From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Xiaoyao Li <xiaoyao.li@intel.com>
Cc: "Paolo Bonzini" <pbonzini@redhat.com>,
"David Hildenbrand" <david@redhat.com>,
"Igor Mammedov" <imammedo@redhat.com>,
"Michael S . Tsirkin" <mst@redhat.com>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Peter Xu" <peterx@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Cornelia Huck" <cohuck@redhat.com>,
"Eric Blake" <eblake@redhat.com>,
"Markus Armbruster" <armbru@redhat.com>,
"Marcelo Tosatti" <mtosatti@redhat.com>,
qemu-devel@nongnu.org, kvm@vger.kernel.org,
"Michael Roth" <michael.roth@amd.com>,
"Sean Christopherson" <seanjc@google.com>,
"Claudio Fontana" <cfontana@suse.de>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Isaku Yamahata" <isaku.yamahata@gmail.com>,
"Chenyi Qiang" <chenyi.qiang@intel.com>
Subject: Re: [PATCH v4 50/66] i386/tdx: handle TDG.VP.VMCALL<GetQuote>
Date: Thu, 22 Feb 2024 16:30:25 +0000 [thread overview]
Message-ID: <Zdd2oSFOiIparDIe@redhat.com> (raw)
In-Reply-To: <20240125032328.2522472-51-xiaoyao.li@intel.com>
On Wed, Jan 24, 2024 at 10:23:12PM -0500, Xiaoyao Li wrote:
> From: Isaku Yamahata <isaku.yamahata@intel.com>
>
> Add property "quote-generation-socket" to tdx-guest, which is a property
> of type SocketAddress to specify Quote Generation Service(QGS).
>
> On request of GetQuote, it connects to the QGS socket, read request
> data from shared guest memory, send the request data to the QGS,
> and store the response into shared guest memory, at last notify
> TD guest by interrupt.
>
> command line example:
> qemu-system-x86_64 \
> -object '{"qom-type":"tdx-guest","id":"tdx0","quote-generation-socket":{"type": "vsock", "cid":"1","port":"1234"}}' \
> -machine confidential-guest-support=tdx0
>
> Note, above example uses vsock type socket because the QGS we used
> implements the vsock socket. It can be other types, like UNIX socket,
> which depends on the implementation of QGS.
Can you confirm again exactly what QGS impl you are testing against ?
I've tried the impl at
https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/QuoteGeneration/quote_wrapper/qgs
which supports UNIX sockets and VSOCK. In both cases, however, it
appears to be speaking a different protocol than your QEMU impl
below uses.
Specifically here:
https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/QuoteGeneration/quote_wrapper/qgs/qgs_server.cpp#L143
it is reading 4 bytes of header, which are interpreted as the length
of the payload which will then be read off the wire. IIUC the payload
it expects is the TDREPORT struct.
Your QEMU patches here meanwhile are just sending the payload from
the GetQuote hypercall which is the TDREPORT struct.
IOW, QEMU is not sending the 4 byte length header the QGS expects.
and whole thing fails.
>
> To avoid no response from QGS server, setup a timer for the transaction.
> If timeout, make it an error and interrupt guest. Define the threshold of
> time to 30s at present, maybe change to other value if not appropriate.
>
> Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
> Codeveloped-by: Chenyi Qiang <chenyi.qiang@intel.com>
> Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
> Codeveloped-by: Xiaoyao Li <xiaoyao.li@intel.com>
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> ---
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2024-02-22 16:31 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-25 3:22 [PATCH v4 00/66] QEMU Guest memfd + QEMU TDX support Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 01/66] linux-headers: Update to Linux v6.8-rc1 Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 02/66] RAMBlock: Add support of KVM private guest memfd Xiaoyao Li
2024-01-26 13:57 ` David Hildenbrand
2024-01-29 2:23 ` Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 03/66] HostMem: Add mechanism to opt in kvm guest memfd via MachineState Xiaoyao Li
2024-01-26 13:58 ` David Hildenbrand
2024-01-25 3:22 ` [PATCH v4 04/66] trace/kvm: Split address space and slot id in trace_kvm_set_user_memory() Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 05/66] kvm: Enable KVM_SET_USER_MEMORY_REGION2 for memslot Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 06/66] kvm: Introduce support for memory_attributes Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 07/66] physmem: Introduce ram_block_discard_guest_memfd_range() Xiaoyao Li
2024-01-25 18:45 ` David Hildenbrand
2024-01-25 3:22 ` [PATCH v4 08/66] kvm: handle KVM_EXIT_MEMORY_FAULT Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 09/66] trace/kvm: Add trace for page convertion between shared and private Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 10/66] *** HACK *** linux-headers: Update headers to pull in TDX API changes Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 11/66] i386: Introduce tdx-guest object Xiaoyao Li
2024-02-19 12:34 ` Markus Armbruster
2024-02-19 12:44 ` Daniel P. Berrangé
2024-01-25 3:22 ` [PATCH v4 12/66] target/i386: Implement mc->kvm_type() to get VM type Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 13/66] target/i386: Introduce kvm_confidential_guest_init() Xiaoyao Li
2024-01-29 18:02 ` Daniel P. Berrangé
2024-01-25 3:22 ` [PATCH v4 14/66] i386/tdx: Implement tdx_kvm_init() to initialize TDX VM context Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 15/66] i386/tdx: Get tdx_capabilities via KVM_TDX_CAPABILITIES Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 16/66] i386/tdx: Introduce is_tdx_vm() helper and cache tdx_guest object Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 17/66] i386/tdx: Adjust the supported CPUID based on TDX restrictions Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 18/66] i386/tdx: Make Intel-PT unsupported for TD guest Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 19/66] i386/tdx: Update tdx_cpuid_lookup[].tdx_fixed0/1 by tdx_caps.cpuid_config[] Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 20/66] i386/tdx: Integrate tdx_caps->xfam_fixed0/1 into tdx_cpuid_lookup Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 21/66] i386/tdx: Integrate tdx_caps->attrs_fixed0/1 to tdx_cpuid_lookup Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 22/66] i386/kvm: Move architectural CPUID leaf generation to separate helper Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 23/66] kvm: Introduce kvm_arch_pre_create_vcpu() Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 24/66] i386/tdx: Initialize TDX before creating TD vcpus Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 25/66] i386/tdx: Add property sept-ve-disable for tdx-guest object Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 26/66] i386/tdx: Make sept_ve_disable set by default Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 27/66] i386/tdx: Wire CPU features up with attributes of TD guest Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 28/66] i386/tdx: Validate TD attributes Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 29/66] i386/tdx: Support user configurable mrconfigid/mrowner/mrownerconfig Xiaoyao Li
2024-02-19 12:48 ` Markus Armbruster
2024-02-20 15:10 ` Xiaoyao Li
2024-02-20 16:14 ` Markus Armbruster
2024-01-25 3:22 ` [PATCH v4 30/66] i386/tdx: Implement user specified tsc frequency Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 31/66] i386/tdx: Set kvm_readonly_mem_enabled to false for TDX VM Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 32/66] kvm/memory: Introduce the infrastructure to set the default shared/private value Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 33/66] i386/tdx: Make memory type private by default Xiaoyao Li
2024-01-26 14:58 ` David Hildenbrand
2024-01-29 2:18 ` Xiaoyao Li
2024-02-20 15:08 ` David Hildenbrand
2024-01-25 3:22 ` [PATCH v4 34/66] kvm/tdx: Don't complain when converting vMMIO region to shared Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 35/66] kvm/tdx: Ignore memory conversion to shared of unassigned region Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 36/66] i386/tdvf: Introduce function to parse TDVF metadata Xiaoyao Li
2024-01-25 3:22 ` [PATCH v4 37/66] i386/tdx: Parse TDVF metadata for TDX VM Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 38/66] i386/tdx: Skip BIOS shadowing setup Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 39/66] i386/tdx: Don't initialize pc.rom for TDX VMs Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 40/66] i386/tdx: Track mem_ptr for each firmware entry of TDVF Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 41/66] i386/tdx: Track RAM entries for TDX VM Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 42/66] headers: Add definitions from UEFI spec for volumes, resources, etc Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 43/66] i386/tdx: Setup the TD HOB list Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 44/66] i386/tdx: Add TDVF memory via KVM_TDX_INIT_MEM_REGION Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 45/66] memory: Introduce memory_region_init_ram_guest_memfd() Xiaoyao Li
2024-01-26 14:55 ` David Hildenbrand
2024-01-25 3:23 ` [PATCH v4 46/66] i386/tdx: register TDVF as private memory Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 47/66] i386/tdx: Call KVM_TDX_INIT_VCPU to initialize TDX vcpu Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 48/66] i386/tdx: Finalize TDX VM Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 49/66] i386/tdx: handle TDG.VP.VMCALL<SetupEventNotifyInterrupt> Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 50/66] i386/tdx: handle TDG.VP.VMCALL<GetQuote> Xiaoyao Li
[not found] ` <87zfvwehyz.fsf@pond.sub.org>
2024-02-19 12:55 ` Daniel P. Berrangé
2024-02-19 14:41 ` Markus Armbruster
2024-02-20 14:16 ` Xiaoyao Li
2024-02-22 16:30 ` Daniel P. Berrangé [this message]
2024-02-23 1:06 ` Xiaoyao Li
2024-02-23 1:48 ` Qiu, Feng
2024-01-25 3:23 ` [PATCH v4 51/66] i386/tdx: handle TDG.VP.VMCALL<MapGPA> hypercall Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 52/66] i386/tdx: Handle TDG.VP.VMCALL<REPORT_FATAL_ERROR> Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 53/66] i386/tdx: Wire TDX_REPORT_FATAL_ERROR with GuestPanic facility Xiaoyao Li
2024-02-19 12:53 ` Markus Armbruster
2024-02-27 9:51 ` Xiaoyao Li
2024-02-27 11:51 ` Markus Armbruster
2024-02-27 12:09 ` Xiaoyao Li
2024-02-27 13:09 ` Markus Armbruster
2024-02-27 14:51 ` Xiaoyao Li
2024-02-27 15:42 ` Markus Armbruster
2024-01-25 3:23 ` [PATCH v4 54/66] pci-host/q35: Move PAM initialization above SMRAM initialization Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 55/66] q35: Introduce smm_ranges property for q35-pci-host Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 56/66] i386/tdx: Disable SMM for TDX VMs Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 57/66] i386/tdx: Disable PIC " Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 58/66] i386/tdx: Don't allow system reset " Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 59/66] i386/tdx: LMCE is not supported for TDX Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 60/66] hw/i386: add eoi_intercept_unsupported member to X86MachineState Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 61/66] hw/i386: add option to forcibly report edge trigger in acpi tables Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 62/66] i386/tdx: Don't synchronize guest tsc for TDs Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 63/66] i386/tdx: Only configure MSR_IA32_UCODE_REV in kvm_init_msrs() " Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 64/66] i386/tdx: Skip kvm_put_apicbase() " Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 65/66] i386/tdx: Don't get/put guest state for TDX VMs Xiaoyao Li
2024-01-25 3:23 ` [PATCH v4 66/66] docs: Add TDX documentation Xiaoyao Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zdd2oSFOiIparDIe@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=cfontana@suse.de \
--cc=chenyi.qiang@intel.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=eblake@redhat.com \
--cc=imammedo@redhat.com \
--cc=isaku.yamahata@gmail.com \
--cc=kraxel@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=marcel.apfelbaum@gmail.com \
--cc=michael.roth@amd.com \
--cc=mst@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=seanjc@google.com \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).