From: Dov Murik <dovmurik@linux.ibm.com>
To: qemu-devel@nongnu.org
Cc: Tom Lendacky <thomas.lendacky@amd.com>,
Ashish Kalra <ashish.kalra@amd.com>,
Brijesh Singh <brijesh.singh@amd.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
Steve Rutherford <srutherford@google.com>,
James Bottomley <jejb@linux.ibm.com>,
Juan Quintela <quintela@redhat.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Dov Murik <dovmurik@linux.ibm.com>,
Hubertus Franke <frankeh@us.ibm.com>,
Tobin Feldman-Fitzthum <tobin@linux.ibm.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: [RFC PATCH v2 08/12] migration: Allow resetting the mirror vcpu to the MH entry point
Date: Mon, 23 Aug 2021 10:16:32 -0400 [thread overview]
Message-ID: <20210823141636.65975-9-dovmurik@linux.ibm.com> (raw)
In-Reply-To: <20210823141636.65975-1-dovmurik@linux.ibm.com>
Add a function to reset the mirror vcpu so it'll start directly at the
entry point of the migration handler.
Note: In the patch below the GDT and EIP values are hard-coded to fit
the OVMF migration handler entry point implementation we currently have.
These values can be exposed in the OVMF GUID table and can be discovered
from there instead of being hard-coded here.
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
---
migration/confidential-ram.h | 2 +
migration/confidential-ram.c | 112 +++++++++++++++++++++++++++++++++++
2 files changed, 114 insertions(+)
diff --git a/migration/confidential-ram.h b/migration/confidential-ram.h
index 9a1027bdaf..af046f95cc 100644
--- a/migration/confidential-ram.h
+++ b/migration/confidential-ram.h
@@ -18,4 +18,6 @@ int cgs_mh_save_encrypted_page(QEMUFile *f, ram_addr_t src_gpa, uint32_t size,
int cgs_mh_load_encrypted_page(QEMUFile *f, ram_addr_t dest_gpa);
+void cgs_mh_reset_mirror_vcpu(CPUState *s);
+
#endif
diff --git a/migration/confidential-ram.c b/migration/confidential-ram.c
index 30002448b9..6e41cba878 100644
--- a/migration/confidential-ram.c
+++ b/migration/confidential-ram.c
@@ -8,6 +8,8 @@
#include "io/channel.h"
#include "qapi/error.h"
#include "exec/memory.h"
+#include "sysemu/kvm.h"
+#include "kvm/kvm_i386.h"
#include "trace.h"
#include "confidential-ram.h"
@@ -225,3 +227,113 @@ int cgs_mh_load_encrypted_page(QEMUFile *f, ram_addr_t dest_gpa)
}
return ret;
}
+
+void cgs_mh_reset_mirror_vcpu(CPUState *s)
+{
+ X86CPU *cpu = X86_CPU(s);
+ CPUX86State *env = &cpu->env;
+ uint64_t xcr0;
+ int i;
+
+ memset(env, 0, offsetof(CPUX86State, end_reset_fields));
+
+ env->old_exception = -1;
+
+ /* init to reset state */
+
+ env->hflags2 |= HF2_GIF_MASK;
+ env->hflags &= ~HF_GUEST_MASK;
+ env->hflags |= HF_CS32_MASK | HF_SS32_MASK | HF_PE_MASK | HF_MP_MASK;
+
+ cpu_x86_update_cr0(env, 0x00010033);
+ env->a20_mask = ~0x0;
+ env->smbase = 0x30000;
+ env->msr_smi_count = 0;
+
+ /* The GDT is hard-coded to the one setup by OVMF */
+ env->gdt.base = 0x823600;
+ env->gdt.limit = 0x0047;
+ env->ldt.limit = 0xffff;
+ env->ldt.flags = DESC_P_MASK | (2 << DESC_TYPE_SHIFT);
+ env->tr.limit = 0xffff;
+ env->tr.flags = DESC_P_MASK | (11 << DESC_TYPE_SHIFT);
+
+ cpu_x86_load_seg_cache(env, R_CS, 0x38, 0, 0xffffffff,
+ DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
+ DESC_CS_MASK | DESC_R_MASK | DESC_A_MASK);
+ cpu_x86_load_seg_cache(env, R_DS, 0x30, 0, 0xffffffff,
+ DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
+ DESC_W_MASK | DESC_A_MASK);
+ cpu_x86_load_seg_cache(env, R_ES, 0x30, 0, 0xffffffff,
+ DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
+ DESC_W_MASK | DESC_A_MASK);
+ cpu_x86_load_seg_cache(env, R_SS, 0x30, 0, 0xffffffff,
+ DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
+ DESC_W_MASK | DESC_A_MASK);
+ cpu_x86_load_seg_cache(env, R_FS, 0x30, 0, 0xffffffff,
+ DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
+ DESC_W_MASK | DESC_A_MASK);
+ cpu_x86_load_seg_cache(env, R_GS, 0x30, 0, 0xffffffff,
+ DESC_B_MASK | DESC_P_MASK | DESC_S_MASK |
+ DESC_W_MASK | DESC_A_MASK);
+
+ /* The EIP is hard-coded to the OVMF migration handler entry point */
+ env->eip = 0x823000;
+ /* env->regs[R_EDX] = env->cpuid_version; */
+
+ env->eflags = 0x2;
+
+ /* FPU init */
+ for (i = 0; i < 8; i++) {
+ env->fptags[i] = 1;
+ }
+ cpu_set_fpuc(env, 0x37f);
+
+ env->mxcsr = 0x1f80;
+ /* All units are in INIT state. */
+ env->xstate_bv = 0;
+
+ env->pat = 0x0007040600070406ULL;
+ env->msr_ia32_misc_enable = MSR_IA32_MISC_ENABLE_DEFAULT;
+ if (env->features[FEAT_1_ECX] & CPUID_EXT_MONITOR) {
+ env->msr_ia32_misc_enable |= MSR_IA32_MISC_ENABLE_MWAIT;
+ }
+
+ memset(env->dr, 0, sizeof(env->dr));
+ env->dr[6] = DR6_FIXED_1;
+ env->dr[7] = DR7_FIXED_1;
+ cpu_breakpoint_remove_all(s, BP_CPU);
+ cpu_watchpoint_remove_all(s, BP_CPU);
+
+ xcr0 = XSTATE_FP_MASK;
+ env->xcr0 = xcr0;
+ cpu_x86_update_cr4(env, 0x00000668);
+
+ /*
+ * SDM 11.11.5 requires:
+ * - IA32_MTRR_DEF_TYPE MSR.E = 0
+ * - IA32_MTRR_PHYSMASKn.V = 0
+ * All other bits are undefined. For simplification, zero it all.
+ */
+ env->mtrr_deftype = 0;
+ memset(env->mtrr_var, 0, sizeof(env->mtrr_var));
+ memset(env->mtrr_fixed, 0, sizeof(env->mtrr_fixed));
+
+ env->interrupt_injected = -1;
+ env->exception_nr = -1;
+ env->exception_pending = 0;
+ env->exception_injected = 0;
+ env->exception_has_payload = false;
+ env->exception_payload = 0;
+ env->nmi_injected = false;
+#if !defined(CONFIG_USER_ONLY)
+ /* We hard-wire the BSP to the first CPU. */
+ apic_designate_bsp(cpu->apic_state, s->cpu_index == 0);
+
+ s->halted = !cpu_is_bsp(cpu);
+
+ if (kvm_enabled()) {
+ kvm_arch_reset_vcpu(cpu);
+ }
+#endif
+}
--
2.20.1
next prev parent reply other threads:[~2021-08-23 14:20 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-23 14:16 [RFC PATCH v2 00/12] Confidential guest-assisted live migration Dov Murik
2021-08-23 14:16 ` [RFC PATCH v2 01/12] migration: Add helpers to save confidential RAM Dov Murik
2021-08-23 14:16 ` [RFC PATCH v2 02/12] migration: Add helpers to load " Dov Murik
2021-08-23 14:16 ` [RFC PATCH v2 03/12] migration: Introduce gpa_inside_migration_helper_shared_area Dov Murik
2021-08-23 14:16 ` [RFC PATCH v2 04/12] migration: Save confidential guest RAM using migration helper Dov Murik
2021-08-23 14:16 ` [RFC PATCH v2 05/12] migration: Load " Dov Murik
2021-08-23 14:16 ` [RFC PATCH v2 06/12] migration: Skip ROM, non-RAM, and vga.vram memory region during RAM migration Dov Murik
2021-08-23 14:16 ` [RFC PATCH v2 07/12] i386/kvm: Exclude mirror vcpu in kvm_synchronize_all_tsc Dov Murik
2021-08-23 14:16 ` Dov Murik [this message]
2021-08-23 14:16 ` [RFC PATCH v2 09/12] migration: Add QMP command start-migration-handler Dov Murik
2021-08-23 14:16 ` [RFC PATCH v2 10/12] migration: Add start-migrate-incoming QMP command Dov Murik
2021-08-23 14:16 ` [RFC PATCH v2 11/12] hw/isa/lpc_ich9: Allow updating an already-running VM Dov Murik
2021-08-23 14:16 ` [RFC PATCH v2 12/12] docs: Add confidential guest live migration documentation Dov Murik
2023-09-05 9:46 ` [RFC PATCH v2 00/12] Confidential guest-assisted live migration Shameerali Kolothum Thodi via
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210823141636.65975-9-dovmurik@linux.ibm.com \
--to=dovmurik@linux.ibm.com \
--cc=ashish.kalra@amd.com \
--cc=brijesh.singh@amd.com \
--cc=dgilbert@redhat.com \
--cc=frankeh@us.ibm.com \
--cc=jejb@linux.ibm.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=srutherford@google.com \
--cc=thomas.lendacky@amd.com \
--cc=tobin@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.