[v3] igvm: Supply MADT via IGVM parameter

[PATCH v3 0/6] igvm: Supply MADT via IGVM parameter

Posted by Oliver Steffen 4 weeks ago

When launching using an IGVM file, supply a copy of the MADT (part of the ACPI
tables) via an IGVM parameter (IGVM_VHY_MADT) to the guest, in addition to the
regular fw_cfg mechanism.

The IGVM parameter can be consumed by Coconut SVSM [1], instead of relying on
the fw_cfg interface, which has caused problems before due to unexpected access
[2,3]. Using IGVM parameters is the default way for Coconut SVSM; switching
over would allow removing specialized code paths for QEMU in Coconut.

In any case OVMF, which runs after SVSM has already been initialized, will
continue reading all ACPI tables via fw_cfg and provide fixed up ACPI data to
the OS as before.

This series makes ACPI table building more generic by making the BIOS linker
optional. This allows the MADT to be generated outside of the ACPI build
context. A new function (acpi_build_madt_standalone()) is added for that. With
that, the IGVM MADT parameter field can be filled with the MADT data during
processing of the IGVM file.

Generating the MADT twice (IGVM processing and ACPI table building) seems
acceptable, since there is no infrastructure to obtain the MADT out of the ACPI
table memory area during IGVM processing.

[1] https://github.com/coconut-svsm/svsm/pull/858
[2] https://gitlab.com/qemu-project/qemu/-/issues/2882
[3] https://github.com/coconut-svsm/svsm/issues/646

v3:
- Pass the machine state into IGVM file processing context instead of MADT data
- Generate MADT from inside the IGVM backend
- Refactor: Extract common code for finding IGVM parameter from IGVM parameter handlers
- Add NULL pointer check for igvm_get_buffer()

v2:
- Provide more context in the message of the main commit
- Document the madt parameter of IgvmCfgClass::process()
- Document why no MADT data is provided the process call in sev.c

Based-on: <20251118122133.1695767-1-kraxel@redhat.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>

Oliver Steffen (6):
  hw/acpi: Make BIOS linker optional
  hw/acpi: Add standalone function to build MADT
  igvm: Add missing NULL check
  igvm: Add common function for finding parameter entries
  igvm: Pass machine state to IGVM file processing
  igvm: Fill MADT IGVM parameter field

 backends/igvm-cfg.c       |   2 +-
 backends/igvm.c           | 169 +++++++++++++++++++++++++-------------
 hw/acpi/aml-build.c       |   7 +-
 hw/i386/acpi-build.c      |   8 ++
 hw/i386/acpi-build.h      |   2 +
 include/system/igvm-cfg.h |   3 +-
 include/system/igvm.h     |   3 +-
 target/i386/sev.c         |   2 +-
 8 files changed, 132 insertions(+), 64 deletions(-)

-- 
2.52.0

Re: [PATCH v3 0/6] igvm: Supply MADT via IGVM parameter

Posted by Igor Mammedov 3 weeks, 4 days ago

On Fri,  9 Jan 2026 15:34:07 +0100
Oliver Steffen <osteffen@redhat.com> wrote:

> When launching using an IGVM file, supply a copy of the MADT (part of the ACPI
> tables) via an IGVM parameter (IGVM_VHY_MADT) to the guest, in addition to the
> regular fw_cfg mechanism.

I've had some questions wrt using MADT in previous version,
and possible ways to avoid issues.
not of those where addressed though.

So questions stay the same, see:
https://patchew.org/QEMU/20251211103136.1578463-1-osteffen@redhat.com/#20251219140933.7b102fc5@imammedo

> 
> The IGVM parameter can be consumed by Coconut SVSM [1], instead of relying on
> the fw_cfg interface, which has caused problems before due to unexpected access
> [2,3]. Using IGVM parameters is the default way for Coconut SVSM; switching
> over would allow removing specialized code paths for QEMU in Coconut.
> 
> In any case OVMF, which runs after SVSM has already been initialized, will
> continue reading all ACPI tables via fw_cfg and provide fixed up ACPI data to
> the OS as before.
> 
> This series makes ACPI table building more generic by making the BIOS linker
> optional. This allows the MADT to be generated outside of the ACPI build
> context. A new function (acpi_build_madt_standalone()) is added for that. With
> that, the IGVM MADT parameter field can be filled with the MADT data during
> processing of the IGVM file.
> 
> Generating the MADT twice (IGVM processing and ACPI table building) seems
> acceptable, since there is no infrastructure to obtain the MADT out of the ACPI
> table memory area during IGVM processing.
> 
> [1] https://github.com/coconut-svsm/svsm/pull/858
> [2] https://gitlab.com/qemu-project/qemu/-/issues/2882
> [3] https://github.com/coconut-svsm/svsm/issues/646
> 
> v3:
> - Pass the machine state into IGVM file processing context instead of MADT data
> - Generate MADT from inside the IGVM backend
> - Refactor: Extract common code for finding IGVM parameter from IGVM parameter handlers
> - Add NULL pointer check for igvm_get_buffer()
> 
> v2:
> - Provide more context in the message of the main commit
> - Document the madt parameter of IgvmCfgClass::process()
> - Document why no MADT data is provided the process call in sev.c
> 
> Based-on: <20251118122133.1695767-1-kraxel@redhat.com>
> Signed-off-by: Oliver Steffen <osteffen@redhat.com>
> 
> Oliver Steffen (6):
>   hw/acpi: Make BIOS linker optional
>   hw/acpi: Add standalone function to build MADT
>   igvm: Add missing NULL check
>   igvm: Add common function for finding parameter entries
>   igvm: Pass machine state to IGVM file processing
>   igvm: Fill MADT IGVM parameter field
> 
>  backends/igvm-cfg.c       |   2 +-
>  backends/igvm.c           | 169 +++++++++++++++++++++++++-------------
>  hw/acpi/aml-build.c       |   7 +-
>  hw/i386/acpi-build.c      |   8 ++
>  hw/i386/acpi-build.h      |   2 +
>  include/system/igvm-cfg.h |   3 +-
>  include/system/igvm.h     |   3 +-
>  target/i386/sev.c         |   2 +-
>  8 files changed, 132 insertions(+), 64 deletions(-)
>