From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B32E7C36010 for ; Tue, 1 Apr 2025 13:54:54 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tzbxy-0004Cp-TJ; Tue, 01 Apr 2025 09:47:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tzbu7-0000Uu-Kb for qemu-devel@nongnu.org; Tue, 01 Apr 2025 09:44:00 -0400 Received: from mgamail.intel.com ([192.198.163.16]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tzbu1-0006XQ-1Q for qemu-devel@nongnu.org; Tue, 01 Apr 2025 09:43:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1743515021; x=1775051021; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=HwScKJFzwiqf5BzHfzfSKnBgtID2JLDKcoV7qGODNiU=; b=XAt4YXyHOINujcGMCrdzj5do+tdAqOZbm4Hp+U+MZyfzD38WMSru0cLW nkfkLzJvOHBB76q1I55aoH/zhDpPHXZ1MCSJ0293+bu/31P1BX/fj8yFG 2ME5abEBuZvh9XQ696521SwFsvYtTnbq3cI+2/HfLMvKYzmLbrDz5TDiG o11D7dDLD2DcBI6L2ydLV7ZE2y8tUkkrqhpLM67YueX9mVBggxEaRAE0U MlpiRtM821jdux8T7OuPXH2lwjNosHpSQfDHM37OKdgrB3pyCTuyHhVP/ zLU2lT/UoPzIdoayHoGAytFfl/D+3NHkN5uRUe/2SP9/fHps3gPNMGbo9 w==; X-CSE-ConnectionGUID: 72uM4vEfTLCJr39EGznR5A== X-CSE-MsgGUID: cictwSCOREu4JixzfmBr9Q== X-IronPort-AV: E=McAfee;i="6700,10204,11391"; a="32433466" X-IronPort-AV: E=Sophos;i="6.14,293,1736841600"; d="scan'208";a="32433466" Received: from fmviesa008.fm.intel.com ([10.60.135.148]) by fmvoesa110.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Apr 2025 06:42:43 -0700 X-CSE-ConnectionGUID: gJVZlGc0Toe5Wi8jv/Td2w== X-CSE-MsgGUID: uBjGreyaRDGGHB9LO4o5bw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.14,293,1736841600"; d="scan'208";a="126640134" Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52]) by fmviesa008.fm.intel.com with ESMTP; 01 Apr 2025 06:42:40 -0700 From: Xiaoyao Li To: Paolo Bonzini , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Cc: "Michael S. Tsirkin" , Markus Armbruster , Francesco Lavra , Marcelo Tosatti , qemu-devel@nongnu.org, =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Rick Edgecombe , Xiaoyao Li Subject: [PATCH v8 36/55] i386/tdx: Disable SMM for TDX VMs Date: Tue, 1 Apr 2025 09:01:46 -0400 Message-Id: <20250401130205.2198253-37-xiaoyao.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250401130205.2198253-1-xiaoyao.li@intel.com> References: <20250401130205.2198253-1-xiaoyao.li@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=192.198.163.16; envelope-from=xiaoyao.li@intel.com; helo=mgamail.intel.com X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.997, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org TDX doesn't support SMM and VMM cannot emulate SMM for TDX VMs because VMM cannot manipulate TDX VM's memory. Disable SMM for TDX VMs and error out if user requests to enable SMM. Signed-off-by: Xiaoyao Li Acked-by: Gerd Hoffmann --- target/i386/kvm/tdx.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index a816f57043f6..0eefd058f7a2 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -369,11 +369,20 @@ static Notifier tdx_machine_done_notify = { static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { + MachineState *ms = MACHINE(qdev_get_machine()); + X86MachineState *x86ms = X86_MACHINE(ms); TdxGuest *tdx = TDX_GUEST(cgs); int r = 0; kvm_mark_guest_state_protected(); + if (x86ms->smm == ON_OFF_AUTO_AUTO) { + x86ms->smm = ON_OFF_AUTO_OFF; + } else if (x86ms->smm == ON_OFF_AUTO_ON) { + error_setg(errp, "TDX VM doesn't support SMM"); + return -EINVAL; + } + if (!tdx_caps) { r = get_tdx_capabilities(errp); if (r) { -- 2.34.1