Introduce support for confidential guest reset (x86)

[PATCH v3 25/33] hw/hyperv/vmbus: add support for confidential guest reset

Posted by Ani Sinha 1 week, 6 days ago

On confidential guests when the KVM virtual machine file descriptor changes as
a part of the reset process, event file descriptors needs to be reassociated
with the new KVM VM file descriptor. This is achieved with the help of a
callback handler that gets called when KVM VM file descriptor changes during
the confidential guest reset process.

This patch is untested on confidential guests and only exists for completeness.

Signed-off-by: Ani Sinha <anisinha@redhat.com>
---
 hw/hyperv/vmbus.c | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/hw/hyperv/vmbus.c b/hw/hyperv/vmbus.c
index c5bab5d245..ff1b6f805c 100644
--- a/hw/hyperv/vmbus.c
+++ b/hw/hyperv/vmbus.c
@@ -20,6 +20,7 @@
 #include "hw/hyperv/vmbus-bridge.h"
 #include "hw/core/sysbus.h"
 #include "exec/cpu-common.h"
+#include "system/kvm.h"
 #include "exec/target_page.h"
 #include "trace.h"
 
@@ -248,6 +249,12 @@ struct VMBus {
      * interrupt page
      */
     EventNotifier notifier;
+
+    /*
+     * Notifier to inform when vmfd is changed as a part of confidential guest
+     * reset mechanism.
+     */
+    NotifierWithReturn vmbus_vmfd_change_notifier;
 };
 
 static bool gpadl_full(VMBusGpadl *gpadl)
@@ -2347,6 +2354,32 @@ static void vmbus_dev_unrealize(DeviceState *dev)
     free_channels(vdev);
 }
 
+/*
+ * If the KVM fd changes because of VM reset in confidential guests,
+ * reassociate event fd with the new KVM fd.
+ */
+static int vmbus_handle_vmfd_change(NotifierWithReturn *notifier,
+                                    void *data, Error** errp)
+{
+    VMBus *vmbus = container_of(notifier, VMBus,
+                                vmbus_vmfd_change_notifier);
+    int ret = 0;
+
+    /* we are not interested in pre vmfd change notification */
+    if (((VmfdChangeNotifier *)data)->pre) {
+        return 0;
+    }
+
+    ret = hyperv_set_event_flag_handler(VMBUS_EVENT_CONNECTION_ID,
+                                            &vmbus->notifier);
+    /* if we are only using userland event handler, it may already exist */
+    if (ret != 0 && ret != -EEXIST) {
+        error_setg(errp, "hyperv set event handler failed with %d", ret);
+    }
+
+    return ret;
+}
+
 static const Property vmbus_dev_props[] = {
     DEFINE_PROP_UUID("instanceid", VMBusDevice, instanceid),
 };
@@ -2429,6 +2462,9 @@ static void vmbus_realize(BusState *bus, Error **errp)
         goto clear_event_notifier;
     }
 
+    vmbus->vmbus_vmfd_change_notifier.notify = vmbus_handle_vmfd_change;
+    kvm_vmfd_add_change_notifier(&vmbus->vmbus_vmfd_change_notifier);
+
     return;
 
 clear_event_notifier:
-- 
2.42.0

Re: [PATCH v3 25/33] hw/hyperv/vmbus: add support for confidential guest reset

Posted by Ani Sinha 23 hours ago

On Tue, Jan 27, 2026 at 10:47 AM Ani Sinha <anisinha@redhat.com> wrote:
>
> On confidential guests when the KVM virtual machine file descriptor changes as
> a part of the reset process, event file descriptors needs to be reassociated
> with the new KVM VM file descriptor. This is achieved with the help of a
> callback handler that gets called when KVM VM file descriptor changes during
> the confidential guest reset process.
>
> This patch is untested on confidential guests and only exists for completeness.

I have been able to exercise this code in a non-coco environment and
also will add a functional test for it in the next spin-up. So I will
adjust this comment to reflect that the code has been exercised/tested
in non-coco and will keep the change.

>
> Signed-off-by: Ani Sinha <anisinha@redhat.com>
> ---
>  hw/hyperv/vmbus.c | 36 ++++++++++++++++++++++++++++++++++++
>  1 file changed, 36 insertions(+)
>
> diff --git a/hw/hyperv/vmbus.c b/hw/hyperv/vmbus.c
> index c5bab5d245..ff1b6f805c 100644
> --- a/hw/hyperv/vmbus.c
> +++ b/hw/hyperv/vmbus.c
> @@ -20,6 +20,7 @@
>  #include "hw/hyperv/vmbus-bridge.h"
>  #include "hw/core/sysbus.h"
>  #include "exec/cpu-common.h"
> +#include "system/kvm.h"
>  #include "exec/target_page.h"
>  #include "trace.h"
>
> @@ -248,6 +249,12 @@ struct VMBus {
>       * interrupt page
>       */
>      EventNotifier notifier;
> +
> +    /*
> +     * Notifier to inform when vmfd is changed as a part of confidential guest
> +     * reset mechanism.
> +     */
> +    NotifierWithReturn vmbus_vmfd_change_notifier;
>  };
>
>  static bool gpadl_full(VMBusGpadl *gpadl)
> @@ -2347,6 +2354,32 @@ static void vmbus_dev_unrealize(DeviceState *dev)
>      free_channels(vdev);
>  }
>
> +/*
> + * If the KVM fd changes because of VM reset in confidential guests,
> + * reassociate event fd with the new KVM fd.
> + */
> +static int vmbus_handle_vmfd_change(NotifierWithReturn *notifier,
> +                                    void *data, Error** errp)
> +{
> +    VMBus *vmbus = container_of(notifier, VMBus,
> +                                vmbus_vmfd_change_notifier);
> +    int ret = 0;
> +
> +    /* we are not interested in pre vmfd change notification */
> +    if (((VmfdChangeNotifier *)data)->pre) {
> +        return 0;
> +    }
> +
> +    ret = hyperv_set_event_flag_handler(VMBUS_EVENT_CONNECTION_ID,
> +                                            &vmbus->notifier);
> +    /* if we are only using userland event handler, it may already exist */
> +    if (ret != 0 && ret != -EEXIST) {
> +        error_setg(errp, "hyperv set event handler failed with %d", ret);
> +    }
> +
> +    return ret;
> +}
> +
>  static const Property vmbus_dev_props[] = {
>      DEFINE_PROP_UUID("instanceid", VMBusDevice, instanceid),
>  };
> @@ -2429,6 +2462,9 @@ static void vmbus_realize(BusState *bus, Error **errp)
>          goto clear_event_notifier;
>      }
>
> +    vmbus->vmbus_vmfd_change_notifier.notify = vmbus_handle_vmfd_change;
> +    kvm_vmfd_add_change_notifier(&vmbus->vmbus_vmfd_change_notifier);
> +
>      return;
>
>  clear_event_notifier:
> --
> 2.42.0
>