Re: [RFC PATCH] i386: Add ratelimit for bus locks acquired in guest

Hi Paolo, Do we have any comment for this Bus lock VM exit QEMU patch? On 3/17/2021 4:47 PM, Chenyi Qiang wrote: Virtual Machines can exploit bus locks to degrade the performance of system. To address this kind of performance DOS attack, bus lock VM exit is introduced in KVM and it will report

Re: [PATCH v2 2/2] target/i386: Remove core-capability in Snowridge CPU model

Hi Eduardo, Ping for this minor change. On 8/27/2021 2:48 PM, Chenyi Qiang wrote: Because core-capability releated features are model-specific and KVM won't support it, remove the core-capability in CPU model to avoid the warning message. Signed-off-by: Chenyi Qiang --- target/i386/

Re: [PATCH v4] i386: Add ratelimit for bus locks acquired in guest

On 7/27/2021 4:28 PM, Dr. David Alan Gilbert wrote: * Chenyi Qiang (chenyi.qi...@intel.com) wrote: A bus lock is acquired through either split locked access to writeback (WB) memory or any locked access to non-WB memory. It is typically >1000 cycles slower than an atomic operation withi

[PATCH v2 1/2] target/i386: Remove split lock detect in Snowridge CPU model

At present, there's no mechanism intelligent enough to virtualize split lock detection correctly. Remove it in Snowridge CPU model to avoid the feature exposure. Signed-off-by: Chenyi Qiang Message-Id: <20210630012053.10098-1-chenyi.qi...@intel.com> Signed-off-by: Eduardo Habkost

[PATCH v2 0/2] Remove unsupported features in SNR CPU model

Patch 1: https://lore.kernel.org/qemu-devel/20210825195438.914387-2-ehabk...@redhat.com/ Patch 2 removes one more feature (core-capability) in Snowridge-v4 CPU model based on previous patch. Chenyi Qiang (2): target/i386: Remove split lock detect in Snowridge CPU model target/i386: Remove

[PATCH v2 2/2] target/i386: Remove core-capability in Snowridge CPU model

Because core-capability releated features are model-specific and KVM won't support it, remove the core-capability in CPU model to avoid the warning message. Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/i386/

[RFC PATCH] i386: Add ratelimit for bus locks acquired in guest

w/us/en/develop/download/intel-architecture-instruction-set-extensions-programming-reference.html Signed-off-by: Chenyi Qiang --- hw/i386/x86.c | 6 ++ include/hw/i386/x86.h | 7 +++ target/i386/kvm/kvm.c | 44 +++ 3 files changed, 57 insertions(

Re: [RFC PATCH] i386: Add ratelimit for bus locks acquired in guest

Hi Marcelo, Thank you for your comment. On 3/19/2021 1:32 AM, Marcelo Tosatti wrote: On Wed, Mar 17, 2021 at 04:47:09PM +0800, Chenyi Qiang wrote: Virtual Machines can exploit bus locks to degrade the performance of system. To address this kind of performance DOS attack, bus lock VM exit is

Re: [RFC PATCH] i386: Add ratelimit for bus locks acquired in guest

On 3/19/2021 9:23 AM, Xiaoyao Li wrote: On 3/17/2021 4:47 PM, Chenyi Qiang wrote: [...]   MemTxAttrs kvm_arch_post_run(CPUState *cpu, struct kvm_run *run)   {   X86CPU *x86_cpu = X86_CPU(cpu); @@ -4236,6 +4271,11 @@ MemTxAttrs kvm_arch_post_run(CPUState *cpu, struct kvm_run *run

Re: [RFC PATCH] i386: Add ratelimit for bus locks acquired in guest

On 3/19/2021 8:37 PM, Marcelo Tosatti wrote: On Fri, Mar 19, 2021 at 10:59:20AM +0800, Chenyi Qiang wrote: Hi Marcelo, Thank you for your comment. On 3/19/2021 1:32 AM, Marcelo Tosatti wrote: On Wed, Mar 17, 2021 at 04:47:09PM +0800, Chenyi Qiang wrote: Virtual Machines can exploit bus

[PATCH v2 1/3] linux-headers: Sync the linux headers

Signed-off-by: Chenyi Qiang --- linux-headers/asm-x86/kvm.h | 4 linux-headers/linux/kvm.h | 29 - 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h index 2da3316bb5..d8ef0d993e 100644

[PATCH v2 0/3] Enable notify VM exit

ult event to avoid lose some synthesized triple fault from KVM. - v1: https://lore.kernel.org/qemu-devel/20220310090205.10645-1-chenyi.qi...@intel.com/ --- Chenyi Qiang (3): linux-headers: Sync the linux headers i386: kvm: Save&restore triple fault event i386: Add notify VM exit suppo

[PATCH v2 2/3] i386: kvm: Save&restore triple fault event

KVM_VCPUEVENT_TRIPLE_FAULT is defined to signal that there's triple fault event waiting to be serviced. Track it and save/restore during get/set_vcpu_events(). Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 1 + target/i386/cpu.h | 1 + target/i386/kvm/kvm.c | 10 ++ 3

[PATCH v2 3/3] i386: Add notify VM exit support

ented by injecting a sythesized triple fault event to target vcpu. Signed-off-by: Chenyi Qiang --- hw/i386/x86.c | 24 ++ include/hw/i386/x86.h | 3 +++ target/i386/kvm/kvm.c | 58 --- 3 files changed, 65 insertions(+), 20 dele

[PATCH 0/2] Enable notify VM exit

/20220310084001.10235-1-chenyi.qi...@intel.com/ Chenyi Qiang (2): linux-headers: Sync the linux headers i386: Add notify VM exit support hw/i386/x86.c | 24 +++ include/hw/i386/x86.h | 3 ++ linux-headers/asm-x86/kvm.h | 4 +++ linux-headers/linux/kvm.h | 29

[PATCH 2/2] i386: Add notify VM exit support

ed by defining a new bit in flags field of kvm_vcpu_event in KVM_SET_VCPU_EVENTS ioctl. Signed-off-by: Chenyi Qiang --- hw/i386/x86.c | 24 ++ include/hw/i386/x86.h | 3 +++ target/i386/kvm/kvm.c | 58 --- 3 files changed, 65 insertions(+

[PATCH 1/2] linux-headers: Sync the linux headers

Signed-off-by: Chenyi Qiang --- linux-headers/asm-x86/kvm.h | 4 linux-headers/linux/kvm.h | 29 - 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h index 2da3316bb5..44757bd612 100644

Re: [PATCH 2/2] i386: Add notify VM exit support

On 3/10/2022 5:17 PM, Daniel P. Berrangé wrote: On Thu, Mar 10, 2022 at 05:02:05PM +0800, Chenyi Qiang wrote: There are cases that malicious virtual machine can cause CPU stuck (due to event windows don't open up), e.g., infinite loop in microcode when nested #AC (CVE-2015-5307). No

Re: [PATCH 0/3] Fix Skylake, Cascadelake and Icelake Server CPU models

Ping. On 2/27/2020 5:08 PM, Chenyi Qiang wrote: Current Skylake-Server, Cascadelake-Server and Icelake-Server CPU models lack several VMX features. Icelake-Server also lacks two features in FEAT_7_0_EBX. In addition, The model numbers of Icelake-Client and Icelake-Server need to be fixed

Re: [PATCH 0/3] Fix Skylake, Cascadelake and Icelake Server CPU models

Hi Paolo and Eduardo, It seems I need to put the missing feature bits in the new version of CPU model. I'll resend this patch set. BTW, what about the missing vmx feature bits? Also put in in new version CPU model? Thanks, Chenyi On 3/18/2020 4:02 PM, Chenyi Qiang wrote: Ping. On

[PATCH v2 1/4] target/i386: add missing vmx features for several CPU models

Add some missing VMX features in Skylake-Server, Cascadelake-Server and Icelake-Server CPU models based on the output of Paolo's script. Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/target/i386/cpu.c b/target

[PATCH v2 0/4] modify CPU model info

as a new version of CPU model - add the support of FSRM Chenyi Qiang (4): target/i386: add missing vmx features for several CPU models target/i386: add fast short REP MOV support target/i386: add the missing features for Icelake-Server CPU model target/i386: modify Icelake-Client and

[PATCH v2 4/4] target/i386: modify Icelake-Client and Icelake-Server CPU model number

According to the Intel Icelake family list, Icelake-Client uses model number 125(0x7D) and Icelake-Server uses model number 106(0x6A). Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c

[PATCH v2 2/4] target/i386: add fast short REP MOV support

For CPUs support fast short REP MOV[CPUID.(EAX=7,ECX=0):EDX(bit4)], e.g Icelake and Tigerlake, expose it to the guest VM. Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 2 +- target/i386/cpu.h | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/target/i386/cpu.c b/target

[PATCH v2 3/4] target/i386: add the missing features for Icelake-Server CPU model

Add the SHA_NI and AVX512IFMA feature bits in FEAT_7_0_EBX, RDPID feature bit in FEAT_7_0_ECX and FSRM feature bit in FEAT_7_0_EDX. Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index

Re: [PATCH v2 0/4] modify CPU model info

Ping for comments. Hi Paolo and Eduardo, ARCH_CAPABILITIES has been added into Icelake-Server CPU model. What your opinion of the missing feature bits in this patch set? Thanks Chenyi On 3/28/2020 11:06 AM, Chenyi Qiang wrote: Add the missing VMX features in Skylake-Server, Cascadelake

[PATCH v3 3/4] target/i386: add the missing features for Icelake-Server CPU model

Add the SHA_NI and AVX512IFMA feature bits in FEAT_7_0_EBX, RDPID feature bit in FEAT_7_0_ECX and FSRM feature bit in FEAT_7_0_EDX. Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index

[PATCH v3 0/4] modify CPU model info

- add New CPUID of FSRM and RDPID in Icelake-Server CPU model Chenyi Qiang (4): target/i386: add missing vmx features for several CPU models target/i386: add fast short REP MOV support target/i386: add the missing features for Icelake-Server CPU model target/i386: modify Icelake-Server CPU

[PATCH v3 4/4] target/i386: modify Icelake-Server CPU model number

According to the Intel Icelake family list, Icelake-Server uses model number 106(0x6A). Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index d2f8a276c4..04bcf01b5a 100644 --- a/target

[PATCH v3 1/4] target/i386: add missing vmx features for several CPU models

Add some missing VMX features in Skylake-Server, Cascadelake-Server and Icelake-Server CPU models based on the output of Paolo's script. Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/target/i386/cpu.c b/target

[PATCH v3 2/4] target/i386: add fast short REP MOV support

For CPUs support fast short REP MOV[CPUID.(EAX=7,ECX=0):EDX(bit4)], e.g Icelake and Tigerlake, expose it to the guest VM. Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 2 +- target/i386/cpu.h | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/target/i386/cpu.c b/target

[PATCH v4 3/5] target/i386: add the missing features for Icelake-Server CPU model

Add the missing features(sha-ni, avx512ifma, rdpid, fsrm) in the Icelake-Server CPU model. Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 52f5aa5418..b4697b0148 100644 --- a/target

[PATCH v4 5/5] target/i386: remove Icelake-Client CPU model

There are no Icelake Desktop products in the market. Remove the Icelake-Client CPU model. Signed-off-by: Chenyi Qiang --- hw/i386/pc.c | 1 - target/i386/cpu.c | 113 -- 2 files changed, 114 deletions(-) diff --git a/hw/i386/pc.c b/hw/i386

[PATCH v4 4/5] target/i386: modify Icelake-Server CPU model number

According to the Intel Icelake family list, Icelake-Server uses model number 106(0x6A). Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index b4697b0148..d59698710e 100644 --- a/target

[PATCH v4 0/5] modify CPU model info

CPUID of FSRM and RDPID in Icelake-Server CPU model Chenyi Qiang (5): target/i386: add missing vmx features for several CPU models target/i386: add fast short REP MOV support target/i386: add the missing features for Icelake-Server CPU model target/i386: modify Icelake-Server CPU model number

[PATCH v4 1/5] target/i386: add missing vmx features for several CPU models

Add some missing VMX features in Skylake-Server, Cascadelake-Server and Icelake-Server CPU models based on the output of Paolo's script. Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/target/i386/cpu.c b/target

[PATCH v4 2/5] target/i386: add fast short REP MOV support

For CPUs support fast short REP MOV[CPUID.(EAX=7,ECX=0):EDX(bit4)], e.g Icelake and Tigerlake, expose it to the guest VM. Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 2 +- target/i386/cpu.h | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/target/i386/cpu.c b/target

Re: [PATCH v4 0/5] modify CPU model info

Ping for comments. Ignore the last patch("remove Icelake-Client CPU model"). Robert is working on the CPU model deprecation API in https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg03109.html On 5/20/2020 10:10 AM, Chenyi Qiang wrote: Add the missing VMX features in Skyl

[PATCH] target/i386: Add bus lock debug exception support

off-by: Chenyi Qiang --- target/i386/cpu.c | 2 +- target/i386/cpu.h | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index ae89024d36..55f3b5829f 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -963,7 +963,7 @@ sta

[PATCH 1/2] target/i386: Add support for save/load IA32_PKRS MSR

PKS introduces MSR IA32_PKRS(0x6e1) to manage the supervisor protection key rights. Page access and writes can be managed via the MSR update without TLB flushes when permissions change. Add the support to save/load IA32_PKRS MSR in guest. Signed-off-by: Chenyi Qiang --- target/i386/kvm/kvm.c

[PATCH 2/2] target/i386: Expose VMX entry/exit load pkrs control bits

Expose the VMX exit/entry load pkrs control bits in VMX_TRUE_EXIT_CTLS/VMX_TRUE_ENTRY_CTLS MSRs to guest, which supports the PKS in nested VM. Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 4 ++-- target/i386/cpu.h | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a

[PATCH 0/2] Remaining work for PKS Implementation

implemention at: https://lore.kernel.org/qemu-devel/20210127093540.472624-1-pbonz...@redhat.com/ This patch series is just to add the remaining part, i.e. the support for save/load PKRS and expose the vmx entry/exit load controls to guest. Chenyi Qiang (2): target/i386: Add support for save/load

Re: [PATCH v5 1/4] target/i386: add missing vmx features for several CPU models

On 7/11/2020 12:48 AM, Eduardo Habkost wrote: On Fri, Jul 10, 2020 at 09:45:49AM +0800, Chenyi Qiang wrote: On 7/10/2020 6:12 AM, Eduardo Habkost wrote: I'm very sorry for taking so long to review this. Question below: On Fri, Jun 19, 2020 at 03:31:11PM +0800, Chenyi Qiang wrote:

[PATCH v6 0/3] modify CPU model info

ges in v2: - add missing features as a new version of CPU model - add the support of FSRM - add New CPUID of FSRM and RDPID in Icelake-Server CPU model Chenyi Qiang (3): target/i386: add fast short REP MOV support target/i386: fix model number and add missing features

[PATCH v6 1/3] target/i386: add fast short REP MOV support

For CPUs support fast short REP MOV[CPUID.(EAX=7,ECX=0):EDX(bit4)], e.g Icelake and Tigerlake, expose it to the guest VM. Reviewed-by: Eduardo Habkost Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 2 +- target/i386/cpu.h | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git

[PATCH v6 2/3] target/i386: fix model number and add missing features for Icelake-Server CPU model

Add the missing features(sha_ni, avx512ifma, rdpid, fsrm, vmx-rdseed-exit, vmx-pml, vmx-eptp-switching) and change the model number to 106 in the Icelake-Server-v4 CPU model. Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 14 ++ 1 file changed, 14 insertions(+) diff --git a

[PATCH v6 3/3] target/i386: add the missing vmx features for Skylake-Server and Cascadelake-Server CPU models

Add the missing vmx features in Skylake-Server and Cascadelake-Server CPU models based on the output of Paolo's script. Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 14 ++ 1 file changed, 14 insertions(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 6afc5

[PATCH v5 3/3] i386: Add notify VM exit support

nject a SHUTDOWN event to the target vcpu. This is implemented by injecting a sythesized triple fault event. Signed-off-by: Chenyi Qiang --- hw/i386/x86.c | 45 +++ include/hw/i386/x86.h | 5 + target/i386/kvm/kvm.c

[PATCH v5 2/3] i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple fault

KVM_VCPUEVENT_VALID_TRIPLE_FAULT is defined to signal that the event.triple_fault_pending field contains a valid state if the KVM_CAP_X86_TRIPLE_FAULT_EVENT capability is enabled. Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 1 + target/i386/cpu.h | 1 + target/i386/kvm/kvm.c | 20

[PATCH v5 0/3] Enable notify VM exit

.qi...@intel.com/ --- Chenyi Qiang (3): Update linux headers to 6.0-rc1 i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple fault i386: Add notify VM exit support hw/i386/x86.c | 45 + include/hw/i386/x86.h

[PATCH v5 1/3] Update linux headers to 6.0-rc1

commit 568035b01cfb107af8d2e4bd2fb9aea22cf5b868 Signed-off-by: Chenyi Qiang --- include/standard-headers/asm-x86/bootparam.h | 7 +- include/standard-headers/drm/drm_fourcc.h | 73 +++- include/standard-headers/linux/ethtool.h | 29 +-- include/standard-headers/linux/input.h

Re: [PATCH v5 1/3] Update linux headers to 6.0-rc1

On 8/22/2022 11:00 PM, Michal Prívozník wrote: On 8/17/22 04:08, Chenyi Qiang wrote: commit 568035b01cfb107af8d2e4bd2fb9aea22cf5b868 Signed-off-by: Chenyi Qiang --- include/standard-headers/asm-x86/bootparam.h | 7 +- include/standard-headers/drm/drm_fourcc.h | 73

Re: [PATCH v1 08/40] i386/tdx: Adjust the supported CPUID based on TDX restrictions

it covers #3, and rectifies the previous step); - add configurable bits (it covers the other part of type #1); - fix the ones in vmm_fixup; - filter the one has valid .supported field; What does .supported field filter mean here? (Calculated type is ignored since it's determined at runtime

[PATCH v7 0/2] Enable notify VM exit

ENT to guard the extension of triple fault event save&restore. - v3: https://lore.kernel.org/qemu-devel/20220421074028.18196-1-chenyi.qi...@intel.com/ --- Chenyi Qiang (2): i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple fault i386: Add notify VM exit support

[PATCH v7 2/2] i386: Add notify VM exit support

emented by injecting a sythesized triple fault event. Acked-by: Peter Xu Signed-off-by: Chenyi Qiang --- hw/i386/x86.c | 45 +++ include/hw/i386/x86.h | 5 + qemu-options.hx | 10 +- target/i386/kvm/

[PATCH v7 1/2] i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple fault

KVM_VCPUEVENT_VALID_TRIPLE_FAULT is defined to signal that the event.triple_fault_pending field contains a valid state if the KVM_CAP_X86_TRIPLE_FAULT_EVENT capability is enabled. Acked-by: Peter Xu Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 1 + target/i386/cpu.h | 1 + target

Re: [PATCH v7 1/2] i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple fault

On 9/27/2022 9:14 PM, Paolo Bonzini wrote: On 9/23/22 09:33, Chenyi Qiang wrote: For the direct triple faults, i.e. hardware detected and KVM morphed to VM-Exit, KVM will never lose them. But for triple faults sythesized by KVM, e.g. the RSM path, if KVM exits to userspace before the request

Re: [PATCH v7 2/2] i386: Add notify VM exit support

On 9/27/2022 9:43 PM, Paolo Bonzini wrote: On 9/23/22 09:33, Chenyi Qiang wrote: Because there are some concerns, e.g. a notify VM exit may happen with VM_CONTEXT_INVALID set in exit qualification (no cases are anticipated that would set this bit), which means VM context is corrupted. To

[PATCH v8 3/4] kvm: expose struct KVMState

Expose struct KVMState out of kvm-all.c so that the field of struct KVMState can be accessed when defining target-specific accelerator properties. Signed-off-by: Chenyi Qiang --- accel/kvm/kvm-all.c | 74 --- include/sysemu/kvm_int.h | 75

[PATCH v8 4/4] i386: add notify VM exit support

NVALID bit is set, raise a KVM internal error unconditionally. Acked-by: Peter Xu Signed-off-by: Chenyi Qiang --- accel/kvm/kvm-all.c | 2 + qapi/run-state.json | 17 qemu-options.hx | 11 + target/i386/kvm/kvm.c | 97 +++ 4 files ch

[PATCH v8 2/4] kvm: allow target-specific accelerator properties

From: Paolo Bonzini Several hypervisor capabilities in KVM are target-specific. When exposed to QEMU users as accelerator properties (i.e. -accel kvm,prop=value), they should not be available for all targets. Add a hook for targets to add their own properties to -accel kvm, for now no such prop

[PATCH v8 1/4] i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple fault

KVM_VCPUEVENT_VALID_TRIPLE_FAULT is defined to signal that the event.triple_fault_pending field contains a valid state if the KVM_CAP_X86_TRIPLE_FAULT_EVENT capability is enabled. Acked-by: Peter Xu Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 1 + target/i386/cpu.h | 1 + target

[PATCH v8 0/4] Enable notify VM exit

ptions.hx. (Peter Xu) - v5: https://lore.kernel.org/qemu-devel/20220817020845.21855-1-chenyi.qi...@intel.com/ --- Chenyi Qiang (3): i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple fault kvm: expose struct KVMState i386: add notify VM exit support Paolo Bonzini (1): k

[RESEND PATCH v8 0/4] Enable notify VM exit

/ v5 -> v6 - Add some info related to the valid range of notify_window in patch 2. (Peter Xu) - Add the doc in qemu-options.hx. (Peter Xu) - v5: https://lore.kernel.org/qemu-devel/20220817020845.21855-1-chenyi.qi...@intel.com/ --- Chenyi Qiang (3): i386: kvm: extend kvm_{get, put}_vcpu_eve

[RESEND PATCH v8 2/4] kvm: allow target-specific accelerator properties

From: Paolo Bonzini Several hypervisor capabilities in KVM are target-specific. When exposed to QEMU users as accelerator properties (i.e. -accel kvm,prop=value), they should not be available for all targets. Add a hook for targets to add their own properties to -accel kvm, for now no such prop

[RESEND PATCH v8 4/4] i386: add notify VM exit support

NVALID bit is set, raise a KVM internal error unconditionally. Acked-by: Peter Xu Signed-off-by: Chenyi Qiang --- accel/kvm/kvm-all.c | 2 + qapi/run-state.json | 17 qemu-options.hx | 11 + target/i386/kvm/kvm.c | 98 +++ 4 files ch

[RESEND PATCH v8 3/4] kvm: expose struct KVMState

Expose struct KVMState out of kvm-all.c so that the field of struct KVMState can be accessed when defining target-specific accelerator properties. Signed-off-by: Chenyi Qiang --- accel/kvm/kvm-all.c | 74 --- include/sysemu/kvm_int.h | 75

[RESEND PATCH v8 1/4] i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple fault

KVM_VCPUEVENT_VALID_TRIPLE_FAULT is defined to signal that the event.triple_fault_pending field contains a valid state if the KVM_CAP_X86_TRIPLE_FAULT_EVENT capability is enabled. Acked-by: Peter Xu Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 1 + target/i386/cpu.h | 1 + target

Re: [PATCH v8 0/4] Enable notify VM exit

On 9/30/2022 1:28 AM, Paolo Bonzini wrote: On 9/29/22 09:03, Chenyi Qiang wrote: Notify VM exit is introduced to mitigate the potential DOS attach from malicious VM. This series is the userspace part to enable this feature through a new KVM capability KVM_CAP_X86_NOTIFY_VMEXIT. The detailed

[PATCH v4 1/3] linux-header: update linux header

This linux-header update is only a reference to include some definitions related to notify VM exit. Signed-off-by: Chenyi Qiang --- linux-headers/asm-x86/kvm.h | 6 +- linux-headers/linux/kvm.h | 11 +++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/linux-headers

[PATCH v4 2/3] i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple fault

KVM_VCPUEVENT_VALID_TRIPLE_FAULT is defined to signal that the event.triple_fault_pending field contains a valid state if the KVM_CAP_TRIPLE_FAULT_EVENT capability is enabled. Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 1 + target/i386/cpu.h | 1 + target/i386/kvm/kvm.c | 20

[PATCH v4 0/3] Enable notify VM exit

e fault event to avoid lose some synthesized triple fault from KVM. - v1: https://lore.kernel.org/qemu-devel/20220310090205.10645-1-chenyi.qi...@intel.com/ --- Chenyi Qiang (3): linux-header: update linux header i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple faul

[PATCH v4 3/3] i386: Add notify VM exit support

nject a SHUTDOWN event to the target vcpu. This is implemented by injecting a sythesized triple fault event. Signed-off-by: Chenyi Qiang --- hw/i386/x86.c | 45 + include/hw/i386/x86.h | 5 target/i386/kvm/kvm.c

Re: [PATCH v4 3/3] i386: Add notify VM exit support

On 5/25/2022 11:43 AM, Yuan Yao wrote: On Tue, May 24, 2022 at 10:03:02PM +0800, Chenyi Qiang wrote: There are cases that malicious virtual machine can cause CPU stuck (due to event windows don't open up), e.g., infinite loop in microcode when nested #AC (CVE-2015-5307). No event w

[PATCH v3 3/3] i386: Add notify VM exit support

nject a SHUTDOWN event to the target vcpu. This is implemented by injecting a sythesized triple fault event. Signed-off-by: Chenyi Qiang --- hw/i386/x86.c | 45 +++ include/hw/i386/x86.h | 5 target/i386/kvm/kvm.c

[PATCH v3 0/3] Enable notify VM exit

Do the corresponding change to use the KVM_VCPUEVENTS_TRIPLE_FAULT to save/restore the triple fault event to avoid lose some synthesized triple fault from KVM. - v1: https://lore.kernel.org/qemu-devel/20220310090205.10645-1-chenyi.qi...@intel.com/ --- Chenyi Qiang (3): linux-header: update linux

[PATCH v3 2/3] i386: kvm: Save&restore triple fault event

KVM_VCPUEVENT_VALID_TRIPLE_FAULT is defined to signal that the event.triple_fault_pending field contains a valid state. Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 1 + target/i386/cpu.h | 1 + target/i386/kvm/kvm.c | 8 +++- 3 files changed, 9 insertions(+), 1 deletion(-) diff

[PATCH v3 1/3] linux-header: update linux header

This linux-header update is only a reference to include some definitions related to notify VM exit. Signed-off-by: Chenyi Qiang --- linux-headers/asm-x86/kvm.h | 4 +++- linux-headers/linux/kvm.h | 10 ++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/linux-headers

Re: [PATCH v5 1/1] virtio: fix the condition for iommu_platform not supported

On 2/7/2022 7:28 PM, Halil Pasic wrote: The commit 04ceb61a40 ("virtio: Fail if iommu_platform is requested, but unsupported") claims to fail the device hotplug when iommu_platform is requested, but not supported by the (vhost) device. On the first glance the condition for detecting that situa

Re: [PATCH v5 1/1] virtio: fix the condition for iommu_platform not supported

On 4/22/2022 3:11 PM, Chenyi Qiang wrote: On 2/7/2022 7:28 PM, Halil Pasic wrote: The commit 04ceb61a40 ("virtio: Fail if iommu_platform is requested, but unsupported") claims to fail the device hotplug when iommu_platform is requested, but not supported by the (vhost) device. On

[PATCH] hw/pci-bridge: Fix brace Werror with clang 6.0.0

ions){ 0 }; ^ {} The original code is correct, just to work around clang's bogus warning. Signed-off-by: Chenyi Qiang --- hw/pci-bridge/cxl_downstream.c | 2 +- hw/pci-bridge/cxl_root_port.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/pci-bridge/cxl_downstream.c b/

Re: [PATCH v5 3/3] i386: Add notify VM exit support

Hi Paolo, Any comment on patch 2-3? Thanks Chenyi On 8/17/2022 10:08 AM, Chenyi Qiang wrote: There are cases that malicious virtual machine can cause CPU stuck (due to event windows don't open up), e.g., infinite loop in microcode when nested #AC (CVE-2015-5307). No event window mea

[PATCH 1/2] Update linux headers to v6.0-rc4

commit 7e18e42e4b280c85b76967a9106a13ca61c16179 Signed-off-by: Chenyi Qiang --- include/standard-headers/asm-x86/bootparam.h | 7 +- include/standard-headers/drm/drm_fourcc.h | 73 +++- include/standard-headers/linux/ethtool.h | 29 +-- include/standard-headers/linux/input.h

[PATCH 2/2] configure: Add -Wno-gnu-variable-sized-type-not-at-end

^ Considering that it is OK to use GNU extension in QEMU (e.g. g_auto stuff), it is acceptable to turn off this warning, which is only relevant to people striving for fully portable C code. Suggested-by: Daniel P. Berrangé Signed-off-by: Chenyi Qiang --- configure | 1

[PATCH 0/2] Update linux headers to v6.0-rc4 and fix the clang build error

After updating linux headers to v6.0-rc, clang build on x86 target would generate warnings related to -Wgnu-variable-sized-type-not-at-end. Simply turn off this warning in this patch set. If not suitable to turn it off, any comments or suggestions are welcome. Chenyi Qiang (2): Update linux

Re: [PATCH 2/2] configure: Add -Wno-gnu-variable-sized-type-not-at-end

On 9/8/2022 6:54 PM, Peter Maydell wrote: On Thu, 8 Sept 2022 at 10:09, Daniel P. Berrangé wrote: On Thu, Sep 08, 2022 at 09:53:44AM +0100, Peter Maydell wrote: On Thu, 8 Sept 2022 at 09:08, Chenyi Qiang wrote: After updating linux headers to v6.0-rc, clang build on x86 target would

[PATCH v2 0/2] Update linux headers to v6.0-rc4 and fix the clang build error

h 1. (Peter Maydell) - v1: https://lore.kernel.org/qemu-devel/20220908080749.32211-1-chenyi.qi...@intel.com/ --- Chenyi Qiang (2): configure: Add -Wno-gnu-variable-sized-type-not-at-end Update linux headers to v6.0-rc4 configure | 1 + include/stand

[PATCH v2 1/2] configure: Add -Wno-gnu-variable-sized-type-not-at-end

or 1 kvm_msr_entry, a clever trick but requires to turn off this clang warning. Suggested-by: Daniel P. Berrangé Reviewed-by: Richard Henderson Signed-off-by: Chenyi Qiang --- configure | 1 + 1 file changed, 1 insertion(+) diff --git a/configure b/configure index 575dde1c1f..7e0a1a41

[PATCH v2 2/2] Update linux headers to v6.0-rc4

commit 7e18e42e4b280c85b76967a9106a13ca61c16179 Signed-off-by: Chenyi Qiang --- include/standard-headers/asm-x86/bootparam.h | 7 +- include/standard-headers/drm/drm_fourcc.h | 73 +++- include/standard-headers/linux/ethtool.h | 29 +-- include/standard-headers/linux/input.h

Re: [PATCH v5 3/3] i386: Add notify VM exit support

On 9/10/2022 12:25 AM, Peter Xu wrote: On Wed, Aug 17, 2022 at 10:08:45AM +0800, Chenyi Qiang wrote: There are cases that malicious virtual machine can cause CPU stuck (due to event windows don't open up), e.g., infinite loop in microcode when nested #AC (CVE-2015-5307). No event w

[PATCH v3 0/2] Update linux headers to v6.0-rc4 and fix the clang build error

tps://lore.kernel.org/qemu-devel/20220909035758.17434-1-chenyi.qi...@intel.com/ v1 -> v2: - Change the patch order. (Peter Maydell) - Expand the commit message in patch 1. (Peter Maydell) - v1: https://lore.kernel.org/qemu-devel/20220908080749.32211-1-chenyi.qi...@intel.com/ --- Chenyi Qiang (2): con

[PATCH v6 0/2] Enable notify VM exit

event to avoid lose some synthesized triple fault from KVM. - v1: https://lore.kernel.org/qemu-devel/20220310090205.10645-1-chenyi.qi...@intel.com/ --- Chenyi Qiang (2): i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple fault i386: Add notify VM exit support hw/i386

[PATCH v3 1/2] configure: Add -Wno-gnu-variable-sized-type-not-at-end

ge enough for 1 kvm_msr_entry, a clever trick but requires to turn off this clang warning. Suggested-by: Daniel P. Berrangé Reviewed-by: Richard Henderson Reviewed-by: Cornelia Huck Signed-off-by: Chenyi Qiang --- configure | 1 + 1 file changed, 1 insertion(+) diff --git a/configure b/configu

[PATCH v3 2/2] Update linux headers to v6.0-rc4

commit 7e18e42e4b280c85b76967a9106a13ca61c16179 Reviewed-by: Cornelia Huck Signed-off-by: Chenyi Qiang --- include/standard-headers/asm-x86/bootparam.h | 7 +- include/standard-headers/drm/drm_fourcc.h | 73 +++- include/standard-headers/linux/ethtool.h | 29 +-- include

[PATCH v6 1/2] i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple fault

KVM_VCPUEVENT_VALID_TRIPLE_FAULT is defined to signal that the event.triple_fault_pending field contains a valid state if the KVM_CAP_X86_TRIPLE_FAULT_EVENT capability is enabled. Acked-by: Peter Xu Signed-off-by: Chenyi Qiang --- target/i386/cpu.c | 1 + target/i386/cpu.h | 1 + target

[PATCH v6 2/2] i386: Add notify VM exit support

emented by injecting a sythesized triple fault event. Signed-off-by: Chenyi Qiang --- hw/i386/x86.c | 45 +++ include/hw/i386/x86.h | 5 + qemu-options.hx | 10 +- target/i386/kvm/kvm.c | 28 +++ 4 files c

Re: [PATCH v6 2/2] i386: Add notify VM exit support

On 9/17/2022 5:57 AM, Peter Xu wrote: On Thu, Sep 15, 2022 at 05:28:39PM +0800, Chenyi Qiang wrote: There are cases that malicious virtual machine can cause CPU stuck (due to event windows don't open up), e.g., infinite loop in microcode when nested #AC (CVE-2015-5307). No event window

Re: [PATCH v6 2/2] i386: Add notify VM exit support

On 9/19/2022 11:53 PM, Peter Xu wrote: On Mon, Sep 19, 2022 at 01:46:38PM +0800, Chenyi Qiang wrote: On 9/17/2022 5:57 AM, Peter Xu wrote: On Thu, Sep 15, 2022 at 05:28:39PM +0800, Chenyi Qiang wrote: There are cases that malicious virtual machine can cause CPU stuck (due to event

Re: [PATCH v6 2/2] i386: Add notify VM exit support

On 9/20/2022 9:59 PM, Peter Xu wrote: On Tue, Sep 20, 2022 at 01:55:20PM +0800, Chenyi Qiang wrote: @@ -5213,6 +5213,7 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run) break; case KVM_EXIT_NOTIFY: ret = 0; +warn_report_once("KVM: n

Re: [PATCH v3 4/8] target/i386/intel-pt: print special message for INTEL_PT_ADDR_RANGES_NUM

On 12/8/2022 2:25 PM, Xiaoyao Li wrote: > Bit[2:0] of CPUID.14H_01H:EAX stands as a whole for the number of INTEL > PT ADDR RANGES. For unsupported value that exceeds what KVM reports, > report it as a whole in mark_unavailable_features() as well. > Maybe this patch can be put before 3/8. > S

  1   2   >