This is the first RFC version of enabling KVM gmem[1] as the backend for
private memory of KVM_X86_PROTECTED_VM.
It adds the support to create a specific KVM_X86_PROTECTED_VM type VM,
and introduces 'private' property for memory backend. When the vm type
is KVM_X86_PROTECTED_VM and memory backend has private enabled as below,
it will call KVM gmem ioctl to allocate private memory for the backend.
$qemu -object memory-backend-ram,id=mem0,size=1G,private=on \
-machine q35,kvm-type=sw-protected-vm,memory-backend=mem0 \
...
Unfortunately this patch series fails the boot of OVMF at very early
stage due to triple fault because KVM doesn't support emulate string IO
to private memory. We leave it as an open to be discussed.
There are following design opens that need to be discussed:
1. how to determine the vm type?
a. like this series, specify the vm type via machine property
'kvm-type'
b. check the memory backend, if any backend has 'private' property
set, the vm-type is set to KVM_X86_PROTECTED_VM.
2. whether 'private' property is needed if we choose 1.b as design
with 1.b, QEMU can decide whether the memory region needs to be
private (allocates gmem fd for it) or not, on its own.
3. What is KVM_X86_SW_PROTECTED_VM going to look like? What's the
purose of it and what's the requirement on it. I think it's the
questions for KVM folks than QEMU folks.
Any other idea/open/question is welcomed.
Beside, TDX QEMU implemetation is based on this series to provide
private gmem for TD private memory, which can be found at [2].
And it can work corresponding KVM [3] to boot TDX guest.
[1] https://lore.kernel.org/all/20230718234512.1690985-1-seanjc@xxxxxxxxxx/
[2] https://github.com/intel/qemu-tdx/tree/tdx-upstream-wip
[3] https://github.com/intel/tdx/tree/kvm-upstream-2023.07.27-v6.5-rc2-workaround
Chao Peng (4):
RAMBlock: Support KVM gmemory
kvm: Enable KVM_SET_USER_MEMORY_REGION2 for memslot
physmem: Add ram_block_convert_range
kvm: handle KVM_EXIT_MEMORY_FAULT
Isaku Yamahata (4):
HostMem: Add private property to indicate to use kvm gmem
trace/kvm: Add trace for page convertion between shared and private
pci-host/q35: Move PAM initialization above SMRAM initialization
q35: Introduce smm_ranges property for q35-pci-host
Xiaoyao Li (11):
trace/kvm: Split address space and slot id in
trace_kvm_set_user_memory()
*** HACK *** linux-headers: Update headers to pull in gmem APIs
memory: Introduce memory_region_can_be_private()
i386/pc: Drop pc_machine_kvm_type()
target/i386: Implement mc->kvm_type() to get VM type
i386/kvm: Create gmem fd for KVM_X86_SW_PROTECTED_VM
kvm: Introduce support for memory_attributes
kvm/memory: Introduce the infrastructure to set the default
shared/private value
i386/kvm: Set memory to default private for KVM_X86_SW_PROTECTED_VM
physmem: replace function name with __func__ in
ram_block_discard_range()
i386: Disable SMM mode for X86_SW_PROTECTED_VM
accel/kvm/kvm-all.c | 166 +++++++++++++++++++++++++++++++++---
accel/kvm/trace-events | 4 +-
backends/hostmem.c | 18 ++++
hw/i386/pc.c | 5 --
hw/i386/pc_q35.c | 3 +-
hw/i386/x86.c | 27 ++++++
hw/pci-host/q35.c | 61 ++++++++-----
include/exec/cpu-common.h | 2 +
include/exec/memory.h | 24 ++++++
include/exec/ramblock.h | 1 +
include/hw/i386/pc.h | 4 +-
include/hw/i386/x86.h | 4 +
include/hw/pci-host/q35.h | 1 +
include/sysemu/hostmem.h | 2 +-
include/sysemu/kvm.h | 3 +
include/sysemu/kvm_int.h | 2 +
linux-headers/asm-x86/kvm.h | 3 +
linux-headers/linux/kvm.h | 50 +++++++++++
qapi/qom.json | 4 +
softmmu/memory.c | 27 ++++++
softmmu/physmem.c | 97 ++++++++++++++-------
target/i386/kvm/kvm.c | 84 ++++++++++++++++++
target/i386/kvm/kvm_i386.h | 1 +
23 files changed, 517 insertions(+), 76 deletions(-)
--
2.34.1
