[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v1 17/40] i386/tdx: Validate TD attributes
From: |
Xiaoyao Li |
Subject: |
[PATCH v1 17/40] i386/tdx: Validate TD attributes |
Date: |
Tue, 2 Aug 2022 15:47:27 +0800 |
Validate TD attributes with tdx_caps that fixed-0 bits must be zero and
fixed-1 bits must be set.
Besides, sanity check the attribute bits that have not been supported by
QEMU yet. e.g., debug bit, it will be allowed in the future when debug
TD support lands in QEMU.
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
target/i386/kvm/tdx.c | 27 +++++++++++++++++++++++++--
1 file changed, 25 insertions(+), 2 deletions(-)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index f2372002077d..42cef484c574 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -30,6 +30,7 @@
(1U << KVM_FEATURE_PV_SCHED_YIELD) | \
(1U << KVM_FEATURE_MSI_EXT_DEST_ID))
+#define TDX_TD_ATTRIBUTES_DEBUG BIT_ULL(0)
#define TDX_TD_ATTRIBUTES_SEPT_VE_DISABLE BIT_ULL(28)
#define TDX_TD_ATTRIBUTES_PKS BIT_ULL(30)
#define TDX_TD_ATTRIBUTES_PERFMON BIT_ULL(63)
@@ -462,13 +463,32 @@ int tdx_kvm_init(MachineState *ms, Error **errp)
return 0;
}
-static void setup_td_guest_attributes(X86CPU *x86cpu)
+static int tdx_validate_attributes(TdxGuest *tdx)
+{
+ if (((tdx->attributes & tdx_caps->attrs_fixed0) | tdx_caps->attrs_fixed1)
!=
+ tdx->attributes) {
+ error_report("Invalid attributes 0x%lx for TDX VM (fixed0 0x%llx,
fixed1 0x%llx)",
+ tdx->attributes, tdx_caps->attrs_fixed0,
tdx_caps->attrs_fixed1);
+ return -EINVAL;
+ }
+
+ if (tdx->attributes & TDX_TD_ATTRIBUTES_DEBUG) {
+ error_report("Current QEMU doesn't support attributes.debug[bit 0] for
TDX VM");
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int setup_td_guest_attributes(X86CPU *x86cpu)
{
CPUX86State *env = &x86cpu->env;
tdx_guest->attributes |= (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_PKS)
?
TDX_TD_ATTRIBUTES_PKS : 0;
tdx_guest->attributes |= x86cpu->enable_pmu ? TDX_TD_ATTRIBUTES_PERFMON :
0;
+
+ return tdx_validate_attributes(tdx_guest);
}
int tdx_pre_create_vcpu(CPUState *cpu)
@@ -484,7 +504,10 @@ int tdx_pre_create_vcpu(CPUState *cpu)
goto out;
}
- setup_td_guest_attributes(x86cpu);
+ r = setup_td_guest_attributes(x86cpu);
+ if (r) {
+ goto out;
+ }
memset(&init_vm, 0, sizeof(init_vm));
init_vm.cpuid.nent = kvm_x86_arch_cpuid(env, init_vm.entries, 0);
--
2.27.0
- [PATCH v1 13/40] KVM: Introduce kvm_arch_pre_create_vcpu(), (continued)
- [PATCH v1 16/40] i386/tdx: Wire CPU features up with attributes of TD guest, Xiaoyao Li, 2022/08/02
- [PATCH v1 17/40] i386/tdx: Validate TD attributes,
Xiaoyao Li <=
- [PATCH v1 18/40] i386/tdx: Implement user specified tsc frequency, Xiaoyao Li, 2022/08/02
- [PATCH v1 19/40] i386/tdx: Set kvm_readonly_mem_enabled to false for TDX VM, Xiaoyao Li, 2022/08/02
- [PATCH v1 20/40] i386/tdvf: Introduce function to parse TDVF metadata, Xiaoyao Li, 2022/08/02
- [PATCH v1 22/40] i386/tdx: Skip BIOS shadowing setup, Xiaoyao Li, 2022/08/02
- [PATCH v1 21/40] i386/tdx: Parse TDVF metadata for TDX VM, Xiaoyao Li, 2022/08/02
- [PATCH v1 26/40] headers: Add definitions from UEFI spec for volumes, resources, etc..., Xiaoyao Li, 2022/08/02