KVM only allows userspace to access legal number of MSR_IA32_RTIT_ADDRn,
which is enumrated by guest's CPUID(0x14,0x1):EAX[2:0], i.e.,
env->features[FEAT_14_1_EAX] & INTEL_PT_ADDR_RANGES_NUM_MASK
Signed-off-by: Xiaoyao Li
---
target/i386/cpu.h | 2 ++
target/i386/kvm/kvm.c | 8
Some CPUID leaves have meaningful subleaf index. Print the subleaf info
in feature_word_description for CPUID features.
Signed-off-by: Xiaoyao Li
Reviewed-by: Eduardo Habkost
---
target/i386/cpu.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.c b
For IceLake-server, it's just the same as using the default PT
feature set since the default one is exact taken from ICX.
For Snowridge, define it according to real SNR silicon capabilities.
Signed-off-by: Xiaoyao Li
---
target/i386/cpu.c | 18 ++
1 file changed, 18 insertions
Per Intel SDM, bits 2:0 of CPUID(0x14,0x1).EAX indicate the number of
address ranges for INTEL-PT.
Signed-off-by: Xiaoyao Li
---
target/i386/cpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index f9646e16b872..fa02910ce811 100644
On 8/4/2022 1:44 AM, Daniel P. Berrangé wrote:
On Tue, Aug 02, 2022 at 06:55:48PM +0800, Xiaoyao Li wrote:
On 8/2/2022 5:49 PM, Daniel P. Berrangé wrote:
On Tue, Aug 02, 2022 at 03:47:10PM +0800, Xiaoyao Li wrote:
- CPU model
We cannot create a TD with arbitrary CPU model like what
On 8/3/2022 3:33 PM, Chenyi Qiang wrote:
On 8/2/2022 3:47 PM, Xiaoyao Li wrote:
According to Chapter "CPUID Virtualization" in TDX module spec, CPUID
bits of TD can be classified into 6 types:
1 | As
On 8/2/2022 11:13 PM, Jason A. Donenfeld wrote:
Hi Xiaoyao,
On Tue, Aug 2, 2022 at 5:06 PM Jason A. Donenfeld wrote:
Hi Xiaoyao,
On Tue, Aug 02, 2022 at 10:53:07PM +0800, Xiaoyao Li wrote:
yes, with >= 7.1, pcmc->legacy_no_rng_seed = false by default, and RNG
seed i
On 8/2/2022 9:21 PM, Jason A. Donenfeld wrote:
Hi,
On Tue, Aug 02, 2022 at 11:28:15AM +0800, Xiaoyao Li wrote:
static void pc_q35_7_0_machine_options(MachineClass *m)
{
+PCMachineClass *pcmc = PC_MACHINE_CLASS(m);
pc_q35_7_1_machine_options(m);
m->alias = N
On 8/2/2022 5:49 PM, Daniel P. Berrangé wrote:
On Tue, Aug 02, 2022 at 03:47:10PM +0800, Xiaoyao Li wrote:
- CPU model
We cannot create a TD with arbitrary CPU model like what for non-TDX VMs,
because only a subset of features can be configured for TD.
- It's recommended to use
On 8/2/2022 5:47 PM, Daniel P. Berrangé wrote:
On Tue, Aug 02, 2022 at 03:47:11PM +0800, Xiaoyao Li wrote:
Pull in recent TDX updates, which are not backwards compatible.
It's just to make this series runnable. It will be updated by script
scripts/update-linux-headers.sh
once TDX
From: Isaku Yamahata
TSC of TDs is not accessible and KVM doesn't allow access of
MSR_IA32_TSC for TDs. To avoid the assert() in kvm_get_tsc, make
kvm_synchronize_all_tsc() noop for TDs,
Signed-off-by: Isaku Yamahata
Reviewed-by: Connor Kuehl
Signed-off-by: Xiaoyao Li
---
target/i386/kvm
TDX CPU state is protected and thus vcpu state cann't be reset by VMM.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/kvm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 1545b6f870f5..8c282122ed67
and error out if user wants PIC.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/tdx.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index 70c56b7ba32c..2f317a6bb55b 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm
TDX doesn't support SMM and VMM cannot emulate SMM for TDX VMs because
VMM cannot manipulate TDX VM's memory.
Disable SMM for TDX VMs and error out if user requests to enable SMM.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/tdx.c | 8
1 file changed, 8
Invoke KVM_TDX_FINALIZE_VM to finalize the TD's measurement and make
the TD vCPUs runnable once machine initialization is complete.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/tdx.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/target/i386/kvm/tdx.c b
For TDs, only MSR_IA32_UCODE_REV in kvm_init_msrs() can be configured
by VMM, while the features enumerated/controlled by other MSRs except
MSR_IA32_UCODE_REV in kvm_init_msrs() are not under control of VMM.
Only configure MSR_IA32_UCODE_REV for TDs.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd
From: Isaku Yamahata
When level trigger isn't supported on x86 platform,
forcibly report edge trigger in acpi tables.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
hw/i386/acpi-build.c | 99 ---
hw/i386/acpi-common.c | 50
From: Isaku Yamahata
TDVF firmware (CODE and VARS) needs to be added/copied to TD's private
memory via KVM_TDX_INIT_MEM_REGION, as well as TD HOB and TEMP memory.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
Changes from RFC v4:
- rename variable
TD runs and no need to be accepted runtime.
The TdxRamEntries[] are later used to setup the memory TD resource HOB
that passes memory info from QEMU to TDVF.
Signed-off-by: Xiaoyao Li
---
Changes from RFC v4:
- simplify the algorithm of tdx_accept_ram_range() (Suggested-by: Gerd
Hoffman
.
Signed-off-by: Xiaoyao Li
---
hw/i386/x86.c | 1 +
include/hw/i386/x86.h | 1 +
target/i386/kvm/tdx.c | 2 ++
3 files changed, 4 insertions(+)
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index a389ee26265a..6ab023713bf1 100644
--- a/hw/i386/x86.c
+++ b/hw/i386/x86.c
@@ -1401,6 +1401,7
, EFI_RESOURCE_MEMORY_UNACCEPTED will be added in future UEFI spec.
[1]
https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-virtual-firmware-design-guide-rev-1.pdf
Signed-off-by: Xiaoyao Li
---
include/standard-headers/uefi/uefi.h | 198 +++
1 file changed, 198 insertions
KVM doesn't allow wirting to MSR_IA32_APICBASE for TDs.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 53ab539e7e4d..948c87ebdb97 100644
--- a/target/i386/kvm/kvm.c
+++ b/target
to do the stuff.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
hw/i386/tdvf.c | 1 +
include/hw/i386/tdvf.h | 7 +++
target/i386/kvm/tdx.c | 32
3 files changed, 40 insertions(+)
diff --git a/hw/i386/tdvf.c b/hw/i386/tdvf.c
index a40198f9407a
TDX cannot support pflash device since it doesn't support read-only
memslot and doesn't support emulation. Load TDVF(OVMF) with -bios option
for TDs.
When boot a TD, besides load TDVF to the address below 4G, it needs
parse TDVF metadata.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
TDX doesn't support map different GPAs to same private memory. Thus,
aliasing top 128KB of BIOS as isa-bios is not supported.
On the other hand, TDX guest cannot go to real mode, it can work fine
without isa-bios.
Signed-off-by: Xiaoyao Li
---
Changes from RFC v4:
- update commit message
For TDX, the address below 1MB are entirely general RAM. No need to
initialize pc.rom memory region for TDs.
Signed-off-by: Xiaoyao Li
---
This is more as a workaround of the issue that for q35 machine type, the
real memslot update (which requires memslot deletion )for pc.rom happens
after
Add docs/system/i386/tdx.rst for TDX support, and add tdx in
confidential-guest-support.rst
Signed-off-by: Xiaoyao Li
---
changes in v5:
- add the restriction that kernel-irqchip must be split
---
docs/system/confidential-guest-support.rst | 1 +
docs/system/i386/tdx.rst
Reuse "-cpu,tsc-frequency=" to get user wanted tsc frequency and call VM
scope VM_SET_TSC_KHZ to set the tsc frequency of TD before KVM_TDX_INIT_VM.
Besides, sanity check the tsc frequency to be in the legal range and
legal granularity (required by TDX module).
Signed-off-by:
-by: Isaku Yamahata
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Xiaoyao Li
---
Changes from RFC v4:
- drop the code of adding mmio resources since OVMF prepares all the
MMIO hob itself.
---
hw/i386/meson.build | 2 +-
hw/i386/tdvf-hob.c
Validate TD attributes with tdx_caps that fixed-0 bits must be zero and
fixed-1 bits must be set.
Besides, sanity check the attribute bits that have not been supported by
QEMU yet. e.g., debug bit, it will be allowed in the future when debug
TD support lands in QEMU.
Signed-off-by: Xiaoyao Li
Christopherson
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 11 +++
1 file changed, 11 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 948c87ebdb97..95afbbac7116 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -4584,6 +4584,11 @@ int
For QEMU VMs, PKS is configured via CPUID_7_0_ECX_PKS and PMU is
configured by x86cpu->enable_pmu. Reuse the existing configuration
interface for TDX VMs.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 13 +
1 file changed, 13 insertions(+)
diff --git a/target/i386/kvm/td
this bit.
Signed-off-by: Xiaoyao Li
---
qapi/qom.json | 4 +++-
target/i386/kvm/tdx.c | 24
2 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/qapi/qom.json b/qapi/qom.json
index 38177848abc1..2a5486bfed3e 100644
--- a/qapi/qom.json
+++ b/qapi/qom.json
that is the offset of TDX metadata to the end
of firmware file.
Select X86_FW_OVMF when TDX is enable to leverage existing functions
to parse and search OVMF's GUID-ed structures.
Signed-off-by: Isaku Yamahata
Co-developed-by: Xiaoyao Li
Signed-off-by: Xiaoyao Li
---
Changes from RFC v4:
- rename
TDX vcpu needs to be initialized by SEAMCALL(TDH.VP.INIT) and KVM
provides vcpu level IOCTL KVM_TDX_INIT_VCPU for it.
KVM_TDX_INIT_VCPU needs the address of the HOB as input. Invoke it for
each vcpu after HOB list is created.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386
ote, this doesn't address the fact that QEMU may change the CPUID
configuration when creating vCPUs, i.e. punts on refactoring QEMU to
provide a stable CPUID config prior to kvm_arch_init().
Signed-off-by: Xiaoyao Li
---
accel/kvm/kvm-all.c| 9 -
target/i386/kvm/kvm.c |
Introduce kvm_arch_pre_create_vcpu(), to perform arch-dependent
work prior to create any vcpu. This is for i386 TDX because it needs
call TDX_INIT_VM before creating any vcpu.
Signed-off-by: Xiaoyao Li
---
accel/kvm/kvm-all.c | 12
include/sysemu/kvm.h | 1 +
2 files changed, 13
Some bits in TD attributes have corresponding CPUID feature bits. Reflect
the fixed0/1 restriction on TD attributes to their corresponding CPUID
bits in tdx_cpuid_lookup[] as well.
Signed-off-by: Xiaoyao Li
---
target/i386/cpu-internal.h | 9 +
target/i386/cpu.c | 9
overs the other part of type #1);
- fix the ones in vmm_fixup;
- filter the one has valid .supported field;
(Calculated type is ignored since it's determined at runtime).
Co-developed-by: Chenyi Qiang
Signed-off-by: Chenyi Qiang
Signed-off-by: Xiaoyao Li
---
target/i386/cpu.h | 16 +++
t
TDX only supports readonly for shared memory but not for private memory.
In the view of QEMU, it has no idea whether a memslot is used as shared
memory of private. Thus just mark kvm_readonly_mem_enabled to false to
TDX VM for simplicity.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
From: Sean Christopherson
Move the architectural (for lack of a better term) CPUID leaf generation
to a separate helper so that the generation code can be reused by TDX,
which needs to generate a canonical VM-scoped configuration.
Signed-off-by: Sean Christopherson
Signed-off-by: Xiaoyao Li
by removing the bits that
reported from TDX module as configurable. This can adapt with the
updated TDX (module) automatically.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 30 ++
1 file changed, 30 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm
It will need special handling for TDX VMs all around the QEMU.
Introduce is_tdx_vm() helper to query if it's a TDX VM.
Cache tdx_guest object thus no need to cast from ms->cgs every time.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 13 +
target/i386/kvm/tdx.h |
, QEMU chooses to try starting with a known number
and abort when it exceeds KVM_MAX_CPUID_ENTRIES.
Besides, introduce the interfaces to invoke TDX "ioctls" at different
scope (KVM, VM and VCPU) in preparation.
Signed-off-by: Xiaoyao Li
---
changes from RFC v4:
- start from nr_cpuid_c
Introduce tdx_kvm_init() and invoke it in kvm_confidential_guest_init()
if it's a TDX VM. More initialization will be added later.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/kvm.c | 15 ++-
target/i386/kvm/meson.build | 2 +-
target/i386/kvm/tdx
and not
configurable so far.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
changes from RFC-V4
- make @attributes not user-settable
---
configs/devices/i386-softmmu/default.mak | 1 +
hw/i386/Kconfig | 5 +++
qapi/qom.json| 12 +++
target/i386
KVMM requires userspace to pass XFAM configuration via CPUID leaves 0xDs.
Convert tdx_caps->xfam_fixed0/1 into corresponding
tdx_cpuid_lookup[].tdx_fixed0/1 field of CPUID leaves 0xD. Thus the
requirement can applied naturally.
Signed-off-by: Xiaoyao Li
---
target/i386/cpu.c |
Introduce a separate function kvm_confidential_guest_init() for SEV (and
future TDX).
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/kvm.c | 11 ++-
target/i386/sev.c | 1 -
target/i386/sev.h | 2 ++
3 files changed, 12 insertions(+), 2 deletions
dx0,...
it parses VM type as KVM_X86_TDX_VM. Otherwise, it's KVM_X86_DEFAULT_VM.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
hw/i386/x86.c | 6 ++
target/i386/kvm/kvm.c | 30 ++
target/i386/kvm/kvm_i386.h | 1 +
3 files changed,
Pull in recent TDX updates, which are not backwards compatible.
It's just to make this series runnable. It will be updated by script
scripts/update-linux-headers.sh
once TDX support is upstreamed in linux kernel.
Signed-off-by: Xiaoyao Li
Co-developed-by: Sean Christopherson
Signed
trigger in acpi tables
i386/tdx: Don't synchronize guest tsc for TDs
Sean Christopherson (2):
i386/kvm: Move architectural CPUID leaf generation to separate helper
i386/tdx: Don't get/put guest state for TDX VMs
Xiaoyao Li (34):
*** HACK *** linux-headers: Update headers to pull in TDX API
On 7/22/2022 12:36 AM, Paolo Bonzini wrote:
From: "Jason A. Donenfeld"
Tiny machines optimized for fast boot time generally don't use EFI,
which means a random seed has to be supplied some other way. For this
purpose, Linux (≥5.20) supports passing a seed in the setup_data table
with
On 5/30/2022 7:49 PM, Gerd Hoffmann wrote:
On Thu, May 26, 2022 at 10:48:56AM +0800, Xiaoyao Li wrote:
On 5/24/2022 3:08 PM, Gerd Hoffmann wrote:
On Thu, May 12, 2022 at 11:17:45AM +0800, Xiaoyao Li wrote:
TDX guest cannot go to real mode, so just skip the setup of isa-bios.
Does isa-bios
On 7/14/2022 3:59 PM, Paolo Bonzini wrote:
On 7/14/22 07:36, Zhenzhong Duan wrote:
On ICX-2S2 host, when run L2 guest with both L1/L2 using
Icelake-Server-v3
or above, we got below warning:
"warning: host doesn't support requested feature: MSR(10AH).taa-no
[bit 8]"
This is because L1 KVM
No such constraint that subleaf index needs to be less than 64.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 4
1 file changed, 4 deletions(-)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index a0b412a1129f..3efa524b4b93 100644
--- a/target/i386/kvm/kvm.c
+++ b
The issue that fixed by Patch 1 looks fatal though it doesn't appear on
KVM because KVM always searches with assending order and hit with the
correct cpuid leaf 0.
Patch 2 removes the wrong constraint on CPUID leaf 1f
Xiaoyao Li (2):
i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F
Decrease array index cpuid_i when CPUID leaf 1F is skipped, otherwise it
will get an all zero'ed CPUID entry with leaf 0 and subleaf 0. It
conflicts with correct leaf 0.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/i386/kvm/kvm.c
On 7/8/2022 1:42 PM, Zhenzhong Duan wrote:
In L1 kernel side, taa-no is cleared because RTM is disabled
which will lead to below warning when starting L2 qemu:
"warning: host doesn't support requested feature: MSR(10AH).taa-no [bit 8]"
If host isn't susceptible to TSX Async Abort (TAA)
On 7/8/2022 4:08 AM, Sean Christopherson wrote:
On Fri, Jul 01, 2022, Xiaoyao Li wrote:
On 7/1/2022 6:21 AM, Michael Roth wrote:
On Thu, Jun 30, 2022 at 12:14:13PM -0700, Vishal Annapurve wrote:
With transparent_hugepages=always setting I see issues with the
current implementation
On 7/1/2022 6:21 AM, Michael Roth wrote:
On Thu, Jun 30, 2022 at 12:14:13PM -0700, Vishal Annapurve wrote:
With transparent_hugepages=always setting I see issues with the
current implementation.
Scenario:
1) Guest accesses a gfn range 0x800-0xa00 as private
2) Guest calls mapgpa to convert the
On 6/16/2022 4:28 PM, Gerd Hoffmann wrote:
Hi,
After re-read and re-think, I think the problem is better to state as: we
need an interface for QEMU to tell OVMF how much memory it needs to accept,
from [Minimum to All]. So for the case that user wants to boot an
partial-enabled confidential
On 6/15/2022 8:46 AM, Xu, Min M wrote:
I would like to add more engineers (Confidential Computing Reviewers in EDK2
community and Intel's QEMU engineers) in this mail thread.
-Original Message-
From: Dionna Amalie Glaze
Sent: Wednesday, June 15, 2022 2:09 AM
To: qemu-devel@nongnu.org
On 6/16/2022 1:37 PM, Gerd Hoffmann wrote:
Hi,
Per my understanding, Unaccepted Memory in UEFI is introduced for
confidential VMs, i.e., for Intel TDX and AMD SEV-SNP. The only reason
UEFI/OVMF reports "Unaccepted Memory" to OS, is a confidential VM is
desired.
No. Reporting "Unaccepted
On 6/15/2022 8:46 AM, Xu, Min M wrote:
I would like to add more engineers (Confidential Computing Reviewers in EDK2
community and Intel's QEMU engineers) in this mail thread.
-Original Message-
From: Dionna Amalie Glaze
Sent: Wednesday, June 15, 2022 2:09 AM
To: qemu-devel@nongnu.org
On 6/7/2022 7:16 PM, Gerd Hoffmann wrote:
Hi,
I guess it could be helpful for the discussion when you can outine the
'big picture' for tdx initialization. How does kvm accel setup look
like without TDX, and what additional actions are needed for TDX? What
ordering requirements and other
On 5/24/2022 3:56 PM, Gerd Hoffmann wrote:
Hi,
+static void tdvf_hob_add_mmio_resources(TdvfHob *hob)
+{
+MachineState *ms = MACHINE(qdev_get_machine());
+X86MachineState *x86ms = X86_MACHINE(ms);
+PCIHostState *pci_host;
+uint64_t start, end;
+uint64_t mcfg_base,
On 6/1/2022 3:54 PM, Gerd Hoffmann wrote:
On Wed, Jun 01, 2022 at 03:20:46PM +0800, Xiaoyao Li wrote:
On 5/24/2022 2:57 PM, Gerd Hoffmann wrote:
Hi,
Maybe it's a bit more work to add VM-scope initialization support to
qemu.
If just introducing VM-scope initialization to QEMU, it would
On 5/24/2022 2:57 PM, Gerd Hoffmann wrote:
Hi,
Hmm, hooking *vm* initialization into *vcpu* creation looks wrong to me.
That's because for TDX, it has to do VM-scope (feature) initialization
before creating vcpu. This is new to KVM and QEMU, that every feature is
vcpu-scope and configured
On 5/30/2022 7:59 PM, Gerd Hoffmann wrote:
Hi,
tdx_add_ram_entry() increments tdx_guest->nr_ram_entries. I think it's worth
for comments why this is safe regarding to this for-loop.
The for-loop is to find the valid existing RAM entry (from E820 table).
It will update the RAM entry and
On 5/27/2022 2:48 AM, Isaku Yamahata wrote:
On Thu, May 26, 2022 at 03:33:10PM +0800,
Xiaoyao Li wrote:
On 5/24/2022 3:37 PM, Gerd Hoffmann wrote:
I think all this can be simplified, by
(1) Change the existing entry to cover the accepted ram range.
(2) If there is room before
On 5/26/2022 3:33 PM, Xiaoyao Li wrote:
On 5/24/2022 3:37 PM, Gerd Hoffmann wrote:
+ if (e->address == address && e->length == length) {
+ e->type = TDX_RAM_ADDED;
+ } else if (e->address == address) {
+ e->address += length;
On 5/24/2022 3:37 PM, Gerd Hoffmann wrote:
+static int tdx_accept_ram_range(uint64_t address, uint64_t length)
+{
+TdxRamEntry *e;
+int i;
+
+for (i = 0; i < tdx_guest->nr_ram_entries; i++) {
+e = _guest->ram_entries[i];
+
+if (address + length < e->address ||
+
On 5/24/2022 4:29 PM, Gerd Hoffmann wrote:
On Tue, May 24, 2022 at 04:11:56PM +0800, Xiaoyao Li wrote:
On 5/24/2022 2:59 PM, Gerd Hoffmann wrote:
On Tue, May 24, 2022 at 12:19:51PM +0800, Xiaoyao Li wrote:
On 5/23/2022 5:39 PM, Gerd Hoffmann wrote:
So, how is this supposed to work? Patch #2
On 5/24/2022 3:09 PM, Gerd Hoffmann wrote:
On Thu, May 12, 2022 at 11:17:47AM +0800, Xiaoyao Li wrote:
Before a TD can run, it needs to
- setup/configure TD HOB list;
- initialize TDVF into TD's private memory;
- initialize TD vcpu state;
Register a machine_init_done callback to all
On 5/24/2022 3:08 PM, Gerd Hoffmann wrote:
On Thu, May 12, 2022 at 11:17:45AM +0800, Xiaoyao Li wrote:
TDX guest cannot go to real mode, so just skip the setup of isa-bios.
Does isa-bios setup cause any actual problems?
(same question for patch #19).
It causes mem_region split and mem_slot
On 5/24/2022 3:02 PM, Gerd Hoffmann wrote:
Hi,
+static int tdvf_parse_section_entry(const TdvfSectionEntry *src,
+ TdxFirmwareEntry *entry)
+/* sanity check */
That is what the whole function is doing. So rename it to
tdvf_check_section_entry to
On 5/24/2022 2:59 PM, Gerd Hoffmann wrote:
On Tue, May 24, 2022 at 12:19:51PM +0800, Xiaoyao Li wrote:
On 5/23/2022 5:39 PM, Gerd Hoffmann wrote:
So, how is this supposed to work? Patch #2 introduces attributes as
user-settable property. So do users have to manually figure and pass
On 5/23/2022 5:39 PM, Gerd Hoffmann wrote:
Validate TD attributes with tdx_caps that fixed-0 bits must be zero and
fixed-1 bits must be set.
-static void setup_td_guest_attributes(X86CPU *x86cpu)
+static int tdx_validate_attributes(TdxGuest *tdx)
+{
+if (((tdx->attributes &
On 5/23/2022 5:20 PM, Gerd Hoffmann wrote:
+int tdx_pre_create_vcpu(CPUState *cpu)
+{
+MachineState *ms = MACHINE(qdev_get_machine());
+X86CPU *x86cpu = X86_CPU(cpu);
+CPUX86State *env = >env;
+struct kvm_tdx_init_vm init_vm;
+int r = 0;
+
+qemu_mutex_lock(_guest->lock);
On 5/23/2022 5:01 PM, Gerd Hoffmann wrote:
Hi,
- The supported XCR0 and XSS bits needs to be cap'ed by tdx_caps, because
KVM uses them to setup XFAM of TD.
+case 0xd:
+if (index == 0) {
+if (reg == R_EAX) {
+*ret &=
On 5/23/2022 4:45 PM, Gerd Hoffmann wrote:
Hi,
+do {
+size = sizeof(struct kvm_tdx_capabilities) +
+ max_ent * sizeof(struct kvm_tdx_cpuid_config);
+caps = g_malloc0(size);
+caps->nr_cpuid_configs = max_ent;
+
+r =
On 5/13/2022 2:04 AM, Isaku Yamahata wrote:
On Thu, May 12, 2022 at 11:17:41AM +0800,
Xiaoyao Li wrote:
Reuse "-cpu,tsc-frequency=" to get user wanted tsc frequency and pass it
to KVM_TDX_INIT_VM.
Besides, sanity check the tsc frequency to be in the legal range and
legal g
On 5/13/2022 2:34 AM, Isaku Yamahata wrote:
On Thu, May 12, 2022 at 11:17:51AM +0800,
Xiaoyao Li wrote:
From: Isaku Yamahata
TDVF firmware (CODE and VARS) needs to be added/copied to TD's private
memory via KVM_TDX_INIT_MEM_REGION, as well as TD HOB and TEMP memory.
Signed-off-by: Isaku
On 5/13/2022 1:48 AM, Isaku Yamahata wrote:
On Thu, May 12, 2022 at 11:17:37AM +0800,
Xiaoyao Li wrote:
diff --git a/target/i386/kvm/kvm_i386.h b/target/i386/kvm/kvm_i386.h
index b434feaa6b1d..5c7972f617e8 100644
--- a/target/i386/kvm/kvm_i386.h
+++ b/target/i386/kvm/kvm_i386.h
@@ -24,6
On 5/13/2022 1:50 AM, Isaku Yamahata wrote:
On Thu, May 12, 2022 at 11:17:36AM +0800,
Xiaoyao Li wrote:
Introduce kvm_arch_pre_create_vcpu(), to perform arch-dependent
work prior to create any vcpu. This is for i386 TDX because it needs
call TDX_INIT_VM before creating any vcpu.
Because &qu
Add docs/system/i386/tdx.rst for TDX support, and add tdx in
confidential-guest-support.rst
Signed-off-by: Xiaoyao Li
---
docs/system/confidential-guest-support.rst | 1 +
docs/system/i386/tdx.rst | 103 +
docs/system/target-i386.rst| 1
KVM doesn't allow wirting to MSR_IA32_APICBASE for TDs.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 9c5bf075b542..4d520d0e34bd 100644
--- a/target/i386/kvm/kvm.c
+++ b/target
TDX CPU state is protected and thus vcpu state cann't be reset by VMM.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index c51125ab200f..9a1e1dab938f 100644
--- a/target/i386
For TDs, only MSR_IA32_UCODE_REV in kvm_init_msrs() can be configured
by VMM, while the features enumerated/controlled by other MSRs except
MSR_IA32_UCODE_REV in kvm_init_msrs() are not under control of VMM.
Only configure MSR_IA32_UCODE_REV for TDs.
Signed-off-by: Xiaoyao Li
---
target/i386
From: Isaku Yamahata
TSC of TDs is not accessible and KVM doesn't allow access of
MSR_IA32_TSC for TDs. To avoid the assert() in kvm_get_tsc, make
kvm_synchronize_all_tsc() noop for TDs,
Signed-off-by: Isaku Yamahata
Reviewed-by: Connor Kuehl
Signed-off-by: Xiaoyao Li
---
target/i386/kvm
and error out if user wants PIC.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index 7ff4c6a9a7ca..59c7aa8f1818 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -333,6 +333,13
From: Isaku Yamahata
TDVF firmware (CODE and VARS) needs to be added/copied to TD's private
memory via KVM_TDX_INIT_MEM_REGION, as well as TD HOB and TEMP memory.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 24
1 file changed
From: Isaku Yamahata
When level trigger isn't supported on x86 platform,
forcibly report edge trigger in acpi tables.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
hw/i386/acpi-build.c | 99 ---
hw/i386/acpi-common.c | 50
-by: Isaku Yamahata
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Xiaoyao Li
---
hw/i386/meson.build | 2 +-
hw/i386/tdvf-hob.c| 212 ++
hw/i386/tdvf-hob.h| 25 +
hw/i386/uefi.h| 198
Christopherson
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 11 +++
1 file changed, 11 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 4d520d0e34bd..3e26dacf7807 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -4478,6 +4478,11 @@ int
.
Signed-off-by: Xiaoyao Li
---
hw/i386/x86.c | 1 +
include/hw/i386/x86.h | 1 +
target/i386/kvm/tdx.c | 2 ++
3 files changed, 4 insertions(+)
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index 17f2252296c5..182ec544611b 100644
--- a/hw/i386/x86.c
+++ b/hw/i386/x86.c
@@ -1365,6 +1365,7
be classified into two groups:
- Firmware itself, e.g., BFV and CFV, that locates separated from guest
RAM. It's memory pointer is the bios pointer.
- Sections located at guest RAM, e.g., TEMP_MEM and TD_HOB.
mmap a new memory range for them.
Signed-off-by: Xiaoyao Li
---
hw/i386/tdvf.c
Invoke KVM_TDX_FINALIZE_VM to finalize the TD's measurement and make
the TD vCPUs runnable once machine initialization is complete.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index
TD runs and no need to be accepted runtime.
The TdxRamEntries[] are later used to setup the memory TD resource HOB
that passes memory info from QEMU to TDVF.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 99 +++
target/i386/kvm/tdx.h | 14
TDX doesn't support SMM and VMM cannot emulate SMM for TDX VMs because
VMM cannot manipulate TDX VM's memory.
Disable SMM for TDX VMs and error out if user requests to enable SMM.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 8
1 file changed, 8 insertions(+)
diff --git
601 - 700 of 871 matches
Mail list logo
