A recent OVMF update has resulted in MMIO regions being placed at
the upper end of the physical address space. As a result, when a
Host device is passthrough'd to the Guest via VFIO, the following
mapping failures occur when VFIO tries to map the MMIO regions of
the device:
VFIO_MAP_DMA failed: Inv
On 11/13/23 08:21, Thomas Huth wrote:
On 10/11/2023 09.36, Eric Auger wrote:
Coverity complains about passing "&expected" to "run_range_inverse_array",
which dereferences null "expected". I guess the problem is that the
compare_ranges() loop dereferences 'e' without testing it. However the
loop
On 07/11/2023 10.50, Thomas Huth wrote:
On 16/10/2023 11.05, Thomas Huth wrote:
On 29/09/2023 15.45, Thomas Huth wrote:
It's a little bit weird that the files in target/i386/ which
are not in a subfolder there do not have any associated
maintainer (and thus nobody might be CC:-ed on changes to
Hello Leo,
On Mon, 13 Nov 2023 03:16, Leo Yan wrote:
vhost-user-input is in the input folder. On the other hand, the folder
'hw/virtio' maintains other virtio stubs (e.g. I2C, RNG, GPIO, etc).
This patch moves vhost-user-input into the virtio folder for better code
organization. No functiona
On 10/11/2023 09.36, Eric Auger wrote:
Coverity complains about passing "&expected" to "run_range_inverse_array",
which dereferences null "expected". I guess the problem is that the
compare_ranges() loop dereferences 'e' without testing it. However the
loop condition is based on 'ranges' which is
On 12/11/2023 02.38, Gustavo Romero wrote:
Currently the QTest API does not provide a function to allow capturing
when an IRQ line is toggled (raised then lowered). Functions like
qtest_get_irq() read the current state of the intercepted IRQ lines,
which is already low when the function is called
On 11/11/2023 18.33, Reinoud Zandijk wrote:
On Fri, Nov 10, 2023 at 10:12:38PM +0100, Reinoud Zandijk wrote:
On Thu, Nov 09, 2023 at 06:15:51PM +0100, Thomas Huth wrote:
On 09/11/2023 17.58, Daniel P. Berrangé wrote:
On Thu, Nov 09, 2023 at 04:35:56PM +0100, Philippe Mathieu-Daudé wrote:
...
On 10/11/2023 18.41, Alexandra Diupina wrote:
When calling trace_vmware_verify_rect_greater_than_bound() replace
"y" with "h" and y with h
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 02218aedb1 ("hw/display/vmware_vga: replace fprintf calls with trace
events")
Sign
On Mon, Nov 13, 2023 at 09:16:38AM +0800, Leo Yan wrote:
> This series is to refactor vhost stub vhost-user-input.
>
> Since vhost input stub requires set_config() callback for communication
> event configurations between the backend and the guest, patch 01 is a
> preparison for support set_config
On 10/11/2023 18.51, Matthew Rosato wrote:
The following set of changes are associated with issues exposed by testing
of the 'vfio: Adopt iommufd' series.
The first patch fixes an existing assumption that a vfio device will always
have a group fd (which is no longer true if cdev is used, which c
On 9/11/23 23:26, Philippe Mathieu-Daudé wrote:
>Hi Leo,
>
>First, I can't find your patch in my mailbox, so I'm replying to
>Dongxue's review.
>
>On 9/11/23 03:41, Dongxue Zhang wrote:
>> Reviewed-by: Dongxue Zhang
>>
>>
>>> On Thu, Nov 9, 2023 at 10:22 AM Leo Hou wrote:
>>>
>>> From: Leo H
>-Original Message-
>From: Nicolin Chen
>Sent: Sunday, November 12, 2023 1:47 AM
>Subject: Re: [PATCH v5 03/20] vfio/iommufd: Implement the iommufd backend
>
>On Thu, Nov 09, 2023 at 07:45:12PM +0800, Zhenzhong Duan wrote:
>
>> +static int iommufd_cdev_attach_ioas_hwpt(VFIODevice *vbase
>-Original Message-
>From: Joao Martins
>Sent: Friday, November 10, 2023 9:09 PM
>Subject: Re: [PATCH v4 28/41] vfio/iommufd: Implement the iommufd backend
>
>On 10/11/2023 03:15, Duan, Zhenzhong wrote:
>> Hi Jason, Joao,
>>
>>> -Original Message-
>>> From: Jason Gunthorpe
>>> S
>-Original Message-
>From: Cédric Le Goater
>Sent: Friday, November 10, 2023 6:53 PM
>Subject: Re: [PATCH v5 10/20] vfio/pci: Make vfio cdev pre-openable by passing
>a
>file handle
>
>On 11/9/23 12:45, Zhenzhong Duan wrote:
>> This gives management tools like libvirt a chance to open th
Hi,
This patch series is a proof-of-concept that implements new KVM features
(guest memory attributes, MBEC support, CR pinning) and defines a new
API to protect guest VMs. You can find related resources, including the
related commits here: https://github.com/heki-linux
We'll talk about this work
From: Madhavan T. Venkataraman
The Heki feature needs to do the following:
- Find kernel mappings.
- Determine the permissions associated with each mapping.
- Determine the collective permissions for a guest physical page across
all of its mappings.
This way, a guest physical page can refle
From: Madhavan T. Venkataraman
This feature can be used by a consumer to associate any arbitrary
pointer with a physical page. The feature implements a page table format
that mirrors the hardware page table. A leaf entry in the table points
to consumer data for that page.
The page table format h
Enable to only update a subset of attributes.
This is needed to be able to use the XArray for different use cases and
make sure they don't interfere (see a following commit).
Cc: Chao Peng
Cc: Kees Cook
Cc: Madhavan T. Venkataraman
Cc: Sean Christopherson
Cc: Yu Zhang
Signed-off-by: Mickaël
This enables to check if an attribute is tied to any memory page in a
range. This will be useful in a folling commit to check for
KVM_MEMORY_ATTRIBUTE_HEKI_IMMUTABLE.
Cc: Chao Peng
Cc: Kees Cook
Cc: Madhavan T. Venkataraman
Cc: Sean Christopherson
Cc: Yu Zhang
Signed-off-by: Mickaël Salaün
-
From: Madhavan T. Venkataraman
Implement a hypervisor function, kvm_protect_memory() that calls the
KVM_HC_PROTECT_MEMORY hypercall to request the KVM hypervisor to
set specified permissions on a list of guest pages.
Using the protect_memory() function, set proper EPT permissions for all
guest p
From: Madhavan T. Venkataraman
Hypervisor Enforced Kernel Integrity (Heki) is a feature that will use
the hypervisor to enhance guest virtual machine security.
Implement minimal code to introduce Heki:
- Define the config variables.
- Define a kernel command line parameter "heki" to turn the f
From: Madhavan T. Venkataraman
X86 uses a function called __text_poke() to modify executable code. This
patching function is used by many features such as KProbes and FTrace.
Update the permissions counters for the text page so that write
permissions can be temporarily established in the EPT to
From: Madhavan T. Venkataraman
When a page gets mapped, create permissions counters for it and
initialize them based on the specified permissions.
When a page gets unmapped, update the counters appropriately.
Cc: Borislav Petkov
Cc: Dave Hansen
Cc: H. Peter Anvin
Cc: Ingo Molnar
Cc: Kees Co
This adds a new CONFIG_HEKI_TEST option to run tests at boot. Because we
use some symbols not exported to modules (e.g., kernel_set_to_readonly)
this could not work as modules.
To run these tests, we need to boot the kernel with the heki_test=N boot
argument with N selecting a specific test:
1. he
Define memory attributes that can be associated with guest physical
pages in KVM. To begin with, define permissions as memory attributes
(READ, WRITE and EXECUTE), and the IMMUTABLE property. In the future,
other attributes could be defined.
Use the memory attribute feature to implement the follow
From: Madhavan T. Venkataraman
Add a new KVM_HC_PROTECT_MEMORY hypercall that enables a guest to set
EPT permissions for guest pages.
Until now, all of the guest pages (except Page Tracked pages) are given
RWX permissions in the EPT. In Heki, we want to restrict the permissions
to what is strict
The hypervisor needs to provide some functions to support Heki. These
form the Heki-Hypervisor API.
Define a heki_hypervisor structure to house the API functions. A
hypervisor that supports Heki must instantiate a heki_hypervisor
structure and pass it to the Heki common code. This allows the commo
Add an interface for user space to be notified about guests' Heki policy
and related violations.
Extend the KVM_ENABLE_CAP IOCTL with KVM_CAP_HEKI_CONFIGURE and
KVM_CAP_HEKI_DENIAL. Each one takes a bitmask as first argument that can
contains KVM_HEKI_EXIT_REASON_CR0 and KVM_HEKI_EXIT_REASON_CR4.
This changes add support for VMX_FEATURE_MODE_BASED_EPT_EXEC (named
ept_mode_based_exec in /proc/cpuinfo and MBEC elsewhere), which enables
to separate EPT execution bits for supervisor vs. user. It transforms
the semantic of VMX_EPT_EXECUTABLE_MASK from a global execution to a
kernel execution, a
From: Madhavan T. Venkataraman
When permissions are changed on an existing mapping, update the
permissions counters.
Cc: Borislav Petkov
Cc: Dave Hansen
Cc: H. Peter Anvin
Cc: Ingo Molnar
Cc: Kees Cook
Cc: Madhavan T. Venkataraman
Cc: Mickaël Salaün
Cc: Paolo Bonzini
Cc: Sean Christopher
From: Madhavan T. Venkataraman
Define a permissions counters structure that contains a counter for
read, write and execute. Each mapped guest page will be allocated a
permissions counters structure.
During kernel boot, walk the kernel address space, locate all the
mappings, create permissions co
This function is needed for kvm_mmu_page_fault() to create synthetic
page faults.
Code originally written by Mihai Donțu and Nicușor Cîțu:
https://lore.kernel.org/r/20211006173113.26445-18-ala...@bitdefender.com
Renamed fault_gla() to fault_gva() and use the new
EPT_VIOLATION_GVA_IS_VALID.
Cc: Bo
To make it useful for other use cases such as Heki, remove the private
memory optimizations.
I guess we could try to infer the applied attributes to get back these
optimizations when it makes sense, but let's keep this simple for now.
Main changes:
- Replace slots_lock with slots_arch_lock to ma
This enables guests to lock their CR0 and CR4 registers with a subset of
X86_CR0_WP, X86_CR4_SMEP, X86_CR4_SMAP, X86_CR4_UMIP, X86_CR4_FSGSBASE
and X86_CR4_CET flags.
The new KVM_HC_LOCK_CR_UPDATE hypercall takes three arguments. The
first is to identify the control register, the second is a bit
On Mon, Nov 13, 2023 at 09:16:40AM +0800, Leo Yan wrote:
> This adds basic documentation for vhost-user-input.
>
> Signed-off-by: Leo Yan
> ---
> docs/system/devices/vhost-user-input.rst | 44
> docs/system/devices/vhost-user.rst | 2 +-
> 2 files changed, 45 inse
vhost-user-input is in the input folder. On the other hand, the folder
'hw/virtio' maintains other virtio stubs (e.g. I2C, RNG, GPIO, etc).
This patch moves vhost-user-input into the virtio folder for better code
organization. No functionality change.
Signed-off-by: Leo Yan
---
hw/input/meson
This series is to refactor vhost stub vhost-user-input.
Since vhost input stub requires set_config() callback for communication
event configurations between the backend and the guest, patch 01 is a
preparison for support set_config() callback in vhost-user-base.
The patch 02 is to add documentati
This patch derives vhost-user-input from vhost-user-base class, so make
the input stub as a simpler boilerplate wrapper.
With the refactoring, vhost-user-input adds the property 'chardev', this
leads to conflict with the vhost-user-input-pci adds the same property.
To resolve the error, remove the
This adds basic documentation for vhost-user-input.
Signed-off-by: Leo Yan
---
docs/system/devices/vhost-user-input.rst | 44
docs/system/devices/vhost-user.rst | 2 +-
2 files changed, 45 insertions(+), 1 deletion(-)
create mode 100644 docs/system/devices/vhost-
The Virtio input device invokes set_config() callback for retrieving
the event configuration info, but the callback is not supported in
vhost-user-base.
This patch adds support set_config() callback in vhost-user-base.
Signed-off-by: Leo Yan
---
hw/virtio/vhost-user-base.c | 17
On Fri, 2023-11-10 at 20:42 +, Volodymyr Babchuk wrote:
> From: Oleksandr Tyshchenko
>
> This patch adds basic virtio-pci support for xen_arm machine.
Why only xen_arm? Couldn't this be a fairly generic device which can be
instantiated on x86 too, both for real and emulated Xen guests? And
r
On Fri, 2023-11-10 at 20:42 +, Volodymyr Babchuk wrote:
> From: Oleksandr Tyshchenko
>
> The PV backend running in other than Dom0 domain (non toolstack domain)
> is not allowed to destroy frontend/backend directories. The more,
> it does not need to do that at all, this is purely toolstack/x
On Sat, 2023-11-11 at 11:01 +, David Woodhouse wrote:
>
> > --- a/hw/xen/xen-operations.c
> > +++ b/hw/xen/xen-operations.c
> > @@ -300,6 +300,18 @@ static bool libxenstore_create(struct qemu_xs_handle
> > *h, xs_transaction_t t,
> > return false;
> > }
> >
> > + if (owner
On Fri, 2023-11-10 at 20:42 +, Volodymyr Babchuk wrote:
> From: Oleksandr Tyshchenko
>
> Instead of forcing the owner to domid 0, use XS_PRESERVE_OWNER to save
> the previous owner of the directory.
>
You're missing the words "... if it already exists" from that sentence.
If the directory
On 10/11/2023 15:42, Volodymyr Babchuk wrote:
Add option to preserve owner when creating an entry in Xen Store. This
may be needed in cases when Qemu is working as device model in a
domain that is Domain-0, e.g. in driver domain.
"owner" parameter for qemu_xen_xs_create() function can have speci
On 11/12/23 09:02, Max Filippov wrote:
On Sun, Nov 12, 2023 at 8:51 AM Richard Henderson
However, it does not handle the GOT register for the restorer, like we do on
ARM. That
said, I can't find any libc sources for xtensa, or at least that aren't out of
date by a
It's WIP, available at htt
On 10/11/2023 15:42, Volodymyr Babchuk wrote:
From: Oleksandr Tyshchenko
Both state (XenbusStateClosed) and online (0) are expected by
toolstack/xl devd to completely destroy the device. But "offline"
is never being set by the backend resulting in timeout during
domain destruction, garbage in X
On 10/11/2023 15:42, Volodymyr Babchuk wrote:
From: Oleksandr Tyshchenko
The PV backend running in other than Dom0 domain (non toolstack domain)
is not allowed to write frontend nodes. The more, the backend does not
need to do that at all, this is purely toolstack/xl devd business.
I do not kn
12.11.2023 20:03, Paolo Bonzini пишет:
Il sab 11 nov 2023, 03:40 Michael Tokarev mailto:m...@tls.msk.ru>> ha scritto:
Hi!
It looks like --disable-pie configure, which uses -fno-pie -no-pie flags
for the compiler, is broken: it does not not tell the *linker* about the
option, s
Il sab 11 nov 2023, 03:40 Michael Tokarev ha scritto:
> Hi!
>
> It looks like --disable-pie configure, which uses -fno-pie -no-pie flags
> for the compiler, is broken: it does not not tell the *linker* about the
> option, so the link fails (at least on debian bookworm):
>
> /usr/bin/ld: libcommon
On 11/12/23 18:05, Philippe Mathieu-Daudé wrote:
Hi Helge,
On 11/11/23 02:32, Richard Henderson wrote:
From: Helge Deller
New SEABIOS_HPPA_VERSION 11
(current master branch)
Fixes and enhancements (mostly to enable 64-bit Linux kernel):
temporary commit
What information should go here
On Sat, 11 Nov 2023 at 23:30, Paolo Bonzini wrote:
>
> The following changes since commit ad6ef0a42e314a8c6ac6c96d5f6e607a1e5644b5:
>
> Merge tag 'for-upstream' of https://repo.or.cz/qemu/kevin into staging
> (2023-11-09 08:26:01 +0800)
>
> are available in the Git repository at:
>
> https://
On 11/11/23 02:32, Richard Henderson wrote:
Reduce the number of direct checks against MMU_PHYS_IDX.
Signed-off-by: Richard Henderson
---
target/hppa/cpu.h| 1 +
target/hppa/mem_helper.c | 4 ++--
target/hppa/translate.c | 20 +++-
3 files changed, 14 insertions(
On 11/11/23 02:32, Richard Henderson wrote:
During the conversion to decodetree, the 2-bit mask was lost.
Fixes: deee69a19fd ("target/hppa: Convert memory management insns")
Signed-off-by: Richard Henderson
---
target/hppa/translate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
R
Hi Helge,
On 11/11/23 02:32, Richard Henderson wrote:
From: Helge Deller
New SEABIOS_HPPA_VERSION 11
(current master branch)
Fixes and enhancements (mostly to enable 64-bit Linux kernel):
temporary commit
What information should go here?
Signed-off-by: Helge Deller
---
pc-bios/hpp
On Sun, Nov 12, 2023 at 8:51 AM Richard Henderson
wrote:
>
> On 11/11/23 03:22, Max Filippov wrote:
> > In FDPIC signal handlers are passed around as FD pointers. Actual code
> > address and GOT pointer must be fetched from memory by the QEMU code
> > that implements kernel signal delivery functio
On 11/11/23 09:36, Cédric Le Goater wrote:
Adding Richard,
Thanks,
C.
On 11/10/23 19:41, John Platts wrote:
The patch below fixes a bug in the VSX_CVT_FP_TO_INT and VSX_CVT_FP_TO_INT2
macros in target/ppc/fpu_helper.c where a non-NaN floating point value from the
source vector is incorrectly
According to the technical reference manual Cortex A9 like Cortex A7 and Cortex
A15 has Perfomance Unit Monitor (PMU)
https://developer.arm.com/documentation/100511/0401/performance-monitoring-unit/about-the-performance-monitoring-unit
Signed-off-by: Nikita Ostrenkov
---
target/arm/tcg/cpu32.c
From: Nikita Ostrenkov
According to the technical reference manual Cortex A9 like Cortex A7 and Cortex
A15 has Perfomance Unit Monitor (PMU)
https://developer.arm.com/documentation/100511/0401/performance-monitoring-unit/about-the-performance-monitoring-unit
---
target/arm/tcg/cpu32.c | 1 +
1
On 11/11/23 03:22, Max Filippov wrote:
In FDPIC signal handlers are passed around as FD pointers. Actual code
address and GOT pointer must be fetched from memory by the QEMU code
that implements kernel signal delivery functionality. This change is
equivalent to the following kernel change:
9c2cc7
From: Nikita Ostrenkov
According to the technical reference manual Cortex A9 like Cortex A7 and Cortex
A15 has Perfomance Unit Monitor (PMU)
https://developer.arm.com/documentation/100511/0401/performance-monitoring-unit/about-the-performance-monitoring-unit
---
target/arm/tcg/cpu32.c | 1 +
1
On 11/10/23 08:25, Peter Maydell wrote:
When we are doing a FEAT_MOPS copy that must be performed backwards,
we call mte_mops_probe_rev(), passing it the address of the last byte
in the region we are probing. However, allocation_tag_mem_probe()
wants the address of the first byte to get the tag
Signed-off-by: Nikita Ostrenkov
---
hw/misc/imx7_snvs.c | 59 -
hw/misc/trace-events| 4 +--
include/hw/misc/imx7_snvs.h | 14 -
3 files changed, 67 insertions(+), 10 deletions(-)
diff --git a/hw/misc/imx7_snvs.c b/hw/misc/imx7_snvs.c
This patch allows to display feature and status bits in virtio-status.
An optional argument is introduced: show-bits. For example:
{"execute": "x-query-virtio-status",
"arguments": {"path": "/machine/peripheral-anon/device[1]/virtio-backend",
"show-bits": true}
Features and status
When a vhost-user network device is restored from an unexpected
failure, the acked_features could be used as input for the
VHOST_USER_SET_FEATURES command because QEMU internally backups
the final features as acked_features after the guest acknowledges
features during virtio-net driver initializati
The patchset "Fix the virtio features negotiation flaw" fix a
vhost-user negotiation flaw:
c9bdc449f9 vhost-user: Fix the virtio features negotiation flaw
bebcac052a vhost-user: Refactor the chr_closed_bh
937b7d96e4 vhost-user: Refactor vhost acked features saving
While the test case remain unmerg
On 12.11.2023 12:13, Paolo Bonzini wrote:
Il sab 11 nov 2023, 21:09 Volker Rümelin mailto:vr_q...@t-online.de>> ha scritto:
No, this doesn't look good. This patch again breaks the native Windows
build with MSYS2 and mingw64 cross compile probably too.
Doh, you're right of course
(ht
Il sab 11 nov 2023, 21:09 Volker Rümelin ha scritto:
> No, this doesn't look good. This patch again breaks the native Windows
> build with MSYS2 and mingw64 cross compile probably too.
>
Doh, you're right of course (
https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg05486.html). We
nee
Am 12.11.23 um 01:37 schrieb Christopher Lentocha:
> So wait, you want me to add it as another device name? Because
> it is going to be the same exact way as the 1af4 device
> just with a number change. Ok, work it is then ...
> (Sorry about not getting back sooner also)
>
> Christopher
Hi Christ
69 matches
Mail list logo
