subject:"\[RFC PATCH v2 10\/44\] hw\/i386\: Initialize TDX via KVM ioctl\(\) when kvm

Re: [RFC PATCH v2 10/44] hw/i386: Initialize TDX via KVM ioctl() when kvm_type is TDX

2021-08-26 Thread Eric Blake

On Wed, Jul 07, 2021 at 05:54:40PM -0700, isaku.yamah...@gmail.com wrote:
> From: Xiaoyao Li 
> 
> Introduce tdx_ioctl() to invoke TDX specific sub-ioctls of
> KVM_MEMORY_ENCRYPT_OP.  Use tdx_ioctl() to invoke KVM_TDX_INIT, by way
> of tdx_init(), during kvm_arch_init().  KVM_TDX_INIT configures global
> TD state, e.g. the canonical CPUID config, and must be executed prior to
> creating vCPUs.
> 
> Note, this doesn't address the fact that Qemu may change the CPUID
> configuration when creating vCPUs, i.e. punts on refactoring Qemu to
> provide a stable CPUID config prior to kvm_arch_init().
> 
> Explicitly set subleaf index and flags when adding CPUID
> Set the index and flags when adding a CPUID entry to avoid propagating
> stale state from a removed entry, e.g. when the CPUID 0x4 loop bails, it
> can leave non-zero index and flags in the array.
> 
> Signed-off-by: Xiaoyao Li 
> Co-developed-by: Sean Christopherson 
> Signed-off-by: Sean Christopherson 
> Signed-off-by: Isaku Yamahata 
> ---

> +++ b/qapi/qom.json
> @@ -760,6 +760,18 @@
>  '*cbitpos': 'uint32',
>  'reduced-phys-bits': 'uint32' } }
>  
> +##
> +# @TdxGuestProperties:
> +#
> +# Properties for tdx-guest objects.
> +#
> +# @debug: enable debug mode (default: off)
> +#
> +# Since: 6.0

This should be 6.2

> +##
> +{ 'struct': 'TdxGuestProperties',
> +  'data': { '*debug': 'bool' } }
> +
>  ##
>  # @ObjectType:
>  #
> @@ -802,6 +814,7 @@
>  'secret_keyring',
>  'sev-guest',
>  's390-pv-guest',
> +'tdx-guest',
>  'throttle-group',
>  'tls-creds-anon',
>  'tls-creds-psk',
> @@ -858,6 +871,7 @@
>'secret': 'SecretProperties',
>'secret_keyring': 'SecretKeyringProperties',
>'sev-guest':  'SevGuestProperties',
> +  'tdx-guest':  'TdxGuestProperties',
>'throttle-group': 'ThrottleGroupProperties',
>'tls-creds-anon': 'TlsCredsAnonProperties',
>'tls-creds-psk':  'TlsCredsPskProperties',

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [RFC PATCH v2 10/44] hw/i386: Initialize TDX via KVM ioctl() when kvm_type is TDX

2021-08-26 Thread Gerd Hoffmann

  Hi,

>'sev-guest':  'SevGuestProperties',
> +  'tdx-guest':  'TdxGuestProperties',

Ah, see, it's already there ...

take care,
  Gerd

[RFC PATCH v2 10/44] hw/i386: Initialize TDX via KVM ioctl() when kvm_type is TDX

2021-07-07 Thread isaku . yamahata

From: Xiaoyao Li 

Introduce tdx_ioctl() to invoke TDX specific sub-ioctls of
KVM_MEMORY_ENCRYPT_OP.  Use tdx_ioctl() to invoke KVM_TDX_INIT, by way
of tdx_init(), during kvm_arch_init().  KVM_TDX_INIT configures global
TD state, e.g. the canonical CPUID config, and must be executed prior to
creating vCPUs.

Note, this doesn't address the fact that Qemu may change the CPUID
configuration when creating vCPUs, i.e. punts on refactoring Qemu to
provide a stable CPUID config prior to kvm_arch_init().

Explicitly set subleaf index and flags when adding CPUID
Set the index and flags when adding a CPUID entry to avoid propagating
stale state from a removed entry, e.g. when the CPUID 0x4 loop bails, it
can leave non-zero index and flags in the array.

Signed-off-by: Xiaoyao Li 
Co-developed-by: Sean Christopherson 
Signed-off-by: Sean Christopherson 
Signed-off-by: Isaku Yamahata 
---
 accel/kvm/kvm-all.c|   2 +
 include/sysemu/tdx.h   |   2 +
 qapi/qom.json  |  14 +
 target/i386/kvm/tdx-stub.c |   4 ++
 target/i386/kvm/tdx.c  | 126 +
 target/i386/kvm/tdx.h  |  24 +++
 6 files changed, 172 insertions(+)
 create mode 100644 target/i386/kvm/tdx.h

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index fdbe24bf59..6475f15d5f 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -38,6 +38,7 @@
 #include "qemu/main-loop.h"
 #include "trace.h"
 #include "hw/irq.h"
+#include "sysemu/tdx.h"
 #include "qapi/visitor.h"
 #include "qapi/qapi-types-common.h"
 #include "qapi/qapi-visit-common.h"
@@ -459,6 +460,7 @@ int kvm_init_vcpu(CPUState *cpu, Error **errp)
 
 trace_kvm_init_vcpu(cpu->cpu_index, kvm_arch_vcpu_id(cpu));
 
+tdx_pre_create_vcpu(cpu);
 ret = kvm_get_vcpu(s, kvm_arch_vcpu_id(cpu));
 if (ret < 0) {
 error_setg_errno(errp, -ret, "kvm_init_vcpu: kvm_get_vcpu failed 
(%lu)",
diff --git a/include/sysemu/tdx.h b/include/sysemu/tdx.h
index 60ebded851..36a901e723 100644
--- a/include/sysemu/tdx.h
+++ b/include/sysemu/tdx.h
@@ -7,4 +7,6 @@
 bool kvm_has_tdx(KVMState *s);
 #endif
 
+void tdx_pre_create_vcpu(CPUState *cpu);
+
 #endif
diff --git a/qapi/qom.json b/qapi/qom.json
index 652be317b8..70c70e3efe 100644
--- a/qapi/qom.json
+++ b/qapi/qom.json
@@ -760,6 +760,18 @@
 '*cbitpos': 'uint32',
 'reduced-phys-bits': 'uint32' } }
 
+##
+# @TdxGuestProperties:
+#
+# Properties for tdx-guest objects.
+#
+# @debug: enable debug mode (default: off)
+#
+# Since: 6.0
+##
+{ 'struct': 'TdxGuestProperties',
+  'data': { '*debug': 'bool' } }
+
 ##
 # @ObjectType:
 #
@@ -802,6 +814,7 @@
 'secret_keyring',
 'sev-guest',
 's390-pv-guest',
+'tdx-guest',
 'throttle-group',
 'tls-creds-anon',
 'tls-creds-psk',
@@ -858,6 +871,7 @@
   'secret': 'SecretProperties',
   'secret_keyring': 'SecretKeyringProperties',
   'sev-guest':  'SevGuestProperties',
+  'tdx-guest':  'TdxGuestProperties',
   'throttle-group': 'ThrottleGroupProperties',
   'tls-creds-anon': 'TlsCredsAnonProperties',
   'tls-creds-psk':  'TlsCredsPskProperties',
diff --git a/target/i386/kvm/tdx-stub.c b/target/i386/kvm/tdx-stub.c
index e1eb09cae1..93d5913c89 100644
--- a/target/i386/kvm/tdx-stub.c
+++ b/target/i386/kvm/tdx-stub.c
@@ -8,3 +8,7 @@ bool kvm_has_tdx(KVMState *s)
 return false;
 }
 #endif
+
+void tdx_pre_create_vcpu(CPUState *cpu)
+{
+}
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index e62a570f75..e8c70f241d 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -14,8 +14,10 @@
 #include "qemu/osdep.h"
 
 #include 
+#include 
 
 #include "cpu.h"
+#include "kvm_i386.h"
 #include "hw/boards.h"
 #include "qapi/error.h"
 #include "qom/object_interfaces.h"
@@ -23,8 +25,132 @@
 #include "sysemu/kvm.h"
 #include "sysemu/kvm_int.h"
 #include "sysemu/tdx.h"
+#include "tdx.h"
+
+#define TDX1_TD_ATTRIBUTE_DEBUG BIT_ULL(0)
+#define TDX1_TD_ATTRIBUTE_PERFMON BIT_ULL(63)
 
 bool kvm_has_tdx(KVMState *s)
 {
 return !!(kvm_check_extension(s, KVM_CAP_VM_TYPES) & BIT(KVM_X86_TDX_VM));
 }
+
+static void __tdx_ioctl(int ioctl_no, const char *ioctl_name,
+__u32 metadata, void *data)
+{
+struct kvm_tdx_cmd tdx_cmd;
+int r;
+
+memset(&tdx_cmd, 0x0, sizeof(tdx_cmd));
+
+tdx_cmd.id = ioctl_no;
+tdx_cmd.metadata = metadata;
+tdx_cmd.data = (__u64)(unsigned long)data;
+
+r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &tdx_cmd);
+if (r) {
+error_report("%s failed: %s", ioctl_name, strerror(-r));
+exit(1);
+}
+}
+#define tdx_ioctl(ioctl_no, metadata, data) \
+__tdx_ioctl(ioctl_no, stringify(ioctl_no), metadata, data)
+
+void tdx_pre_create_vcpu(CPUState *cpu)
+{
+struct {
+struct kvm_cpuid2 cpuid;
+struct kvm_cpuid_entry2 entries[KVM_MAX_CPUID_ENTRIES];
+} cp

Re: [RFC PATCH v2 10/44] hw/i386: Initialize TDX via KVM ioctl() when kvm_type is TDX

Re: [RFC PATCH v2 10/44] hw/i386: Initialize TDX via KVM ioctl() when kvm_type is TDX

[RFC PATCH v2 10/44] hw/i386: Initialize TDX via KVM ioctl() when kvm_type is TDX

3 matches

Site Navigation

Mail list logo

Footer information