Re: [PATCH v9 08/16] i386/sev: Refactor setting of reset vector and initial CPU state

Tue, 08 Jul 2025 14:09:36 -0700 

On Tue, Jul 08, 2025 at 04:25:25PM +0100, Daniel P. Berrangé wrote:
> On Thu, Jul 03, 2025 at 04:31:59PM +0100, Roy Hopkins wrote:
> > When an SEV guest is started, the reset vector and state are
> > extracted from metadata that is contained in the firmware volume.
> > 
> > In preparation for using IGVM to setup the initial CPU state,
> > the code has been refactored to populate vmcb_save_area for each
> > CPU which is then applied during guest startup and CPU reset.
> > 
> > Signed-off-by: Roy Hopkins <roy.hopk...@randomman.co.uk>
> > Acked-by: Michael S. Tsirkin <m...@redhat.com>
> > Acked-by: Stefano Garzarella <sgarz...@redhat.com>
> > Acked-by: Gerd Hoffman <kra...@redhat.com>
> > Reviewed-by: Pankaj Gupta <pankaj.gu...@amd.com>
> > ---
> >  target/i386/sev.c | 322 +++++++++++++++++++++++++++++++++++++++++-----
> >  target/i386/sev.h | 110 ++++++++++++++++
> >  2 files changed, 399 insertions(+), 33 deletions(-)
> > 
> > diff --git a/target/i386/sev.c b/target/i386/sev.c
> > index a84f5f5d28..a13f91e615 100644
> > --- a/target/i386/sev.c
> > +++ b/target/i386/sev.c
> 
> 
> > +static void sev_apply_cpu_context(CPUState *cpu)
> > +{
> > +    SevCommonState *sev_common = 
> > SEV_COMMON(MACHINE(qdev_get_machine())->cgs);
> > +    X86CPU *x86;
> > +    CPUX86State *env;
> > +    struct SevLaunchVmsa *launch_vmsa;
> > +
> > +    /* See if an initial VMSA has been provided for this CPU */
> > +    QTAILQ_FOREACH(launch_vmsa, &sev_common->launch_vmsa, next)
> > +    {
> > +        if (cpu->cpu_index == launch_vmsa->cpu_index) {
> > +            x86 = X86_CPU(cpu);
> > +            env = &x86->env;
> > +
> > +            /*
> > +             * Ideally we would provide the VMSA directly to kvm which 
> > would
> > +             * ensure that the resulting initial VMSA measurement which is
> > +             * calculated during KVM_SEV_LAUNCH_UPDATE_VMSA is calculated 
> > from
> > +             * exactly what we provide here. Currently this is not 
> > possible so
> > +             * we need to copy the parts of the VMSA structure that we 
> > currently
> > +             * support into the CPU state.
> > +             */
> 
> Are there any parts of the VMSA described in the IGVM that we are
> unable to handle here ?
> 
> If so, what happens if those parts are set in the IGVM and their
> value doesn't match KVM's default ? Presumably that would become
> a measurement failure ?

Never mind, this is answered by the following patch.


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Reply via email to