From: Xiaoyao Li <xiaoyao.li@intel.com>
To: Markus Armbruster <armbru@redhat.com>
Cc: "Paolo Bonzini" <pbonzini@redhat.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
"Marcel Apfelbaum" <marcel.apfelbaum@gmail.com>,
"Igor Mammedov" <imammedo@redhat.com>,
"Ani Sinha" <anisinha@redhat.com>, "Peter Xu" <peterx@redhat.com>,
"David Hildenbrand" <david@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Cornelia Huck" <cohuck@redhat.com>,
"Eric Blake" <eblake@redhat.com>,
"Marcelo Tosatti" <mtosatti@redhat.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
qemu-devel@nongnu.org, kvm@vger.kernel.org,
"Eduardo Habkost" <eduardo@habkost.net>,
"Laszlo Ersek" <lersek@redhat.com>,
"Isaku Yamahata" <isaku.yamahata@gmail.com>,
erdemaktas@google.com, "Chenyi Qiang" <chenyi.qiang@intel.com>
Subject: Re: [PATCH v2 02/58] i386: Introduce tdx-guest object
Date: Wed, 23 Aug 2023 15:27:03 +0800 [thread overview]
Message-ID: <a94957f6-cde2-c5ac-0391-d1df245dc25f@intel.com> (raw)
In-Reply-To: <87bkez7g0g.fsf@pond.sub.org>
On 8/22/2023 2:22 PM, Markus Armbruster wrote:
> Xiaoyao Li <xiaoyao.li@intel.com> writes:
>
>> Introduce tdx-guest object which implements the interface of
>> CONFIDENTIAL_GUEST_SUPPORT, and will be used to create TDX VMs (TDs) by
>>
>> qemu -machine ...,confidential-guest-support=tdx0 \
>> -object tdx-guset,id=tdx0
>
> Typo: tdx-guest
Will fix it.
>> It has only one property 'attributes' with fixed value 0 and not
>> configurable so far.
>
> This must refer to TdxGuest member @attributes.
>
> "Property" suggests QOM property, which @attributes isn't, at least not
> in this patch. Will it become a QOM property later in this series?
At least not in this series. Maybe in the future there is request to
directly configure the whole attributes via QOM property, but none from now.
I will change the description of it to avoid confusion.
> Hmm, @attributes appears to remain unused until PATCH 14. Recommend to
> delay its addition until then.
IMHO, it's not suitable to introduce it in patch 14. Using a separate
patch seems unnecessary. I'll leave it in this patch unless strong
objection on it.
>> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
>> Acked-by: Gerd Hoffmann <kraxel@redhat.com>
>> ---
>> changes from RFC-V4
>> - make @attributes not user-settable
>> ---
>> configs/devices/i386-softmmu/default.mak | 1 +
>> hw/i386/Kconfig | 5 +++
>> qapi/qom.json | 12 +++++++
>> target/i386/kvm/meson.build | 2 ++
>> target/i386/kvm/tdx.c | 40 ++++++++++++++++++++++++
>> target/i386/kvm/tdx.h | 19 +++++++++++
>> 6 files changed, 79 insertions(+)
>> create mode 100644 target/i386/kvm/tdx.c
>> create mode 100644 target/i386/kvm/tdx.h
>>
>> diff --git a/configs/devices/i386-softmmu/default.mak b/configs/devices/i386-softmmu/default.mak
>> index 598c6646dfc0..9b5ec59d65b0 100644
>> --- a/configs/devices/i386-softmmu/default.mak
>> +++ b/configs/devices/i386-softmmu/default.mak
>> @@ -18,6 +18,7 @@
>> #CONFIG_QXL=n
>> #CONFIG_SEV=n
>> #CONFIG_SGA=n
>> +#CONFIG_TDX=n
>> #CONFIG_TEST_DEVICES=n
>> #CONFIG_TPM_CRB=n
>> #CONFIG_TPM_TIS_ISA=n
>> diff --git a/hw/i386/Kconfig b/hw/i386/Kconfig
>> index 9051083c1e78..929f6c3f0e85 100644
>> --- a/hw/i386/Kconfig
>> +++ b/hw/i386/Kconfig
>> @@ -10,6 +10,10 @@ config SGX
>> bool
>> depends on KVM
>>
>> +config TDX
>> + bool
>> + depends on KVM
>> +
>> config PC
>> bool
>> imply APPLESMC
>> @@ -26,6 +30,7 @@ config PC
>> imply QXL
>> imply SEV
>> imply SGX
>> + imply TDX
>> imply TEST_DEVICES
>> imply TPM_CRB
>> imply TPM_TIS_ISA
>> diff --git a/qapi/qom.json b/qapi/qom.json
>> index e0b2044e3d20..2ca7ce7c0da5 100644
>> --- a/qapi/qom.json
>> +++ b/qapi/qom.json
>> @@ -866,6 +866,16 @@
>> 'reduced-phys-bits': 'uint32',
>> '*kernel-hashes': 'bool' } }
>>
>> +##
>> +# @TdxGuestProperties:
>> +#
>> +# Properties for tdx-guest objects.
>> +#
>> +# Since: 8.2
>> +##
>> +{ 'struct': 'TdxGuestProperties',
>> + 'data': { }}
>> +
>> ##
>> # @ThreadContextProperties:
>> #
>> @@ -944,6 +954,7 @@
>> 'sev-guest',
>> 'thread-context',
>> 's390-pv-guest',
>> + 'tdx-guest',
>> 'throttle-group',
>> 'tls-creds-anon',
>> 'tls-creds-psk',
>> @@ -1010,6 +1021,7 @@
>> 'secret_keyring': { 'type': 'SecretKeyringProperties',
>> 'if': 'CONFIG_SECRET_KEYRING' },
>> 'sev-guest': 'SevGuestProperties',
>> + 'tdx-guest': 'TdxGuestProperties',
>> 'thread-context': 'ThreadContextProperties',
>> 'throttle-group': 'ThrottleGroupProperties',
>> 'tls-creds-anon': 'TlsCredsAnonProperties',
>
> Actually useful only when CONFIG_TDX is on, but can't make it
> conditional here, as CONFIG_TDX is poisoned.
In fact, I just followed what SEV did.
To me, it looks OK to make it conditional on CONFIG_TDX. Could you
please elaborate "but can't make it conditional here, as CONFIG_TDX is
poisoned." ?
>> diff --git a/target/i386/kvm/meson.build b/target/i386/kvm/meson.build
>> index 40fbde96cac6..21ab03fe1349 100644
>> --- a/target/i386/kvm/meson.build
>> +++ b/target/i386/kvm/meson.build
>> @@ -11,6 +11,8 @@ i386_softmmu_kvm_ss.add(when: 'CONFIG_XEN_EMU', if_true: files('xen-emu.c'))
>>
>> i386_softmmu_kvm_ss.add(when: 'CONFIG_SEV', if_false: files('sev-stub.c'))
>>
>> +i386_softmmu_kvm_ss.add(when: 'CONFIG_TDX', if_true: files('tdx.c'))
>> +
>> i386_system_ss.add(when: 'CONFIG_HYPERV', if_true: files('hyperv.c'), if_false: files('hyperv-stub.c'))
>>
>> i386_system_ss.add_all(when: 'CONFIG_KVM', if_true: i386_softmmu_kvm_ss)
>> diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
>> new file mode 100644
>> index 000000000000..d3792d4a3d56
>> --- /dev/null
>> +++ b/target/i386/kvm/tdx.c
>> @@ -0,0 +1,40 @@
>> +/*
>> + * QEMU TDX support
>> + *
>> + * Copyright Intel
>> + *
>> + * Author:
>> + * Xiaoyao Li <xiaoyao.li@intel.com>
>> + *
>> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
>> + * See the COPYING file in the top-level directory
>> + *
>> + */
>> +
>> +#include "qemu/osdep.h"
>> +#include "qom/object_interfaces.h"
>> +
>> +#include "tdx.h"
>> +
>> +/* tdx guest */
>> +OBJECT_DEFINE_TYPE_WITH_INTERFACES(TdxGuest,
>> + tdx_guest,
>> + TDX_GUEST,
>> + CONFIDENTIAL_GUEST_SUPPORT,
>> + { TYPE_USER_CREATABLE },
>> + { NULL })
>> +
>> +static void tdx_guest_init(Object *obj)
>> +{
>> + TdxGuest *tdx = TDX_GUEST(obj);
>> +
>> + tdx->attributes = 0;
>> +}
>> +
>> +static void tdx_guest_finalize(Object *obj)
>> +{
>> +}
>> +
>> +static void tdx_guest_class_init(ObjectClass *oc, void *data)
>> +{
>> +}
>> diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h
>> new file mode 100644
>> index 000000000000..415aeb5af746
>> --- /dev/null
>> +++ b/target/i386/kvm/tdx.h
>> @@ -0,0 +1,19 @@
>> +#ifndef QEMU_I386_TDX_H
>> +#define QEMU_I386_TDX_H
>> +
>> +#include "exec/confidential-guest-support.h"
>> +
>> +#define TYPE_TDX_GUEST "tdx-guest"
>> +#define TDX_GUEST(obj) OBJECT_CHECK(TdxGuest, (obj), TYPE_TDX_GUEST)
>> +
>> +typedef struct TdxGuestClass {
>> + ConfidentialGuestSupportClass parent_class;
>> +} TdxGuestClass;
>> +
>> +typedef struct TdxGuest {
>> + ConfidentialGuestSupport parent_obj;
>> +
>> + uint64_t attributes; /* TD attributes */
>> +} TdxGuest;
>> +
>> +#endif /* QEMU_I386_TDX_H */
>
> QAPI schema
> Acked-by: Markus Armbruster <armbru@redhat.com>
Thank you!
next prev parent reply other threads:[~2023-08-23 7:28 UTC|newest]
Thread overview: 118+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-18 9:49 [PATCH v2 00/58] TDX QEMU support Xiaoyao Li
2023-08-18 9:49 ` [PATCH v2 01/58] *** HACK *** linux-headers: Update headers to pull in TDX API changes Xiaoyao Li
2023-08-18 9:49 ` [PATCH v2 02/58] i386: Introduce tdx-guest object Xiaoyao Li
2023-08-22 6:22 ` Markus Armbruster
2023-08-23 7:27 ` Xiaoyao Li [this message]
2023-08-23 11:14 ` Markus Armbruster
2023-08-18 9:49 ` [PATCH v2 03/58] target/i386: Parse TDX vm type Xiaoyao Li
2023-08-21 8:27 ` Daniel P. Berrangé
2023-08-21 13:37 ` Xiaoyao Li
2023-08-18 9:49 ` [PATCH v2 04/58] target/i386: Introduce kvm_confidential_guest_init() Xiaoyao Li
2023-08-29 14:42 ` Philippe Mathieu-Daudé
2023-08-18 9:49 ` [PATCH v2 05/58] i386/tdx: Implement tdx_kvm_init() to initialize TDX VM context Xiaoyao Li
2023-08-18 9:49 ` [PATCH v2 06/58] i386/tdx: Get tdx_capabilities via KVM_TDX_CAPABILITIES Xiaoyao Li
2023-08-21 8:46 ` Daniel P. Berrangé
2023-08-22 7:31 ` Xiaoyao Li
2023-08-22 8:19 ` Daniel P. Berrangé
2023-08-18 9:49 ` [PATCH v2 07/58] i386/tdx: Introduce is_tdx_vm() helper and cache tdx_guest object Xiaoyao Li
2023-08-21 8:48 ` Daniel P. Berrangé
2023-08-22 7:46 ` Xiaoyao Li
2023-08-18 9:49 ` [PATCH v2 08/58] i386/tdx: Adjust the supported CPUID based on TDX restrictions Xiaoyao Li
2023-08-21 23:00 ` Isaku Yamahata
2023-08-23 3:59 ` Xiaoyao Li
2023-10-10 1:02 ` Tina Zhang
2023-10-10 5:29 ` Xiaoyao Li
2023-08-18 9:49 ` [PATCH v2 09/58] i386/tdx: Update tdx_cpuid_lookup[].tdx_fixed0/1 by tdx_caps.cpuid_config[] Xiaoyao Li
2023-08-18 9:49 ` [PATCH v2 10/58] i386/tdx: Integrate tdx_caps->xfam_fixed0/1 into tdx_cpuid_lookup Xiaoyao Li
2023-08-18 9:49 ` [PATCH v2 11/58] i386/tdx: Integrate tdx_caps->attrs_fixed0/1 to tdx_cpuid_lookup Xiaoyao Li
2023-08-18 9:49 ` [PATCH v2 12/58] i386/kvm: Move architectural CPUID leaf generation to separate helper Xiaoyao Li
2023-08-18 9:49 ` [PATCH v2 13/58] kvm: Introduce kvm_arch_pre_create_vcpu() Xiaoyao Li
2023-08-21 8:55 ` Daniel P. Berrangé
2023-08-29 14:40 ` Philippe Mathieu-Daudé
2023-08-30 1:45 ` Xiaoyao Li
2023-08-30 16:54 ` Isaku Yamahata
2023-08-18 9:49 ` [PATCH v2 14/58] i386/tdx: Initialize TDX before creating TD vcpus Xiaoyao Li
2023-08-21 8:54 ` Daniel P. Berrangé
2023-08-18 9:49 ` [PATCH v2 15/58] i386/tdx: Add property sept-ve-disable for tdx-guest object Xiaoyao Li
2023-08-21 8:59 ` Daniel P. Berrangé
2023-08-22 6:27 ` Markus Armbruster
2023-08-22 8:39 ` Xiaoyao Li
2023-08-18 9:49 ` [PATCH v2 16/58] i386/tdx: Make sept_ve_disable set by default Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 17/58] i386/tdx: Wire CPU features up with attributes of TD guest Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 18/58] i386/tdx: Validate TD attributes Xiaoyao Li
2023-08-21 9:16 ` Daniel P. Berrangé
2023-08-22 14:21 ` Xiaoyao Li
2023-08-22 14:30 ` Xiaoyao Li
2023-08-22 14:42 ` Daniel P. Berrangé
2023-08-23 7:31 ` Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 19/58] qom: implement property helper for sha384 Xiaoyao Li
2023-08-21 9:25 ` Daniel P. Berrangé
2023-08-21 23:28 ` Isaku Yamahata
2023-08-18 9:50 ` [PATCH v2 20/58] i386/tdx: Allows mrconfigid/mrowner/mrownerconfig for TDX_INIT_VM Xiaoyao Li
2023-08-21 9:29 ` Daniel P. Berrangé
2023-08-22 6:35 ` Markus Armbruster
2023-08-18 9:50 ` [PATCH v2 21/58] i386/tdx: Implement user specified tsc frequency Xiaoyao Li
2023-08-21 9:30 ` Daniel P. Berrangé
2023-08-18 9:50 ` [PATCH v2 22/58] i386/tdx: Set kvm_readonly_mem_enabled to false for TDX VM Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 23/58] i386/tdx: Make memory type private by default Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 24/58] i386/tdx: Create kvm gmem for TD Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 25/58] kvm/tdx: Don't complain when converting vMMIO region to shared Xiaoyao Li
2023-08-21 9:34 ` Daniel P. Berrangé
2023-08-18 9:50 ` [PATCH v2 26/58] kvm/tdx: Ignore memory conversion to shared of unassigned region Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 27/58] i386/tdvf: Introduce function to parse TDVF metadata Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 28/58] i386/tdx: Parse TDVF metadata for TDX VM Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 29/58] i386/tdx: Skip BIOS shadowing setup Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 30/58] i386/tdx: Don't initialize pc.rom for TDX VMs Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 31/58] i386/tdx: Track mem_ptr for each firmware entry of TDVF Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 32/58] i386/tdx: Track RAM entries for TDX VM Xiaoyao Li
2023-08-21 9:38 ` Daniel P. Berrangé
2023-08-22 15:39 ` Xiaoyao Li
2023-08-21 23:40 ` Isaku Yamahata
2023-08-22 15:45 ` Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 33/58] headers: Add definitions from UEFI spec for volumes, resources, etc Xiaoyao Li
2023-08-23 19:41 ` Isaku Yamahata
2023-08-24 7:50 ` Xiaoyao Li
2023-08-24 7:55 ` Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 34/58] i386/tdx: Setup the TD HOB list Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 35/58] i386/tdx: Add TDVF memory via KVM_TDX_INIT_MEM_REGION Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 36/58] memory: Introduce memory_region_init_ram_gmem() Xiaoyao Li
2023-08-21 9:40 ` Daniel P. Berrangé
2023-08-29 14:33 ` Philippe Mathieu-Daudé
2023-08-30 1:53 ` Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 37/58] i386/tdx: register TDVF as private memory Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 38/58] i386/tdx: Call KVM_TDX_INIT_VCPU to initialize TDX vcpu Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 39/58] i386/tdx: Finalize TDX VM Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 40/58] i386/tdx: handle TDG.VP.VMCALL<SetupEventNotifyInterrupt> Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 41/58] i386/tdx: handle TDG.VP.VMCALL<GetQuote> Xiaoyao Li
2023-08-22 6:52 ` Markus Armbruster
2023-08-22 8:24 ` Daniel P. Berrangé
2023-08-29 5:31 ` Chenyi Qiang
2023-08-29 10:25 ` Daniel P. Berrangé
2023-08-30 5:18 ` Chenyi Qiang
2023-08-30 5:57 ` Xiaoyao Li
2023-08-30 7:48 ` Daniel P. Berrangé
2023-08-31 6:49 ` Xiaoyao Li
2023-09-26 20:33 ` Markus Armbruster
2023-08-18 9:50 ` [PATCH v2 42/58] i386/tdx: register the fd read callback with the main loop to read the quote data Xiaoyao Li
2023-08-24 6:27 ` Chenyi Qiang
2023-08-18 9:50 ` [PATCH v2 45/58] i386/tdx: Limit the range size for MapGPA Xiaoyao Li
2023-08-21 22:30 ` Isaku Yamahata
2023-08-18 9:50 ` [PATCH v2 46/58] i386/tdx: Handle TDG.VP.VMCALL<REPORT_FATAL_ERROR> Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 47/58] i386/tdx: Wire REPORT_FATAL_ERROR with GuestPanic facility Xiaoyao Li
2023-08-21 9:58 ` Daniel P. Berrangé
2023-08-28 13:14 ` Xiaoyao Li
2023-08-29 10:28 ` Daniel P. Berrangé
2023-08-30 2:15 ` Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 48/58] i386/tdx: Disable SMM for TDX VMs Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 49/58] i386/tdx: Disable PIC " Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 50/58] i386/tdx: Don't allow system reset " Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 51/58] i386/tdx: LMCE is not supported for TDX Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 52/58] hw/i386: add eoi_intercept_unsupported member to X86MachineState Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 53/58] hw/i386: add option to forcibly report edge trigger in acpi tables Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 54/58] i386/tdx: Don't synchronize guest tsc for TDs Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 55/58] i386/tdx: Only configure MSR_IA32_UCODE_REV in kvm_init_msrs() " Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 56/58] i386/tdx: Skip kvm_put_apicbase() " Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 57/58] i386/tdx: Don't get/put guest state for TDX VMs Xiaoyao Li
2023-08-18 9:50 ` [PATCH v2 58/58] docs: Add TDX documentation Xiaoyao Li
[not found] ` <20230818095041.1973309-44-xiaoyao.li@intel.com>
2023-08-24 7:21 ` [PATCH v2 43/58] i386/tdx: setup a timer for the qio channel Chenyi Qiang
2023-08-24 8:34 ` Xiaoyao Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a94957f6-cde2-c5ac-0391-d1df245dc25f@intel.com \
--to=xiaoyao.li@intel.com \
--cc=anisinha@redhat.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=chenyi.qiang@intel.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=eblake@redhat.com \
--cc=eduardo@habkost.net \
--cc=erdemaktas@google.com \
--cc=imammedo@redhat.com \
--cc=isaku.yamahata@gmail.com \
--cc=kraxel@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=lersek@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).