Re: [PATCH rfcv3 06/11] qemu: force special parameters enabled for TDX guest

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Nov 27, 2023 at 04:55:16PM +0800, Zhenzhong Duan wrote:
> TDX guest requires some special parameters to boot, They are:
> 
>  "-machine pc-q35-*"
>  "kernel_irqchip=split"
> 
> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx>
> ---
>  src/qemu/qemu_validate.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)
> 
> diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
> index 5a9173e8ff..c4f386fe99 100644
> --- a/src/qemu/qemu_validate.c
> +++ b/src/qemu/qemu_validate.c
> @@ -1329,6 +1329,16 @@ qemuValidateDomainDef(const virDomainDef *def,
>                                 _("INTEL TDX launch security is not supported with this QEMU binary"));
>                  return -1;
>              }
> +            if (!qemuDomainIsQ35(def)) {
> +                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> +                               _("Intel TDX is supported with q35 machine types only"));
> +                return -1;
> +            }

Ideally QMP  'MachineInfo' struct would report whether TDX is supported
so we don't need to hardcode that.

> +            if (def->features[VIR_DOMAIN_FEATURE_IOAPIC] != VIR_DOMAIN_IOAPIC_QEMU) {
> +                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> +                               _("INTEL TDX launch security needs split kernel irqchip"));

s/INTEL/Intel/

Ideally QEMU would automatically use the correct ioapic impl when no
args are given to QEMU. That would let us do

  if (def->features[VIR_DOMAIN_FEATURE_IOAPIC] == VIR_DOMAIN_IOAPIC_KVM) {


thus allowing IOAPIC_NONE (ie QEMU's default) or IOAPIC_QEMU (explicitly
requested config). This will make TDX guest "just work" in more scenarios.

> +                return -1;
> +            }
>              break;
>          case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
>          case VIR_DOMAIN_LAUNCH_SECURITY_LAST:
> -- 
> 2.34.1
> 

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|
_______________________________________________
Devel mailing list -- devel@xxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux