From: Xiaoyao Li Date: Thu, 8 May 2025 14:59:56 +0000 (-0400) Subject: i386/cgs: Introduce x86_confidential_guest_check_features() X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dc0b08b303ad34983b43936a4c978672e0f9a9d8;p=thirdparty%2Fqemu.git i386/cgs: Introduce x86_confidential_guest_check_features() To do cgs specific feature checking. Note the feature checking in x86_cpu_filter_features() is valid for non-cgs VMs. For cgs VMs like TDX, what features can be supported has more restrictions. Signed-off-by: Xiaoyao Li Reviewed-by: Zhao Liu Link: https://lore.kernel.org/r/20250508150002.689633-51-xiaoyao.li@intel.com Signed-off-by: Paolo Bonzini --- diff --git a/target/i386/confidential-guest.h b/target/i386/confidential-guest.h index 777d43cc96..48b88dbd31 100644 --- a/target/i386/confidential-guest.h +++ b/target/i386/confidential-guest.h @@ -42,6 +42,7 @@ struct X86ConfidentialGuestClass { void (*cpu_instance_init)(X86ConfidentialGuest *cg, CPUState *cpu); uint32_t (*adjust_cpuid_features)(X86ConfidentialGuest *cg, uint32_t feature, uint32_t index, int reg, uint32_t value); + int (*check_features)(X86ConfidentialGuest *cg, CPUState *cs); }; /** @@ -91,4 +92,16 @@ static inline int x86_confidential_guest_adjust_cpuid_features(X86ConfidentialGu } } +static inline int x86_confidential_guest_check_features(X86ConfidentialGuest *cg, + CPUState *cs) +{ + X86ConfidentialGuestClass *klass = X86_CONFIDENTIAL_GUEST_GET_CLASS(cg); + + if (klass->check_features) { + return klass->check_features(cg, cs); + } + + return 0; +} + #endif diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index cd87f5502a..a6bc089d02 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -2093,6 +2093,14 @@ int kvm_arch_init_vcpu(CPUState *cs) int r; Error *local_err = NULL; + if (current_machine->cgs) { + r = x86_confidential_guest_check_features( + X86_CONFIDENTIAL_GUEST(current_machine->cgs), cs); + if (r < 0) { + return r; + } + } + memset(&cpuid_data, 0, sizeof(cpuid_data)); cpuid_i = 0;