Re: [PATCH v7 3/3] hw/nvme: Add SPDM over DOE support
On Fri, 2024-06-14 at 11:28 +1000, Alistair Francis wrote: > From: Wilfred Mallawa > > Setup Data Object Exchance (DOE) as an extended capability for the > NVME small typo here 邏️ [s/Setup Data Object Exchance/Setup Data Object Exchange] Wilfred > controller and connect SPDM to it (CMA) to it. > > Signed-off-by: Wilfred Mallawa > Signed-off-by: Alistair Francis > Reviewed-by: Jonathan Cameron > Acked-by: Klaus Jensen > --- > docs/specs/index.rst | 1 + > docs/specs/spdm.rst | 134 > > include/hw/pci/pci_device.h | 7 ++ > include/hw/pci/pcie_doe.h | 3 + > hw/nvme/ctrl.c | 60 > 5 files changed, 205 insertions(+) > create mode 100644 docs/specs/spdm.rst > > diff --git a/docs/specs/index.rst b/docs/specs/index.rst > index 1484e3e760..e2d907959a 100644 > --- a/docs/specs/index.rst > +++ b/docs/specs/index.rst > @@ -29,6 +29,7 @@ guest hardware that is specific to QEMU. > edu > ivshmem-spec > pvpanic > + spdm > standard-vga > virt-ctlr > vmcoreinfo > diff --git a/docs/specs/spdm.rst b/docs/specs/spdm.rst > new file mode 100644 > index 00..f7de080ff0 > --- /dev/null > +++ b/docs/specs/spdm.rst > @@ -0,0 +1,134 @@ > +== > +QEMU Security Protocols and Data Models (SPDM) Support > +== > + > +SPDM enables authentication, attestation and key exchange to assist > in > +providing infrastructure security enablement. It's a standard > published > +by the `DMTF`_. > + > +QEMU supports connecting to a SPDM responder implementation. This > allows an > +external application to emulate the SPDM responder logic for an SPDM > device. > + > +Setting up a SPDM server > + > + > +When using QEMU with SPDM devices QEMU will connect to a server > which > +implements the SPDM functionality. > + > +SPDM-Utils > +-- > + > +You can use `SPDM Utils`_ to emulate a responder. This is the > simplest method. > + > +SPDM-Utils is a Linux applications to manage, test and develop > devices > +supporting DMTF Security Protocol and Data Model (SPDM). It is > written in Rust > +and utilises libspdm. > + > +To use SPDM-Utils you will need to do the following steps. Details > are included > +in the SPDM-Utils README. > + > + 1. `Build libspdm`_ > + 2. `Build SPDM Utils`_ > + 3. `Run it as a server`_ > + > +spdm-emu > + > + > +You can use `spdm emu`_ to model the > +SPDM responder. > + > +.. code-block:: shell > + > + $ cd spdm-emu > + $ git submodule init; git submodule update --recursive > + $ mkdir build; cd build > + $ cmake -DARCH=x64 -DTOOLCHAIN=GCC -DTARGET=Debug - > DCRYPTO=openssl .. > + $ make -j32 > + $ make copy_sample_key # Build certificates, required for SPDM > authentication. > + > +It is worth noting that the certificates should be in compliance > with > +PCIe r6.1 sec 6.31.3. This means you will need to add the following > to > +openssl.cnf > + > +.. code-block:: > + > + subjectAltName = > otherName:2.23.147;UTF8:Vendor=1b36:Device=0010:CC=010802:REV=02:SSVI > D=1af4:SSID=1100 > + 2.23.147 = ASN1:OID:2.23.147 > + > +and then manually regenerate some certificates with: > + > +.. code-block:: shell > + > + $ openssl req -nodes -newkey ec:param.pem -keyout > end_responder.key \ > + -out end_responder.req -sha384 -batch \ > + -subj "/CN=DMTF libspdm ECP384 responder cert" > + > + $ openssl x509 -req -in end_responder.req -out > end_responder.cert \ > + -CA inter.cert -CAkey inter.key -sha384 -days 3650 - > set_serial 3 \ > + -extensions v3_end -extfile ../openssl.cnf > + > + $ openssl asn1parse -in end_responder.cert -out > end_responder.cert.der > + > + $ cat ca.cert.der inter.cert.der end_responder.cert.der > > bundle_responder.certchain.der > + > +You can use SPDM-Utils instead as it will generate the correct > certificates > +automatically. > + > +The responder can then be launched with > + > +.. code-block:: shell > + > + $ cd bin > + $ ./spdm_responder_emu --trans PCI_DOE > + > +Connecting an SPDM NVMe device > +== > + > +Once a SPDM server is running we can start QEMU and connect to the > server. > + > +For an NVMe device first let's setup a block we can use > + > +.. code-block:: shell > + > + $ cd qemu-spdm/linux/image > + $ dd if=/dev/zero of=blknvme bs=1M count=2096 # 2GB NNMe Driv
Re: [PATCH v7 1/3] hw/pci: Add all Data Object Types defined in PCIe r6.0
Reviewed-by: Wilfred Mallawa On Fri, 2024-06-14 at 11:28 +1000, Alistair Francis wrote: > Add all of the defined protocols/features from the PCIe-SIG r6.0 > "Table 6-32 PCI-SIG defined Data Object Types (Vendor ID = 0001h)" > table. > > Signed-off-by: Alistair Francis > Reviewed-by: Jonathan Cameron > --- > include/hw/pci/pcie_doe.h | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/include/hw/pci/pcie_doe.h b/include/hw/pci/pcie_doe.h > index 87dc17dcef..15d94661f9 100644 > --- a/include/hw/pci/pcie_doe.h > +++ b/include/hw/pci/pcie_doe.h > @@ -46,6 +46,8 @@ REG32(PCI_DOE_CAP_STATUS, 0) > > /* PCI-SIG defined Data Object Types - r6.0 Table 6-32 */ > #define PCI_SIG_DOE_DISCOVERY 0x00 > +#define PCI_SIG_DOE_CMA 0x01 > +#define PCI_SIG_DOE_SECURED_CMA 0x02 > > #define PCI_DOE_DW_SIZE_MAX (1 << 18) > #define PCI_DOE_PROTOCOL_NUM_MAX 256
Re: [PATCH] include/blcok: fixup typos
On Mon, 2023-03-13 at 10:01 +, Peter Maydell wrote: > On Mon, 13 Mar 2023 at 00:26, Wilfred Mallawa > wrote: > > > > From: Wilfred Mallawa > > > > Fixup a few minor typos > > Typo in patch subject line: should be 'block' :-) Ha! already sent a V2 for this :) > > > Signed-off-by: Wilfred Mallawa > > --- > > Otherwise > Reviewed-by: Peter Maydell > > thanks > -- PMM
[PATCH v2] include/block: fixup typos
From: Wilfred Mallawa Fixup a few minor typos Signed-off-by: Wilfred Mallawa --- v2: - Fixup typo in commit msg. include/block/aio-wait.h | 2 +- include/block/block_int-common.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/block/aio-wait.h b/include/block/aio-wait.h index da13357bb8..6e43e3b7bb 100644 --- a/include/block/aio-wait.h +++ b/include/block/aio-wait.h @@ -63,7 +63,7 @@ extern AioWait global_aio_wait; * @ctx: the aio context, or NULL if multiple aio contexts (for which the * caller does not hold a lock) are involved in the polling condition. * @cond: wait while this conditional expression is true - * @unlock: whether to unlock and then lock again @ctx. This apples + * @unlock: whether to unlock and then lock again @ctx. This applies * only when waiting for another AioContext from the main loop. * Otherwise it's ignored. * diff --git a/include/block/block_int-common.h b/include/block/block_int-common.h index d419017328..ce51c1f7f9 100644 --- a/include/block/block_int-common.h +++ b/include/block/block_int-common.h @@ -1254,7 +1254,7 @@ extern QemuOptsList bdrv_create_opts_simple; /* * Common functions that are neither I/O nor Global State. * - * See include/block/block-commmon.h for more information about + * See include/block/block-common.h for more information about * the Common API. */ -- 2.39.2
[PATCH] include/blcok: fixup typos
From: Wilfred Mallawa Fixup a few minor typos Signed-off-by: Wilfred Mallawa --- include/block/aio-wait.h | 2 +- include/block/block_int-common.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/block/aio-wait.h b/include/block/aio-wait.h index da13357bb8..6e43e3b7bb 100644 --- a/include/block/aio-wait.h +++ b/include/block/aio-wait.h @@ -63,7 +63,7 @@ extern AioWait global_aio_wait; * @ctx: the aio context, or NULL if multiple aio contexts (for which the * caller does not hold a lock) are involved in the polling condition. * @cond: wait while this conditional expression is true - * @unlock: whether to unlock and then lock again @ctx. This apples + * @unlock: whether to unlock and then lock again @ctx. This applies * only when waiting for another AioContext from the main loop. * Otherwise it's ignored. * diff --git a/include/block/block_int-common.h b/include/block/block_int-common.h index d419017328..ce51c1f7f9 100644 --- a/include/block/block_int-common.h +++ b/include/block/block_int-common.h @@ -1254,7 +1254,7 @@ extern QemuOptsList bdrv_create_opts_simple; /* * Common functions that are neither I/O nor Global State. * - * See include/block/block-commmon.h for more information about + * See include/block/block-common.h for more information about * the Common API. */ -- 2.39.2
Re: [PATCH v2 6/6] monitor: convert monitor_cleanup() to AIO_WAIT_WHILE_UNLOCKED()
On Thu, 2023-03-09 at 14:08 -0500, Stefan Hajnoczi wrote: > monitor_cleanup() is called from the main loop thread. Calling > AIO_WAIT_WHILE(qemu_get_aio_context(), ...) from the main loop thread > is > equivalent to AIO_WAIT_WHILE_UNLOCKED(NULL, ...) because neither > unlocks > the AioContext and the latter's assertion that we're in the main loop > succeeds. > > Reviewed-by: Philippe Mathieu-Daudé > Tested-by: Philippe Mathieu-Daudé > Reviewed-by: Markus Armbruster > Reviewed-by: Kevin Wolf > Signed-off-by: Stefan Hajnoczi > --- > monitor/monitor.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) Reviewed-by: Wilfred Mallawa > > diff --git a/monitor/monitor.c b/monitor/monitor.c > index 8dc96f6af9..602535696c 100644 > --- a/monitor/monitor.c > +++ b/monitor/monitor.c > @@ -666,7 +666,7 @@ void monitor_cleanup(void) > * We need to poll both qemu_aio_context and iohandler_ctx to > make > * sure that the dispatcher coroutine keeps making progress and > * eventually terminates. qemu_aio_context is automatically > - * polled by calling AIO_WAIT_WHILE on it, but we must poll > + * polled by calling AIO_WAIT_WHILE_UNLOCKED on it, but we must > poll > * iohandler_ctx manually. > * > * Letting the iothread continue while shutting down the > dispatcher > @@ -679,7 +679,7 @@ void monitor_cleanup(void) > aio_co_wake(qmp_dispatcher_co); > } > > - AIO_WAIT_WHILE(qemu_get_aio_context(), > + AIO_WAIT_WHILE_UNLOCKED(NULL, > (aio_poll(iohandler_get_aio_context(), false), > qatomic_mb_read(_dispatcher_co_busy))); >
Re: [PATCH v2 5/6] hmp: convert handle_hmp_command() to AIO_WAIT_WHILE_UNLOCKED()
On Thu, 2023-03-09 at 14:08 -0500, Stefan Hajnoczi wrote: > The HMP monitor runs in the main loop thread. Calling > AIO_WAIT_WHILE(qemu_get_aio_context(), ...) from the main loop thread > is > equivalent to AIO_WAIT_WHILE_UNLOCKED(NULL, ...) because neither > unlocks > the AioContext and the latter's assertion that we're in the main loop > succeeds. > > Reviewed-by: Philippe Mathieu-Daudé > Tested-by: Philippe Mathieu-Daudé > Reviewed-by: Markus Armbruster > Reviewed-by: Kevin Wolf > Signed-off-by: Stefan Hajnoczi > --- > monitor/hmp.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Wilfred Mallawa > > diff --git a/monitor/hmp.c b/monitor/hmp.c > index fee410362f..5cab56d355 100644 > --- a/monitor/hmp.c > +++ b/monitor/hmp.c > @@ -1167,7 +1167,7 @@ void handle_hmp_command(MonitorHMP *mon, const > char *cmdline) > Coroutine *co = qemu_coroutine_create(handle_hmp_command_co, > ); > monitor_set_cur(co, >common); > aio_co_enter(qemu_get_aio_context(), co); > - AIO_WAIT_WHILE(qemu_get_aio_context(), !data.done); > + AIO_WAIT_WHILE_UNLOCKED(NULL, !data.done); > } > > qobject_unref(qdict);
Re: [PATCH v2 4/6] block: convert bdrv_drain_all_begin() to AIO_WAIT_WHILE_UNLOCKED()
On Thu, 2023-03-09 at 14:08 -0500, Stefan Hajnoczi wrote:
> Since the AioContext argument was already NULL, AIO_WAIT_WHILE() was
> never going to unlock the AioContext. Therefore it is possible to
> replace AIO_WAIT_WHILE() with AIO_WAIT_WHILE_UNLOCKED().
>
> Reviewed-by: Philippe Mathieu-Daudé
> Tested-by: Philippe Mathieu-Daudé
> Reviewed-by: Kevin Wolf
> Signed-off-by: Stefan Hajnoczi
> ---
> block/io.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Wilfred Mallawa
>
> diff --git a/block/io.c b/block/io.c
> index 8974d46941..db438c7657 100644
> --- a/block/io.c
> +++ b/block/io.c
> @@ -520,7 +520,7 @@ void bdrv_drain_all_begin(void)
> bdrv_drain_all_begin_nopoll();
>
> /* Now poll the in-flight requests */
> - AIO_WAIT_WHILE(NULL, bdrv_drain_all_poll());
> + AIO_WAIT_WHILE_UNLOCKED(NULL, bdrv_drain_all_poll());
>
> while ((bs = bdrv_next_all_states(bs))) {
> bdrv_drain_assert_idle(bs);
Re: [PATCH v2 3/6] block: convert bdrv_graph_wrlock() to AIO_WAIT_WHILE_UNLOCKED()
On Thu, 2023-03-09 at 14:08 -0500, Stefan Hajnoczi wrote:
> The following conversion is safe and does not change behavior:
>
> GLOBAL_STATE_CODE();
> ...
> - AIO_WAIT_WHILE(qemu_get_aio_context(), ...);
> + AIO_WAIT_WHILE_UNLOCKED(NULL, ...);
>
> Since we're in GLOBAL_STATE_CODE(), qemu_get_aio_context() is our
> home
> thread's AioContext. Thus AIO_WAIT_WHILE() does not unlock the
> AioContext:
>
> if (ctx_ && in_aio_context_home_thread(ctx_)) { \
> while ((cond)) { \
> aio_poll(ctx_, true); \
> waited_ = true; \
> } \
>
> And that means AIO_WAIT_WHILE_UNLOCKED(NULL, ...) can be substituted.
>
> Reviewed-by: Philippe Mathieu-Daudé
> Tested-by: Philippe Mathieu-Daudé
> Reviewed-by: Kevin Wolf
> Signed-off-by: Stefan Hajnoczi
> ---
> block/graph-lock.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Wilfred Mallawa
>
> diff --git a/block/graph-lock.c b/block/graph-lock.c
> index 454c31e691..639526608f 100644
> --- a/block/graph-lock.c
> +++ b/block/graph-lock.c
> @@ -127,7 +127,7 @@ void bdrv_graph_wrlock(void)
> * reader lock.
> */
> qatomic_set(_writer, 0);
> - AIO_WAIT_WHILE(qemu_get_aio_context(), reader_count() >= 1);
> + AIO_WAIT_WHILE_UNLOCKED(NULL, reader_count() >= 1);
> qatomic_set(_writer, 1);
>
> /*
Re: [PATCH v2 2/6] block: convert blk_exp_close_all_type() to AIO_WAIT_WHILE_UNLOCKED()
On Thu, 2023-03-09 at 14:08 -0500, Stefan Hajnoczi wrote: > There is no change in behavior. Switch to AIO_WAIT_WHILE_UNLOCKED() > instead of AIO_WAIT_WHILE() to document that this code has already > been > audited and converted. The AioContext argument is already NULL so > aio_context_release() is never called anyway. > > Reviewed-by: Philippe Mathieu-Daudé > Tested-by: Philippe Mathieu-Daudé > Reviewed-by: Kevin Wolf > Signed-off-by: Stefan Hajnoczi > --- > block/export/export.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Wilfred Mallawa > > diff --git a/block/export/export.c b/block/export/export.c > index 28a91c9c42..e3fee60611 100644 > --- a/block/export/export.c > +++ b/block/export/export.c > @@ -306,7 +306,7 @@ void blk_exp_close_all_type(BlockExportType type) > blk_exp_request_shutdown(exp); > } > > - AIO_WAIT_WHILE(NULL, blk_exp_has_type(type)); > + AIO_WAIT_WHILE_UNLOCKED(NULL, blk_exp_has_type(type)); > } > > void blk_exp_close_all(void)
Re: [PATCH v2 1/6] block: don't acquire AioContext lock in bdrv_drain_all()
On Thu, 2023-03-09 at 14:08 -0500, Stefan Hajnoczi wrote:
> There is no need for the AioContext lock in bdrv_drain_all() because
> nothing in AIO_WAIT_WHILE() needs the lock and the condition is
> atomic.
>
> AIO_WAIT_WHILE_UNLOCKED() has no use for the AioContext parameter
> other
> than performing a check that is nowadays already done by the
> GLOBAL_STATE_CODE()/IO_CODE() macros. Set the ctx argument to NULL
> here
> to help us keep track of all converted callers. Eventually all
> callers
> will have been converted and then the argument can be dropped
> entirely.
>
> Reviewed-by: Kevin Wolf
> Signed-off-by: Stefan Hajnoczi
> ---
> block/block-backend.c | 8 +---
> 1 file changed, 1 insertion(+), 7 deletions(-)
Reviewed-by: Wilfred Mallawa
>
> diff --git a/block/block-backend.c b/block/block-backend.c
> index 278b04ce69..d2b6b3652d 100644
> --- a/block/block-backend.c
> +++ b/block/block-backend.c
> @@ -1835,14 +1835,8 @@ void blk_drain_all(void)
> bdrv_drain_all_begin();
>
> while ((blk = blk_all_next(blk)) != NULL) {
> - AioContext *ctx = blk_get_aio_context(blk);
> -
> - aio_context_acquire(ctx);
> -
> /* We may have -ENOMEDIUM completions in flight */
> - AIO_WAIT_WHILE(ctx, qatomic_mb_read(>in_flight) > 0);
> -
> - aio_context_release(ctx);
> + AIO_WAIT_WHILE_UNLOCKED(NULL, qatomic_mb_read(
> >in_flight) > 0);
> }
>
> bdrv_drain_all_end();
Re: [PATCH 0/3] python: testing fixes
On Fri, 2022-12-02 at 19:52 -0500, John Snow wrote: > A few tiny touchups needed for cutting edge 'flake8' tooling, a minor > type touchup in iotests, and extending the python tests to cover the > recently released Python 3.11. > > John Snow (3): > Python: fix flake8 config > iotests/check: Fix typing for sys.exit() value > python: add 3.11 to supported list > > python/setup.cfg | 6 -- > tests/qemu-iotests/check | 2 +- > 2 files changed, 5 insertions(+), 3 deletions(-) > > -- > 2.38.1 > I see you've left Westeros! xD Reviewed-by: Wilfred Mallawa > >
