i386/tdx: add a pre-vmfd change notifier to reset tdx state

During reset, when the VM file descriptor is changed, the TDX state needs to be re-initialized. A notifier callback is implemented to reset the old state and free memory before the new state is initialized post VM file descriptor change. Signed-off-by: Ani Sinha <anisinha@redhat.com> Link: https://lore.kernel.org/r/20260225035000.385950-19-anisinha@redhat.com Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1 month ago · 154f1bcd64
1 changed files with 31 additions and 0 deletions
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@ -405,6 +405,36 @@ static void tdx_handle_reset(Object *obj, ResetType type)
    trace_tdx_handle_reset();
 }

+/* TDX guest reset will require us to reinitialize some of tdx guest state. */
+static int set_tdx_vm_uninitialized(NotifierWithReturn *notifier,
+                                    void *data, Error** errp)
+{
+    TdxFirmware *fw = &tdx_guest->tdvf;
+
+    if (!((VmfdChangeNotifier *)data)->pre) {
+        return 0;
+    }
+
+    if (tdx_guest->initialized) {
+        tdx_guest->initialized = false;
+    }
+
+    g_free(tdx_guest->ram_entries);
+
+    /*
+     * the firmware entries will be parsed again, see
+     * x86_firmware_configure() -> tdx_parse_tdvf()
+     */
+    fw->entries = 0;
+    g_free(fw->entries);
+
+    return 0;
+}
+
+static NotifierWithReturn tdx_vmfd_change_notifier = {
+    .notify = set_tdx_vm_uninitialized,
+};
+
 /*
 * Some CPUID bits change from fixed1 to configurable bits when TDX module
 * supports TDX_FEATURES0.VE_REDUCTION. e.g., MCA/MCE/MTRR/CORE_CAPABILITY.
@ -1549,6 +1579,7 @@ static void tdx_guest_init(Object *obj)

    tdx->event_notify_vector = -1;
    tdx->event_notify_apicid = -1;
+    kvm_vmfd_add_change_notifier(&tdx_vmfd_change_notifier);
    qemu_register_resettable(obj);
 }