| Message ID | 20220317135913.2166202-17-xiaoyao.li@intel.com |
|---|---|
| State | New |
| Headers | show |
| Series | TDX QEMU support | expand |
On Thu, Mar 17, 2022 at 09:58:53PM +0800, Xiaoyao Li <xiaoyao.li@intel.com> wrote: > TDX only supports readonly for shared memory but not for private memory. > > In the view of QEMU, it has no idea whether a memslot is used by shared > memory of private. Thus just mark kvm_readonly_mem_enabled to false to > TDX VM for simplicity. > > Note, pflash has dependency on readonly capability from KVM while TDX > wants to reuse pflash interface to load TDVF (as OVMF). Excuse TDX VM > for readonly check in pflash. > > Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com> > --- > hw/i386/pc_sysfw.c | 2 +- > target/i386/kvm/tdx.c | 9 +++++++++ > 2 files changed, 10 insertions(+), 1 deletion(-) > > diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c > index c8b17af95353..75b34d02cb4f 100644 > --- a/hw/i386/pc_sysfw.c > +++ b/hw/i386/pc_sysfw.c > @@ -245,7 +245,7 @@ void pc_system_firmware_init(PCMachineState *pcms, > /* Machine property pflash0 not set, use ROM mode */ > x86_bios_rom_init(MACHINE(pcms), "bios.bin", rom_memory, false); > } else { > - if (kvm_enabled() && !kvm_readonly_mem_enabled()) { > + if (kvm_enabled() && (!kvm_readonly_mem_enabled() && !is_tdx_vm())) { Is this called before tdx_kvm_init()? Thanks, > /* > * Older KVM cannot execute from device memory. So, flash > * memory cannot be used unless the readonly memory kvm > diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c > index 94a9c1ea7e9c..1bb8211e74e6 100644 > --- a/target/i386/kvm/tdx.c > +++ b/target/i386/kvm/tdx.c > @@ -115,6 +115,15 @@ int tdx_kvm_init(MachineState *ms, Error **errp) > get_tdx_capabilities(); > } > > + /* > + * Set kvm_readonly_mem_allowed to false, because TDX only supports readonly > + * memory for shared memory but not for private memory. Besides, whether a > + * memslot is private or shared is not determined by QEMU. > + * > + * Thus, just mark readonly memory not supported for simplicity. > + */ > + kvm_readonly_mem_allowed = false; > + > tdx_guest = tdx; > > return 0; > -- > 2.27.0 > >
On 3/19/2022 1:11 AM, Isaku Yamahata wrote: > On Thu, Mar 17, 2022 at 09:58:53PM +0800, > Xiaoyao Li <xiaoyao.li@intel.com> wrote: > >> TDX only supports readonly for shared memory but not for private memory. >> >> In the view of QEMU, it has no idea whether a memslot is used by shared >> memory of private. Thus just mark kvm_readonly_mem_enabled to false to >> TDX VM for simplicity. >> >> Note, pflash has dependency on readonly capability from KVM while TDX >> wants to reuse pflash interface to load TDVF (as OVMF). Excuse TDX VM >> for readonly check in pflash. >> >> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com> >> --- >> hw/i386/pc_sysfw.c | 2 +- >> target/i386/kvm/tdx.c | 9 +++++++++ >> 2 files changed, 10 insertions(+), 1 deletion(-) >> >> diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c >> index c8b17af95353..75b34d02cb4f 100644 >> --- a/hw/i386/pc_sysfw.c >> +++ b/hw/i386/pc_sysfw.c >> @@ -245,7 +245,7 @@ void pc_system_firmware_init(PCMachineState *pcms, >> /* Machine property pflash0 not set, use ROM mode */ >> x86_bios_rom_init(MACHINE(pcms), "bios.bin", rom_memory, false); >> } else { >> - if (kvm_enabled() && !kvm_readonly_mem_enabled()) { >> + if (kvm_enabled() && (!kvm_readonly_mem_enabled() && !is_tdx_vm())) { > > Is this called before tdx_kvm_init()? yes. pc_init1()/ pc_q35_init() pc_memory_init() pc_system_firmware_init() is called after configure_accelerator() to configure kvm.
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c index c8b17af95353..75b34d02cb4f 100644 --- a/hw/i386/pc_sysfw.c +++ b/hw/i386/pc_sysfw.c @@ -245,7 +245,7 @@ void pc_system_firmware_init(PCMachineState *pcms, /* Machine property pflash0 not set, use ROM mode */ x86_bios_rom_init(MACHINE(pcms), "bios.bin", rom_memory, false); } else { - if (kvm_enabled() && !kvm_readonly_mem_enabled()) { + if (kvm_enabled() && (!kvm_readonly_mem_enabled() && !is_tdx_vm())) { /* * Older KVM cannot execute from device memory. So, flash * memory cannot be used unless the readonly memory kvm diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 94a9c1ea7e9c..1bb8211e74e6 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -115,6 +115,15 @@ int tdx_kvm_init(MachineState *ms, Error **errp) get_tdx_capabilities(); } + /* + * Set kvm_readonly_mem_allowed to false, because TDX only supports readonly + * memory for shared memory but not for private memory. Besides, whether a + * memslot is private or shared is not determined by QEMU. + * + * Thus, just mark readonly memory not supported for simplicity. + */ + kvm_readonly_mem_allowed = false; + tdx_guest = tdx; return 0;
TDX only supports readonly for shared memory but not for private memory. In the view of QEMU, it has no idea whether a memslot is used by shared memory of private. Thus just mark kvm_readonly_mem_enabled to false to TDX VM for simplicity. Note, pflash has dependency on readonly capability from KVM while TDX wants to reuse pflash interface to load TDVF (as OVMF). Excuse TDX VM for readonly check in pflash. Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com> --- hw/i386/pc_sysfw.c | 2 +- target/i386/kvm/tdx.c | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-)