From nobody Sat May 11 07:15:35 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1710856932; cv=none;
	d=zohomail.com; s=zohoarc;
	b=LCb4dA7qrKcWsu13679gpsSLpPW4+Oktm+WtmQkhmtLfw6vsLg/sb0ZBOlHDLRDDz8CtnDzIiGYUAAhWAgob6ngFOk/qvqsFAYLI8P+xLp1E0Cd2+kW1JNUkmeHicX4+b0K2/oYx0WYe/mrLFxLvAhFnk1DD+ni6NCtqkUhsWv0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1710856932;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=pNplvHuiyIzsoOjFcx52HHJTNXwI0XlPnRO8RYJif78=;
	b=g898kHkHeCBIpnMP6X6E6GCUS4miGOeJDVrJBBv3UE7YYLHwUhTUMnP9pjRzpiSsr8yTpkL1sDefPqb0EBsVczyh+j/PAmTcUSFqol/AiPKbHzSiuAqFf5t/W9lMtRhRVTMkS2ldWaWL7JvldWtwFsUeBOW87ORJ5MAEw63MaWo=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pbonzini@redhat.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1710856932387278.2541624136554;
 Tue, 19 Mar 2024 07:02:12 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1rma16-0005bC-N0; Tue, 19 Mar 2024 10:00:36 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pbonzini@redhat.com>)
 id 1rma0k-0005XN-VY
 for qemu-devel@nongnu.org; Tue, 19 Mar 2024 10:00:18 -0400
Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pbonzini@redhat.com>)
 id 1rma0j-000731-FW
 for qemu-devel@nongnu.org; Tue, 19 Mar 2024 10:00:14 -0400
Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com
 [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-209-0WMzk2PxMamJLAyta-Q8sg-1; Tue, 19 Mar 2024 10:00:10 -0400
Received: by mail-ej1-f71.google.com with SMTP id
 a640c23a62f3a-a466c7b0587so411569366b.0
 for <qemu-devel@nongnu.org>; Tue, 19 Mar 2024 07:00:08 -0700 (PDT)
Received: from [192.168.10.118] ([151.95.49.219])
 by smtp.gmail.com with ESMTPSA id
 s10-20020a1709060c0a00b00a44899a44ddsm6216745ejf.11.2024.03.19.07.00.03
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 19 Mar 2024 07:00:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1710856811;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=pNplvHuiyIzsoOjFcx52HHJTNXwI0XlPnRO8RYJif78=;
 b=NlcZ4S1kDTRrT+ftnY6X70An5LLLjhDWlVKj3RAlXZFyfUjRfDfowESrGQv3pm6EigJiPt
 mJs1ADsgljIWKBhJhIPnW/LEqDXHLqKHEQZCqBZM7A3cM53VRoqnJ3ml7Wsu0wmg2is/fY
 KB55Vwd3VcQ+z0CRt6EThPfAate+ZIw=
X-MC-Unique: 0WMzk2PxMamJLAyta-Q8sg-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1710856806; x=1711461606;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=pNplvHuiyIzsoOjFcx52HHJTNXwI0XlPnRO8RYJif78=;
 b=MOHGWBzaRToTUnz7atr7fYBEqYxF/JIQ3OlQSTKqOioPWzToYjkqj1yiprolhfUuBm
 W3ebL7MI0b4ZJ+0Fq/h7cH8QTuAwqg+Tm8CdpqmsYEUmJFnk8VnKUwd5PDcoryMvAbMR
 WXFBxj+75OuRCMf5CJgIGd+eqvQwmcER0p/yTBFrEllcX6NRCtOvKUCWbC0qsq28s7os
 UNO6+Ao6PgcTFlZh+KXX/ZQfz3Pjjv6Ylni5/q9L3PE48/NZW9qNeOc6LESMo8ys3yAo
 sW/oqKytAiguJjf5/hP7c2Oui1Nu0x36y22Tm3ncpO4QKRr9xYUXvxmIphcFZl9i1sbi
 nrug==
X-Gm-Message-State: AOJu0YxsTDtCl89hSHY4dZFeKUyqzbSkHmgIs42Q3Ef04C96eYGn5xfw
 O6lbGDb2YYvyN45mtdy6uaVTu7AE97WK4Txy0+x+7s9DVU2nWFEuC88n2gZBq5IRy7NCowUyAtB
 sSRvbAziTccSD4eIMZKSfhOgA+lGSfNs99yCIhgNgeHVXU5KxAdaIBv/vquzSXLrcaVZEs1/zVr
 ddT9d2OCA1dDY0dIHDzhc6mC53Vv04ut+fsLzi
X-Received: by 2002:a17:906:b7cc:b0:a46:ea28:2a4d with SMTP id
 fy12-20020a170906b7cc00b00a46ea282a4dmr382299ejb.27.1710856806183;
 Tue, 19 Mar 2024 07:00:06 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IE4Fpr1EGyljzNaWxZc4ES2iclFXCjqHeGg2DKT4v9qIPcbd1pU1kKnqxw97MhCMsfMrSkzrQ==
X-Received: by 2002:a17:906:b7cc:b0:a46:ea28:2a4d with SMTP id
 fy12-20020a170906b7cc00b00a46ea282a4dmr382282ejb.27.1710856805885;
 Tue, 19 Mar 2024 07:00:05 -0700 (PDT)
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: xiaoyao.li@intel.com,
	michael.roth@amd.com
Subject: [PATCH 1/7] linux-headers hack
Date: Tue, 19 Mar 2024 14:59:54 +0100
Message-ID: <20240319140000.1014247-2-pbonzini@redhat.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240319140000.1014247-1-pbonzini@redhat.com>
References: <20240319140000.1014247-1-pbonzini@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=170.10.129.124;
 envelope-from=pbonzini@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.422,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1710856934526100001
Content-Type: text/plain; charset="utf-8"

To be replaced by update to kvm/next branch from Linux 6.9, once the
new API is committed.
---
 linux-headers/asm-x86/kvm.h | 8 ++++++++
 linux-headers/linux/kvm.h   | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h
index 003fb745347..8f58c32d37d 100644
--- a/linux-headers/asm-x86/kvm.h
+++ b/linux-headers/asm-x86/kvm.h
@@ -562,5 +562,13 @@ struct kvm_pmu_event_filter {
=20
 #define KVM_X86_DEFAULT_VM	0
 #define KVM_X86_SW_PROTECTED_VM	1
+#define KVM_X86_SEV_VM          2
+#define KVM_X86_SEV_ES_VM       3
+
+struct kvm_sev_init {
+        __u64 vmsa_features;
+        __u32 flags;
+        __u32 pad[9];
+};
=20
 #endif /* _ASM_X86_KVM_H */
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index 17839229b2a..5fd84fd7d0c 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -1865,6 +1865,8 @@ enum sev_cmd_id {
 	/* Guest Migration Extension */
 	KVM_SEV_SEND_CANCEL,
=20
+	KVM_SEV_INIT2,
+
 	KVM_SEV_NR_MAX,
 };
=20
--=20
2.44.0
From nobody Sat May 11 07:15:35 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1710856944; cv=none;
	d=zohomail.com; s=zohoarc;
	b=jh+nRY2kWtTpqhsQyhbNh/dnf+MaLWVac5UAASZBBrPuos2jyVJ26UU2//ONiRPAtmZWaLCNnemYjqap20D9K5aEcTKj9MxWqDGuOvjik7nONkUJ7EYsd5KhlTWfYLlfShDQLAwXDcxdFk9qdbqMxcb2XG7J3geCBtu52hIlTZ8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1710856944;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=OyLoT4/X2VSgZE1XZV4i7NtHlsCtlGceszYE62vMHB8=;
	b=F5NlLUDpNWMBTwNaHCo48RgQ8telUI47xYzkkcZBqBZLarirv2Q4wDk2lWgfc9aPpl+ebvqJj7eQDkw4657PqcLFqIDBXNzxvDsdIohYIC5bukIoa1mO25WMC5QSgmR9gECfWe4xWEpS2uYdpZ3oXpoWW++gB49xWbkDb0AkKWs=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pbonzini@redhat.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1710856944046835.0678322399064;
 Tue, 19 Mar 2024 07:02:24 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1rma12-0005a0-Hc; Tue, 19 Mar 2024 10:00:32 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pbonzini@redhat.com>)
 id 1rma0n-0005XR-JJ
 for qemu-devel@nongnu.org; Tue, 19 Mar 2024 10:00:28 -0400
Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pbonzini@redhat.com>)
 id 1rma0m-00073G-7N
 for qemu-devel@nongnu.org; Tue, 19 Mar 2024 10:00:17 -0400
Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com
 [209.85.208.71]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-438-raTAmVKVPDqJRQ1jMG_oxw-1; Tue, 19 Mar 2024 10:00:12 -0400
Received: by mail-ed1-f71.google.com with SMTP id
 4fb4d7f45d1cf-56b9d738d09so334191a12.3
 for <qemu-devel@nongnu.org>; Tue, 19 Mar 2024 07:00:11 -0700 (PDT)
Received: from [192.168.10.118] ([151.95.49.219])
 by smtp.gmail.com with ESMTPSA id
 co24-20020a0564020c1800b00568c613570dsm3400577edb.79.2024.03.19.07.00.07
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 19 Mar 2024 07:00:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1710856815;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=OyLoT4/X2VSgZE1XZV4i7NtHlsCtlGceszYE62vMHB8=;
 b=GWhRUqP75IXC3xJhgUYVxfnL+ChT14kq9jBHWRQVDIUqCE0FsS8YnGJs+E46FCe23p0+Rx
 Kdt658xbIdlR1eWPF2oJqyIYtA4+W+CjRwYQpUOk87ddI+nvHpmQfLx+WuOvIvWdLJvhCp
 hFikQWiF6fczRpryhi9MXWVZQxd82kk=
X-MC-Unique: raTAmVKVPDqJRQ1jMG_oxw-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1710856809; x=1711461609;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=OyLoT4/X2VSgZE1XZV4i7NtHlsCtlGceszYE62vMHB8=;
 b=gExACt9zJT1j8CHZ3Z9INtAnu35arMhipDVsbAxwzowH+6b2bWelxR/zvhOdbPrZkY
 qBuj7qW00TPPdAQjOSUckkSD2SDb3K+6SzaDVGAgnOR4RPnj3EFwVXUt8CSwshDtG7zu
 dZOJuGIYPDjMfM40gMHFHlQPMgOYDS7vzib6p5u5dY/HrgtxHKTAhOKaqbsWF+X4AU/W
 924yT88fs5bwBKESHnOPizyCH9DYUxow83TznyJJih7CKkehxczFGEhWCBEyP+67CJFb
 zMdKublIZ9iYkv9/k4u5oGBLBBzyUwJTTgqNkbgedFYgbGWRustmrDF8SuBW/UkTr5oM
 468g==
X-Gm-Message-State: AOJu0YwcTtT8/UGGKyp2YRXCY2Rm/Q/O/SrY44zCVep1508NFQuxuZI1
 GEzHpaBt2L//+9VkaMTCFWd9+Y/gtOEdSYPFs/mVZKhGk9Tjviv41z4qEqPvEa1WJ8Noo+FQ0/G
 OlxiKiGJLfihKKIEAQV35xc+l/rZ7mgSSHQ1gP1xRezmOPb7TMcuWyoI7IcvGwHPzgxSWC0rNKO
 D1yX1C8zhKoFG7hZxOanKrcVBJ3iTFN1oOrq5h
X-Received: by 2002:a05:6402:2486:b0:566:c572:6fa0 with SMTP id
 q6-20020a056402248600b00566c5726fa0mr12535838eda.15.1710856809411;
 Tue, 19 Mar 2024 07:00:09 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IGkJxPO5hyCghooEa2DxX0vp9RaVcO5TEjMwYHVK8wMEzzTb7Gn4A5TtAR6pmdwgE4lzGEnkw==
X-Received: by 2002:a05:6402:2486:b0:566:c572:6fa0 with SMTP id
 q6-20020a056402248600b00566c5726fa0mr12535811eda.15.1710856808992;
 Tue, 19 Mar 2024 07:00:08 -0700 (PDT)
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: xiaoyao.li@intel.com,
	michael.roth@amd.com
Subject: [PATCH 2/7] runstate: skip initial CPU reset if reset is not actually
 possible
Date: Tue, 19 Mar 2024 14:59:55 +0100
Message-ID: <20240319140000.1014247-3-pbonzini@redhat.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240319140000.1014247-1-pbonzini@redhat.com>
References: <20240319140000.1014247-1-pbonzini@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=170.10.133.124;
 envelope-from=pbonzini@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.422,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1710856946558100001
Content-Type: text/plain; charset="utf-8"

Right now, the system reset is concluded by a call to
cpu_synchronize_all_post_reset() in order to sync any changes
that the machine reset callback applied to the CPU state.

However, for VMs with encrypted state such as SEV-ES guests (currently
the only case of guests with non-resettable CPUs) this cannot be done,
because guest state has already been finalized by machine-init-done notifie=
rs.
cpu_synchronize_all_post_reset() does nothing on these guests, and actually
we would like to make it fail if called once guest has been encrypted.
So, assume that boards that support non-resettable CPUs do not touch
CPU state and that all such setup is done before, at the time of
cpu_synchronize_all_post_init().

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 system/runstate.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/system/runstate.c b/system/runstate.c
index d6ab860ecaa..843e2b9853d 100644
--- a/system/runstate.c
+++ b/system/runstate.c
@@ -501,7 +501,20 @@ void qemu_system_reset(ShutdownCause reason)
     default:
         qapi_event_send_reset(shutdown_caused_by_guest(reason), reason);
     }
-    cpu_synchronize_all_post_reset();
+
+    /*
+     * Some boards us the machine reset callback to point CPUs to the firm=
ware
+     * entry point.  Assume that this is not the case for boards that supp=
ort
+     * non-resettable CPUs (currently used only for confidential guests), =
in
+     * which case cpu_synchronize_all_post_init() is enough because
+     * it does _more_  than cpu_synchronize_all_post_reset().
+     */
+    if (cpus_are_resettable()) {
+        cpu_synchronize_all_post_reset();
+    } else {
+        assert(runstate_check(RUN_STATE_PRELAUNCH));
+    }
+
     vm_set_suspended(false);
 }
=20
--=20
2.44.0
From nobody Sat May 11 07:15:35 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1710856955; cv=none;
	d=zohomail.com; s=zohoarc;
	b=AvNcOFCfAQex8ENQP+tejInxHrN/C4CKRgyVP9UtSrVJx8D1AKrCj1720noogW2tyqoQ3RFiDb1HELUsB5DmfZhJhZ+6Wr3IOj9ya5FD74Xq4O9ozdwl3Zzfft3e8JoDEzzTzHCey4cLd2j2J897WYOtOnREriWnD8lNf25h0DE=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1710856955;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=ybGTeJ15j23uaLcwCaC0bXlA3wGJbYUuGHTm8RBxdns=;
	b=j5B/QwMBmTeGg+ya82iar2D+YxHwjmQvNqn8/qTZHKf+K+bH1SPgt7Yix28v+sHEKkZCi6ILuJrAmw2Yy5V18wqo+ePdM8skEE+FT/u+Xom3c2r8C4N89UZMtvDWO5K4eocq2B62SEwBQI0B9ghY/lNDdYWhTQjaRSD9mPyKdno=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pbonzini@redhat.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1710856955079643.5985335566503;
 Tue, 19 Mar 2024 07:02:35 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1rma13-0005a7-3X; Tue, 19 Mar 2024 10:00:33 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pbonzini@redhat.com>)
 id 1rma0u-0005Xp-MR
 for qemu-devel@nongnu.org; Tue, 19 Mar 2024 10:00:28 -0400
Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pbonzini@redhat.com>)
 id 1rma0o-00073R-A1
 for qemu-devel@nongnu.org; Tue, 19 Mar 2024 10:00:19 -0400
Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com
 [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-661-zuXoGTXQPPy0CbiujsQqAA-1; Tue, 19 Mar 2024 10:00:15 -0400
Received: by mail-ej1-f72.google.com with SMTP id
 a640c23a62f3a-a45acc7f07cso303408266b.2
 for <qemu-devel@nongnu.org>; Tue, 19 Mar 2024 07:00:15 -0700 (PDT)
Received: from [192.168.10.118] ([151.95.49.219])
 by smtp.gmail.com with ESMTPSA id
 f5-20020a170906390500b00a46d6e51a6fsm1136218eje.63.2024.03.19.07.00.10
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 19 Mar 2024 07:00:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1710856817;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=ybGTeJ15j23uaLcwCaC0bXlA3wGJbYUuGHTm8RBxdns=;
 b=iGfNVoIfBpR+eRJ7rsVnu6Kbrp7Barq+gPQNJtBCWbuH/VsZo7kTPzHV5KoxGPk3798A3e
 NXcOv47I5BGDNvPoehvN1IAYrLA1QoBVNnELeiFitMY8x5qrxnHp36pjr84+nMYsKr/w2L
 poGVbSUuKCJ4pzS6QLiqxVBeEcgHUMI=
X-MC-Unique: zuXoGTXQPPy0CbiujsQqAA-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1710856813; x=1711461613;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=ybGTeJ15j23uaLcwCaC0bXlA3wGJbYUuGHTm8RBxdns=;
 b=Y5l3p1Y2RZ65/mxC8O4WC48JAkHm0ERAlGvi4jOyv+pHVp0acSexREwKgCvB44GH/c
 SiXPFUnn5CD6H86DA/UGQnbOOLUeTVjNi5m+SIDOiUnPIXW5i0nzQJDFg2nRNRyxWTi0
 BZAcddpZdDwiP2xbfoVEeIyM20y1bY48Vcv7sCd7jlXbdtEnhFS3TnM5TwMtC2WUuRsw
 7TTg61SO4Kaldl5B82tyRzRA2zZCkRUfEajwH5skAGQFf+0CTT4Xpj11MAOSqLOqBqry
 kMYXo/0SeN+yr1qhLl70RnMqylmyqsHAneyd3XzegfTagwWZI9U3SZCumtevLc+b7iyw
 z9XQ==
X-Gm-Message-State: AOJu0YyTCc3o7nZEoWjqlFOT4oCBXlDsE/CM3T7b/MsDWPYkMLMA/5OG
 M7GZIzjKoXCGvagCLYoQYgm8rN8+Cbn4BafvxGGwUBctLwTDLdlc3L9apbSXErCJFMdwGvxIGh4
 PguLTK2axBC/t5DKJ/TZbN5Hj93EIfQHisTrsC30YfzL45x/grHF/UDCBE9PoOARtJ9R8DCPJpU
 lg2Ahv0BCYleHCO1Cl/V7WLIqHs8JFpdmTV/9N
X-Received: by 2002:a17:906:7b8f:b0:a46:50ca:b318 with SMTP id
 s15-20020a1709067b8f00b00a4650cab318mr11240796ejo.16.1710856813133;
 Tue, 19 Mar 2024 07:00:13 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IH0cC7iQZ9u0nmdR+Lw1DaLOjSPaVr4H6zryhkPlWX/fvjSRyZL+b1xgxKAYoHCmglzMp9OJQ==
X-Received: by 2002:a17:906:7b8f:b0:a46:50ca:b318 with SMTP id
 s15-20020a1709067b8f00b00a4650cab318mr11240765ejo.16.1710856812351;
 Tue, 19 Mar 2024 07:00:12 -0700 (PDT)
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: xiaoyao.li@intel.com,
	michael.roth@amd.com
Subject: [PATCH 3/7] KVM: track whether guest state is encrypted
Date: Tue, 19 Mar 2024 14:59:56 +0100
Message-ID: <20240319140000.1014247-4-pbonzini@redhat.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240319140000.1014247-1-pbonzini@redhat.com>
References: <20240319140000.1014247-1-pbonzini@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=170.10.129.124;
 envelope-from=pbonzini@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.422,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1710856956903100001
Content-Type: text/plain; charset="utf-8"

So far, KVM has allowed KVM_GET/SET_* ioctls to execute even if the
guest state is encrypted, in which case they do nothing.  For the new
API using VM types, instead, the ioctls will fail which is a safer and
more robust approach.

The new API will be the only one available for SEV-SNP and TDX, but it
is also usable for SEV and SEV-ES.  In preparation for that, require
architecture-specific KVM code to communicate the point at which guest
state is protected (which must be after kvm_cpu_synchronize_post_init(),
though that might change in the future in order to suppor migration).
From that point, skip reading registers so that cpu->vcpu_dirty is
never true: if it ever becomes true, kvm_arch_put_registers() will
fail miserably.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 include/sysemu/kvm.h     |  2 ++
 include/sysemu/kvm_int.h |  1 +
 accel/kvm/kvm-all.c      | 14 ++++++++++++--
 target/i386/sev.c        |  1 +
 4 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index fad9a7e8ff3..302e8f6f1e5 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -539,6 +539,8 @@ bool kvm_dirty_ring_enabled(void);
=20
 uint32_t kvm_dirty_ring_size(void);
=20
+void kvm_mark_guest_state_protected(void);
+
 /**
  * kvm_hwpoisoned_mem - indicate if there is any hwpoisoned page
  * reported for the VM.
diff --git a/include/sysemu/kvm_int.h b/include/sysemu/kvm_int.h
index 882e37e12c5..3496be7997a 100644
--- a/include/sysemu/kvm_int.h
+++ b/include/sysemu/kvm_int.h
@@ -87,6 +87,7 @@ struct KVMState
     bool kernel_irqchip_required;
     OnOffAuto kernel_irqchip_split;
     bool sync_mmu;
+    bool guest_state_protected;
     uint64_t manual_dirty_log_protect;
     /* The man page (and posix) say ioctl numbers are signed int, but
      * they're not.  Linux, glibc and *BSD all treat ioctl numbers as
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index a8cecd040eb..05fa3533c66 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -2698,7 +2698,7 @@ bool kvm_cpu_check_are_resettable(void)
=20
 static void do_kvm_cpu_synchronize_state(CPUState *cpu, run_on_cpu_data ar=
g)
 {
-    if (!cpu->vcpu_dirty) {
+    if (!cpu->vcpu_dirty && !kvm_state->guest_state_protected) {
         int ret =3D kvm_arch_get_registers(cpu);
         if (ret) {
             error_report("Failed to get registers: %s", strerror(-ret));
@@ -2712,7 +2712,7 @@ static void do_kvm_cpu_synchronize_state(CPUState *cp=
u, run_on_cpu_data arg)
=20
 void kvm_cpu_synchronize_state(CPUState *cpu)
 {
-    if (!cpu->vcpu_dirty) {
+    if (!cpu->vcpu_dirty && !kvm_state->guest_state_protected) {
         run_on_cpu(cpu, do_kvm_cpu_synchronize_state, RUN_ON_CPU_NULL);
     }
 }
@@ -2747,6 +2747,11 @@ static void do_kvm_cpu_synchronize_post_init(CPUStat=
e *cpu, run_on_cpu_data arg)
=20
 void kvm_cpu_synchronize_post_init(CPUState *cpu)
 {
+    /*
+     * This runs before the machine_init_done notifiers, and is the last
+     * opportunity to synchronize the state of confidential guests.
+     */
+    assert(!kvm_state->guest_state_protected);
     run_on_cpu(cpu, do_kvm_cpu_synchronize_post_init, RUN_ON_CPU_NULL);
 }
=20
@@ -4094,3 +4099,8 @@ void query_stats_schemas_cb(StatsSchemaList **result,=
 Error **errp)
         query_stats_schema_vcpu(first_cpu, &stats_args);
     }
 }
+
+void kvm_mark_guest_state_protected(void)
+{
+    kvm_state->guest_state_protected =3D true;
+}
diff --git a/target/i386/sev.c b/target/i386/sev.c
index b8f79d34d19..c49a8fd55eb 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -755,6 +755,7 @@ sev_launch_get_measure(Notifier *notifier, void *unused)
         if (ret) {
             exit(1);
         }
+        kvm_mark_guest_state_protected();
     }
=20
     /* query the measurement blob length */
--=20
2.44.0
From nobody Sat May 11 07:15:35 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1710856908; cv=none;
	d=zohomail.com; s=zohoarc;
	b=kcrEBgAkA7nd+G7fnWid/CxgJsukjimEQ2JN8+pPa6yyBLukE4k0KK3IDWwfmWkHqdqO92PMCN/AjCyLsaq4rSIw4Z56FAlVuut/lSSr/yLOnmdADvZ7i4ZmgeDKjDg2bG2P+ZNy12DpkvqKraLlZm4B/J8dDrXO7bCtwD5Frvg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1710856908;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=t9emNvMsIIrDiUDK+01y8v3rcLTpyWzmX6fC/BcZW0w=;
	b=TizdQgD0nN2MMnQajiXToNT1LgTdhKdgfYGwdaGm3iQhaRmIumFsQBkc7CtIzUMf2dfGJ9Wtgf9kF28n0QndM0ta8dlulk0+8TtD6ua0w/IKl7696yXJ4M9oOvTt7m3qicMrn7DizPM/Fkrffv0MqzSgs9SiAnche/4TKBu80kQ=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pbonzini@redhat.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1710856908079730.2981580712775;
 Tue, 19 Mar 2024 07:01:48 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1rma13-0005aH-Fh; Tue, 19 Mar 2024 10:00:33 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pbonzini@redhat.com>)
 id 1rma0w-0005Xu-BK
 for qemu-devel@nongnu.org; Tue, 19 Mar 2024 10:00:28 -0400
Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pbonzini@redhat.com>)
 id 1rma0u-00073b-6f
 for qemu-devel@nongnu.org; Tue, 19 Mar 2024 10:00:25 -0400
Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com
 [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-201-1uSN7iH6PBCmI5IL6NoLDw-1; Tue, 19 Mar 2024 10:00:18 -0400
Received: by mail-ed1-f70.google.com with SMTP id
 4fb4d7f45d1cf-558aafe9bf2so4514890a12.1
 for <qemu-devel@nongnu.org>; Tue, 19 Mar 2024 07:00:18 -0700 (PDT)
Received: from [192.168.10.118] ([151.95.49.219])
 by smtp.gmail.com with ESMTPSA id
 f6-20020a056402194600b0056b98d7ba00sm668935edz.90.2024.03.19.07.00.13
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 19 Mar 2024 07:00:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1710856820;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=t9emNvMsIIrDiUDK+01y8v3rcLTpyWzmX6fC/BcZW0w=;
 b=NprqL/MhFDMmb4Gab7TrJ1JYPeeZgJko3Os12ESBjhKNgGlbvofk1jNmxYmzfen6/30NUD
 37xB1JxSKCOYtWSS92YID6cjRFL1s3MWVtqTlMxFzaG1KyrKURYTlr8aVN3mH1J8pHZq5G
 cXR09FuRI3xjuyyfbZSvq62w542yfA0=
X-MC-Unique: 1uSN7iH6PBCmI5IL6NoLDw-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1710856816; x=1711461616;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=t9emNvMsIIrDiUDK+01y8v3rcLTpyWzmX6fC/BcZW0w=;
 b=P064JhnnI0iDMFH/tcwBnvXXZ2Wmg6mjgWR2LysdL2GVKzbFXpiqGxwu1hyy8p+IZ/
 RhHrxJnFzpOngl0SSG2631mxTtppRtErr/kqWEW6oYqLgQ9nO0Ks5ZE4pVrfa1s830Ae
 oYjbfCpiNie1SXk5yKZEF+I3S0kM0R1CBt1rXJ7KofWfZw9eQlE2qrdNBwraUTIESKpt
 nHJZODbDmNnm2J42bA4SR3dRXs7UA2yTHSqTQEW5Ai5D3LnX7Se9m9L9JElNRvnS+kjB
 HJmaZXyBFwlleV8DY2mt6Sd8Kzdjv+2Xntc4Fw84PXLSETJLI4DJvbCPGMP8lQP7VDTm
 kmgw==
X-Gm-Message-State: AOJu0YyNzA1sYvXc7qOdj7im/OpnrAwdZkCiESzspbP/fjOpV2HB2/MK
 RtXWQRvERiAhmscuWGK5LK7phW4H7BhSZRqkkcZv4L9whvGA6W1KVOxnJx7wBhdQ6SoBmJtjpKK
 E7AM+Ly47u5BGF3BEqzktXWNuTz7frr76uHUjMYx8eS//qSmvNfYYPtT8PbOWxJkp5P74hON4MF
 PbzGHFzo+MPywZ+9zVP43kAStLfGmHxXqN7RUo
X-Received: by 2002:a05:6402:2423:b0:568:941c:2f0a with SMTP id
 t35-20020a056402242300b00568941c2f0amr11810469eda.15.1710856815867;
 Tue, 19 Mar 2024 07:00:15 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IGrQWLj6Vx6qYTqYbBUXs7GYzDJr+HnTv1wVxuL6CXkI2qErj9U5PHEO1/66nCkmYwu66SdYw==
X-Received: by 2002:a05:6402:2423:b0:568:941c:2f0a with SMTP id
 t35-20020a056402242300b00568941c2f0amr11810457eda.15.1710856815605;
 Tue, 19 Mar 2024 07:00:15 -0700 (PDT)
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: xiaoyao.li@intel.com,
	michael.roth@amd.com
Subject: [PATCH 4/7] KVM: remove kvm_arch_cpu_check_are_resettable
Date: Tue, 19 Mar 2024 14:59:57 +0100
Message-ID: <20240319140000.1014247-5-pbonzini@redhat.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240319140000.1014247-1-pbonzini@redhat.com>
References: <20240319140000.1014247-1-pbonzini@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=170.10.129.124;
 envelope-from=pbonzini@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.422,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1710856909882100001
Content-Type: text/plain; charset="utf-8"

Board reset requires writing a fresh CPU state.  As far as KVM is
concerned, the only thing that blocks reset is that CPU state is
encrypted; therefore, kvm_cpus_are_resettable() can simply check
if that is the case.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 include/sysemu/kvm.h       | 10 ----------
 accel/kvm/kvm-accel-ops.c  |  2 +-
 accel/kvm/kvm-all.c        |  5 -----
 target/arm/kvm.c           |  5 -----
 target/i386/kvm/kvm.c      |  5 -----
 target/loongarch/kvm/kvm.c |  5 -----
 target/mips/kvm.c          |  5 -----
 target/ppc/kvm.c           |  5 -----
 target/riscv/kvm/kvm-cpu.c |  5 -----
 target/s390x/kvm/kvm.c     |  5 -----
 10 files changed, 1 insertion(+), 51 deletions(-)

diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 302e8f6f1e5..54f4d83a370 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -525,16 +525,6 @@ int kvm_get_one_reg(CPUState *cs, uint64_t id, void *t=
arget);
 /* Notify resamplefd for EOI of specific interrupts. */
 void kvm_resample_fd_notify(int gsi);
=20
-/**
- * kvm_cpu_check_are_resettable - return whether CPUs can be reset
- *
- * Returns: true: CPUs are resettable
- *          false: CPUs are not resettable
- */
-bool kvm_cpu_check_are_resettable(void);
-
-bool kvm_arch_cpu_check_are_resettable(void);
-
 bool kvm_dirty_ring_enabled(void);
=20
 uint32_t kvm_dirty_ring_size(void);
diff --git a/accel/kvm/kvm-accel-ops.c b/accel/kvm/kvm-accel-ops.c
index b3c946dc4b4..74e3c5785b5 100644
--- a/accel/kvm/kvm-accel-ops.c
+++ b/accel/kvm/kvm-accel-ops.c
@@ -82,7 +82,7 @@ static bool kvm_vcpu_thread_is_idle(CPUState *cpu)
=20
 static bool kvm_cpus_are_resettable(void)
 {
-    return !kvm_enabled() || kvm_cpu_check_are_resettable();
+    return !kvm_enabled() || !kvm_state->guest_state_protected;
 }
=20
 #ifdef KVM_CAP_SET_GUEST_DEBUG
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 05fa3533c66..a05dea23133 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -2691,11 +2691,6 @@ void kvm_flush_coalesced_mmio_buffer(void)
     s->coalesced_flush_in_progress =3D false;
 }
=20
-bool kvm_cpu_check_are_resettable(void)
-{
-    return kvm_arch_cpu_check_are_resettable();
-}
-
 static void do_kvm_cpu_synchronize_state(CPUState *cpu, run_on_cpu_data ar=
g)
 {
     if (!cpu->vcpu_dirty && !kvm_state->guest_state_protected) {
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index ab85d628a8b..21ebbf3b8f8 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -1598,11 +1598,6 @@ int kvm_arch_msi_data_to_gsi(uint32_t data)
     return (data - 32) & 0xffff;
 }
=20
-bool kvm_arch_cpu_check_are_resettable(void)
-{
-    return true;
-}
-
 static void kvm_arch_get_eager_split_size(Object *obj, Visitor *v,
                                           const char *name, void *opaque,
                                           Error **errp)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index de10155b37a..0ec69109a2b 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -5614,11 +5614,6 @@ bool kvm_has_waitpkg(void)
     return has_msr_umwait;
 }
=20
-bool kvm_arch_cpu_check_are_resettable(void)
-{
-    return !sev_es_enabled();
-}
-
 #define ARCH_REQ_XCOMP_GUEST_PERM       0x1025
=20
 void kvm_request_xsave_components(X86CPU *cpu, uint64_t mask)
diff --git a/target/loongarch/kvm/kvm.c b/target/loongarch/kvm/kvm.c
index d630cc39cb2..8224d943331 100644
--- a/target/loongarch/kvm/kvm.c
+++ b/target/loongarch/kvm/kvm.c
@@ -733,11 +733,6 @@ bool kvm_arch_stop_on_emulation_error(CPUState *cs)
     return true;
 }
=20
-bool kvm_arch_cpu_check_are_resettable(void)
-{
-    return true;
-}
-
 int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
 {
     int ret =3D 0;
diff --git a/target/mips/kvm.c b/target/mips/kvm.c
index 6c52e59f55d..a631ab544f5 100644
--- a/target/mips/kvm.c
+++ b/target/mips/kvm.c
@@ -1273,11 +1273,6 @@ int kvm_arch_get_default_type(MachineState *machine)
     return -1;
 }
=20
-bool kvm_arch_cpu_check_are_resettable(void)
-{
-    return true;
-}
-
 void kvm_arch_accel_class_init(ObjectClass *oc)
 {
 }
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 8231feb2d45..63930d4a77d 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -2956,11 +2956,6 @@ void kvmppc_set_reg_tb_offset(PowerPCCPU *cpu, int64=
_t tb_offset)
     }
 }
=20
-bool kvm_arch_cpu_check_are_resettable(void)
-{
-    return true;
-}
-
 void kvm_arch_accel_class_init(ObjectClass *oc)
 {
 }
diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c
index cda7d78a778..135d87dc3f5 100644
--- a/target/riscv/kvm/kvm-cpu.c
+++ b/target/riscv/kvm/kvm-cpu.c
@@ -1466,11 +1466,6 @@ void kvm_riscv_set_irq(RISCVCPU *cpu, int irq, int l=
evel)
     }
 }
=20
-bool kvm_arch_cpu_check_are_resettable(void)
-{
-    return true;
-}
-
 static int aia_mode;
=20
 static const char *kvm_aia_mode_str(uint64_t mode)
diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c
index 4ce809c5d46..4dcd757cdcc 100644
--- a/target/s390x/kvm/kvm.c
+++ b/target/s390x/kvm/kvm.c
@@ -2622,11 +2622,6 @@ void kvm_s390_stop_interrupt(S390CPU *cpu)
     kvm_s390_vcpu_interrupt(cpu, &irq);
 }
=20
-bool kvm_arch_cpu_check_are_resettable(void)
-{
-    return true;
-}
-
 int kvm_s390_get_zpci_op(void)
 {
     return cap_zpci_op;
--=20
2.44.0
From nobody Sat May 11 07:15:35 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1710856871; cv=none;
	d=zohomail.com; s=zohoarc;
	b=jRcH8Jw7sBbYwpMfil75gKim6UZMfuoDR3dySyqcj6IA+ReEV787F4uAEYT1I6eey1PtDcqZAzBhrRRGdXYizZRxBq+6nQB80aXfyPPgaETaXE0S9q7L4oN7I2tGZtooee03SSfoPGLFN0UVtp1lt2cQt7fAeeXdNpPsvz6e5b8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1710856871;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=RqJQm4y6zppoxY68MoDm2jDZIZGmDU1FCx6RM46Mbno=;
	b=MekPs1vhTR4kbEDDrmKfZsZ6y9KZRpLL7xRVc1p4Flnr8Pve5af2JUxwUGEAIQN2cN6buBtWUGsCO3miYtpBYQ3WybdwJGqwZ4cVvzYHlrwoXB0to8bip9Ohjex/uqgRlFXvyuhV7MpOh0FZ1mm9NUXpulObO+eqJkfoyq7rXxQ=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pbonzini@redhat.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1710856871067513.9160363487806;
 Tue, 19 Mar 2024 07:01:11 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1rma15-0005as-PU; Tue, 19 Mar 2024 10:00:35 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pbonzini@redhat.com>)
 id 1rma0y-0005YT-Cc
 for qemu-devel@nongnu.org; Tue, 19 Mar 2024 10:00:28 -0400
Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pbonzini@redhat.com>)
 id 1rma0v-000742-M6
 for qemu-devel@nongnu.org; Tue, 19 Mar 2024 10:00:27 -0400
Received: from mail-lf1-f70.google.com (mail-lf1-f70.google.com
 [209.85.167.70]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-499-KJPQm6BvOg-E3mu90vAEKw-1; Tue, 19 Mar 2024 10:00:22 -0400
Received: by mail-lf1-f70.google.com with SMTP id
 2adb3069b0e04-513e214be2aso2728989e87.0
 for <qemu-devel@nongnu.org>; Tue, 19 Mar 2024 07:00:21 -0700 (PDT)
Received: from [192.168.10.118] ([151.95.49.219])
 by smtp.gmail.com with ESMTPSA id
 kt6-20020a170906aac600b00a4673706b4dsm5904073ejb.78.2024.03.19.07.00.16
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 19 Mar 2024 07:00:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1710856825;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=RqJQm4y6zppoxY68MoDm2jDZIZGmDU1FCx6RM46Mbno=;
 b=eqTyeu0rcG/Srjm5jbAwYftGwbKxrwaoEIqZ3YG8oCKVqd6Cu5I2rYYpnRISFVB9A5aLD8
 Hh2376CL0O6KfpKE1h39E5mwqVbwu8B/8bB5uATHhQyTboZL01Iq3h3XvnsCxd4+MMt1t+
 YiyoILFrhm3z9S+yp5ae+gYSXsd7kGU=
X-MC-Unique: KJPQm6BvOg-E3mu90vAEKw-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1710856819; x=1711461619;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=RqJQm4y6zppoxY68MoDm2jDZIZGmDU1FCx6RM46Mbno=;
 b=UDEqnYFG9alKcDwqUWuKHeG9u4P5xX4lT7X9jBOVKR86BNVk5dGWKLr47ImDECoiXE
 Gs1r/NinFnpPvubm/WOz1P824Faqjz7uQi6/f5wxPG2yj/9MEBfF4upi9w2QzW3vG7rs
 zAjOfADbuLyZvL0PsgN5oPEKDp3S1I6NZtPVXxziS8DyRzRLkUiPbDXu0dMeTvF1IYSb
 WhQDG9O9IgCedf8sRNl6vEdD8poKksn+qb/rORQm1XMiiLbwQxmco9iuGdiMdhp26JyJ
 OyiDjyWqJbkL79Y2/RQynNZJBc9osYOla1PY6fxXKPH7ygksv6v5ebPNRFp38MEsCM3h
 w9Lw==
X-Gm-Message-State: AOJu0Ywsd5+U4aruaTJz1wM0EXnY6XtsKNmRJrPWCUkN4D4lAG70jbE6
 iaVRKpTit8O27D/BAaFUc/IliUsbEfhpXg53fQ/iy+WoJiNXKA8cMLGj4xkN6gXSkr6f32nZfcA
 FzIePf+VemGJe2EQdaXbZnL9fQ8703Rsbjradq3HyqhPenmtPEdHSjPM0TEJcL8Lx4dWkcl7ORd
 H5Bg+wDpDwQWi6/dsy3Y8m0EU17CrcUp+DlOe2
X-Received: by 2002:a05:6512:2e7:b0:513:cf77:48c5 with SMTP id
 m7-20020a05651202e700b00513cf7748c5mr7978790lfq.38.1710856819363;
 Tue, 19 Mar 2024 07:00:19 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IHuOtePUmsOTK1hlN3aQyO932UZt77tS5HkS+UAl0E7Ihzz3w6oFYRSgTnqMYjFm8ecPXMAEQ==
X-Received: by 2002:a05:6512:2e7:b0:513:cf77:48c5 with SMTP id
 m7-20020a05651202e700b00513cf7748c5mr7978763lfq.38.1710856818818;
 Tue, 19 Mar 2024 07:00:18 -0700 (PDT)
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: xiaoyao.li@intel.com,
	michael.roth@amd.com
Subject: [PATCH 5/7] target/i386: introduce x86-confidential-guest
Date: Tue, 19 Mar 2024 14:59:58 +0100
Message-ID: <20240319140000.1014247-6-pbonzini@redhat.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240319140000.1014247-1-pbonzini@redhat.com>
References: <20240319140000.1014247-1-pbonzini@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=170.10.129.124;
 envelope-from=pbonzini@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.422,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1710856873275100005
Content-Type: text/plain; charset="utf-8"

Introduce a common superclass for x86 confidential guest implementations.
It will extend ConfidentialGuestSupportClass with a method that provides
the VM type to be passed to KVM_CREATE_VM.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 target/i386/confidential-guest.h | 40 ++++++++++++++++++++++++++++++++
 target/i386/confidential-guest.c | 33 ++++++++++++++++++++++++++
 target/i386/sev.c                |  6 ++---
 target/i386/meson.build          |  2 +-
 4 files changed, 77 insertions(+), 4 deletions(-)
 create mode 100644 target/i386/confidential-guest.h
 create mode 100644 target/i386/confidential-guest.c

diff --git a/target/i386/confidential-guest.h b/target/i386/confidential-gu=
est.h
new file mode 100644
index 00000000000..ca12d5a8fba
--- /dev/null
+++ b/target/i386/confidential-guest.h
@@ -0,0 +1,40 @@
+/*
+ * x86-specific confidential guest methods.
+ *
+ * Copyright (c) 2024 Red Hat Inc.
+ *
+ * Authors:
+ *  Paolo Bonzini <pbonzini@redhat.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or late=
r.
+ * See the COPYING file in the top-level directory.
+ */
+#ifndef TARGET_I386_CG_H
+#define TARGET_I386_CG_H
+
+#include "qom/object.h"
+
+#include "exec/confidential-guest-support.h"
+
+#define TYPE_X86_CONFIDENTIAL_GUEST "x86-confidential-guest"
+
+OBJECT_DECLARE_TYPE(X86ConfidentialGuest,
+                    X86ConfidentialGuestClass,
+                    X86_CONFIDENTIAL_GUEST)
+
+struct X86ConfidentialGuest {
+    /* <private> */
+    ConfidentialGuestSupport parent_obj;
+};
+
+/**
+ * X86ConfidentialGuestClass:
+ *
+ * Class to be implemented by confidential-guest-support concrete objects
+ * for the x86 target.
+ */
+struct X86ConfidentialGuestClass {
+    /* <private> */
+    ConfidentialGuestSupportClass parent;
+};
+#endif
diff --git a/target/i386/confidential-guest.c b/target/i386/confidential-gu=
est.c
new file mode 100644
index 00000000000..b3727845adc
--- /dev/null
+++ b/target/i386/confidential-guest.c
@@ -0,0 +1,33 @@
+/*
+ * QEMU Confidential Guest support
+ *
+ * Copyright (C) 2024 Red Hat, Inc.
+ *
+ * Authors:
+ *  Paolo Bonzini <pbonzini@redhat.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later.  See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu/osdep.h"
+
+#include "confidential-guest.h"
+
+OBJECT_DEFINE_ABSTRACT_TYPE(X86ConfidentialGuest,
+                            x86_confidential_guest,
+                            X86_CONFIDENTIAL_GUEST,
+                            CONFIDENTIAL_GUEST_SUPPORT)
+
+static void x86_confidential_guest_class_init(ObjectClass *oc, void *data)
+{
+}
+
+static void x86_confidential_guest_init(Object *obj)
+{
+}
+
+static void x86_confidential_guest_finalize(Object *obj)
+{
+}
diff --git a/target/i386/sev.c b/target/i386/sev.c
index c49a8fd55eb..ebe36d4c10c 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -35,7 +35,7 @@
 #include "monitor/monitor.h"
 #include "monitor/hmp-target.h"
 #include "qapi/qapi-commands-misc-target.h"
-#include "exec/confidential-guest-support.h"
+#include "confidential-guest.h"
 #include "hw/i386/pc.h"
 #include "exec/address-spaces.h"
=20
@@ -54,7 +54,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST)
  *         -machine ...,memory-encryption=3Dsev0
  */
 struct SevGuestState {
-    ConfidentialGuestSupport parent_obj;
+    X86ConfidentialGuest parent_obj;
=20
     /* configuration parameters */
     char *sev_device;
@@ -1372,7 +1372,7 @@ sev_guest_instance_init(Object *obj)
=20
 /* sev guest info */
 static const TypeInfo sev_guest_info =3D {
-    .parent =3D TYPE_CONFIDENTIAL_GUEST_SUPPORT,
+    .parent =3D TYPE_X86_CONFIDENTIAL_GUEST,
     .name =3D TYPE_SEV_GUEST,
     .instance_size =3D sizeof(SevGuestState),
     .instance_finalize =3D sev_guest_finalize,
diff --git a/target/i386/meson.build b/target/i386/meson.build
index 7c74bfa8591..8abce725f86 100644
--- a/target/i386/meson.build
+++ b/target/i386/meson.build
@@ -6,7 +6,7 @@ i386_ss.add(files(
   'xsave_helper.c',
   'cpu-dump.c',
 ))
-i386_ss.add(when: 'CONFIG_SEV', if_true: files('host-cpu.c'))
+i386_ss.add(when: 'CONFIG_SEV', if_true: files('host-cpu.c', 'confidential=
-guest.c'))
=20
 # x86 cpu type
 i386_ss.add(when: 'CONFIG_KVM', if_true: files('host-cpu.c'))
--=20
2.44.0
From nobody Sat May 11 07:15:35 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1710856870; cv=none;
	d=zohomail.com; s=zohoarc;
	b=jIjifMbyqt7Tn+ENAFMHz/LcCb5XPjdj8x8ERkeZDSj270CphQGk0BGTyiiTwjxhzGAP7G2U0YxMBscMIQ9KcrxD7s2VbEN933P02vpiwfWQQisaamHTobnIdpoaz8UMLir/NHP/vWOPBR81MbFU0sHpSfVsU7We1/wqv3ITShI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1710856870;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=0ZjpHyueZD3HJUScBn+nz3v4c9B3biTjEnBOkJZO1UU=;
	b=atRzlyFc0g1HmqmxXZuOPwmXNy7unVDmf053x2GTBy2ah1pPKmjDfVWgCtOT+OqkRrf4GZsgDpyKvPlAk1Z4ShlOMbH61sQJtqf/2Koh+hQh8JLGhmLMaczXyVQ+JFgdGX/+9ZLMmaUdoOdHB/0Ip3vjooRWF/mMnNEUwmc+nNg=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pbonzini@redhat.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1710856870986651.3971926510106;
 Tue, 19 Mar 2024 07:01:10 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1rma19-0005cF-8f; Tue, 19 Mar 2024 10:00:39 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pbonzini@redhat.com>)
 id 1rma0z-0005Z3-Ta
 for qemu-devel@nongnu.org; Tue, 19 Mar 2024 10:00:31 -0400
Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pbonzini@redhat.com>)
 id 1rma0x-00074N-UH
 for qemu-devel@nongnu.org; Tue, 19 Mar 2024 10:00:29 -0400
Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com
 [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-670-9xDGkLeHNMi7uXuUubOeXg-1; Tue, 19 Mar 2024 10:00:25 -0400
Received: by mail-ej1-f70.google.com with SMTP id
 a640c23a62f3a-a469d3547c7so333834466b.0
 for <qemu-devel@nongnu.org>; Tue, 19 Mar 2024 07:00:24 -0700 (PDT)
Received: from [192.168.10.118] ([151.95.49.219])
 by smtp.gmail.com with ESMTPSA id
 pv27-20020a170907209b00b00a4576dd5a8csm6098646ejb.201.2024.03.19.07.00.20
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 19 Mar 2024 07:00:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1710856826;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=0ZjpHyueZD3HJUScBn+nz3v4c9B3biTjEnBOkJZO1UU=;
 b=TNzHA8Yxr7KZtOPKxqIlvuorBgOsYzoKMYjyBFhi2psz+5XMzlIsCWqhZpskuZo9ecyfT5
 BAOXKv0xa0Yvugb+K+4y9OMcyb6W1IUq0NspTWJU8kkYGsJV6MsUcKgkqrTSFExIjHHQLU
 eJGZzFv7VVdf9bmcqjFWJk93oDaeBp8=
X-MC-Unique: 9xDGkLeHNMi7uXuUubOeXg-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1710856823; x=1711461623;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=0ZjpHyueZD3HJUScBn+nz3v4c9B3biTjEnBOkJZO1UU=;
 b=vechZBbDm871YKSYFUMKILKF0Q/SzEjBnUAzxVzKEB7GLPtUYI8suaD4Kw87WoWE+Y
 L8sd7b9gsTJPE339yxo7GNAliEFa4OFnYHNbrj8uePdVj9Ekuyn/AOZX7pP68zu5PQs9
 K0G+3ULR+z0BjLfQW7x8Y4X9qWGEVGrxqbZ+EnWBGsssrJUVRJA0NZK7Js/upUZOga7g
 pq0NLJCf5xGflH8OjMJr84GMzMPIh37gm89kqOdRvNIRDSIj2+bBPeouteqw6xx2Y6ja
 DdA0OSPVMBCEAFgIOQqWFn7B/tEaYTU378lLdTphZOUfOl/Ldna3+CDlNWBmy7Aogal/
 0mzg==
X-Gm-Message-State: AOJu0YycFgZInKErj23A+8qIQ0sCkNJ5Cse5WTHovSVw8+vMvr/O4k2U
 2LlX8VebLMP5Nk3EdsZ6jLYxXY17BUmk1L28DivnetYNX/bnkHefzLYTu/9zfRmbLlO1ZoaZMPp
 bIZtYncNVOULIeEr427ixVQBFyZiETZbwh5o1ktEXXm3w28aPrjdjF+ynqrfeDoE4gycg0PNNm7
 qOHw5dHBgokp9g/gGCpaALlLGgV965gdobpVHr
X-Received: by 2002:a17:906:e0d8:b0:a44:e5ed:3d5d with SMTP id
 gl24-20020a170906e0d800b00a44e5ed3d5dmr2695637ejb.9.1710856822708;
 Tue, 19 Mar 2024 07:00:22 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IEWKZnabW3xKHH0RHk6nVwWREPVQcP0UurZ8uOhStIhSrUn/3YIA7ZCKWp7ARyK+QTvxnyz4Q==
X-Received: by 2002:a17:906:e0d8:b0:a44:e5ed:3d5d with SMTP id
 gl24-20020a170906e0d800b00a44e5ed3d5dmr2695605ejb.9.1710856822269;
 Tue, 19 Mar 2024 07:00:22 -0700 (PDT)
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: xiaoyao.li@intel.com,
	michael.roth@amd.com
Subject: [PATCH 6/7] target/i386: Implement mc->kvm_type() to get VM type
Date: Tue, 19 Mar 2024 14:59:59 +0100
Message-ID: <20240319140000.1014247-7-pbonzini@redhat.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240319140000.1014247-1-pbonzini@redhat.com>
References: <20240319140000.1014247-1-pbonzini@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=170.10.133.124;
 envelope-from=pbonzini@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.422,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1710856871640100001
Content-Type: text/plain; charset="utf-8"

From: Xiaoyao Li <xiaoyao.li@intel.com>

KVM is introducing a new API to create confidential guests, which
will be used by TDX and SEV-SNP but is also available for SEV and
SEV-ES.  The API uses the VM type argument to KVM_CREATE_VM to
identify which confidential computing technology to use.

Since there are no other expected uses of VM types, delegate
mc->kvm_type() for x86 boards to the confidential-guest-support
object pointed to by ms->cgs.

For example, if a sev-guest object is specified to confidential-guest-suppo=
rt,
like,

  qemu -machine ...,confidential-guest-support=3Dsev0 \
       -object sev-guest,id=3Dsev0,...

it will check if a VM type KVM_X86_SEV_VM or KVM_X86_SEV_ES_VM
is supported, and if so use them together with the KVM_SEV_INIT2
function of the KVM_MEMORY_ENCRYPT_OP ioctl. If not, it will fall back to
KVM_SEV_INIT and KVM_SEV_ES_INIT.

This is a preparatory work towards TDX and SEV-SNP support, but it
will also enable support for VMSA features such as DebugSwap, which
are only available via KVM_SEV_INIT2.

Co-developed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 target/i386/confidential-guest.h | 19 ++++++++++++++
 target/i386/kvm/kvm_i386.h       |  2 ++
 hw/i386/x86.c                    |  6 +++++
 target/i386/kvm/kvm.c            | 44 ++++++++++++++++++++++++++++++++
 4 files changed, 71 insertions(+)

diff --git a/target/i386/confidential-guest.h b/target/i386/confidential-gu=
est.h
index ca12d5a8fba..532e172a60b 100644
--- a/target/i386/confidential-guest.h
+++ b/target/i386/confidential-guest.h
@@ -36,5 +36,24 @@ struct X86ConfidentialGuest {
 struct X86ConfidentialGuestClass {
     /* <private> */
     ConfidentialGuestSupportClass parent;
+
+    /* <public> */
+    int (*kvm_type)(X86ConfidentialGuest *cg);
 };
+
+/**
+ * x86_confidential_guest_kvm_type:
+ *
+ * Calls #X86ConfidentialGuestClass.unplug callback of @plug_handler.
+ */
+static inline int x86_confidential_guest_kvm_type(X86ConfidentialGuest *cg)
+{
+    X86ConfidentialGuestClass *klass =3D X86_CONFIDENTIAL_GUEST_GET_CLASS(=
cg);
+
+    if (klass->kvm_type) {
+        return klass->kvm_type(cg);
+    } else {
+        return 0;
+    }
+}
 #endif
diff --git a/target/i386/kvm/kvm_i386.h b/target/i386/kvm/kvm_i386.h
index 30fedcffea3..02168122787 100644
--- a/target/i386/kvm/kvm_i386.h
+++ b/target/i386/kvm/kvm_i386.h
@@ -37,6 +37,7 @@ bool kvm_hv_vpindex_settable(void);
 bool kvm_enable_sgx_provisioning(KVMState *s);
 bool kvm_hyperv_expand_features(X86CPU *cpu, Error **errp);
=20
+int kvm_get_vm_type(MachineState *ms, const char *vm_type);
 void kvm_arch_reset_vcpu(X86CPU *cs);
 void kvm_arch_after_reset_vcpu(X86CPU *cpu);
 void kvm_arch_do_init_vcpu(X86CPU *cs);
@@ -49,6 +50,7 @@ void kvm_request_xsave_components(X86CPU *cpu, uint64_t m=
ask);
=20
 #ifdef CONFIG_KVM
=20
+bool kvm_is_vm_type_supported(int type);
 bool kvm_has_adjust_clock_stable(void);
 bool kvm_has_exception_payload(void);
 void kvm_synchronize_all_tsc(void);
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index ffbda48917f..2d4b148cd25 100644
--- a/hw/i386/x86.c
+++ b/hw/i386/x86.c
@@ -1389,6 +1389,11 @@ static void machine_set_sgx_epc(Object *obj, Visitor=
 *v, const char *name,
     qapi_free_SgxEPCList(list);
 }
=20
+static int x86_kvm_type(MachineState *ms, const char *vm_type)
+{
+    return kvm_enabled() ? kvm_get_vm_type(ms, vm_type) : 0;
+}
+
 static void x86_machine_initfn(Object *obj)
 {
     X86MachineState *x86ms =3D X86_MACHINE(obj);
@@ -1413,6 +1418,7 @@ static void x86_machine_class_init(ObjectClass *oc, v=
oid *data)
     mc->cpu_index_to_instance_props =3D x86_cpu_index_to_props;
     mc->get_default_cpu_node_id =3D x86_get_default_cpu_node_id;
     mc->possible_cpu_arch_ids =3D x86_possible_cpu_arch_ids;
+    mc->kvm_type =3D x86_kvm_type;
     x86mc->save_tsc_khz =3D true;
     x86mc->fwcfg_dma_enabled =3D true;
     nc->nmi_monitor_handler =3D x86_nmi;
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 0ec69109a2b..e109648f260 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -31,6 +31,7 @@
 #include "sysemu/kvm_int.h"
 #include "sysemu/runstate.h"
 #include "kvm_i386.h"
+#include "../confidential-guest.h"
 #include "sev.h"
 #include "xen-emu.h"
 #include "hyperv.h"
@@ -161,6 +162,49 @@ static KVMMSRHandlers msr_handlers[KVM_MSR_FILTER_MAX_=
RANGES];
 static RateLimit bus_lock_ratelimit_ctrl;
 static int kvm_get_one_msr(X86CPU *cpu, int index, uint64_t *value);
=20
+static const char *vm_type_name[] =3D {
+    [KVM_X86_DEFAULT_VM] =3D "default",
+};
+
+bool kvm_is_vm_type_supported(int type)
+{
+    uint32_t machine_types;
+
+    /*
+     * old KVM doesn't support KVM_CAP_VM_TYPES but KVM_X86_DEFAULT_VM
+     * is always supported
+     */
+    if (type =3D=3D KVM_X86_DEFAULT_VM) {
+        return true;
+    }
+
+    machine_types =3D kvm_check_extension(KVM_STATE(current_machine->accel=
erator),
+                                        KVM_CAP_VM_TYPES);
+    return !!(machine_types & BIT(type));
+}
+
+int kvm_get_vm_type(MachineState *ms, const char *vm_type)
+{
+    int kvm_type =3D KVM_X86_DEFAULT_VM;
+
+    if (ms->cgs) {
+        if (!object_dynamic_cast(OBJECT(ms->cgs), TYPE_X86_CONFIDENTIAL_GU=
EST)) {
+            error_report("configuration type %s not supported for x86 gues=
ts",
+                         object_get_typename(OBJECT(ms->cgs)));
+            exit(1);
+        }
+        kvm_type =3D x86_confidential_guest_kvm_type(
+            X86_CONFIDENTIAL_GUEST(ms->cgs));
+    }
+
+    if (!kvm_is_vm_type_supported(kvm_type)) {
+        error_report("vm-type %s not supported by KVM", vm_type_name[kvm_t=
ype]);
+        exit(1);
+    }
+
+    return kvm_type;
+}
+
 bool kvm_has_smm(void)
 {
     return kvm_vm_check_extension(kvm_state, KVM_CAP_X86_SMM);
--=20
2.44.0
From nobody Sat May 11 07:15:35 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1710856960; cv=none;
	d=zohomail.com; s=zohoarc;
	b=dqCvndpG5E4jAeWbJ8JKpjrdDk1mBH6pi7i2GuXm4t6+puMr9NhV/kZNeIVRb0/xoEpBwg8WvOfr5c5wezsuaGQLCxmr0h2Ld4irE7Zcj+KmODIxcy/nyBESBXMNzA+cs3AGocORlvSJEd/yksggHZbXwsxTaLOEKPAuYr7de0c=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1710856960;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=wDLmt4dXsnil5+MSxsOmljxdtxv2E/Tbja4ppJhpbW0=;
	b=KfCe9Z5NOOFYi0y8e6BWaSuY95Z74hpfuifnTq9u3eqKFeS6BtgERM4Fv0MxRjo/aOdhZUsu8DI0lSa+Lz3R3bhYE2xSXqQNoKo+KqMhUbCf8GakmNLi1gBxM2sX9HaEEQZeLhjxVCxg4ejyZl/W5VSIgWv7ORhD75TTn13T4kk=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<pbonzini@redhat.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1710856960066336.36674029831056;
 Tue, 19 Mar 2024 07:02:40 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1rma17-0005bY-Qx; Tue, 19 Mar 2024 10:00:37 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pbonzini@redhat.com>)
 id 1rma12-0005Zr-90
 for qemu-devel@nongnu.org; Tue, 19 Mar 2024 10:00:32 -0400
Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <pbonzini@redhat.com>)
 id 1rma10-00074n-Mx
 for qemu-devel@nongnu.org; Tue, 19 Mar 2024 10:00:32 -0400
Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com
 [209.85.208.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-102-UBd-x95_NN6nIPXz0UvNrg-1; Tue, 19 Mar 2024 10:00:27 -0400
Received: by mail-ed1-f72.google.com with SMTP id
 4fb4d7f45d1cf-5689f41cf4dso2955689a12.3
 for <qemu-devel@nongnu.org>; Tue, 19 Mar 2024 07:00:27 -0700 (PDT)
Received: from [192.168.10.118] ([151.95.49.219])
 by smtp.gmail.com with ESMTPSA id
 c12-20020a0564021f8c00b005682f8b62a6sm5797193edc.97.2024.03.19.07.00.23
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 19 Mar 2024 07:00:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1710856829;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=wDLmt4dXsnil5+MSxsOmljxdtxv2E/Tbja4ppJhpbW0=;
 b=Fgfbz6MoXJ+E2kMvME3sIyQG02b2O+Ey9XdgqzOYXYEMDVrc+nl0wws5lC66mfGGYE9+qV
 Fz/NfWVx4xETeKKyaV/ViKQGZTOHt7OorYljbDZnS9EWBuMfgCN/46531bll4An1t6QuDq
 COVPuK6qsnYSuTBr7rgVkdmc7pyEU6c=
X-MC-Unique: UBd-x95_NN6nIPXz0UvNrg-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1710856825; x=1711461625;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=wDLmt4dXsnil5+MSxsOmljxdtxv2E/Tbja4ppJhpbW0=;
 b=UOgmRrxZzTvGNMeRKCylpQVDqEQ8WjmWw7GrmTfO0Pc2Vf8p785F7VgpPV6iLGqZuR
 mhALOn8xer9wxvsLcUcQRSlaMze3zyVhd/bIp4FU12cVX+MDmrJb/cOl7FQWnYaHCniT
 +tksPz1rwG0HfMpsepsoPGFB2GiuWBOS0F+tKQhJv3mfCJxQIfFtGz4YBEfeavW4drbu
 2PAZbVpTlL8yTSnwPE0tTSpEwc8hREe02UI4HaCTf71Ynx2oGfwCDFvqo9N+b9sn0GVX
 wrpwlF3aYYNIutnu25nNSSfwC5rjHVMjRy1CdXzz/XvSiU0rJCA6U/3KK2SbIGYEy4E8
 6+eQ==
X-Gm-Message-State: AOJu0YyL7AcB5Bmvz374vVoEfQoC5JCu4vQqTUbcf/DDAat6eWG9sB0X
 8T7m+xgSRHCn/RoLBwkcHtVydIqZ0vvmZD2rU3lKlFYIIoXuw+dZBs62M1B7CemlsBvzzDasimS
 2XAx6QLN//bW8JBmcm9nJU4A+bG0IZiPBEt4k0ochw3xuOIM205vzWgQk5vlqphxQYP3CYjGrv6
 vfwFQI1Rft2X8x8TONHNz7D+xE8QnOk7pEdx/W
X-Received: by 2002:a05:6402:3884:b0:568:b610:b7f5 with SMTP id
 fd4-20020a056402388400b00568b610b7f5mr2258210edb.35.1710856825434;
 Tue, 19 Mar 2024 07:00:25 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IFPSILqxQhc4GvfPEbGVMh0uWkLCws/PfaHqLo/9y9pQnv7wrtdh7HAWznQqTNhvjubZ3JvcQ==
X-Received: by 2002:a05:6402:3884:b0:568:b610:b7f5 with SMTP id
 fd4-20020a056402388400b00568b610b7f5mr2258193edb.35.1710856825161;
 Tue, 19 Mar 2024 07:00:25 -0700 (PDT)
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: xiaoyao.li@intel.com,
	michael.roth@amd.com
Subject: [PATCH 7/7] target/i386: SEV: use KVM_SEV_INIT2 if possible
Date: Tue, 19 Mar 2024 15:00:00 +0100
Message-ID: <20240319140000.1014247-8-pbonzini@redhat.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240319140000.1014247-1-pbonzini@redhat.com>
References: <20240319140000.1014247-1-pbonzini@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=170.10.133.124;
 envelope-from=pbonzini@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.422,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1710856962437100001
Content-Type: text/plain; charset="utf-8"

Implement support for the KVM_X86_SEV_VM and KVM_X86_SEV_ES_VM virtual
machine types, and the KVM_SEV_INIT2 function of KVM_MEMORY_ENCRYPT_OP.

These replace the KVM_SEV_INIT and KVM_SEV_ES_INIT functions, and have
several advantages:

- sharing the initialization sequence with SEV-SNP and TDX

- allowing arguments including the set of desired VMSA features

- protection against invalid use of KVM_GET/SET_* ioctls for guests
  with encrypted state

If the KVM_X86_SEV_VM and KVM_X86_SEV_ES_VM types are not supported,
fall back to KVM_SEV_INIT and KVM_SEV_ES_INIT (which use the
default x86 VM type).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target/i386/sev.c | 41 +++++++++++++++++++++++++++++++++++++----
 1 file changed, 37 insertions(+), 4 deletions(-)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index ebe36d4c10c..9dab4060b84 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -26,6 +26,7 @@
 #include "qemu/error-report.h"
 #include "crypto/hash.h"
 #include "sysemu/kvm.h"
+#include "kvm/kvm_i386.h"
 #include "sev.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/runstate.h"
@@ -56,6 +57,8 @@ OBJECT_DECLARE_SIMPLE_TYPE(SevGuestState, SEV_GUEST)
 struct SevGuestState {
     X86ConfidentialGuest parent_obj;
=20
+    int kvm_type;
+
     /* configuration parameters */
     char *sev_device;
     uint32_t policy;
@@ -850,6 +853,26 @@ sev_vm_state_change(void *opaque, bool running, RunSta=
te state)
     }
 }
=20
+static int sev_kvm_type(X86ConfidentialGuest *cg)
+{
+    SevGuestState *sev =3D SEV_GUEST(cg);
+    int kvm_type;
+
+    if (sev->kvm_type !=3D -1) {
+        goto out;
+    }
+
+    kvm_type =3D (sev->policy & SEV_POLICY_ES) ? KVM_X86_SEV_ES_VM : KVM_X=
86_SEV_VM;
+    if (kvm_is_vm_type_supported(kvm_type)) {
+        sev->kvm_type =3D kvm_type;
+    } else {
+        sev->kvm_type =3D KVM_X86_DEFAULT_VM;
+    }
+
+out:
+    return sev->kvm_type;
+}
+
 static int sev_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
 {
     SevGuestState *sev =3D SEV_GUEST(cgs);
@@ -929,13 +952,19 @@ static int sev_kvm_init(ConfidentialGuestSupport *cgs=
, Error **errp)
                          __func__);
             goto err;
         }
-        cmd =3D KVM_SEV_ES_INIT;
-    } else {
-        cmd =3D KVM_SEV_INIT;
     }
=20
     trace_kvm_sev_init();
-    ret =3D sev_ioctl(sev->sev_fd, cmd, NULL, &fw_error);
+    if (sev_kvm_type(X86_CONFIDENTIAL_GUEST(sev)) =3D=3D KVM_X86_DEFAULT_V=
M) {
+        cmd =3D sev_es_enabled() ? KVM_SEV_ES_INIT : KVM_SEV_INIT;
+
+        ret =3D sev_ioctl(sev->sev_fd, cmd, NULL, &fw_error);
+    } else {
+        struct kvm_sev_init args =3D { 0 };
+
+        ret =3D sev_ioctl(sev->sev_fd, KVM_SEV_INIT2, &args, &fw_error);
+    }
+
     if (ret) {
         error_setg(errp, "%s: failed to initialize ret=3D%d fw_error=3D%d =
'%s'",
                    __func__, ret, fw_error, fw_error_to_str(fw_error));
@@ -1327,8 +1356,10 @@ static void
 sev_guest_class_init(ObjectClass *oc, void *data)
 {
     ConfidentialGuestSupportClass *klass =3D CONFIDENTIAL_GUEST_SUPPORT_CL=
ASS(oc);
+    X86ConfidentialGuestClass *x86_klass =3D X86_CONFIDENTIAL_GUEST_CLASS(=
oc);
=20
     klass->kvm_init =3D sev_kvm_init;
+    x86_klass->kvm_type =3D sev_kvm_type;
=20
     object_class_property_add_str(oc, "sev-device",
                                   sev_guest_get_sev_device,
@@ -1357,6 +1388,8 @@ sev_guest_instance_init(Object *obj)
 {
     SevGuestState *sev =3D SEV_GUEST(obj);
=20
+    sev->kvm_type =3D -1;
+
     sev->sev_device =3D g_strdup(DEFAULT_SEV_DEVICE);
     sev->policy =3D DEFAULT_GUEST_POLICY;
     object_property_add_uint32_ptr(obj, "policy", &sev->policy,
--=20
2.44.0