[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[RFC PATCH 13/23] i386/tdx: Frame in tdx_get_supported_cpuid with KVM_TD
From: |
Isaku Yamahata |
Subject: |
[RFC PATCH 13/23] i386/tdx: Frame in tdx_get_supported_cpuid with KVM_TDX_CAPABILITIES |
Date: |
Mon, 15 Feb 2021 18:13:09 -0800 |
From: Sean Christopherson <sean.j.christopherson@intel.com>
Add support for grabbing KVM_TDX_CAPABILITIES and use the new
kvm_get_supported_cpuid() hook to adjust the supported XCR0 bits.
Add TODOs for the remaining work.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
target/i386/kvm/kvm.c | 2 ++
target/i386/kvm/tdx.c | 84 ++++++++++++++++++++++++++++++++++++++-----
target/i386/kvm/tdx.h | 2 ++
3 files changed, 80 insertions(+), 8 deletions(-)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 018a757dc6..e6f7015be8 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -441,6 +441,8 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t
function,
ret |= 1U << KVM_HINTS_REALTIME;
}
+ tdx_get_supported_cpuid(s, function, index, reg, &ret);
+
return ret;
}
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index d8b79e975f..9d4195a705 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -21,6 +21,7 @@
#include "hw/boards.h"
#include "qapi/error.h"
#include "qom/object_interfaces.h"
+#include "standard-headers/asm-x86/kvm_para.h"
#include "sysemu/sysemu.h"
#include "sysemu/kvm.h"
#include "sysemu/kvm_int.h"
@@ -47,7 +48,11 @@ static void __tdx_ioctl(int ioctl_no, const char *ioctl_name,
tdx_cmd.metadata = metadata;
tdx_cmd.data = (__u64)(unsigned long)data;
- r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &tdx_cmd);
+ if (ioctl_no == KVM_TDX_CAPABILITIES) {
+ r = kvm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &tdx_cmd);
+ } else {
+ r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &tdx_cmd);
+ }
if (r) {
error_report("%s failed: %s", ioctl_name, strerror(-r));
exit(1);
@@ -65,17 +70,83 @@ static Notifier tdx_machine_done_late_notify = {
.notify = tdx_finalize_vm,
};
+#define TDX1_MAX_NR_CPUID_CONFIGS 6
+
+static struct {
+ struct kvm_tdx_capabilities __caps;
+ struct kvm_tdx_cpuid_config __cpuid_configs[TDX1_MAX_NR_CPUID_CONFIGS];
+} __tdx_caps;
+
+static struct kvm_tdx_capabilities *tdx_caps = (void *)&__tdx_caps;
+
+#define XCR0_MASK (MAKE_64BIT_MASK(0, 8) | BIT_ULL(9))
+#define XSS_MASK (~XCR0_MASK)
+
int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
{
TdxGuest *tdx = (TdxGuest *)object_dynamic_cast(OBJECT(cgs),
TYPE_TDX_GUEST);
- if (tdx) {
- qemu_add_machine_init_done_late_notifier(
- &tdx_machine_done_late_notify);
+ if (!tdx) {
+ return 0;
}
+
+ QEMU_BUILD_BUG_ON(sizeof(__tdx_caps) !=
+ sizeof(struct kvm_tdx_capabilities) +
+ sizeof(struct kvm_tdx_cpuid_config) *
+ TDX1_MAX_NR_CPUID_CONFIGS);
+
+ tdx_caps->nr_cpuid_configs = TDX1_MAX_NR_CPUID_CONFIGS;
+ tdx_ioctl(KVM_TDX_CAPABILITIES, 0, tdx_caps);
+
+ qemu_add_machine_init_done_late_notifier(&tdx_machine_done_late_notify);
return 0;
}
+void tdx_get_supported_cpuid(KVMState *s, uint32_t function,
+ uint32_t index, int reg, uint32_t *ret)
+{
+ MachineState *ms = MACHINE(qdev_get_machine());
+ TdxGuest *tdx = (TdxGuest *)object_dynamic_cast(OBJECT(ms->cgs),
+ TYPE_TDX_GUEST);
+
+ if (!tdx) {
+ return;
+ }
+
+ switch (function) {
+ case 1:
+ if (reg == R_ECX) {
+ *ret &= ~CPUID_EXT_VMX;
+ }
+ break;
+ case 0xd:
+ if (index == 0) {
+ if (reg == R_EAX) {
+ *ret &= (uint32_t)tdx_caps->xfam_fixed0 & XCR0_MASK;
+ *ret |= (uint32_t)tdx_caps->xfam_fixed1 & XCR0_MASK;
+ } else if (reg == R_EDX) {
+ *ret &= (tdx_caps->xfam_fixed0 & XCR0_MASK) >> 32;
+ *ret |= (tdx_caps->xfam_fixed1 & XCR0_MASK) >> 32;
+ }
+ } else if (index == 1) {
+ /* TODO: Adjust XSS when it's supported. */
+ }
+ break;
+ case KVM_CPUID_FEATURES:
+ if (reg == R_EAX) {
+ *ret &= ~((1ULL << KVM_FEATURE_CLOCKSOURCE) |
+ (1ULL << KVM_FEATURE_CLOCKSOURCE2) |
+ (1ULL << KVM_FEATURE_CLOCKSOURCE_STABLE_BIT) |
+ (1ULL << KVM_FEATURE_ASYNC_PF) |
+ (1ULL << KVM_FEATURE_ASYNC_PF_VMEXIT));
+ }
+ break;
+ default:
+ /* TODO: Use tdx_caps to adjust CPUID leafs. */
+ break;
+ }
+}
+
void tdx_pre_create_vcpu(CPUState *cpu)
{
struct {
@@ -103,10 +174,7 @@ void tdx_pre_create_vcpu(CPUState *cpu)
return;
}
- /* HACK: Remove MPX support, which is not allowed by TDX. */
- env->features[FEAT_XSAVE_COMP_LO] &= ~(XSTATE_BNDREGS_MASK |
- XSTATE_BNDCSR_MASK);
-
+ /* TODO: Use tdx_caps to validate the config. */
if (!(env->features[FEAT_1_ECX] & CPUID_EXT_XSAVE)) {
error_report("TDX VM must support XSAVE features");
exit(1);
diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h
index e15657d272..844d24aade 100644
--- a/target/i386/kvm/tdx.h
+++ b/target/i386/kvm/tdx.h
@@ -23,5 +23,7 @@ typedef struct TdxGuest {
} TdxGuest;
int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp);
+void tdx_get_supported_cpuid(KVMState *s, uint32_t function,
+ uint32_t index, int reg, uint32_t *ret);
#endif
--
2.17.1
- [RFC PATCH 05/23] vl: Introduce machine_init_done_late notifier, (continued)
- [RFC PATCH 05/23] vl: Introduce machine_init_done_late notifier, Isaku Yamahata, 2021/02/15
- [RFC PATCH 06/23] hw/i386: Introduce kvm-type for TDX guest, Isaku Yamahata, 2021/02/15
- [RFC PATCH 02/23] kvm: Switch KVM_CAP_READONLY_MEM to a per-VM ioctl(), Isaku Yamahata, 2021/02/15
- [RFC PATCH 07/23] i386/kvm: Squash getting/putting guest state for TDX VMs, Isaku Yamahata, 2021/02/15
- [RFC PATCH 03/23] KVM: i386: use VM capability check for KVM_CAP_X86_SMM, Isaku Yamahata, 2021/02/15
- [RFC PATCH 08/23] i386/kvm: Skip KVM_X86_SETUP_MCE for TDX guests, Isaku Yamahata, 2021/02/15
- [RFC PATCH 04/23] i386/kvm: Move architectural CPUID leaf generation to separarte helper, Isaku Yamahata, 2021/02/15
- [RFC PATCH 09/23] target/i386: kvm: don't synchronize guest tsc for TD guest, Isaku Yamahata, 2021/02/15
- [RFC PATCH 01/23] target/i386: Expose x86_cpu_get_supported_feature_word() for TDX, Isaku Yamahata, 2021/02/15
- [RFC PATCH 10/23] linux-headers: Update headers to pull in TDX API changes, Isaku Yamahata, 2021/02/15
- [RFC PATCH 13/23] i386/tdx: Frame in tdx_get_supported_cpuid with KVM_TDX_CAPABILITIES,
Isaku Yamahata <=
- [RFC PATCH 11/23] hw/i386: Initialize TDX via KVM ioctl() when kvm_type is TDX, Isaku Yamahata, 2021/02/15
- [RFC PATCH 14/23] i386/tdx: Frame in the call for KVM_TDX_INIT_VCPU, Isaku Yamahata, 2021/02/15
- [RFC PATCH 12/23] target/i386/tdx: Finalize the TD's measurement when machine is done, Isaku Yamahata, 2021/02/15
- [RFC PATCH 15/23] i386/tdx: Add hook to require generic device loader, Isaku Yamahata, 2021/02/15
- [RFC PATCH 17/23] i386/tdx: Add definitions for TDVF metadata, Isaku Yamahata, 2021/02/15
- [RFC PATCH 16/23] hw/i386: Add definitions from UEFI spec for volumes, resources, etc..., Isaku Yamahata, 2021/02/15
- [RFC PATCH 18/23] i386/tdx: Parse tdvf metadata and store the result into TdxGuest, Isaku Yamahata, 2021/02/15
- [RFC PATCH 20/23] i386/tdx: Add TDVF memory via INIT_MEM_REGION, Isaku Yamahata, 2021/02/15
- [RFC PATCH 19/23] i386/tdx: Create the TD HOB list upon machine init done, Isaku Yamahata, 2021/02/15
- [RFC PATCH 22/23] i386/tdx: Force x2apic mode and routing for TDs, Isaku Yamahata, 2021/02/15