From nobody Mon May 12 02:32:23 2025
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
dkim=pass header.i=@intel.com;
spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
permitted sender)
smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
dmarc=pass(p=none dis=none) header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1737726541; cv=none;
d=zohomail.com; s=zohoarc;
b=Ks0llwLt20ZC72gAjedrZEJSlmGsJUX1cXBpo+0buYH5ZGwVv1uhZihqULdywNA/L0CEUMThiLU0d9xOPmNR3JQMrHhr69s7s2RTEKT0fqB/gJs5Z1Pf0GI37HNNoS8a/qp8hT3QUlS3MjRowDdqQGysc16Aeu5BmkkAlAFW4Yg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
s=zohoarc;
t=1737726541;
h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
bh=WHGYQruSwHbUFcACS5uKPwf32AlgWG9biOFAo+PIJhY=;
b=aMnca2N7bN3OK3R070ix30tz10HDTTVo4UHZMUJ5V/MGYLUJFU4xC0DUWwnhUgYGSaR4RHAww157BlG95KYDp1s+q3VV/6U17dbFZY0J5l3THfUTq7HWbEPIQHlurIQN4V2ATKqHZLyGk8Z1zoY8HR7GhWRIjluDs+9Z3NbPYEA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
dkim=pass header.i=@intel.com;
spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
permitted sender)
smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
dmarc=pass header.from=<xiaoyao.li@intel.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
mx.zohomail.com
with SMTPS id 1737726541198237.63024081528465;
Fri, 24 Jan 2025 05:49:01 -0800 (PST)
Received: from localhost ([::1] helo=lists1p.gnu.org)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <qemu-devel-bounces@nongnu.org>)
id 1tbJuP-0008AI-E3; Fri, 24 Jan 2025 08:39:41 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <xiaoyao.li@intel.com>)
id 1tbJuD-0007Cp-0p
for qemu-devel@nongnu.org; Fri, 24 Jan 2025 08:39:33 -0500
Received: from mgamail.intel.com ([198.175.65.13])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <xiaoyao.li@intel.com>)
id 1tbJuB-00041c-FA
for qemu-devel@nongnu.org; Fri, 24 Jan 2025 08:39:28 -0500
Received: from fmviesa003.fm.intel.com ([10.60.135.143])
by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
24 Jan 2025 05:39:11 -0800
Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52])
by fmviesa003.fm.intel.com with ESMTP; 24 Jan 2025 05:39:07 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
t=1737725968; x=1769261968;
h=from:to:cc:subject:date:message-id:in-reply-to:
references:mime-version:content-transfer-encoding;
bh=3htOvA2jbpLNtRYP7pYOxr4oRukBQDBcMamKFay85SU=;
b=BSXXmaiZ6NuJdIZ8NHP7X3f+oduP4kekm4d57yTepth5qwPb6G4rtFlb
8lfO3CpfFj77sJSjCIFlila3oUzct7KFe+Jbtw6HjBrI8Cv9Aj9A1wsXU
HCupCJBsgVItU6mv4I6napllDFwJOgGXj4HvTq56CWgyiBJmv01DP7M6m
ivFI4IiLszSw+mQu2TawfRN+an/RCcD7dun9myy0qoPojkzxSdzkoOrUX
QavH8EXz8REtF40lZBQjKFyw4z5GLK4yvadPtxmbDEt0txD2ALXTWA3WO
TXdWSYT9WVbs8H57vutoy5vdW5Uzxa2gN6WhXEX5KKeFbEaoYc6WD6Vpg g==;
X-CSE-ConnectionGUID: PvTlucndR7ShawZT4CPGJg==
X-CSE-MsgGUID: v9k2MfykQ1m2QyXFyvyNNw==
X-IronPort-AV: E=McAfee;i="6700,10204,11325"; a="49246502"
X-IronPort-AV: E=Sophos;i="6.13,231,1732608000"; d="scan'208";a="49246502"
X-CSE-ConnectionGUID: GBAGZD3TTzGavPdm4Wq8KA==
X-CSE-MsgGUID: GpGGeVBJSaWU8VbW4hQpRQ==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.12,224,1728975600"; d="scan'208";a="111804403"
From: Xiaoyao Li <xiaoyao.li@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
=?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>,
=?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
Igor Mammedov <imammedo@redhat.com>
Cc: Zhao Liu <zhao1.liu@intel.com>, "Michael S. Tsirkin" <mst@redhat.com>,
Eric Blake <eblake@redhat.com>, Markus Armbruster <armbru@redhat.com>,
Peter Maydell <peter.maydell@linaro.org>,
Marcelo Tosatti <mtosatti@redhat.com>, Huacai Chen <chenhuacai@kernel.org>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
Francesco Lavra <francescolavra.fl@gmail.com>, xiaoyao.li@intel.com,
qemu-devel@nongnu.org, kvm@vger.kernel.org
Subject: [PATCH v7 34/52] i386/tdx: Disable SMM for TDX VMs
Date: Fri, 24 Jan 2025 08:20:30 -0500
Message-Id: <20250124132048.3229049-35-xiaoyao.li@intel.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250124132048.3229049-1-xiaoyao.li@intel.com>
References: <20250124132048.3229049-1-xiaoyao.li@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
as permitted sender) client-ip=209.51.188.17;
envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
helo=lists.gnu.org;
Received-SPF: pass client-ip=198.175.65.13;
envelope-from=xiaoyao.li@intel.com;
helo=mgamail.intel.com
X-Spam_score_int: -63
X-Spam_score: -6.4
X-Spam_bar: ------
X-Spam_report: (-6.4 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-2.996,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.998, RCVD_IN_DNSWL_MED=-2.3,
RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001,
RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @intel.com)
X-ZM-MESSAGEID: 1737726543707019100
Content-Type: text/plain; charset="utf-8"
TDX doesn't support SMM and VMM cannot emulate SMM for TDX VMs because
VMM cannot manipulate TDX VM's memory.
Disable SMM for TDX VMs and error out if user requests to enable SMM.
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
---
target/i386/kvm/tdx.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index f4d95b0a4029..10059ec8cf92 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -365,11 +365,20 @@ static Notifier tdx_machine_done_notify =3D {
=20
static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
{
+ MachineState *ms =3D MACHINE(qdev_get_machine());
+ X86MachineState *x86ms =3D X86_MACHINE(ms);
TdxGuest *tdx =3D TDX_GUEST(cgs);
int r =3D 0;
=20
kvm_mark_guest_state_protected();
=20
+ if (x86ms->smm =3D=3D ON_OFF_AUTO_AUTO) {
+ x86ms->smm =3D ON_OFF_AUTO_OFF;
+ } else if (x86ms->smm =3D=3D ON_OFF_AUTO_ON) {
+ error_setg(errp, "TDX VM doesn't support SMM");
+ return -EINVAL;
+ }
+
if (!tdx_caps) {
r =3D get_tdx_capabilities(errp);
if (r) {
--=20
2.34.1