From nobody Wed Apr 9 13:06:39 2025
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
dkim=pass header.i=@intel.com;
spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
permitted sender)
smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
dmarc=pass(p=none dis=none) header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1743515694; cv=none;
d=zohomail.com; s=zohoarc;
b=OYAA1e7sjnDMkxJ1kUcg2iTMiyxBB4Sh794Lu08SxNlVSLywGDE4QKvQiRyydkraa/SqLtmw4UJ1elX1A8tvvJ3z/ObvLXtga1S/5Y7cJfi5kjujBQYde9O7Cal8KqEnkkG+gh/nAQ93n56duwlT/vapqtG1PPIHUo1bIJrGl2g=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
s=zohoarc;
t=1743515694;
h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
bh=wLQOUv1bz06HgKGCV4EaYxlDccd8mh3Djf8olyjQdJY=;
b=j4Xtl1VHSnAYt0bGlyi2HWYU/MneVR+FOcYFsDDdx6N7L7zoEHZt85Lf3JHsahYUpoGuO8EaUtQD1ftMAIlOitx3FaSEOyRFrV/wedyc73O11dRUKS/OG9Uvz058XX/j9zeNGWrobBAF1njRaoVz47ig/fwK78XEu/EfcCE/xe4=
ARC-Authentication-Results: i=1; mx.zohomail.com;
dkim=pass header.i=@intel.com;
spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
permitted sender)
smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
dmarc=pass header.from=<xiaoyao.li@intel.com> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
mx.zohomail.com
with SMTPS id 1743515694657718.6044288865486;
Tue, 1 Apr 2025 06:54:54 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <qemu-devel-bounces@nongnu.org>)
id 1tzbxy-0004Cp-TJ; Tue, 01 Apr 2025 09:47:55 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <xiaoyao.li@intel.com>)
id 1tzbu7-0000Uu-Kb
for qemu-devel@nongnu.org; Tue, 01 Apr 2025 09:44:00 -0400
Received: from mgamail.intel.com ([192.198.163.16])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <xiaoyao.li@intel.com>)
id 1tzbu1-0006XQ-1Q
for qemu-devel@nongnu.org; Tue, 01 Apr 2025 09:43:45 -0400
Received: from fmviesa008.fm.intel.com ([10.60.135.148])
by fmvoesa110.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
01 Apr 2025 06:42:43 -0700
Received: from lxy-clx-4s.sh.intel.com ([10.239.48.52])
by fmviesa008.fm.intel.com with ESMTP; 01 Apr 2025 06:42:40 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
t=1743515021; x=1775051021;
h=from:to:cc:subject:date:message-id:in-reply-to:
references:mime-version:content-transfer-encoding;
bh=HwScKJFzwiqf5BzHfzfSKnBgtID2JLDKcoV7qGODNiU=;
b=XAt4YXyHOINujcGMCrdzj5do+tdAqOZbm4Hp+U+MZyfzD38WMSru0cLW
nkfkLzJvOHBB76q1I55aoH/zhDpPHXZ1MCSJ0293+bu/31P1BX/fj8yFG
2ME5abEBuZvh9XQ696521SwFsvYtTnbq3cI+2/HfLMvKYzmLbrDz5TDiG
o11D7dDLD2DcBI6L2ydLV7ZE2y8tUkkrqhpLM67YueX9mVBggxEaRAE0U
MlpiRtM821jdux8T7OuPXH2lwjNosHpSQfDHM37OKdgrB3pyCTuyHhVP/
zLU2lT/UoPzIdoayHoGAytFfl/D+3NHkN5uRUe/2SP9/fHps3gPNMGbo9 w==;
X-CSE-ConnectionGUID: 72uM4vEfTLCJr39EGznR5A==
X-CSE-MsgGUID: cictwSCOREu4JixzfmBr9Q==
X-IronPort-AV: E=McAfee;i="6700,10204,11391"; a="32433466"
X-IronPort-AV: E=Sophos;i="6.14,293,1736841600"; d="scan'208";a="32433466"
X-CSE-ConnectionGUID: gJVZlGc0Toe5Wi8jv/Td2w==
X-CSE-MsgGUID: uBjGreyaRDGGHB9LO4o5bw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.14,293,1736841600"; d="scan'208";a="126640134"
From: Xiaoyao Li <xiaoyao.li@intel.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
=?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>,
Markus Armbruster <armbru@redhat.com>,
Francesco Lavra <francescolavra.fl@gmail.com>,
Marcelo Tosatti <mtosatti@redhat.com>, qemu-devel@nongnu.org,
=?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
Xiaoyao Li <xiaoyao.li@intel.com>
Subject: [PATCH v8 36/55] i386/tdx: Disable SMM for TDX VMs
Date: Tue, 1 Apr 2025 09:01:46 -0400
Message-Id: <20250401130205.2198253-37-xiaoyao.li@intel.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20250401130205.2198253-1-xiaoyao.li@intel.com>
References: <20250401130205.2198253-1-xiaoyao.li@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
as permitted sender) client-ip=209.51.188.17;
envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
helo=lists.gnu.org;
Received-SPF: pass client-ip=192.198.163.16;
envelope-from=xiaoyao.li@intel.com;
helo=mgamail.intel.com
X-Spam_score_int: -43
X-Spam_score: -4.4
X-Spam_bar: ----
X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.997,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, RCVD_IN_DNSWL_MED=-2.3,
RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001,
RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @intel.com)
X-ZM-MESSAGEID: 1743515695919019000
Content-Type: text/plain; charset="utf-8"
TDX doesn't support SMM and VMM cannot emulate SMM for TDX VMs because
VMM cannot manipulate TDX VM's memory.
Disable SMM for TDX VMs and error out if user requests to enable SMM.
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
target/i386/kvm/tdx.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index a816f57043f6..0eefd058f7a2 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -369,11 +369,20 @@ static Notifier tdx_machine_done_notify =3D {
=20
static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
{
+ MachineState *ms =3D MACHINE(qdev_get_machine());
+ X86MachineState *x86ms =3D X86_MACHINE(ms);
TdxGuest *tdx =3D TDX_GUEST(cgs);
int r =3D 0;
=20
kvm_mark_guest_state_protected();
=20
+ if (x86ms->smm =3D=3D ON_OFF_AUTO_AUTO) {
+ x86ms->smm =3D ON_OFF_AUTO_OFF;
+ } else if (x86ms->smm =3D=3D ON_OFF_AUTO_ON) {
+ error_setg(errp, "TDX VM doesn't support SMM");
+ return -EINVAL;
+ }
+
if (!tdx_caps) {
r =3D get_tdx_capabilities(errp);
if (r) {
--=20
2.34.1