qemu/virtcca-add-kvm-isolation-when-get-tmi-version.patch

From c8eba92f97b68fad3f84dde2fb6fd4409738e626 Mon Sep 17 00:00:00 2001
From: lihuhua <lihuhua@huawei.com>
Date: Sat, 22 Mar 2025 12:01:26 +0800
Subject: [PATCH] virtcca: add kvm isolation when get tmi version.

---
 hw/arm/boot.c                 | 7 ++++++-
 hw/arm/virt.c                 | 6 +++++-
 linux-headers/asm-arm64/kvm.h | 2 --
 linux-headers/linux/kvm.h     | 1 +
 4 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index a3e0dbb68c..9a33601d35 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -1163,7 +1163,12 @@ static void arm_setup_confidential_firmware_boot(ARMCPU *cpu,
                                                  const char *firmware_filename)
 {
     uint64_t tmi_version = 0;
-    if (kvm_ioctl(kvm_state, KVM_GET_TMI_VERSION, &tmi_version) < 0) {
+    int ret = -1;
+
+    if (kvm_enabled()) {
+        ret = kvm_ioctl(kvm_state, KVM_GET_TMI_VERSION, &tmi_version);
+    }
+    if (ret < 0) {
         error_report("please check the kernel version!");
         exit(EXIT_FAILURE);
     }
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 3c31d3667e..fed2f8c4d7 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -2057,7 +2057,11 @@ static void virt_set_memmap(VirtMachineState *vms, int pa_bits)
             vms->memmap[VIRT_PCIE_MMIO] = (MemMapEntry) { 0x10000000, 0x2edf0000 };
             vms->memmap[VIRT_KAE_DEVICE] = (MemMapEntry) { 0x3edf0000, 0x00200000 };
             uint64_t tmi_version = 0;
-            if (kvm_ioctl(kvm_state, KVM_GET_TMI_VERSION, &tmi_version) < 0) {
+            int ret = -1;
+            if (kvm_enabled()) {
+                ret = kvm_ioctl(kvm_state, KVM_GET_TMI_VERSION,  &tmi_version);
+            }
+            if (ret < 0) {
                 warn_report("can not get tmi version");
             }
             if (tmi_version < MIN_TMI_VERSION_FOR_UEFI_BOOTED_CVM) {
diff --git a/linux-headers/asm-arm64/kvm.h b/linux-headers/asm-arm64/kvm.h
index d69a71cbec..552fdcb18f 100644
--- a/linux-headers/asm-arm64/kvm.h
+++ b/linux-headers/asm-arm64/kvm.h
@@ -597,6 +597,4 @@ struct kvm_cap_arm_tmm_populate_region_args {
 
 #endif
 
-#define MIN_TMI_VERSION_FOR_UEFI_BOOTED_CVM  0x20001
-
 #endif /* __ARM_KVM_H__ */
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index c9ec7f862a..b94c5fd90f 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -2430,5 +2430,6 @@ struct kvm_s390_zpci_op {
 
 /* get tmi version */
 #define KVM_GET_TMI_VERSION	_IOR(KVMIO, 0xd2, uint64_t)
+#define MIN_TMI_VERSION_FOR_UEFI_BOOTED_CVM  0x20001
 
 #endif /* __LINUX_KVM_H */
-- 
2.41.0.windows.1
QEMU update to version 8.2.0-30: - Revert "linux-user: Print tid not pid with strace" - gpex-acpi: Remove duplicate DSM #5 - smmuv3: Use default bus for arm-smmuv3-accel - smmuv3: Change arm-smmuv3-nested name to arm-smmuv3-accel - smmu-common: Return sysmem address space only for vfio-pci - smmuv3: realize get_pasid_cap and set ssidsize with pasid - vfio: Synthesize vPASID capability to VM - backend/iommufd: Report PASID capability - pci: Get pasid capability from vIOMMU - smmuv3: Add support for page fault handling - kvm: Translate MSI doorbell address only if it is valid - hw/arm/smmuv3: Enable sva/stall IDR features - iommufd.h: Updated to openeuler olk-6.6 kernel - tests/data/acpi/virt: Update IORT acpi table - hw/arm/virt-acpi-build: Add IORT RMR regions to handle MSI nested binding - tests/qtest: Allow IORT acpi table to change - hw/arm/virt-acpi-build: Build IORT with multiple SMMU nodes - hw/arm/smmuv3: Associate a pci bus with a SMMUv3 Nested device - hw/arm/smmuv3: Add initial support for SMMUv3 Nested device - hw/arm/virt: Add an SMMU_IO_LEN macro - hw/pci-host/gpex: [needs kernel fix] Allow to generate preserve boot config DSM #5 - tests/data/acpi: Update DSDT acpi tables - acpi/gpex: Fix PCI Express Slot Information function 0 returned value - tests/qtest: Allow DSDT acpi tables to change - hw/arm/smmuv3: Forward cache invalidate commands via iommufd - hw/arm/smmu-common: Replace smmu_iommu_mr with smmu_find_sdev - hw/arm/smmuv3: Add missing STE invalidation - hw/arm/smmuv3: Add smmu_dev_install_nested_ste() for CFGI_STE - hw/arm/smmuv3: Check idr registers for STE_S1CDMAX and STE_S1STALLD - hw/arm/smmuv3: Read host SMMU device info - hw/arm/smmuv3: Ignore IOMMU_NOTIFIER_MAP for nested-smmuv3 - hw/arm/smmu-common: Return sysmem if stage-1 is bypassed - hw/arm/smmu-common: Add iommufd helpers - hw/arm/smmu-common: Add set/unset_iommu_device callback - hw/arm/smmu-common: Extract smmu_get_sbus and smmu_get_sdev helpers - hw/arm/smmu-common: Bypass emulated IOTLB for a nested SMMU - hw/arm/smmu-common: Add a nested flag to SMMUState - backends/iommufd: Introduce iommufd_viommu_invalidate_cache - backends/iommufd: Introduce iommufd_vdev_alloc - backends/iommufd: Introduce iommufd_backend_alloc_viommu - vfio/iommufd: Implement [at\|de]tach_hwpt handlers - vfio/iommufd: Implement HostIOMMUDeviceClass::realize_late() handler - HostIOMMUDevice: Introduce realize_late callback - vfio/iommufd: Add properties and handlers to TYPE_HOST_IOMMU_DEVICE_IOMMUFD - backends/iommufd: Add helpers for invalidating user-managed HWPT - Update iommufd.h header for vSVA - vfio/common: Allow disabling device dirty page tracking - vfio/migration: Don't block migration device dirty tracking is unsupported - vfio/iommufd: Implement VFIOIOMMUClass::query_dirty_bitmap support - vfio/iommufd: Implement VFIOIOMMUClass::set_dirty_tracking support - vfio/iommufd: Probe and request hwpt dirty tracking capability - vfio/{iommufd, container}: Invoke HostIOMMUDevice::realize() during attach_device() - vfio/iommufd: Add hw_caps field to HostIOMMUDeviceCaps - vfio/{iommufd,container}: Remove caps::aw_bits - HostIOMMUDevice: Store the VFIO/VDPA agent - vfio/iommufd: Introduce auto domain creation - vfio/ccw: Don't initialize HOST_IOMMU_DEVICE with mdev - vfio/ap: Don't initialize HOST_IOMMU_DEVICE with mdev - vfio/iommufd: Return errno in iommufd_cdev_attach_ioas_hwpt() - backends/iommufd: Extend iommufd_backend_get_device_info() to fetch HW capabilities - vfio/iommufd: Don't initialize nor set a HOST_IOMMU_DEVICE with mdev - vfio/pci: Extract mdev check into an helper - intel_iommu: Check compatibility with host IOMMU capabilities - intel_iommu: Implement [set\|unset]_iommu_device() callbacks - intel_iommu: Extract out vtd_cap_init() to initialize cap/ecap - vfio/pci: Pass HostIOMMUDevice to vIOMMU - hw/pci: Introduce pci_device_[set\|unset]_iommu_device() - hw/pci: Introduce helper function pci_device_get_iommu_bus_devfn() - vfio: Create host IOMMU device instance - backends/iommufd: Implement HostIOMMUDeviceClass::get_cap() handler - vfio/container: Implement HostIOMMUDeviceClass::get_cap() handler - vfio/iommufd: Implement HostIOMMUDeviceClass::realize() handler - backends/iommufd: Introduce helper function iommufd_backend_get_device_info() - vfio/container: Implement HostIOMMUDeviceClass::realize() handler - range: Introduce range_get_last_bit() - backends/iommufd: Introduce TYPE_HOST_IOMMU_DEVICE_IOMMUFD[_VFIO] devices - vfio/container: Introduce TYPE_HOST_IOMMU_DEVICE_LEGACY_VFIO device - backends/host_iommu_device: Introduce HostIOMMUDeviceCaps - backends: Introduce HostIOMMUDevice abstract - vfio/iommufd: Remove CONFIG_IOMMUFD usage - vfio/spapr: Extend VFIOIOMMUOps with a release handler - vfio/spapr: Only compile sPAPR IOMMU support when needed - vfio/iommufd: Introduce a VFIOIOMMU iommufd QOM interface - vfio/spapr: Introduce a sPAPR VFIOIOMMU QOM interface - vfio/container: Intoduce a new VFIOIOMMUClass::setup handler - vfio/container: Introduce a VFIOIOMMU legacy QOM interface - vfio/container: Introduce a VFIOIOMMU QOM interface - vfio/container: Initialize VFIOIOMMUOps under vfio_init_container() - vfio/container: Introduce vfio_legacy_setup() for further cleanups - docs/devel: Add VFIO iommufd backend documentation - vfio: Introduce a helper function to initialize VFIODevice - vfio/ccw: Move VFIODevice initializations in vfio_ccw_instance_init - vfio/ap: Move VFIODevice initializations in vfio_ap_instance_init - vfio/platform: Move VFIODevice initializations in vfio_platform_instance_init - vfio/pci: Move VFIODevice initializations in vfio_instance_init - hw/i386: Activate IOMMUFD for q35 machines - kconfig: Activate IOMMUFD for s390x machines - hw/arm: Activate IOMMUFD for virt machines - vfio: Make VFIOContainerBase poiner parameter const in VFIOIOMMUOps callbacks - vfio/ccw: Make vfio cdev pre-openable by passing a file handle - vfio/ccw: Allow the selection of a given iommu backend - vfio/ap: Make vfio cdev pre-openable by passing a file handle - vfio/ap: Allow the selection of a given iommu backend - vfio/platform: Make vfio cdev pre-openable by passing a file handle - vfio/platform: Allow the selection of a given iommu backend - vfio/pci: Make vfio cdev pre-openable by passing a file handle - vfio/pci: Allow the selection of a given iommu backend - vfio/iommufd: Enable pci hot reset through iommufd cdev interface - vfio/pci: Introduce a vfio pci hot reset interface - vfio/pci: Extract out a helper vfio_pci_get_pci_hot_reset_info - vfio/iommufd: Add support for iova_ranges and pgsizes - vfio/iommufd: Relax assert check for iommufd backend - vfio/iommufd: Implement the iommufd backend - vfio/common: return early if space isn't empty - util/char_dev: Add open_cdev() - backends/iommufd: Introduce the iommufd object - vfio/spapr: Move hostwin_list into spapr container - vfio/spapr: Move prereg_listener into spapr container - vfio/spapr: switch to spapr IOMMU BE add/del_section_window - vfio/spapr: Introduce spapr backend and target interface - vfio/container: Implement attach/detach_device - vfio/container: Move iova_ranges to base container - vfio/container: Move dirty_pgsizes and max_dirty_bitmap_size to base container - vfio/container: Move listener to base container - vfio/container: Move vrdl_list to base container - vfio/container: Move pgsizes and dma_max_mappings to base container - vfio/container: Convert functions to base container - vfio/container: Move per container device list in base container - vfio/container: Switch to IOMMU BE set_dirty_page_tracking/query_dirty_bitmap API - vfio/container: Move space field to base container - vfio/common: Move giommu_list in base container - vfio/common: Introduce vfio_container_init/destroy helper - vfio/container: Switch to dma_map\|unmap API - vfio/container: Introduce a empty VFIOIOMMUOps - vfio: Introduce base object for VFIOContainer and targeted interface - cryptodev: Fix error handling in cryptodev_lkcf_execute_task() - hw/xen: Fix xen_bus_realize() error handling - hw/misc/aspeed_hace: Fix buffer overflow in has_padding function - target/s390x: Fix a typo in s390_cpu_class_init() - hw/sd/sdhci: free irq on exit - hw/ufs: free irq on exit - hw/pci-host/designware: Fix ATU_UPPER_TARGET register access - target/i386: Make invtsc migratable when user sets tsc-khz explicitly - target/i386: Construct CPUID 2 as stateful iff times > 1 - target/i386: Enable fdp-excptn-only and zero-fcs-fds - target/i386: Don't construct a all-zero entry for CPUID[0xD 0x3f] - i386/cpuid: Remove subleaf constraint on CPUID leaf 1F - target/i386: pass X86CPU to x86_cpu_get_supported_feature_word - target/i386: Raise the highest index value used for any VMCS encoding - target/i386: Add VMX control bits for nested FRED support - target/i386: Delete duplicated macro definition CR4_FRED_MASK - target/i386: Add get/set/migrate support for FRED MSRs - target/i386: enumerate VMX nested-exception support - vmxcap: add support for VMX FRED controls - target/i386: mark CR4.FRED not reserved - target/i386: add support for FRED in CPUID enumeration - target/i386: fix feature dependency for WAITPKG - target/i386: Add more features enumerated by CPUID.7.2.EDX - net: fix build when libbpf is disabled, but libxdp is enabled - hw/nvme: fix invalid endian conversion - hw/nvme: fix invalid check on mcl - backends/cryptodev: Do not ignore throttle/backends Errors - backends/cryptodev: Do not abort for invalid session ID - virtcca: add kvm isolation when get tmi version. - qga: Don't daemonize before channel is initialized - qga: Add log to guest-fsfreeze-thaw command - backends: VirtCCA: cvm_gpa_start supports both 1GB and 3GB - BUGFIX: Enforce isolation for virtcca_shared_hugepage - arm: VirtCCA: qemu CoDA support UEFI boot - arm: VirtCCA: Compatibility with older versions of TMM and the kernel - arm: VirtCCA: qemu uefi boot support kae - arm: VirtCCA: CVM support UEFI boot Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> (cherry picked from commit 85fd7a435d8203dde56fedc4c8f500e41faf132c) 2025-04-22 14:34:58 +08:00			`From c8eba92f97b68fad3f84dde2fb6fd4409738e626 Mon Sep 17 00:00:00 2001`
			`From: lihuhua <lihuhua@huawei.com>`
			`Date: Sat, 22 Mar 2025 12:01:26 +0800`
			`Subject: [PATCH] virtcca: add kvm isolation when get tmi version.`

			`---`
			`hw/arm/boot.c \| 7 ++++++-`
			`hw/arm/virt.c \| 6 +++++-`
			`linux-headers/asm-arm64/kvm.h \| 2 --`
			`linux-headers/linux/kvm.h \| 1 +`
			`4 files changed, 12 insertions(+), 4 deletions(-)`

			`diff --git a/hw/arm/boot.c b/hw/arm/boot.c`
			`index a3e0dbb68c..9a33601d35 100644`
			`--- a/hw/arm/boot.c`
			`+++ b/hw/arm/boot.c`
			`@@ -1163,7 +1163,12 @@ static void arm_setup_confidential_firmware_boot(ARMCPU *cpu,`
			`const char *firmware_filename)`
			`{`
			`uint64_t tmi_version = 0;`
			`- if (kvm_ioctl(kvm_state, KVM_GET_TMI_VERSION, &tmi_version) < 0) {`
			`+ int ret = -1;`
			`+`
			`+ if (kvm_enabled()) {`
			`+ ret = kvm_ioctl(kvm_state, KVM_GET_TMI_VERSION, &tmi_version);`
			`+ }`
			`+ if (ret < 0) {`
			`error_report("please check the kernel version!");`
			`exit(EXIT_FAILURE);`
			`}`
			`diff --git a/hw/arm/virt.c b/hw/arm/virt.c`
			`index 3c31d3667e..fed2f8c4d7 100644`
			`--- a/hw/arm/virt.c`
			`+++ b/hw/arm/virt.c`
			`@@ -2057,7 +2057,11 @@ static void virt_set_memmap(VirtMachineState *vms, int pa_bits)`
			`vms->memmap[VIRT_PCIE_MMIO] = (MemMapEntry) { 0x10000000, 0x2edf0000 };`
			`vms->memmap[VIRT_KAE_DEVICE] = (MemMapEntry) { 0x3edf0000, 0x00200000 };`
			`uint64_t tmi_version = 0;`
			`- if (kvm_ioctl(kvm_state, KVM_GET_TMI_VERSION, &tmi_version) < 0) {`
			`+ int ret = -1;`
			`+ if (kvm_enabled()) {`
			`+ ret = kvm_ioctl(kvm_state, KVM_GET_TMI_VERSION, &tmi_version);`
			`+ }`
			`+ if (ret < 0) {`
			`warn_report("can not get tmi version");`
			`}`
			`if (tmi_version < MIN_TMI_VERSION_FOR_UEFI_BOOTED_CVM) {`
			`diff --git a/linux-headers/asm-arm64/kvm.h b/linux-headers/asm-arm64/kvm.h`
			`index d69a71cbec..552fdcb18f 100644`
			`--- a/linux-headers/asm-arm64/kvm.h`
			`+++ b/linux-headers/asm-arm64/kvm.h`
			`@@ -597,6 +597,4 @@ struct kvm_cap_arm_tmm_populate_region_args {`

			`#endif`

			`-#define MIN_TMI_VERSION_FOR_UEFI_BOOTED_CVM 0x20001`
			`-`
			`#endif /* __ARM_KVM_H__ */`
			`diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h`
			`index c9ec7f862a..b94c5fd90f 100644`
			`--- a/linux-headers/linux/kvm.h`
			`+++ b/linux-headers/linux/kvm.h`
			`@@ -2430,5 +2430,6 @@ struct kvm_s390_zpci_op {`

			`/* get tmi version */`
			`#define KVM_GET_TMI_VERSION _IOR(KVMIO, 0xd2, uint64_t)`
			`+#define MIN_TMI_VERSION_FOR_UEFI_BOOTED_CVM 0x20001`

			`#endif /* __LINUX_KVM_H */`
			`--`
			`2.41.0.windows.1`