From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: Michael Roth <michael.roth@amd.com>, Pankaj Gupta <pankaj.gupta@amd.com>
Subject: [PULL 44/45] hw/i386/sev: Use guest_memfd for legacy ROMs
Date: Tue, 4 Jun 2024 08:44:08 +0200 [thread overview]
Message-ID: <20240604064409.957105-45-pbonzini@redhat.com> (raw)
In-Reply-To: <20240604064409.957105-1-pbonzini@redhat.com>
From: Michael Roth <michael.roth@amd.com>
Current SNP guest kernels will attempt to access these regions with
with C-bit set, so guest_memfd is needed to handle that. Otherwise,
kvm_convert_memory() will fail when the guest kernel tries to access it
and QEMU attempts to call KVM_SET_MEMORY_ATTRIBUTES to set these ranges
to private.
Whether guests should actually try to access ROM regions in this way (or
need to deal with legacy ROM regions at all), is a separate issue to be
addressed on kernel side, but current SNP guest kernels will exhibit
this behavior and so this handling is needed to allow QEMU to continue
running existing SNP guest kernels.
Signed-off-by: Michael Roth <michael.roth@amd.com>
[pankaj: Added sev_snp_enabled() check]
Signed-off-by: Pankaj Gupta <pankaj.gupta@amd.com>
Message-ID: <20240530111643.1091816-28-pankaj.gupta@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/pc.c | 14 ++++++++++----
hw/i386/pc_sysfw.c | 19 +++++++++++++------
2 files changed, 23 insertions(+), 10 deletions(-)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 7b638da7aaa..0469af00a78 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -62,6 +62,7 @@
#include "hw/mem/memory-device.h"
#include "e820_memory_layout.h"
#include "trace.h"
+#include "sev.h"
#include CONFIG_DEVICES
#ifdef CONFIG_XEN_EMU
@@ -1022,10 +1023,15 @@ void pc_memory_init(PCMachineState *pcms,
pc_system_firmware_init(pcms, rom_memory);
option_rom_mr = g_malloc(sizeof(*option_rom_mr));
- memory_region_init_ram(option_rom_mr, NULL, "pc.rom", PC_ROM_SIZE,
- &error_fatal);
- if (pcmc->pci_enabled) {
- memory_region_set_readonly(option_rom_mr, true);
+ if (machine_require_guest_memfd(machine)) {
+ memory_region_init_ram_guest_memfd(option_rom_mr, NULL, "pc.rom",
+ PC_ROM_SIZE, &error_fatal);
+ } else {
+ memory_region_init_ram(option_rom_mr, NULL, "pc.rom", PC_ROM_SIZE,
+ &error_fatal);
+ if (pcmc->pci_enabled) {
+ memory_region_set_readonly(option_rom_mr, true);
+ }
}
memory_region_add_subregion_overlap(rom_memory,
PC_ROM_MIN_VGA,
diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
index 7cdbafc8d22..ef80281d28b 100644
--- a/hw/i386/pc_sysfw.c
+++ b/hw/i386/pc_sysfw.c
@@ -40,8 +40,8 @@
#define FLASH_SECTOR_SIZE 4096
-static void pc_isa_bios_init(MemoryRegion *isa_bios, MemoryRegion *rom_memory,
- MemoryRegion *flash_mem)
+static void pc_isa_bios_init(PCMachineState *pcms, MemoryRegion *isa_bios,
+ MemoryRegion *rom_memory, MemoryRegion *flash_mem)
{
int isa_bios_size;
uint64_t flash_size;
@@ -51,8 +51,13 @@ static void pc_isa_bios_init(MemoryRegion *isa_bios, MemoryRegion *rom_memory,
/* map the last 128KB of the BIOS in ISA space */
isa_bios_size = MIN(flash_size, 128 * KiB);
- memory_region_init_ram(isa_bios, NULL, "isa-bios", isa_bios_size,
- &error_fatal);
+ if (machine_require_guest_memfd(MACHINE(pcms))) {
+ memory_region_init_ram_guest_memfd(isa_bios, NULL, "isa-bios",
+ isa_bios_size, &error_fatal);
+ } else {
+ memory_region_init_ram(isa_bios, NULL, "isa-bios", isa_bios_size,
+ &error_fatal);
+ }
memory_region_add_subregion_overlap(rom_memory,
0x100000 - isa_bios_size,
isa_bios,
@@ -65,7 +70,9 @@ static void pc_isa_bios_init(MemoryRegion *isa_bios, MemoryRegion *rom_memory,
((uint8_t*)flash_ptr) + (flash_size - isa_bios_size),
isa_bios_size);
- memory_region_set_readonly(isa_bios, true);
+ if (!machine_require_guest_memfd(current_machine)) {
+ memory_region_set_readonly(isa_bios, true);
+ }
}
static PFlashCFI01 *pc_pflash_create(PCMachineState *pcms,
@@ -191,7 +198,7 @@ static void pc_system_flash_map(PCMachineState *pcms,
x86_isa_bios_init(&x86ms->isa_bios, rom_memory, flash_mem,
true);
} else {
- pc_isa_bios_init(&x86ms->isa_bios, rom_memory, flash_mem);
+ pc_isa_bios_init(pcms, &x86ms->isa_bios, rom_memory, flash_mem);
}
/* Encrypt the pflash boot ROM */
--
2.45.1
next prev parent reply other threads:[~2024-06-04 6:49 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-04 6:43 [PULL 00/45] mostly i386 patches for 2024-06-04 Paolo Bonzini
2024-06-04 6:43 ` [PULL 01/45] virtio-blk: remove SCSI passthrough functionality Paolo Bonzini
2024-06-04 14:33 ` Richard Henderson
2024-06-04 6:43 ` [PULL 02/45] host/i386: nothing looks at CPUINFO_SSE4 Paolo Bonzini
2024-06-04 6:43 ` [PULL 03/45] meson: assume x86-64-v2 baseline ISA Paolo Bonzini
2024-06-04 6:43 ` [PULL 04/45] host/i386: assume presence of CMOV Paolo Bonzini
2024-06-04 6:43 ` [PULL 05/45] host/i386: assume presence of SSE2 Paolo Bonzini
2024-06-04 6:43 ` [PULL 06/45] host/i386: assume presence of SSSE3 Paolo Bonzini
2024-06-04 6:43 ` [PULL 07/45] host/i386: assume presence of POPCNT Paolo Bonzini
2024-06-04 6:43 ` [PULL 08/45] target/i386: fix SSE and SSE2 feature check Paolo Bonzini
2024-06-04 6:43 ` [PULL 09/45] target/i386: fix memory opsize for Mov to/from Seg Paolo Bonzini
2024-06-04 6:43 ` [PULL 10/45] target/i386/tcg: Fix RDPID feature check Paolo Bonzini
2024-06-04 6:43 ` [PULL 11/45] target/i386: fix xsave.flat from kvm-unit-tests Paolo Bonzini
2024-06-04 6:43 ` [PULL 12/45] update-linux-headers: fix forwarding to asm-generic headers Paolo Bonzini
2024-06-04 6:43 ` [PULL 13/45] update-linux-headers: move pvpanic.h to correct directory Paolo Bonzini
2024-06-04 6:43 ` [PULL 14/45] linux-headers: Update to current kvm/next Paolo Bonzini
2024-06-04 6:43 ` [PULL 15/45] update-linux-headers: import linux/kvm_para.h header Paolo Bonzini
2024-06-04 6:43 ` [PULL 16/45] machine: allow early use of machine_require_guest_memfd Paolo Bonzini
2024-06-04 6:43 ` [PULL 17/45] i386/sev: Replace error_report with error_setg Paolo Bonzini
2024-06-04 6:43 ` [PULL 18/45] i386/sev: Introduce "sev-common" type to encapsulate common SEV state Paolo Bonzini
2024-06-07 14:20 ` Peter Maydell
2024-06-04 6:43 ` [PULL 19/45] i386/sev: Move sev_launch_update to separate class method Paolo Bonzini
2024-06-04 6:43 ` [PULL 20/45] i386/sev: Move sev_launch_finish " Paolo Bonzini
2024-06-04 6:43 ` [PULL 21/45] i386/sev: Introduce 'sev-snp-guest' object Paolo Bonzini
2024-06-07 14:15 ` Peter Maydell
2024-06-04 6:43 ` [PULL 22/45] i386/sev: Add a sev_snp_enabled() helper Paolo Bonzini
2024-06-04 6:43 ` [PULL 23/45] i386/sev: Add sev_kvm_init() override for SEV class Paolo Bonzini
2024-06-04 6:43 ` [PULL 24/45] i386/sev: Add snp_kvm_init() override for SNP class Paolo Bonzini
2024-06-04 6:43 ` [PULL 25/45] i386/cpu: Set SEV-SNP CPUID bit when SNP enabled Paolo Bonzini
2024-06-04 6:43 ` [PULL 26/45] i386/sev: Don't return launch measurements for SEV-SNP guests Paolo Bonzini
2024-06-04 6:43 ` [PULL 27/45] i386/sev: Add a class method to determine KVM VM type for SNP guests Paolo Bonzini
2024-06-04 6:43 ` [PULL 28/45] i386/sev: Update query-sev QAPI format to handle SEV-SNP Paolo Bonzini
2024-06-04 6:43 ` [PULL 29/45] i386/sev: Add the SNP launch start context Paolo Bonzini
2024-06-04 6:43 ` [PULL 30/45] i386/sev: Add handling to encrypt/finalize guest launch data Paolo Bonzini
2024-06-24 23:07 ` Richard Henderson
2024-06-04 6:43 ` [PULL 31/45] i386/sev: Set CPU state to protected once SNP guest payload is finalized Paolo Bonzini
2024-06-04 6:43 ` [PULL 32/45] hw/i386/sev: Add function to get SEV metadata from OVMF header Paolo Bonzini
2024-06-04 6:43 ` [PULL 33/45] i386/sev: Add support for populating OVMF metadata pages Paolo Bonzini
2024-06-04 6:43 ` [PULL 34/45] i386/sev: Add support for SNP CPUID validation Paolo Bonzini
2024-06-04 6:43 ` [PULL 35/45] hw/i386/sev: Add support to encrypt BIOS when SEV-SNP is enabled Paolo Bonzini
2024-06-04 6:44 ` [PULL 36/45] i386/sev: Invoke launch_updata_data() for SEV class Paolo Bonzini
2024-06-07 14:18 ` Peter Maydell
2024-06-04 6:44 ` [PULL 37/45] i386/sev: Invoke launch_updata_data() for SNP class Paolo Bonzini
2024-06-04 6:44 ` [PULL 38/45] i386/kvm: Add KVM_EXIT_HYPERCALL handling for KVM_HC_MAP_GPA_RANGE Paolo Bonzini
2024-06-04 6:44 ` [PULL 39/45] i386/sev: Enable KVM_HC_MAP_GPA_RANGE hcall for SNP guests Paolo Bonzini
2024-06-04 6:44 ` [PULL 40/45] i386/sev: Extract build_kernel_loader_hashes Paolo Bonzini
2024-06-04 6:44 ` [PULL 41/45] i386/sev: Reorder struct declarations Paolo Bonzini
2024-06-04 6:44 ` [PULL 42/45] i386/sev: Allow measured direct kernel boot on SNP Paolo Bonzini
2024-06-04 6:44 ` [PULL 43/45] memory: Introduce memory_region_init_ram_guest_memfd() Paolo Bonzini
2024-06-04 6:44 ` Paolo Bonzini [this message]
2024-06-04 6:44 ` [PULL 45/45] hw/i386: Add support for loading BIOS using guest_memfd Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240604064409.957105-45-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=michael.roth@amd.com \
--cc=pankaj.gupta@amd.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).