From nobody Fri Dec 19 17:35:19 2025
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass  header.i=@intel.com;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1709189152; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Li104kp0jKph99JKpIquyZLQdzBMAqwTTrW6MX3BF7fMA3UCf/LNXPy32TycxA1fUXnNlur5MJrY+V/v4lCm2vrrnPqMje10zS3wdfQNtZRCzHRkxoOlQxJC7LmI4G+tYqs9YS8r1P6zCEcA/e5UNC1sJ6ed5dbkyhZpdNnrkzc=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1709189152;
 h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=TUvHOwkNCdk2S9eAw3GDKtlSDWoK9FIrBgKN1viwQbs=;
	b=NVX88+nlxWFyBVMym6mdWhEVoYvAFSA6u0Y6ek53MPiImCjeHQjnXPP96+Q8SB2UByv7dtFjUM46/IqQgBcx6+rprTL07GwjylANN4mu/9Vl2Rbjxq2PzXBe1wYvJvOnyqo0rpiFlVOUe5eUdNxYEdy86GEgtGAiIVZL8x17f/c=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass  header.i=@intel.com;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<xiaoyao.li@intel.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1709189152496492.75173992647944;
 Wed, 28 Feb 2024 22:45:52 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1rfa8q-0001xj-Fi; Thu, 29 Feb 2024 01:43:40 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <xiaoyao.li@intel.com>)
 id 1rfa8o-0001t0-1K
 for qemu-devel@nongnu.org; Thu, 29 Feb 2024 01:43:38 -0500
Received: from mgamail.intel.com ([192.198.163.15])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <xiaoyao.li@intel.com>)
 id 1rfa8m-0005GA-Ar
 for qemu-devel@nongnu.org; Thu, 29 Feb 2024 01:43:37 -0500
Received: from orviesa007.jf.intel.com ([10.64.159.147])
 by fmvoesa109.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 28 Feb 2024 22:43:35 -0800
Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52])
 by orviesa007.jf.intel.com with ESMTP; 28 Feb 2024 22:43:30 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
 t=1709189016; x=1740725016;
 h=from:to:cc:subject:date:message-id:in-reply-to:
 references:mime-version:content-transfer-encoding;
 bh=lvAsjZqEiGnouE7rrfFJwW5f/9eba4iLFejeadBD9z4=;
 b=Ol4yOFpFGnjfK0gJVME2GYgbYQdRC4ckpyJERYwpnPlkJecClRevfF7K
 Y5Aj0dr2szwOGXrQOrdRfuxYWj2I66LUWwRX4yH+7As4jWmOLxNOvzg8W
 qhUOzhYPaLTJtoZVfXTRQW8bTLMbbGkyU+9a0Uhb0wO2RBNKrddmSYbpf
 UjlCXK96J0z1xiefE/ckAFFp5DAnCKM+cdhYAZrBbSRMf7nLvG0hyOrw5
 SSWTLiJMJj8/46dUjnx46b67t7hZkJnrhju6KQUTN/5b3+VHaUcJQ8iSV
 QBJQlP4albDsIr84Y6C4oFeCDQRyj6vvDVgxMhwxZOY/fpyNTHsf0MBhU Q==;
X-IronPort-AV: E=McAfee;i="6600,9927,10998"; a="3803166"
X-IronPort-AV: E=Sophos;i="6.06,192,1705392000";
   d="scan'208";a="3803166"
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.06,192,1705392000";
   d="scan'208";a="8076321"
From: Xiaoyao Li <xiaoyao.li@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>, David Hildenbrand <david@redhat.com>,
 Igor Mammedov <imammedo@redhat.com>, Eduardo Habkost <eduardo@habkost.net>,
 Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Yanan Wang <wangyanan55@huawei.com>, "Michael S. Tsirkin" <mst@redhat.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Ani Sinha <anisinha@redhat.com>, Peter Xu <peterx@redhat.com>,
 Cornelia Huck <cohuck@redhat.com>,
 =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>,
 Eric Blake <eblake@redhat.com>, Markus Armbruster <armbru@redhat.com>,
 Marcelo Tosatti <mtosatti@redhat.com>
Cc: kvm@vger.kernel.org, qemu-devel@nongnu.org,
 Michael Roth <michael.roth@amd.com>, Claudio Fontana <cfontana@suse.de>,
 Gerd Hoffmann <kraxel@redhat.com>,
 Isaku Yamahata <isaku.yamahata@gmail.com>,
 Chenyi Qiang <chenyi.qiang@intel.com>, xiaoyao.li@intel.com
Subject: [PATCH v5 55/65] i386/tdx: Disable SMM for TDX VMs
Date: Thu, 29 Feb 2024 01:37:16 -0500
Message-Id: <20240229063726.610065-56-xiaoyao.li@intel.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240229063726.610065-1-xiaoyao.li@intel.com>
References: <20240229063726.610065-1-xiaoyao.li@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=192.198.163.15;
 envelope-from=xiaoyao.li@intel.com;
 helo=mgamail.intel.com
X-Spam_score_int: -5
X-Spam_score: -0.6
X-Spam_bar: /
X-Spam_report: (-0.6 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.102,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 HK_RANDOM_ENVFROM=0.596, HK_RANDOM_FROM=0.999, RCVD_IN_MSPIKE_H2=-0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @intel.com)
X-ZM-MESSAGEID: 1709189154188100004
Content-Type: text/plain; charset="utf-8"

TDX doesn't support SMM and VMM cannot emulate SMM for TDX VMs because
VMM cannot manipulate TDX VM's memory.

Disable SMM for TDX VMs and error out if user requests to enable SMM.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
---
 target/i386/kvm/tdx.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index 811a3b81af99..c3fadbc5c58e 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -707,11 +707,19 @@ static Notifier tdx_machine_done_notify =3D {
 static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
 {
     MachineState *ms =3D MACHINE(qdev_get_machine());
+    X86MachineState *x86ms =3D X86_MACHINE(ms);
     TdxGuest *tdx =3D TDX_GUEST(cgs);
     int r =3D 0;
=20
     ms->require_guest_memfd =3D true;
=20
+    if (x86ms->smm =3D=3D ON_OFF_AUTO_AUTO) {
+        x86ms->smm =3D ON_OFF_AUTO_OFF;
+    } else if (x86ms->smm =3D=3D ON_OFF_AUTO_ON) {
+        error_setg(errp, "TDX VM doesn't support SMM");
+        return -EINVAL;
+    }
+
     if (!tdx_caps) {
         r =3D get_tdx_capabilities(errp);
         if (r) {
--=20
2.34.1