> -Original Message-
> From: Jamin Lin
> Sent: Thursday, February 29, 2024 3:53 PM
> To: Jamin Lin ; c...@kaod.org;
> peter.mayd...@linaro.org; and...@codeconstruct.com.au; j...@jms.id.au;
> qemu-...@nongnu.org; qemu-devel@nongnu.org
> Cc: Troy Lee ; Yunlin Tang
>
> Subject: RE: [PATCH v1
> -Original Message-
> From: Jamin Lin
> Sent: Thursday, February 29, 2024 3:43 PM
> To: c...@kaod.org; peter.mayd...@linaro.org; and...@codeconstruct.com.au;
> j...@jms.id.au; qemu-...@nongnu.org; qemu-devel@nongnu.org
> Cc: Troy Lee ; Jamin Lin
> ; Yunlin Tang
> Subject: [PATCH v1 8/8]
> On 27-Feb-2024, at 21:17, Igor Mammedov wrote:
>
> it makes smbios_validate_table() independent from
> smbios_smp_sockets global, which in turn lets
> smbios_get_tables() avoid using not related legacy code.
>
Good cleanup!
> Signed-off-by: Igor Mammedov
Reviewed-by: Ani Sinha
> ---
>
AST2700 wdt controller is similiar to AST2600's wdt, but
the AST2700 has 8 watchdogs, and they each have a 0x80 of registers.
Introduce ast2700 object class and increse the number of regs(offset) of
ast2700 model.
Signed-off-by: Troy Lee
Signed-off-by: Jamin Lin
---
hw/watchdog/wdt_aspeed.c
AST2700 SLI engine is designed to accelerate the
throughput between cross-die connections.
It have CPU_SLI at CPU die and IO_SLI at IO die.
Introduce new ast2700_sli and ast2700_sliio class
with instance_init and realize handlers.
Signed-off-by: Troy Lee
Signed-off-by: Jamin Lin
---
hw/misc/as
AST2700 have two SCU controllers which are SCU and SCUIO.
Both SCU and SCUIO registers are not compatible previous SOCs
, introduces new registers and adds ast2700 scu, sucio class init handler.
The pclk divider selection of SCUIO is defined in SCUIO280[20:18] and
the pclk divider selection of SCU
AST2700 interrupt controller(INTC) provides hardware interrupt interfaces
to interrupt of processors PSP, SSP and TSP. In INTC, each interrupt of
INT 128 to INT136 combines 32 interrupts.
Introduce a new aspeed_intc class with instance_init and realize handlers.
QEMU supports ARM Generic Interrup
AST2700 SLI engine is designed to accelerate the
throughput between cross-die connections.
It have CPU_SLI at CPU die and IO_SLI at IO die.
Introduce new ast2700_sli and ast2700_sliio class
with instance_init and realize handlers.
Signed-off-by: Troy Lee
Signed-off-by: Jamin Lin
---
hw/misc/as
Initial definitions for a simple machine using an AST2700 SOC (Cortex-a35 CPU).
AST2700 SOC and its interrupt controller are too complex to handle
in the common Aspeed SoC framework. We introduce a new ast2700
class with instance_init and realize handlers.
AST2700 is a 64 bits quad core cpus and
Changes from v1:
The patch series supports WDT, SDMC, SMC, SCU, SLI and INTC for AST2700 SoC.
Test steps:
1. Download openbmc image for AST2700 from
https://github.com/AspeedTech-BMC/openbmc/releases/tag/v09.00
https://github.com/AspeedTech-BMC/openbmc/releases/download/v09.00/
ast2700-de
The SDRAM memory controller(DRAMC) controls the access to external
DDR4 and DDR5 SDRAM and power up to DDR4 and DDR5 PHY.
The DRAM memory controller of AST2700 is not backward compatible
to previous chips such AST2600, AST2500 and AST2400.
Max memory is now 8GiB on the AST2700. Introduce new
aspe
On 29.02.24 09:32, Markus Armbruster wrote:
Cédric Le Goater writes:
The purpose is to record a potential error in the migration stream if
qemu_savevm_state_setup() fails. Most of the current .save_setup()
handlers can be modified to use the Error argument instead of managing
their own and cal
Hi Babu,
> > DEF("smp", HAS_ARG, QEMU_OPTION_smp,
> > "-smp
> > [[cpus=]n][,maxcpus=maxcpus][,drawers=drawers][,books=books][,sockets=sockets]\n"
Here the "drawers" and "books" are listed...
> > -"
> > [,dies=dies][,clusters=clusters][,cores=cores][,threads=threads]\n"
On 29/02/2024 08.03, Paz Offer wrote:
Hi,
I am trying to build my code with QEMU and getting compilation error
according to the /ISO C90 /standard:
const size_t buf_size = 31;
char buffer[buf_size + 1];
error: ISO C90 forbids array ‘buffer’ whose size can’t be evaluated
[-
On 2/29/24 11:08 AM, Alex Bennée wrote:
Pierrick Bouvier writes:
On 2/29/24 2:08 AM, Alex Bennée wrote:
Luc Michel writes:
Hi Pierrick,
My bad. Other plugins enable only inline when both are supplied, so I
missed this here.
I added an explicit error when user enable callback and inl
Pierrick Bouvier writes:
> On 2/29/24 2:08 AM, Alex Bennée wrote:
>> Luc Michel writes:
>>
>>> Hi Pierrick,
>>>
>>
>
> My bad. Other plugins enable only inline when both are supplied, so I
> missed this here.
> I added an explicit error when user enable callback and inline at the
> same time
Hi,
I am trying to build my code with QEMU and getting compilation error according
to the ISO C90 standard:
const size_t buf_size = 31;
char buffer[buf_size + 1];
error: ISO C90 forbids array ‘buffer’ whose size can’t be evaluated
[-Werror=vla]
I noticed that the code builds
Hi JeeHeng,
> > diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> > index d7cb0f1e49b4..4b5c551fe7f0 100644
> > --- a/target/i386/cpu.c
> > +++ b/target/i386/cpu.c
> > @@ -7582,6 +7582,27 @@ static void x86_cpu_realizefn(DeviceState *dev,
> > Error **errp)
> >
> > #ifndef CONFIG_USER_ONLY
>
AST2700 interrupt controller(INTC) provides hardware interrupt interfaces
to interrupt of processors PSP, SSP and TSP. In INTC, each interrupt of
INT 128 to INT136 combines 32 interrupts.
Introduce a new aspeed_intc class with instance_init and realize handlers.
QEMU supports ARM Generic Interrup
AST2700 have two SCU controllers which are SCU and SCUIO.
Both SCU and SCUIO registers are not compatible previous SOCs
, introduces new registers and adds ast2700 scu, sucio class init handler.
The pclk divider selection of SCUIO is defined in SCUIO280[20:18] and
the pclk divider selection of SCU
AST2700 SLI engine is designed to accelerate the
throughput between cross-die connections.
It have CPU_SLI at CPU die and IO_SLI at IO die.
Introduce new ast2700_sli and ast2700_sliio class
with instance_init and realize handlers.
Signed-off-by: Troy Lee
Signed-off-by: Jamin Lin
---
hw/misc/as
AST2700 fmc/spi controller's address decoding unit is 64KB
and only bits [31:16] are used for decoding. Introduce seg_to_reg
and reg_to_seg handlers for ast2700 fmc/spi controller.
In addition, adds ast2700 fmc, spi0, spi1, and spi2 class init handler.
AST2700 support the maximum dram size is 8GiB
TDX doesn't support map different GPAs to same private memory. Thus,
aliasing top 128KB of BIOS as isa-bios is not supported.
On the other hand, TDX guest cannot go to real mode, it can work fine
without isa-bios.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
Changes in v1:
- update co
For TDX, the address below 1MB are entirely general RAM. No need to
initialize pc.rom memory region for TDs.
Signed-off-by: Xiaoyao Li
---
This is more as a workaround of the issue that for q35 machine type, the
real memslot update (which requires memslot deletion )for pc.rom happens
after tdx_in
Integrate TDX's TDX_REPORT_FATAL_ERROR into QEMU GuestPanic facility
Originated-from: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
Changes in v5:
- mention additional error information in gpa when it presents;
- refine the documentation; (Markus)
Changes in v4:
- refine the documentation; (Mark
TDX only supports readonly for shared memory but not for private memory.
In the view of QEMU, it has no idea whether a memslot is used as shared
memory of private. Thus just mark kvm_readonly_mem_enabled to false to
TDX VM for simplicity.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
t
Hi JeeHeng,
> > diff --git a/hw/core/machine.c b/hw/core/machine.c
> > index 426f71770a84..cb5173927b0d 100644
> > --- a/hw/core/machine.c
> > +++ b/hw/core/machine.c
> > @@ -886,6 +886,10 @@ static void machine_get_smp(Object *obj, Visitor *v,
> > const char *name,
> > .has_cores = true
Add docs/system/i386/tdx.rst for TDX support, and add tdx in
confidential-guest-support.rst
Signed-off-by: Xiaoyao Li
---
Changes in v5:
- Add TD attestation section and update the QEMU parameter;
Changes since v1:
- Add prerequisite of private gmem;
- update example command to launch TD;
Ch
Current KVM doesn't support PMU for TD guest. It returns error if TD is
created with PMU bit being set in attributes.
Disable PMU for TD guest on QEMU side.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i
From: Isaku Yamahata
TDX requires vMMIO region to be shared. For KVM, MMIO region is the region
which kvm memslot isn't assigned to (except in-kernel emulation).
qemu has the memory region for vMMIO at each device level.
While OVMF issues MapGPA(to-shared) conservatively on 32bit PCI MMIO
regio
Validate TD attributes with tdx_caps that fixed-0 bits must be zero and
fixed-1 bits must be set.
Besides, sanity check the attribute bits that have not been supported by
QEMU yet. e.g., debug bit, it will be allowed in the future when debug
TD support lands in QEMU.
Signed-off-by: Xiaoyao Li
Ac
Introduce memory_region_init_ram_guest_memfd() to allocate private
guset memfd on the MemoryRegion initialization. It's for the use case of
TDVF, which must be private on TDX case.
Signed-off-by: Xiaoyao Li
---
Changes in v5:
- drop memory_region_set_default_private() because this function is
d
Introduce the helper functions to set the attributes of a range of
memory to private or shared.
This is necessary to notify KVM the private/shared attribute of each gpa
range. KVM needs the information to decide the GPA needs to be mapped at
hva-based shared memory or guest_memfd based private mem
From: Isaku Yamahata
Three sha384 hash values, mrconfigid, mrowner and mrownerconfig, of a TD
can be provided for TDX attestation. Detailed meaning of them can be
found:
https://lore.kernel.org/qemu-devel/31d6dbc1-f453-4cef-ab08-4813f4e0f...@intel.com/
Allow user to specify those values via pro
TD guest can use TDG.VP.VMCALL to request termination
with error message encoded in GPRs.
Parse and print the error message, and terminate the TD guest in the
handler.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 39 +++
target/i386/kvm/tdx.h | 1 +
Add a new bool member, eoi_intercept_unsupported, to X86MachineState
with default value false. Set true for TDX VM.
Inability to intercept eoi causes impossibility to emulate level
triggered interrupt to be re-injected when level is still kept active.
which affects interrupt controller emulation.
v2 -> v3
- Remove this declaration and make the function 'hexToIPAddress' as static.
- Define 'IFNAMSIZ' from kernel instead of a hardcode
- Remove 'GUEST_NETWORK_ROUTE_TYPE_LINUX'
- Set flags 'has_xxx' for checking if a field exists or has a value set
v1 -> v2
- Replace snprintf() to g_strdup_pri
Due to the fact that Intel-PT virtualization support has been broken in
QEMU since Sapphire Rapids generation[1], below warning is triggered when
luanching TD guest:
warning: host doesn't support requested feature: CPUID.07H:EBX.intel-pt [bit
25]
Before Intel-pt is fixed in QEMU, just make Int
According to Chapter "CPUID Virtualization" in TDX module spec, CPUID
bits of TD can be classified into 6 types:
1 | As configured | configurable by VMM, independent of native value;
--
From: Sean Christopherson
Move the architectural (for lack of a better term) CPUID leaf generation
to a separate helper so that the generation code can be reused by TDX,
which needs to generate a canonical VM-scoped configuration.
Signed-off-by: Sean Christopherson
Signed-off-by: Xiaoyao Li
--
The Route information of the Linux VM needs to be used
by administrators and users when debugging network problems
and troubleshooting.
Signed-off-by: Dehan Meng
---
qga/commands-posix.c | 81
qga/commands-win32.c | 6
qga/qapi-schema.json | 80
From: Isaku Yamahata
In mch_realize(), process PAM initialization before SMRAM initialization so
that later patch can skill all the SMRAM related with a single check.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
hw/pci-host/q35.c | 19 ++-
1 file changed, 10 ins
From: Isaku Yamahata
MapGPA is a hypercall to convert GPA from/to private GPA to/from shared GPA.
As the conversion function is already implemented as kvm_convert_memory,
wire it to TDX hypercall exit.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
accel/kvm/kvm-all.c | 2 +-
TDX doesn't support SMM and VMM cannot emulate SMM for TDX VMs because
VMM cannot manipulate TDX VM's memory.
Disable SMM for TDX VMs and error out if user requests to enable SMM.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/tdx.c | 8
1 file changed, 8 insert
Invoke KVM_TDX_FINALIZE_VM to finalize the TD's measurement and make
the TD vCPUs runnable once machine initialization is complete.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/tdx.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/targ
From: Isaku Yamahata
TDX VM needs to boot with its specialized firmware, Trusted Domain
Virtual Firmware (TDVF). QEMU needs to parse TDVF and map it in TD
guest memory prior to running the TDX VM.
A TDVF Metadata in TDVF image describes the structure of firmware.
QEMU refers to it to setup memor
tdx_cpuid_lookup[].tdx_fixed0/1 is QEMU maintained data which reflects
TDX restrictions regrading what bits are fixed by TDX module.
It's retrieved from TDX spec and static. However, TDX may evolve and
change some fixed fields to configurable in the future. Update
tdx_cpuid.lookup[].tdx_fixed0/1 f
KVM doesn't allow wirting to MSR_IA32_APICBASE for TDs.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/kvm.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index d23f94b77257..31aed1c9aae0 100644
--- a/target/i386/kv
Invoke KVM_TDX_INIT in kvm_arch_pre_create_vcpu() that KVM_TDX_INIT
configures global TD configurations, e.g. the canonical CPUID config,
and must be executed prior to creating vCPUs.
Use kvm_x86_arch_cpuid() to setup the CPUID settings for TDX VM.
Note, this doesn't address the fact that QEMU ma
TDX vcpu needs to be initialized by SEAMCALL(TDH.VP.INIT) and KVM
provides vcpu level IOCTL KVM_TDX_INIT_VCPU for it.
KVM_TDX_INIT_VCPU needs the address of the HOB as input. Invoke it for
each vcpu after HOB list is created.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kv
Currently, virtio_pci_queue_mem_mult function always returns 4K
when VIRTIO_PCI_FLAG_PAGE_PER_VQ is set. But this won't
work for vhost vdpa when host has page size other than 4K.
This patch introduces a new property(page-per-vdpa-vq) for vdpa
use case to fix the same.
Signed-off-by: Srujana Challa
From: Isaku Yamahata
Because vMMIO region needs to be shared region, guest TD may explicitly
convert such region from private to shared. Don't complain such
conversion.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
accel/kvm/kvm-all.c | 19 ---
1 file changed, 1
From: Isaku Yamahata
Add property "quote-generation-socket" to tdx-guest, which is a property
of type SocketAddress to specify Quote Generation Service(QGS).
On request of GetQuote, it connects to the QGS socket, read request
data from shared guest memory, send the request data to the QGS,
and s
For TDs, only MSR_IA32_UCODE_REV in kvm_init_msrs() can be configured
by VMM, while the features enumerated/controlled by other MSRs except
MSR_IA32_UCODE_REV in kvm_init_msrs() are not under control of VMM.
Only configure MSR_IA32_UCODE_REV for TDs.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoff
From: Sean Christopherson
Don't get/put state of TDX VMs since accessing/mutating guest state of
production TDs is not supported.
Note, it will be allowed for a debug TD. Corresponding support will be
introduced when debug TD support is implemented in the future.
Signed-off-by: Sean Christopher
The TD HOB list is used to pass the information from VMM to TDVF. The TD
HOB must include PHIT HOB and Resource Descriptor HOB. More details can
be found in TDVF specification and PI specification.
Build the TD HOB in TDX's machine_init_done callback.
Co-developed-by: Isaku Yamahata
Signed-off-b
From: Isaku Yamahata
TSC of TDs is not accessible and KVM doesn't allow access of
MSR_IA32_TSC for TDs. To avoid the assert() in kvm_get_tsc, make
kvm_synchronize_all_tsc() noop for TDs,
Signed-off-by: Isaku Yamahata
Reviewed-by: Connor Kuehl
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
For each TDVF sections, QEMU needs to copy the content to guest
private memory via KVM API (KVM_TDX_INIT_MEM_REGION).
Introduce a field @mem_ptr for TdxFirmwareEntry to track the memory
pointer of each TDVF sections. So that QEMU can add/copy them to guest
private memory later.
TDVF sections can
From: Isaku Yamahata
When level trigger isn't supported on x86 platform,
forcibly report edge trigger in acpi tables.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
hw/i386/acpi-build.c | 99 ---
hw/i386/acpi-commo
Legacy PIC (8259) cannot be supported for TDX VMs since TDX module
doesn't allow directly interrupt injection. Using posted interrupts
for the PIC is not a viable option as the guest BIOS/kernel will not
do EOI for PIC IRQs, i.e. will leave the vIRR bit set.
Hence disable PIC for TDX VMs and erro
TDX CPU state is protected and thus vcpu state cann't be reset by VMM.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/kvm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 2748086231d5..b1b0384b0c5c 1
Add UEFI definitions for literals, enums, structs, GUIDs, etc... that
will be used by TDX to build the UEFI Hand-Off Block (HOB) that is passed
to the Trusted Domain Virtual Firmware (TDVF).
All values come from the UEFI specification [1], PI spec [2] and TDVF
design guide[3].
[1] UEFI Specificat
From: Isaku Yamahata
TDVF firmware (CODE and VARS) needs to be copied to TD's private
memory, as well as TD HOB and TEMP memory.
If the TDVF section has TDVF_SECTION_ATTRIBUTES_MR_EXTEND set in the
flag, calling KVM_TDX_EXTEND_MEMORY to extend the measurement.
After populating the TDVF memory,
Reuse "-cpu,tsc-frequency=" to get user wanted tsc frequency and call VM
scope VM_SET_TSC_KHZ to set the tsc frequency of TD before KVM_TDX_INIT_VM.
Besides, sanity check the tsc frequency to be in the legal range and
legal granularity (required by TDX module).
Signed-off-by: Xiaoyao Li
Acked-by
From: Isaku Yamahata
For SetupEventNotifyInterrupt, record interrupt vector and the apic id
of the vcpu that received this TDVMCALL.
Later it can inject interrupt with given vector to the specific vcpu
that received SetupEventNotifyInterrupt.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoya
The RAM of TDX VM can be classified into two types:
- TDX_RAM_UNACCEPTED: default type of TDX memory, which needs to be
accepted by TDX guest before it can be used and will be all-zeros
after being accepted.
- TDX_RAM_ADDED: the RAM that is ADD'ed to TD guest before running, and
can be
LMCE is not supported TDX since KVM doesn't provide emulation for
MSR_IA32_FEAT_CTL.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm-cpu.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target/i386/kvm/kvm-cpu.c b/target/i386/kvm/kvm-cpu.c
index 9c791b7b0520..8c618869533c 100644
---
From: Isaku Yamahata
Add a q35 property to check whether or not SMM ranges, e.g. SMRAM, TSEG,
etc... exist for the target platform. TDX doesn't support SMM and doesn't
play nice with QEMU modifying related guest memory ranges.
Signed-off-by: Isaku Yamahata
Co-developed-by: Sean Christopherson
From: Chao Peng
TDVF(OVMF) needs to run at private memory for TD guest. TDX cannot
support pflash device since it doesn't support read-only private memory.
Thus load TDVF(OVMF) with -bios option for TDs.
Use memory_region_init_ram_guest_memfd() to allocate the MemoryRegion
for TDVF because it ne
For QEMU VMs, PKS is configured via CPUID_7_0_ECX_PKS and PMU is
configured by x86cpu->enable_pmu. Reuse the existing configuration
interface for TDX VMs.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/tdx.c | 13 +
1 file changed, 13 insertions(+)
diff --git
The upper 16 bits of kvm_userspace_memory_region::slot are
address space id. Parse it separately in trace_kvm_set_user_memory().
Signed-off-by: Xiaoyao Li
---
accel/kvm/kvm-all.c| 5 +++--
accel/kvm/trace-events | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/accel/kvm
KVM side leaves the memory to shared by default, while may incur the
overhead of paging conversion on the first visit of each page. Because
the expectation is that page is likely to private for the VMs that
require private memory (has guest memfd).
Explicitly set the memory to private when memory
KVM requires userspace to pass XFAM configuration via CPUID 0xD leaves.
Convert tdx_caps->xfam_fixed0/1 into corresponding
tdx_cpuid_lookup[].tdx_fixed0/1 field of CPUID 0xD leaves. Thus the
requirement can be applied naturally.
Signed-off-by: Xiaoyao Li
---
target/i386/cpu.c | 3 ---
targ
Implement TDX specific ConfidentialGuestSupportClass::kvm_init()
callback, tdx_kvm_init().
Set ms->require_guest_memfd to true to require private guest memfd
allocation for any memory backend.
More TDX specific initialization will be added later.
Signed-off-by: Xiaoyao Li
---
Changes in v5:
-
Some bits in TD attributes have corresponding CPUID feature bits. Reflect
the fixed0/1 restriction on TD attributes to their corresponding CPUID
bits in tdx_cpuid_lookup[] as well.
Signed-off-by: Xiaoyao Li
---
Changes in v4:
- reverse the meaning of tdx_caps->attr_fixed0, because value 0 of bit
Add a new member "guest_memfd" to memory backends. When it's set
to true, it enables RAM_GUEST_MEMFD in ram_flags, thus private kvm
guest_memfd will be allocated during RAMBlock allocation.
Memory backend's @guest_memfd is wired with @require_guest_memfd
field of MachineState. It avoid looking up
It will need special handling for TDX VMs all around the QEMU.
Introduce is_tdx_vm() helper to query if it's a TDX VM.
Cache tdx_guest object thus no need to cast from ms->cgs every time.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
Reviewed-by: Isaku Yamahata
---
changes in v3:
- replace
After TDVF is loaded to bios MemoryRegion, it needs parse TDVF metadata.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
hw/i386/pc_sysfw.c | 7 +++
target/i386/kvm/tdx-stub.c | 5 +
target/i386/kvm/tdx.c | 5 +
target/i386/kvm/tdx.h | 3 +++
4 files changed,
Introduce kvm_arch_pre_create_vcpu(), to perform arch-dependent
work prior to create any vcpu. This is for i386 TDX because it needs
call TDX_INIT_VM before creating any vcpu.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
Changes in v3:
- pass @errp to kvm_arch_pre_create_vcpu(); (Per Da
From: Isaku Yamahata
For TDX KVM use case, Linux guest is the most major one. It requires
sept_ve_disable set. Make it default for the main use case. For other use
case, it can be enabled/disabled via qemu command line.
Signed-off-by: Isaku Yamahata
---
target/i386/kvm/tdx.c | 2 +-
1 file
Bit 28 of TD attribute, named SEPT_VE_DISABLE. When set to 1, it disables
EPT violation conversion to #VE on guest TD access of PENDING pages.
Some guest OS (e.g., Linux TD guest) may require this bit as 1.
Otherwise refuse to boot.
Add sept-ve-disable property for tdx-guest object, for user to c
KVM provides TDX capabilities via sub command KVM_TDX_CAPABILITIES of
IOCTL(KVM_MEMORY_ENCRYPT_OP). Get the capabilities when initializing
TDX context. It will be used to validate user's setting later.
Since there is no interface reporting how many cpuid configs contains in
KVM_TDX_CAPABILITIES, Q
From: Isaku Yamahata
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
accel/kvm/kvm-all.c| 2 ++
accel/kvm/trace-events | 1 +
2 files changed, 3 insertions(+)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 87e4275932a7..fe2eb3f06902 100644
--- a/accel/kvm/kvm-all
TDX VM requires VM type KVM_X86_TDX_VM to be passed to
kvm_ioctl(KVM_CREATE_VM). Hence implement mc->kvm_type() for i386
architecture.
If tdx-guest object is specified to confidential-guest-support, like,
qemu -machine ...,confidential-guest-support=tdx0 \
-object tdx-guest,id=tdx0,...
From: Chao Peng
Switch to KVM_SET_USER_MEMORY_REGION2 when supported by KVM.
With KVM_SET_USER_MEMORY_REGION2, QEMU can set up memory region that
backend'ed both by hva-based shared memory and guest memfd based private
memory.
Signed-off-by: Chao Peng
Co-developed-by: Xiaoyao Li
Signed-off-by
From: Chao Peng
When geeting KVM_EXIT_MEMORY_FAULT exit, it indicates userspace needs to
do the memory conversion on the RAMBlock to turn the memory into desired
attribute, i.e., private/shared.
Currently only KVM_MEMORY_EXIT_FLAG_PRIVATE in flags is valid when
KVM_EXIT_MEMORY_FAULT happens.
No
Introduce tdx-guest object which inherits CONFIDENTIAL_GUEST_SUPPORT,
and will be used to create TDX VMs (TDs) by
qemu -machine ...,confidential-guest-support=tdx0 \
-object tdx-guest,id=tdx0
So far, it has no QAPI member/properety decleared and only one internal
member 'attributes'
Pull in recent TDX updates, which are not backwards compatible.
It's just to make this series runnable. It will be updated by script
scripts/update-linux-headers.sh
once TDX support is upstreamed in linux kernel
Signed-off-by: Xiaoyao Li
---
linux-headers/asm-x86/kvm.h | 86 +
When memory page is converted from private to shared, the original
private memory is back'ed by guest_memfd. Introduce
ram_block_discard_guest_memfd_range() for discarding memory in
guest_memfd.
Originally-from: Isaku Yamahata
Codeveloped-by: Xiaoyao Li
Signed-off-by: Xiaoyao Li
Reviewed-by: Da
Guest memfd support in QEMU requires corresponding KVM guest memfd APIs,
which lands in Linux from v6.8-rc1.
Signed-off-by: Xiaoyao Li
---
include/standard-headers/drm/drm_fourcc.h | 10 +-
include/standard-headers/linux/ethtool.h | 41 +++--
.../standard-headers/linux/virtio_config.h
Add KVM guest_memfd support to RAMBlock so both normal hva based memory
and kvm guest memfd based private memory can be associated in one RAMBlock.
Introduce new flag RAM_GUEST_MEMFD. When it's set, it calls KVM ioctl to
create private guest_memfd during RAMBlock setup.
Allocating a new RAM_GUEST
This v5 series matches with latest KVM v19 series:
https://lore.kernel.org/all/cover.1708933498.git.isaku.yamah...@intel.com/
This series is also available in github:
https://github.com/intel/qemu-tdx/tree/tdx-qemu-upstream-v5
It's based on one series that refacotrs cgs specific KVM functions:
ht
Cédric Le Goater writes:
> The purpose is to record a potential error in the migration stream if
> qemu_savevm_state_setup() fails. Most of the current .save_setup()
> handlers can be modified to use the Error argument instead of managing
> their own and calling locally error_report(). The follow
On Wed Feb 28, 2024 at 3:07 PM AEST, Pavel Dovgalyuk wrote:
> On 26.02.2024 10:36, Nicholas Piggin wrote:
> > On Fri Aug 18, 2023 at 2:36 PM AEST, Pavel Dovgalyuk wrote:
> >> On 14.08.2023 19:31, Nicholas Piggin wrote:
> >>> record makes an initial snapshot when the machine is created, to enable
>
Hi Sven, thanks for your series.
Yesterday, series for new API to access registers from plugins was
merged. As part of it, execlog plugin was extended to support this [1].
This conflict with the changes presented here.
Could you please rebase this series on top of master?
Thanks,
Pierrick
[1
Steven Sistare writes:
> Just a reminder, after our further discussion in the V1 thread,
> this patch is still what I propose, no updates needed.
>
> Markus, I think Peter is looking for your blessing on the new
> file name: include/migration/client-options.h.
Not my preference, but no objectio
Use the unified interface to call confidential guest related kvm_init()
and kvm_reset(), to avoid exposing pef specific functions.
remove perf.h since it is now blank..
Signed-off-by: Xiaoyao Li
---
Changes from rfc v1:
- check machine->cgs not NULL before callling
confidential_guest_kvm_ini
Hao Xiang writes:
> On Wed, Feb 28, 2024 at 1:52 AM Markus Armbruster wrote:
>>
>> Hao Xiang writes:
>>
>> > This change extends the MigrationStatus interface to track zero pages
>> > and zero bytes counter.
>> >
>> > Signed-off-by: Hao Xiang
>>
>> [...]
>>
>> > diff --git a/qapi/migration.jso
Use unified confidential_guest_kvm_init(), to avoid exposing specific
functions.
Signed-off-by: Xiaoyao Li
---
Changes from rfc v1:
- check machine->cgs not NULL before calling confidential_guest_kvm_init();
---
hw/s390x/s390-virtio-ccw.c | 5 -
target/s390x/kvm/pv.c | 8
ta
Different confidential VMs in different architectures all have the same
needs to do their specific initialization (and maybe resetting) stuffs
with KVM. Currently each of them exposes individual *_kvm_init()
functions and let machine code or kvm code to call it.
To make it more object oriented, ad
1 - 100 of 502 matches
Mail list logo
