These 2 states are used to manage the session's lifecycle,
to make sure no resource leakage for disconnecting.
Signed-off-by: Yao Yuan <yuan.yao@intel.com>
STREAM socket uses separated socket fd for each
connection, unlike unix datagram socket which
can relies only one socket fd for multi clients.
Signed-off-by: Yao Yuan <yuan.yao@intel.com>
Do preparation for accepting the new client, thus server
side is ready for new accepted client's incoming data
transfer.
Signed-off-by: Yao Yuan <yuan.yao@intel.com>
This new trans_protocol is used for client to pass its role
and session ID (vTPM instance id) to server side, thus
server side can prepare for later data transfer.
Signed-off-by: Yao Yuan <yuan.yao@intel.com>
Client and server now moves to use new helper function
for initialize base object, replace original tdx_vtpm_init_base()
with new one.
Signed-off-by: Yuan Yao <yuan.yao@intel.com>
The socket Server listening on can accept client now, but
disconnect client immediately when new data is received due
to there's more necessary changes pending.
Signed-off-by: Yao Yuan <yuan.yao@intel.com>
TDX_VTPM_TRANS_PROTOCOL_MAX_LEN is eliminated
due to SocketRecvBuffer has no limitation on
completed package size.
Signed-off-by: Yao Yuan <yuan.yao@intel.com>
This is common helper functions to support message boundary
for STREAM socket communication, it also works for
DGRAM socket.
Signed-off-by: Yao Yuan <yuan.yao@intel.com>
Sort the data received from VTPM clients be treated
in FIFO mode meanwhile keep using hash table for case
of WaitForRequest with non-null user id.
Signed-off-by: Yao Yuan <yuan.yao@intel.com>
The vTPM instance lifecycle is not related to TD guest
lifecycle, it's longer than TD guest's lifecycle:
|------------- vTPM instance lifecycle -----------|
|--guest lifecycle--| |--guest lifecycle--|
guest up guest down guest up guest down
The QMP protocol is used for Orchestrator (e.g. libvrt) to
create vTPM instance before the TD guest is deploied to
cloud, or destroy the vTPM instance after the TD guest is
deleted from cloud.
Signed-off-by: Yao Yuan <yuan.yao@intel.com>
The session in server side will been re-created
if reportstatus' operation is TDX_VTPM_OPERATION_CREATE
and the session is existed already.
Signed-off-by: Yao Yuan <yuan.yao@intel.com>
Each client connects to the server is abstracted to one
"Session". Each client has separate data cache to store the
data received from client which have not been handled by the
server.
The separated data cache allows keeping received client's
message even the session is "disconnected".
Signed-off-by: Yao Yuan <yuan.yao@intel.com>
A simply protocol "TRANS_PROTOCOL" is introduced
for data transfering between vTPM client and server,
the main reason to introduce this to pass vTPM ID
from client side to server side.
To simply the implementation the vTPM ID is carried
every time even it's only necessary for 1st time
communicats with the server side, the vTPM
client/server communication frequency is not high.
Signed-off-by: Yao Yuan <yuan.yao@intel.com>
Register the vTPM client/server vmcall service GUID,
setup basic communication via UNIX datagram socket.
Linux abstract namespace is used for generating the
file path & name for UNIX datagram socket.
Signed-off-by: Yao Yuan <yuan.yao@intel.com>
New parameters will be used for vTPM vmcall service
initialization
userid: the id of vTPM instance, 2 types allowed:
1. GUID in "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" format
2. plain text <= 16 characters
path: the communication endpoint accepts by QEMU:
e.g "unix:/tmp/abc.sock"
type: the type of vTPM, 2 strings:
"client": indicates it's vTPM client
"server": indicates it's vTPM server
Signed-off-by: Yao Yuan <yuan.yao@intel.com>
Below TDCALL.VMCALL<Service> features are supported:
1. blocking/non-blocking type service call.
2. Event interrupt notify to service caller.
3. timeout for blocking/non-blocking service call,
Each service call request is abstracted to
"TdxVmcallServiceItem", the service implementation
can get use provided API to get cmd/rsp buffer,
set response state and complete the request easily,
without care low level details of the service call.
Also privodes APIs for vmcall service implementation
register, decoups these basic supporting from different
vmcall service implementations.
Signed-off-by: Yao Yuan <yuan.yao@intel.com>
Support to get remote address from recvmsg(), this allows send
data to multi-clients for connectionless Unix datagram socket.
Signed-off-by: Yao Yuan <yuan.yao@intel.com>
High level component like IOChannelSocket can reuse this function
to do UnixSocketAddress to sockaddr_un conversion without duplicated
code.
Signed-off-by: Yao Yuan <yuan.yao@intel.com>
Default cgs_bmap to shared, i.e. 0 means shared page and 1 means private
pages. This is to align to the KVM side design. So for the destination,
during the bulk stage, update the cgs_bmap for private pages.
Signed-off-by: Wei Wang <wei.w.wang@intel.com>
Some state needs to be saved/loaded. Especially get quote inflight
requests. On destination, resend the request.
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Once the hypervisor exits to userspace to convert the page from private
to shared ro vice versa, notify the state change via memory listener so
that other components (e.g. VFIO) can be notified.
Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
UPM (Unmapping guest Private Memory) introduces a new kind of ram memory
region which contains a restricted_fd in its corresponding ramblock. For
such kind of region, it has the concept of memory attribute, i.e. private
memory and shared memory.
When the memory attribute is converted, some operations are necessary in
other components, e.g. in VFIO, the DMA mapping needs to be adjusted.
Introduce a new memory region listener for the attribute conversion so
that other components can register its own manipulation.
Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
Don't call timer_del() when timer isn't initialized. When error happens
in tdx_handle_get_quote_connected(), the function calls
tdx_getquote_task_cleanup() without initializing tdx_get_quote_task::timer.
As a result tdx_getquote_task_cleanup() calls timer_del() for uninitialized
struct QEMUTimer for segv.
Keep track of the timer variable initialized or not, don't call
timer_del() when timer is uninitialized.
Fixes: e971e95e9e ("i386/tdx: setup a timer for the qio channel")
Reported-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Cc: Chenyi Qiang <chenyi.qiang@intel.com>
The commit of clean up compat machines (d08a7504) unset
alias and is_default only once, but default values are
all true, qemu will fail in multiple default machines.
this patch keep default machine to 7.2 and unset other
machine's alias and is_default.
Signed-off-by: Xiaocheng Dong <xiaocheng.dong@intel.com>
Some emulated register states need to be migrated, so return in advance
from kvm_arch_put_registers only for debuggable TD.
Signed-off-by: Wei Wang <wei.w.wang@intel.com>
This reverts commit 67f7e426e5.
Additionally to the automatic revert, I went over the code
and dropped all mentions of legacy_no_rng_seed manually,
effectively reverting a combination of 2 additional commits:
commit ffe2d2382e
Author: Jason A. Donenfeld <Jason@zx2c4.com>
Date: Wed Sep 21 11:31:34 2022 +0200
x86: re-enable rng seeding via SetupData
commit 3824e25db1
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed Aug 17 10:39:40 2022 +0200
x86: disable rng seeding via setup_data
Fixes: 67f7e426e5 ("hw/i386: pass RNG seed via setup_data entry")
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
