> On 20 Mar 2024, at 14:08, Michael Roth <michael.roth@xxxxxxx> wrote: > > These patches implement SEV-SNP base support along with CPUID enforcement > support for QEMU, and are also available at: > > https://github.com/amdese/qemu/commits/snp-v3-rfc > > they are based on top of the following patchset from Paolo: > > "[PATCH 0/7] target/i386: VM type infrastructure and KVM_SEV_INIT2 support" > https://lists.gnu.org/archive/html/qemu-devel/2024-03/msg04663.html Can you please also CC me on future revisions of this patchset? Thanks! > > > Patch Layout > ------------ > > 01-05: Various changes needed to handle new header files in kvm-next tree > and some hacks to get a functional header sync in place for building > this series. > 06-18: These are patches directly plucked from Xiaoyao's TDX v5 patchset[1] > that implement common dependencies between SNP/TDX like base > guest_memfd, KVM_EXIT_MEMORY_FAULT handling (with a small FIXUP), and > mechanisms to disable SMM. We would've also needed some of the basic > infrastructure for handling specifying VM types for KVM_CREATE, but > much of that is now part of the sevinit2 series this patchset is based > on. Ideally all these patches, once stable, could be maintained in a > common tree so that future SNP/TDX patchsets can be more easily > iterated on/reviewed. > 19-20: Patches introduced by this series that are possible candidate for a > common tree. > shared/private pages when things like VFIO are in use. > 21-32: Introduction of sev-snp-guest object and various configuration > requirements for SNP. > 33-36: Handling for various KVM_EXIT_VMGEXIT events that are handled in > userspace. > 37-49: Support for creating a cryptographic "launch" context and populating > various OVMF metadata pages, BIOS regions, and vCPU/VMSA pages with > the initial encrypted/measured/validated launch data prior to > launching the SNP guest. > > > Testing > ------- > > This series has been tested against the following host kernel tree, which > is a snapshot of the latest WIP SNP hypervisor tree at the time of this > posting. It will likely not be kept up to date afterward, so please keep an > eye upstream or official AMDESE github if you are looking for the latest > some time after this posting: > > https://github.com/mdroth/linux/commits/snp-host-v12-wip40/ > > A patched OVMF is also needed due to upstream KVM no longer supporting MMIO > ranges that are mapped as private. It is recommended you build the AmdSevX64 > variant as it provides the kernel-hashing support present in this series: > > https://github.com/mdroth/edk2/commits/apic-mmio-fix1c/ > > A basic command-line invocation for SNP would be: > > qemu-system-x86_64 -smp 32,maxcpus=255 -cpu EPYC-Milan-v2 > -machine q35,confidential-guest-support=sev0,memory-backend=ram1 > -object memory-backend-memfd,id=ram1,size=4G,share=true,reserve=false > -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,id-auth= > -bios /home/mroth/ovmf/OVMF_CODE-upstream-20240228-apicfix-1c-AmdSevX64.fd > > With kernel-hashing and certificate data supplied: > > qemu-system-x86_64 -smp 32,maxcpus=255 -cpu EPYC-Milan-v2 > -machine q35,confidential-guest-support=sev0,memory-backend=ram1 > -object memory-backend-memfd,id=ram1,size=4G,share=true,reserve=false > -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,id-auth=,certs-path=/home/mroth/cert.blob,kernel-hashes=on > -bios /home/mroth/ovmf/OVMF_CODE-upstream-20240228-apicfix-1c-AmdSevX64.fd > -kernel /boot/vmlinuz-6.8.0-snp-host-v12-wip40+ > -initrd /boot/initrd.img-6.8.0-snp-host-v12-wip40+ > -append "root=UUID=d72a6d1c-06cf-4b79-af43-f1bac4f620f9 ro console=ttyS0,115200n8" > > Any comments/feedback would be very much appreciated. > > [1] https://github.com/amdese/linux > https://github.com/amdese/amdsev/tree/snp-latest > > Changes since rfc2: > > - reworked on top of guest_memfd support > - added handling for various KVM_EXIT_VMGEXIT events > - various changes/considerations for PCI passthrough support > - general bugfixes/hardening/cleanups > - qapi cmdline doc fixes/rework (Dov, Markus) > - switch to qbase64_decode, more error-checking for cmdline opts (Dov) > - unset id_block_en for 0 input (Dov) > - use error_setg in snp init (Dov) > - report more info in trace_kvm_sev_init (Dov) > - rework bounds-checking for kvm_cpuid_info, rework existing checks for readability, add additional checks (Dov) > - fixups for validated_ranges handling (Dov) > - rename 'policy' field to 'snp-policy' in query-sev when sev-type is SNP > > Changes since rfc1: > > - rebased onto latest master > - drop SNP config file in favor of a new 'sev-snp-guest' object where all > SNP-related params are passed as strings/integers via command-line > - report specific error if BIOS reports invalid address/len for > reserved/pre-validated regions (Connor) > - use Range helpers for handling validated region overlaps (Dave) > - simplify error handling in sev_snp_launch_start, and report the correct > return code when handling LAUNCH_START failures (Dov) > - add SEV-SNP bit to CPUID 0x8000001f when SNP enabled > - updated query-sev to handle differences between SEV and SEV-SNP > - updated to work against v5 of SEV-SNP host kernel / hypervisor patches > > ---------------------------------------------------------------- > Brijesh Singh (5): > i386/sev: Introduce 'sev-snp-guest' object > i386/sev: Add the SNP launch start context > i386/sev: Add handling to encrypt/finalize guest launch data > hw/i386/sev: Add function to get SEV metadata from OVMF header > i386/sev: Add support for populating OVMF metadata pages > > Chao Peng (2): > kvm: Enable KVM_SET_USER_MEMORY_REGION2 for memslot > kvm: handle KVM_EXIT_MEMORY_FAULT > > Dov Murik (4): > qapi, i386: Move kernel-hashes to SevCommonProperties > i386/sev: Extract build_kernel_loader_hashes > i386/sev: Reorder struct declarations > i386/sev: Allow measured direct kernel boot on SNP > > Isaku Yamahata (2): > pci-host/q35: Move PAM initialization above SMRAM initialization > q35: Introduce smm_ranges property for q35-pci-host > > Michael Roth (30): > Revert "linux-headers hack" from sevinit2 base tree > scripts/update-linux-headers: Add setup_data.h to import list > scripts/update-linux-headers: Add bits.h to file imports > [HACK] linux-headers: Update headers for 6.8 + kvm-coco-queue + SNP > [TEMP] hw/i386: Remove redeclaration of struct setup_data > RAMBlock: Add support of KVM private guest memfd > [FIXUP] "kvm: handle KVM_EXIT_MEMORY_FAULT": drop qemu_host_page_size > trace/kvm: Add trace for page convertion between shared and private > kvm: Make kvm_convert_memory() obey ram_block_discard_is_enabled() > trace/kvm: Add trace for KVM_EXIT_MEMORY_FAULT > i386/sev: Introduce "sev-common" type to encapsulate common SEV state > i386/sev: Add a sev_snp_enabled() helper > target/i386: Add handling for KVM_X86_SNP_VM VM type > i386/sev: Skip RAMBlock notifiers for SNP > i386/sev: Skip machine-init-done notifiers for SNP > i386/sev: Set ms->require_guest_memfd for SNP > i386/sev: Disable SMM for SNP > i386/sev: Don't disable block discarding for SNP > i386/cpu: Set SEV-SNP CPUID bit when SNP enabled > i386/sev: Update query-sev QAPI format to handle SEV-SNP > i386/sev: Don't return launch measurements for SEV-SNP guests > kvm: Make kvm_convert_memory() non-static > i386/sev: Add KVM_EXIT_VMGEXIT handling for Page State Changes > i386/sev: Add KVM_EXIT_VMGEXIT handling for Page State Changes (MSR-based) > i386/sev: Add KVM_EXIT_VMGEXIT handling for Extended Guest Requests > i386/sev: Set CPU state to protected once SNP guest payload is finalized > i386/sev: Add support for SNP CPUID validation > hw/i386/sev: Add support to encrypt BIOS when SEV-SNP is enabled > hw/i386/sev: Use guest_memfd for legacy ROMs > hw/i386: Add support for loading BIOS using guest_memfd > > Xiaoyao Li (6): > HostMem: Add mechanism to opt in kvm guest memfd via MachineState > trace/kvm: Split address space and slot id in trace_kvm_set_user_memory() > kvm: Introduce support for memory_attributes > physmem: Introduce ram_block_discard_guest_memfd_range() > kvm/memory: Make memory type private by default if it has guest memfd backend > memory: Introduce memory_region_init_ram_guest_memfd() > > accel/kvm/kvm-all.c | 241 ++- > accel/kvm/trace-events | 4 +- > accel/stubs/kvm-stub.c | 5 + > backends/hostmem-file.c | 1 + > backends/hostmem-memfd.c | 1 + > backends/hostmem-ram.c | 1 + > backends/hostmem.c | 1 + > docs/system/i386/amd-memory-encryption.rst | 78 +- > hw/core/machine.c | 5 + > hw/i386/pc.c | 13 +- > hw/i386/pc_q35.c | 2 + > hw/i386/pc_sysfw.c | 25 +- > hw/i386/pc_sysfw_ovmf.c | 33 + > hw/i386/x86.c | 46 +- > hw/pci-host/q35.c | 61 +- > include/exec/cpu-common.h | 2 + > include/exec/memory.h | 26 +- > include/exec/ram_addr.h | 2 +- > include/exec/ramblock.h | 1 + > include/hw/boards.h | 2 + > include/hw/i386/pc.h | 31 +- > include/hw/i386/x86.h | 2 +- > include/hw/pci-host/q35.h | 1 + > include/standard-headers/asm-x86/bootparam.h | 17 +- > include/standard-headers/asm-x86/kvm_para.h | 3 +- > include/standard-headers/linux/ethtool.h | 48 + > include/standard-headers/linux/fuse.h | 39 +- > include/standard-headers/linux/input-event-codes.h | 1 + > include/standard-headers/linux/virtio_gpu.h | 2 + > include/standard-headers/linux/virtio_snd.h | 154 ++ > include/sysemu/hostmem.h | 1 + > include/sysemu/kvm.h | 7 + > include/sysemu/kvm_int.h | 2 + > linux-headers/asm-arm64/kvm.h | 15 +- > linux-headers/asm-arm64/sve_context.h | 11 + > linux-headers/asm-generic/bitsperlong.h | 4 + > linux-headers/asm-loongarch/kvm.h | 2 - > linux-headers/asm-mips/kvm.h | 2 - > linux-headers/asm-powerpc/kvm.h | 45 +- > linux-headers/asm-riscv/kvm.h | 3 +- > linux-headers/asm-s390/kvm.h | 315 +++- > linux-headers/asm-x86/kvm.h | 372 ++++- > linux-headers/asm-x86/setup_data.h | 83 + > linux-headers/linux/bits.h | 15 + > linux-headers/linux/kvm.h | 719 +-------- > linux-headers/linux/psp-sev.h | 71 + > qapi/misc-target.json | 71 +- > qapi/qom.json | 96 +- > scripts/update-linux-headers.sh | 5 +- > system/memory.c | 30 + > system/physmem.c | 47 +- > target/i386/cpu.c | 1 + > target/i386/kvm/kvm.c | 4 + > target/i386/sev-sysemu-stub.c | 2 +- > target/i386/sev.c | 1631 ++++++++++++++++---- > target/i386/sev.h | 13 +- > target/i386/trace-events | 3 + > 57 files changed, 3272 insertions(+), 1146 deletions(-) > create mode 100644 linux-headers/asm-x86/setup_data.h > create mode 100644 linux-headers/linux/bits.h > > > >
