1. Patchew
  2. QEMU
  3. [PATCH for 10.1 v8 00/55] QEMU TDX support
  4. View patch

[PATCH v8 50/55] i386/cgs: Introduce x86_confidential_guest_check_features()

Xiaoyao Li posted 55 patches 10 months, 2 weeks ago
[PATCH v8 50/55] i386/cgs: Introduce x86_confidential_guest_check_features()
Posted by Xiaoyao Li 10 months, 2 weeks ago 
To do cgs specific feature checking. Note the feature checking in
x86_cpu_filter_features() is valid for non-cgs VMs. For cgs VMs like
TDX, what features can be supported has more restrictions.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 target/i386/confidential-guest.h | 13 +++++++++++++
 target/i386/kvm/kvm.c            |  8 ++++++++
 2 files changed, 21 insertions(+)

diff --git a/target/i386/confidential-guest.h b/target/i386/confidential-guest.h
index 777d43cc9688..48b88dbd3130 100644
--- a/target/i386/confidential-guest.h
+++ b/target/i386/confidential-guest.h
@@ -42,6 +42,7 @@ struct X86ConfidentialGuestClass {
     void (*cpu_instance_init)(X86ConfidentialGuest *cg, CPUState *cpu);
     uint32_t (*adjust_cpuid_features)(X86ConfidentialGuest *cg, uint32_t feature,
                                       uint32_t index, int reg, uint32_t value);
+    int (*check_features)(X86ConfidentialGuest *cg, CPUState *cs);
 };
 
 /**
@@ -91,4 +92,16 @@ static inline int x86_confidential_guest_adjust_cpuid_features(X86ConfidentialGu
     }
 }
 
+static inline int x86_confidential_guest_check_features(X86ConfidentialGuest *cg,
+                                                        CPUState *cs)
+{
+    X86ConfidentialGuestClass *klass = X86_CONFIDENTIAL_GUEST_GET_CLASS(cg);
+
+    if (klass->check_features) {
+        return klass->check_features(cg, cs);
+    }
+
+    return 0;
+}
+
 #endif
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 17d7bf6ae9aa..27b4a069d194 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -2092,6 +2092,14 @@ int kvm_arch_init_vcpu(CPUState *cs)
     int r;
     Error *local_err = NULL;
 
+    if (current_machine->cgs) {
+        r = x86_confidential_guest_check_features(
+                X86_CONFIDENTIAL_GUEST(current_machine->cgs), cs);
+        if (r < 0) {
+            return r;
+        }
+    }
+
     memset(&cpuid_data, 0, sizeof(cpuid_data));
 
     cpuid_i = 0;
-- 
2.34.1
Re: [PATCH v8 50/55] i386/cgs: Introduce x86_confidential_guest_check_features()
Posted by Zhao Liu 9 months, 1 week ago 
On Tue, Apr 01, 2025 at 09:02:00AM -0400, Xiaoyao Li wrote:
> Date: Tue,  1 Apr 2025 09:02:00 -0400
> From: Xiaoyao Li <xiaoyao.li@intel.com>
> Subject: [PATCH v8 50/55] i386/cgs: Introduce
>  x86_confidential_guest_check_features()
> X-Mailer: git-send-email 2.34.1
> 
> To do cgs specific feature checking. Note the feature checking in
> x86_cpu_filter_features() is valid for non-cgs VMs. For cgs VMs like
> TDX, what features can be supported has more restrictions.
> 
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> ---
>  target/i386/confidential-guest.h | 13 +++++++++++++
>  target/i386/kvm/kvm.c            |  8 ++++++++
>  2 files changed, 21 insertions(+)

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.