| Message ID | 20220512031803.3315890-25-xiaoyao.li@intel.com |
|---|---|
| State | New |
| Headers | show |
| Series | TDX QEMU support | expand |
On Thu, May 12, 2022 at 11:17:51AM +0800, Xiaoyao Li <xiaoyao.li@intel.com> wrote: > From: Isaku Yamahata <isaku.yamahata@intel.com> > > TDVF firmware (CODE and VARS) needs to be added/copied to TD's private > memory via KVM_TDX_INIT_MEM_REGION, as well as TD HOB and TEMP memory. > > Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com> > Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com> > --- > target/i386/kvm/tdx.c | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > > diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c > index 3e18ace90bf7..567ee12e88f0 100644 > --- a/target/i386/kvm/tdx.c > +++ b/target/i386/kvm/tdx.c > @@ -240,6 +240,7 @@ static void tdx_finalize_vm(Notifier *notifier, void *unused) > { > TdxFirmware *tdvf = &tdx_guest->tdvf; > TdxFirmwareEntry *entry; > + int r; > > tdx_init_ram_entries(); > > @@ -265,6 +266,29 @@ static void tdx_finalize_vm(Notifier *notifier, void *unused) > sizeof(TdxRamEntry), &tdx_ram_entry_compare); > > tdvf_hob_create(tdx_guest, tdx_get_hob_entry(tdx_guest)); > + > + for_each_tdx_fw_entry(tdvf, entry) { > + struct kvm_tdx_init_mem_region mem_region = { > + .source_addr = (__u64)entry->mem_ptr, > + .gpa = entry->address, > + .nr_pages = entry->size / 4096, > + }; > + > + __u32 metadata = entry->attributes & TDVF_SECTION_ATTRIBUTES_MR_EXTEND ? > + KVM_TDX_MEASURE_MEMORY_REGION : 0; Please use flags instead of metadata. > + r = tdx_vm_ioctl(KVM_TDX_INIT_MEM_REGION, metadata, &mem_region); > + if (r < 0) { > + error_report("KVM_TDX_INIT_MEM_REGION failed %s", strerror(-r)); > + exit(1); > + } > + > + if (entry->type == TDVF_SECTION_TYPE_TD_HOB || > + entry->type == TDVF_SECTION_TYPE_TEMP_MEM) { > + qemu_ram_munmap(-1, entry->mem_ptr, entry->size); > + entry->mem_ptr = NULL; > + } > + } > } > > static Notifier tdx_machine_done_notify = { > -- > 2.27.0 > >
On 5/13/2022 2:34 AM, Isaku Yamahata wrote: > On Thu, May 12, 2022 at 11:17:51AM +0800, > Xiaoyao Li <xiaoyao.li@intel.com> wrote: > >> From: Isaku Yamahata <isaku.yamahata@intel.com> >> >> TDVF firmware (CODE and VARS) needs to be added/copied to TD's private >> memory via KVM_TDX_INIT_MEM_REGION, as well as TD HOB and TEMP memory. >> >> Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com> >> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com> >> --- >> target/i386/kvm/tdx.c | 24 ++++++++++++++++++++++++ >> 1 file changed, 24 insertions(+) >> >> diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c >> index 3e18ace90bf7..567ee12e88f0 100644 >> --- a/target/i386/kvm/tdx.c >> +++ b/target/i386/kvm/tdx.c >> @@ -240,6 +240,7 @@ static void tdx_finalize_vm(Notifier *notifier, void *unused) >> { >> TdxFirmware *tdvf = &tdx_guest->tdvf; >> TdxFirmwareEntry *entry; >> + int r; >> >> tdx_init_ram_entries(); >> >> @@ -265,6 +266,29 @@ static void tdx_finalize_vm(Notifier *notifier, void *unused) >> sizeof(TdxRamEntry), &tdx_ram_entry_compare); >> >> tdvf_hob_create(tdx_guest, tdx_get_hob_entry(tdx_guest)); >> + >> + for_each_tdx_fw_entry(tdvf, entry) { >> + struct kvm_tdx_init_mem_region mem_region = { >> + .source_addr = (__u64)entry->mem_ptr, >> + .gpa = entry->address, >> + .nr_pages = entry->size / 4096, >> + }; >> + >> + __u32 metadata = entry->attributes & TDVF_SECTION_ATTRIBUTES_MR_EXTEND ? >> + KVM_TDX_MEASURE_MEMORY_REGION : 0; > > Please use flags instead of metadata. Sure. Will change it. > >> + r = tdx_vm_ioctl(KVM_TDX_INIT_MEM_REGION, metadata, &mem_region); >> + if (r < 0) { >> + error_report("KVM_TDX_INIT_MEM_REGION failed %s", strerror(-r)); >> + exit(1); >> + } >> + >> + if (entry->type == TDVF_SECTION_TYPE_TD_HOB || >> + entry->type == TDVF_SECTION_TYPE_TEMP_MEM) { >> + qemu_ram_munmap(-1, entry->mem_ptr, entry->size); >> + entry->mem_ptr = NULL; >> + } >> + } >> } >> >> static Notifier tdx_machine_done_notify = { >> -- >> 2.27.0 >> >> >
On Thu, May 12, 2022 at 11:17:51AM +0800, Xiaoyao Li wrote: > From: Isaku Yamahata <isaku.yamahata@intel.com> > > TDVF firmware (CODE and VARS) needs to be added/copied to TD's private > memory via KVM_TDX_INIT_MEM_REGION, as well as TD HOB and TEMP memory. > > Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com> > Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 3e18ace90bf7..567ee12e88f0 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -240,6 +240,7 @@ static void tdx_finalize_vm(Notifier *notifier, void *unused) { TdxFirmware *tdvf = &tdx_guest->tdvf; TdxFirmwareEntry *entry; + int r; tdx_init_ram_entries(); @@ -265,6 +266,29 @@ static void tdx_finalize_vm(Notifier *notifier, void *unused) sizeof(TdxRamEntry), &tdx_ram_entry_compare); tdvf_hob_create(tdx_guest, tdx_get_hob_entry(tdx_guest)); + + for_each_tdx_fw_entry(tdvf, entry) { + struct kvm_tdx_init_mem_region mem_region = { + .source_addr = (__u64)entry->mem_ptr, + .gpa = entry->address, + .nr_pages = entry->size / 4096, + }; + + __u32 metadata = entry->attributes & TDVF_SECTION_ATTRIBUTES_MR_EXTEND ? + KVM_TDX_MEASURE_MEMORY_REGION : 0; + + r = tdx_vm_ioctl(KVM_TDX_INIT_MEM_REGION, metadata, &mem_region); + if (r < 0) { + error_report("KVM_TDX_INIT_MEM_REGION failed %s", strerror(-r)); + exit(1); + } + + if (entry->type == TDVF_SECTION_TYPE_TD_HOB || + entry->type == TDVF_SECTION_TYPE_TEMP_MEM) { + qemu_ram_munmap(-1, entry->mem_ptr, entry->size); + entry->mem_ptr = NULL; + } + } } static Notifier tdx_machine_done_notify = {