i386/cpu: Enable SMM cpu address space under KVM

Kirill Martynov reported assertation in cpu_asidx_from_attrs() being hit when x86_cpu_dump_state() is called to dump the CPU state[*]. It happens when the CPU is in SMM and KVM emulation failure due to misbehaving guest. The root cause is that QEMU i386 never enables the SMM address space for cpu since KVM SMM support has been added. Enable the SMM cpu address space under KVM when the SMM is enabled for the x86machine. [*] https://lore.kernel.org/qemu-devel/20250523154431.506993-1-stdcalllevi@yandex-team.ru/ Reported-by: Kirill Martynov <stdcalllevi@yandex-team.ru> Reviewed-by: Zhao Liu <zhao1.liu@intel.com> Tested-by: Kirill Martynov <stdcalllevi@yandex-team.ru> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com> Link: https://lore.kernel.org/r/20250730095253.1833411-2-xiaoyao.li@intel.com Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2025-07-30 17:52:52 +08:00 · 2025-07-30 17:52:52 +08:00 · 0516f4b702
commit 0516f4b702
parent d99041a203
3 changed files with 15 additions and 5 deletions
--- a/system/physmem.c
+++ b/system/physmem.c
@ -793,9 +793,6 @@ void cpu_address_space_init(CPUState *cpu, int asidx,
        cpu->as = as;
    }

-    /* KVM cannot currently support multiple address spaces. */
-    assert(asidx == 0 || !kvm_enabled());
-
    if (!cpu->cpu_ases) {
        cpu->cpu_ases = g_new0(CPUAddressSpace, cpu->num_ases);
        cpu->cpu_ases_count = cpu->num_ases;
@ -818,8 +815,6 @@ void cpu_address_space_destroy(CPUState *cpu, int asidx)

    assert(cpu->cpu_ases);
    assert(asidx >= 0 && asidx < cpu->num_ases);
-    /* KVM cannot currently support multiple address spaces. */
-    assert(asidx == 0 || !kvm_enabled());

    cpuas = &cpu->cpu_ases[asidx];
    if (tcg_enabled()) {
--- a/target/i386/kvm/kvm-cpu.c
+++ b/target/i386/kvm/kvm-cpu.c
@ -13,6 +13,7 @@
 #include "qapi/error.h"
 #include "system/system.h"
 #include "hw/boards.h"
+#include "hw/i386/x86.h"

 #include "kvm_i386.h"
 #include "accel/accel-cpu-target.h"
@ -91,6 +92,15 @@ static bool kvm_cpu_realizefn(CPUState *cs, Error **errp)
        kvm_set_guest_phys_bits(cs);
    }

+    /*
+     * When SMM is enabled, there is 2 address spaces. Otherwise only 1.
+     *
+     * Only initialize address space 0 here, the second one for SMM is
+     * initialized at register_smram_listener() after machine init done.
+     */
+    cs->num_ases = x86_machine_is_smm_enabled(X86_MACHINE(current_machine)) ? 2 : 1;
+    cpu_address_space_init(cs, 0, "cpu-memory", cs->memory);
+
    return true;
 }

--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@ -2704,6 +2704,7 @@ static MemoryRegion smram_as_mem;

 static void register_smram_listener(Notifier *n, void *unused)
 {
+    CPUState *cpu;
    MemoryRegion *smram =
        (MemoryRegion *) object_resolve_path("/machine/smram", NULL);

@ -2728,6 +2729,10 @@ static void register_smram_listener(Notifier *n, void *unused)
    address_space_init(&smram_address_space, &smram_as_root, "KVM-SMRAM");
    kvm_memory_listener_register(kvm_state, &smram_listener,
                                 &smram_address_space, 1, "kvm-smram");
+
+    CPU_FOREACH(cpu) {
+        cpu_address_space_init(cpu, 1, "cpu-smm", &smram_as_root);
+    }
 }

 static void *kvm_msr_energy_thread(void *data)