| Message ID | f3f4667c5aa7729c1bb2b28a596dabbd42482d56.1723560001.git.roy.hopkins@suse.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Introduce support for IGVM files | expand |
On Tue, Aug 13, 2024 at 04:01:06PM GMT, Roy Hopkins wrote: >An IGVM file contains configuration of guest state that should be >applied during configuration of the guest, before the guest is started. > >This patch allows the user to add an igvm-cfg object to an X86 machine >configuration that allows an IGVM file to be configured that will be >applied to the guest before it is started. > >If an IGVM configuration is provided then the IGVM file is processed at >the end of the board initialization, before the state transition to >PHASE_MACHINE_INITIALIZED. > >Signed-off-by: Roy Hopkins <roy.hopkins@suse.com> >Reviewed-by: Michael S. Tsirkin <mst@redhat.com> >--- > hw/i386/pc.c | 12 ++++++++++++ > hw/i386/pc_piix.c | 10 ++++++++++ > hw/i386/pc_q35.c | 10 ++++++++++ > include/hw/i386/x86.h | 3 +++ > qemu-options.hx | 25 +++++++++++++++++++++++++ > 5 files changed, 60 insertions(+) > >diff --git a/hw/i386/pc.c b/hw/i386/pc.c >index c74931d577..30bbe05e3e 100644 >--- a/hw/i386/pc.c >+++ b/hw/i386/pc.c >@@ -1827,6 +1827,18 @@ static void pc_machine_class_init(ObjectClass *oc, void *data) > object_class_property_add_bool(oc, "fd-bootchk", > pc_machine_get_fd_bootchk, > pc_machine_set_fd_bootchk); >+ >+#if defined(CONFIG_IGVM) >+ object_class_property_add_link(oc, "igvm-cfg", >+ TYPE_IGVM_CFG, >+ offsetof(X86MachineState, igvm), >+ object_property_allow_set_link, >+ OBJ_PROP_LINK_STRONG); >+ object_class_property_set_description(oc, "igvm-cfg", >+ "Set IGVM configuration"); >+#endif >+ >+ > } > > static const TypeInfo pc_machine_info = { >diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c >index d9e69243b4..78367985b4 100644 >--- a/hw/i386/pc_piix.c >+++ b/hw/i386/pc_piix.c >@@ -365,6 +365,16 @@ static void pc_init1(MachineState *machine, const char *pci_type) > x86_nvdimm_acpi_dsmio, > x86ms->fw_cfg, OBJECT(pcms)); > } >+ >+#if defined(CONFIG_IGVM) >+ /* Apply guest state from IGVM if supplied */ >+ if (x86ms->igvm) { >+ if (IGVM_CFG_GET_CLASS(x86ms->igvm) >+ ->process(x86ms->igvm, machine->cgs, &error_fatal) < 0) { >+ g_assert_not_reached(); >+ } >+ } >+#endif > } > > typedef enum PCSouthBridgeOption { >diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c >index 9d108b194e..08ef8dc17a 100644 >--- a/hw/i386/pc_q35.c >+++ b/hw/i386/pc_q35.c >@@ -329,6 +329,16 @@ static void pc_q35_init(MachineState *machine) > x86_nvdimm_acpi_dsmio, > x86ms->fw_cfg, OBJECT(pcms)); > } >+ >+#if defined(CONFIG_IGVM) >+ /* Apply guest state from IGVM if supplied */ >+ if (x86ms->igvm) { >+ if (IGVM_CFG_GET_CLASS(x86ms->igvm) >+ ->process(x86ms->igvm, machine->cgs, &error_fatal) < 0) { >+ g_assert_not_reached(); >+ } >+ } >+#endif > } > > #define DEFINE_Q35_MACHINE(major, minor) \ >diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h >index d43cb3908e..01ac29acf6 100644 >--- a/include/hw/i386/x86.h >+++ b/include/hw/i386/x86.h >@@ -25,6 +25,7 @@ > #include "hw/intc/ioapic.h" > #include "hw/isa/isa.h" > #include "qom/object.h" >+#include "sysemu/igvm-cfg.h" > > struct X86MachineClass { > /*< private >*/ >@@ -97,6 +98,8 @@ struct X86MachineState { > * which means no limitation on the guest's bus locks. > */ > uint64_t bus_lock_ratelimit; >+ >+ IgvmCfg *igvm; > }; > > #define X86_MACHINE_SMM "smm" >diff --git a/qemu-options.hx b/qemu-options.hx >index cee0da2014..b6eee49075 100644 >--- a/qemu-options.hx >+++ b/qemu-options.hx >@@ -5927,6 +5927,31 @@ SRST > -machine ...,memory-encryption=sev0 \\ > ..... > >+ ``-object igvm-cfg,file=file`` >+ Create an IGVM configuration object that defines the initial state >+ of the guest using a file in that conforms to the Independent Guest >+ Virtual Machine (IGVM) file format. >+ >+ The ``file`` parameter is used to specify the IGVM file to load. >+ When provided, the IGVM file is used to populate the initial >+ memory of the virtual machine and, depending on the platform, can >+ define the initial processor state, memory map and parameters. >+ >+ The IGVM file is expected to contain the firmware for the virtual >+ machine, therefore an ``igvm-cfg`` object cannot be provided along >+ with other ways of specifying firmware, such as the ``-bios`` >+ parameter on x86 machines. >+ >+ e.g to launch a machine providing the firmware in an IGVM file >+ >+ .. parsed-literal:: >+ >+ # |qemu_system_x86| \\ >+ ...... \\ >+ -object igvm-cfg,id=igvm0,file=bios.igvm \\ >+ -machine ...,igvm-cfg=igvm0 \\ >+ ..... >+ Should we mention that this is supported only by `q35` and `pc` machines? > ``-object authz-simple,id=id,identity=string`` > Create an authorization object that will control access to > network services. >-- >2.43.0 >
diff --git a/hw/i386/pc.c b/hw/i386/pc.c index c74931d577..30bbe05e3e 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -1827,6 +1827,18 @@ static void pc_machine_class_init(ObjectClass *oc, void *data) object_class_property_add_bool(oc, "fd-bootchk", pc_machine_get_fd_bootchk, pc_machine_set_fd_bootchk); + +#if defined(CONFIG_IGVM) + object_class_property_add_link(oc, "igvm-cfg", + TYPE_IGVM_CFG, + offsetof(X86MachineState, igvm), + object_property_allow_set_link, + OBJ_PROP_LINK_STRONG); + object_class_property_set_description(oc, "igvm-cfg", + "Set IGVM configuration"); +#endif + + } static const TypeInfo pc_machine_info = { diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index d9e69243b4..78367985b4 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -365,6 +365,16 @@ static void pc_init1(MachineState *machine, const char *pci_type) x86_nvdimm_acpi_dsmio, x86ms->fw_cfg, OBJECT(pcms)); } + +#if defined(CONFIG_IGVM) + /* Apply guest state from IGVM if supplied */ + if (x86ms->igvm) { + if (IGVM_CFG_GET_CLASS(x86ms->igvm) + ->process(x86ms->igvm, machine->cgs, &error_fatal) < 0) { + g_assert_not_reached(); + } + } +#endif } typedef enum PCSouthBridgeOption { diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c index 9d108b194e..08ef8dc17a 100644 --- a/hw/i386/pc_q35.c +++ b/hw/i386/pc_q35.c @@ -329,6 +329,16 @@ static void pc_q35_init(MachineState *machine) x86_nvdimm_acpi_dsmio, x86ms->fw_cfg, OBJECT(pcms)); } + +#if defined(CONFIG_IGVM) + /* Apply guest state from IGVM if supplied */ + if (x86ms->igvm) { + if (IGVM_CFG_GET_CLASS(x86ms->igvm) + ->process(x86ms->igvm, machine->cgs, &error_fatal) < 0) { + g_assert_not_reached(); + } + } +#endif } #define DEFINE_Q35_MACHINE(major, minor) \ diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h index d43cb3908e..01ac29acf6 100644 --- a/include/hw/i386/x86.h +++ b/include/hw/i386/x86.h @@ -25,6 +25,7 @@ #include "hw/intc/ioapic.h" #include "hw/isa/isa.h" #include "qom/object.h" +#include "sysemu/igvm-cfg.h" struct X86MachineClass { /*< private >*/ @@ -97,6 +98,8 @@ struct X86MachineState { * which means no limitation on the guest's bus locks. */ uint64_t bus_lock_ratelimit; + + IgvmCfg *igvm; }; #define X86_MACHINE_SMM "smm" diff --git a/qemu-options.hx b/qemu-options.hx index cee0da2014..b6eee49075 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -5927,6 +5927,31 @@ SRST -machine ...,memory-encryption=sev0 \\ ..... + ``-object igvm-cfg,file=file`` + Create an IGVM configuration object that defines the initial state + of the guest using a file in that conforms to the Independent Guest + Virtual Machine (IGVM) file format. + + The ``file`` parameter is used to specify the IGVM file to load. + When provided, the IGVM file is used to populate the initial + memory of the virtual machine and, depending on the platform, can + define the initial processor state, memory map and parameters. + + The IGVM file is expected to contain the firmware for the virtual + machine, therefore an ``igvm-cfg`` object cannot be provided along + with other ways of specifying firmware, such as the ``-bios`` + parameter on x86 machines. + + e.g to launch a machine providing the firmware in an IGVM file + + .. parsed-literal:: + + # |qemu_system_x86| \\ + ...... \\ + -object igvm-cfg,id=igvm0,file=bios.igvm \\ + -machine ...,igvm-cfg=igvm0 \\ + ..... + ``-object authz-simple,id=id,identity=string`` Create an authorization object that will control access to network services.