From: Oliver Steffen <osteffen@redhat.com>
To: qemu-devel@nongnu.org
Cc: Richard Henderson <richard.henderson@linaro.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Igor Mammedov <imammedo@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
Joerg Roedel <joerg.roedel@amd.com>,
Gerd Hoffmann <kraxel@redhat.com>,
kvm@vger.kernel.org, Zhao Liu <zhao1.liu@intel.com>,
Eduardo Habkost <eduardo@habkost.net>,
Marcelo Tosatti <mtosatti@redhat.com>,
Luigi Leonardi <leonardi@redhat.com>,
Stefano Garzarella <sgarzare@redhat.com>,
Ani Sinha <anisinha@redhat.com>,
Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
Oliver Steffen <osteffen@redhat.com>
Subject: [PATCH v2 3/3] igvm: Fill MADT IGVM parameter field
Date: Thu, 11 Dec 2025 11:31:36 +0100 [thread overview]
Message-ID: <20251211103136.1578463-4-osteffen@redhat.com> (raw)
In-Reply-To: <20251211103136.1578463-1-osteffen@redhat.com>
Use the new acpi_build_madt_standalone() function to fill the MADT
parameter field.
The IGVM parameter can be consumed by Coconut SVSM [1], instead of
relying on the fw_cfg interface, which has caused problems before due to
unexpected access [2,3]. Using IGVM parameters is the default way for
Coconut SVSM; switching over would allow removing specialized code paths
for QEMU in Coconut.
In any case OVMF, which runs after SVSM has already been initialized,
will continue reading all ACPI tables via fw_cfg and provide fixed up
ACPI data to the OS as before.
Generating the MADT twice (here and during ACPI table building)
seems acceptable, since there is no infrastructure to obtain the MADT
out of the ACPI table memory area.
[1] https://github.com/coconut-svsm/svsm/pull/858
[2] https://gitlab.com/qemu-project/qemu/-/issues/2882
[3] https://github.com/coconut-svsm/svsm/issues/646
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
backends/igvm-cfg.c | 8 +++++++-
backends/igvm.c | 37 ++++++++++++++++++++++++++++++++++++-
include/system/igvm-cfg.h | 5 ++++-
include/system/igvm.h | 2 +-
target/i386/sev.c | 5 +++--
5 files changed, 51 insertions(+), 6 deletions(-)
diff --git a/backends/igvm-cfg.c b/backends/igvm-cfg.c
index c1b45401f4..0a77f7b7a1 100644
--- a/backends/igvm-cfg.c
+++ b/backends/igvm-cfg.c
@@ -17,6 +17,7 @@
#include "qom/object_interfaces.h"
#include "hw/qdev-core.h"
#include "hw/boards.h"
+#include "hw/i386/acpi-build.h"
#include "trace.h"
@@ -48,10 +49,15 @@ static void igvm_reset_hold(Object *obj, ResetType type)
{
MachineState *ms = MACHINE(qdev_get_machine());
IgvmCfg *igvm = IGVM_CFG(obj);
+ GArray *madt = NULL;
trace_igvm_reset_hold(type);
- qigvm_process_file(igvm, ms->cgs, false, &error_fatal);
+ madt = acpi_build_madt_standalone(ms);
+
+ qigvm_process_file(igvm, ms->cgs, false, madt, &error_fatal);
+
+ g_array_free(madt, true);
}
static void igvm_reset_exit(Object *obj, ResetType type)
diff --git a/backends/igvm.c b/backends/igvm.c
index a350c890cc..7e56b19b0a 100644
--- a/backends/igvm.c
+++ b/backends/igvm.c
@@ -93,6 +93,7 @@ typedef struct QIgvm {
unsigned region_start_index;
unsigned region_last_index;
unsigned region_page_count;
+ GArray *madt;
} QIgvm;
static int qigvm_directive_page_data(QIgvm *ctx, const uint8_t *header_data,
@@ -120,6 +121,8 @@ static int qigvm_directive_snp_id_block(QIgvm *ctx, const uint8_t *header_data,
static int qigvm_initialization_guest_policy(QIgvm *ctx,
const uint8_t *header_data,
Error **errp);
+static int qigvm_initialization_madt(QIgvm *ctx,
+ const uint8_t *header_data, Error **errp);
struct QIGVMHandler {
uint32_t type;
@@ -148,6 +151,8 @@ static struct QIGVMHandler handlers[] = {
qigvm_directive_snp_id_block },
{ IGVM_VHT_GUEST_POLICY, IGVM_HEADER_SECTION_INITIALIZATION,
qigvm_initialization_guest_policy },
+ { IGVM_VHT_MADT, IGVM_HEADER_SECTION_DIRECTIVE,
+ qigvm_initialization_madt },
};
static int qigvm_handler(QIgvm *ctx, uint32_t type, Error **errp)
@@ -764,6 +769,34 @@ static int qigvm_initialization_guest_policy(QIgvm *ctx,
return 0;
}
+static int qigvm_initialization_madt(QIgvm *ctx,
+ const uint8_t *header_data, Error **errp)
+{
+ const IGVM_VHS_PARAMETER *param = (const IGVM_VHS_PARAMETER *)header_data;
+ QIgvmParameterData *param_entry;
+
+ if (ctx->madt == NULL) {
+ return 0;
+ }
+
+ /* Find the parameter area that should hold the device tree */
+ QTAILQ_FOREACH(param_entry, &ctx->parameter_data, next)
+ {
+ if (param_entry->index == param->parameter_area_index) {
+
+ if (ctx->madt->len > param_entry->size) {
+ error_setg(
+ errp,
+ "IGVM: MADT size exceeds parameter area defined in IGVM file");
+ return -1;
+ }
+ memcpy(param_entry->data, ctx->madt->data, ctx->madt->len);
+ break;
+ }
+ }
+ return 0;
+}
+
static int qigvm_supported_platform_compat_mask(QIgvm *ctx, Error **errp)
{
int32_t header_count;
@@ -892,7 +925,7 @@ IgvmHandle qigvm_file_init(char *filename, Error **errp)
}
int qigvm_process_file(IgvmCfg *cfg, ConfidentialGuestSupport *cgs,
- bool onlyVpContext, Error **errp)
+ bool onlyVpContext, GArray *madt, Error **errp)
{
int32_t header_count;
QIgvmParameterData *parameter;
@@ -915,6 +948,8 @@ int qigvm_process_file(IgvmCfg *cfg, ConfidentialGuestSupport *cgs,
ctx.cgs = cgs;
ctx.cgsc = cgs ? CONFIDENTIAL_GUEST_SUPPORT_GET_CLASS(cgs) : NULL;
+ ctx.madt = madt;
+
/*
* Check that the IGVM file provides configuration for the current
* platform
diff --git a/include/system/igvm-cfg.h b/include/system/igvm-cfg.h
index 7dc48677fd..d5138f745c 100644
--- a/include/system/igvm-cfg.h
+++ b/include/system/igvm-cfg.h
@@ -40,10 +40,13 @@ typedef struct IgvmCfgClass {
* in the IGVM file will be processed, allowing information about the
* CPU state to be determined before processing the entire file.
*
+ * @madt: Optional ACPI MADT data to pass to the guest via the IGVM_VHT_MADT
+ * parameter. Only relevant if onlyVpContext is false.
+ *
* Returns 0 for ok and -1 on error.
*/
int (*process)(IgvmCfg *cfg, ConfidentialGuestSupport *cgs,
- bool onlyVpContext, Error **errp);
+ bool onlyVpContext, GArray *madt, Error **errp);
} IgvmCfgClass;
diff --git a/include/system/igvm.h b/include/system/igvm.h
index ec2538daa0..f2e580e4ee 100644
--- a/include/system/igvm.h
+++ b/include/system/igvm.h
@@ -18,7 +18,7 @@
IgvmHandle qigvm_file_init(char *filename, Error **errp);
int qigvm_process_file(IgvmCfg *igvm, ConfidentialGuestSupport *cgs,
- bool onlyVpContext, Error **errp);
+ bool onlyVpContext, GArray *madt, Error **errp);
/* x86 native */
int qigvm_x86_get_mem_map_entry(int index,
diff --git a/target/i386/sev.c b/target/i386/sev.c
index fd2dada013..55fd20510a 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -1888,11 +1888,12 @@ static int sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
* we need to pre-process it here to extract sev_features in order to
* provide it to KVM_SEV_INIT2. Each cgs_* function that is called by
* the IGVM processor detects this pre-process by observing the state
- * as SEV_STATE_UNINIT.
+ * as SEV_STATE_UNINIT. The IGVM file is only read here, no MADT data
+ * needs to be supplied.
*/
if (x86machine->igvm) {
if (IGVM_CFG_GET_CLASS(x86machine->igvm)
- ->process(x86machine->igvm, machine->cgs, true, errp) ==
+ ->process(x86machine->igvm, machine->cgs, true, NULL, errp) ==
-1) {
return -1;
}
--
2.52.0
next prev parent reply other threads:[~2025-12-11 10:32 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-11 10:31 [PATCH v2 0/3] igvm: Supply MADT via IGVM parameter Oliver Steffen
2025-12-11 10:31 ` [PATCH v2 1/3] hw/acpi: Make BIOS linker optional Oliver Steffen
2025-12-11 10:31 ` [PATCH v2 2/3] hw/acpi: Add standalone function to build MADT Oliver Steffen
2025-12-11 10:31 ` Oliver Steffen [this message]
2025-12-11 11:15 ` [PATCH v2 3/3] igvm: Fill MADT IGVM parameter field Gerd Hoffmann
2025-12-11 11:30 ` Luigi Leonardi
2025-12-11 12:13 ` Oliver Steffen
2025-12-11 12:25 ` Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251211103136.1578463-4-osteffen@redhat.com \
--to=osteffen@redhat.com \
--cc=anisinha@redhat.com \
--cc=eduardo@habkost.net \
--cc=imammedo@redhat.com \
--cc=joerg.roedel@amd.com \
--cc=kraxel@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=leonardi@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=sgarzare@redhat.com \
--cc=zhao1.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).