Not needed for newer edk2 versions.
Signed-off-by: Gerd Hoffmann
Message-ID: <20240314115307.628118-3-kra...@redhat.com>
---
roms/edk2-build.config | 6 --
1 file changed, 6 deletions(-)
diff --git a/roms/edk2-build.config b/roms/edk2-build.config
index 0d367dbdb775..05cbafef70cb 100644
---
Needed to avoid stale toolchain configurations breaking firmware builds.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Gerd Hoffmann
Message-ID: <20240314115307.628118-2-kra...@redhat.com>
---
roms/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/roms/Makefile b/roms/Makefile
i
Signed-off-by: Gerd Hoffmann
Message-ID: <20240314115307.628118-5-kra...@redhat.com>
---
roms/edk2-build.config | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/roms/edk2-build.config b/roms/edk2-build.config
index ef3eb7beebe7..cc9b21154205 100644
--- a/roms/edk2-build.c
On 19/3/24 22:05, Richard Henderson wrote:
On 3/19/24 05:42, Philippe Mathieu-Daudé wrote:
Convert cpu_get_tb_cpu_state() to TCGCPUOps::get_cpu_state().
Note, now s390x_get_cpu_state() is restricted to TCG.
Signed-off-by: Philippe Mathieu-Daudé
---
target/s390x/cpu.h | 30
Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=4641
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Gerd Hoffmann
Message-ID: <20240314115307.628118-4-kra...@redhat.com>
---
roms/edk2-build.config | 1 +
1 file changed, 1 insertion(+)
diff --git a/roms/edk2-build.config b/roms/edk2
"Ho-Ren (Jack) Chuang" writes:
> The current implementation treats emulated memory devices, such as
> CXL1.1 type3 memory, as normal DRAM when they are emulated as normal memory
> (E820_TYPE_RAM). However, these emulated devices have different
> characteristics than traditional DRAM, making it im
Hi Dongwon,
On 20/3/24 04:42, dongwon@intel.com wrote:
From: Dongwon Kim
It is safer to create, initialize, and access all the parameters
in QemuDmaBuf from a central location, ui/console, instead of
hw/virtio-gpu or hw/vfio modules.
Cc: Marc-André Lureau
Cc: Vivek Kasireddy
Signed-off-
Hi Tao,
On 20/3/24 07:02, Markus Armbruster wrote:
Tao Su writes:
monitor_puts() doesn't check the monitor pointer, but do_inject_x86_mce()
may have a parameter with NULL monitor pointer. Check the monitor pointer
before calling monitor_puts().
Fixes: bf0c50d4aa85 (monitor: expose monitor_pu
On 3/19/24 21:54, Alistair Francis wrote:
On Thu, Mar 7, 2024 at 7:26 PM Atish Patra wrote:
On 3/4/24 22:47, LIU Zhiwei wrote:
On 2024/2/29 2:51, Atish Patra wrote:
Privilege mode filtering can also be emulated for cycle/instret by
tracking host_ticks/icount during each privilege mode switc
According v spec 18.4, only the vfwcvt.f.f.v and vfncvt.f.f.w
instructions will be affected by Zvfhmin extension.
And the vfwcvt.f.f.v and vfncvt.f.f.w instructions only support the
conversions of
* From 1*SEW(16/32) to 2*SEW(32/64)
* From 2*SEW(32/64) to 1*SEW(16/32)
Signed-off-by: Max Chou
---
When SEW is 16, we need to check whether the Zvfhmin is enabled for the
single width operator for vector floating point widen/narrow
instructions.
The commits in this patchset fix the single width operator checking and
remove the redudant SEW checking for vector floating point widen/narrow
instru
The require_scale_rvf function only checks the double width operator for
the vector floating point widen instructions, so most of the widen
checking functions need to add require_rvf for single width operator.
The vfwcvt.f.x.v and vfwcvt.f.xu.v instructions convert single width
integer to double w
If the checking functions check both the single and double width
operators at the same time, then the single width operator checking
functions (require_rvf[min]) will check whether the SEW is 8.
Signed-off-by: Max Chou
---
target/riscv/insn_trans/trans_rvv.c.inc | 16
1 file cha
The opfv_narrow_check needs to check the single width float operator by
require_rvf.
Signed-off-by: Max Chou
---
target/riscv/insn_trans/trans_rvv.c.inc | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/riscv/insn_trans/trans_rvv.c.inc
b/target/riscv/insn_trans/trans_rvv.c.inc
index 6c
A previous commit narrowed the type of .visit_alternate_type()
parameter @variants from QAPISchemaVariants to QAPISchemaAlternatives.
Rename it to @alternatives.
One of them passes @alternatives to helper function
gen_visit_alternate(). Rename its @variants parameter to
@alternatives as well.
Si
The previous commit narrowed the type of .visit_object_type()
parameter @variants from QAPISchemaVariants to QAPISchemaBranches.
Rename it to @branches.
Same for .visit_object_type_flat().
A few of these pass @branches to helper functions:
QAPISchemaGenRSTVisitor.visit_object_type() to ._nodes_fo
QAPISchemaVariants represents either a union type's branches, or an
alternate type's alternatives. Much of its code is conditional on
which one it actually is.
Create QAPISchemaBranches for branches, and QAPISchemaAlternatives for
alternatives, both subtypes of QAPISchemaVariants.
Replace QAPISc
A previous commit narrowed the type of
QAPISchemaAlternateType.variants from QAPISchemaVariants to
QAPISchemaAlternatives. Rename it to .alternatives.
Same for .__init__() parameter @variants.
Signed-off-by: Markus Armbruster
---
scripts/qapi/schema.py | 25 +
1 file ch
QAPISchemaVariants represents either a union type's branches, or an
alternate type's alternatives. Much of its code is conditional on
which one it actually is.
This series moves the conditional code to new subtypes
QAPISchemaBranches and QAPISchemaAlternatives.
This also lets us treat QAPISchema
A previous commit narrowed the type of QAPISchemaObjectType.variants
from QAPISchemaVariants to QAPISchemaBranches. Rename it to
.branches.
Same for .__init__() parameter @variants.
Signed-off-by: Markus Armbruster
---
scripts/qapi/commands.py | 2 +-
scripts/qapi/events.py | 2 +-
scripts
QAPISchemaVariants.check()'s code is almost entirely conditional on
union vs. alternate type.
Move the conditional code to QAPISchemaBranches.check() and
QAPISchemaAlternatives.check(), where the conditions are always
satisfied.
Attribute QAPISchemaVariants.tag_name is now only used by
QAPISchema
For union types, the tag member is known only after .check().
We used to code this in a simple way: QAPISchemaVariants attribute
.tag_member was None for union types until .check().
Since this complicated typing, recent commit "qapi/schema: fix typing
for QAPISchemaVariants.tag_member" hid it beh
On Wed, Mar 20, 2024 at 07:02:46AM +0100, Markus Armbruster wrote:
> Tao Su writes:
>
> > monitor_puts() doesn't check the monitor pointer, but do_inject_x86_mce()
> > may have a parameter with NULL monitor pointer. Check the monitor pointer
> > before calling monitor_puts().
> >
> > Fixes: bf0c5
On Wed, Mar 20, 2024 at 08:17:36AM +0100, Philippe Mathieu-Daudé wrote:
> Hi Tao,
>
> On 20/3/24 07:02, Markus Armbruster wrote:
> > Tao Su writes:
> >
> > > monitor_puts() doesn't check the monitor pointer, but do_inject_x86_mce()
> > > may have a parameter with NULL monitor pointer. Check the
Cédric Le Goater writes:
> This will be useful to report errors at a higher level, mostly in VFIO
> today.
>
> Reviewed-by: Philippe Mathieu-Daudé
> Reviewed-by: Peter Xu
> Signed-off-by: Cédric Le Goater
> ---
[...]
> diff --git a/migration/savevm.c b/migration/savevm.c
> index
> 535ad5a32
On Wed, Mar 20, 2024 at 5:21 PM Atish Patra wrote:
>
>
> On 3/19/24 21:54, Alistair Francis wrote:
>
> On Thu, Mar 7, 2024 at 7:26 PM Atish Patra wrote:
>
> On 3/4/24 22:47, LIU Zhiwei wrote:
>
> On 2024/2/29 2:51, Atish Patra wrote:
>
> Privilege mode filtering can also be emulated for cycle/ins
add Intel Query Processing Library (QPL) compression method
introduction
Signed-off-by: Yuan Liu
Reviewed-by: Nanhai Zou
---
docs/devel/migration/features.rst| 1 +
docs/devel/migration/qpl-compression.rst | 231 +++
2 files changed, 232 insertions(+)
create mode
add qpl to compression method test for multifd migration
the migration with qpl compression needs to access IAA hardware
resource, please run "check-qtest" with sudo or root permission,
otherwise migration test will fail
Signed-off-by: Yuan Liu
Reviewed-by: Nanhai Zou
---
tests/qtest/migration
the qpl initialization includes memory allocation for compressed
data and the qpl job initialization.
the qpl initialization will check whether the In-Memory Analytics
Accelerator(IAA) hardware is available, if the platform does not
have IAA hardware or the IAA hardware is not available, the QPL
c
add the Query Processing Library (QPL) compression method
Although both qpl and zlib support deflate compression, qpl will
only use the In-Memory Analytics Accelerator(IAA) for compression
and decompression, and IAA is not compatible with the Zlib in
migration, so qpl is used as a new compression
Different compression methods may require different numbers of IOVs.
Based on streaming compression of zlib and zstd, all pages will be
compressed to a data block, so two IOVs are needed for packet header
and compressed data block.
Signed-off-by: Yuan Liu
Reviewed-by: Nanhai Zou
---
migration/m
add --enable-qpl and --disable-qpl options to enable and disable
the QPL compression method for multifd migration.
the Query Processing Library (QPL) is an open-source library
that supports data compression and decompression features.
The QPL compression is based on the deflate compression algori
each qpl job is used to (de)compress a normal page and it can
be processed independently by the IAA hardware. All qpl jobs
are submitted to the hardware at once, and wait for all jobs
completion.
Signed-off-by: Yuan Liu
Reviewed-by: Nanhai Zou
---
migration/multifd-qpl.c | 229 +
monitor_puts() doesn't check the monitor pointer, but do_inject_x86_mce()
may have a parameter with NULL monitor pointer. Revert monitor_puts() in
do_inject_x86_mce() to fix, then the fact that we send the same message to
monitor and log is again more obvious.
Fixes: bf0c50d4aa85 (monitor: expose
On 3/20/24 09:02, Markus Armbruster wrote:
Cédric Le Goater writes:
This will be useful to report errors at a higher level, mostly in VFIO
today.
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Peter Xu
Signed-off-by: Cédric Le Goater
---
[...]
diff --git a/migration/savevm.c b/migrat
From: Chao Peng
Switch to KVM_SET_USER_MEMORY_REGION2 when supported by KVM.
With KVM_SET_USER_MEMORY_REGION2, QEMU can set up memory region that
backend'ed both by hva-based shared memory and guest memfd based private
memory.
Signed-off-by: Chao Peng
Co-developed-by: Xiaoyao Li
Signed-off-by
From: Xiaoyao Li
Introduce the helper functions to set the attributes of a range of
memory to private or shared.
This is necessary to notify KVM the private/shared attribute of each gpa
range. KVM needs the information to decide the GPA needs to be mapped at
hva-based shared memory or guest_memf
These patches implement SEV-SNP base support along with CPUID enforcement
support for QEMU, and are also available at:
https://github.com/amdese/qemu/commits/snp-v3-rfc
they are based on top of the following patchset from Paolo:
"[PATCH 0/7] target/i386: VM type infrastructure and KVM_SEV_IN
From: Xiaoyao Li
When memory page is converted from private to shared, the original
private memory is back'ed by guest_memfd. Introduce
ram_block_discard_guest_memfd_range() for discarding memory in
guest_memfd.
Originally-from: Isaku Yamahata
Codeveloped-by: Xiaoyao Li
Signed-off-by: Xiaoyao
From: Chao Peng
When geeting KVM_EXIT_MEMORY_FAULT exit, it indicates userspace needs to
do the memory conversion on the RAMBlock to turn the memory into desired
attribute, i.e., private/shared.
Currently only KVM_MEMORY_EXIT_FLAG_PRIVATE in flags is valid when
KVM_EXIT_MEMORY_FAULT happens.
No
TODO: squash into "kvm: handle KVM_EXIT_MEMORY_FAULT"
qemu_host_page_size has been superseded by qemu_real_host_page_size()
in newer QEMU, so update the patch accordingly.
Signed-off-by: Michael Roth
---
accel/kvm/kvm-all.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
Signed-off-by: Michael Roth
---
accel/kvm/kvm-all.c| 2 ++
accel/kvm/trace-events | 1 +
2 files changed, 3 insertions(+)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index a9c19ab9a1..9a8b365a69 100644
--- a/accel/kvm/kvm-a
From: Xiaoyao Li
KVM side leaves the memory to shared by default, while may incur the
overhead of paging conversion on the first visit of each page. Because
the expectation is that page is likely to private for the VMs that
require private memory (has guest memfd).
Explicitly set the memory to p
From: Xiaoyao Li
Introduce memory_region_init_ram_guest_memfd() to allocate private
guset memfd on the MemoryRegion initialization. It's for the use case of
TDVF, which must be private on TDX case.
Signed-off-by: Xiaoyao Li
---
Changes in v5:
- drop memory_region_set_default_private() because t
From: Isaku Yamahata
In mch_realize(), process PAM initialization before SMRAM initialization so
that later patch can skill all the SMRAM related with a single check.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
Signed-off-by: Michael Roth
---
hw/pci-host/q35.c | 19 ++
Some subsystems like VFIO might disable ram block discard for
uncoordinated cases. Since kvm_convert_memory()/guest_memfd don't
implement a RamDiscardManager handler to convey discard operations to
various listeners like VFIO. Because of this, sequences like the
following can result due to stale IO
From: Isaku Yamahata
Add a q35 property to check whether or not SMM ranges, e.g. SMRAM, TSEG,
etc... exist for the target platform. TDX doesn't support SMM and doesn't
play nice with QEMU modifying related guest memory ranges.
Signed-off-by: Isaku Yamahata
Co-developed-by: Sean Christopherson
Signed-off-by: Michael Roth
---
accel/kvm/kvm-all.c| 3 +++
accel/kvm/trace-events | 1 +
2 files changed, 4 insertions(+)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 6ae03c880f..b5872fdc07 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -3145,6 +3145,9 @@ int
TODO: Either apply this in advance of sevinit2 patches, or drop this in
favor of a separate preceeding sync of 6.8 kvm-next.
A separate standalone linux-headers sync will be used instead.
Signed-off-by: Michael Roth
---
linux-headers/asm-x86/kvm.h | 8
linux-headers/linux/kvm.h | 2 -
Currently all SEV/SEV-ES functionality is managed through a single
'sev-guest' QOM type. With upcoming support for SEV-SNP, taking this
same approach won't work well since some of the properties/state
managed by 'sev-guest' is not applicable to SEV-SNP, which will instead
rely on a new QOM type wit
From: Brijesh Singh
SEV-SNP support relies on a different set of properties/state than the
existing 'sev-guest' object. This patch introduces the 'sev-snp-guest'
object, which can be used to configure an SEV-SNP guest. For example,
a default-configured SEV-SNP guest with no additional information
Add a simple helper to check if the current guest type is SNP. Also have
SNP-enabled imply that SEV-ES is enabled as well, and fix up any places
where the sev_es_enabled() check is expecting a pure/non-SNP guest.
Signed-off-by: Michael Roth
---
target/i386/sev.c | 13 -
target/i386/s
An SNP VM requires VM type KVM_X86_SNP_VM to be passed to
kvm_ioctl(KVM_CREATE_VM). Add it to the list of supported VM types, and
return it appropriately via X86ConfidentialGuestClass->kvm_type().
Signed-off-by: Michael Roth
---
target/i386/kvm/kvm.c | 1 +
target/i386/sev.c | 10 --
Queued, thanks.
Paolo
SEV uses these notifiers to register/pin pages prior to guest use, since
they could potentially be used for private memory where page migration
is not supported. But SNP only uses guest_memfd-provided pages for
private memory, which has its own kernel-internal mechanisms for
registering/pinning mem
The machine done notify event is used for SEV guests to get the
measurement of the encrypted images. When SEV-SNP is enabled, the
measurement is part of the guest attestation process where it can be
collected without any reliance on the VMM. So skip registering the
notifier for SNP in favor of usin
SNP requires guest_memfd for private guest memory, so enable it so that
the appropriate guest_memfd backend will be available for normal RAM
regions.
Signed-off-by: Michael Roth
---
target/i386/sev.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target/i386/sev.c b/target/i386/sev.c
i
SNP does not support SMM.
Signed-off-by: Michael Roth
---
target/i386/sev.c | 8
1 file changed, 8 insertions(+)
diff --git a/target/i386/sev.c b/target/i386/sev.c
index b06c796aae..134e8f7c22 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -881,6 +881,7 @@ static int sev_kvm
SEV/SEV-ES rely on pinned memory to back guest RAM so discarding
isn't actually possible. With SNP, only guest_memfd pages are used
for private guest memory, so discarding of shared memory is still
possible, so only disable discard for SEV/SEV-ES.
Signed-off-by: Michael Roth
---
target/i386/sev.
SNP guests will rely on this bit to determine certain feature support.
Signed-off-by: Michael Roth
---
target/i386/cpu.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 33760a2ee1..3fdaac3472 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@
On 15/3/24 14:08, Philippe Mathieu-Daudé wrote:
CpuModelInfo, CpuModelExpansionType and CpuModelCompareResult
are not restricted to any particular target. Define them in
machine.json to generate them once.
Signed-off-by: Philippe Mathieu-Daudé
---
qapi/machine-target.json | 78 ---
Data structures like struct setup_data have been moved to a separate
setup_data.h header which bootparam.h relies on. Add setup_data.h to
the cp_portable() list and sync it along with the other header files.
Note that currently struct setup_data is stripped away as part of
generating bootparam.h,
Most of the current 'query-sev' command is relevant to both legacy
SEV/SEV-ES guests and SEV-SNP guests, with 2 exceptions:
- 'policy' is a 64-bit field for SEV-SNP, not 32-bit, and
the meaning of the bit positions has changed
- 'handle' is not relevant to SEV-SNP
To address this, this pa
For SEV-SNP guests, launch measurement is queried from within the guest
during attestation, so don't attempt to return it as part of
query-sev-launch-measure.
Signed-off-by: Michael Roth
---
target/i386/sev.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/target/i386/sev.
Signed-off-by: Michael Roth
---
accel/kvm/kvm-all.c | 2 +-
include/sysemu/kvm.h | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index b5872fdc07..bf0ae0c8ad 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -2913,7 +291
On 2024/03/20 16:00, Marc-André Lureau wrote:
Hi
On Wed, Mar 20, 2024 at 7:20 AM Akihiko Odaki wrote:
On 2024/03/19 17:29, Marc-André Lureau wrote:
Hi Akihiko
On Tue, Mar 19, 2024 at 7:09 AM Akihiko Odaki wrote:
ui/console has a concept of "active" console; the active console is used
whe
When running SEV-SNP guests, the kernel may forward some subset of
VMGEXIT-based guest hypercalls to userspace. One of these is for Page
State Change requests, as documented by the GHCB specification[1].
Userspace does not directly have control over the SNP RMP table to
actually satisfy these requ
SEV-SNP guests might issue MSR-based Page State Changes for situations
like early boot where it might not be easily able to make use of a GHCB
page to issue the request. Just as with GHCB-based Page State Changes,
these are forwarded to userspace as KVM_EXIT_VMGEXITs. Add handling for
these.
Signe
The GHCB specification[1] defines a VMGEXIT-based Guest Request
hypercall to allow an SNP guest to issue encrypted requests directly to
SNP firmware to do things like query the attestation report for the
guest. These are generally handled purely in the kernel.
In some some cases, it's useful for t
From: Brijesh Singh
Process any queued up launch data and encrypt/measure it into the SNP
guest instance prior to initial guest launch.
Signed-off-by: Brijesh Singh
Co-authored-by: Michael Roth
Signed-off-by: Michael Roth
---
target/i386/sev.c| 101 +++
From: Brijesh Singh
The SNP_LAUNCH_START is called first to create a cryptographic launch
context within the firmware.
Signed-off-by: Brijesh Singh
Signed-off-by: Michael Roth
---
target/i386/sev.c| 42 +++-
target/i386/trace-events | 1 +
2 files
Once KVM_SNP_LAUNCH_FINISH is called the vCPU state is copied into the
vCPU's VMSA page and measured/encrypted. Any attempt to read/write CPU
state afterward will only be acting on the initial data and so are
effectively no-ops.
Set the vCPU state to protected at this point so that QEMU don't
cont
From: Brijesh Singh
A recent version of OVMF expanded the reset vector GUID list to add
SEV-specific metadata GUID. The SEV metadata describes the reserved
memory regions such as the secrets and CPUID page used during the SEV-SNP
guest launch.
The pc_system_get_ovmf_sev_metadata_ptr() is used to
Signed-off-by: Michael Roth
---
scripts/update-linux-headers.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh
index 579b03dc82..b992ed7b15 100755
--- a/scripts/update-linux-headers.sh
+++ b/scripts/update-linu
From: Brijesh Singh
OVMF reserves various pages so they can be pre-initialized/validated
prior to launching the guest. Add support for populating these pages
with the expected content.
Signed-off-by: Brijesh Singh
Signed-off-by: Michael Roth
---
target/i386/sev.c | 75
SEV-SNP firmware allows a special guest page to be populated with a
table of guest CPUID values so that they can be validated through
firmware before being loaded into encrypted guest memory where they can
be used in place of hypervisor-provided values[1].
As part of SEV-SNP guest initialization,
From: Dov Murik
In order to enable kernel-hashes for SNP, pull it from
SevGuestProperties to its parent SevCommonProperties so
it will be available for both SEV and SNP.
Signed-off-by: Dov Murik
Signed-off-by: Michael Roth
---
qapi/qom.json | 14 +++---
target/i386/sev.c | 44
From: Dov Murik
Extract the building of the kernel hashes table out from
sev_add_kernel_loader_hashes() to allow building it in
other memory areas (for SNP support).
No functional change intended.
Signed-off-by: Dov Murik
Signed-off-by: Michael Roth
---
target/i386/sev.c | 101 ++
From: Dov Murik
Move the declaration of PaddedSevHashTable before SevSnpGuest so
we can add a new such field to the latter.
No functional change intended.
Signed-off-by: Dov Murik
Signed-off-by: Michael Roth
---
target/i386/sev.c | 56 +++
1 file c
From: Dov Murik
In SNP, the hashes page designated with a specific metadata entry
published in AmdSev OVMF.
Therefore, if the user enabled kernel hashes (for measured direct boot),
QEMU should prepare the content of hashes table, and during the
processing of the metadata entry it copy the conten
TODO: Brijesh as author, me as co-author (vice-versa depending)
drop flash handling? we only support BIOS now
Signed-off-by: Michael Roth
---
hw/i386/pc_sysfw.c| 12 +++-
hw/i386/x86.c | 2 +-
include/hw/i386/x86.h | 2 +-
target/i386/sev-sysem
On 19/03/2024 17.45, Yuan Liu wrote:
add --enable-qpl and --disable-qpl options to enable and disable
the QPL compression method for multifd migration.
the Query Processing Library (QPL) is an open-source library
that supports data compression and decompression features.
The QPL compression is
TODO: make this SNP-specific if TDX disables legacy ROMs in general
Current SNP guest kernels will attempt to access these regions with
with C-bit set, so guest_memfd is needed to handle that. Otherwise,
kvm_convert_memory() will fail when the guest kernel tries to access it
and QEMU attempts to c
TODO: - Add proper handling for non-64K-aligned BIOS images.
- Add proper handling for BIOS pflash area which should be
initially mapped as shared, resulting in unecessary
KVM_EXIT_MEMORY_FAULTs
When guest_memfd is enabled, the BIOS is generally part of the initial
encrypted
TODO: this needs to be done as part of header update to avoid temporary
build bisect breakage. Keeping it separate for reference.
It is now provided by kernel headers.
Signed-off-by: Michael Roth
---
hw/i386/x86.c | 8
1 file changed, 8 deletions(-)
diff --git a/hw/i386/x86.c b/hw/i38
Add KVM guest_memfd support to RAMBlock so both normal hva based memory
and kvm guest memfd based private memory can be associated in one RAMBlock.
Introduce new flag RAM_GUEST_MEMFD. When it's set, it calls KVM ioctl to
create private guest_memfd during RAMBlock setup.
Allocating a new RAM_GUEST
On 20/03/2024 09.55, Thomas Huth wrote:
On 19/03/2024 17.45, Yuan Liu wrote:
add --enable-qpl and --disable-qpl options to enable and disable
the QPL compression method for multifd migration.
the Query Processing Library (QPL) is an open-source library
that supports data compression and decompr
From: Xiaoyao Li
Add a new member "guest_memfd" to memory backends. When it's set
to true, it enables RAM_GUEST_MEMFD in ram_flags, thus private kvm
guest_memfd will be allocated during RAMBlock allocation.
Memory backend's @guest_memfd is wired with @require_guest_memfd
field of MachineState. I
Pull in 6.8 kvm-next + kvm-coco-queue + SNP headers.
Be careful to omit removing the following virtio_pci.h definitions which
are no longer present upstream, since QEMU still relies on them:
#define LM_LOGGING_CTRL 0
#define LM_BASE_ADDR_LOW4
#define LM_BASE_
From: Xiaoyao Li
The upper 16 bits of kvm_userspace_memory_region::slot are
address space id. Parse it separately in trace_kvm_set_user_memory().
Signed-off-by: Xiaoyao Li
Signed-off-by: Michael Roth
---
accel/kvm/kvm-all.c| 5 +++--
accel/kvm/trace-events | 2 +-
2 files changed, 4 inser
On 3/12/24 23:27, Michael S. Tsirkin wrote:
diff --git a/include/standard-headers/linux/virtio_pci.h
b/include/standard-headers/linux/virtio_pci.h
index 3e2bc2c97e..86733278ba 100644
--- a/include/standard-headers/linux/virtio_pci.h
+++ b/include/standard-headers/linux/virtio_pci.h
@@ -221,6 +22
On Wed, Mar 20, 2024 at 12:18:14PM +0800, Jason Wang wrote:
On Mon, Mar 18, 2024 at 4:27 PM Stefano Garzarella wrote:
On Mon, Mar 18, 2024 at 12:31:59PM +0800, Jason Wang wrote:
>On Fri, Mar 15, 2024 at 4:23 PM Stefano Garzarella wrote:
>>
>> On Thu, Mar 14, 2024 at 11:17:01AM +0800, Jason Wa
On 3/20/24 09:38, Michael Roth wrote:
Data structures like struct setup_data have been moved to a separate
setup_data.h header which bootparam.h relies on. Add setup_data.h to
the cp_portable() list and sync it along with the other header files.
Note that currently struct setup_data is stripped
We're not setting (s/m)tval when triggering breakpoints of type 2
(mcontrol) and 6 (mcontrol6). According to the debug spec section
5.7.12, "Match Control Type 6":
"The Privileged Spec says that breakpoint exceptions that occur on
instruction fetches, loads, or stores update the tval CSR with eith
On 3/20/24 09:39, Michael Roth wrote:
An SNP VM requires VM type KVM_X86_SNP_VM to be passed to
kvm_ioctl(KVM_CREATE_VM). Add it to the list of supported VM types, and
return it appropriately via X86ConfidentialGuestClass->kvm_type().
Signed-off-by: Michael Roth
---
target/i386/kvm/kvm.c | 1
Hi,
This is a new effort trying to enable TSX in Icelake model.
Currently Icelake-Server-v3 and above has TSX disabled but taa-no enabled.
This is a invalid config as taa-no hints TSX exist and is invulnerable.
When start L2 guest with both L1/L2 using Icelake-Server-v3 or above,
QEMU reports bel
When start L2 guest with both L1/L2 using Icelake-Server-v3 or above,
QEMU reports below warning:
"warning: host doesn't support requested feature: MSR(10AH).taa-no [bit 8]"
Reason is QEMU Icelake-Server-v3 has TSX feature disabled but enables taa-no
bit. It's meaningless that TSX isn't supported
On 20.03.24 09:39, Michael Roth wrote:
From: Xiaoyao Li
When memory page is converted from private to shared, the original
private memory is back'ed by guest_memfd. Introduce
ram_block_discard_guest_memfd_range() for discarding memory in
guest_memfd.
Originally-from: Isaku Yamahata
Codevelope
On 3/20/24 09:39, Michael Roth wrote:
SEV uses these notifiers to register/pin pages prior to guest use, since
they could potentially be used for private memory where page migration
is not supported. But SNP only uses guest_memfd-provided pages for
private memory, which has its own kernel-interna
On 3/20/24 09:39, Michael Roth wrote:
SNP requires guest_memfd for private guest memory, so enable it so that
the appropriate guest_memfd backend will be available for normal RAM
regions.
Signed-off-by: Michael Roth
---
target/i386/sev.c | 5 +
1 file changed, 5 insertions(+)
diff --git
101 - 200 of 324 matches
Mail list logo
