From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Xiaoyao Li <xiaoyao.li@intel.com>
Cc: "Paolo Bonzini" <pbonzini@redhat.com>,
"David Hildenbrand" <david@redhat.com>,
"Igor Mammedov" <imammedo@redhat.com>,
"Michael S . Tsirkin" <mst@redhat.com>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Peter Xu" <peterx@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Cornelia Huck" <cohuck@redhat.com>,
"Eric Blake" <eblake@redhat.com>,
"Markus Armbruster" <armbru@redhat.com>,
"Marcelo Tosatti" <mtosatti@redhat.com>,
qemu-devel@nongnu.org, kvm@vger.kernel.org,
"Michael Roth" <michael.roth@amd.com>,
"Sean Christopherson" <seanjc@google.com>,
"Claudio Fontana" <cfontana@suse.de>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Isaku Yamahata" <isaku.yamahata@gmail.com>,
"Chenyi Qiang" <chenyi.qiang@intel.com>
Subject: Re: [PATCH v3 52/70] i386/tdx: handle TDG.VP.VMCALL<GetQuote>
Date: Wed, 15 Nov 2023 17:51:19 +0000 [thread overview]
Message-ID: <ZVUFF-sm2aeCcDnr@redhat.com> (raw)
In-Reply-To: <20231115071519.2864957-53-xiaoyao.li@intel.com>
On Wed, Nov 15, 2023 at 02:15:01AM -0500, Xiaoyao Li wrote:
> From: Isaku Yamahata <isaku.yamahata@intel.com>
>
> For GetQuote, delegate a request to Quote Generation Service.
> Add property "quote-generation-socket" to tdx-guest, whihc is a property
> of type SocketAddress to specify Quote Generation Service(QGS).
>
> On request, connect to the QGS, read request buffer from shared guest
> memory, send the request buffer to the server and store the response
> into shared guest memory and notify TD guest by interrupt.
>
> command line example:
> qemu-system-x86_64 \
> -object '{"qom-type":"tdx-guest","id":"tdx0","quote-generation-socket":{"type": "vsock", "cid":"2","port":"1234"}}' \
> -machine confidential-guest-support=tdx0
>
> Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
> Codeveloped-by: Chenyi Qiang <chenyi.qiang@intel.com>
> Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> ---
> Changes in v3:
> - rename property "quote-generation-service" to "quote-generation-socket";
> - change the type of "quote-generation-socket" from str to
> SocketAddress;
> - squash next patch into this one;
> ---
> qapi/qom.json | 5 +-
> target/i386/kvm/tdx.c | 430 ++++++++++++++++++++++++++++++++++++++++++
> target/i386/kvm/tdx.h | 6 +
> 3 files changed, 440 insertions(+), 1 deletion(-)
> @@ -969,6 +1001,7 @@ static void tdx_guest_class_init(ObjectClass *oc, void *data)
> {
> }
>
> +#define TDG_VP_VMCALL_GET_QUOTE 0x10002ULL
> #define TDG_VP_VMCALL_SETUP_EVENT_NOTIFY_INTERRUPT 0x10004ULL
>
> #define TDG_VP_VMCALL_SUCCESS 0x0000000000000000ULL
> @@ -977,6 +1010,400 @@ static void tdx_guest_class_init(ObjectClass *oc, void *data)
> #define TDG_VP_VMCALL_GPA_INUSE 0x8000000000000001ULL
> #define TDG_VP_VMCALL_ALIGN_ERROR 0x8000000000000002ULL
>
> +#define TDX_GET_QUOTE_STRUCTURE_VERSION 1ULL
> +
> +#define TDX_VP_GET_QUOTE_SUCCESS 0ULL
> +#define TDX_VP_GET_QUOTE_IN_FLIGHT (-1ULL)
> +#define TDX_VP_GET_QUOTE_ERROR 0x8000000000000000ULL
> +#define TDX_VP_GET_QUOTE_QGS_UNAVAILABLE 0x8000000000000001ULL
> +
> +/* Limit to avoid resource starvation. */
> +#define TDX_GET_QUOTE_MAX_BUF_LEN (128 * 1024)
> +#define TDX_MAX_GET_QUOTE_REQUEST 16
> +
> +/* Format of pages shared with guest. */
> +struct tdx_get_quote_header {
> + /* Format version: must be 1 in little endian. */
> + uint64_t structure_version;
> +
> + /*
> + * GetQuote status code in little endian:
> + * Guest must set error_code to 0 to avoid information leak.
> + * Qemu sets this before interrupting guest.
> + */
> + uint64_t error_code;
> +
> + /*
> + * in-message size in little endian: The message will follow this header.
> + * The in-message will be send to QGS.
> + */
> + uint32_t in_len;
> +
> + /*
> + * out-message size in little endian:
> + * On request, out_len must be zero to avoid information leak.
> + * On return, message size from QGS. Qemu overwrites this field.
> + * The message will follows this header. The in-message is overwritten.
> + */
> + uint32_t out_len;
> +
> + /*
> + * Message buffer follows.
> + * Guest sets message that will be send to QGS. If out_len > in_len, guest
> + * should zero remaining buffer to avoid information leak.
> + * Qemu overwrites this buffer with a message returned from QGS.
> + */
> +};
> +
> +static hwaddr tdx_shared_bit(X86CPU *cpu)
> +{
> + return (cpu->phys_bits > 48) ? BIT_ULL(51) : BIT_ULL(47);
> +}
> +
> +struct tdx_get_quote_task {
> + uint32_t apic_id;
> + hwaddr gpa;
> + uint64_t buf_len;
> + char *out_data;
> + uint64_t out_len;
> + struct tdx_get_quote_header hdr;
> + int event_notify_interrupt;
> + QIOChannelSocket *ioc;
> +};
> +
> +struct x86_msi {
> + union {
> + struct {
> + uint32_t reserved_0 : 2,
> + dest_mode_logical : 1,
> + redirect_hint : 1,
> + reserved_1 : 1,
> + virt_destid_8_14 : 7,
> + destid_0_7 : 8,
> + base_address : 12;
> + } QEMU_PACKED x86_address_lo;
> + uint32_t address_lo;
> + };
> + union {
> + struct {
> + uint32_t reserved : 8,
> + destid_8_31 : 24;
> + } QEMU_PACKED x86_address_hi;
> + uint32_t address_hi;
> + };
> + union {
> + struct {
> + uint32_t vector : 8,
> + delivery_mode : 3,
> + dest_mode_logical : 1,
> + reserved : 2,
> + active_low : 1,
> + is_level : 1;
> + } QEMU_PACKED x86_data;
> + uint32_t data;
> + };
> +};
> +
> +static void tdx_td_notify(struct tdx_get_quote_task *t)
> +{
> + struct x86_msi x86_msi;
> + struct kvm_msi msi;
> + int ret;
> +
> + /* It is optional for host VMM to interrupt TD. */
> + if(!(32 <= t->event_notify_interrupt && t->event_notify_interrupt <= 255))
> + return;
> +
> + x86_msi = (struct x86_msi) {
> + .x86_address_lo = {
> + .reserved_0 = 0,
> + .dest_mode_logical = 0,
> + .redirect_hint = 0,
> + .reserved_1 = 0,
> + .virt_destid_8_14 = 0,
> + .destid_0_7 = t->apic_id & 0xff,
> + },
> + .x86_address_hi = {
> + .reserved = 0,
> + .destid_8_31 = t->apic_id >> 8,
> + },
> + .x86_data = {
> + .vector = t->event_notify_interrupt,
> + .delivery_mode = APIC_DM_FIXED,
> + .dest_mode_logical = 0,
> + .reserved = 0,
> + .active_low = 0,
> + .is_level = 0,
> + },
> + };
> + msi = (struct kvm_msi) {
> + .address_lo = x86_msi.address_lo,
> + .address_hi = x86_msi.address_hi,
> + .data = x86_msi.data,
> + .flags = 0,
> + .devid = 0,
> + };
> + ret = kvm_vm_ioctl(kvm_state, KVM_SIGNAL_MSI, &msi);
> + if (ret < 0) {
> + /* In this case, no better way to tell it to guest. Log it. */
> + error_report("TDX: injection %d failed, interrupt lost (%s).\n",
> + t->event_notify_interrupt, strerror(-ret));
> + }
> +}
> +
> +static void tdx_get_quote_read(void *opaque)
> +{
> + struct tdx_get_quote_task *t = opaque;
> + ssize_t size = 0;
> + Error *err = NULL;
This error is set, but never read and more importantly
never freed. If you're not going to use it just pass
NULL to the methods, otherwise use error_report_err to
print and free it.
> + MachineState *ms;
> + TdxGuest *tdx;
> +
> + while (true) {
> + char *buf;
> + size_t buf_size;
> +
> + if (t->out_len < t->buf_len) {
> + buf = t->out_data + t->out_len;
> + buf_size = t->buf_len - t->out_len;
> + } else {
> + /*
> + * The received data is too large to fit in the shared GPA.
> + * Discard the received data and try to know the data size.
> + */
> + buf = t->out_data;
> + buf_size = t->buf_len;
> + }
> +
> + size = qio_channel_read(QIO_CHANNEL(t->ioc), buf, buf_size, &err);
> + if (!size) {
> + break;
> + }
> +
> + if (size < 0) {
> + if (size == QIO_CHANNEL_ERR_BLOCK) {
> + return;
> + } else {
> + break;
> + }
> + }
> + t->out_len += size;
> + }
> + /*
> + * If partial read successfully but return error at last, also treat it
> + * as failure.
> + */
> + if (size < 0) {
> + t->hdr.error_code = cpu_to_le64(TDX_VP_GET_QUOTE_QGS_UNAVAILABLE);
> + goto error;
> + }
> + if (t->out_len > 0 && t->out_len > t->buf_len) {
> + /*
> + * There is no specific error code defined for this case(E2BIG) at the
> + * moment.
> + * TODO: Once an error code for this case is defined in GHCI spec ,
> + * update the error code.
> + */
> + t->hdr.error_code = cpu_to_le64(TDX_VP_GET_QUOTE_ERROR);
> + t->hdr.out_len = cpu_to_le32(t->out_len);
> + goto error_hdr;
> + }
> +
> + if (address_space_write(
> + &address_space_memory, t->gpa + sizeof(t->hdr),
> + MEMTXATTRS_UNSPECIFIED, t->out_data, t->out_len) != MEMTX_OK) {
> + goto error;
> + }
> + /*
> + * Even if out_len == 0, it's a success. It's up to the QGS-client contract
> + * how to interpret the zero-sized message as return message.
> + */
> + t->hdr.out_len = cpu_to_le32(t->out_len);
> + t->hdr.error_code = cpu_to_le64(TDX_VP_GET_QUOTE_SUCCESS);
> +
> +error:
> + if (t->hdr.error_code != cpu_to_le64(TDX_VP_GET_QUOTE_SUCCESS)) {
> + t->hdr.out_len = cpu_to_le32(0);
> + }
> +error_hdr:
> + if (address_space_write(
> + &address_space_memory, t->gpa,
> + MEMTXATTRS_UNSPECIFIED, &t->hdr, sizeof(t->hdr)) != MEMTX_OK) {
> + error_report("TDX: failed to update GetQuote header.");
> + }
> + tdx_td_notify(t);
> +
> + qemu_set_fd_handler(t->ioc->fd, NULL, NULL, NULL);
> + qio_channel_close(QIO_CHANNEL(t->ioc), &err);
Likely overwriting a previously set 'err'
> + object_unref(OBJECT(t->ioc));
> + g_free(t->out_data);
> + g_free(t);
> +
> + /* Maintain the number of in-flight requests. */
> + ms = MACHINE(qdev_get_machine());
> + tdx = TDX_GUEST(ms->cgs);
> + qemu_mutex_lock(&tdx->lock);
> + tdx->quote_generation_num--;
> + qemu_mutex_unlock(&tdx->lock);
> +}
> +
> +/*
> + * TODO: If QGS doesn't reply for long time, make it an error and interrupt
> + * guest.
> + */
> +static void tdx_handle_get_quote_connected(QIOTask *task, gpointer opaque)
> +{
> + struct tdx_get_quote_task *t = opaque;
> + Error *err = NULL;
Same leak problem in this method
> + char *in_data = NULL;
g_autofree for simpler cleanup
> + MachineState *ms;
> + TdxGuest *tdx;
> +
> + t->hdr.error_code = cpu_to_le64(TDX_VP_GET_QUOTE_ERROR);
> + if (qio_task_propagate_error(task, NULL)) {
> + t->hdr.error_code = cpu_to_le64(TDX_VP_GET_QUOTE_QGS_UNAVAILABLE);
> + goto error;
> + }
> +
> + in_data = g_malloc(le32_to_cpu(t->hdr.in_len));
IF 't->hdr.in_len' is going from the guest then they needs
bounds checking, otherwise its a trivial denial of service
to make QEMU allocate all of host RAM.
> + if (!in_data) {
> + goto error;
> + }
> +
> + if (address_space_read(&address_space_memory, t->gpa + sizeof(t->hdr),
> + MEMTXATTRS_UNSPECIFIED, in_data,
> + le32_to_cpu(t->hdr.in_len)) != MEMTX_OK) {
> + goto error;
> + }
> +
> + qio_channel_set_blocking(QIO_CHANNEL(t->ioc), false, NULL);
> +
> + if (qio_channel_write_all(QIO_CHANNEL(t->ioc), in_data,
> + le32_to_cpu(t->hdr.in_len), &err) ||
> + err) {
> + t->hdr.error_code = cpu_to_le64(TDX_VP_GET_QUOTE_QGS_UNAVAILABLE);
> + goto error;
> + }
> +
> + g_free(in_data);
> + qemu_set_fd_handler(t->ioc->fd, tdx_get_quote_read, NULL, t);
Dn't use qemu_set_fd_handler() with QIOChannel objects.
qio_channel_add_watch() is the API for dealing with event
callbacks
> +
> + return;
> +error:
> + t->hdr.out_len = cpu_to_le32(0);
> +
> + if (address_space_write(
> + &address_space_memory, t->gpa,
> + MEMTXATTRS_UNSPECIFIED, &t->hdr, sizeof(t->hdr)) != MEMTX_OK) {
> + error_report("TDX: failed to update GetQuote header.\n");
> + }
> + tdx_td_notify(t);
> +
> + qio_channel_close(QIO_CHANNEL(t->ioc), &err);
> + object_unref(OBJECT(t->ioc));
> + g_free(t);
> + g_free(in_data);
> +
> + /* Maintain the number of in-flight requests. */
> + ms = MACHINE(qdev_get_machine());
> + tdx = TDX_GUEST(ms->cgs);
> + qemu_mutex_lock(&tdx->lock);
> + tdx->quote_generation_num--;
> + qemu_mutex_unlock(&tdx->lock);
> + return;
> +}
> +
> +static void tdx_handle_get_quote(X86CPU *cpu, struct kvm_tdx_vmcall *vmcall)
> +{
> + hwaddr gpa = vmcall->in_r12;
> + uint64_t buf_len = vmcall->in_r13;
> + struct tdx_get_quote_header hdr;
> + MachineState *ms;
> + TdxGuest *tdx;
> + QIOChannelSocket *ioc;
> + struct tdx_get_quote_task *t;
> +
> + vmcall->status_code = TDG_VP_VMCALL_INVALID_OPERAND;
> +
> + /* GPA must be shared. */
> + if (!(gpa & tdx_shared_bit(cpu))) {
> + return;
> + }
> + gpa &= ~tdx_shared_bit(cpu);
> +
> + if (!QEMU_IS_ALIGNED(gpa, 4096) || !QEMU_IS_ALIGNED(buf_len, 4096)) {
> + vmcall->status_code = TDG_VP_VMCALL_ALIGN_ERROR;
> + return;
> + }
> + if (buf_len == 0) {
> + return;
> + }
> +
> + if (address_space_read(&address_space_memory, gpa, MEMTXATTRS_UNSPECIFIED,
> + &hdr, sizeof(hdr)) != MEMTX_OK) {
> + return;
> + }
> + if (le64_to_cpu(hdr.structure_version) != TDX_GET_QUOTE_STRUCTURE_VERSION) {
> + return;
> + }
> + /*
> + * Paranoid: Guest should clear error_code and out_len to avoid information
> + * leak. Enforce it. The initial value of them doesn't matter for qemu to
> + * process the request.
> + */
> + if (le64_to_cpu(hdr.error_code) != TDX_VP_GET_QUOTE_SUCCESS ||
> + le32_to_cpu(hdr.out_len) != 0) {
> + return;
> + }
> +
> + /* Only safe-guard check to avoid too large buffer size. */
> + if (buf_len > TDX_GET_QUOTE_MAX_BUF_LEN ||
> + le32_to_cpu(hdr.in_len) > TDX_GET_QUOTE_MAX_BUF_LEN ||
> + le32_to_cpu(hdr.in_len) > buf_len) {
> + return;
> + }
> +
> + /* Mark the buffer in-flight. */
> + hdr.error_code = cpu_to_le64(TDX_VP_GET_QUOTE_IN_FLIGHT);
> + if (address_space_write(&address_space_memory, gpa, MEMTXATTRS_UNSPECIFIED,
> + &hdr, sizeof(hdr)) != MEMTX_OK) {
> + return;
> + }
> +
> + ms = MACHINE(qdev_get_machine());
> + tdx = TDX_GUEST(ms->cgs);
> + ioc = qio_channel_socket_new();
> +
> + t = g_malloc(sizeof(*t));
> + t->apic_id = tdx->event_notify_apic_id;
> + t->gpa = gpa;
> + t->buf_len = buf_len;
> + t->out_data = g_malloc(t->buf_len);
> + t->out_len = 0;
> + t->hdr = hdr;
> + t->ioc = ioc;
> +
> + qemu_mutex_lock(&tdx->lock);
> + if (!tdx->quote_generation ||
> + /* Prevent too many in-flight get-quote request. */
> + tdx->quote_generation_num >= TDX_MAX_GET_QUOTE_REQUEST) {
> + qemu_mutex_unlock(&tdx->lock);
> + vmcall->status_code = TDG_VP_VMCALL_RETRY;
> + object_unref(OBJECT(ioc));
> + g_free(t->out_data);
> + g_free(t);
> + return;
> + }
> + tdx->quote_generation_num++;
> + t->event_notify_interrupt = tdx->event_notify_interrupt;
> + qio_channel_socket_connect_async(
> + ioc, tdx->quote_generation, tdx_handle_get_quote_connected, t, NULL,
> + NULL);
> + qemu_mutex_unlock(&tdx->lock);
> +
> + vmcall->status_code = TDG_VP_VMCALL_SUCCESS;
> +}
> +
> static void tdx_handle_setup_event_notify_interrupt(X86CPU *cpu,
> struct kvm_tdx_vmcall *vmcall)
> {
> @@ -1005,6 +1432,9 @@ static void tdx_handle_vmcall(X86CPU *cpu, struct kvm_tdx_vmcall *vmcall)
> }
>
> switch (vmcall->subfunction) {
> + case TDG_VP_VMCALL_GET_QUOTE:
> + tdx_handle_get_quote(cpu, vmcall);
> + break;
> case TDG_VP_VMCALL_SETUP_EVENT_NOTIFY_INTERRUPT:
> tdx_handle_setup_event_notify_interrupt(cpu, vmcall);
> break;
> diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h
> index 4a8d67cc9fdb..4a989805493e 100644
> --- a/target/i386/kvm/tdx.h
> +++ b/target/i386/kvm/tdx.h
> @@ -5,8 +5,10 @@
> #include CONFIG_DEVICES /* CONFIG_TDX */
> #endif
>
> +#include <linux/kvm.h>
> #include "exec/confidential-guest-support.h"
> #include "hw/i386/tdvf.h"
> +#include "io/channel-socket.h"
> #include "sysemu/kvm.h"
>
> #define TYPE_TDX_GUEST "tdx-guest"
> @@ -47,6 +49,10 @@ typedef struct TdxGuest {
> /* runtime state */
> int event_notify_interrupt;
> uint32_t event_notify_apic_id;
> +
> + /* GetQuote */
> + int quote_generation_num;
> + SocketAddress *quote_generation;
> } TdxGuest;
IMHO all the quote generation logic would benefit from being split
out into a completely separate self contained files
eg 'tdx-quote-generation.{c,h}'
this should define an object "TdxQuoteGenerator" which holds these
two quote_generation_num and quote_generation fields, and exposes
a high level API for each command taking inputs & outputs,
and doing serialization to/from the socket. This API should do
verification of all command inputs eg the length field to prevent
guest denial of service.
The tdx_handle_get_quote() method could then call into this API.
This will give us clean separation between interaction with guest
memory, and interaction with the socket.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2023-11-15 17:51 UTC|newest]
Thread overview: 161+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-15 7:14 [PATCH v3 00/70] QEMU Guest memfd + QEMU TDX support Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 01/70] *** HACK *** linux-headers: Update headers to pull in gmem APIs Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 02/70] RAMBlock: Add support of KVM private guest memfd Xiaoyao Li
2023-11-15 10:20 ` Daniel P. Berrangé
2023-11-16 3:34 ` Xiaoyao Li
2023-11-15 17:54 ` David Hildenbrand
2023-11-16 2:45 ` Xiaoyao Li
2023-11-20 9:19 ` David Hildenbrand
2023-11-30 7:35 ` Xiaoyao Li
2023-11-17 20:35 ` Isaku Yamahata
2023-11-30 8:31 ` Xiaoyao Li
2023-11-20 9:24 ` David Hildenbrand
2023-11-30 7:37 ` Xiaoyao Li
2023-11-30 11:01 ` David Hildenbrand
2023-11-15 7:14 ` [PATCH v3 03/70] RAMBlock/guest_memfd: Enable KVM_GUEST_MEMFD_ALLOW_HUGEPAGE Xiaoyao Li
2023-11-15 18:10 ` David Hildenbrand
2023-11-16 2:47 ` Xiaoyao Li
2023-11-20 9:26 ` David Hildenbrand
2023-11-30 7:32 ` Xiaoyao Li
2023-11-30 10:59 ` David Hildenbrand
2023-11-30 16:01 ` Sean Christopherson
2023-11-30 16:54 ` David Hildenbrand
2023-11-30 17:46 ` Peter Xu
2023-11-30 17:57 ` David Hildenbrand
2023-11-30 18:09 ` David Hildenbrand
2023-11-30 17:51 ` Daniel P. Berrangé
2023-11-30 18:22 ` David Hildenbrand
2023-12-01 11:22 ` Claudio Fontana
2023-11-30 8:00 ` Xiaoyao Li
2023-12-01 11:00 ` David Hildenbrand
2023-11-15 7:14 ` [PATCH v3 04/70] HostMem: Add mechanism to opt in kvm guest memfd via MachineState Xiaoyao Li
2023-11-15 18:14 ` David Hildenbrand
2023-11-16 2:53 ` Xiaoyao Li
2023-11-20 9:30 ` David Hildenbrand
2023-11-30 7:38 ` Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 05/70] kvm: Enable KVM_SET_USER_MEMORY_REGION2 for memslot Xiaoyao Li
2023-11-17 20:50 ` Isaku Yamahata
2023-12-04 6:48 ` Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 06/70] kvm: Introduce support for memory_attributes Xiaoyao Li
2023-11-15 10:38 ` Daniel P. Berrangé
2023-11-16 3:40 ` Xiaoyao Li
2023-12-12 13:56 ` Wang, Wei W
2023-12-21 6:11 ` Xiaoyao Li
2023-12-21 10:36 ` Wang, Wei W
2023-12-21 11:53 ` Xiaoyao Li
2023-12-21 13:47 ` Wang, Wei W
2024-01-09 5:47 ` Xiaoyao Li
2024-01-09 14:53 ` Wang, Wei W
2024-01-09 16:32 ` Xiaoyao Li
2024-01-10 1:53 ` Wang, Wei W
2023-11-15 7:14 ` [PATCH v3 07/70] physmem: Relax the alignment check of host_startaddr in ram_block_discard_range() Xiaoyao Li
2023-11-15 18:20 ` David Hildenbrand
2023-11-16 2:56 ` Xiaoyao Li
2023-11-20 9:56 ` David Hildenbrand
2023-12-04 7:35 ` Xiaoyao Li
2023-12-04 7:53 ` Xiaoyao Li
2023-12-04 9:52 ` David Hildenbrand
2023-11-15 7:14 ` [PATCH v3 08/70] physmem: replace function name with __func__ " Xiaoyao Li
2023-11-15 18:21 ` David Hildenbrand
2023-12-04 7:40 ` Xiaoyao Li
2023-12-04 9:49 ` David Hildenbrand
2023-11-15 7:14 ` [PATCH v3 09/70] physmem: Introduce ram_block_convert_range() for page conversion Xiaoyao Li
2023-11-17 21:03 ` Isaku Yamahata
2023-12-08 7:59 ` Xiaoyao Li
2023-12-08 11:52 ` David Hildenbrand
2023-12-21 6:18 ` Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 10/70] kvm: handle KVM_EXIT_MEMORY_FAULT Xiaoyao Li
2023-11-15 10:42 ` Daniel P. Berrangé
2023-11-16 5:16 ` Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 11/70] trace/kvm: Add trace for page convertion between shared and private Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 12/70] *** HACK *** linux-headers: Update headers to pull in TDX API changes Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 13/70] i386: Introduce tdx-guest object Xiaoyao Li
2023-12-01 10:52 ` Markus Armbruster
2023-12-04 7:59 ` Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 14/70] target/i386: Implement mc->kvm_type() to get VM type Xiaoyao Li
2023-11-15 10:49 ` Daniel P. Berrangé
2023-11-16 6:22 ` Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 15/70] target/i386: Parse TDX vm type Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 16/70] target/i386: Introduce kvm_confidential_guest_init() Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 17/70] i386/tdx: Implement tdx_kvm_init() to initialize TDX VM context Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 18/70] i386/tdx: Get tdx_capabilities via KVM_TDX_CAPABILITIES Xiaoyao Li
2023-11-15 10:54 ` Daniel P. Berrangé
2023-12-07 7:18 ` Xiaoyao Li
2023-11-17 21:18 ` Isaku Yamahata
2023-12-07 7:16 ` Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 19/70] i386/tdx: Introduce is_tdx_vm() helper and cache tdx_guest object Xiaoyao Li
2023-11-17 21:20 ` Isaku Yamahata
2023-11-15 7:14 ` [PATCH v3 20/70] i386/tdx: Adjust the supported CPUID based on TDX restrictions Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 21/70] i386/tdx: Update tdx_cpuid_lookup[].tdx_fixed0/1 by tdx_caps.cpuid_config[] Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 22/70] i386/tdx: Integrate tdx_caps->xfam_fixed0/1 into tdx_cpuid_lookup Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 23/70] i386/tdx: Integrate tdx_caps->attrs_fixed0/1 to tdx_cpuid_lookup Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 24/70] i386/kvm: Move architectural CPUID leaf generation to separate helper Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 25/70] kvm: Introduce kvm_arch_pre_create_vcpu() Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 26/70] i386/tdx: Initialize TDX before creating TD vcpus Xiaoyao Li
2023-11-15 11:01 ` Daniel P. Berrangé
2023-12-04 8:28 ` Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 27/70] i386/tdx: Add property sept-ve-disable for tdx-guest object Xiaoyao Li
2023-12-01 10:53 ` Markus Armbruster
2023-11-15 7:14 ` [PATCH v3 28/70] i386/tdx: Make sept_ve_disable set by default Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 29/70] i386/tdx: Wire CPU features up with attributes of TD guest Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 30/70] i386/tdx: Validate TD attributes Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 31/70] i386/tdx: Allows mrconfigid/mrowner/mrownerconfig for TDX_INIT_VM Xiaoyao Li
2023-11-15 17:32 ` Daniel P. Berrangé
2023-12-01 11:00 ` Markus Armbruster
2023-12-14 3:07 ` Xiaoyao Li
2023-12-18 13:46 ` Markus Armbruster
2023-12-19 8:27 ` Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 32/70] i386/tdx: Implement user specified tsc frequency Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 33/70] i386/tdx: Set kvm_readonly_mem_enabled to false for TDX VM Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 34/70] kvm/memory: Introduce the infrastructure to set the default shared/private value Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 35/70] i386/tdx: Make memory type private by default Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 36/70] kvm/tdx: Don't complain when converting vMMIO region to shared Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 37/70] kvm/tdx: Ignore memory conversion to shared of unassigned region Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 38/70] i386/tdvf: Introduce function to parse TDVF metadata Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 39/70] i386/tdx: Parse TDVF metadata for TDX VM Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 40/70] i386/tdx: Skip BIOS shadowing setup Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 41/70] i386/tdx: Don't initialize pc.rom for TDX VMs Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 42/70] i386/tdx: Track mem_ptr for each firmware entry of TDVF Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 43/70] i386/tdx: Track RAM entries for TDX VM Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 44/70] headers: Add definitions from UEFI spec for volumes, resources, etc Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 45/70] i386/tdx: Setup the TD HOB list Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 46/70] i386/tdx: Add TDVF memory via KVM_TDX_INIT_MEM_REGION Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 47/70] memory: Introduce memory_region_init_ram_guest_memfd() Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 48/70] i386/tdx: register TDVF as private memory Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 49/70] i386/tdx: Call KVM_TDX_INIT_VCPU to initialize TDX vcpu Xiaoyao Li
2023-11-15 7:14 ` [PATCH v3 50/70] i386/tdx: Finalize TDX VM Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 51/70] i386/tdx: handle TDG.VP.VMCALL<SetupEventNotifyInterrupt> Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 52/70] i386/tdx: handle TDG.VP.VMCALL<GetQuote> Xiaoyao Li
2023-11-15 17:51 ` Daniel P. Berrangé [this message]
2023-11-15 17:58 ` Daniel P. Berrangé
2023-12-29 2:30 ` Xiaoyao Li
2024-01-08 14:44 ` Daniel P. Berrangé
2024-01-09 5:38 ` Xiaoyao Li
2023-12-01 11:02 ` Markus Armbruster
2023-12-07 7:38 ` Xiaoyao Li
2023-12-07 9:20 ` Markus Armbruster
2023-12-21 11:05 ` Daniel P. Berrangé
2023-12-22 3:14 ` Xiaoyao Li
2023-12-22 13:14 ` Daniel P. Berrangé
2023-12-25 12:34 ` Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 53/70] i386/tdx: setup a timer for the qio channel Xiaoyao Li
2023-11-15 18:02 ` Daniel P. Berrangé
2023-11-15 7:15 ` [PATCH v3 54/70] i386/tdx: handle TDG.VP.VMCALL<MapGPA> hypercall Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 55/70] i386/tdx: Limit the range size for MapGPA Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 56/70] i386/tdx: Handle TDG.VP.VMCALL<REPORT_FATAL_ERROR> Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 57/70] i386/tdx: Wire TDX_REPORT_FATAL_ERROR with GuestPanic facility Xiaoyao Li
2023-12-01 11:11 ` Markus Armbruster
2023-12-07 8:11 ` Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 58/70] pci-host/q35: Move PAM initialization above SMRAM initialization Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 59/70] q35: Introduce smm_ranges property for q35-pci-host Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 60/70] i386/tdx: Disable SMM for TDX VMs Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 61/70] i386/tdx: Disable PIC " Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 62/70] i386/tdx: Don't allow system reset " Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 63/70] i386/tdx: LMCE is not supported for TDX Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 64/70] hw/i386: add eoi_intercept_unsupported member to X86MachineState Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 65/70] hw/i386: add option to forcibly report edge trigger in acpi tables Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 66/70] i386/tdx: Don't synchronize guest tsc for TDs Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 67/70] i386/tdx: Only configure MSR_IA32_UCODE_REV in kvm_init_msrs() " Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 68/70] i386/tdx: Skip kvm_put_apicbase() " Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 69/70] i386/tdx: Don't get/put guest state for TDX VMs Xiaoyao Li
2023-11-15 7:15 ` [PATCH v3 70/70] docs: Add TDX documentation Xiaoyao Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZVUFF-sm2aeCcDnr@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=cfontana@suse.de \
--cc=chenyi.qiang@intel.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=eblake@redhat.com \
--cc=imammedo@redhat.com \
--cc=isaku.yamahata@gmail.com \
--cc=kraxel@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=marcel.apfelbaum@gmail.com \
--cc=michael.roth@amd.com \
--cc=mst@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=seanjc@google.com \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.