[PATCH v7 34/52] i386/tdx: Disable SMM for TDX VMs

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v7 34/52] i386/tdx: Disable SMM for TDX VMs

From:	Xiaoyao Li
Subject:	[PATCH v7 34/52] i386/tdx: Disable SMM for TDX VMs
Date:	Fri, 24 Jan 2025 08:20:30 -0500

TDX doesn't support SMM and VMM cannot emulate SMM for TDX VMs because
VMM cannot manipulate TDX VM's memory.

Disable SMM for TDX VMs and error out if user requests to enable SMM.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
---
 target/i386/kvm/tdx.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index f4d95b0a4029..10059ec8cf92 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -365,11 +365,20 @@ static Notifier tdx_machine_done_notify = {
 
 static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
 {
+    MachineState *ms = MACHINE(qdev_get_machine());
+    X86MachineState *x86ms = X86_MACHINE(ms);
     TdxGuest *tdx = TDX_GUEST(cgs);
     int r = 0;
 
     kvm_mark_guest_state_protected();
 
+    if (x86ms->smm == ON_OFF_AUTO_AUTO) {
+        x86ms->smm = ON_OFF_AUTO_OFF;
+    } else if (x86ms->smm == ON_OFF_AUTO_ON) {
+        error_setg(errp, "TDX VM doesn't support SMM");
+        return -EINVAL;
+    }
+
     if (!tdx_caps) {
         r = get_tdx_capabilities(errp);
         if (r) {
-- 
2.34.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v7 30/52] i386/tdx: implement tdx_cpu_instance_init(), (continued)
- [PATCH v7 30/52] i386/tdx: implement tdx_cpu_instance_init(), Xiaoyao Li, 2025/01/24
- [PATCH v7 31/52] i386/cpu: Introduce enable_cpuid_0x1f to force exposing CPUID 0x1f, Xiaoyao Li, 2025/01/24
- [PATCH v7 35/52] i386/tdx: Disable PIC for TDX VMs, Xiaoyao Li, 2025/01/24
- [PATCH v7 36/52] i386/tdx: Don't synchronize guest tsc for TDs, Xiaoyao Li, 2025/01/24
- [PATCH v7 37/52] i386/tdx: Only configure MSR_IA32_UCODE_REV in kvm_init_msrs() for TDs, Xiaoyao Li, 2025/01/24
- [PATCH v7 38/52] i386/apic: Skip kvm_apic_put() for TDX, Xiaoyao Li, 2025/01/24
- [PATCH v7 25/52] i386/tdx: Finalize TDX VM, Xiaoyao Li, 2025/01/24
- [PATCH v7 28/52] i386/tdx: Wire TDX_REPORT_FATAL_ERROR with GuestPanic facility, Xiaoyao Li, 2025/01/24
- [PATCH v7 27/52] i386/tdx: Handle KVM_SYSTEM_EVENT_TDX_FATAL, Xiaoyao Li, 2025/01/24
- [PATCH v7 32/52] i386/tdx: Force exposing CPUID 0x1f, Xiaoyao Li, 2025/01/24
- [PATCH v7 34/52] i386/tdx: Disable SMM for TDX VMs, Xiaoyao Li <=
- [PATCH v7 39/52] cpu: Don't set vcpu_dirty when guest_state_protected, Xiaoyao Li, 2025/01/24
- [PATCH v7 42/52] i386/tdx: Apply TDX fixed0 and fixed1 information to supported CPUIDs, Xiaoyao Li, 2025/01/24
- [PATCH v7 41/52] i386/tdx: Implement adjust_cpuid_features() for TDX, Xiaoyao Li, 2025/01/24
- [PATCH v7 49/52] i386/tdx: Don't treat SYSCALL as unavailable, Xiaoyao Li, 2025/01/24
- [PATCH v7 43/52] i386/tdx: Mask off CPUID bits by unsupported TD Attributes, Xiaoyao Li, 2025/01/24
- [PATCH v7 44/52] i386/cpu: Move CPUID_XSTATE_XSS_MASK to header file and introduce CPUID_XSTATE_MASK, Xiaoyao Li, 2025/01/24
- [PATCH v7 46/52] i386/tdx: Mark the configurable bit not reported by KVM as unsupported, Xiaoyao Li, 2025/01/24
- [PATCH v7 40/52] i386/cgs: Rename *mask_cpuid_features() to *adjust_cpuid_features(), Xiaoyao Li, 2025/01/24
- [PATCH v7 45/52] i386/tdx: Mask off CPUID bits by unsupported XFAM, Xiaoyao Li, 2025/01/24
- [PATCH v7 47/52] i386/cgs: Introduce x86_confidential_guest_check_features(), Xiaoyao Li, 2025/01/24

Prev by Date: [PATCH v7 32/52] i386/tdx: Force exposing CPUID 0x1f
Next by Date: [PATCH v7 39/52] cpu: Don't set vcpu_dirty when guest_state_protected
Previous by thread: [PATCH v7 32/52] i386/tdx: Force exposing CPUID 0x1f
Next by thread: [PATCH v7 39/52] cpu: Don't set vcpu_dirty when guest_state_protected
Index(es):
- Date
- Thread