On Tue, Nov 05, 2024 at 07:51:53PM +0800, Xiaoyao Li wrote:
> On 11/5/2024 6:34 PM, Daniel P. Berrangé wrote:
> > On Tue, Nov 05, 2024 at 01:23:17AM -0500, Xiaoyao Li wrote:
> > > Invoke KVM_TDX_INIT in kvm_arch_pre_create_vcpu() that KVM_TDX_INIT
> > > configures global TD configurations, e.g. the canonical CPUID config,
> > > and must be executed prior to creating vCPUs.
> > >
> > > Use kvm_x86_arch_cpuid() to setup the CPUID settings for TDX VM.
> > >
> > > Note, this doesn't address the fact that QEMU may change the CPUID
> > > configuration when creating vCPUs, i.e. punts on refactoring QEMU to
> > > provide a stable CPUID config prior to kvm_arch_init().
> > >
> > > Signed-off-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
> > > Acked-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
> > > Acked-by: Markus Armbruster <armbru@xxxxxxxxxx>
> > > ---
> > > Changes in v6:
> > > - setup xfam explicitly to fit with new uapi;
> > > - use tdx_caps->cpuid to filter the input of cpuids because now KVM only
> > > allows the leafs that reported via KVM_TDX_GET_CAPABILITIES;
> > >
> > > Changes in v4:
> > > - mark init_vm with g_autofree() and use QEMU_LOCK_GUARD() to eliminate
> > > the goto labels; (Daniel)
> > > Changes in v3:
> > > - Pass @errp in tdx_pre_create_vcpu() and pass error info to it. (Daniel)
> > > ---
> > > accel/kvm/kvm-all.c | 8 ++++
> > > target/i386/kvm/kvm.c | 15 +++++--
> > > target/i386/kvm/kvm_i386.h | 3 ++
> > > target/i386/kvm/meson.build | 2 +-
> > > target/i386/kvm/tdx-stub.c | 8 ++++
> > > target/i386/kvm/tdx.c | 87 +++++++++++++++++++++++++++++++++++++
> > > target/i386/kvm/tdx.h | 6 +++
> > > 7 files changed, 125 insertions(+), 4 deletions(-)
> > > create mode 100644 target/i386/kvm/tdx-stub.c
> > > +int tdx_pre_create_vcpu(CPUState *cpu, Error **errp)
> > > +{
> > > + X86CPU *x86cpu = X86_CPU(cpu);
> > > + CPUX86State *env = &x86cpu->env;
> > > + g_autofree struct kvm_tdx_init_vm *init_vm = NULL;
> > > + int r = 0;
> > > +
> > > + QEMU_LOCK_GUARD(&tdx_guest->lock);
> > > + if (tdx_guest->initialized) {
> > > + return r;
> > > + }
> > > +
> > > + init_vm = g_malloc0(sizeof(struct kvm_tdx_init_vm) +
> > > + sizeof(struct kvm_cpuid_entry2) * KVM_MAX_CPUID_ENTRIES);
> > > +
> > > + r = setup_td_xfam(x86cpu, errp);
> > > + if (r) {
> > > + return r;
> > > + }
> > > +
> > > + init_vm->cpuid.nent = kvm_x86_build_cpuid(env, init_vm->cpuid.entries, 0);
> > > + tdx_filter_cpuid(&init_vm->cpuid);
> > > +
> > > + init_vm->attributes = tdx_guest->attributes;
> > > + init_vm->xfam = tdx_guest->xfam;
> > > +
> > > + do {
> > > + r = tdx_vm_ioctl(KVM_TDX_INIT_VM, 0, init_vm);
> > > + } while (r == -EAGAIN);
> >
> > Other calls to tdx_vm_ioctl don't loop on EAGAIN. Is the need to
> > do this retry specific to only KVM_TDX_INIT_VM, or should we push
> > the EAGAIN retry logic inside tdx_vm_ioctl_helper so all callers
> > benefit ?
>
> So far, only KVM_TDX_INIT_VM can get -EAGAIN due to KVM side TDH_MNG_CREATE
> gets TDX_RND_NO_ENTROPY because Random number generation (e.g., RDRAND or
> RDSEED) failed and in this case it should retry.
Ok, no problem.
> I think adding a commment to explain why it can get -EAGAIN and needs to
> retry should suffice?
Sure, a comment is useful.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
