From dee39e21d169edc04a97dd4b690aa583cff10aaa Mon Sep 17 00:00:00 2001 From: root Date: Wed, 21 Jan 2026 17:01:21 +0800 Subject: [PATCH] x86/tdx: integrate fatal error reporting and improve initialization --- Cargo.lock | 5 +++-- kernel/Cargo.toml | 2 +- kernel/comps/virtio/Cargo.toml | 2 +- ostd/Cargo.toml | 2 +- ostd/libs/linux-bzimage/setup/Cargo.toml | 2 +- ostd/src/arch/x86/mod.rs | 26 ++++++++++++++++++++---- tools/qemu_args.sh | 1 + 7 files changed, 30 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e238ec2fb..ded1094d8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1772,12 +1772,13 @@ checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" [[package]] name = "tdx-guest" -version = "0.2.2" +version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15fda2de9c0a2fdcc22e802af4f7f1e8f609a206f34d30986e3cd974b04911f0" +checksum = "be70e62fdd829b19d5e1e03969f125391347e4e33d1419addfe59a45b043005d" dependencies = [ "bitflags 1.3.2", "iced-x86", + "log", "raw-cpuid", "x86_64", ] diff --git a/kernel/Cargo.toml b/kernel/Cargo.toml index b92ec8c5f..9544d1d66 100644 --- a/kernel/Cargo.toml +++ b/kernel/Cargo.toml @@ -64,7 +64,7 @@ xarray.workspace = true xmas-elf.workspace = true [target.x86_64-unknown-none.dependencies] -tdx-guest = { version = "0.2.2", optional = true } +tdx-guest = { version = "0.2.4", optional = true } [target.riscv64imac-unknown-none-elf.dependencies] riscv = { version = "0.15.0", features = ["s-mode"] } diff --git a/kernel/comps/virtio/Cargo.toml b/kernel/comps/virtio/Cargo.toml index cd367f02c..dfbb3aa51 100644 --- a/kernel/comps/virtio/Cargo.toml +++ b/kernel/comps/virtio/Cargo.toml @@ -27,7 +27,7 @@ ostd.workspace = true typeflags-util.workspace = true [target.x86_64-unknown-none.dependencies] -tdx-guest = { version = "0.2.2", optional = true } +tdx-guest = { version = "0.2.4", optional = true } [features] all = ["cvm_guest"] diff --git a/ostd/Cargo.toml b/ostd/Cargo.toml index b24b3a38f..ff298dc0d 100644 --- a/ostd/Cargo.toml +++ b/ostd/Cargo.toml @@ -56,7 +56,7 @@ iced-x86 = { version = "1.21.0", default-features = false, features = [ "decoder", "gas", ], optional = true } -tdx-guest = { version = "0.2.2", optional = true } +tdx-guest = { version = "0.2.4", optional = true } unwinding = { version = "=0.2.8", default-features = false, features = ["fde-gnu-eh-frame-hdr", "hide-trace", "panic", "personality", "unwinder"] } [target.riscv64imac-unknown-none-elf.dependencies] diff --git a/ostd/libs/linux-bzimage/setup/Cargo.toml b/ostd/libs/linux-bzimage/setup/Cargo.toml index df2304de3..bacc4efa2 100644 --- a/ostd/libs/linux-bzimage/setup/Cargo.toml +++ b/ostd/libs/linux-bzimage/setup/Cargo.toml @@ -24,7 +24,7 @@ xmas-elf.workspace = true [target.x86_64-unknown-none.dependencies] uefi = { version = "0.32.0", features = ["global_allocator", "panic_handler", "logger", "qemu"]} uefi-raw = "0.8.0" -tdx-guest = { version = "0.2.2", optional = true } +tdx-guest = { version = "0.2.4", optional = true } [features] default = ["cvm_guest"] diff --git a/ostd/src/arch/x86/mod.rs b/ostd/src/arch/x86/mod.rs index 4accb2866..40e42ca10 100644 --- a/ostd/src/arch/x86/mod.rs +++ b/ostd/src/arch/x86/mod.rs @@ -22,13 +22,30 @@ pub(crate) mod tdx_guest; #[cfg(feature = "cvm_guest")] pub(crate) fn init_cvm_guest() { use ::tdx_guest::{ - disable_sept_ve, init_tdx, metadata, reduce_unnecessary_ve, + SeptVeError, disable_sept_ve, init_tdx, metadata, reduce_unnecessary_ve, tdcall::{InitError, write_td_metadata}, + tdvmcall::report_fatal_error_simple, }; match init_tdx() { Ok(td_info) => { reduce_unnecessary_ve().unwrap(); - disable_sept_ve(td_info.attributes).unwrap(); + match disable_sept_ve(td_info.attributes) { + Ok(_) => {} + Err(SeptVeError::Misconfiguration) => { + crate::early_println!( + "[kernel] Error: TD misconfiguration: \ + The SEPT_VE_DISABLE bit of the TD attributes must be set by VMM \ + when running in non-debug mode and FLEXIBLE_PENDING_VE is not enabled." + ); + report_fatal_error_simple("TD misconfiguration: SEPT #VE has to be disabled"); + } + Err(e) => { + crate::early_println!("[kernel] Error: Unexpected TDX error: {:?}", e); + report_fatal_error_simple( + "Disabling SEPT #VE failed due to unexpected TDX error", + ); + } + } // Enable notification for zero step attack detection. write_td_metadata(metadata::NOTIFY_ENABLES, 1, 1).unwrap(); @@ -39,10 +56,11 @@ pub(crate) fn init_cvm_guest() { ); } Err(InitError::TdxGetVpInfoError(td_call_error)) => { - panic!( - "[kernel] Intel TDX not initialized, Failed to get TD info: {:?}", + crate::early_println!( + "[kernel] Intel TDX not initialized, Failed to get TD info. TD call error: {:?}", td_call_error ); + report_fatal_error_simple("Intel TDX not initialized, Failed to get TD info."); } // The machine has no TDX support. Err(_) => {} diff --git a/tools/qemu_args.sh b/tools/qemu_args.sh index 28e8d63ac..7c217d4cc 100755 --- a/tools/qemu_args.sh +++ b/tools/qemu_args.sh @@ -70,6 +70,7 @@ if [ "$1" = "tdx" ]; then -device isa-debug-exit,iobase=0xf4,iosize=0x04 \ -monitor chardev:mux \ -serial chardev:mux \ + -d guest_errors \ " echo $QEMU_ARGS exit 0