From nobody Mon Feb 9 06:27:55 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=google.com ARC-Seal: i=1; a=rsa-sha256; t=1656531588; cv=none; d=zohomail.com; s=zohoarc; b=cuquGIM/1lIJyhprhLqe5KpYaEvNPpp9zexNVJu2xGhx8R5SbQELhCGVHPPxP2/D2UMpbU6EOLpHGFiV2gvSVMDFQqTeHrTGqqHaFvXJNAiKQYltHCQUetMniB9YhAtdWURmveQiDff4XLEFDe30psKhlpC8zpotbyWWnjr9AEw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1656531588; h=Content-Type:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=I0xEivcNNV6wN4aKHV9d+soVSC9JSrTLnPM41gG5EM4=; b=ED6lu0cW+0ZDUrRfQfDRuVNwPCf0LljnUXTUfU7NWT+yCyzG6oyGnAj/NsyKH3Mz18tdIH5BiafqzVWyjuhgQUnd48deL7snOY6y11FkOfmwKVYLkNbXDtPvtUVjqDDuDppzHqba/KHPxzhOL871KFtjuMoSz6y2bUuwjQzVWbM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1656531588375245.2633859710926; Wed, 29 Jun 2022 12:39:48 -0700 (PDT) Received: from localhost ([::1]:58892 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1o6dXN-00072i-8P for importer@patchew.org; Wed, 29 Jun 2022 15:39:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39940) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <37Km8YgsKCk8uz544rx2rGvx55x2v.t537v3B-uvCv2454x4B.58x@flex--dionnaglaze.bounces.google.com>) id 1o6dV2-0006Dr-Oc for qemu-devel@nongnu.org; Wed, 29 Jun 2022 15:37:20 -0400 Received: from mail-yb1-xb4a.google.com ([2607:f8b0:4864:20::b4a]:43960) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <37Km8YgsKCk8uz544rx2rGvx55x2v.t537v3B-uvCv2454x4B.58x@flex--dionnaglaze.bounces.google.com>) id 1o6dV0-0007DR-WB for qemu-devel@nongnu.org; Wed, 29 Jun 2022 15:37:20 -0400 Received: by mail-yb1-xb4a.google.com with SMTP id j11-20020a05690212cb00b006454988d225so14703272ybu.10 for ; Wed, 29 Jun 2022 12:37:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:message-id:mime-version:subject:from:to:cc; bh=I0xEivcNNV6wN4aKHV9d+soVSC9JSrTLnPM41gG5EM4=; b=b1GbfsNG5KpbJntaEuqhMk8thOjwGv/Mj5Pg77pYf8GnZOPwomKEQxdz5jMo7tjrQX RXxeXDvegJRonHwPHvnCfqryLw7KPmqA9M+MRvLbDqj7KxhrrCsecDFyR/bdt9u8vJPz wDbmSry+g77qpw0PzShdz2ZwSYj3v+sPaxfYcRF5JAqzFBfFS97lgfsNrb/A+qL7c6yO d8UlDFt+yovqJvnQoi57Pe6MYiiYxcO+uqxCgScOj9PIUAJk2XcN9vLHBCNFT0nTlO6m vDon8saVEkAairh432UTNWaQ2ObIHO5KthZPVHUvZNKMAj0L4HwGQ6ZcVlJ3lFBNu1yu Q5qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=I0xEivcNNV6wN4aKHV9d+soVSC9JSrTLnPM41gG5EM4=; b=PTcbWSe6EbpD5Mn03HmyAxsZ6sUrN2tpJzGK+nDArNAPl+ZI041kxj0Mik3w2ZggU4 HsJIDvfLAWRyvpmqZ6YsMtfVkDuhZKyPQ8Fgv4LmdQgrGDuLVrYXz2xjW5G37xQpDR3R ddP7hIAqHGK6Hy4auvydjyoyZReLSKibvLPovJ5d6yTeTi1Qud1TbrsyDToiKZTLURkN Wy6UWON5urP8OEE8iYAT7hO0rK3tZnAp/goZ5VC8qHsMcQ3dNfr5G2jmoZ6SJ6A08Bzo R/kyPrBHP2+KJlVwHvMFdn6RLyXsAOPNsBgnLqhoTdfq+9gcJEpuKNGydCITcgihyAOL XY2g== X-Gm-Message-State: AJIora+ExCQck3Ld83SpjQLjLn+cKDbRropJAbOZzHHXDus2Qaey3CKj Jcg82BXs1XG5biAfvq/CfNMfIz9HS1AbxTJLFFCsL09/bRxeCJk0opsLz/kVXASJafAL21pKllO ZjbZdm3Ijik7EtKYYv+t8P4L9YSnGcsMoZemKsbo/nMUP0HDZmEuCDxSysH+W1/+08+KaS9WXlQ == X-Google-Smtp-Source: AGRyM1tl5g1CZi4dGgfJz1eqb+0hfMtv6QbYubdZlYN3QL0PrsGt5X6LVJ5LALWLkyZ66pSS1tps9kzQ86OX7k3XnA== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a25:58d4:0:b0:66c:1d4f:9477 with SMTP id m203-20020a2558d4000000b0066c1d4f9477mr5030590ybb.437.1656531436234; Wed, 29 Jun 2022 12:37:16 -0700 (PDT) Date: Wed, 29 Jun 2022 19:37:01 +0000 Message-Id: <20220629193701.734154-1-dionnaglaze@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.37.0.rc0.161.g10f37bed90-goog Subject: [PATCH v2] target/i386: Add unaccepted memory configuration From: Dionna Glaze To: qemu-devel@nongnu.org Cc: Dionna Glaze , Xu@google.com, Min M , Xiaoyao Li , Thomas Lendacky , Gerd Hoffman , "Michael S. Tsirkin" , Marcel Apfelbaum , Paolo Bonzini , Richard Henderson , Eduardo Habkost , Marcelo Tosatti , "open list:X86 KVM CPUs" Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::b4a; envelope-from=37Km8YgsKCk8uz544rx2rGvx55x2v.t537v3B-uvCv2454x4B.58x@flex--dionnaglaze.bounces.google.com; helo=mail-yb1-xb4a.google.com X-Spam_score_int: -95 X-Spam_score: -9.6 X-Spam_bar: --------- X-Spam_report: (-9.6 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, USER_IN_DEF_DKIM_WL=-7.5 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @google.com) X-ZM-MESSAGEID: 1656531589400100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" For SEV-SNP, an OS is "SEV-SNP capable" without supporting this UEFI v2.9 memory type. In order for OVMF to be able to avoid pre-validating potentially hundreds of gibibytes of data before booting, it needs to know if the guest OS can support its use of the new type of memory in the memory map. Cc: Xu, Min M Cc: Xiaoyao Li Cc: Thomas Lendacky Cc: Gerd Hoffman Signed-off-by: Dionna Glaze --- hw/i386/fw_cfg.c | 6 ++++++ target/i386/sev.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++ target/i386/sev.h | 2 ++ 3 files changed, 57 insertions(+) diff --git a/hw/i386/fw_cfg.c b/hw/i386/fw_cfg.c index a283785a8d..9c069ddebe 100644 --- a/hw/i386/fw_cfg.c +++ b/hw/i386/fw_cfg.c @@ -23,6 +23,7 @@ #include "e820_memory_layout.h" #include "kvm/kvm_i386.h" #include "qapi/error.h" +#include "target/i386/sev.h" #include CONFIG_DEVICES =20 struct hpet_fw_config hpet_cfg =3D {.count =3D UINT8_MAX}; @@ -131,6 +132,11 @@ FWCfgState *fw_cfg_arch_create(MachineState *ms, &e820_reserve, sizeof(e820_reserve)); fw_cfg_add_file(fw_cfg, "etc/e820", e820_table, sizeof(struct e820_entry) * e820_get_num_entries()); + if (sev_has_accept_all_memory(ms->cgs)) { + bool accept_all =3D sev_accept_all_memory(ms->cgs); + fw_cfg_add_file(fw_cfg, "opt/ovmf/AcceptAllMemory", + &accept_all, sizeof(accept_all)); + } =20 fw_cfg_add_bytes(fw_cfg, FW_CFG_HPET, &hpet_cfg, sizeof(hpet_cfg)); /* allocate memory for the NUMA channel: one (64bit) word for the numb= er diff --git a/target/i386/sev.c b/target/i386/sev.c index 32f7dbac4e..01399a304c 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -64,6 +64,7 @@ struct SevGuestState { uint32_t cbitpos; uint32_t reduced_phys_bits; bool kernel_hashes; + int accept_all_memory; =20 /* runtime state */ uint32_t handle; @@ -155,6 +156,15 @@ static const char *const sev_fw_errlist[] =3D { [SEV_RET_SECURE_DATA_INVALID] =3D "Part-specific integrity check fa= ilure", }; =20 +static QEnumLookup memory_acceptance_lookup =3D { + .array =3D (const char *const[]) { + "default", + "true", + "false", + }, + .size =3D 3, +}; + #define SEV_FW_MAX_ERROR ARRAY_SIZE(sev_fw_errlist) =20 static int @@ -353,6 +363,21 @@ static void sev_guest_set_kernel_hashes(Object *obj, b= ool value, Error **errp) sev->kernel_hashes =3D value; } =20 +static int sev_guest_get_accept_all_memory(Object *obj, Error **errp) +{ + SevGuestState *sev =3D SEV_GUEST(obj); + + return sev->accept_all_memory; +} + +static void +sev_guest_set_accept_all_memory(Object *obj, int value, Error **errp) +{ + SevGuestState *sev =3D SEV_GUEST(obj); + + sev->accept_all_memory =3D value; +} + static void sev_guest_class_init(ObjectClass *oc, void *data) { @@ -376,6 +401,14 @@ sev_guest_class_init(ObjectClass *oc, void *data) sev_guest_set_kernel_hashes); object_class_property_set_description(oc, "kernel-hashes", "add kernel hashes to guest firmware for measured Linux boot"); + object_class_property_add_enum(oc, "accept-all-memory", + "MemoryAcceptance", + &memory_acceptance_lookup, + sev_guest_get_accept_all_memory, sev_guest_set_accept_all_memory); + object_class_property_set_description( + oc, "accept-all-memory", + "false: Accept all memory, true: Accept up to 4G and leave the res= t unaccepted (UEFI" + " v2.9 memory type), default: default firmware behavior."); } =20 static void @@ -906,6 +939,22 @@ sev_vm_state_change(void *opaque, bool running, RunSta= te state) } } =20 +int sev_has_accept_all_memory(ConfidentialGuestSupport *cgs) +{ + SevGuestState *sev + =3D (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUE= ST); + + return sev && sev->accept_all_memory !=3D 0; +} + +int sev_accept_all_memory(ConfidentialGuestSupport *cgs) +{ + SevGuestState *sev + =3D (SevGuestState *)object_dynamic_cast(OBJECT(cgs), TYPE_SEV_GUE= ST); + + return sev && sev->accept_all_memory =3D=3D 1; +} + int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp) { SevGuestState *sev diff --git a/target/i386/sev.h b/target/i386/sev.h index 7b1528248a..d61b6e9443 100644 --- a/target/i386/sev.h +++ b/target/i386/sev.h @@ -58,5 +58,7 @@ int sev_es_save_reset_vector(void *flash_ptr, uint64_t fl= ash_size); void sev_es_set_reset_vector(CPUState *cpu); =20 int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp); +int sev_has_accept_all_memory(ConfidentialGuestSupport *cgs); +int sev_accept_all_memory(ConfidentialGuestSupport *cgs); =20 #endif --=20 2.37.0.rc0.161.g10f37bed90-goog