Implement the final two ioctls #8
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jakecorrenti
force-pushed
the
finish-ioctls
branch
from
12523ab to
8ca5bb9
Compare
jakecorrenti
force-pushed
the
finish-ioctls
branch
from
8ca5bb9 to
06df4fc
Compare
jakecorrenti
force-pushed
the
finish-ioctls
branch
4 times, most recently
from
4868431 to
965c4a4
Compare
jakecorrenti
force-pushed
the
finish-ioctls
branch
from
965c4a4 to
4621029
Compare
Signed-off-by: Jake Correnti <[email protected]>
Use `PhantomData` in `Cmd` to prevent undefined behavior with regards to the address represented by `data`. Signed-off-by: Jake Correnti <[email protected]>
Adds `align_down` which rounds a number down to multiple. Equivalent to the `ALIGN_DOWN` macro in QEMU. Adds `align_up` which rounds a number up to multiple. Equivalent to the `ALIGN_UP` macro in QEMU`. Adds `mmap_reserve` which reserves a new memory region of the requested size to be used for mapping from the given fd (if any). This is equivalent to `mmap_reserve` in QEMU. Adds `mmap_activate` which activates memory in a reserved region from the given fd (if any), to make it accessible. This is equivalent to `mmap_activate` in QEMU. Signed-off-by: Jake Correnti <[email protected]>
Adds the function `ram_mmap` which is an `mmap()` abstraction to map guest RAM, simplifying flag handling, taking care of alignment requirements and installing guard pages. This is equivalent to `qemu_ram_mmap` in QEMU. Signed-off-by: Jake Correnti <[email protected]>
Re-implements the `KVM_CHECK_EXTENSION` ioctl for the launch test. We need to check if `KVM_CAP_MEMORY_MAPPING` and `KVM_CAP_GUEST_MEMFD` are supported on the host. These values aren't upstream in rust-vmm/kvm-ioctls and you can't convert a `u32` into `kvm_ioctls::Cap`, so it needed to be re-written. Signed-off-by: Jake Correnti <[email protected]>
jakecorrenti
force-pushed
the
finish-ioctls
branch
2 times, most recently
from
447e580 to
d0cd56f
Compare
tylerfanelli
requested changes
Dec 13, 2024
|
|
||
| /// Complete measurement of the initial TD contents and mark it ready to run | ||
| pub fn finalize(&self) -> Result<(), TdxError> { | ||
| let mut cmd: Cmd<u64> = Cmd::from(CmdId::FinalizeVm, &0); |
There was a problem hiding this comment.
there's a data field in Cmd which is a pointer to whatever we pass as the second argument. The FINALIZE_VM ioctl doesn't require any data so that should be null. I can make the parameter Option<&'a T> instead if that makes more sense.
Implements the `KVM_TDX_INIT_MEM_REGION` ioctl for TDX. This will encrypt a memory continuous region, which correstponds to the `TDH.MEM.PAGE.ADD` SEAM call. Based on the attributes it will also extend the measurement which corresponds to the `TDH.MR.EXTEND` SEAM call. Signed-off-by: Jake Correnti <[email protected]>
jakecorrenti
force-pushed
the
finish-ioctls
branch
from
d0cd56f to
634ed0b
Compare
Extends the `tests/launch.rs` test to include `init_mem_region`. Based on the QEMU implementation, if the host supports the `KVM_CAP_MEMORY_MAPPING` extension, then we should use a different set of ioctls: `KVM_MEMORY_MAPPING` and `KVM_TDX_EXTEND_MEMORY` instead of `KVM_TDX_INIT_MEM_REGION`. However, the current state of the CentOS SIG build doesn't support these ioctls so I have no way to test. Signed-off-by: Jake Correnti <[email protected]> underscore `caps` to silence warning Signed-off-by: Jake Correnti <[email protected]>
Implements the `KVM_TDX_FINALIZE_VM` ioctl for TDX. This completes the measurement of the initial TD contents and marks it ready to run. This corresponds to the `TDH.MR.FINALIZE` SEAM call. Additionally runs the vCPU after the measurement is finalized. Signed-off-by: Jake Correnti <[email protected]>
In the KVM selftests for TDX[0] there are only very few patches. We should be in line with those as the bare minimum when initializing the VM. [0] https://lore.kernel.org/all/[email protected]/T/#m1e11e4ba2fb56d702fc5980dbd184a81845f869c Signed-off-by: Jake Correnti <[email protected]>
Enables the KVM_CAP_X2APIC_API capability to be in line with the KVM selftests for TDX[0]. [0] https://lore.kernel.org/all/[email protected]/T/#m1e11e4ba2fb56d702fc5980dbd184a81845f869c Signed-off-by: Jake Correnti <[email protected]>
jakecorrenti
force-pushed
the
finish-ioctls
branch
from
634ed0b to
1d31a76
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements the API for the last two TDX ioctls:
INIT_MEMORY_REGIONandFINALIZE_VM.Updates the
tests/launch.rsfile accordingly.