all/Z3w4Ku4Jq0CrtXne@google.com/ Signed-off-by: Xiaoyao Li --- hw/i386/kvm/apic.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hw/i386/kvm/apic.c b/hw/i386/kvm/apic.c index 757510600098..a1850524a67f 100644 --- a/hw/i386/kvm/apic.c +++ b/hw/i386/kvm/apic.c @@ -17,6 +17,7 @@ #include "system/hw_accel.h" #include "system/kvm.h" #include "kvm/kvm_i386.h" +#include "kvm/tdx.h" static inline void kvm_apic_set_reg(struct kvm_lapic_state *kapic, int reg_id, uint32_t val) @@ -141,6 +142,10 @@ static void kvm_apic_put(CPUState *cs, run_on_cpu_data data) struct kvm_lapic_state kapic; int ret; + if(is_tdx_vm()) { + return; + } + kvm_put_apicbase(s->cpu, s->apicbase); kvm_put_apic_state(s, &kapic); From patchwork Fri Jan 24 13:20:35 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949429 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1142614658F for ; Fri, 24 Jan 2025 13:39:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725970; cv=none; b=mcWaQtGIXOZg0ZEJW5SjLZmb2Dm6ASZtykiDgxFyOwAuLB9Gf/Pzk3JiHwo7mo+1GtkJdPJ64He60A+ivrwQ+t4GFaNIjZacEKaqsTZYIILXtD2Tdbwgo4YDfz8qXe6JOn+d7Td84x+kbCRUZD5FaUQB782BubhnPoA1M+fwKac= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725970; c=relaxed/simple; bh=Cg9zFgAAzu9TXNw0/8UbOMWfLRF5mK1sJR1xnM0x7yE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=gWx/AxdcD6KaRQFnCnkp4a42rqr5euvhUrNAyVp/9gD+1OxSNxvZnbSqDVEdsIfJyAnmbDnBINdvHj+Yhlq1RMgVNthbPOIHCmVrGJH6HUmAFct6QgDZUnnSun3AjpDdiOWpmzwr+3OE2DrP7F6S0fV+RKiFFGq6ktvoBJT2EYw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=GyrlkN45; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="GyrlkN45" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725969; x=1769261969; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Cg9zFgAAzu9TXNw0/8UbOMWfLRF5mK1sJR1xnM0x7yE=; b=GyrlkN45I8ohXUDSnXwX92jTe2Yn7IgH2m5lenjO9suGVOUHo0R2SufQ lPaap18ezVEazp44tp8bfFIcDW/KXna7mozHOZpBW5Bhjg8i9pDjmYeAw fp5lPpZxdaF+WYDhN57l9vlPZ9vY/OZWTPkFy0oaT26ZrH1u5bvjl5l6V eoXADA8WFFrr6cd7cn4crLOSrQdwEouTcGMQi1HpJFVZBGCBdcAh7YWj/ WyGybGqS0bOnOdQUOj2OzgQyFb6Ux/ObxK31M4tmmAOuwRalSf/pcMe3W JdPqqreOAacXK+ohd5+5hYGf3U67SAccK92YXYSUSFkySSulD6RKzXmyd A==; X-CSE-ConnectionGUID: J1dQQnU+SaK7QmP6+SkbCg== X-CSE-MsgGUID: gJWUTbXxQY+23POWxa33BQ== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246541" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246541" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:39:29 -0800 X-CSE-ConnectionGUID: QgXs53yKRAimdFJ5U90NLA== X-CSE-MsgGUID: zZ33BOzxQ56B2EFNvXjAYQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804435" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:39:25 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 39/52] cpu: Don't set vcpu_dirty when guest_state_protected Date: Fri, 24 Jan 2025 08:20:35 -0500 Message-Id: <20250124132048.3229049-40-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 QEMU calls kvm_arch_put_registers() when vcpu_dirty is true in kvm_vcpu_exec(). However, for confidential guest, like TDX, putting registers is disallowed due to guest state is protected. Only set vcpu_dirty to true with guest state is not protected when creating the vcpu. Signed-off-by: Xiaoyao Li --- Changes in v7: - new patch to replace "i386/tdx: Don't get/put guest state for TDX VMs" in v6; --- accel/kvm/kvm-all.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index e35a9fbd687e..c1fea69d582e 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -466,7 +466,9 @@ int kvm_create_vcpu(CPUState *cpu) cpu->kvm_fd = kvm_fd; cpu->kvm_state = s; - cpu->vcpu_dirty = true; + if (!s->guest_state_protected) { + cpu->vcpu_dirty = true; + } cpu->dirty_pages = 0; cpu->throttle_us_per_full = 0; From patchwork Fri Jan 24 13:20:36 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949430 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EBA2214A605 for ; Fri, 24 Jan 2025 13:39:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725974; cv=none; b=TqwuLar7Hesjw03TiUPKNf5dHqKSCwjX2CI9Or4WGO8+YB6BQpKRTMX3zG5HwRDt9RFzZb/tPNriLjQkdwMHiXoWr7dYFUUragZjA9YoTwVM/HjSDY+qyPP44Oud8QdGWnMjOPY+V6RSq8odhQ21tytVIg4CN6N8Os+/RdS0AME= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725974; c=relaxed/simple; bh=XEwqmQoSvwYMfkPqc6TzR0UgP5NnIAttqomtt/9PTFQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=J4CDzmJ2jAM/JtTZZ4Ld9wTbDHt3BC8VGoYxsGOVNfaKxWDzoSN5Pl/gXN55vlO8X18SLlWni0kilOddsgj57f4sLv6JI2pZoyNLHdgtNQTtU/Q6dTd+H96mJfVHjMitTZrefg/D65WhTtCL/JQ/MMejVADw1dskJ/m3IyQxXV4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=FFW7MMch; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="FFW7MMch" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725974; x=1769261974; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=XEwqmQoSvwYMfkPqc6TzR0UgP5NnIAttqomtt/9PTFQ=; b=FFW7MMchctz+MDlUNosUDa0Cp80fafzNyZTkLpCrWlIMVUnWLP+R2PXr aqk4gt1WDaV+mIVf2Xv050MXyxS7JG00Z9lgNTTvWkRBrMF43NmOHHjEM c+pcD4ExrbQ0lIKA1s4p0sDko5flFk+3Q75wSXnUgD2ucvLLIRJlXDf2n rzBlRznqJockyRKbMF02FcvnvnnNlNXJEdzAGASWWsZftv+Pu8px740Hi Zrtokwnd+xxQJtkxvnH2zcwChBinxJHvpi3gkI9f1ESYtx/EQ63R3Fc5v oam3Gl1Y4YtiGXUP+czovJlugq8/+s4jtJApGfVnmb//z762KFHRITjou A==; X-CSE-ConnectionGUID: uIXUN9AwSPupRG31XiZ5fw== X-CSE-MsgGUID: pc5L8uqcSiKrgKcPFN+3GQ== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246551" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246551" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:39:33 -0800 X-CSE-ConnectionGUID: e6jGRyZ/TK+fefS8MicOpQ== X-CSE-MsgGUID: gNS9RrQUStOtIANF8dwOFg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804442" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:39:29 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 40/52] i386/cgs: Rename *mask_cpuid_features() to *adjust_cpuid_features() Date: Fri, 24 Jan 2025 08:20:36 -0500 Message-Id: <20250124132048.3229049-41-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Because for TDX case, there are also fixed-1 bits that enfored by TDX module. Signed-off-by: Xiaoyao Li --- target/i386/confidential-guest.h | 20 ++++++++++---------- target/i386/kvm/kvm.c | 2 +- target/i386/sev.c | 4 ++-- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/target/i386/confidential-guest.h b/target/i386/confidential-guest.h index a86c42a47558..777d43cc9688 100644 --- a/target/i386/confidential-guest.h +++ b/target/i386/confidential-guest.h @@ -40,8 +40,8 @@ struct X86ConfidentialGuestClass { /* */ int (*kvm_type)(X86ConfidentialGuest *cg); void (*cpu_instance_init)(X86ConfidentialGuest *cg, CPUState *cpu); - uint32_t (*mask_cpuid_features)(X86ConfidentialGuest *cg, uint32_t feature, uint32_t index, - int reg, uint32_t value); + uint32_t (*adjust_cpuid_features)(X86ConfidentialGuest *cg, uint32_t feature, + uint32_t index, int reg, uint32_t value); }; /** @@ -71,21 +71,21 @@ static inline void x86_confidential_guest_cpu_instance_init(X86ConfidentialGuest } /** - * x86_confidential_guest_mask_cpuid_features: + * x86_confidential_guest_adjust_cpuid_features: * - * Removes unsupported features from a confidential guest's CPUID values, returns - * the value with the bits removed. The bits removed should be those that KVM - * provides independent of host-supported CPUID features, but are not supported by - * the confidential computing firmware. + * Adjust the supported features from a confidential guest's CPUID values, + * returns the adjusted value. There are bits being removed that are not + * supported by the confidential computing firmware or bits being added that + * are forcibly exposed to guest by the confidential computing firmware. */ -static inline int x86_confidential_guest_mask_cpuid_features(X86ConfidentialGuest *cg, +static inline int x86_confidential_guest_adjust_cpuid_features(X86ConfidentialGuest *cg, uint32_t feature, uint32_t index, int reg, uint32_t value) { X86ConfidentialGuestClass *klass = X86_CONFIDENTIAL_GUEST_GET_CLASS(cg); - if (klass->mask_cpuid_features) { - return klass->mask_cpuid_features(cg, feature, index, reg, value); + if (klass->adjust_cpuid_features) { + return klass->adjust_cpuid_features(cg, feature, index, reg, value); } else { return value; } diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 4078ba40473e..fa46edaeac8d 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -573,7 +573,7 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function, } if (current_machine->cgs) { - ret = x86_confidential_guest_mask_cpuid_features( + ret = x86_confidential_guest_adjust_cpuid_features( X86_CONFIDENTIAL_GUEST(current_machine->cgs), function, index, reg, ret); } diff --git a/target/i386/sev.c b/target/i386/sev.c index 0e1dbb6959ec..a6c0a697250b 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -946,7 +946,7 @@ out: } static uint32_t -sev_snp_mask_cpuid_features(X86ConfidentialGuest *cg, uint32_t feature, uint32_t index, +sev_snp_adjust_cpuid_features(X86ConfidentialGuest *cg, uint32_t feature, uint32_t index, int reg, uint32_t value) { switch (feature) { @@ -2404,7 +2404,7 @@ sev_snp_guest_class_init(ObjectClass *oc, void *data) klass->launch_finish = sev_snp_launch_finish; klass->launch_update_data = sev_snp_launch_update_data; klass->kvm_init = sev_snp_kvm_init; - x86_klass->mask_cpuid_features = sev_snp_mask_cpuid_features; + x86_klass->adjust_cpuid_features = sev_snp_adjust_cpuid_features; x86_klass->kvm_type = sev_snp_kvm_type; object_class_property_add(oc, "policy", "uint64", From patchwork Fri Jan 24 13:20:37 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949466 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 81B7D135A63 for ; Fri, 24 Jan 2025 13:39:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725978; cv=none; b=uUkfeZhj2PbFVFBbpW9bQFJN6AyN4h07Q1sjME318/clNNfFHTWDFdukP66h2R/GC6yw5AtpleuyhMpq+Qvrv7G1wl3fnRHjiqHIP0X7ZhZXyFxeFfGlA9ebB9STHOSJbV1fbvuzKV+yDu13AArjhoQ6HfOUS71suX1cn0rKMzY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725978; c=relaxed/simple; bh=nEl4TCuOb3xMvomAtSQmQ5FpTfT7WK6HIdgq9DzAG/A=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=J5MvQMf6gGbVn+jMXqRzRdOBp5zqa9LDZ6LolXUHr59nRRtwj5k73TwpKewvmEO6X5hYL1NAmYEqZqrLv/5wmQVbO2d7xTYjQF8iJac3nGT9tJAGA8IwcuxYbBy/3TZ053m4SFA2Mr4iIHJHwk3avc53UBQ5NzaykE6+DTRBhvU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=cl/qVUoX; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="cl/qVUoX" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725977; x=1769261977; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=nEl4TCuOb3xMvomAtSQmQ5FpTfT7WK6HIdgq9DzAG/A=; b=cl/qVUoXPaWpCfc3dRhhZIbLNkLOZOSxl9doXiOa6xZ944JkWwb124L9 0ydiyGIavf5y6asjpO17v3i+2KUnPemPf8UXSZvocLi/WSaFktSGj3zr5 gLeejKP8AsQfQV8h35nE8NOvdIIGpzSEATkJ5Zr6THn9iK70HvUE9FdhS jHFnJuXTbqOQOrMewDUzW0Ixq4z3rb4pDuTQAsFaKfNLmrzLCfk86YuID HB1Wl0nbn1kY9HNah19xJKpMRrLSSOUa0jZWOZSuNn7kD0uH6+QOjtUji 2Lt3qzruajRrVepEkhXL7f2yVbckkOZoC3AsvG4F1AQaS/70YEKH2v0uq A==; X-CSE-ConnectionGUID: MSbNzfYCQXeYx0VxB14GSg== X-CSE-MsgGUID: R2gMCUrQSoWaxMeaZJ4+yQ== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246561" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246561" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:39:37 -0800 X-CSE-ConnectionGUID: ifW55XqjSmCxoKv9I1zumQ== X-CSE-MsgGUID: fZJtod0oTJ+gDSX001OnKQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804448" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:39:32 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 41/52] i386/tdx: Implement adjust_cpuid_features() for TDX Date: Fri, 24 Jan 2025 08:20:37 -0500 Message-Id: <20250124132048.3229049-42-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 1. QEMU's support for Intel PT is borken in general, thus doesn't support for TDX. 2. Only limited KVM PV features are supported for TD guest. 3. Drop the AMD specific bits that are reserved on Intel platform. Signed-off-by: Xiaoyao Li --- target/i386/kvm/tdx.c | 44 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index dcbbe350ec91..9bdb9d795952 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -30,6 +30,8 @@ #include "kvm_i386.h" #include "tdx.h" +#include "standard-headers/asm-x86/kvm_para.h" + #define TDX_MIN_TSC_FREQUENCY_KHZ (100 * 1000) #define TDX_MAX_TSC_FREQUENCY_KHZ (10 * 1000 * 1000) @@ -42,6 +44,14 @@ TDX_TD_ATTRIBUTES_PKS | \ TDX_TD_ATTRIBUTES_PERFMON) +#define TDX_SUPPORTED_KVM_FEATURES ((1U << KVM_FEATURE_NOP_IO_DELAY) | \ + (1U << KVM_FEATURE_PV_UNHALT) | \ + (1U << KVM_FEATURE_PV_TLB_FLUSH) | \ + (1U << KVM_FEATURE_PV_SEND_IPI) | \ + (1U << KVM_FEATURE_POLL_CONTROL) | \ + (1U << KVM_FEATURE_PV_SCHED_YIELD) | \ + (1U << KVM_FEATURE_MSI_EXT_DEST_ID)) + static TdxGuest *tdx_guest; static struct kvm_tdx_capabilities *tdx_caps; @@ -430,6 +440,39 @@ static void tdx_cpu_instance_init(X86ConfidentialGuest *cg, CPUState *cpu) x86cpu->enable_cpuid_0x1f = true; } +static uint32_t tdx_adjust_cpuid_features(X86ConfidentialGuest *cg, + uint32_t feature, uint32_t index, + int reg, uint32_t value) +{ + switch (feature) { + case 0x7: + if (index == 0 && reg == R_EBX) { + /* QEMU Intel PT support is broken */ + value &= ~CPUID_7_0_EBX_INTEL_PT; + } + break; + case 0x40000001: + if (reg == R_EAX) { + value &= TDX_SUPPORTED_KVM_FEATURES; + } + break; + case 0x80000001: + if (reg == R_EDX) { + value &= ~CPUID_EXT2_AMD_ALIASES; + } + break; + case 0x80000008: + if (reg == R_EBX) { + value &= CPUID_8000_0008_EBX_WBNOINVD; + } + break; + default: + break; + } + + return value; +} + static int tdx_validate_attributes(TdxGuest *tdx, Error **errp) { if ((tdx->attributes & ~tdx_caps->supported_attrs)) { @@ -789,4 +832,5 @@ static void tdx_guest_class_init(ObjectClass *oc, void *data) klass->kvm_init = tdx_kvm_init; x86_klass->kvm_type = tdx_kvm_type; x86_klass->cpu_instance_init = tdx_cpu_instance_init; + x86_klass->adjust_cpuid_features = tdx_adjust_cpuid_features; } From patchwork Fri Jan 24 13:20:38 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949467 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8859E78F57 for ; Fri, 24 Jan 2025 13:39:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725982; cv=none; b=VjJ0bqWXRQM3WhewuedR4CtIOUmUIHEfwuKcCFvYe2CURXkwyJ70viMPHXVLrYvCS/nE09ztXIAXY6NS5R4z6lGqG+k+1w2FIQxX776x1YdQkj8kOtWewp5SSK9oHsZqkGqq/MxWt0SllcI1vj18d2yNAnr1rNdnhmGesldhUBU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725982; c=relaxed/simple; bh=JHF1vMxHHuj0FYNR2BGp2AiJdQc3vac86ItjEKJ+pD0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=GqqPcUQ4WIite7Gh8ky4DEh3nSlS8hFYCN/dvtUcMOyXsVuw3OZToqGOEb1YgmnwNnUCg6kcsUwV7UFwH8TS1eExUe90Drk+LyoWulYGb01Ua9g1HQGKzUz8kSIz2x/8GVgMbZT9Rg/Id9If/ID+R8ubeSKlOb1o9YiDiHNwsRk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=inS8w/Eu; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="inS8w/Eu" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725981; x=1769261981; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=JHF1vMxHHuj0FYNR2BGp2AiJdQc3vac86ItjEKJ+pD0=; b=inS8w/EutAdNd1VoAUD9Nfk9Wkcrgjm1+yKWWQxaDCBVf8ms2YX8gb76 smLtmgMKGspeCpp1a3Gzt9f0BPNqxZ2F8ycQSaY9rLRy1BvJFASd7/PDi uss4FiJSVmkYnLiW/KVwFT9c5RnKV/iv201WWdeoiszpF31zogwbJHMX8 mVFkt0Fo8V+KGDUPPj6OTFxk3r70lKm+kQ9nEjaZpwI7lTFLa02z7ZA7H P7ZDeXLHGbTj84gU8rn5YnY4FIncYdTqbqUhZw8/KCLCtgZJxcBLpv+8G g8UtXtQdJ4Qf/1NDIiP5bGXKAmAbPxVgIgjHTt0w7UqYo7aIdY5up3JSC w==; X-CSE-ConnectionGUID: Mzv+/fBYRKmrVfH1AoXgeA== X-CSE-MsgGUID: t9DOyeP/Q1WkkGhvIBIerA== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246570" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246570" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:39:41 -0800 X-CSE-ConnectionGUID: iEx0mq4JTdunSL074XNwlQ== X-CSE-MsgGUID: sS3NY+sbRGuUvu/Siphqcg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804453" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:39:36 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 42/52] i386/tdx: Apply TDX fixed0 and fixed1 information to supported CPUIDs Date: Fri, 24 Jan 2025 08:20:38 -0500 Message-Id: <20250124132048.3229049-43-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 TDX architecture forcibly sets some CPUID bits for TD guest that VMM cannot disable it. It also disallows some CPUID bits though they might be supported for VMX VMs. The fixed0 and fixed1 bits may vary on different TDX module and on different host. It's a huge burden to maintain all combination. To simplify it, hardcode the fixed0 and fixed1 CPUID bits that irrelative with host in QEMU based on a new enough TDX module version. Ideally, future TDX module can expose such fixed0 and fixed1 information via some interface, then KVM can reported them to QEMU. Signed-off-by: Xiaoyao Li --- target/i386/cpu.h | 2 + target/i386/kvm/kvm.c | 2 +- target/i386/kvm/kvm_i386.h | 8 +++ target/i386/kvm/tdx.c | 102 +++++++++++++++++++++++++++++++++++++ target/i386/sev.c | 5 -- 5 files changed, 113 insertions(+), 6 deletions(-) diff --git a/target/i386/cpu.h b/target/i386/cpu.h index ca6295605985..8b63685e64e1 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -856,6 +856,8 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w); #define CPUID_7_0_EBX_SMAP (1U << 20) /* AVX-512 Integer Fused Multiply Add */ #define CPUID_7_0_EBX_AVX512IFMA (1U << 21) +/* PCOMMIT instruction */ +#define CPUID_7_0_EBX_PCOMMIT (1U << 22) /* Flush a Cache Line Optimized */ #define CPUID_7_0_EBX_CLFLUSHOPT (1U << 23) /* Cache Line Write Back */ diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index fa46edaeac8d..17d7bf6ae9aa 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -393,7 +393,7 @@ static bool host_tsx_broken(void) /* Returns the value for a specific register on the cpuid entry */ -static uint32_t cpuid_entry_get_reg(struct kvm_cpuid_entry2 *entry, int reg) +uint32_t cpuid_entry_get_reg(struct kvm_cpuid_entry2 *entry, int reg) { uint32_t ret = 0; switch (reg) { diff --git a/target/i386/kvm/kvm_i386.h b/target/i386/kvm/kvm_i386.h index dc696cb7238a..c1bafcfc9b63 100644 --- a/target/i386/kvm/kvm_i386.h +++ b/target/i386/kvm/kvm_i386.h @@ -13,8 +13,15 @@ #include "system/kvm.h" +#include + #define KVM_MAX_CPUID_ENTRIES 100 +typedef struct KvmCpuidInfo { + struct kvm_cpuid2 cpuid; + struct kvm_cpuid_entry2 entries[KVM_MAX_CPUID_ENTRIES]; +} KvmCpuidInfo; + /* always false if !CONFIG_KVM */ #define kvm_pit_in_kernel() \ (kvm_irqchip_in_kernel() && !kvm_irqchip_is_split()) @@ -62,6 +69,7 @@ void kvm_update_msi_routes_all(void *private, bool global, struct kvm_cpuid_entry2 *cpuid_find_entry(struct kvm_cpuid2 *cpuid, uint32_t function, uint32_t index); +uint32_t cpuid_entry_get_reg(struct kvm_cpuid_entry2 *entry, int reg); uint32_t kvm_x86_build_cpuid(CPUX86State *env, struct kvm_cpuid_entry2 *entries, uint32_t cpuid_i); #endif /* CONFIG_KVM */ diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 9bdb9d795952..2d493a0dc1c6 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -440,10 +440,100 @@ static void tdx_cpu_instance_init(X86ConfidentialGuest *cg, CPUState *cpu) x86cpu->enable_cpuid_0x1f = true; } +/* + * Fixed0 and Fixed1 bits info are grabbed from TDX 1.5.06 spec. + */ +KvmCpuidInfo tdx_fixed0_bits = { + .cpuid.nent = 3, + .entries[0] = { + .function = 0x1, + .index = 0x0, + .ecx = CPUID_EXT_VMX | CPUID_EXT_SMX, + .edx = CPUID_PSE36 | CPUID_IA64, + }, + .entries[1] = { + .function = 0x7, + .index = 0x0, + .flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX, + .ebx = CPUID_7_0_EBX_TSC_ADJUST | CPUID_7_0_EBX_SGX | + CPUID_7_0_EBX_PCOMMIT, + .ecx = CPUID_7_0_ECX_SGX_LC | (1U << 15) | (0x1fU << 17) | (1U << 26) | + (1U << 29), + .edx = (1U << 0) | (1U << 1) | (1U << 7) | (1U << 9) | (1U << 11) | + (1U << 12) | (1U << 13) | (1U << 15) | (1U << 17) | (1U << 21), + }, + .entries[2] = { + .function = 0x80000001, + .index = 0x0, + .ecx = 0xFFFFFEDE, + .edx = 0xD3EFF7FF, + }, +}; + +KvmCpuidInfo tdx_fixed1_bits = { + .cpuid.nent = 6, + .entries[0] = { + .function = 0x1, + .index = 0, + .ecx = CPUID_EXT_SSE3 | CPUID_EXT_PCLMULQDQ | CPUID_EXT_DTES64 | + CPUID_EXT_DSCPL | CPUID_EXT_SSE3 | CPUID_EXT_CX16 | + CPUID_EXT_PDCM | CPUID_EXT_PCID | CPUID_EXT_SSE41 | + CPUID_EXT_SSE42 | CPUID_EXT_X2APIC | CPUID_EXT_MOVBE | + CPUID_EXT_POPCNT | CPUID_EXT_AES | CPUID_EXT_XSAVE | + CPUID_EXT_RDRAND | CPUID_EXT_HYPERVISOR, + .edx = CPUID_FP87 | CPUID_VME | CPUID_DE | CPUID_PSE | CPUID_TSC | + CPUID_MSR | CPUID_PAE | CPUID_MCE | CPUID_CX8 | CPUID_APIC | + CPUID_SEP | CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV | + CPUID_PAT | CPUID_CLFLUSH | CPUID_DTS | CPUID_MMX | CPUID_FXSR | + CPUID_SSE | CPUID_SSE2, + }, + .entries[1] = { + .function = 0x6, + .index = 0, + .eax = CPUID_6_EAX_ARAT, + }, + .entries[2] = { + .function = 0x7, + .index = 0, + .flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX, + .ebx = CPUID_7_0_EBX_FSGSBASE | CPUID_7_0_EBX_FDP_EXCPTN_ONLY | + CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_INVPCID | + CPUID_7_0_EBX_ZERO_FCS_FDS | CPUID_7_0_EBX_RDSEED | + CPUID_7_0_EBX_SMAP | CPUID_7_0_EBX_CLFLUSHOPT | + CPUID_7_0_EBX_CLWB | CPUID_7_0_EBX_SHA_NI, + .ecx = CPUID_7_0_ECX_BUS_LOCK_DETECT | CPUID_7_0_ECX_MOVDIRI | + CPUID_7_0_ECX_MOVDIR64B, + .edx = (1U << 10) | CPUID_7_0_EDX_SPEC_CTRL | CPUID_7_0_EDX_STIBP | + CPUID_7_0_EDX_FLUSH_L1D | CPUID_7_0_EDX_ARCH_CAPABILITIES | + CPUID_7_0_EDX_CORE_CAPABILITY | CPUID_7_0_EDX_SPEC_CTRL_SSBD, + }, + .entries[3] = { + .function = 0x7, + .index = 2, + .flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX, + .edx = (1U << 0) | (1U << 1) | (1U << 2) | (1U << 4), + }, + .entries[4] = { + .function = 0x80000001, + .index = 0, + .ecx = CPUID_EXT3_LAHF_LM | CPUID_EXT3_ABM | CPUID_EXT3_3DNOWPREFETCH, + .edx = CPUID_EXT2_NX | CPUID_EXT2_PDPE1GB | CPUID_EXT2_RDTSCP | + CPUID_EXT2_LM, + }, + .entries[5] = { + .function = 0x80000007, + .index = 0, + .edx = CPUID_APM_INVTSC, + }, +}; + static uint32_t tdx_adjust_cpuid_features(X86ConfidentialGuest *cg, uint32_t feature, uint32_t index, int reg, uint32_t value) { + struct kvm_cpuid_entry2 *e; + uint32_t fixed0, fixed1; + switch (feature) { case 0x7: if (index == 0 && reg == R_EBX) { @@ -470,6 +560,18 @@ static uint32_t tdx_adjust_cpuid_features(X86ConfidentialGuest *cg, break; } + e = cpuid_find_entry(&tdx_fixed0_bits.cpuid, feature, index); + if (e) { + fixed0 = cpuid_entry_get_reg(e, reg); + value &= ~fixed0; + } + + e = cpuid_find_entry(&tdx_fixed1_bits.cpuid, feature, index); + if (e) { + fixed1 = cpuid_entry_get_reg(e, reg); + value |= fixed1; + } + return value; } diff --git a/target/i386/sev.c b/target/i386/sev.c index a6c0a697250b..217b19ad7bc6 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -214,11 +214,6 @@ static const char *const sev_fw_errlist[] = { /* doesn't expose this, so re-use the max from kvm.c */ #define KVM_MAX_CPUID_ENTRIES 100 -typedef struct KvmCpuidInfo { - struct kvm_cpuid2 cpuid; - struct kvm_cpuid_entry2 entries[KVM_MAX_CPUID_ENTRIES]; -} KvmCpuidInfo; - #define SNP_CPUID_FUNCTION_MAXCOUNT 64 #define SNP_CPUID_FUNCTION_UNKNOWN 0xFFFFFFFF From patchwork Fri Jan 24 13:20:39 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949468 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0176C78F57 for ; Fri, 24 Jan 2025 13:39:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725985; cv=none; b=XnakNtduE3zbsPeVt0u76lzQoZiXwW7wmS5Kq74voL41CQb7trMNZv4ZZgj0U4h/iCZk8FDaFwi/KXqEWZKVPOCpK2Uy5pxe9EzRg5/IBUpriv8siYFBzGJgtuPQBIwgMB4QXZggB1TJmIZIOt01ynp2BkMdzuDwkyqZs2BMB8E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725985; c=relaxed/simple; bh=DiFlJ2bW4l04b5XDYk9TOAHCOXgmdgi5M+5gwbsLQjI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=bj6aIN7xHlTRi/gTopDozKwagQ1Mv5HufWqz2OysFuNkNrqs74Rpq7GA1RPI3qSt1UwlnSdH4QJfk2whj+41RdD96CUx0NnzP2W3jY/5DpDnSrZPefaTgzxjcAKOdA7JMZ5rq6HHxMexmcvRcgyzhkFffcKpEDnlgKQ1f5RTots= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=L+5UpxQD; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="L+5UpxQD" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725984; x=1769261984; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=DiFlJ2bW4l04b5XDYk9TOAHCOXgmdgi5M+5gwbsLQjI=; b=L+5UpxQDPxKRjOXMk/o0ZZvNO32fnHfwdPavYHbMLms7XwTyR8y9o4+Y BfcV8xMRUxj7zPTebJcQwPK1Echh3OIErNblUf9pPe1F62e39DBomse7Q qMgPQCuqVFYdpLqQ5HHXOj+kg/vYe/7Eomzd5MDHiFr+SnL9oPhBL9Vjf lHBJON6NGHyyOloG6CM3d3VxjXY2gpYEUcvif7ky3PCtKl0CgcI4jsaIV S1zriwy1gbJ/AwiA1IVeDtr+qGBkzjGcaMLFNakAYfnqn3oplHn2S+2jO MHc6XZE6LqW+EPk89+4ML4eY1TBM+JpXwUefnreiVnV88bJHwL+O7Gihm w==; X-CSE-ConnectionGUID: 3qntKiWuSZursKLiKBUNiQ== X-CSE-MsgGUID: UYSUeHVnSvaKmcM8QHfM6g== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246579" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246579" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:39:44 -0800 X-CSE-ConnectionGUID: lmzWCOrORrm/jSDeiiD8Bw== X-CSE-MsgGUID: P0tFgi7SR3a/PtpBq3Nojw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804457" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:39:40 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 43/52] i386/tdx: Mask off CPUID bits by unsupported TD Attributes Date: Fri, 24 Jan 2025 08:20:39 -0500 Message-Id: <20250124132048.3229049-44-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 For TDX, some CPUID feature bit is configured via TD attributes. Adjust the supported CPUID to mask off the bit if its matched attribute is unsupported. Signed-off-by: Xiaoyao Li --- target/i386/cpu.h | 4 ++++ target/i386/kvm/tdx.c | 54 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+) diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 8b63685e64e1..4890424c3a9e 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -905,6 +905,8 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w); #define CPUID_7_0_ECX_LA57 (1U << 16) /* Read Processor ID */ #define CPUID_7_0_ECX_RDPID (1U << 22) +/* KeyLocker */ +#define CPUID_7_0_ECX_KeyLocker (1U << 23) /* Bus Lock Debug Exception */ #define CPUID_7_0_ECX_BUS_LOCK_DETECT (1U << 24) /* Cache Line Demote Instruction */ @@ -957,6 +959,8 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w); #define CPUID_7_1_EAX_AVX_VNNI (1U << 4) /* AVX512 BFloat16 Instruction */ #define CPUID_7_1_EAX_AVX512_BF16 (1U << 5) +/* Linear address space separation */ +#define CPUID_7_1_EAX_LASS (1U << 6) /* CMPCCXADD Instructions */ #define CPUID_7_1_EAX_CMPCCXADD (1U << 7) /* Fast Zero REP MOVS */ diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 2d493a0dc1c6..3997a439f054 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -527,6 +527,58 @@ KvmCpuidInfo tdx_fixed1_bits = { }, }; +typedef struct TdxAttrsMap { + uint32_t attr_index; + uint32_t cpuid_leaf; + uint32_t cpuid_subleaf; + int cpuid_reg; + uint32_t feat_mask; +} TdxAttrsMap; + +static TdxAttrsMap tdx_attrs_maps[] = { + {.attr_index = 27, + .cpuid_leaf = 7, + .cpuid_subleaf = 1, + .cpuid_reg = R_EAX, + .feat_mask = CPUID_7_1_EAX_LASS}, + {.attr_index = 30, + .cpuid_leaf = 7, + .cpuid_subleaf = 0, + .cpuid_reg = R_ECX, + .feat_mask = CPUID_7_0_ECX_PKS,}, + {.attr_index = 31, + .cpuid_leaf = 7, + .cpuid_subleaf = 0, + .cpuid_reg = R_ECX, + .feat_mask = CPUID_7_0_ECX_KeyLocker, + }, +}; + +static void tdx_mask_cpuid_by_attrs(uint32_t feature, uint32_t index, + int reg, uint32_t *value) +{ + TdxAttrsMap *map; + uint64_t unavail = 0; + int i; + + for (i = 0; i < ARRAY_SIZE(tdx_attrs_maps); i++) { + map = &tdx_attrs_maps[i]; + + if (feature != map->cpuid_leaf || index != map->cpuid_subleaf || + reg != map->cpuid_reg) { + continue; + } + + if (!((1ULL << map->attr_index) & tdx_caps->supported_attrs)) { + unavail |= map->feat_mask; + } + } + + if (unavail) { + *value &= ~unavail; + } +} + static uint32_t tdx_adjust_cpuid_features(X86ConfidentialGuest *cg, uint32_t feature, uint32_t index, int reg, uint32_t value) @@ -560,6 +612,8 @@ static uint32_t tdx_adjust_cpuid_features(X86ConfidentialGuest *cg, break; } + tdx_mask_cpuid_by_attrs(feature, index, reg, &value); + e = cpuid_find_entry(&tdx_fixed0_bits.cpuid, feature, index); if (e) { fixed0 = cpuid_entry_get_reg(e, reg); From patchwork Fri Jan 24 13:20:40 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949469 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7D2D113A257 for ; Fri, 24 Jan 2025 13:39:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725988; cv=none; b=cYp7ilRAy7+njjb6MkMCSHyApA/CgMM7FieXA/YA6lPngonwVpvdLAqUIugXW1Ay1P7wmvb7Ya1Sk6atyOocx+K9MhulFmfGxUlESfxP5zMMysp+5bRcMm0rS5OI3vU829lUfh14UZglkH+f7uyRhWGfqadOGY041/FaXDD0mtg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725988; c=relaxed/simple; bh=R7oHs5ceEXGmP8urc22iTrcnB1GDDwG0Hw6Vg6gX3CI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=cHRJ6Vl/CQuu7L+ztJwCtuceB0VboiFm4Qej6YALpKfuR7axwlYPYzKq6F0sMozEzQblU+xVOcGfB7IY7iHB+ZoezZB+Hh/0vtj78uzRF2EjuS4Ls7fhlXFm/9FqT30x127Lvo6VFcn8Af9rULQKjCu/whLlkRmeTXDyXw6EkPk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=PI8VlI/z; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="PI8VlI/z" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725988; x=1769261988; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=R7oHs5ceEXGmP8urc22iTrcnB1GDDwG0Hw6Vg6gX3CI=; b=PI8VlI/zQm2fe9V3DXJ9GvsZXav5QjiUIrdJluiGtnto/APuSeltKJ71 aTjBZEqiJcZC9h8JDSMmabAAhRgw9P1HLCLg+LqGtO21KoP805qv5Nx0c GTYC75k8eu1y4GbOVgmDMUxlljJAwO26gniQvAUKNB8GdAzzZqEbLGkkj pVjyAH8d0fvWUoaUvo+ED/NdDZT+Vkkte4U8ydt6NibeT2WVbQrTjo3wT kYvOCZpuqaRaTk8jhsMgTs6UGcjRwuLgdqtyvugoqzXORPgWltv4fuAek k2RnsXbSaDv4TH69DU1fmur9cBANvbdnSnkPe+aOCluQWg+dZjMQ4wmdt A==; X-CSE-ConnectionGUID: bl8tQJ19T5u/v9Lh6VQgfw== X-CSE-MsgGUID: M26fY560RSaVJ3/S7jk2Ow== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246588" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246588" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:39:48 -0800 X-CSE-ConnectionGUID: s00mDXelRF6zUi7uycCu8A== X-CSE-MsgGUID: C0Ay4mYCR+eHJGN2vje7rQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804462" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:39:44 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 44/52] i386/cpu: Move CPUID_XSTATE_XSS_MASK to header file and introduce CPUID_XSTATE_MASK Date: Fri, 24 Jan 2025 08:20:40 -0500 Message-Id: <20250124132048.3229049-45-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 They will be used by TDX. Signed-off-by: Xiaoyao Li --- target/i386/cpu.c | 3 --- target/i386/cpu.h | 5 +++++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 4088bf63c48f..f1330627adbb 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -1829,9 +1829,6 @@ static const X86RegisterInfo32 x86_reg_info_32[CPU_NB_REGS32] = { }; #undef REGISTER -/* CPUID feature bits available in XSS */ -#define CPUID_XSTATE_XSS_MASK (XSTATE_ARCH_LBR_MASK) - ExtSaveArea x86_ext_save_areas[XSAVE_STATE_AREA_COUNT] = { [XSTATE_FP_BIT] = { /* x87 FP state component is always enabled if XSAVE is supported */ diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 4890424c3a9e..a4c0531262ce 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -623,6 +623,11 @@ typedef enum X86Seg { XSTATE_Hi16_ZMM_MASK | XSTATE_PKRU_MASK | \ XSTATE_XTILE_CFG_MASK | XSTATE_XTILE_DATA_MASK) +/* CPUID feature bits available in XSS */ +#define CPUID_XSTATE_XSS_MASK (XSTATE_ARCH_LBR_MASK) + +#define CPUID_XSTATE_MASK (CPUID_XSTATE_XCR0_MASK | CPUID_XSTATE_XSS_MASK) + /* CPUID feature words */ typedef enum FeatureWord { FEAT_1_EDX, /* CPUID[1].EDX */ From patchwork Fri Jan 24 13:20:41 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949470 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3DC58482EB for ; Fri, 24 Jan 2025 13:39:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725992; cv=none; b=q549OnRGgqqnSehwjyJ/XvOCUW7Joih9SvnWizH0evVtUG2nHPvdmRfLYIj29l7/VW2LdLdrvtIWhfqrZsaBbf6Voe4eBAngGEAdvUAtBRD9+gDyH2h9KrNobyRzB4+o3jXEEJDTpZTSb+yEZCnErqD1dm6z+DseU4kUV/MeFwQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725992; c=relaxed/simple; bh=MtLjr/vDOT3CoWD5owRZWIVQtD1iwql3z/OowZZmgx4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=CGYkJANVeORNySWvwEOsyGBG179kVdr720uImWgfJ2birgfV3yvL/UO+3th1X4bcW0CeLsFt3ysBoZSYG0L6jdByvPI/IfIlw9bYKp9VXvDy+GdknajAvwOqmWCtYzc2Inur4B70SeAJxMrwA4N4zktiliMNb4pNaqewp+fLyC0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=lBrI+CQP; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="lBrI+CQP" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725992; x=1769261992; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=MtLjr/vDOT3CoWD5owRZWIVQtD1iwql3z/OowZZmgx4=; b=lBrI+CQP7M1FieLqBarU4KpFaFeKEknhmephQYpy7P/DqdwZrWPukGtl /SjyZ192bae6rO7GB0F8NNc0f93WuJyyecp4ACqPqH9/5NT4BtZDyv9QG gF6RvulWXmUTpuRMxPN3dOnxPwZanImAbtw8LiQie5y8o32w7Q+ArOCP7 J5T9T/TIH3b4VZMbhCjms7peMjVEBznwZYR6A+OsRNGTJYkqWjbQYG5P1 TGezcHB8TbwgP95oB6mUqDKGNI/esep3vOyXstc3N9qmwviNAfcJVHltB fgmqEeNfyS76AMUogoD2bk+Y4gHg92ul96mMzXCyjAqeI/E0NtldGxJlT g==; X-CSE-ConnectionGUID: gS9iIzM8TJS7dqJBiIHvYA== X-CSE-MsgGUID: mvF5p8qLSHW8XPpYjiASkA== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246599" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246599" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:39:51 -0800 X-CSE-ConnectionGUID: 2caIy9gBT8q37pJ029fZIg== X-CSE-MsgGUID: bGDRdGsuR5WmR5zvmRHLNA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804467" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:39:47 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 45/52] i386/tdx: Mask off CPUID bits by unsupported XFAM Date: Fri, 24 Jan 2025 08:20:41 -0500 Message-Id: <20250124132048.3229049-46-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Mask off the CPUID bits as unsupported if its matched XFAM bit is not supported. Otherwise, it might fail the check in setup_td_xfam() as unsupported XFAM being requested. Signed-off-by: Xiaoyao Li --- target/i386/kvm/tdx.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 3997a439f054..b46e581bb40e 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -22,6 +22,8 @@ #include +#include "cpu.h" +#include "cpu-internal.h" #include "hw/i386/e820_memory_layout.h" #include "hw/i386/x86.h" #include "hw/i386/tdvf.h" @@ -579,6 +581,42 @@ static void tdx_mask_cpuid_by_attrs(uint32_t feature, uint32_t index, } } +static void tdx_mask_cpuid_by_xfam(uint32_t feature, uint32_t index, + int reg, uint32_t *value) +{ + const FeatureWordInfo *f; + const ExtSaveArea *esa; + uint64_t unavail = 0; + int i; + + assert(tdx_caps); + + for (i = 0; i < ARRAY_SIZE(x86_ext_save_areas); i++) { + if ((1ULL << i) & tdx_caps->supported_xfam) { + continue; + } + + if (!((1ULL << i) & CPUID_XSTATE_MASK)) { + continue; + } + + esa = &x86_ext_save_areas[i]; + f = &feature_word_info[esa->feature]; + assert(f->type == CPUID_FEATURE_WORD); + if (f->cpuid.eax != feature || + (f->cpuid.needs_ecx && f->cpuid.ecx != index) || + f->cpuid.reg != reg) { + continue; + } + + unavail |= esa->bits; + } + + if (unavail) { + *value &= ~unavail; + } +} + static uint32_t tdx_adjust_cpuid_features(X86ConfidentialGuest *cg, uint32_t feature, uint32_t index, int reg, uint32_t value) @@ -613,6 +651,7 @@ static uint32_t tdx_adjust_cpuid_features(X86ConfidentialGuest *cg, } tdx_mask_cpuid_by_attrs(feature, index, reg, &value); + tdx_mask_cpuid_by_xfam(feature, index, reg, &value); e = cpuid_find_entry(&tdx_fixed0_bits.cpuid, feature, index); if (e) { From patchwork Fri Jan 24 13:20:42 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949471 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 20576433DE for ; Fri, 24 Jan 2025 13:39:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725996; cv=none; b=loJBstxq7bO1ReylmqyL+eOMg7b588lUVfui0rJBmgE3RWUi3vaHfLEiRXKInd2TTl/nSBwMipObioX1GaiTCj+J22K1YnyFVQz6RlN3HmIvodVgxdKDTvWh0zkeW6mKTSqWm+rTuf/8+dSGuB1pIXLaPkiAzMiJ3XcpCycfnrg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737725996; c=relaxed/simple; bh=HJDg2gNrnTLyeXcVYWNvxi1qJesg421w8qhKg61bf0I=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=k5O0FCPXRf+Hd6y/QcsoFw08gFe7g6/Gked261pXiM78xGErkGMcbL0lsICh0htbfuhk+Vs8StbEjnewmnfZLAV/RwNLVNfi+O+Yg/+wHGViNiReEJFlhMh/clOIrw/ZuwDjndK2gIS23qh7aWM1a5E/3YJSj81jY9RCOL+jvTU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=YoY8EMmB; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="YoY8EMmB" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725996; x=1769261996; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=HJDg2gNrnTLyeXcVYWNvxi1qJesg421w8qhKg61bf0I=; b=YoY8EMmBaQqvX2Ngcez966vFu8+zRcmRU572jhgA+VUbwbS74XulUVPl xfqPmvOHCNWQxzNfNTKN7T+9s+LHfHfiEovjCQt65GGpppeamjrl7aCRf wbO/U1ixuSGFE+H1I2Qe2JMtYC+vLOWnRkOfjoWcKmhoS+2bnCf0mZ+9a DVLVeHefJbklfW9CT80sz4Qj2++4drnXos0MpWT2hTmaOMUbJWOZ4+DYr CGN88THiMSYn2O6sqIgKMiR+SaXdInsn2qKHJNLegWyobv7xqC/T/S4HI YbYfTHXsDcqjzOCd3RL0rrW5xyFyt4APF5OKdSMrpMUNl5JVyIPFxES91 g==; X-CSE-ConnectionGUID: h0L6CAa0TEi6SIf7fqE09Q== X-CSE-MsgGUID: ybP6GIygRzSBdjIAoLL5uQ== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246607" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246607" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:39:55 -0800 X-CSE-ConnectionGUID: LG/CYRvYQkyYkHJ10JL3Qg== X-CSE-MsgGUID: jYYsE2hrSvyw1W0v3/j+pw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804472" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:39:51 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 46/52] i386/tdx: Mark the configurable bit not reported by KVM as unsupported Date: Fri, 24 Jan 2025 08:20:42 -0500 Message-Id: <20250124132048.3229049-47-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 There is no interface in KVM to report the support bits of TD guest. QEMU has to maintain the knowledge itself. E.g., fixed0 and fixed1 are already hardcoded in tdx_fixed0_bits and tdx_fixed1_bits. For configurable bits, KVM might filer some due to KVM lacks the support currently. The filtered bits need to be marked as unsupported as well. However, there is no interface to report which configurable bit is turned unconfigurable. Maintain the configurable bits of TDX module in QEMU and compare with KVM reported configurable to find the ones being turned unconfigurable by KVM and mark them as unsupported. Signed-off-by: Xiaoyao Li --- target/i386/kvm/tdx.c | 61 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index b46e581bb40e..2b9a47020934 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -529,6 +529,50 @@ KvmCpuidInfo tdx_fixed1_bits = { }, }; +/* TDX module 1.5.08.04.0784 on EMR */ +KvmCpuidInfo tdx_configurable_bits = { + .cpuid.nent = 6, + .entries[0] = { + .function = 0x1, + .index = 0, + .eax = 0x0fff3fff, + .ebx = 0x00ff0000, + .ecx = 0x31044988, + .edx = 0xb8400000, + }, + .entries[1] = { + .function = 0x7, + .index = 0, + .flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX, + .ebx = 0xd02b9b18, + .ecx = 0x02417f64, + .edx = 0x00054010, + }, + .entries[2] = { + .function = 0x7, + .index = 0x1, + .flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX, + .eax = 0x00001c30, + }, + .entries[3] = { + .function = 0x7, + .index = 0x2, + .flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX, + .edx = 0x00000008, + }, + .entries[4] = { + .function = 0x1c, + .index = 0x0, + .eax = 0x0000000b, + }, + .entries[5] = { + .function = 0x80000008, + .index = 0, + .eax = 0x000000ff, + .ebx = 0x00000200, + }, +}; + typedef struct TdxAttrsMap { uint32_t attr_index; uint32_t cpuid_leaf; @@ -621,7 +665,7 @@ static uint32_t tdx_adjust_cpuid_features(X86ConfidentialGuest *cg, uint32_t feature, uint32_t index, int reg, uint32_t value) { - struct kvm_cpuid_entry2 *e; + struct kvm_cpuid_entry2 *e, *e1; uint32_t fixed0, fixed1; switch (feature) { @@ -653,6 +697,21 @@ static uint32_t tdx_adjust_cpuid_features(X86ConfidentialGuest *cg, tdx_mask_cpuid_by_attrs(feature, index, reg, &value); tdx_mask_cpuid_by_xfam(feature, index, reg, &value); + e = cpuid_find_entry(&tdx_caps->cpuid, feature, index); + if (e) { + e1 = cpuid_find_entry(&tdx_configurable_bits.cpuid, feature, index); + if (e1) { + uint32_t kvm_configurable = cpuid_entry_get_reg(e, reg); + uint32_t tdx_module_configurable = cpuid_entry_get_reg(e1, reg); + for (int i = 0; i < 32; i++) { + uint32_t f = 1U << i; + if (f & tdx_module_configurable && !(f & kvm_configurable)) { + value &= ~f; + } + } + } + } + e = cpuid_find_entry(&tdx_fixed0_bits.cpuid, feature, index); if (e) { fixed0 = cpuid_entry_get_reg(e, reg); From patchwork Fri Jan 24 13:20:43 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949472 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A48208632E for ; Fri, 24 Jan 2025 13:39:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737726000; cv=none; b=IvruEoz/DWnG4kiLuGhA4z1XKQow6V+4VWETJFfcBVJMaPIn3FvAfxkfG+i4RiPmFhUdLPFkXGiNAvIO5Rp7dj+xhA4wmFm8Q/jgDY3oRZN9lwD4P9e4axDRh6TPn7gEFw+FUpKLV0mmi10uhkC9jX+1u68Z89m8oy7Ri+Z0LzI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737726000; c=relaxed/simple; bh=JKMlucssmDcGsanH6kb+uP0DlL1BGA8NocL5uyi4aSQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=HvpkoVWo1Ky7FxbEO0mil4jKsKMY9trq46KwT2mo57Hc7YXf5LMNwlbkXj+xFRBsyzePLY+gC2mI8Knd34XxAYDseXUq/J8QwrpopbvE5YchqlgiBV+XmAh8nV57aG8BHUqar24VndKK0QBWAW+3dyZzx71bzUb3UaUvlJueM9o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=EfsNqMfz; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="EfsNqMfz" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737725999; x=1769261999; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=JKMlucssmDcGsanH6kb+uP0DlL1BGA8NocL5uyi4aSQ=; b=EfsNqMfzj795nTOu7lZHrndo0Pz9mn9SMflB1tvvG0JGZeeHn7kxfqE6 KA6rWsbLshn4VZr3beXHKpFVjVS9PNHdCtblZJs1XipMfqZbOAmOASpNR DimkPX+qDfLNx6HdOWjMN9ejYtXRmL2BYvqFwkbCaps+eG7RyY/b8q8OQ B9IPygVUS7r9LubKOXkK9SDgS+UUkBlzhyn5rwaPh3VLaMoW94sR/jpUv igdbiUBaEP4Jdvyq/btXBhGQT1FAU9HTAEpaDEtzUBp3Nlu9MKPuW0tcO B63IcNkR5Lrps0Sl5/clLDUZuZFk3nQHxUv+mX/zeYcWoiqePICK3lVGP Q==; X-CSE-ConnectionGUID: Oz4XBxHVQfGIwPNytH5BWg== X-CSE-MsgGUID: +DO3QG+JRcyZpeDLe2S2fg== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246617" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246617" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:39:59 -0800 X-CSE-ConnectionGUID: MhmOIQIkSiiYhKyyfDZaXg== X-CSE-MsgGUID: F+sYU9DxSfK/Y6tdvLojTQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804477" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:39:55 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 47/52] i386/cgs: Introduce x86_confidential_guest_check_features() Date: Fri, 24 Jan 2025 08:20:43 -0500 Message-Id: <20250124132048.3229049-48-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To do cgs specific feature checking. Note the feature checking in x86_cpu_filter_features() is valid for non-cgs VMs. For cgs VMs like TDX, what features can be supported has more restrictions. Signed-off-by: Xiaoyao Li --- target/i386/confidential-guest.h | 13 +++++++++++++ target/i386/kvm/kvm.c | 8 ++++++++ 2 files changed, 21 insertions(+) diff --git a/target/i386/confidential-guest.h b/target/i386/confidential-guest.h index 777d43cc9688..48b88dbd3130 100644 --- a/target/i386/confidential-guest.h +++ b/target/i386/confidential-guest.h @@ -42,6 +42,7 @@ struct X86ConfidentialGuestClass { void (*cpu_instance_init)(X86ConfidentialGuest *cg, CPUState *cpu); uint32_t (*adjust_cpuid_features)(X86ConfidentialGuest *cg, uint32_t feature, uint32_t index, int reg, uint32_t value); + int (*check_features)(X86ConfidentialGuest *cg, CPUState *cs); }; /** @@ -91,4 +92,16 @@ static inline int x86_confidential_guest_adjust_cpuid_features(X86ConfidentialGu } } +static inline int x86_confidential_guest_check_features(X86ConfidentialGuest *cg, + CPUState *cs) +{ + X86ConfidentialGuestClass *klass = X86_CONFIDENTIAL_GUEST_GET_CLASS(cg); + + if (klass->check_features) { + return klass->check_features(cg, cs); + } + + return 0; +} + #endif diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 17d7bf6ae9aa..27b4a069d194 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -2092,6 +2092,14 @@ int kvm_arch_init_vcpu(CPUState *cs) int r; Error *local_err = NULL; + if (current_machine->cgs) { + r = x86_confidential_guest_check_features( + X86_CONFIDENTIAL_GUEST(current_machine->cgs), cs); + if (r < 0) { + return r; + } + } + memset(&cpuid_data, 0, sizeof(cpuid_data)); cpuid_i = 0; From patchwork Fri Jan 24 13:20:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949473 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 68A818632E for ; Fri, 24 Jan 2025 13:40:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737726004; cv=none; b=Nk+AB1EZpismMCWjVoGtkD+w+aSicOKMSoO7Sd/Q6D328VJRDiztt/Rxgmj5W9sVe/INMXtupr2DvX7bU5P7zwCJ30ElytogIJRRmSc078oDI5dxMud3ZoQTca8gEWQ80EzdoYAkpllUdJnZKivwyT6cWfG5H5l4BxRSyS8SZrw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737726004; c=relaxed/simple; bh=ykqRkzVz5Gs4VZcDafVKl8Drdv1rr+sySKVeG90BVoU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=aZnp4EEWc5NcokOS4pkTt7AAgdZrrPzBSgRzQaJIfdbDZTUbKHb/zWa+MCHhiB7pnMz0XXxb+mpXtX34M/uaq9Mn5xFKlvOs2j7rL8kS2Km6wNkfOPXRRxbnSnnBe4Jc9X16iTPxxXaDZkhT9nUBQ9BTjpEyMJ0u3tgn+VhC6tc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=cY31okFk; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="cY31okFk" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737726003; x=1769262003; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ykqRkzVz5Gs4VZcDafVKl8Drdv1rr+sySKVeG90BVoU=; b=cY31okFkAjneQmdwLoGy/2hcwS+sB+d3LwIIxWbmbiBCV7RebAcQIhHz 2Zf6RCJ0DnPvoM7vot7eMjIrahDBfoVa7vIJQO6nQxVZyuE9i5RfLF4Ep Uj9R0Slf6wjI7O00WiO1h3cB0CWaaXN4XX6sT46VYg0LBvfXLw6hO0XAm B+qRItxEL9dWtHEoseuzSkvpaSsYx8j8vatha2lJlDN2ADgVXInPtIneP ccB4IU2nihau539PJ4DrSo2Sidji6K+MC7e0IMd26Ofofg4Ypa32stBI3 /9OqKnWVTDZWBU1bVKtdD8MG1DInvr7evZnssl869gDa6FuKTsyEqqwsA g==; X-CSE-ConnectionGUID: VzWC5yQPSFaYJ+dinlHTGg== X-CSE-MsgGUID: 3+GMEKn9Ro2iBzWv8DPZIQ== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246630" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246630" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:40:03 -0800 X-CSE-ConnectionGUID: yudcMz10T72Z3K2ggG4LLw== X-CSE-MsgGUID: S1cZQ7VxQ5GMlBbwhoEu9g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804481" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:39:58 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 48/52] i386/tdx: Fetch and validate CPUID of TD guest Date: Fri, 24 Jan 2025 08:20:44 -0500 Message-Id: <20250124132048.3229049-49-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Use KVM_TDX_GET_CPUID to get the CPUIDs that are managed and enfored by TDX module for TD guest. Check QEMU's configuration against the fetched data. Print wanring message when 1. a feature is not supported but requested by QEMU or 2. QEMU doesn't want to expose a feature while it is enforced enabled. - If cpu->enforced_cpuid is not set, prints the warning message of both 1) and 2) and tweak QEMU's configuration. - If cpu->enforced_cpuid is set, quit if any case of 1) or 2). Signed-off-by: Xiaoyao Li --- target/i386/cpu.c | 33 ++++++++++++++- target/i386/cpu.h | 7 +++ target/i386/kvm/tdx.c | 99 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 137 insertions(+), 2 deletions(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index f1330627adbb..a948fd0bd674 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -5482,8 +5482,8 @@ static bool x86_cpu_have_filtered_features(X86CPU *cpu) return false; } -static void mark_unavailable_features(X86CPU *cpu, FeatureWord w, uint64_t mask, - const char *verbose_prefix) +void mark_unavailable_features(X86CPU *cpu, FeatureWord w, uint64_t mask, + const char *verbose_prefix) { CPUX86State *env = &cpu->env; FeatureWordInfo *f = &feature_word_info[w]; @@ -5510,6 +5510,35 @@ static void mark_unavailable_features(X86CPU *cpu, FeatureWord w, uint64_t mask, } } +void mark_forced_on_features(X86CPU *cpu, FeatureWord w, uint64_t mask, + const char *verbose_prefix) +{ + CPUX86State *env = &cpu->env; + FeatureWordInfo *f = &feature_word_info[w]; + int i; + + if (!cpu->force_features) { + env->features[w] |= mask; + } + + cpu->forced_on_features[w] |= mask; + + if (!verbose_prefix) { + return; + } + + for (i = 0; i < 64; ++i) { + if ((1ULL << i) & mask) { + g_autofree char *feat_word_str = feature_word_description(f); + warn_report("%s: %s%s%s [bit %d]", + verbose_prefix, + feat_word_str, + f->feat_names[i] ? "." : "", + f->feat_names[i] ? f->feat_names[i] : "", i); + } + } +} + static void x86_cpuid_version_get_family(Object *obj, Visitor *v, const char *name, void *opaque, Error **errp) diff --git a/target/i386/cpu.h b/target/i386/cpu.h index a4c0531262ce..eb79daa0bf9f 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -2155,6 +2155,9 @@ struct ArchCPU { /* Features that were filtered out because of missing host capabilities */ FeatureWordArray filtered_features; + /* Features that are forced enabled by underlying hypervisor, e.g., TDX */ + FeatureWordArray forced_on_features; + /* Enable PMU CPUID bits. This can't be enabled by default yet because * it doesn't have ABI stability guarantees, as it passes all PMU CPUID * bits returned by GET_SUPPORTED_CPUID (that depend on host CPU and kernel @@ -2466,6 +2469,10 @@ void cpu_set_apic_feature(CPUX86State *env); void host_cpuid(uint32_t function, uint32_t count, uint32_t *eax, uint32_t *ebx, uint32_t *ecx, uint32_t *edx); bool cpu_has_x2apic_feature(CPUX86State *env); +void mark_unavailable_features(X86CPU *cpu, FeatureWord w, uint64_t mask, + const char *verbose_prefix); +void mark_forced_on_features(X86CPU *cpu, FeatureWord w, uint64_t mask, + const char *verbose_prefix); static inline bool x86_has_cpuid_0x1f(X86CPU *cpu) { diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 2b9a47020934..f6a4f3322e61 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -727,6 +727,104 @@ static uint32_t tdx_adjust_cpuid_features(X86ConfidentialGuest *cg, return value; } +static struct kvm_cpuid2 *tdx_fetch_cpuid(CPUState *cpu) +{ + struct kvm_cpuid2 *fetch_cpuid; + int size = KVM_MAX_CPUID_ENTRIES; + Error *local_err = NULL; + int r; + + do { + error_free(local_err); + local_err = NULL; + + fetch_cpuid = g_malloc0(sizeof(*fetch_cpuid) + + sizeof(struct kvm_cpuid_entry2) * size); + fetch_cpuid->nent = size; + r = tdx_vcpu_ioctl(cpu, KVM_TDX_GET_CPUID, 0, fetch_cpuid, &local_err); + if (r == -E2BIG) { + g_free(fetch_cpuid); + size = fetch_cpuid->nent; + } + } while (r == -E2BIG); + + if (r < 0) { + error_report_err(local_err); + return NULL; + } + + return fetch_cpuid; +} + +static int tdx_check_features(X86ConfidentialGuest *cg, CPUState *cs) +{ + uint64_t actual, requested, unavailable, forced_on; + g_autofree struct kvm_cpuid2 *fetch_cpuid; + const char *forced_on_prefix = NULL; + const char *unav_prefix = NULL; + struct kvm_cpuid_entry2 *entry; + X86CPU *cpu = X86_CPU(cs); + CPUX86State *env = &cpu->env; + FeatureWordInfo *wi; + FeatureWord w; + bool mismatch = false; + + fetch_cpuid = tdx_fetch_cpuid(cs); + if (!fetch_cpuid) { + return -1; + } + + if (cpu->check_cpuid || cpu->enforce_cpuid) { + unav_prefix = "TDX doesn't support requested feature"; + forced_on_prefix = "TDX forcibly sets the feature"; + } + + for (w = 0; w < FEATURE_WORDS; w++) { + wi = &feature_word_info[w]; + actual = 0; + + switch (wi->type) { + case CPUID_FEATURE_WORD: + entry = cpuid_find_entry(fetch_cpuid, wi->cpuid.eax, wi->cpuid.ecx); + if (!entry) { + /* + * If KVM doesn't report it means it's totally configurable + * by QEMU + */ + continue; + } + + actual = cpuid_entry_get_reg(entry, wi->cpuid.reg); + break; + case MSR_FEATURE_WORD: + /* + * TODO: + * validate MSR features when KVM has interface report them. + */ + continue; + } + + requested = env->features[w]; + unavailable = requested & ~actual; + mark_unavailable_features(cpu, w, unavailable, unav_prefix); + if (unavailable) { + mismatch = true; + } + + forced_on = actual & ~requested; + mark_forced_on_features(cpu, w, forced_on, forced_on_prefix); + if (forced_on) { + mismatch = true; + } + } + + if (cpu->enforce_cpuid && mismatch) { + return -1; + } + + return 0; +} + static int tdx_validate_attributes(TdxGuest *tdx, Error **errp) { if ((tdx->attributes & ~tdx_caps->supported_attrs)) { @@ -1087,4 +1185,5 @@ static void tdx_guest_class_init(ObjectClass *oc, void *data) x86_klass->kvm_type = tdx_kvm_type; x86_klass->cpu_instance_init = tdx_cpu_instance_init; x86_klass->adjust_cpuid_features = tdx_adjust_cpuid_features; + x86_klass->check_features = tdx_check_features; } From patchwork Fri Jan 24 13:20:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949474 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E6DD38632E for ; Fri, 24 Jan 2025 13:40:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737726007; cv=none; b=aHAF+ab7cQmk4RN8UUEEX0uwvXuIDA9Hue3pmy5Hqcy5y2ngt24z5Q1jTZm5mDkFy9JpLnTmwI+JnmsVsC1u5rm4UMtw7un40tcP4+72a+RlEcLPynhejPM9rrhtxQ4lvAIHWIVKLTHbVQthG23K7NgcSDqiXtKwalM1ROcOnpw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737726007; c=relaxed/simple; bh=lKKhpINOwRUM2TXEgJwHkGVj1DZ5JDaSkIZbWTMQSdU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=W4CkBdJMXp4dajb+pV7zZ5l0w5MRuRbodOSs01YFUdXBhLlJjrJa9m7XNX1TAHHvRa3VG1OpXeJzoXTzZkpuzByyNhaOz5gwEXEXU7x9SkvrR/Tv/wdQ5XDevLszD7Z4UiRnfNdUOJoqzgLN+2mfxW/E3aEQ4UC+FxSdoWdblLE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=MCI8zAAc; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="MCI8zAAc" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737726006; x=1769262006; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=lKKhpINOwRUM2TXEgJwHkGVj1DZ5JDaSkIZbWTMQSdU=; b=MCI8zAAcsJCvMnxKRT1A0P8lgP9dvnMJ0wDha1bDU2M3pnlCIdfHX3Gn Uu55812sGLKMSm88tvbk83vnclcuowmuVZ6NSorWT/7ZCP/9Fe/CDmpBC q65OaWmSqlhXv3VU/TvV2dYXReH++PjANUb8cpjYK+mcgTDUgulKUr6wX X8OtaXHp6bDAIi61ApifBF2r0QFzzgygvM6z4S9/JewKba1/pxgI6tAdq fu/NuosTVbNa59tbAMEnF/sGgOOmelbVAicUhkbLtV5E8ymntzLoPgJeN sna5K890uZNQlOXaVFd1P80vq+7ZPGxHNuq4Ei1xp9BMOC4yXeCLMjxg+ Q==; X-CSE-ConnectionGUID: tcxxG/aiTfGzzCLb7T4jCA== X-CSE-MsgGUID: qEV6hGINQx6amdLW9WxFpA== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246639" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246639" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:40:06 -0800 X-CSE-ConnectionGUID: sPnsZByDRfuPsoXWvSIhMg== X-CSE-MsgGUID: oe9IJOeQTK2UOcoe9Kz6MQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804485" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:40:02 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 49/52] i386/tdx: Don't treat SYSCALL as unavailable Date: Fri, 24 Jan 2025 08:20:45 -0500 Message-Id: <20250124132048.3229049-50-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Signed-off-by: Xiaoyao Li --- Changes in v7: - fix CPUID_EXT2_SYSCALL by adding it to actual; --- target/i386/kvm/tdx.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index f6a4f3322e61..58ea6a4d3156 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -804,6 +804,19 @@ static int tdx_check_features(X86ConfidentialGuest *cg, CPUState *cs) continue; } + /* Fixup for special cases */ + switch (w) { + case FEAT_8000_0001_EDX: + /* + * Intel enumerates SYSCALL bit as 1 only when processor in 64-bit + * mode and before vcpu running it's not in 64-bit mode. + */ + actual |= CPUID_EXT2_SYSCALL; + break; + default: + break; + } + requested = env->features[w]; unavailable = requested & ~actual; mark_unavailable_features(cpu, w, unavailable, unav_prefix); From patchwork Fri Jan 24 13:20:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949475 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0FC4743ACB for ; Fri, 24 Jan 2025 13:40:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737726012; cv=none; b=RXY+bPA143B6jIGEWdnAhM25fa6PYX4aLwGts+jhX1yo6FAv+5ci/PoAr5h8MJE9D2K75DjOajuTa9p5zZgRGVt2sOx7Vq3rsBrjS2cca6rfMI52oK0x0BewItuEuHI4LNdBiutZbLqoWxQvJxUfx+5terPiF/kA6sjdJuwyo+Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737726012; c=relaxed/simple; bh=JEfor+KFxyDwdyWlWCn598DxuZ06/MpImTaZ99/kE0M=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=UTeyzLEAFzFZbyTEAlhyDyVhMTUN4khQwUcnEAjMSQmPhifMLE9Cxht4Ha7o1/9MS/BGfmUSFLX3N+KUddlkR0Jw0SJ4moERCfrQvcWA6817At2NwZ+E7IcrCzTugjzwpazzGVxQnSlmUzsVL8zVaUXGa18RuL46/ppkQgLW7qY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Ujy2HHyh; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Ujy2HHyh" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737726010; x=1769262010; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=JEfor+KFxyDwdyWlWCn598DxuZ06/MpImTaZ99/kE0M=; b=Ujy2HHyhW5EnLS5tkrHhCPVcZmip/ha6lIi9UgteAkydmWxxAp6zTK8U 3HLIWXa2bUfrWqgM1aIw8vQON5wtbQSgNOOxthZsUKDRBwNiSGwstC6RL EH1sVIddS9Rr5GRKQGPTzjEE4TEMKRV8kKV6/5CUXlPWGzWQZ1WM5FVTc 58FAMaAm6doLQVG5i9RRrjye7pQMkEXO+r0ejo1KWcfQwlTm7r7rfnbbX 6QKMYepUsY3VeaSGgrkancTgBNvjMJxClNCLHBLvwWX7BAtn+1M5Gd01o DyqzWnjyE3a5pzL4kNjVsz+EFFUyWuUA75tB2b05VN23LkgPane8IeCrn A==; X-CSE-ConnectionGUID: 35d2XMSuQxiag62msoih3Q== X-CSE-MsgGUID: LFo+9KNtTd2ZlDRncYtvBw== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246650" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246650" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:40:10 -0800 X-CSE-ConnectionGUID: EOPIaBMERm+SQz+cyBhuXg== X-CSE-MsgGUID: iOiNQdTETdqBQ0Emci0mmw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804490" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:40:06 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 50/52] i386/tdx: Make invtsc default on Date: Fri, 24 Jan 2025 08:20:46 -0500 Message-Id: <20250124132048.3229049-51-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Because it's fixed1 bit that enforced by TDX module. Signed-off-by: Xiaoyao Li --- target/i386/kvm/tdx.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 58ea6a4d3156..bb75eb06dad9 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -439,6 +439,9 @@ static void tdx_cpu_instance_init(X86ConfidentialGuest *cg, CPUState *cpu) object_property_set_bool(OBJECT(cpu), "pmu", false, &error_abort); + /* invtsc is fixed1 for TD guest */ + object_property_set_bool(OBJECT(cpu), "invtsc", true, &error_abort); + x86cpu->enable_cpuid_0x1f = true; } From patchwork Fri Jan 24 13:20:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949476 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 273853596F for ; Fri, 24 Jan 2025 13:40:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737726017; cv=none; b=p8N4Z29IFY8GZ0PeO483bWSHjH3dvRgezAhSdehLvkR4B3iHy4ZVf+/cwF1gzSF47Cc91B3vQIbQOaKP6ImGHOds2MLLJv0OLYzGTHg+ATVxJBwEbKZ2zrUms8uOLiz+KIF3/EmOZ9KN06ion9GINLzQKXRTEc3CNeotKGk83u0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737726017; c=relaxed/simple; bh=OqgpOogLszpg5BDG/eo1xK00WrrRCqKOdIeFumdWFTk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=YpRwPqlYMCPDXHAwflyMhhVA1Qf9qgno1A8A8v7fq48w8LMvprp1uEG3XXyeHqEccFhD0PxAQ/yY4Kn1nw8OkHMaOevDZMdPYc8AOGdeszkne4E3wAGenNcDIRZ15cA/qv0AB11gKOYN+69morvzWQ+W4aYTP2fgPwnwdXrQ//k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=h3HwEA5X; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="h3HwEA5X" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737726014; x=1769262014; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=OqgpOogLszpg5BDG/eo1xK00WrrRCqKOdIeFumdWFTk=; b=h3HwEA5Xrv0DRPKxqP7bAK5+rETo5ykzcbANaikP4s8ZfnNtsLPqssIn cbrQz0L2KdzPCFlgKTRJIRkeCMdgypVicenqgvOQV+UbREPY51uSXg7K8 bqB1hXMJV1TzSFBzn3mm7MYHpNNgviTvuP3tzabFmm3dJCnK/1DjCURyK mSaRmnEhqBwZLOxbwWyO92pWVxxoF2viwQNxH3poU2m77rMC1++VVM1Ww rCuWFNmZEOI1wbHIRhN/qTNTkiB+JGlQgdY2iuNgo+qQjVD0zupw81ENZ 4U2a72w58v7dI31cirhmG8vZb+3H0hCgetS2OOa6XlJr1ZoMY5wi/N4Yz A==; X-CSE-ConnectionGUID: SZN2b29AS0KGAKMFxxL7IQ== X-CSE-MsgGUID: IKUsaSBdQ1GTsAa4yUl8DQ== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246667" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246667" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:40:13 -0800 X-CSE-ConnectionGUID: Rka8XYisTLCFKxcHr0WtQg== X-CSE-MsgGUID: T4TiYUwjRJGLYlDfunmQiQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804494" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:40:09 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 51/52] i386/tdx: Validate phys_bits against host value Date: Fri, 24 Jan 2025 08:20:47 -0500 Message-Id: <20250124132048.3229049-52-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 For TDX guest, the phys_bits is not configurable and can only be host/native value. Validate phys_bits inside tdx_check_features(). Signed-off-by: Xiaoyao Li --- target/i386/host-cpu.c | 2 +- target/i386/host-cpu.h | 1 + target/i386/kvm/tdx.c | 8 ++++++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/target/i386/host-cpu.c b/target/i386/host-cpu.c index 3e4e85e729c8..8a15af458b05 100644 --- a/target/i386/host-cpu.c +++ b/target/i386/host-cpu.c @@ -15,7 +15,7 @@ #include "system/system.h" /* Note: Only safe for use on x86(-64) hosts */ -static uint32_t host_cpu_phys_bits(void) +uint32_t host_cpu_phys_bits(void) { uint32_t eax; uint32_t host_phys_bits; diff --git a/target/i386/host-cpu.h b/target/i386/host-cpu.h index 6a9bc918baa4..b97ec01c9bec 100644 --- a/target/i386/host-cpu.h +++ b/target/i386/host-cpu.h @@ -10,6 +10,7 @@ #ifndef HOST_CPU_H #define HOST_CPU_H +uint32_t host_cpu_phys_bits(void); void host_cpu_instance_init(X86CPU *cpu); void host_cpu_max_instance_init(X86CPU *cpu); bool host_cpu_realizefn(CPUState *cs, Error **errp); diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index bb75eb06dad9..c906a76c4c0e 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -24,6 +24,7 @@ #include "cpu.h" #include "cpu-internal.h" +#include "host-cpu.h" #include "hw/i386/e820_memory_layout.h" #include "hw/i386/x86.h" #include "hw/i386/tdvf.h" @@ -838,6 +839,13 @@ static int tdx_check_features(X86ConfidentialGuest *cg, CPUState *cs) return -1; } + if (cpu->phys_bits != host_cpu_phys_bits()) { + error_report("TDX requires guest CPU physical bits (%u) " + "to match host CPU physical bits (%u)", + cpu->phys_bits, host_cpu_phys_bits()); + exit(1); + } + return 0; } From patchwork Fri Jan 24 13:20:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 13949477 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5AE7743ACB for ; Fri, 24 Jan 2025 13:40:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737726019; cv=none; b=A7A9NBUQRFimRAFRm+awhDgMk2pfj7N1zQ/ouw58gWTLa49JxKLXax/8zY/bYGOvzvg3FWLpfS9n3GWZIIU6+s0kl4+oUQlDadUXGX1Qd/gxLPjFn4iLd/Pcx9s+KFrFvT//5+GsHdtBK1PvGvSxcoOA+zu9KsXsKZ7txbqZGms= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737726019; c=relaxed/simple; bh=EUwHVgF5vEEMvJW0RWlFhvQxAskobUwBHDJmxFXAZbY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=t59UYI92eE6I4lPlJ0EeSiAKtXhm4IC3DG3bX8UIrGwLtBIae4wx1PGIhKQ4UoyOU16LP/KMLN1IXi14gG+W0D4/XdxkeSJvhX7QcVBPpZlpLXOGbXIJgQrlF8h+TppztCcsf1/W2MROFm83hf/8e4bUtB5aFJGi2unSdpoIKQw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=HN5ZO4+9; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="HN5ZO4+9" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737726018; x=1769262018; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=EUwHVgF5vEEMvJW0RWlFhvQxAskobUwBHDJmxFXAZbY=; b=HN5ZO4+9Q9zOx1XMm4forMqwKJQi+oh6kXyBz/MDlmxGNX84KcLcSPYU HupMKs230wjzYSo/4nb0+GSCGphIQhhH+8MzhGp5sm6ZFgn0MzcOTwPse KgZevAz44Vnt5UN+ooqNOBL/HON8X6i4dOa+vtUk2hjmpFaXwWal0IETg +0Ztv8UZHrMKwWpaRswynWB7JS7Fx1afix3JiNzmRyUTSGBeJlbgn0b0Q e/EBR5KouC7mAKs1Stna18Nw6h9nQPrXYe7tcBrpn3t2WGlcQCjIfV0zK pROEKUl0ibELl/9FyyzPvOBozoK5uArugbjV4juB+PtTQOE/H+Qy7wA8X g==; X-CSE-ConnectionGUID: 7EHXPxiKRomHuRH9FJw3UA== X-CSE-MsgGUID: I66JM8R1QumkEub1pFMS6A== X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246680" X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246680" Received: from fmviesa003.fm.intel.com ([10.60.135.143]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2025 05:40:17 -0800 X-CSE-ConnectionGUID: w195bjlmQeiieJmUoh3uZw== X-CSE-MsgGUID: 24wpkVZCSQaDlIoTepYyDw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804499" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:40:13 -0800 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , =?utf-8?q?Phil?= =?utf-8?q?ippe_Mathieu-Daud=C3=A9?= , Igor Mammedov Cc: Zhao Liu , "Michael S. Tsirkin" , Eric Blake , Markus Armbruster , Peter Maydell , Marcelo Tosatti , Huacai Chen , Rick Edgecombe , Francesco Lavra , xiaoyao.li@intel.com, qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH v7 52/52] docs: Add TDX documentation Date: Fri, 24 Jan 2025 08:20:48 -0500 Message-Id: <20250124132048.3229049-53-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com> References: <20250124132048.3229049-1-xiaoyao.li@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add docs/system/i386/tdx.rst for TDX support, and add tdx in confidential-guest-support.rst Signed-off-by: Xiaoyao Li --- Changes in v6: - Add more information of "Feature configuration" - Mark TD Attestation as future work because KVM now drops the support of it. Changes in v5: - Add TD attestation section and update the QEMU parameter; Changes since v1: - Add prerequisite of private gmem; - update example command to launch TD; Changes since RFC v4: - add the restriction that kernel-irqchip must be split --- docs/system/confidential-guest-support.rst | 1 + docs/system/i386/tdx.rst | 156 +++++++++++++++++++++ docs/system/target-i386.rst | 1 + 3 files changed, 158 insertions(+) create mode 100644 docs/system/i386/tdx.rst diff --git a/docs/system/confidential-guest-support.rst b/docs/system/confidential-guest-support.rst index 0c490dbda2b7..66129fbab64c 100644 --- a/docs/system/confidential-guest-support.rst +++ b/docs/system/confidential-guest-support.rst @@ -38,6 +38,7 @@ Supported mechanisms Currently supported confidential guest mechanisms are: * AMD Secure Encrypted Virtualization (SEV) (see :doc:`i386/amd-memory-encryption`) +* Intel Trust Domain Extension (TDX) (see :doc:`i386/tdx`) * POWER Protected Execution Facility (PEF) (see :ref:`power-papr-protected-execution-facility-pef`) * s390x Protected Virtualization (PV) (see :doc:`s390x/protvirt`) diff --git a/docs/system/i386/tdx.rst b/docs/system/i386/tdx.rst new file mode 100644 index 000000000000..ea2e601dde9a --- /dev/null +++ b/docs/system/i386/tdx.rst @@ -0,0 +1,156 @@ +Intel Trusted Domain eXtension (TDX) +==================================== + +Intel Trusted Domain eXtensions (TDX) refers to an Intel technology that extends +Virtual Machine Extensions (VMX) and Multi-Key Total Memory Encryption (MKTME) +with a new kind of virtual machine guest called a Trust Domain (TD). A TD runs +in a CPU mode that is designed to protect the confidentiality of its memory +contents and its CPU state from any other software, including the hosting +Virtual Machine Monitor (VMM), unless explicitly shared by the TD itself. + +Prerequisites +------------- + +To run TD, the physical machine needs to have TDX module loaded and initialized +while KVM hypervisor has TDX support and has TDX enabled. If those requirements +are met, the ``KVM_CAP_VM_TYPES`` will report the support of ``KVM_X86_TDX_VM``. + +Trust Domain Virtual Firmware (TDVF) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Trust Domain Virtual Firmware (TDVF) is required to provide TD services to boot +TD Guest OS. TDVF needs to be copied to guest private memory and measured before +the TD boots. + +KVM vcpu ioctl ``KVM_TDX_INIT_MEM_REGION`` can be used to populate the TDVF +content into its private memory. + +Since TDX doesn't support readonly memslot, TDVF cannot be mapped as pflash +device and it actually works as RAM. "-bios" option is chosen to load TDVF. + +OVMF is the opensource firmware that implements the TDVF support. Thus the +command line to specify and load TDVF is ``-bios OVMF.fd`` + +Feature Configuration +--------------------- + +Unlike non-TDX VM, the CPU features (enumerated by CPU or MSR) of a TD are not +under full control of VMM. VMM can only configure part of features of a TD on +``KVM_TDX_INIT_VM`` command of VM scope ``MEMORY_ENCRYPT_OP`` ioctl. + +The configurable features have three types: + +- Attributes: + - PKS (bit 30) controls whether Supervisor Protection Keys is exposed to TD, + which determines related CPUID bit and CR4 bit; + - PERFMON (bit 63) controls whether PMU is exposed to TD. + +- XSAVE related features (XFAM): + XFAM is a 64b mask, which has the same format as XCR0 or IA32_XSS MSR. It + determines the set of extended features available for use by the guest TD. + +- CPUID features: + Only some bits of some CPUID leaves are directly configurable by VMM. + +What features can be configured is reported via TDX capabilities. + +TDX capabilities +~~~~~~~~~~~~~~~~ + +The VM scope ``MEMORY_ENCRYPT_OP`` ioctl provides command ``KVM_TDX_CAPABILITIES`` +to get the TDX capabilities from KVM. It returns a data structure of +``struct kvm_tdx_capabilities``, which tells the supported configuration of +attributes, XFAM and CPUIDs. + +TD attributes +~~~~~~~~~~~~~ + +QEMU supports configuring raw 64-bit TD attributes directly via "attributes" +property of "tdx-guest" object. Note, it's users' responsibility to provide a +valid value because some bits may not supported by current QEMU or KVM yet. + +QEMU also supports the configuration of individual attribute bits that are +supported by it, via properties of "tdx-guest" object. +E.g., "sept-ve-disable" (bit 28). + +MSR based features +~~~~~~~~~~~~~~~~~~ + +Current KVM doesn't support MSR based feature (e.g., MSR_IA32_ARCH_CAPABILITIES) +configuration for TDX, and it's a future work to enable it in QEMU when KVM adds +support of it. + +Feature check +~~~~~~~~~~~~~ + +QEMU checks if the final (CPU) features, determined by given cpu model and +explicit feature adjustment of "+featureA/-featureB", can be supported or not. +It can produce feature not supported warning like + + "warning: host doesn't support requested feature: CPUID.07H:EBX.intel-pt [bit 25]" + +It can also produce warning like + + "warning: TDX forcibly sets the feature: CPUID.80000007H:EDX.invtsc [bit 8]" + +if the fixed-1 feature is requested to be disabled explicitly. This is newly +added to QEMU for TDX because TDX has fixed-1 features that are forcibly enabled +by TDX module and VMM cannot disable them. + +Launching a TD (TDX VM) +----------------------- + +To launch a TD, the necessary command line options are tdx-guest object and +split kernel-irqchip, as below: + +.. parsed-literal:: + + |qemu_system_x86| \\ + -object tdx-guest,id=tdx0 \\ + -machine ...,kernel-irqchip=split,confidential-guest-support=tdx0 \\ + -bios OVMF.fd \\ + +Restrictions +------------ + + - kernel-irqchip must be split; + + - No readonly support for private memory; + + - No SMM support: SMM support requires manipulating the guest register states + which is not allowed; + +Debugging +--------- + +Bit 0 of TD attributes, is DEBUG bit, which decides if the TD runs in off-TD +debug mode. When in off-TD debug mode, TD's VCPU state and private memory are +accessible via given SEAMCALLs. This requires KVM to expose APIs to invoke those +SEAMCALLs and corresonponding QEMU change. + +It's targeted as future work. + +TD attestation +-------------- + +In TD guest, the attestation process is used to verify the TDX guest +trustworthiness to other entities before provisioning secrets to the guest. + +TD attestation is initiated first by calling TDG.MR.REPORT inside TD to get the +REPORT. Then the REPORT data needs to be converted into a remotely verifiable +Quote by SGX Quoting Enclave (QE). + +It's a future work in QEMU to add support of TD attestation since it lacks +support in current KVM. + +Live Migration +-------------- + +Future work. + +References +---------- + +- `TDX Homepage `__ + +- `SGX QE `__ diff --git a/docs/system/target-i386.rst b/docs/system/target-i386.rst index ab7af1a75d6e..43b09c79d6be 100644 --- a/docs/system/target-i386.rst +++ b/docs/system/target-i386.rst @@ -31,6 +31,7 @@ Architectural features i386/kvm-pv i386/sgx i386/amd-memory-encryption + i386/tdx OS requirements ~~~~~~~~~~~~~~~