| Message ID | 20220317135913.2166202-9-xiaoyao.li@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | TDX QEMU support | expand |
On Thu, Mar 17, 2022 at 09:58:45PM +0800, Xiaoyao Li <xiaoyao.li@intel.com> wrote: > For TDX, the allowable CPUID configuration differs from what KVM > reports for KVM scope via KVM_GET_SUPPORTED_CPUID. > > - Some CPUID bits are not supported for TDX VM while KVM reports the > support. Mask them off for TDX VM. e.g., CPUID_EXT_VMX, some PV > featues. > > - The supported XCR0 and XSS bits needs to be caped by tdx_caps, because > KVM uses them to setup XFAM of TD. > > Introduce tdx_get_supported_cpuid() to adjust the > kvm_arch_get_supported_cpuid() for TDX VM. > > Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com> > --- > target/i386/cpu.h | 5 +++++ > target/i386/kvm/kvm.c | 4 ++++ > target/i386/kvm/tdx.c | 39 +++++++++++++++++++++++++++++++++++++++ > target/i386/kvm/tdx.h | 2 ++ > 4 files changed, 50 insertions(+) > > diff --git a/target/i386/cpu.h b/target/i386/cpu.h > index 5e406088a91a..7fa30f4ed7db 100644 > --- a/target/i386/cpu.h > +++ b/target/i386/cpu.h > @@ -566,6 +566,11 @@ typedef enum X86Seg { > #define ESA_FEATURE_XFD_MASK (1U << ESA_FEATURE_XFD_BIT) > > > +#define XCR0_MASK (XSTATE_FP_MASK | XSTATE_SSE_MASK | XSTATE_YMM_MASK | \ > + XSTATE_BNDREGS_MASK | XSTATE_BNDCSR_MASK | \ > + XSTATE_OPMASK_MASK | XSTATE_ZMM_Hi256_MASK | \ > + XSTATE_Hi16_ZMM_MASK | XSTATE_PKRU_MASK) > + > /* CPUID feature words */ > typedef enum FeatureWord { > FEAT_1_EDX, /* CPUID[1].EDX */ > diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c > index 26ed5faf07b8..ddbe8f64fadb 100644 > --- a/target/i386/kvm/kvm.c > +++ b/target/i386/kvm/kvm.c > @@ -486,6 +486,10 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function, > ret |= 1U << KVM_HINTS_REALTIME; > } > > + if (is_tdx_vm()) { > + tdx_get_supported_cpuid(function, index, reg, &ret); > + } > + > return ret; > } > > diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c > index 846511b299f4..e4ee55f30c79 100644 > --- a/target/i386/kvm/tdx.c > +++ b/target/i386/kvm/tdx.c > @@ -14,6 +14,7 @@ > #include "qemu/osdep.h" > #include "qapi/error.h" > #include "qom/object_interfaces.h" > +#include "standard-headers/asm-x86/kvm_para.h" > #include "sysemu/kvm.h" > > #include "hw/i386/x86.h" > @@ -110,6 +111,44 @@ int tdx_kvm_init(MachineState *ms, Error **errp) > return 0; > } > > +void tdx_get_supported_cpuid(uint32_t function, uint32_t index, int reg, > + uint32_t *ret) > +{ > + switch (function) { > + case 1: > + if (reg == R_ECX) { > + *ret &= ~CPUID_EXT_VMX; > + } > + break; > + case 0xd: > + if (index == 0) { > + if (reg == R_EAX) { > + *ret &= (uint32_t)tdx_caps->xfam_fixed0 & XCR0_MASK; > + *ret |= (uint32_t)tdx_caps->xfam_fixed1 & XCR0_MASK; > + } else if (reg == R_EDX) { > + *ret &= (tdx_caps->xfam_fixed0 & XCR0_MASK) >> 32; > + *ret |= (tdx_caps->xfam_fixed1 & XCR0_MASK) >> 32; > + } > + } else if (index == 1) { > + /* TODO: Adjust XSS when it's supported. */ > + } > + break; > + case KVM_CPUID_FEATURES: > + if (reg == R_EAX) { > + *ret &= ~((1ULL << KVM_FEATURE_CLOCKSOURCE) | > + (1ULL << KVM_FEATURE_CLOCKSOURCE2) | > + (1ULL << KVM_FEATURE_CLOCKSOURCE_STABLE_BIT) | > + (1ULL << KVM_FEATURE_ASYNC_PF) | > + (1ULL << KVM_FEATURE_ASYNC_PF_VMEXIT) | > + (1ULL << KVM_FEATURE_ASYNC_PF_INT)); Because new feature bit may be introduced in future (it's unlikely though), *ret &= (supported_bits) is better than *ret &= ~(unsupported_bits) Thanks, > + } > + break; > + default: > + /* TODO: Use tdx_caps to adjust CPUID leafs. */ > + break; > + } > +} > + > /* tdx guest */ > OBJECT_DEFINE_TYPE_WITH_INTERFACES(TdxGuest, > tdx_guest, > diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h > index 4036ca2f3f99..06599b65b827 100644 > --- a/target/i386/kvm/tdx.h > +++ b/target/i386/kvm/tdx.h > @@ -27,5 +27,7 @@ bool is_tdx_vm(void); > #endif /* CONFIG_TDX */ > > int tdx_kvm_init(MachineState *ms, Error **errp); > +void tdx_get_supported_cpuid(uint32_t function, uint32_t index, int reg, > + uint32_t *ret); > > #endif /* QEMU_I386_TDX_H */ > -- > 2.27.0 > >
On 3/19/2022 12:55 AM, Isaku Yamahata wrote: > On Thu, Mar 17, 2022 at 09:58:45PM +0800, > Xiaoyao Li <xiaoyao.li@intel.com> wrote: ... >> +void tdx_get_supported_cpuid(uint32_t function, uint32_t index, int reg, >> + uint32_t *ret) >> +{ >> + switch (function) { >> + case 1: >> + if (reg == R_ECX) { >> + *ret &= ~CPUID_EXT_VMX; >> + } >> + break; >> + case 0xd: >> + if (index == 0) { >> + if (reg == R_EAX) { >> + *ret &= (uint32_t)tdx_caps->xfam_fixed0 & XCR0_MASK; >> + *ret |= (uint32_t)tdx_caps->xfam_fixed1 & XCR0_MASK; >> + } else if (reg == R_EDX) { >> + *ret &= (tdx_caps->xfam_fixed0 & XCR0_MASK) >> 32; >> + *ret |= (tdx_caps->xfam_fixed1 & XCR0_MASK) >> 32; >> + } >> + } else if (index == 1) { >> + /* TODO: Adjust XSS when it's supported. */ >> + } >> + break; >> + case KVM_CPUID_FEATURES: >> + if (reg == R_EAX) { >> + *ret &= ~((1ULL << KVM_FEATURE_CLOCKSOURCE) | >> + (1ULL << KVM_FEATURE_CLOCKSOURCE2) | >> + (1ULL << KVM_FEATURE_CLOCKSOURCE_STABLE_BIT) | >> + (1ULL << KVM_FEATURE_ASYNC_PF) | >> + (1ULL << KVM_FEATURE_ASYNC_PF_VMEXIT) | >> + (1ULL << KVM_FEATURE_ASYNC_PF_INT)); > > Because new feature bit may be introduced in future (it's unlikely though), > *ret &= (supported_bits) is better than *ret &= ~(unsupported_bits) > Good point, I will introduce supported_kvm_features for it.
diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 5e406088a91a..7fa30f4ed7db 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -566,6 +566,11 @@ typedef enum X86Seg { #define ESA_FEATURE_XFD_MASK (1U << ESA_FEATURE_XFD_BIT) +#define XCR0_MASK (XSTATE_FP_MASK | XSTATE_SSE_MASK | XSTATE_YMM_MASK | \ + XSTATE_BNDREGS_MASK | XSTATE_BNDCSR_MASK | \ + XSTATE_OPMASK_MASK | XSTATE_ZMM_Hi256_MASK | \ + XSTATE_Hi16_ZMM_MASK | XSTATE_PKRU_MASK) + /* CPUID feature words */ typedef enum FeatureWord { FEAT_1_EDX, /* CPUID[1].EDX */ diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 26ed5faf07b8..ddbe8f64fadb 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -486,6 +486,10 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function, ret |= 1U << KVM_HINTS_REALTIME; } + if (is_tdx_vm()) { + tdx_get_supported_cpuid(function, index, reg, &ret); + } + return ret; } diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c index 846511b299f4..e4ee55f30c79 100644 --- a/target/i386/kvm/tdx.c +++ b/target/i386/kvm/tdx.c @@ -14,6 +14,7 @@ #include "qemu/osdep.h" #include "qapi/error.h" #include "qom/object_interfaces.h" +#include "standard-headers/asm-x86/kvm_para.h" #include "sysemu/kvm.h" #include "hw/i386/x86.h" @@ -110,6 +111,44 @@ int tdx_kvm_init(MachineState *ms, Error **errp) return 0; } +void tdx_get_supported_cpuid(uint32_t function, uint32_t index, int reg, + uint32_t *ret) +{ + switch (function) { + case 1: + if (reg == R_ECX) { + *ret &= ~CPUID_EXT_VMX; + } + break; + case 0xd: + if (index == 0) { + if (reg == R_EAX) { + *ret &= (uint32_t)tdx_caps->xfam_fixed0 & XCR0_MASK; + *ret |= (uint32_t)tdx_caps->xfam_fixed1 & XCR0_MASK; + } else if (reg == R_EDX) { + *ret &= (tdx_caps->xfam_fixed0 & XCR0_MASK) >> 32; + *ret |= (tdx_caps->xfam_fixed1 & XCR0_MASK) >> 32; + } + } else if (index == 1) { + /* TODO: Adjust XSS when it's supported. */ + } + break; + case KVM_CPUID_FEATURES: + if (reg == R_EAX) { + *ret &= ~((1ULL << KVM_FEATURE_CLOCKSOURCE) | + (1ULL << KVM_FEATURE_CLOCKSOURCE2) | + (1ULL << KVM_FEATURE_CLOCKSOURCE_STABLE_BIT) | + (1ULL << KVM_FEATURE_ASYNC_PF) | + (1ULL << KVM_FEATURE_ASYNC_PF_VMEXIT) | + (1ULL << KVM_FEATURE_ASYNC_PF_INT)); + } + break; + default: + /* TODO: Use tdx_caps to adjust CPUID leafs. */ + break; + } +} + /* tdx guest */ OBJECT_DEFINE_TYPE_WITH_INTERFACES(TdxGuest, tdx_guest, diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h index 4036ca2f3f99..06599b65b827 100644 --- a/target/i386/kvm/tdx.h +++ b/target/i386/kvm/tdx.h @@ -27,5 +27,7 @@ bool is_tdx_vm(void); #endif /* CONFIG_TDX */ int tdx_kvm_init(MachineState *ms, Error **errp); +void tdx_get_supported_cpuid(uint32_t function, uint32_t index, int reg, + uint32_t *ret); #endif /* QEMU_I386_TDX_H */
For TDX, the allowable CPUID configuration differs from what KVM reports for KVM scope via KVM_GET_SUPPORTED_CPUID. - Some CPUID bits are not supported for TDX VM while KVM reports the support. Mask them off for TDX VM. e.g., CPUID_EXT_VMX, some PV featues. - The supported XCR0 and XSS bits needs to be caped by tdx_caps, because KVM uses them to setup XFAM of TD. Introduce tdx_get_supported_cpuid() to adjust the kvm_arch_get_supported_cpuid() for TDX VM. Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com> --- target/i386/cpu.h | 5 +++++ target/i386/kvm/kvm.c | 4 ++++ target/i386/kvm/tdx.c | 39 +++++++++++++++++++++++++++++++++++++++ target/i386/kvm/tdx.h | 2 ++ 4 files changed, 50 insertions(+)