Implement remaining functionality to boot TD #12
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Jake Correnti <[email protected]> update kvm-{bindings, ioctls} dependencies Signed-off-by: Jake Correnti <[email protected]>
Use `PhantomData` in `Cmd` to prevent undefined behavior with regards to the address represented by `data`. Signed-off-by: Jake Correnti <[email protected]>
Adds `align_down` which rounds a number down to multiple. Equivalent to the `ALIGN_DOWN` macro in QEMU. Adds `align_up` which rounds a number up to multiple. Equivalent to the `ALIGN_UP` macro in QEMU`. Adds `mmap_reserve` which reserves a new memory region of the requested size to be used for mapping from the given fd (if any). This is equivalent to `mmap_reserve` in QEMU. Adds `mmap_activate` which activates memory in a reserved region from the given fd (if any), to make it accessible. This is equivalent to `mmap_activate` in QEMU. Signed-off-by: Jake Correnti <[email protected]>
Adds the function `ram_mmap` which is an `mmap()` abstraction to map guest RAM, simplifying flag handling, taking care of alignment requirements and installing guard pages. This is equivalent to `qemu_ram_mmap` in QEMU. Signed-off-by: Jake Correnti <[email protected]>
Re-implements the `KVM_CHECK_EXTENSION` ioctl for the launch test. We need to check if `KVM_CAP_MEMORY_MAPPING` and `KVM_CAP_GUEST_MEMFD` are supported on the host. These values aren't upstream in rust-vmm/kvm-ioctls and you can't convert a `u32` into `kvm_ioctls::Cap`, so it needed to be re-written. Signed-off-by: Jake Correnti <[email protected]>
Implements the `KVM_TDX_INIT_MEM_REGION` ioctl for TDX. This will encrypt a memory continuous region, which correstponds to the `TDH.MEM.PAGE.ADD` SEAM call. Based on the attributes it will also extend the measurement which corresponds to the `TDH.MR.EXTEND` SEAM call. Signed-off-by: Jake Correnti <[email protected]>
Extends the `tests/launch.rs` test to include `init_mem_region`. Based on the QEMU implementation, if the host supports the `KVM_CAP_MEMORY_MAPPING` extension, then we should use a different set of ioctls: `KVM_MEMORY_MAPPING` and `KVM_TDX_EXTEND_MEMORY` instead of `KVM_TDX_INIT_MEM_REGION`. However, the current state of the CentOS SIG build doesn't support these ioctls so I have no way to test. Signed-off-by: Jake Correnti <[email protected]> underscore `caps` to silence warning Signed-off-by: Jake Correnti <[email protected]>
Implements the `KVM_TDX_FINALIZE_VM` ioctl for TDX. This completes the measurement of the initial TD contents and marks it ready to run. This corresponds to the `TDH.MR.FINALIZE` SEAM call. Additionally runs the vCPU after the measurement is finalized. Signed-off-by: Jake Correnti <[email protected]>
In the KVM selftests for TDX[0] there are only very few patches. We should be in line with those as the bare minimum when initializing the VM. [0] https://lore.kernel.org/all/[email protected]/T/#m1e11e4ba2fb56d702fc5980dbd184a81845f869c Signed-off-by: Jake Correnti <[email protected]>
Enables the KVM_CAP_X2APIC_API capability to be in line with the KVM selftests for TDX[0]. [0] https://lore.kernel.org/all/[email protected]/T/#m1e11e4ba2fb56d702fc5980dbd184a81845f869c Signed-off-by: Jake Correnti <[email protected]>
Don't keep track of the VmFd in the TdxVm struct. Signed-off-by: Jake Correnti <[email protected]>
With the latest update to the SIG kernel, update the changed constants. Rather than enabling the split IRQCHIP in the library, leave that to the consumer. Signed-off-by: Jake Correnti <[email protected]>
|
all but the last four commits are the exact same as the previous PR |
| kvm-bindings = "0.7.0" | ||
| kvm-ioctls = "0.16.0" | ||
| kvm-bindings = { git = "https://github.com/jakecorrenti/kvm-bindings.git", branch = "tdx", features = ["fam-wrappers"] } | ||
| kvm-ioctls = { git = "https://github.com/jakecorrenti/kvm-ioctls.git", branch = "tdx" } |
There was a problem hiding this comment.
Shouldn't these point to the VirTEE forks of these repositories now?
There was a problem hiding this comment.
It can't yet because I need virtee/kvm-ioctls#2 to merge
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements the
KVM_TDX_INIT_MEM_REGIONandKVM_TDX_FINALIZE_VMioctls.The last four commits are changes that are the result of incorporating the library into Libkrun.