diff options
| author | Roy Hopkins <roy.hopkins@randomman.co.uk> | 2025-07-03 17:21:59 +0100 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2025-07-12 15:28:21 +0200 |
| commit | d60238b4c1e81235d5efb4a978a6f6b1adabccab (patch) | |
| tree | 8acfbd0bc5c81f09fd40407be5e00d7794341f8e /include/system | |
| parent | 2ff75825cc5a5d56ea90d79cd15578f6b1893561 (diff) | |
| download | focaccia-qemu-d60238b4c1e81235d5efb4a978a6f6b1adabccab.tar.gz focaccia-qemu-d60238b4c1e81235d5efb4a978a6f6b1adabccab.zip | |
sev: Provide sev_features flags from IGVM VMSA to KVM_SEV_INIT2
IGVM files can contain an initial VMSA that should be applied to each vcpu as part of the initial guest state. The sev_features flags are provided as part of the VMSA structure. However, KVM only allows sev_features to be set during initialization and not as the guest is being prepared for launch. This patch queries KVM for the supported set of sev_features flags and processes the VP context entries in the IGVM file during kvm_init to determine any sev_features flags set in the IGVM file. These are then provided in the call to KVM_SEV_INIT2 to ensure the guest state matches that specified in the IGVM file. The igvm process() function is modified to allow a partial processing of the file during initialization, with only the IGVM_VHT_VP_CONTEXT fields being processed. This means the function is called twice, firstly to extract the sev_features then secondly to actually configure the guest. Signed-off-by: Roy Hopkins <roy.hopkins@randomman.co.uk> Acked-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Stefano Garzarella <sgarzare@redhat.com> Acked-by: Gerd Hoffman <kraxel@redhat.com> Tested-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Liam Merwick <liam.merwick@oracle.com> Reviewed-by: Ani Sinha <anisinha@redhat.com> Link: https://lore.kernel.org/r/b2f986aae04e1da2aee530c9be22a54c0c59a560.1751554099.git.roy.hopkins@randomman.co.uk Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'include/system')
| -rw-r--r-- | include/system/igvm-cfg.h | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/include/system/igvm-cfg.h b/include/system/igvm-cfg.h index 321b3196f0..944f23a814 100644 --- a/include/system/igvm-cfg.h +++ b/include/system/igvm-cfg.h @@ -31,11 +31,14 @@ typedef struct IgvmCfgClass { /* * If an IGVM filename has been specified then process the IGVM file. * Performs a no-op if no filename has been specified. + * If onlyVpContext is true then only the IGVM_VHT_VP_CONTEXT entries + * in the IGVM file will be processed, allowing information about the + * CPU state to be determined before processing the entire file. * * Returns 0 for ok and -1 on error. */ int (*process)(IgvmCfg *cfg, ConfidentialGuestSupport *cgs, - Error **errp); + bool onlyVpContext, Error **errp); } IgvmCfgClass; |