From: Binbin Wu <binbin.wu@linux.intel.com>
To: pbonzini@redhat.com, seanjc@google.com, kvm@vger.kernel.org
Cc: rick.p.edgecombe@intel.com, kai.huang@intel.com,
adrian.hunter@intel.com, reinette.chatre@intel.com,
xiaoyao.li@intel.com, tony.lindgren@intel.com,
isaku.yamahata@intel.com, yan.y.zhao@intel.com,
chao.gao@intel.com, linux-kernel@vger.kernel.org,
binbin.wu@linux.intel.com
Subject: [PATCH v2 09/17] KVM: TDX: Handle SMI request as !CONFIG_KVM_SMM
Date: Tue, 11 Feb 2025 10:58:20 +0800 [thread overview]
Message-ID: <20250211025828.3072076-10-binbin.wu@linux.intel.com> (raw)
In-Reply-To: <20250211025828.3072076-1-binbin.wu@linux.intel.com>
From: Isaku Yamahata <isaku.yamahata@intel.com>
Handle SMI request as what KVM does for CONFIG_KVM_SMM=n, i.e. return
-ENOTTY, and add KVM_BUG_ON() to SMI related OPs for TD.
TDX doesn't support system-management mode (SMM) and system-management
interrupt (SMI) in guest TDs. Because guest state (vCPU state, memory
state) is protected, it must go through the TDX module APIs to change
guest state. However, the TDX module doesn't provide a way for VMM to
inject SMI into guest TD or a way for VMM to switch guest vCPU mode into
SMM.
MSR_IA32_SMBASE will not be emulated for TDX guest, -ENOTTY will be
returned when SMI is requested.
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Co-developed-by: Binbin Wu <binbin.wu@linux.intel.com>
Signed-off-by: Binbin Wu <binbin.wu@linux.intel.com>
---
TDX interrupts v2:
- No change.
TDX interrupts v1:
- Renamed from "KVM: TDX: Silently discard SMI request" to
"KVM: TDX: Handle SMI request as !CONFIG_KVM_SMM".
- Change the changelog.
- Handle SMI request as !CONFIG_KVM_SMM for TD, and remove the
unnecessary comment. (Sean)
- Bug the VM if SMI OPs are called for a TD and remove related
tdx_* functions, but still keep the vt_* wrappers. (Sean, Paolo)
- Use kvm_x86_call()
---
arch/x86/kvm/smm.h | 3 +++
arch/x86/kvm/vmx/main.c | 43 +++++++++++++++++++++++++++++++++++++----
2 files changed, 42 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kvm/smm.h b/arch/x86/kvm/smm.h
index a1cf2ac5bd78..551703fbe200 100644
--- a/arch/x86/kvm/smm.h
+++ b/arch/x86/kvm/smm.h
@@ -142,6 +142,9 @@ union kvm_smram {
static inline int kvm_inject_smi(struct kvm_vcpu *vcpu)
{
+ if (!kvm_x86_call(has_emulated_msr)(vcpu->kvm, MSR_IA32_SMBASE))
+ return -ENOTTY;
+
kvm_make_request(KVM_REQ_SMI, vcpu);
return 0;
}
diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c
index 0d9b17d55bcc..8d91bd8eb991 100644
--- a/arch/x86/kvm/vmx/main.c
+++ b/arch/x86/kvm/vmx/main.c
@@ -180,6 +180,41 @@ static int vt_handle_exit(struct kvm_vcpu *vcpu,
return vmx_handle_exit(vcpu, fastpath);
}
+#ifdef CONFIG_KVM_SMM
+static int vt_smi_allowed(struct kvm_vcpu *vcpu, bool for_injection)
+{
+ if (KVM_BUG_ON(is_td_vcpu(vcpu), vcpu->kvm))
+ return false;
+
+ return vmx_smi_allowed(vcpu, for_injection);
+}
+
+static int vt_enter_smm(struct kvm_vcpu *vcpu, union kvm_smram *smram)
+{
+ if (KVM_BUG_ON(is_td_vcpu(vcpu), vcpu->kvm))
+ return 0;
+
+ return vmx_enter_smm(vcpu, smram);
+}
+
+static int vt_leave_smm(struct kvm_vcpu *vcpu, const union kvm_smram *smram)
+{
+ if (KVM_BUG_ON(is_td_vcpu(vcpu), vcpu->kvm))
+ return 0;
+
+ return vmx_leave_smm(vcpu, smram);
+}
+
+static void vt_enable_smi_window(struct kvm_vcpu *vcpu)
+{
+ if (KVM_BUG_ON(is_td_vcpu(vcpu), vcpu->kvm))
+ return;
+
+ /* RSM will cause a vmexit anyway. */
+ vmx_enable_smi_window(vcpu);
+}
+#endif
+
static void vt_apicv_pre_state_restore(struct kvm_vcpu *vcpu)
{
struct pi_desc *pi = vcpu_to_pi_desc(vcpu);
@@ -539,10 +574,10 @@ struct kvm_x86_ops vt_x86_ops __initdata = {
.setup_mce = vmx_setup_mce,
#ifdef CONFIG_KVM_SMM
- .smi_allowed = vmx_smi_allowed,
- .enter_smm = vmx_enter_smm,
- .leave_smm = vmx_leave_smm,
- .enable_smi_window = vmx_enable_smi_window,
+ .smi_allowed = vt_smi_allowed,
+ .enter_smm = vt_enter_smm,
+ .leave_smm = vt_leave_smm,
+ .enable_smi_window = vt_enable_smi_window,
#endif
.check_emulate_instruction = vmx_check_emulate_instruction,
--
2.46.0
next prev parent reply other threads:[~2025-02-11 2:57 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-11 2:58 [PATCH v2 00/17] KVM: TDX: TDX interrupts Binbin Wu
2025-02-11 2:58 ` [PATCH v2 01/17] KVM: TDX: Add support for find pending IRQ in a protected local APIC Binbin Wu
2025-02-11 7:23 ` Binbin Wu
2025-02-12 8:12 ` Chao Gao
2025-02-12 16:04 ` Sean Christopherson
2025-02-13 2:12 ` Chao Gao
2025-02-11 2:58 ` [PATCH v2 02/17] KVM: TDX: Disable PI wakeup for IPIv Binbin Wu
2025-02-11 2:58 ` [PATCH v2 03/17] KVM: VMX: Move posted interrupt delivery code to common header Binbin Wu
2025-02-13 6:59 ` Chao Gao
2025-02-11 2:58 ` [PATCH v2 04/17] KVM: TDX: Implement non-NMI interrupt injection Binbin Wu
2025-02-13 7:15 ` Chao Gao
2025-02-11 2:58 ` [PATCH v2 05/17] KVM: x86: Assume timer IRQ was injected if APIC state is protected Binbin Wu
2025-02-13 7:26 ` Chao Gao
2025-02-11 2:58 ` [PATCH v2 06/17] KVM: TDX: Wait lapic expire when timer IRQ was injected Binbin Wu
2025-02-11 2:58 ` [PATCH v2 07/17] KVM: TDX: Implement methods to inject NMI Binbin Wu
2025-02-11 2:58 ` [PATCH v2 08/17] KVM: TDX: Complete interrupts after TD exit Binbin Wu
2025-02-13 8:20 ` Chao Gao
2025-02-13 8:55 ` Binbin Wu
2025-02-11 2:58 ` Binbin Wu [this message]
2025-02-12 1:47 ` [PATCH v2 09/17] KVM: TDX: Handle SMI request as !CONFIG_KVM_SMM Sean Christopherson
2025-02-12 5:51 ` Binbin Wu
2025-02-14 17:15 ` Edgecombe, Rick P
2025-02-12 10:19 ` Huang, Kai
2025-02-11 2:58 ` [PATCH v2 10/17] KVM: TDX: Always block INIT/SIPI Binbin Wu
2025-02-11 2:58 ` [PATCH v2 11/17] KVM: TDX: Enforce KVM_IRQCHIP_SPLIT for TDX guests Binbin Wu
2025-02-11 2:58 ` [PATCH v2 12/17] KVM: TDX: Force APICv active for TDX guest Binbin Wu
2025-02-11 2:58 ` [PATCH v2 13/17] KVM: TDX: Add methods to ignore virtual apic related operation Binbin Wu
2025-02-11 2:58 ` [PATCH v2 14/17] KVM: VMX: Move emulation_required to struct vcpu_vt Binbin Wu
2025-02-11 2:58 ` [PATCH v2 15/17] KVM: VMX: Add a helper for NMI handling Binbin Wu
2025-02-12 1:10 ` Sean Christopherson
2025-02-11 2:58 ` [PATCH v2 16/17] KVM: TDX: Handle EXCEPTION_NMI and EXTERNAL_INTERRUPT Binbin Wu
2025-02-12 0:50 ` Sean Christopherson
2025-02-11 2:58 ` [PATCH v2 17/17] KVM: TDX: Handle EXIT_REASON_OTHER_SMI Binbin Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250211025828.3072076-10-binbin.wu@linux.intel.com \
--to=binbin.wu@linux.intel.com \
--cc=adrian.hunter@intel.com \
--cc=chao.gao@intel.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=tony.lindgren@intel.com \
--cc=xiaoyao.li@intel.com \
--cc=yan.y.zhao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).