Implement the final two ioctls #8
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jakecorrenti
force-pushed
the
finish-ioctls
branch
from
12523ab
to
8ca5bb9
Compare
jakecorrenti
force-pushed
the
finish-ioctls
branch
from
8ca5bb9
to
06df4fc
Compare
Adds `align_down` which rounds a number down to multiple. Equivalent to the `ALIGN_DOWN` macro in QEMU. Adds `align_up` which rounds a number up to multiple. Equivalent to the `ALIGN_UP` macro in QEMU`. Adds `mmap_reserve` which reserves a new memory region of the requested size to be used for mapping from the given fd (if any). This is equivalent to `mmap_reserve` in QEMU. Adds `mmap_activate` which activates memory in a reserved region from the given fd (if any), to make it accessible. This is equivalent to `mmap_activate` in QEMU. Signed-off-by: Jake Correnti <[email protected]>
Adds the function `ram_mmap` which is an `mmap()` abstraction to map guest RAM, simplifying flag handling, taking care of alignment requirements and installing guard pages. This is equivalent to `qemu_ram_mmap` in QEMU. Signed-off-by: Jake Correnti <[email protected]>
Re-implements the `KVM_CHECK_EXTENSION` ioctl for the launch test. We need to check if `KVM_CAP_MEMORY_MAPPING` and `KVM_CAP_GUEST_MEMFD` are supported on the host. These values aren't upstream in rust-vmm/kvm-ioctls and you can't convert a `u32` into `kvm_ioctls::Cap`, so it needed to be re-written. Signed-off-by: Jake Correnti <[email protected]>
jakecorrenti
force-pushed
the
finish-ioctls
branch
4 times, most recently
from
4868431
to
965c4a4
Compare
Implements the `KVM_TDX_INIT_MEM_REGION` ioctl for TDX. This will encrypt a memory continuous region, which correstponds to the `TDH.MEM.PAGE.ADD` SEAM call. Based on the attributes it will also extend the measurement which corresponds to the `TDH.MR.EXTEND` SEAM call. Signed-off-by: Jake Correnti <[email protected]>
Extends the `tests/launch.rs` test to include `init_mem_region`. Based on the QEMU implementation, if the host supports the `KVM_CAP_MEMORY_MAPPING` extension, then we should use a different set of ioctls: `KVM_MEMORY_MAPPING` and `KVM_TDX_EXTEND_MEMORY` instead of `KVM_TDX_INIT_MEM_REGION`. However, the current state of the CentOS SIG build doesn't support these ioctls so I have no way to test. Additionally changes the kvm-bindings and kvm-ioctls dependencies to the upstream main branch to take advantage of features that aren't in an official release. Signed-off-by: Jake Correnti <[email protected]>
Implements the `KVM_TDX_FINALIZE_VM` ioctl for TDX. This completes the measurement of the initial TD contents and marks it ready to run. This corresponds to the `TDH.MR.FINALIZE` SEAM call. Additionally runs the vCPU after the measurement is finalized. Signed-off-by: Jake Correnti <[email protected]>
In the KVM selftests for TDX[0] there are only very few patches. We should be in line with those as the bare minimum when initializing the VM. [0] https://lore.kernel.org/all/[email protected]/T/#m1e11e4ba2fb56d702fc5980dbd184a81845f869c Signed-off-by: Jake Correnti <[email protected]>
Enables the KVM_CAP_X2APIC_API capability to be in line with the KVM selftests for TDX[0]. [0] https://lore.kernel.org/all/[email protected]/T/#m1e11e4ba2fb56d702fc5980dbd184a81845f869c Signed-off-by: Jake Correnti <[email protected]>
Signed-off-by: Jake Correnti <[email protected]>
jakecorrenti
force-pushed
the
finish-ioctls
branch
from
965c4a4
to
4621029
Compare
Signed-off-by: Jake Correnti <[email protected]>
Signed-off-by: Jake Correnti <[email protected]>
Signed-off-by: Jake Correnti <[email protected]>
Fixes undefined behavior caused by the two lines being combined. If they are combined, running `cargo test` will pass but `cargo test --release` will result in the TDH.MNG.INIT SEAMCALL failing with an invalid operand. XFAM if there's no print statements anywhere, and Attributes if there are prints in the source code. Signed-off-by: Jake Correnti <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements the API for the last two TDX ioctls:
INIT_MEMORY_REGIONandFINALIZE_VM.Updates the
tests/launch.rsfile accordingly.