Introduce support for confidential guest reset (x86)

[PATCH v3 24/33] kvm/i8254: add support for confidential guest reset

Ani Sinha posted 33 patches 1 week, 6 days ago

Download mbox

Maintainers: Paolo Bonzini <pbonzini@redhat.com>, Eduardo Habkost <eduardo@habkost.net>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, "Philippe Mathieu-Daudé" <philmd@linaro.org>, Yanan Wang <wangyanan55@huawei.com>, Zhao Liu <zhao1.liu@intel.com>, "Maciej S. Szmigiero" <maciej.szmigiero@oracle.com>, Richard Henderson <richard.henderson@linaro.org>, "Michael S. Tsirkin" <mst@redhat.com>, David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>, Bernhard Beschow <shentey@gmail.com>, Alex Williamson <alex@shazbot.org>, "Cédric Le Goater" <clg@redhat.com>, Peter Xu <peterx@redhat.com>, Peter Maydell <peter.maydell@linaro.org>, Marcelo Tosatti <mtosatti@redhat.com>, Song Gao <gaosong@loongson.cn>, Huacai Chen <chenhuacai@kernel.org>, Aurelien Jarno <aurelien@aurel32.net>, Jiaxun Yang <jiaxun.yang@flygoat.com>, Aleksandar Rikalo <arikalo@gmail.com>, Nicholas Piggin <npiggin@gmail.com>, Harsh Prateek Bora <harshpb@linux.ibm.com>, Chinmay Rath <rathc@linux.ibm.com>, Palmer Dabbelt <palmer@dabbelt.com>, Alistair Francis <alistair.francis@wdc.com>, Weiwei Li <liwei1518@gmail.com>, Daniel Henrique Barboza <dbarboza@ventanamicro.com>, Liu Zhiwei <zhiwei_liu@linux.alibaba.com>, Halil Pasic <pasic@linux.ibm.com>, Christian Borntraeger <borntraeger@linux.ibm.com>, Eric Farman <farman@linux.ibm.com>, Matthew Rosato <mjrosato@linux.ibm.com>, Ilya Leoshkevich <iii@linux.ibm.com>, David Hildenbrand <david@kernel.org>, Thomas Huth <thuth@redhat.com>, Ani Sinha <anisinha@redhat.com>

Expand all Fold all

[PATCH v3 24/33] kvm/i8254: add support for confidential guest reset

Posted by Ani Sinha 1 week, 6 days ago

A confidential guest reset involves closing the old virtual machine KVM file
descriptor and opening a new one. Since its a new KVM fd, PIT needs to be
reinitialized again. This is done with the help of a notifier which is invoked
upon KVM vm file desciptor change during confidential guest reset process.

Signed-off-by: Ani Sinha <anisinha@redhat.com>
---
 hw/i386/kvm/i8254.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/hw/i386/kvm/i8254.c b/hw/i386/kvm/i8254.c
index 255047458a..a754de0c8d 100644
--- a/hw/i386/kvm/i8254.c
+++ b/hw/i386/kvm/i8254.c
@@ -52,6 +52,8 @@ struct KVMPITState {
     LostTickPolicy lost_tick_policy;
     bool vm_stopped;
     int64_t kernel_clock_offset;
+
+    NotifierWithReturn kvmpit_vmfd_change_notifier;
 };
 
 struct KVMPITClass {
@@ -203,6 +205,21 @@ static void kvm_pit_put(PITCommonState *pit)
     }
 }
 
+static int kvmpit_post_vmfd_change(NotifierWithReturn *notifier,
+                                   void *data, Error** errp)
+{
+    KVMPITState *s = container_of(notifier, KVMPITState,
+                                  kvmpit_vmfd_change_notifier);
+
+    /* we are not interested in pre vmfd change notification */
+    if (((VmfdChangeNotifier *)data)->pre) {
+        return 0;
+    }
+
+    do_pit_initialize(s, errp);
+    return 0;
+}
+
 static void kvm_pit_set_gate(PITCommonState *s, PITChannelState *sc, int val)
 {
     kvm_pit_get(s);
@@ -292,6 +309,9 @@ static void kvm_pit_realizefn(DeviceState *dev, Error **errp)
 
     qemu_add_vm_change_state_handler(kvm_pit_vm_state_change, s);
 
+    s->kvmpit_vmfd_change_notifier.notify = kvmpit_post_vmfd_change;
+    kvm_vmfd_add_change_notifier(&s->kvmpit_vmfd_change_notifier);
+
     kpc->parent_realize(dev, errp);
 }
 
-- 
2.42.0

Re: [PATCH v3 24/33] kvm/i8254: add support for confidential guest reset

Posted by Ani Sinha 1 day, 2 hours ago

On Tue, Jan 27, 2026 at 10:47 AM Ani Sinha <anisinha@redhat.com> wrote:
>
> A confidential guest reset involves closing the old virtual machine KVM file
> descriptor and opening a new one. Since its a new KVM fd, PIT needs to be
> reinitialized again. This is done with the help of a notifier which is invoked
> upon KVM vm file desciptor change during confidential guest reset process.
                                  ^^^^^^^^
will fix the above typo and also add a functional test to exercise the
changes in this patch for the next spin up.

>
> Signed-off-by: Ani Sinha <anisinha@redhat.com>
> ---
>  hw/i386/kvm/i8254.c | 20 ++++++++++++++++++++
>  1 file changed, 20 insertions(+)
>
> diff --git a/hw/i386/kvm/i8254.c b/hw/i386/kvm/i8254.c
> index 255047458a..a754de0c8d 100644
> --- a/hw/i386/kvm/i8254.c
> +++ b/hw/i386/kvm/i8254.c
> @@ -52,6 +52,8 @@ struct KVMPITState {
>      LostTickPolicy lost_tick_policy;
>      bool vm_stopped;
>      int64_t kernel_clock_offset;
> +
> +    NotifierWithReturn kvmpit_vmfd_change_notifier;
>  };
>
>  struct KVMPITClass {
> @@ -203,6 +205,21 @@ static void kvm_pit_put(PITCommonState *pit)
>      }
>  }
>
> +static int kvmpit_post_vmfd_change(NotifierWithReturn *notifier,
> +                                   void *data, Error** errp)
> +{
> +    KVMPITState *s = container_of(notifier, KVMPITState,
> +                                  kvmpit_vmfd_change_notifier);
> +
> +    /* we are not interested in pre vmfd change notification */
> +    if (((VmfdChangeNotifier *)data)->pre) {
> +        return 0;
> +    }
> +
> +    do_pit_initialize(s, errp);
> +    return 0;
> +}
> +
>  static void kvm_pit_set_gate(PITCommonState *s, PITChannelState *sc, int val)
>  {
>      kvm_pit_get(s);
> @@ -292,6 +309,9 @@ static void kvm_pit_realizefn(DeviceState *dev, Error **errp)
>
>      qemu_add_vm_change_state_handler(kvm_pit_vm_state_change, s);
>
> +    s->kvmpit_vmfd_change_notifier.notify = kvmpit_post_vmfd_change;
> +    kvm_vmfd_add_change_notifier(&s->kvmpit_vmfd_change_notifier);
> +
>      kpc->parent_realize(dev, errp);
>  }
>
> --
> 2.42.0
>