On 11/5/2024 6:36 PM, Daniel P. Berrangé wrote:
On Tue, Nov 05, 2024 at 01:23:21AM -0500, Xiaoyao Li wrote:
Validate TD attributes with tdx_caps that fixed-0 bits must be zero and
fixed-1 bits must be set.
Besides, sanity check the attribute bits that have not been supported by
QEMU yet. e.g., debug bit, it will be allowed in the future when debug
TD support lands in QEMU.
Signed-off-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
Acked-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
---
Changes in v3:
- using error_setg() for error report; (Daniel)
---
target/i386/kvm/tdx.c | 28 ++++++++++++++++++++++++++--
1 file changed, 26 insertions(+), 2 deletions(-)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index 6cf81f788fe0..5a9ce2ada89d 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -20,6 +20,7 @@
#include "kvm_i386.h"
#include "tdx.h"
+#define TDX_TD_ATTRIBUTES_DEBUG BIT_ULL(0)
#define TDX_TD_ATTRIBUTES_SEPT_VE_DISABLE BIT_ULL(28)
#define TDX_TD_ATTRIBUTES_PKS BIT_ULL(30)
#define TDX_TD_ATTRIBUTES_PERFMON BIT_ULL(63)
@@ -141,13 +142,33 @@ static int tdx_kvm_type(X86ConfidentialGuest *cg)
return KVM_X86_TDX_VM;
}
-static void setup_td_guest_attributes(X86CPU *x86cpu)
+static int tdx_validate_attributes(TdxGuest *tdx, Error **errp)
+{
+ if ((tdx->attributes & ~tdx_caps->supported_attrs)) {
+ error_setg(errp, "Invalid attributes 0x%lx for TDX VM "
+ "(supported: 0x%llx)",
+ tdx->attributes, tdx_caps->supported_attrs);
+ return -1;
Minor whitespace accident, with indentation too deep.
Good catch!
btw, how did you catch it? any tool like checkpatch.pl or just by your eyes?
+ }
+
+ if (tdx->attributes & TDX_TD_ATTRIBUTES_DEBUG) {
+ error_setg(errp, "Current QEMU doesn't support attributes.debug[bit 0] "
+ "for TDX VM");
+ return -1;
+ }
+
+ return 0;
+}
With regards,
Daniel
