[v1] q35: CPU hotplug with secure boot, part 1+2

[PATCH for-5.0 0/8] q35: CPU hotplug with secure boot, part 1+2

Igor Mammedov posted 8 patches 4 years, 5 months ago

Diff against v2
Download series mbox

Test asan passed

Test checkpatch passed

Test FreeBSD passed

Test docker-mingw@fedora passed

Test docker-clang@ubuntu passed

Test docker-quick@centos7 passed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/1575479147-6641-1-git-send-email-imammedo@redhat.com

Maintainers: Eduardo Habkost <ehabkost@redhat.com>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, Igor Mammedov <imammedo@redhat.com>, Richard Henderson <rth@twiddle.net>, Thomas Huth <thuth@redhat.com>, Laurent Vivier <lvivier@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, "Michael S. Tsirkin" <mst@redhat.com>

There is a newer version of this series

include/hw/pci-host/q35.h       |  10 ++++
docs/specs/acpi_cpu_hotplug.txt |  91 +++++++++++++++++++++++++++-------
hw/acpi/cpu.c                   |  15 ++++++
hw/acpi/trace-events            |   1 +
hw/i386/pc.c                    |   4 +-
hw/pci-host/q35.c               |  80 +++++++++++++++++++++++++++---
tests/q35-test.c                | 105 ++++++++++++++++++++++++++++++++++++++++
7 files changed, 281 insertions(+), 25 deletions(-)

Expand all Fold all

[PATCH for-5.0 0/8] q35: CPU hotplug with secure boot, part 1+2

Posted by Igor Mammedov 4 years, 5 months ago

Series consists of 2 parts: 1st is lockable SMRAM at SMBASE
and the 2nd adds means to enumerate APIC IDs for possible CPUs.

1st part [1-2/8]:
 In order to support CPU hotplug in secure boot mode,
 UEFI firmware needs to relocate SMI handler of hotplugged CPU,
 in a way that won't allow ring 0 user to break in priveleged
 SMM mode that firmware maintains during runtime.
 Used approach allows to hide RAM at default SMBASE to make it
 accessible only to SMM mode, which lets us to make sure that
 SMI handler installed by firmware can not be hijacked by
 unpriveleged user (similar to TSEG behavior). 

2nd part:
 mostly fixes and extra documentation on how to detect and use
 modern CPU hotplug interface (MMIO block).
 So firmware could reuse it for enumerating possible CPUs and
 detecting hotplugged CPU(s). It also adds support for
 CPHP_GET_CPU_ID_CMD command [7/8], which should allow firmware
 to fetch APIC IDs for possible CPUs which is necessary for
 initializing internal structures for possible CPUs on boot.
 

CC: mst@redhat.com
CC: pbonzini@redhat.com
CC: lersek@redhat.com
CC: philmd@redhat.com

Igor Mammedov (8):
  q35: implement 128K SMRAM at default SMBASE address
  tests: q35: MCH: add default SMBASE SMRAM lock test
  acpi: cpuhp: spec: clarify 'CPU selector' register usage and
    endianness
  acpi: cpuhp: spec: fix 'Command data' description
  acpi: cpuhp: spec: clarify store into 'Command data' when 'Command
    field' == 0
  acpi: cpuhp: spec: add typical usecases
  acpi: cpuhp: add CPHP_GET_CPU_ID_CMD command
  acpi: cpuhp: spec: document procedure for enabling modern CPU hotplug

 include/hw/pci-host/q35.h       |  10 ++++
 docs/specs/acpi_cpu_hotplug.txt |  91 +++++++++++++++++++++++++++-------
 hw/acpi/cpu.c                   |  15 ++++++
 hw/acpi/trace-events            |   1 +
 hw/i386/pc.c                    |   4 +-
 hw/pci-host/q35.c               |  80 +++++++++++++++++++++++++++---
 tests/q35-test.c                | 105 ++++++++++++++++++++++++++++++++++++++++
 7 files changed, 281 insertions(+), 25 deletions(-)

-- 
2.7.4