When the confidential virtual machine KVM file descriptor changes due to the guest reset, some TDX specific setup steps needs to be done again. This includes finalizing the inital guest launch state again. This change re-executes some parts of the TDX setup during the device reset phaze using a resettable interface. This finalizes the guest launch state again and locks it in. Also care has been taken so that notifiers are installed only once.
Signed-off-by: Ani Sinha <[email protected]> --- target/i386/kvm/tdx.c | 39 +++++++++++++++++++++++++++++++++++++-- target/i386/kvm/tdx.h | 1 + 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index bafaf62cdb..1903cc2132 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -19,6 +19,7 @@ #include "crypto/hash.h" #include "system/kvm_int.h" #include "system/runstate.h" +#include "system/reset.h" #include "system/system.h" #include "system/ramblock.h" #include "system/address-spaces.h" @@ -389,6 +390,19 @@ static void tdx_finalize_vm(Notifier *notifier, void *unused) CONFIDENTIAL_GUEST_SUPPORT(tdx_guest)->ready = true; } +static void tdx_handle_reset(Object *obj, ResetType type) +{ + if (!runstate_is_running()) { + return; + } + + if (!kvm_enable_hypercall(BIT_ULL(KVM_HC_MAP_GPA_RANGE))) { + error_setg(&error_fatal, "KVM_HC_MAP_GPA_RANGE not enabled for guest"); + } + + tdx_finalize_vm(NULL, NULL); +} + static Notifier tdx_machine_done_notify = { .notify = tdx_finalize_vm, }; @@ -689,6 +703,7 @@ static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) X86MachineState *x86ms = X86_MACHINE(ms); TdxGuest *tdx = TDX_GUEST(cgs); int r = 0; + static bool notifier_added; kvm_mark_guest_state_protected(); @@ -736,8 +751,10 @@ static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) */ kvm_readonly_mem_allowed = false; - qemu_add_machine_init_done_notifier(&tdx_machine_done_notify); - + if (!notifier_added) { + qemu_add_machine_init_done_notifier(&tdx_machine_done_notify); + notifier_added = true; + } tdx_guest = tdx; return 0; } @@ -1503,6 +1520,7 @@ OBJECT_DEFINE_TYPE_WITH_INTERFACES(TdxGuest, TDX_GUEST, X86_CONFIDENTIAL_GUEST, { TYPE_USER_CREATABLE }, + { TYPE_RESETTABLE_INTERFACE }, { NULL }) static void tdx_guest_init(Object *obj) @@ -1536,20 +1554,37 @@ static void tdx_guest_init(Object *obj) tdx->event_notify_vector = -1; tdx->event_notify_apicid = -1; + qemu_register_resettable(obj); } static void tdx_guest_finalize(Object *obj) { } +static ResettableState *tdx_reset_state(Object *obj) +{ + TdxGuest *tdx = TDX_GUEST(obj); + return &tdx->reset_state; +} + static void tdx_guest_class_init(ObjectClass *oc, const void *data) { ConfidentialGuestSupportClass *klass = CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc); X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc); + ResettableClass *rc = RESETTABLE_CLASS(oc); klass->kvm_init = tdx_kvm_init; x86_klass->kvm_type = tdx_kvm_type; x86_klass->cpu_instance_init = tdx_cpu_instance_init; x86_klass->adjust_cpuid_features = tdx_adjust_cpuid_features; x86_klass->check_features = tdx_check_features; + + /* + * the exit phase makes sure sev handles reset after all legacy resets + * have taken place (in the hold phase) and IGVM has also properly + * set up the boot state. + */ + rc->phases.exit = tdx_handle_reset; + rc->get_state = tdx_reset_state; + } diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h index 1c38faf983..264fbe530c 100644 --- a/target/i386/kvm/tdx.h +++ b/target/i386/kvm/tdx.h @@ -70,6 +70,7 @@ typedef struct TdxGuest { uint32_t event_notify_vector; uint32_t event_notify_apicid; + ResettableState reset_state; } TdxGuest; #ifdef CONFIG_TDX -- 2.42.0
