These patches implement SEV-SNP base support along with CPUID enforcement
support for QEMU, and are also available at:

  https://github.com/amdese/qemu/commits/snp-v3-rfc

they are based on top of the following patchset from Paolo:

  "[PATCH 0/7] target/i386: VM type infrastructure and KVM_SEV_INIT2 support"
  https://lists.gnu.org/archive/html/qemu-devel/2024-03/msg04663.html


Patch Layout
------------

01-05: Various changes needed to handle new header files in kvm-next tree
       and some hacks to get a functional header sync in place for building
       this series.
06-18: These are patches directly plucked from Xiaoyao's TDX v5 patchset[1]
       that implement common dependencies between SNP/TDX like base
       guest_memfd, KVM_EXIT_MEMORY_FAULT handling (with a small FIXUP), and
       mechanisms to disable SMM. We would've also needed some of the basic
       infrastructure for handling specifying VM types for KVM_CREATE, but
       much of that is now part of the sevinit2 series this patchset is based
       on. Ideally all these patches, once stable, could be maintained in a
       common tree so that future SNP/TDX patchsets can be more easily
       iterated on/reviewed.
19-20: Patches introduced by this series that are  possible candidate for a
       common tree.
       shared/private pages when things like VFIO are in use.
21-32: Introduction of sev-snp-guest object and various configuration
       requirements for SNP.
33-36: Handling for various KVM_EXIT_VMGEXIT events that are handled in
       userspace.
37-49: Support for creating a cryptographic "launch" context and populating
       various OVMF metadata pages, BIOS regions, and vCPU/VMSA pages with
       the initial encrypted/measured/validated launch data prior to
       launching the SNP guest.


Testing
-------

This series has been tested against the following host kernel tree, which
is a snapshot of the latest WIP SNP hypervisor tree at the time of this
posting. It will likely not be kept up to date afterward, so please keep an
eye upstream or official AMDESE github if you are looking for the latest
some time after this posting:

  https://github.com/mdroth/linux/commits/snp-host-v12-wip40/

A patched OVMF is also needed due to upstream KVM no longer supporting MMIO
ranges that are mapped as private. It is recommended you build the AmdSevX64
variant as it provides the kernel-hashing support present in this series:

  https://github.com/mdroth/edk2/commits/apic-mmio-fix1c/

A basic command-line invocation for SNP would be:

 qemu-system-x86_64 -smp 32,maxcpus=255 -cpu EPYC-Milan-v2
  -machine q35,confidential-guest-support=sev0,memory-backend=ram1
  -object memory-backend-memfd,id=ram1,size=4G,share=true,reserve=false
  -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,id-auth=
  -bios /home/mroth/ovmf/OVMF_CODE-upstream-20240228-apicfix-1c-AmdSevX64.fd

With kernel-hashing and certificate data supplied:

 qemu-system-x86_64 -smp 32,maxcpus=255 -cpu EPYC-Milan-v2
  -machine q35,confidential-guest-support=sev0,memory-backend=ram1
  -object memory-backend-memfd,id=ram1,size=4G,share=true,reserve=false
  -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,id-auth=,certs-path=/home/mroth/cert.blob,kernel-hashes=on
  -bios /home/mroth/ovmf/OVMF_CODE-upstream-20240228-apicfix-1c-AmdSevX64.fd
  -kernel /boot/vmlinuz-6.8.0-snp-host-v12-wip40+
  -initrd /boot/initrd.img-6.8.0-snp-host-v12-wip40+
  -append "root=UUID=d72a6d1c-06cf-4b79-af43-f1bac4f620f9 ro console=ttyS0,115200n8"

Any comments/feedback would be very much appreciated.

[1] https://github.com/amdese/linux
    https://github.com/amdese/amdsev/tree/snp-latest

Changes since rfc2:

- reworked on top of guest_memfd support
- added handling for various KVM_EXIT_VMGEXIT events
- various changes/considerations for PCI passthrough support
- general bugfixes/hardening/cleanups
- qapi cmdline doc fixes/rework (Dov, Markus)
- switch to qbase64_decode, more error-checking for cmdline opts (Dov)
- unset id_block_en for 0 input (Dov)
- use error_setg in snp init (Dov)
- report more info in trace_kvm_sev_init (Dov)
- rework bounds-checking for kvm_cpuid_info, rework existing checks for readability, add additional checks (Dov)
- fixups for validated_ranges handling (Dov)
- rename 'policy' field to 'snp-policy' in query-sev when sev-type is SNP

Changes since rfc1:

 - rebased onto latest master
 - drop SNP config file in favor of a new 'sev-snp-guest' object where all
   SNP-related params are passed as strings/integers via command-line
 - report specific error if BIOS reports invalid address/len for
   reserved/pre-validated regions (Connor)
 - use Range helpers for handling validated region overlaps (Dave)
 - simplify error handling in sev_snp_launch_start, and report the correct
   return code when handling LAUNCH_START failures (Dov)
 - add SEV-SNP bit to CPUID 0x8000001f when SNP enabled
 - updated query-sev to handle differences between SEV and SEV-SNP
 - updated to work against v5 of SEV-SNP host kernel / hypervisor patches

----------------------------------------------------------------
Brijesh Singh (5):
      i386/sev: Introduce 'sev-snp-guest' object
      i386/sev: Add the SNP launch start context
      i386/sev: Add handling to encrypt/finalize guest launch data
      hw/i386/sev: Add function to get SEV metadata from OVMF header
      i386/sev: Add support for populating OVMF metadata pages

Chao Peng (2):
      kvm: Enable KVM_SET_USER_MEMORY_REGION2 for memslot
      kvm: handle KVM_EXIT_MEMORY_FAULT

Dov Murik (4):
      qapi, i386: Move kernel-hashes to SevCommonProperties
      i386/sev: Extract build_kernel_loader_hashes
      i386/sev: Reorder struct declarations
      i386/sev: Allow measured direct kernel boot on SNP

Isaku Yamahata (2):
      pci-host/q35: Move PAM initialization above SMRAM initialization
      q35: Introduce smm_ranges property for q35-pci-host

Michael Roth (30):
      Revert "linux-headers hack" from sevinit2 base tree
      scripts/update-linux-headers: Add setup_data.h to import list
      scripts/update-linux-headers: Add bits.h to file imports
      [HACK] linux-headers: Update headers for 6.8 + kvm-coco-queue + SNP
      [TEMP] hw/i386: Remove redeclaration of struct setup_data
      RAMBlock: Add support of KVM private guest memfd
      [FIXUP] "kvm: handle KVM_EXIT_MEMORY_FAULT": drop qemu_host_page_size
      trace/kvm: Add trace for page convertion between shared and private
      kvm: Make kvm_convert_memory() obey ram_block_discard_is_enabled()
      trace/kvm: Add trace for KVM_EXIT_MEMORY_FAULT
      i386/sev: Introduce "sev-common" type to encapsulate common SEV state
      i386/sev: Add a sev_snp_enabled() helper
      target/i386: Add handling for KVM_X86_SNP_VM VM type
      i386/sev: Skip RAMBlock notifiers for SNP
      i386/sev: Skip machine-init-done notifiers for SNP
      i386/sev: Set ms->require_guest_memfd for SNP
      i386/sev: Disable SMM for SNP
      i386/sev: Don't disable block discarding for SNP
      i386/cpu: Set SEV-SNP CPUID bit when SNP enabled
      i386/sev: Update query-sev QAPI format to handle SEV-SNP
      i386/sev: Don't return launch measurements for SEV-SNP guests
      kvm: Make kvm_convert_memory() non-static
      i386/sev: Add KVM_EXIT_VMGEXIT handling for Page State Changes
      i386/sev: Add KVM_EXIT_VMGEXIT handling for Page State Changes (MSR-based)
      i386/sev: Add KVM_EXIT_VMGEXIT handling for Extended Guest Requests
      i386/sev: Set CPU state to protected once SNP guest payload is finalized
      i386/sev: Add support for SNP CPUID validation
      hw/i386/sev: Add support to encrypt BIOS when SEV-SNP is enabled
      hw/i386/sev: Use guest_memfd for legacy ROMs
      hw/i386: Add support for loading BIOS using guest_memfd

Xiaoyao Li (6):
      HostMem: Add mechanism to opt in kvm guest memfd via MachineState
      trace/kvm: Split address space and slot id in trace_kvm_set_user_memory()
      kvm: Introduce support for memory_attributes
      physmem: Introduce ram_block_discard_guest_memfd_range()
      kvm/memory: Make memory type private by default if it has guest memfd backend
      memory: Introduce memory_region_init_ram_guest_memfd()

 accel/kvm/kvm-all.c                                |  241 ++-
 accel/kvm/trace-events                             |    4 +-
 accel/stubs/kvm-stub.c                             |    5 +
 backends/hostmem-file.c                            |    1 +
 backends/hostmem-memfd.c                           |    1 +
 backends/hostmem-ram.c                             |    1 +
 backends/hostmem.c                                 |    1 +
 docs/system/i386/amd-memory-encryption.rst         |   78 +-
 hw/core/machine.c                                  |    5 +
 hw/i386/pc.c                                       |   13 +-
 hw/i386/pc_q35.c                                   |    2 +
 hw/i386/pc_sysfw.c                                 |   25 +-
 hw/i386/pc_sysfw_ovmf.c                            |   33 +
 hw/i386/x86.c                                      |   46 +-
 hw/pci-host/q35.c                                  |   61 +-
 include/exec/cpu-common.h                          |    2 +
 include/exec/memory.h                              |   26 +-
 include/exec/ram_addr.h                            |    2 +-
 include/exec/ramblock.h                            |    1 +
 include/hw/boards.h                                |    2 +
 include/hw/i386/pc.h                               |   31 +-
 include/hw/i386/x86.h                              |    2 +-
 include/hw/pci-host/q35.h                          |    1 +
 include/standard-headers/asm-x86/bootparam.h       |   17 +-
 include/standard-headers/asm-x86/kvm_para.h        |    3 +-
 include/standard-headers/linux/ethtool.h           |   48 +
 include/standard-headers/linux/fuse.h              |   39 +-
 include/standard-headers/linux/input-event-codes.h |    1 +
 include/standard-headers/linux/virtio_gpu.h        |    2 +
 include/standard-headers/linux/virtio_snd.h        |  154 ++
 include/sysemu/hostmem.h                           |    1 +
 include/sysemu/kvm.h                               |    7 +
 include/sysemu/kvm_int.h                           |    2 +
 linux-headers/asm-arm64/kvm.h                      |   15 +-
 linux-headers/asm-arm64/sve_context.h              |   11 +
 linux-headers/asm-generic/bitsperlong.h            |    4 +
 linux-headers/asm-loongarch/kvm.h                  |    2 -
 linux-headers/asm-mips/kvm.h                       |    2 -
 linux-headers/asm-powerpc/kvm.h                    |   45 +-
 linux-headers/asm-riscv/kvm.h                      |    3 +-
 linux-headers/asm-s390/kvm.h                       |  315 +++-
 linux-headers/asm-x86/kvm.h                        |  372 ++++-
 linux-headers/asm-x86/setup_data.h                 |   83 +
 linux-headers/linux/bits.h                         |   15 +
 linux-headers/linux/kvm.h                          |  719 +--------
 linux-headers/linux/psp-sev.h                      |   71 +
 qapi/misc-target.json                              |   71 +-
 qapi/qom.json                                      |   96 +-
 scripts/update-linux-headers.sh                    |    5 +-
 system/memory.c                                    |   30 +
 system/physmem.c                                   |   47 +-
 target/i386/cpu.c                                  |    1 +
 target/i386/kvm/kvm.c                              |    4 +
 target/i386/sev-sysemu-stub.c                      |    2 +-
 target/i386/sev.c                                  | 1631 ++++++++++++++++----
 target/i386/sev.h                                  |   13 +-
 target/i386/trace-events                           |    3 +
 57 files changed, 3272 insertions(+), 1146 deletions(-)
 create mode 100644 linux-headers/asm-x86/setup_data.h
 create mode 100644 linux-headers/linux/bits.h

> On 20 Mar 2024, at 14:08, Michael Roth <michael.roth@amd.com> wrote:
> 
> These patches implement SEV-SNP base support along with CPUID enforcement
> support for QEMU, and are also available at:
> 
>  https://github.com/amdese/qemu/commits/snp-v3-rfc
> 
> they are based on top of the following patchset from Paolo:
> 
>  "[PATCH 0/7] target/i386: VM type infrastructure and KVM_SEV_INIT2 support"
>  https://lists.gnu.org/archive/html/qemu-devel/2024-03/msg04663.html

Can you please also CC me on future revisions of this patchset? 

Thanks!


> 
> 
> Patch Layout
> ------------
> 
> 01-05: Various changes needed to handle new header files in kvm-next tree
>       and some hacks to get a functional header sync in place for building
>       this series.
> 06-18: These are patches directly plucked from Xiaoyao's TDX v5 patchset[1]
>       that implement common dependencies between SNP/TDX like base
>       guest_memfd, KVM_EXIT_MEMORY_FAULT handling (with a small FIXUP), and
>       mechanisms to disable SMM. We would've also needed some of the basic
>       infrastructure for handling specifying VM types for KVM_CREATE, but
>       much of that is now part of the sevinit2 series this patchset is based
>       on. Ideally all these patches, once stable, could be maintained in a
>       common tree so that future SNP/TDX patchsets can be more easily
>       iterated on/reviewed.
> 19-20: Patches introduced by this series that are  possible candidate for a
>       common tree.
>       shared/private pages when things like VFIO are in use.
> 21-32: Introduction of sev-snp-guest object and various configuration
>       requirements for SNP.
> 33-36: Handling for various KVM_EXIT_VMGEXIT events that are handled in
>       userspace.
> 37-49: Support for creating a cryptographic "launch" context and populating
>       various OVMF metadata pages, BIOS regions, and vCPU/VMSA pages with
>       the initial encrypted/measured/validated launch data prior to
>       launching the SNP guest.
> 
> 
> Testing
> -------
> 
> This series has been tested against the following host kernel tree, which
> is a snapshot of the latest WIP SNP hypervisor tree at the time of this
> posting. It will likely not be kept up to date afterward, so please keep an
> eye upstream or official AMDESE github if you are looking for the latest
> some time after this posting:
> 
>  https://github.com/mdroth/linux/commits/snp-host-v12-wip40/
> 
> A patched OVMF is also needed due to upstream KVM no longer supporting MMIO
> ranges that are mapped as private. It is recommended you build the AmdSevX64
> variant as it provides the kernel-hashing support present in this series:
> 
>  https://github.com/mdroth/edk2/commits/apic-mmio-fix1c/
> 
> A basic command-line invocation for SNP would be:
> 
> qemu-system-x86_64 -smp 32,maxcpus=255 -cpu EPYC-Milan-v2
>  -machine q35,confidential-guest-support=sev0,memory-backend=ram1
>  -object memory-backend-memfd,id=ram1,size=4G,share=true,reserve=false
>  -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,id-auth=
>  -bios /home/mroth/ovmf/OVMF_CODE-upstream-20240228-apicfix-1c-AmdSevX64.fd
> 
> With kernel-hashing and certificate data supplied:
> 
> qemu-system-x86_64 -smp 32,maxcpus=255 -cpu EPYC-Milan-v2
>  -machine q35,confidential-guest-support=sev0,memory-backend=ram1
>  -object memory-backend-memfd,id=ram1,size=4G,share=true,reserve=false
>  -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,id-auth=,certs-path=/home/mroth/cert.blob,kernel-hashes=on
>  -bios /home/mroth/ovmf/OVMF_CODE-upstream-20240228-apicfix-1c-AmdSevX64.fd
>  -kernel /boot/vmlinuz-6.8.0-snp-host-v12-wip40+
>  -initrd /boot/initrd.img-6.8.0-snp-host-v12-wip40+
>  -append "root=UUID=d72a6d1c-06cf-4b79-af43-f1bac4f620f9 ro console=ttyS0,115200n8"
> 
> Any comments/feedback would be very much appreciated.
> 
> [1] https://github.com/amdese/linux
>    https://github.com/amdese/amdsev/tree/snp-latest
> 
> Changes since rfc2:
> 
> - reworked on top of guest_memfd support
> - added handling for various KVM_EXIT_VMGEXIT events
> - various changes/considerations for PCI passthrough support
> - general bugfixes/hardening/cleanups
> - qapi cmdline doc fixes/rework (Dov, Markus)
> - switch to qbase64_decode, more error-checking for cmdline opts (Dov)
> - unset id_block_en for 0 input (Dov)
> - use error_setg in snp init (Dov)
> - report more info in trace_kvm_sev_init (Dov)
> - rework bounds-checking for kvm_cpuid_info, rework existing checks for readability, add additional checks (Dov)
> - fixups for validated_ranges handling (Dov)
> - rename 'policy' field to 'snp-policy' in query-sev when sev-type is SNP
> 
> Changes since rfc1:
> 
> - rebased onto latest master
> - drop SNP config file in favor of a new 'sev-snp-guest' object where all
>   SNP-related params are passed as strings/integers via command-line
> - report specific error if BIOS reports invalid address/len for
>   reserved/pre-validated regions (Connor)
> - use Range helpers for handling validated region overlaps (Dave)
> - simplify error handling in sev_snp_launch_start, and report the correct
>   return code when handling LAUNCH_START failures (Dov)
> - add SEV-SNP bit to CPUID 0x8000001f when SNP enabled
> - updated query-sev to handle differences between SEV and SEV-SNP
> - updated to work against v5 of SEV-SNP host kernel / hypervisor patches
> 
> ----------------------------------------------------------------
> Brijesh Singh (5):
>      i386/sev: Introduce 'sev-snp-guest' object
>      i386/sev: Add the SNP launch start context
>      i386/sev: Add handling to encrypt/finalize guest launch data
>      hw/i386/sev: Add function to get SEV metadata from OVMF header
>      i386/sev: Add support for populating OVMF metadata pages
> 
> Chao Peng (2):
>      kvm: Enable KVM_SET_USER_MEMORY_REGION2 for memslot
>      kvm: handle KVM_EXIT_MEMORY_FAULT
> 
> Dov Murik (4):
>      qapi, i386: Move kernel-hashes to SevCommonProperties
>      i386/sev: Extract build_kernel_loader_hashes
>      i386/sev: Reorder struct declarations
>      i386/sev: Allow measured direct kernel boot on SNP
> 
> Isaku Yamahata (2):
>      pci-host/q35: Move PAM initialization above SMRAM initialization
>      q35: Introduce smm_ranges property for q35-pci-host
> 
> Michael Roth (30):
>      Revert "linux-headers hack" from sevinit2 base tree
>      scripts/update-linux-headers: Add setup_data.h to import list
>      scripts/update-linux-headers: Add bits.h to file imports
>      [HACK] linux-headers: Update headers for 6.8 + kvm-coco-queue + SNP
>      [TEMP] hw/i386: Remove redeclaration of struct setup_data
>      RAMBlock: Add support of KVM private guest memfd
>      [FIXUP] "kvm: handle KVM_EXIT_MEMORY_FAULT": drop qemu_host_page_size
>      trace/kvm: Add trace for page convertion between shared and private
>      kvm: Make kvm_convert_memory() obey ram_block_discard_is_enabled()
>      trace/kvm: Add trace for KVM_EXIT_MEMORY_FAULT
>      i386/sev: Introduce "sev-common" type to encapsulate common SEV state
>      i386/sev: Add a sev_snp_enabled() helper
>      target/i386: Add handling for KVM_X86_SNP_VM VM type
>      i386/sev: Skip RAMBlock notifiers for SNP
>      i386/sev: Skip machine-init-done notifiers for SNP
>      i386/sev: Set ms->require_guest_memfd for SNP
>      i386/sev: Disable SMM for SNP
>      i386/sev: Don't disable block discarding for SNP
>      i386/cpu: Set SEV-SNP CPUID bit when SNP enabled
>      i386/sev: Update query-sev QAPI format to handle SEV-SNP
>      i386/sev: Don't return launch measurements for SEV-SNP guests
>      kvm: Make kvm_convert_memory() non-static
>      i386/sev: Add KVM_EXIT_VMGEXIT handling for Page State Changes
>      i386/sev: Add KVM_EXIT_VMGEXIT handling for Page State Changes (MSR-based)
>      i386/sev: Add KVM_EXIT_VMGEXIT handling for Extended Guest Requests
>      i386/sev: Set CPU state to protected once SNP guest payload is finalized
>      i386/sev: Add support for SNP CPUID validation
>      hw/i386/sev: Add support to encrypt BIOS when SEV-SNP is enabled
>      hw/i386/sev: Use guest_memfd for legacy ROMs
>      hw/i386: Add support for loading BIOS using guest_memfd
> 
> Xiaoyao Li (6):
>      HostMem: Add mechanism to opt in kvm guest memfd via MachineState
>      trace/kvm: Split address space and slot id in trace_kvm_set_user_memory()
>      kvm: Introduce support for memory_attributes
>      physmem: Introduce ram_block_discard_guest_memfd_range()
>      kvm/memory: Make memory type private by default if it has guest memfd backend
>      memory: Introduce memory_region_init_ram_guest_memfd()
> 
> accel/kvm/kvm-all.c                                |  241 ++-
> accel/kvm/trace-events                             |    4 +-
> accel/stubs/kvm-stub.c                             |    5 +
> backends/hostmem-file.c                            |    1 +
> backends/hostmem-memfd.c                           |    1 +
> backends/hostmem-ram.c                             |    1 +
> backends/hostmem.c                                 |    1 +
> docs/system/i386/amd-memory-encryption.rst         |   78 +-
> hw/core/machine.c                                  |    5 +
> hw/i386/pc.c                                       |   13 +-
> hw/i386/pc_q35.c                                   |    2 +
> hw/i386/pc_sysfw.c                                 |   25 +-
> hw/i386/pc_sysfw_ovmf.c                            |   33 +
> hw/i386/x86.c                                      |   46 +-
> hw/pci-host/q35.c                                  |   61 +-
> include/exec/cpu-common.h                          |    2 +
> include/exec/memory.h                              |   26 +-
> include/exec/ram_addr.h                            |    2 +-
> include/exec/ramblock.h                            |    1 +
> include/hw/boards.h                                |    2 +
> include/hw/i386/pc.h                               |   31 +-
> include/hw/i386/x86.h                              |    2 +-
> include/hw/pci-host/q35.h                          |    1 +
> include/standard-headers/asm-x86/bootparam.h       |   17 +-
> include/standard-headers/asm-x86/kvm_para.h        |    3 +-
> include/standard-headers/linux/ethtool.h           |   48 +
> include/standard-headers/linux/fuse.h              |   39 +-
> include/standard-headers/linux/input-event-codes.h |    1 +
> include/standard-headers/linux/virtio_gpu.h        |    2 +
> include/standard-headers/linux/virtio_snd.h        |  154 ++
> include/sysemu/hostmem.h                           |    1 +
> include/sysemu/kvm.h                               |    7 +
> include/sysemu/kvm_int.h                           |    2 +
> linux-headers/asm-arm64/kvm.h                      |   15 +-
> linux-headers/asm-arm64/sve_context.h              |   11 +
> linux-headers/asm-generic/bitsperlong.h            |    4 +
> linux-headers/asm-loongarch/kvm.h                  |    2 -
> linux-headers/asm-mips/kvm.h                       |    2 -
> linux-headers/asm-powerpc/kvm.h                    |   45 +-
> linux-headers/asm-riscv/kvm.h                      |    3 +-
> linux-headers/asm-s390/kvm.h                       |  315 +++-
> linux-headers/asm-x86/kvm.h                        |  372 ++++-
> linux-headers/asm-x86/setup_data.h                 |   83 +
> linux-headers/linux/bits.h                         |   15 +
> linux-headers/linux/kvm.h                          |  719 +--------
> linux-headers/linux/psp-sev.h                      |   71 +
> qapi/misc-target.json                              |   71 +-
> qapi/qom.json                                      |   96 +-
> scripts/update-linux-headers.sh                    |    5 +-
> system/memory.c                                    |   30 +
> system/physmem.c                                   |   47 +-
> target/i386/cpu.c                                  |    1 +
> target/i386/kvm/kvm.c                              |    4 +
> target/i386/sev-sysemu-stub.c                      |    2 +-
> target/i386/sev.c                                  | 1631 ++++++++++++++++----
> target/i386/sev.h                                  |   13 +-
> target/i386/trace-events                           |    3 +
> 57 files changed, 3272 insertions(+), 1146 deletions(-)
> create mode 100644 linux-headers/asm-x86/setup_data.h
> create mode 100644 linux-headers/linux/bits.h
> 
> 
> 
> 

On Wed, Mar 20, 2024 at 03:38:56AM -0500, Michael Roth wrote:
> 
> Testing
> -------
> 
> This series has been tested against the following host kernel tree, which
> is a snapshot of the latest WIP SNP hypervisor tree at the time of this
> posting. It will likely not be kept up to date afterward, so please keep an
> eye upstream or official AMDESE github if you are looking for the latest
> some time after this posting:
> 
>   https://github.com/mdroth/linux/commits/snp-host-v12-wip40/

I just noticed I had a necessary local change that wasn't included in the
initial push of this branch. I've updated the branch now, but just wanted
to post a heads-up in case anyone was having issues.

-Mike

On 3/20/24 09:38, Michael Roth wrote:
> These patches implement SEV-SNP base support along with CPUID enforcement
> support for QEMU, and are also available at:
> 
>    https://github.com/amdese/qemu/commits/snp-v3-rfc
> 
> they are based on top of the following patchset from Paolo:
> 
>    "[PATCH 0/7] target/i386: VM type infrastructure and KVM_SEV_INIT2 support"
>    https://lists.gnu.org/archive/html/qemu-devel/2024-03/msg04663.html
> 
> 
> Patch Layout
> ------------
> 
> 01-05: Various changes needed to handle new header files in kvm-next tree
>         and some hacks to get a functional header sync in place for building
>         this series.
> 06-18: These are patches directly plucked from Xiaoyao's TDX v5 patchset[1]
>         that implement common dependencies between SNP/TDX like base
>         guest_memfd, KVM_EXIT_MEMORY_FAULT handling (with a small FIXUP), and
>         mechanisms to disable SMM. We would've also needed some of the basic
>         infrastructure for handling specifying VM types for KVM_CREATE, but
>         much of that is now part of the sevinit2 series this patchset is based
>         on. Ideally all these patches, once stable, could be maintained in a
>         common tree so that future SNP/TDX patchsets can be more easily
>         iterated on/reviewed.
> 19-20: Patches introduced by this series that are  possible candidate for a
>         common tree.
>         shared/private pages when things like VFIO are in use.
> 21-32: Introduction of sev-snp-guest object and various configuration
>         requirements for SNP.
> 33-36: Handling for various KVM_EXIT_VMGEXIT events that are handled in
>         userspace.
> 37-49: Support for creating a cryptographic "launch" context and populating
>         various OVMF metadata pages, BIOS regions, and vCPU/VMSA pages with
>         the initial encrypted/measured/validated launch data prior to
>         launching the SNP guest.

I reviewed the non-SEV bits of patches 21-46 and it looks nicely 
self-contained.  That's pretty much expected but still good news.

I didn't look closely at the SEV-SNP code for obvious reasons (it's only 
been one hour :)), except for the object-oriented aesthetics which I 
have remarked upon.  However, they seem to be in good shape.

I will now focus on reviewing patches 6-20.  This way we can prepare a 
common tree for SEV_INIT2/SNP/TDX, for both vendors to build upon.

Thanks for posting this, and thanks to the Intel people too for the 
previous work on the guest_memfd parts!

Paolo

On Wed, Mar 20, 2024 at 10:59 AM Paolo Bonzini <pbonzini@redhat.com> wrote:
> I will now focus on reviewing patches 6-20.  This way we can prepare a
> common tree for SEV_INIT2/SNP/TDX, for both vendors to build upon.

Ok, the attachment is the delta that I have. The only major change is
requiring discard (thus effectively blocking VFIO support for
SEV-SNP/TDX, at least for now).

I will push it shortly to the same sevinit2 branch, and will post the
patches sometime soon.

Xiaoyao, you can use that branch too (it's on
https://gitlab.com/bonzini/qemu) as the basis for your TDX work.

Paolo

On 3/21/2024 1:08 AM, Paolo Bonzini wrote:
> On Wed, Mar 20, 2024 at 10:59 AM Paolo Bonzini <pbonzini@redhat.com> wrote:
>> I will now focus on reviewing patches 6-20.  This way we can prepare a
>> common tree for SEV_INIT2/SNP/TDX, for both vendors to build upon.
> 
> Ok, the attachment is the delta that I have. The only major change is
> requiring discard (thus effectively blocking VFIO support for
> SEV-SNP/TDX, at least for now).
> 
> I will push it shortly to the same sevinit2 branch, and will post the
> patches sometime soon.
> 
> Xiaoyao, you can use that branch too (it's on
> https://gitlab.com/bonzini/qemu) as the basis for your TDX work.

Sure, it's really a good news for us.

BTW, there are some minor comments on guest_memfd patches of my v5 
post[*]. Could you please resolve them it your branch?

[*] 
https://lore.kernel.org/qemu-devel/20240229063726.610065-1-xiaoyao.li@intel.com/

> Paolo