1. Patchew
  2. QEMU
  3. [PULL 00/77] Rust, target/i386 changes for QEMU 10.1 soft freeze
  4. View patch

[PULL 15/77] i386/tdx: handle TDVMCALL_SETUP_EVENT_NOTIFY_INTERRUPT

Paolo Bonzini posted 77 patches 4 months ago
Maintainers: "Philippe Mathieu-Daudé" <philmd@linaro.org>, "Daniel P. Berrangé" <berrange@redhat.com>, Kashyap Chamarthy <kchamart@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>, "Michael S. Tsirkin" <mst@redhat.com>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, Richard Henderson <richard.henderson@linaro.org>, Eduardo Habkost <eduardo@habkost.net>, Cornelia Huck <cohuck@redhat.com>, "Marc-André Lureau" <marcandre.lureau@redhat.com>, Eric Blake <eblake@redhat.com>, Markus Armbruster <armbru@redhat.com>, Manos Pitsidianakis <manos.pitsidianakis@linaro.org>, Zhao Liu <zhao1.liu@intel.com>, Cameron Esfahani <dirty@apple.com>, Roman Bolshakov <rbolshakov@ddn.com>, Phil Dennis-Jordan <phil@philjordan.eu>, Reinoud Zandijk <reinoud@netbsd.org>, Sunil Muthuswamy <sunilmut@microsoft.com>, Warner Losh <imp@bsdimp.com>, Kyle Evans <kevans@freebsd.org>, Ed Maste <emaste@freebsd.org>, Li-Wen Hsu <lwhsu@freebsd.org>, "Alex Bennée" <alex.bennee@linaro.org>, Thomas Huth <thuth@redhat.com>
[PULL 15/77] i386/tdx: handle TDVMCALL_SETUP_EVENT_NOTIFY_INTERRUPT
Posted by Paolo Bonzini 4 months ago 
From: Xiaoyao Li <xiaoyao.li@intel.com>

Record the interrupt vector and the apic id of the vcpu that calls
TDVMCALL_SETUP_EVENT_NOTIFY_INTERRUPT.

Inject the interrupt to TD guest to notify the completion of <GetQuote>
when notify interrupt vector is valid.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Link: https://lore.kernel.org/r/20250703024021.3559286-5-xiaoyao.li@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target/i386/kvm/tdx.h      |  7 ++++++
 target/i386/kvm/kvm.c      |  3 +++
 target/i386/kvm/tdx-stub.c |  4 ++++
 target/i386/kvm/tdx.c      | 48 +++++++++++++++++++++++++++++++++++++-
 4 files changed, 61 insertions(+), 1 deletion(-)

diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h
index d439078a876..1c38faf9834 100644
--- a/target/i386/kvm/tdx.h
+++ b/target/i386/kvm/tdx.h
@@ -25,6 +25,7 @@ typedef struct TdxGuestClass {
 
 #define TDVMCALL_GET_TD_VM_CALL_INFO    0x10000
 #define TDVMCALL_GET_QUOTE		 0x10002
+#define TDVMCALL_SETUP_EVENT_NOTIFY_INTERRUPT   0x10004
 
 #define TDG_VP_VMCALL_SUCCESS           0x0000000000000000ULL
 #define TDG_VP_VMCALL_RETRY             0x0000000000000001ULL
@@ -32,6 +33,8 @@ typedef struct TdxGuestClass {
 #define TDG_VP_VMCALL_GPA_INUSE         0x8000000000000001ULL
 #define TDG_VP_VMCALL_ALIGN_ERROR       0x8000000000000002ULL
 
+#define TDG_VP_VMCALL_SUBFUNC_SET_EVENT_NOTIFY_INTERRUPT BIT_ULL(1)
+
 enum TdxRamType {
     TDX_RAM_UNACCEPTED,
     TDX_RAM_ADDED,
@@ -64,6 +67,9 @@ typedef struct TdxGuest {
     /* GetQuote */
     SocketAddress *qg_sock_addr;
     int num;
+
+    uint32_t event_notify_vector;
+    uint32_t event_notify_apicid;
 } TdxGuest;
 
 #ifdef CONFIG_TDX
@@ -78,5 +84,6 @@ int tdx_parse_tdvf(void *flash_ptr, int size);
 int tdx_handle_report_fatal_error(X86CPU *cpu, struct kvm_run *run);
 void tdx_handle_get_quote(X86CPU *cpu, struct kvm_run *run);
 void tdx_handle_get_tdvmcall_info(X86CPU *cpu, struct kvm_run *run);
+void tdx_handle_setup_event_notify_interrupt(X86CPU *cpu, struct kvm_run *run);
 
 #endif /* QEMU_I386_TDX_H */
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 234878c613f..fc58a23b30d 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -6182,6 +6182,9 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
         case TDVMCALL_GET_TD_VM_CALL_INFO:
             tdx_handle_get_tdvmcall_info(cpu, run);
             break;
+        case TDVMCALL_SETUP_EVENT_NOTIFY_INTERRUPT:
+            tdx_handle_setup_event_notify_interrupt(cpu, run);
+            break;
         }
         ret = 0;
         break;
diff --git a/target/i386/kvm/tdx-stub.c b/target/i386/kvm/tdx-stub.c
index 76fee49eff0..1f0e108a69e 100644
--- a/target/i386/kvm/tdx-stub.c
+++ b/target/i386/kvm/tdx-stub.c
@@ -26,3 +26,7 @@ void tdx_handle_get_quote(X86CPU *cpu, struct kvm_run *run)
 void tdx_handle_get_tdvmcall_info(X86CPU *cpu, struct kvm_run *run)
 {
 }
+
+void tdx_handle_setup_event_notify_interrupt(X86CPU *cpu, struct kvm_run *run)
+{
+}
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index 10dfb80d22e..fb31071dd81 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -28,10 +28,13 @@
 #include "cpu.h"
 #include "cpu-internal.h"
 #include "host-cpu.h"
+#include "hw/i386/apic_internal.h"
+#include "hw/i386/apic-msidef.h"
 #include "hw/i386/e820_memory_layout.h"
 #include "hw/i386/tdvf.h"
 #include "hw/i386/x86.h"
 #include "hw/i386/tdvf-hob.h"
+#include "hw/pci/msi.h"
 #include "kvm_i386.h"
 #include "tdx.h"
 #include "tdx-quote-generator.h"
@@ -1123,6 +1126,28 @@ int tdx_parse_tdvf(void *flash_ptr, int size)
     return tdvf_parse_metadata(&tdx_guest->tdvf, flash_ptr, size);
 }
 
+static void tdx_inject_interrupt(uint32_t apicid, uint32_t vector)
+{
+    int ret;
+
+    if (vector < 32 || vector > 255) {
+        return;
+    }
+
+    MSIMessage msg = {
+        .address = ((apicid & 0xff) << MSI_ADDR_DEST_ID_SHIFT) |
+                   (((uint64_t)apicid & 0xffffff00) << 32),
+        .data = vector | (APIC_DM_FIXED << MSI_DATA_DELIVERY_MODE_SHIFT),
+    };
+
+    ret = kvm_irqchip_send_msi(kvm_state, msg);
+    if (ret < 0) {
+        /* In this case, no better way to tell it to guest. Log it. */
+        error_report("TDX: injection interrupt %d failed, interrupt lost (%s).",
+                     vector, strerror(-ret));
+    }
+}
+
 static void tdx_get_quote_completion(TdxGenerateQuoteTask *task)
 {
     TdxGuest *tdx = task->opaque;
@@ -1154,6 +1179,9 @@ static void tdx_get_quote_completion(TdxGenerateQuoteTask *task)
         error_report("TDX: get-quote: failed to update GetQuote header.");
     }
 
+    tdx_inject_interrupt(tdx_guest->event_notify_apicid,
+                         tdx_guest->event_notify_vector);
+
     g_free(task->send_data);
     g_free(task->receive_buf);
     g_free(task);
@@ -1256,7 +1284,7 @@ out_free:
     g_free(task);
 }
 
-#define SUPPORTED_TDVMCALLINFO_1_R11    (0)
+#define SUPPORTED_TDVMCALLINFO_1_R11    (TDG_VP_VMCALL_SUBFUNC_SET_EVENT_NOTIFY_INTERRUPT)
 #define SUPPORTED_TDVMCALLINFO_1_R12    (0)
 
 void tdx_handle_get_tdvmcall_info(X86CPU *cpu, struct kvm_run *run)
@@ -1277,6 +1305,21 @@ void tdx_handle_get_tdvmcall_info(X86CPU *cpu, struct kvm_run *run)
     run->tdx.get_tdvmcall_info.ret = TDG_VP_VMCALL_SUCCESS;
 }
 
+void tdx_handle_setup_event_notify_interrupt(X86CPU *cpu, struct kvm_run *run)
+{
+    uint64_t vector = run->tdx.setup_event_notify.vector;
+
+    if (vector >= 32 && vector < 256) {
+        qemu_mutex_lock(&tdx_guest->lock);
+        tdx_guest->event_notify_vector = vector;
+        tdx_guest->event_notify_apicid = cpu->apic_id;
+        qemu_mutex_unlock(&tdx_guest->lock);
+        run->tdx.setup_event_notify.ret = TDG_VP_VMCALL_SUCCESS;
+    } else {
+        run->tdx.setup_event_notify.ret = TDG_VP_VMCALL_INVALID_OPERAND;
+    }
+}
+
 static void tdx_panicked_on_fatal_error(X86CPU *cpu, uint64_t error_code,
                                         char *message, uint64_t gpa)
 {
@@ -1477,6 +1520,9 @@ static void tdx_guest_init(Object *obj)
                             NULL, NULL);
 
     qemu_mutex_init(&tdx->lock);
+
+    tdx->event_notify_vector = -1;
+    tdx->event_notify_apicid = -1;
 }
 
 static void tdx_guest_finalize(Object *obj)
-- 
2.50.0
Re: [PULL 15/77] i386/tdx: handle TDVMCALL_SETUP_EVENT_NOTIFY_INTERRUPT
Posted by Peter Maydell 4 months ago 
On Mon, 14 Jul 2025 at 12:13, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> From: Xiaoyao Li <xiaoyao.li@intel.com>
>
> Record the interrupt vector and the apic id of the vcpu that calls
> TDVMCALL_SETUP_EVENT_NOTIFY_INTERRUPT.
>
> Inject the interrupt to TD guest to notify the completion of <GetQuote>
> when notify interrupt vector is valid.
>
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> Link: https://lore.kernel.org/r/20250703024021.3559286-5-xiaoyao.li@intel.com
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Hi; Coverity (CID 1612364) thinks the locking might not
be right in this code change (though it has a fairly
simple heuristic so it may be wrong):


> @@ -1154,6 +1179,9 @@ static void tdx_get_quote_completion(TdxGenerateQuoteTask *task)
>          error_report("TDX: get-quote: failed to update GetQuote header.");
>      }
>
> +    tdx_inject_interrupt(tdx_guest->event_notify_apicid,
> +                         tdx_guest->event_notify_vector);

In this function we access tdx_guest->event_notify_apicid
and event_notify_vector without taking any lock...

> +
>      g_free(task->send_data);
>      g_free(task->receive_buf);
>      g_free(task);

> +void tdx_handle_setup_event_notify_interrupt(X86CPU *cpu, struct kvm_run *run)
> +{
> +    uint64_t vector = run->tdx.setup_event_notify.vector;
> +
> +    if (vector >= 32 && vector < 256) {
> +        qemu_mutex_lock(&tdx_guest->lock);
> +        tdx_guest->event_notify_vector = vector;
> +        tdx_guest->event_notify_apicid = cpu->apic_id;
> +        qemu_mutex_unlock(&tdx_guest->lock);

...but here when we are setting those fields we take the
tdx_guest->lock.

Should we hold the tdx_guest->lock also when we read the
fields in tdx_get_quote_completion() ?

thanks
-- PMM
Re: [PULL 15/77] i386/tdx: handle TDVMCALL_SETUP_EVENT_NOTIFY_INTERRUPT
Posted by Xiaoyao Li 4 months ago 
On 7/17/2025 5:46 PM, Peter Maydell wrote:
> On Mon, 14 Jul 2025 at 12:13, Paolo Bonzini <pbonzini@redhat.com> wrote:
>>
>> From: Xiaoyao Li <xiaoyao.li@intel.com>
>>
>> Record the interrupt vector and the apic id of the vcpu that calls
>> TDVMCALL_SETUP_EVENT_NOTIFY_INTERRUPT.
>>
>> Inject the interrupt to TD guest to notify the completion of <GetQuote>
>> when notify interrupt vector is valid.
>>
>> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
>> Link: https://lore.kernel.org/r/20250703024021.3559286-5-xiaoyao.li@intel.com
>> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> 
> Hi; Coverity (CID 1612364) thinks the locking might not
> be right in this code change (though it has a fairly
> simple heuristic so it may be wrong):
> 
> 
>> @@ -1154,6 +1179,9 @@ static void tdx_get_quote_completion(TdxGenerateQuoteTask *task)
>>           error_report("TDX: get-quote: failed to update GetQuote header.");
>>       }
>>
>> +    tdx_inject_interrupt(tdx_guest->event_notify_apicid,
>> +                         tdx_guest->event_notify_vector);
> 
> In this function we access tdx_guest->event_notify_apicid
> and event_notify_vector without taking any lock...
> 
>> +
>>       g_free(task->send_data);
>>       g_free(task->receive_buf);
>>       g_free(task);
> 
>> +void tdx_handle_setup_event_notify_interrupt(X86CPU *cpu, struct kvm_run *run)
>> +{
>> +    uint64_t vector = run->tdx.setup_event_notify.vector;
>> +
>> +    if (vector >= 32 && vector < 256) {
>> +        qemu_mutex_lock(&tdx_guest->lock);
>> +        tdx_guest->event_notify_vector = vector;
>> +        tdx_guest->event_notify_apicid = cpu->apic_id;
>> +        qemu_mutex_unlock(&tdx_guest->lock);
> 
> ...but here when we are setting those fields we take the
> tdx_guest->lock.
> 
> Should we hold the tdx_guest->lock also when we read the
> fields in tdx_get_quote_completion() ?

yeah, I think we should.

I will send a patch to fix it. Thanks for reporting it!

> thanks
> -- PMM

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.