From patchwork Thu Mar 17 13:58:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiaoyao Li X-Patchwork-Id: 1606591 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256 header.s=Intel header.b=hLD7pk76; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KK8TD1kc2z9s3q for ; Fri, 18 Mar 2022 01:21:18 +1100 (AEDT) Received: from localhost ([::1]:47932 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nUr06-0005ek-Vw for incoming@patchwork.ozlabs.org; Thu, 17 Mar 2022 10:21:15 -0400 Received: from eggs.gnu.org ([209.51.188.92]:56780) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nUqfR-00088L-Iz for qemu-devel@nongnu.org; Thu, 17 Mar 2022 09:59:53 -0400 Received: from mga12.intel.com ([192.55.52.136]:24899) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nUqfO-0003yr-Fo for qemu-devel@nongnu.org; Thu, 17 Mar 2022 09:59:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1647525590; x=1679061590; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=aTSdZI82AokFH8X6Pn4bwj6RRQzCOVm0Q5ETJpyv4xg=; b=hLD7pk768hrzcfmFT3MsLtpIrLi2ckcVXYQw3Bhki0J9jzRMbU3/WHWG FUJJE9O7e2LrRfG9FL6plB5bsj3qQ8tB9YzFfGN9/+LVLC+ggWts9E+U8 uTImhxc/9BCAu5xXTKTpy+wGckL1PFCGYEVDsVeNb0ZV5Mgx1z4sIPk5T f1mlM/8+Zi8Cm+cSyiBT3uGb8/7FB5B1YQ6jUVFHHd2aW1V0bAUeOgYDe B96MK13KP2HITG5ZPjgPhag4LtB+MzcYsrBEjvQ/qDHfKLWbHiRXU1F7Q GAALpliPe9uS7QSrGgNGRTXL/7SnKmBC7w+HZzP4adsqzQ5QthKazyEgk A==; X-IronPort-AV: E=McAfee;i="6200,9189,10288"; a="236816695" X-IronPort-AV: E=Sophos;i="5.90,188,1643702400"; d="scan'208";a="236816695" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Mar 2022 06:59:45 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.90,188,1643702400"; d="scan'208";a="541377893" Received: from lxy-dell.sh.intel.com ([10.239.159.55]) by orsmga007.jf.intel.com with ESMTP; 17 Mar 2022 06:59:40 -0700 From: Xiaoyao Li To: Paolo Bonzini , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , "Michael S. Tsirkin" , Marcel Apfelbaum , Cornelia Huck , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Marcelo Tosatti , Laszlo Ersek , Gerd Hoffmann , Eric Blake Subject: [RFC PATCH v3 06/36] i386/tdx: Get tdx_capabilities via KVM_TDX_CAPABILITIES Date: Thu, 17 Mar 2022 21:58:43 +0800 Message-Id: <20220317135913.2166202-7-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20220317135913.2166202-1-xiaoyao.li@intel.com> References: <20220317135913.2166202-1-xiaoyao.li@intel.com> MIME-Version: 1.0 Received-SPF: pass client-ip=192.55.52.136; envelope-from=xiaoyao.li@intel.com; helo=mga12.intel.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.998, HK_RANDOM_FROM=0.998, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: isaku.yamahata@intel.com, kvm@vger.kernel.org, Connor Kuehl , seanjc@google.com, xiaoyao.li@intel.com, qemu-devel@nongnu.org, erdemaktas@google.com Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" KVM provides TDX capabilities via sub command KVM_TDX_CAPABILITIES of IOCTL(KVM_MEMORY_ENCRYPT_OP). Get the capabilities when initializing TDX context. It will be used to validate user's setting later. Besides, introduce the interfaces to invoke TDX "ioctls" at different scope (VM and VCPU) in preparation. Signed-off-by: Xiaoyao Li --- target/i386/kvm/tdx.c | 71 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index e3b94373b316..bed337e5ba18 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -14,10 +14,77 @@ #include "qemu/osdep.h" #include "qapi/error.h" #include "qom/object_interfaces.h" +#include "sysemu/kvm.h" #include "hw/i386/x86.h" #include "tdx.h" +enum tdx_ioctl_level{ + TDX_VM_IOCTL, + TDX_VCPU_IOCTL, +}; + +static int __tdx_ioctl(void *state, enum tdx_ioctl_level level, int cmd_id, + __u32 metadata, void *data) +{ + struct kvm_tdx_cmd tdx_cmd; + int r; + + memset(&tdx_cmd, 0x0, sizeof(tdx_cmd)); + + tdx_cmd.id = cmd_id; + tdx_cmd.metadata = metadata; + tdx_cmd.data = (__u64)(unsigned long)data; + + switch (level) { + case TDX_VM_IOCTL: + r = kvm_vm_ioctl(kvm_state, KVM_MEMORY_ENCRYPT_OP, &tdx_cmd); + break; + case TDX_VCPU_IOCTL: + r = kvm_vcpu_ioctl(state, KVM_MEMORY_ENCRYPT_OP, &tdx_cmd); + break; + default: + error_report("Invalid tdx_ioctl_level %d", level); + exit(1); + } + + return r; +} + +#define tdx_vm_ioctl(cmd_id, metadata, data) \ + __tdx_ioctl(NULL, TDX_VM_IOCTL, cmd_id, metadata, data) + +#define tdx_vcpu_ioctl(cpu, cmd_id, metadata, data) \ + __tdx_ioctl(cpu, TDX_VCPU_IOCTL, cmd_id, metadata, data) + +static struct kvm_tdx_capabilities *tdx_caps; + +static void get_tdx_capabilities(void) +{ + struct kvm_tdx_capabilities *caps; + int max_ent = 1; + int r, size; + + do { + size = sizeof(struct kvm_tdx_capabilities) + + max_ent * sizeof(struct kvm_tdx_cpuid_config); + caps = g_malloc0(size); + caps->nr_cpuid_configs = max_ent; + + r = tdx_vm_ioctl(KVM_TDX_CAPABILITIES, 0, caps); + if (r == -E2BIG) { + g_free(caps); + max_ent *= 2; + } else if (r < 0) { + error_report("KVM_TDX_CAPABILITIES failed: %s\n", strerror(-r)); + exit(1); + } + } + while (r == -E2BIG); + + tdx_caps = caps; +} + int tdx_kvm_init(MachineState *ms, Error **errp) { TdxGuest *tdx = (TdxGuest *)object_dynamic_cast(OBJECT(ms->cgs), @@ -26,6 +93,10 @@ int tdx_kvm_init(MachineState *ms, Error **errp) return -EINVAL; } + if (!tdx_caps) { + get_tdx_capabilities(); + } + return 0; }