Introduce support for confidential guest reset (x86)

[PATCH v3 12/33] hw/i386: export a new function x86_bios_rom_reload

Ani Sinha posted 33 patches 1 week, 6 days ago

Download mbox

Maintainers: Paolo Bonzini <pbonzini@redhat.com>, Eduardo Habkost <eduardo@habkost.net>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, "Philippe Mathieu-Daudé" <philmd@linaro.org>, Yanan Wang <wangyanan55@huawei.com>, Zhao Liu <zhao1.liu@intel.com>, "Maciej S. Szmigiero" <maciej.szmigiero@oracle.com>, Richard Henderson <richard.henderson@linaro.org>, "Michael S. Tsirkin" <mst@redhat.com>, David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>, Bernhard Beschow <shentey@gmail.com>, Alex Williamson <alex@shazbot.org>, "Cédric Le Goater" <clg@redhat.com>, Peter Xu <peterx@redhat.com>, Peter Maydell <peter.maydell@linaro.org>, Marcelo Tosatti <mtosatti@redhat.com>, Song Gao <gaosong@loongson.cn>, Huacai Chen <chenhuacai@kernel.org>, Aurelien Jarno <aurelien@aurel32.net>, Jiaxun Yang <jiaxun.yang@flygoat.com>, Aleksandar Rikalo <arikalo@gmail.com>, Nicholas Piggin <npiggin@gmail.com>, Harsh Prateek Bora <harshpb@linux.ibm.com>, Chinmay Rath <rathc@linux.ibm.com>, Palmer Dabbelt <palmer@dabbelt.com>, Alistair Francis <alistair.francis@wdc.com>, Weiwei Li <liwei1518@gmail.com>, Daniel Henrique Barboza <dbarboza@ventanamicro.com>, Liu Zhiwei <zhiwei_liu@linux.alibaba.com>, Halil Pasic <pasic@linux.ibm.com>, Christian Borntraeger <borntraeger@linux.ibm.com>, Eric Farman <farman@linux.ibm.com>, Matthew Rosato <mjrosato@linux.ibm.com>, Ilya Leoshkevich <iii@linux.ibm.com>, David Hildenbrand <david@kernel.org>, Thomas Huth <thuth@redhat.com>, Ani Sinha <anisinha@redhat.com>

Expand all Fold all

[PATCH v3 12/33] hw/i386: export a new function x86_bios_rom_reload

Posted by Ani Sinha 1 week, 6 days ago

Confidential guest smust reload their bios rom upon reset. This is because
bios memory is encrypted and upon reset, the contents of the old bios memory
is lost and cannot be re-used. To this end, export a new x86 function
x86_bios_rom_reload() to reload the bios again. This function will be used in
the subsequent patches.

Signed-off-by: Ani Sinha <anisinha@redhat.com>
---
 hw/i386/x86-common.c  | 21 +++++++++++++++++++++
 include/hw/i386/x86.h |  1 +
 2 files changed, 22 insertions(+)

diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
index 4469b4e152..c0a540495e 100644
--- a/hw/i386/x86-common.c
+++ b/hw/i386/x86-common.c
@@ -1089,6 +1089,27 @@ static void load_bios_from_file(X86MachineState *x86ms, const char *bios_name,
     exit(1);
 }
 
+void x86_bios_rom_reload(X86MachineState *x86ms)
+{
+    int bios_size;
+    const char *bios_name;
+    char *filename;
+
+    if (!x86ms->bios.addr) {
+        /* if -bios is not used */
+        return;
+    }
+
+    bios_name = MACHINE(x86ms)->firmware ?: "bios.bin";
+    filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+
+    bios_size = get_bios_size(x86ms, bios_name, filename);
+
+    void *ptr = memory_region_get_ram_ptr(&x86ms->bios);
+    load_image_size(filename, ptr, bios_size);
+    x86_firmware_configure(0x100000000ULL - bios_size, ptr, bios_size);
+}
+
 void x86_bios_rom_init(X86MachineState *x86ms, const char *default_firmware,
                        MemoryRegion *rom_memory, bool isapc_ram_fw)
 {
diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h
index bfdf97640d..5bb052cd67 100644
--- a/include/hw/i386/x86.h
+++ b/include/hw/i386/x86.h
@@ -122,6 +122,7 @@ void x86_cpu_unplug_request_cb(HotplugHandler *hotplug_dev,
                                DeviceState *dev, Error **errp);
 void x86_cpu_unplug_cb(HotplugHandler *hotplug_dev,
                        DeviceState *dev, Error **errp);
+void x86_bios_rom_reload(X86MachineState *x86ms);
 void x86_isa_bios_init(MemoryRegion *isa_bios, MemoryRegion *isa_memory,
                        MemoryRegion *bios, bool read_only);
 void x86_bios_rom_init(X86MachineState *x86ms, const char *default_firmware,
-- 
2.42.0

Re: [PATCH v3 12/33] hw/i386: export a new function x86_bios_rom_reload

Posted by Bernhard Beschow 1 week, 6 days ago


Am 27. Januar 2026 05:15:40 UTC schrieb Ani Sinha <anisinha@redhat.com>:
>Confidential guest smust reload their bios rom upon reset. This is because
>bios memory is encrypted and upon reset, the contents of the old bios memory
>is lost and cannot be re-used. To this end, export a new x86 function
>x86_bios_rom_reload() to reload the bios again. This function will be used in
>the subsequent patches.
>
>Signed-off-by: Ani Sinha <anisinha@redhat.com>
>---
> hw/i386/x86-common.c  | 21 +++++++++++++++++++++
> include/hw/i386/x86.h |  1 +
> 2 files changed, 22 insertions(+)
>
>diff --git a/hw/i386/x86-common.c b/hw/i386/x86-common.c
>index 4469b4e152..c0a540495e 100644
>--- a/hw/i386/x86-common.c
>+++ b/hw/i386/x86-common.c
>@@ -1089,6 +1089,27 @@ static void load_bios_from_file(X86MachineState *x86ms, const char *bios_name,
>     exit(1);
> }
> 
>+void x86_bios_rom_reload(X86MachineState *x86ms)
>+{
>+    int bios_size;
>+    const char *bios_name;
>+    char *filename;
>+
>+    if (!x86ms->bios.addr) {

Could we use memory_region_size() here instead to rely only on public API? AFAIU .addr is a private field.

>+        /* if -bios is not used */
>+        return;
>+    }
>+
>+    bios_name = MACHINE(x86ms)->firmware ?: "bios.bin";
>+    filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
>+
>+    bios_size = get_bios_size(x86ms, bios_name, filename);
>+
>+    void *ptr = memory_region_get_ram_ptr(&x86ms->bios);
>+    load_image_size(filename, ptr, bios_size);
>+    x86_firmware_configure(0x100000000ULL - bios_size, ptr, bios_size);
>+}
>+
> void x86_bios_rom_init(X86MachineState *x86ms, const char *default_firmware,
>                        MemoryRegion *rom_memory, bool isapc_ram_fw)
> {
>diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h
>index bfdf97640d..5bb052cd67 100644
>--- a/include/hw/i386/x86.h
>+++ b/include/hw/i386/x86.h
>@@ -122,6 +122,7 @@ void x86_cpu_unplug_request_cb(HotplugHandler *hotplug_dev,
>                                DeviceState *dev, Error **errp);
> void x86_cpu_unplug_cb(HotplugHandler *hotplug_dev,
>                        DeviceState *dev, Error **errp);
>+void x86_bios_rom_reload(X86MachineState *x86ms);

Yes, this looks much cleaner!

To preserve the logic grouping I'd keep the blank line here from my comment in the previous patch. Additionally, I'd move the declaration after x86_bios_rom_init() to also communicate the order in which the functions are intended to be used.

With the above considered and the declaration moved the code seems comprehensible to me, so:

Reviewed-by: Bernhard Beschow <shentey@gmail.com>

> void x86_isa_bios_init(MemoryRegion *isa_bios, MemoryRegion *isa_memory,
>                        MemoryRegion *bios, bool read_only);
> void x86_bios_rom_init(X86MachineState *x86ms, const char *default_firmware,