[PATCH v3 35/70] i386/tdx: Make memory type private by default

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v3 35/70] i386/tdx: Make memory type private by default

From:	Xiaoyao Li
Subject:	[PATCH v3 35/70] i386/tdx: Make memory type private by default
Date:	Wed, 15 Nov 2023 02:14:44 -0500

By default (due to the recent UPM change), restricted memory attribute is
shared.  Convert the memory region from shared to private at the memory
slot creation time.

add kvm region registering function to check the flag
and convert the region, and add memory listener to TDX guest code to set
the flag to the possible memory region.

Without this patch
- Secure-EPT violation on private area
- KVM_MEMORY_FAULT EXIT (kvm -> qemu)
- qemu converts the 4K page from shared to private
- Resume VCPU execution
- Secure-EPT violation again
- KVM resolves EPT Violation
This also prevents huge page because page conversion is done at 4K
granularity.  Although it's possible to merge 4K private mapping into
2M large page, it slows guest boot.

With this patch
- After memory slot creation, convert the region from private to shared
- Secure-EPT violation on private area.
- KVM resolves EPT Violation

Originated-from: Isaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
---
 include/exec/memory.h |  1 +
 target/i386/kvm/tdx.c | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/include/exec/memory.h b/include/exec/memory.h
index bdc4b98efe70..c8b0385b19ad 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -850,6 +850,7 @@ struct IOMMUMemoryRegion {
 #define MEMORY_LISTENER_PRIORITY_MIN            0
 #define MEMORY_LISTENER_PRIORITY_ACCEL          10
 #define MEMORY_LISTENER_PRIORITY_DEV_BACKEND    10
+#define MEMORY_LISTENER_PRIORITY_ACCEL_HIGH     20
 
 /**
  * struct MemoryListener: callbacks structure for updates to the physical 
memory map
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index 50e68f9c1a41..82a1b010746a 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -19,6 +19,7 @@
 #include "standard-headers/asm-x86/kvm_para.h"
 #include "sysemu/kvm.h"
 #include "sysemu/sysemu.h"
+#include "exec/address-spaces.h"
 
 #include "hw/i386/x86.h"
 #include "kvm_i386.h"
@@ -619,6 +620,19 @@ out:
     return r;
 }
 
+static void tdx_guest_region_add(MemoryListener *listener,
+                                 MemoryRegionSection *section)
+{
+    memory_region_set_default_private(section->mr);
+}
+
+static MemoryListener tdx_memory_listener = {
+    .name = TYPE_TDX_GUEST,
+    .region_add = tdx_guest_region_add,
+    /* Higher than KVM memory listener = 10. */
+    .priority = MEMORY_LISTENER_PRIORITY_ACCEL_HIGH,
+};
+
 static bool tdx_guest_get_sept_ve_disable(Object *obj, Error **errp)
 {
     TdxGuest *tdx = TDX_GUEST(obj);
@@ -690,6 +704,12 @@ OBJECT_DEFINE_TYPE_WITH_INTERFACES(TdxGuest,
 static void tdx_guest_init(Object *obj)
 {
     TdxGuest *tdx = TDX_GUEST(obj);
+    static bool memory_listener_registered = false;
+
+    if (!memory_listener_registered) {
+        memory_listener_register(&tdx_memory_listener, &address_space_memory);
+        memory_listener_registered = true;
+    }
 
     qemu_mutex_init(&tdx->lock);
 
-- 
2.34.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v3 25/70] kvm: Introduce kvm_arch_pre_create_vcpu(), (continued)
- [PATCH v3 25/70] kvm: Introduce kvm_arch_pre_create_vcpu(), Xiaoyao Li, 2023/11/15
- [PATCH v3 26/70] i386/tdx: Initialize TDX before creating TD vcpus, Xiaoyao Li, 2023/11/15
- [PATCH v3 27/70] i386/tdx: Add property sept-ve-disable for tdx-guest object, Xiaoyao Li, 2023/11/15
- [PATCH v3 28/70] i386/tdx: Make sept_ve_disable set by default, Xiaoyao Li, 2023/11/15
- [PATCH v3 29/70] i386/tdx: Wire CPU features up with attributes of TD guest, Xiaoyao Li, 2023/11/15
- [PATCH v3 30/70] i386/tdx: Validate TD attributes, Xiaoyao Li, 2023/11/15
- [PATCH v3 31/70] i386/tdx: Allows mrconfigid/mrowner/mrownerconfig for TDX_INIT_VM, Xiaoyao Li, 2023/11/15
- [PATCH v3 32/70] i386/tdx: Implement user specified tsc frequency, Xiaoyao Li, 2023/11/15
- [PATCH v3 33/70] i386/tdx: Set kvm_readonly_mem_enabled to false for TDX VM, Xiaoyao Li, 2023/11/15
- [PATCH v3 34/70] kvm/memory: Introduce the infrastructure to set the default shared/private value, Xiaoyao Li, 2023/11/15
- [PATCH v3 35/70] i386/tdx: Make memory type private by default, Xiaoyao Li <=
- [PATCH v3 36/70] kvm/tdx: Don't complain when converting vMMIO region to shared, Xiaoyao Li, 2023/11/15
- [PATCH v3 37/70] kvm/tdx: Ignore memory conversion to shared of unassigned region, Xiaoyao Li, 2023/11/15
- [PATCH v3 38/70] i386/tdvf: Introduce function to parse TDVF metadata, Xiaoyao Li, 2023/11/15
- [PATCH v3 39/70] i386/tdx: Parse TDVF metadata for TDX VM, Xiaoyao Li, 2023/11/15
- [PATCH v3 40/70] i386/tdx: Skip BIOS shadowing setup, Xiaoyao Li, 2023/11/15
- [PATCH v3 41/70] i386/tdx: Don't initialize pc.rom for TDX VMs, Xiaoyao Li, 2023/11/15
- [PATCH v3 42/70] i386/tdx: Track mem_ptr for each firmware entry of TDVF, Xiaoyao Li, 2023/11/15
- [PATCH v3 43/70] i386/tdx: Track RAM entries for TDX VM, Xiaoyao Li, 2023/11/15
- [PATCH v3 44/70] headers: Add definitions from UEFI spec for volumes, resources, etc..., Xiaoyao Li, 2023/11/15
- [PATCH v3 45/70] i386/tdx: Setup the TD HOB list, Xiaoyao Li, 2023/11/15

Prev by Date: [PATCH v3 34/70] kvm/memory: Introduce the infrastructure to set the default shared/private value
Next by Date: [PATCH v3 36/70] kvm/tdx: Don't complain when converting vMMIO region to shared
Previous by thread: [PATCH v3 34/70] kvm/memory: Introduce the infrastructure to set the default shared/private value
Next by thread: [PATCH v3 36/70] kvm/tdx: Don't complain when converting vMMIO region to shared
Index(es):
- Date
- Thread