On 8/22/2023 2:27 PM, Markus Armbruster wrote:
Daniel P. Berrangé <berrange@xxxxxxxxxx> writes:
On Fri, Aug 18, 2023 at 05:49:58AM -0400, Xiaoyao Li wrote:
Bit 28 of TD attribute, named SEPT_VE_DISABLE. When set to 1, it disables
EPT violation conversion to #VE on guest TD access of PENDING pages.
Some guest OS (e.g., Linux TD guest) may require this bit as 1.
Otherwise refuse to boot.
Add sept-ve-disable property for tdx-guest object, for user to configure
this bit.
Signed-off-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
Acked-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
---
qapi/qom.json | 4 +++-
target/i386/kvm/tdx.c | 24 ++++++++++++++++++++++++
2 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/qapi/qom.json b/qapi/qom.json
index 2ca7ce7c0da5..cc08b9a98df9 100644
--- a/qapi/qom.json
+++ b/qapi/qom.json
@@ -871,10 +871,12 @@
#
# Properties for tdx-guest objects.
#
+# @sept-ve-disable: bit 28 of TD attributes (default: 0)
This description isn't very useful as it forces the user to go off and
read the TDX specification to find out what bit 28 means. You've got a
Seconded.
more useful description in the commit message, so please use that
in the docs too. eg something like this
@sept-ve-disable: toggle bit 28 of TD attributes to control disabling
of EPT violation conversion to #VE on guest
TD access of PENDING pages. Some guest OS (e.g.
Linux TD guest) may require this set, otherwise
they refuse to boot.
But please format like
# @sept-ve-disable: toggle bit 28 of TD attributes to control disabling
# of EPT violation conversion to #VE on guest TD access of PENDING
# pages. Some guest OS (e.g. Linux TD guest) may require this to
# be set, otherwise they refuse to boot.
Thank you, Daniel and Markus.
Will use above in the next version.
to blend in with recent commit a937b6aa739 (qapi: Reformat doc comments
to conform to current conventions).
+#
# Since: 8.2
##
{ 'struct': 'TdxGuestProperties',
- 'data': { }}
+ 'data': { '*sept-ve-disable': 'bool' } }
##
# @ThreadContextProperties:
[...]
