On 8/29/2023 6:28 PM, Daniel P. Berrangé wrote:
On Mon, Aug 28, 2023 at 09:14:41PM +0800, Xiaoyao Li wrote:
On 8/21/2023 5:58 PM, Daniel P. Berrangé wrote:
On Fri, Aug 18, 2023 at 05:50:30AM -0400, Xiaoyao Li wrote:
Originated-from: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
qapi/run
On 8/29/2023 10:33 PM, Philippe Mathieu-Daudé wrote:
On 18/8/23 11:50, Xiaoyao Li wrote:
Introduce memory_region_init_ram_gmem() to allocate private gmem on the
MemoryRegion initialization. It's for the usercase of TDVF, which must
be private on TDX case.
Signed-off-by: Xiaoyao Li
On 8/29/2023 10:40 PM, Philippe Mathieu-Daudé wrote:
On 18/8/23 11:49, Xiaoyao Li wrote:
Introduce kvm_arch_pre_create_vcpu(), to perform arch-dependent
work prior to create any vcpu. This is for i386 TDX because it needs
call TDX_INIT_VM before creating any vcpu.
Signed-off-by: Xiaoyao Li
Damien Le Moal 于2023年8月29日周二 15:14写道:
>
> On 8/29/23 15:27, Sam Li wrote:
> > Damien Le Moal 于2023年8月29日周二 14:06写道:
> >>
> >> On 8/28/23 20:55, Sam Li wrote:
> >>>>> +/* close one implicitly open zones to make it
Damien Le Moal 于2023年8月29日周二 14:06写道:
>
> On 8/28/23 20:55, Sam Li wrote:
> >>> +/* close one implicitly open zones to make it available */
> >>> +for (int i = s->zoned_header.zone_nr_conv;
> >>> +i < bs->bl.n
The zoned format feature can be tested by:
$ tests/qemu-iotests/check -qcow2 zoned-qcow2
Signed-off-by: Sam Li
Reviewed-by: Stefan Hajnoczi
---
tests/qemu-iotests/tests/zoned-qcow2 | 135 ++
tests/qemu-iotests/tests/zoned-qcow2.out | 140 +++
2 files
corresponding state
changing.
Zoned devices have a limit on zone resources, which puts constraints on
write operations into zones.
Signed-off-by: Sam Li
---
block/qcow2.c | 657 -
block/qcow2.h | 2 +
block/trace-events | 1
file with zoned format, use command like this:
$ qemu-img create -f qcow2 test.qcow2 -o size=768M -o
zone_size=64M -o zone_capacity=64M -o nr_conv_zones=0 -o
max_append_sectors=512 -o max_open_zones=0 -o max_active_zones=0
-o zone_model=1
Signed-off-by: Sam Li
---
block/qcow2.c
cation size
* use bitwise or than addition
* fix wp index overflow and locking
* cleanups: comments, naming
Sam Li (4):
docs/qcow2: add the zoned format feature
qcow2: add configurations for zoned format extension
qcow2: add zoned emulation capability
iotests: test the zoned format f
Add the specs for the zoned format feature of the qcow2 driver.
The qcow2 file can be taken as zoned device and passed through by
virtio-blk device or NVMe ZNS device to the guest given zoned
information.
Signed-off-by: Sam Li
---
docs/system/qemu-block-drivers.rst.inc | 39
Stefan Hajnoczi 于2023年8月21日周一 21:31写道:
>
> On Mon, Aug 14, 2023 at 04:58:00PM +0800, Sam Li wrote:
> > diff --git a/block/qcow2.h b/block/qcow2.h
> > index f789ce3ae0..3694c8d217 100644
> > --- a/block/qcow2.h
> > +++ b/block/qcow2.h
> >
On 8/21/2023 5:58 PM, Daniel P. Berrangé wrote:
On Fri, Aug 18, 2023 at 05:50:30AM -0400, Xiaoyao Li wrote:
Originated-from: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
qapi/run-state.json | 17 +--
softmmu/runstate.c| 49
Stefan Hajnoczi 于2023年8月23日周三 03:48写道:
>
> On Mon, Aug 14, 2023 at 04:58:01PM +0800, Sam Li wrote:
> > By adding zone operations and zoned metadata, the zoned emulation
> > capability enables full emulation support of zoned device using
> > a qcow2 file. The zoned devic
Damien Le Moal 于2023年8月28日周一 18:22写道:
>
> On 8/28/23 19:18, Sam Li wrote:
> > Damien Le Moal 于2023年8月28日周一 18:13写道:
> >>
> >> On 8/28/23 18:22, Sam Li wrote:
> >>> Stefan Hajnoczi 于2023年8月21日周一 21:31写道:
> >>>>
> >>>> On
Damien Le Moal 于2023年8月28日周一 18:13写道:
>
> On 8/28/23 18:22, Sam Li wrote:
> > Stefan Hajnoczi 于2023年8月21日周一 21:31写道:
> >>
> >> On Mon, Aug 14, 2023 at 04:58:00PM +0800, Sam Li wrote:
> >>> diff --git a/block/qcow2.h b/block/qcow2.h
> >>>
Stefan Hajnoczi 于2023年8月21日周一 21:31写道:
>
> On Mon, Aug 14, 2023 at 04:58:00PM +0800, Sam Li wrote:
> > diff --git a/block/qcow2.h b/block/qcow2.h
> > index f789ce3ae0..3694c8d217 100644
> > --- a/block/qcow2.h
> > +++ b/block/qcow2.h
> >
Markus Armbruster 于2023年8月21日周一 21:13写道:
>
> Sam Li writes:
>
> > To configure the zoned format feature on the qcow2 driver, it
> > requires following arguments: the device size, zoned profile,
> > zoned model, zone size, zone capacity, number of conventional
> >
When the zoned request fail, it needs to update only the wp of
the target zones for not disrupting the in-flight writes on
these other zones. The wp is updated successfully after the
request completes.
Fixed the callers with right offset and nr_zones.
Signed-off-by: Sam Li
---
block/file
Damien Le Moal 于2023年8月25日周五 11:32写道:
>
> On 8/25/23 12:05, Sam Li wrote:
> > Damien Le Moal 于2023年8月25日周五 07:49写道:
> >>
> >> On 8/25/23 02:39, Sam Li wrote:
> >>> When the zoned requests that may change wp fail, it needs to
> >>> update
Damien Le Moal 于2023年8月25日周五 07:49写道:
>
> On 8/25/23 02:39, Sam Li wrote:
> > When the zoned requests that may change wp fail, it needs to
> > update only wps of the zones within the range of the requests
> > for not disrupting the other in-flight requests. The wp is
-by: Sam Li
---
block/file-posix.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/block/file-posix.c b/block/file-posix.c
index b16e9c21a1..22559d6c2d 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -2522,7 +2522,8 @@ out:
}
} else
Hanna Czenczek 于2023年8月24日周四 23:53写道:
>
> We duplicate the same condition three times here, pull it out to the top
> level.
>
> Signed-off-by: Hanna Czenczek
> ---
> block/file-posix.c | 18 +-
> 1 file changed, 5 insertions(+), 13 deletions(-)
Reviewed-by: Sam Li
Hi Hanna,
Hanna Czenczek 于2023年8月24日周四 23:53写道:
>
> Hi,
>
> As presented in [1] there is a bug in the zone code in raw_co_prw(),
> specifically we don’t check whether there actually is zone information
> before running code that assumes there is (and thus we run into a
> division by zero). This
e-posix.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
Reviewed-by: Sam Li
ng other than BLK_Z_NONE, other values and objects
> like bs->wps and bs->bl.zone_size must be non-null/zero and valid; if it
> is not, we cannot rely on their validity.
>
> Signed-off-by: Hanna Czenczek
> ---
> block/file-posix.c | 12 +++-
> 1 file changed, 7 insertions(+), 5 deletions(-)
Reviewed-by: Sam Li
a memory leak in the last error path in
> raw_refresh_zoned_limits().
>
> Signed-off-by: Hanna Czenczek
> ---
> block/file-posix.c | 21 -
> 1 file changed, 12 insertions(+), 9 deletions(-)
Reviewed-by: Sam Li
On 8/24/2023 3:21 PM, Chenyi Qiang wrote:
On 8/18/2023 5:50 PM, Xiaoyao Li wrote:
From: Chenyi Qiang
To avoid no response from QGS server, setup a timer for the transaction. If
timeout, make it an error and interrupt guest. Define the threshold of time
to 30s at present, maybe change
On 8/24/2023 3:50 PM, Xiaoyao Li wrote:
On 8/24/2023 3:41 AM, Isaku Yamahata wrote:
On Fri, Aug 18, 2023 at 05:50:16AM -0400,
Xiaoyao Li wrote:
Add UEFI definitions for literals, enums, structs, GUIDs, etc... that
will be used by TDX to build the UEFI Hand-Off Block (HOB) that is
passed
On 8/24/2023 3:41 AM, Isaku Yamahata wrote:
On Fri, Aug 18, 2023 at 05:50:16AM -0400,
Xiaoyao Li wrote:
Add UEFI definitions for literals, enums, structs, GUIDs, etc... that
will be used by TDX to build the UEFI Hand-Off Block (HOB) that is passed
to the Trusted Domain Virtual Firmware (TDVF
a07d ("hw/virtio: generalise CHR_EVENT_CLOSED handling")
Signed-off-by: Li Feng
---
hw/block/vhost-user-blk.c | 2 +-
hw/scsi/vhost-user-scsi.c | 3 ++-
hw/virtio/vhost-user-gpio.c| 2 +-
hw/virtio/vhost-user.c | 10 --
include/hw/virtio/vhost-user.h | 4 ++
/
Changes for v2:
- Add a event_cb in VhostAsyncCallback to be called when dev is NULL;
- Fix the error report message.
Li Feng (2):
vhost-user: Fix lost reconnect
vhost: Add Error parameter to vhost_scsi_common_start()
hw/block/vhost-user-blk.c | 2 +-
hw/scsi/vhost-scsi
Add a Error parameter to report the real error, like vhost-user-blk.
Signed-off-by: Li Feng
---
hw/scsi/vhost-scsi-common.c | 16 +---
hw/scsi/vhost-scsi.c | 5 +++--
hw/scsi/vhost-user-scsi.c | 14 --
include/hw/virtio/vhost-scsi
> On 22 Aug 2023, at 6:17 PM, Raphael Norwitz
> wrote:
>
>
>
>> On Aug 22, 2023, at 12:49 AM, Li Feng wrote:
>>
>>
>>
>>> On 22 Aug 2023, at 8:38 AM, Raphael Norwitz
>>> wrote:
>>>
>>>>
>>>>
Klaus Jensen 于2023年8月24日周四 02:53写道:
>
> On Aug 23 22:58, Sam Li wrote:
> > Stefan Hajnoczi 于2023年8月23日周三 22:41写道:
> > >
> > > On Wed, 23 Aug 2023 at 10:24, Sam Li wrote:
> > > >
> > > > Hi Stefan,
> > > >
> > > >
Stefan Hajnoczi 于2023年8月23日周三 22:41写道:
>
> On Wed, 23 Aug 2023 at 10:24, Sam Li wrote:
> >
> > Hi Stefan,
> >
> > Stefan Hajnoczi 于2023年8月23日周三 21:26写道:
> > >
> > > Hi Sam and Klaus,
> > > Val is adding nvme-io_uring ZNS suppor
Hi Stefan,
Stefan Hajnoczi 于2023年8月23日周三 21:26写道:
>
> Hi Sam and Klaus,
> Val is adding nvme-io_uring ZNS support to libblkio
> (https://gitlab.com/libblkio/libblkio/-/merge_requests/221) and asked
> how to test the size of the last zone when the namespace's total size
> is not a multiple of the
On 8/22/2023 10:42 PM, Daniel P. Berrangé wrote:
On Tue, Aug 22, 2023 at 10:30:47PM +0800, Xiaoyao Li wrote:
On 8/21/2023 5:16 PM, Daniel P. Berrangé wrote:
On Fri, Aug 18, 2023 at 05:50:01AM -0400, Xiaoyao Li wrote:
Validate TD attributes with tdx_caps that fixed-0 bits must be zero
On 8/22/2023 2:22 PM, Markus Armbruster wrote:
Xiaoyao Li writes:
Introduce tdx-guest object which implements the interface of
CONFIDENTIAL_GUEST_SUPPORT, and will be used to create TDX VMs (TDs) by
qemu -machine ...,confidential-guest-support=tdx0\
-object tdx-guset,id=tdx0
On 8/22/2023 7:00 AM, Isaku Yamahata wrote:
On Fri, Aug 18, 2023 at 05:49:51AM -0400,
Xiaoyao Li wrote:
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index 56cb826f6125..3198bc9fd5fb 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
...
+static inline uint32_t
On 8/22/2023 7:40 AM, Isaku Yamahata wrote:
On Fri, Aug 18, 2023 at 05:50:15AM -0400,
Xiaoyao Li wrote:
diff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h
index e9d2888162ce..9b3c427766ef 100644
--- a/target/i386/kvm/tdx.h
+++ b/target/i386/kvm/tdx.h
@@ -15,6 +15,17 @@ typedef struct
On 8/21/2023 5:38 PM, Daniel P. Berrangé wrote:
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index bb806736b4ff..ed617ebab266 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
+static int tdx_accept_ram_range(uint64_t address, uint64_t length)
+{
+uint64_t
On 8/21/2023 5:16 PM, Daniel P. Berrangé wrote:
On Fri, Aug 18, 2023 at 05:50:01AM -0400, Xiaoyao Li wrote:
Validate TD attributes with tdx_caps that fixed-0 bits must be zero and
fixed-1 bits must be set.
Besides, sanity check the attribute bits that have not been supported by
QEMU yet. e.g
On 8/21/2023 5:16 PM, Daniel P. Berrangé wrote:
On Fri, Aug 18, 2023 at 05:50:01AM -0400, Xiaoyao Li wrote:
Validate TD attributes with tdx_caps that fixed-0 bits must be zero and
fixed-1 bits must be set.
Besides, sanity check the attribute bits that have not been supported by
QEMU yet. e.g
On 8/22/2023 2:27 PM, Markus Armbruster wrote:
Daniel P. Berrangé writes:
On Fri, Aug 18, 2023 at 05:49:58AM -0400, Xiaoyao Li wrote:
Bit 28 of TD attribute, named SEPT_VE_DISABLE. When set to 1, it disables
EPT violation conversion to #VE on guest TD access of PENDING pages.
Some guest OS
On 8/21/2023 4:48 PM, Daniel P. Berrangé wrote:
On Fri, Aug 18, 2023 at 05:49:50AM -0400, Xiaoyao Li wrote:
It will need special handling for TDX VMs all around the QEMU.
Introduce is_tdx_vm() helper to query if it's a TDX VM.
Cache tdx_guest object thus no need to cast from ms->cgs every t
On 8/21/2023 4:46 PM, Daniel P. Berrangé wrote:
On Fri, Aug 18, 2023 at 05:49:49AM -0400, Xiaoyao Li wrote:
KVM provides TDX capabilities via sub command KVM_TDX_CAPABILITIES of
IOCTL(KVM_MEMORY_ENCRYPT_OP). Get the capabilities when initializing
TDX context. It will be used to validate user's
On 22 Aug 2023, at 8:38 AM, Raphael Norwitz
wrote:
On Aug 17, 2023, at 2:40 AM, Li Feng wrote:
2023年8月14日 下午8:11,Raphael Norwitz 写道:
Why can’t we rather fix this by adding a “event_cb” param to
vhost_user_async_close and then call qemu_chr_fe_set_handlers in
vhost_user_async_close_bh
On 21 Aug 2023, at 8:09 PM, Markus Armbruster wrote:
Li Feng writes:
2023年8月14日 下午8:11,Raphael Norwitz 写道:
Thanks for the cleanup! A few comments.
On Aug 4, 2023, at 1:29 AM, Li Feng wrote:
Add a Error parameter to report the real error, like vhost-user-blk.
Signed-off-by: Li Feng
On 8/21/2023 4:27 PM, Daniel P. Berrangé wrote:
On Fri, Aug 18, 2023 at 05:49:46AM -0400, Xiaoyao Li wrote:
TDX VM requires VM type KVM_X86_TDX_VM to be passed to
kvm_ioctl(KVM_CREATE_VM).
If tdx-guest object is specified to confidential-guest-support, like,
qemu -machine ...,confidential
KVM doesn't allow wirting to MSR_IA32_APICBASE for TDs.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/kvm.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 53d8d65f6667..d542351983cd 100644
--- a/target/i386
TDX CPU state is protected and thus vcpu state cann't be reset by VMM.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/kvm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 601683d836c8..50b0218a8044
Originated-from: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
qapi/run-state.json | 17 +--
softmmu/runstate.c| 49 +++
target/i386/kvm/tdx.c | 24 -
3 files changed, 87 insertions(+), 3 deletions(-)
diff --git
the server
returns.
Set the io channel non-blocking and register the socket fd with the main
loop. Move the read operation into the callback. When the fd is readable,
inovke the callback to handle the quote data.
Signed-off-by: Chenyi Qiang
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c
.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
hw/i386/x86.c | 1 +
include/hw/i386/x86.h | 1 +
target/i386/kvm/tdx.c | 2 ++
3 files changed, 4 insertions(+)
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index a0c9f4d646e2..567384484244 100644
--- a/hw/i386/x86.c
+++ b/hw/i386
Add docs/system/i386/tdx.rst for TDX support, and add tdx in
confidential-guest-support.rst
Signed-off-by: Xiaoyao Li
---
Changes since v1:
- Add prerequisite of private gmem;
- update example command to launch TD;
Changes since RFC v4:
- add the restriction that kernel-irqchip must
TDX doesn't support SMM and VMM cannot emulate SMM for TDX VMs because
VMM cannot manipulate TDX VM's memory.
Disable SMM for TDX VMs and error out if user requests to enable SMM.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/tdx.c | 8
1 file changed, 8
Christopherson
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/kvm.c | 11 +++
1 file changed, 11 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index d542351983cd..1422c79aca40 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 19 ++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index 0c43c1f7759f..ced55be506d1 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
@@ -994,12 +994,16
-by: Xiaoyao Li
---
target/i386/kvm/kvm.c | 9 ++
target/i386/kvm/tdx-stub.c | 4 +++
target/i386/kvm/tdx.c | 61 ++
target/i386/kvm/tdx.h | 6
4 files changed, 80 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index
LMCE is not supported TDX since KVM doesn't provide emulation for
MSR_IA32_FEAT_CTL.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/kvm-cpu.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target/i386/kvm/kvm-cpu.c b/target/i386/kvm/kvm-cpu.c
index 7237378a7d4e..bec8b5f918e7 100644
mmand line example:
qemu-system-x86_64 \
-object 'tdx-guest,id=tdx0,quote-generation-service=localhost:1234' \
-machine confidential-guest-support=tdx0
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
qapi/qom.json | 5 +-
target/i386/kvm/tdx.c | 380 +++
From: Chao Peng
Allocate private gmem memory for BIOS if it's TD VM.
Signed-off-by: Chao Peng
Co-developed-by: Xiaoyao Li
Signed-off-by: Xiaoyao Li
---
hw/i386/x86.c | 9 -
target/i386/kvm/tdx.c | 17 +
target/i386/kvm/tdx.h | 2 ++
3 files changed, 27
From: Isaku Yamahata
TSC of TDs is not accessible and KVM doesn't allow access of
MSR_IA32_TSC for TDs. To avoid the assert() in kvm_get_tsc, make
kvm_synchronize_all_tsc() noop for TDs,
Signed-off-by: Isaku Yamahata
Reviewed-by: Connor Kuehl
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 40
1 file changed, 40 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index ced55be506d1..f111b46dac92 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm/tdx.c
and error out if user wants PIC.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/tdx.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index f9d03ab0f461..23ecd84a9e21 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/kvm
Invoke KVM_TDX_FINALIZE_VM to finalize the TD's measurement and make
the TD vCPUs runnable once machine initialization is complete.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/tdx.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/target/i386/kvm/tdx.c b
TDX vcpu needs to be initialized by SEAMCALL(TDH.VP.INIT) and KVM
provides vcpu level IOCTL KVM_TDX_INIT_VCPU for it.
KVM_TDX_INIT_VCPU needs the address of the HOB as input. Invoke it for
each vcpu after HOB list is created.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386
From: Isaku Yamahata
When level trigger isn't supported on x86 platform,
forcibly report edge trigger in acpi tables.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
hw/i386/acpi-build.c | 99 ---
hw/i386/acpi
For TDs, only MSR_IA32_UCODE_REV in kvm_init_msrs() can be configured
by VMM, while the features enumerated/controlled by other MSRs except
MSR_IA32_UCODE_REV in kvm_init_msrs() are not under control of VMM.
Only configure MSR_IA32_UCODE_REV for TDs.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd
=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
TODO:
- community requests to use base64 encoding if no special reason
---
qapi/qom.json | 11 ++-
target/i386/kvm/tdx.c | 13
TDX doesn't support map different GPAs to same private memory. Thus,
aliasing top 128KB of BIOS as isa-bios is not supported.
On the other hand, TDX guest cannot go to real mode, it can work fine
without isa-bios.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
Changes from RFC v4
to do the stuff.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
hw/i386/tdvf.c | 1 +
include/hw/i386/tdvf.h | 7 +++
target/i386/kvm/tdx.c | 31 +++
3 files changed, 39 insertions(+)
diff --git a/hw/i386/tdvf.c b/hw/i386/tdvf.c
index ff51f40088f0
Introduce tdx_kvm_init() and invoke it in kvm_confidential_guest_init()
if it's a TDX VM. More initialization will be added later.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/kvm.c | 15 ++-
target/i386/kvm/meson.build | 2 +-
target/i386/kvm/tdx
ion
Originated-from: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 22 ++
1 file changed, 22 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c
index 8a2491ed03c2..775110f8bd02 100644
--- a/target/i386/kvm/tdx.c
+++ b/target/i386/
Introduce memory_region_init_ram_gmem() to allocate private gmem on the
MemoryRegion initialization. It's for the usercase of TDVF, which must
be private on TDX case.
Signed-off-by: Xiaoyao Li
---
include/exec/memory.h | 6 +
softmmu/memory.c | 52
From: Isaku Yamahata
Allocate private gmem for TD guest, if the MemoryRegion is memory
backend and has private property on.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 27 +--
1 file changed, 25 insertions(+), 2 deletions
Validate TD attributes with tdx_caps that fixed-0 bits must be zero and
fixed-1 bits must be set.
Besides, sanity check the attribute bits that have not been supported by
QEMU yet. e.g., debug bit, it will be allowed in the future when debug
TD support lands in QEMU.
Signed-off-by: Xiaoyao Li
, EFI_RESOURCE_MEMORY_UNACCEPTED will be added in future UEFI spec.
[1]
https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-virtual-firmware-design-guide-rev-1.pdf
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
include/standard-headers/uefi/uefi.h | 198 +++
1 file
For TDX, the address below 1MB are entirely general RAM. No need to
initialize pc.rom memory region for TDs.
Signed-off-by: Xiaoyao Li
---
This is more as a workaround of the issue that for q35 machine type, the
real memslot update (which requires memslot deletion )for pc.rom happens
after
-by: Isaku Yamahata
Co-developed-by: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
Changes from RFC v4:
- drop the code of adding mmio resources since OVMF prepares all the
MMIO hob itself.
---
hw/i386/meson.build | 2
From: Isaku Yamahata
TDVF firmware (CODE and VARS) needs to be added/copied to TD's private
memory via KVM_TDX_INIT_MEM_REGION, as well as TD HOB and TEMP memory.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
Changes from RFC v4:
- rename variable
From: Isaku Yamahata
Because vMMIO region needs to be shared region, guest TD may explicitly
convert such region from private to shared. Don't complain such
conversion.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
accel/kvm/kvm-all.c | 20 ++--
1 file changed
TD runs and no need to be accepted runtime.
The TdxRamEntries[] are later used to setup the memory TD resource HOB
that passes memory info from QEMU to TDVF.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
Changes from RFC v4:
- simplify the algorithm of tdx_accept_ram_range
that is the offset of TDX metadata to the end
of firmware file.
Select X86_FW_OVMF when TDX is enable to leverage existing functions
to parse and search OVMF's GUID-ed structures.
Signed-off-by: Isaku Yamahata
Co-developed-by: Xiaoyao Li
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
Changes from
Introduce kvm_arch_pre_create_vcpu(), to perform arch-dependent
work prior to create any vcpu. This is for i386 TDX because it needs
call TDX_INIT_VM before creating any vcpu.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
accel/kvm/kvm-all.c | 12
include/sysemu/kvm.h
TDX cannot support pflash device since it doesn't support read-only
memslot and doesn't support emulation. Load TDVF(OVMF) with -bios option
for TDs.
When boot a TD, besides load TDVF to the address below 4G, it needs
parse TDVF metadata.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
For QEMU VMs, PKS is configured via CPUID_7_0_ECX_PKS and PMU is
configured by x86cpu->enable_pmu. Reuse the existing configuration
interface for TDX VMs.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/tdx.c | 14 +-
1 file changed, 13 insertions(+)
overs the other part of type #1);
- fix the ones in vmm_fixup;
- filter the one has valid .supported field;
(Calculated type is ignored since it's determined at runtime).
Co-developed-by: Chenyi Qiang
Signed-off-by: Chenyi Qiang
Signed-off-by: Xiaoyao Li
---
target/i386/cpu.h | 16 +++
t
Introduce a separate function kvm_confidential_guest_init() for SEV (and
future TDX).
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
target/i386/kvm/kvm.c | 11 ++-
target/i386/sev.c | 1 -
target/i386/sev.h | 2 ++
3 files changed, 12 insertions(+), 2 deletions
conversion request of non-assigned region to shared and return
success. Otherwise OVMF is confused and panics there.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
accel/kvm/kvm-all.c | 12
1 file changed, 12 insertions(+)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm
TDX only supports readonly for shared memory but not for private memory.
In the view of QEMU, it has no idea whether a memslot is used as shared
memory of private. Thus just mark kvm_readonly_mem_enabled to false to
TDX VM for simplicity.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
Reuse "-cpu,tsc-frequency=" to get user wanted tsc frequency and call VM
scope VM_SET_TSC_KHZ to set the tsc frequency of TD before KVM_TDX_INIT_VM.
Besides, sanity check the tsc frequency to be in the legal range and
legal granularity (required by TDX module).
Signed-off-by: Xiaoyao
From: Isaku Yamahata
Implement property_add_sha384() which converts hex string <-> uint8_t[48]
It will be used for TDX which uses sha384 for measurement.
Signed-off-by: Isaku Yamahata
Signed-off-by: Xiaoyao Li
---
include/qom/object.h | 17 ++
qom/object.c
From: Sean Christopherson
Move the architectural (for lack of a better term) CPUID leaf generation
to a separate helper so that the generation code can be reused by TDX,
which needs to generate a canonical VM-scoped configuration.
Signed-off-by: Sean Christopherson
Signed-off-by: Xiaoyao Li
to configure
this bit.
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
qapi/qom.json | 4 +++-
target/i386/kvm/tdx.c | 24
2 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/qapi/qom.json b/qapi/qom.json
index 2ca7ce7c0da5..cc08b9a98df9 100644
, QEMU chooses to try starting with a known number
and abort when it exceeds KVM_MAX_CPUID_ENTRIES.
Besides, introduce the interfaces to invoke TDX "ioctls" at different
scope (KVM, VM and VCPU) in preparation.
Signed-off-by: Xiaoyao Li
---
changes from v1:
- Make the error message
From: Isaku Yamahata
For TDX KVM use case, Linux guest is the most major one. It requires
sept_ve_disable set. Make it default for the main use case. For other use
case, it can be enabled/disabled via qemu command line.
Signed-off-by: Isaku Yamahata
---
target/i386/kvm/tdx.c | 2 +-
1 file
by removing the bits that
reported from TDX module as configurable. This can adapt with the
updated TDX (module) automatically.
Signed-off-by: Xiaoyao Li
---
target/i386/kvm/tdx.c | 30 ++
1 file changed, 30 insertions(+)
diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm
may change the CPUID
configuration when creating vCPUs, i.e. punts on refactoring QEMU to
provide a stable CPUID config prior to kvm_arch_init().
Signed-off-by: Xiaoyao Li
Acked-by: Gerd Hoffmann
---
accel/kvm/kvm-all.c| 9 +++-
target/i386/kvm/kvm.c | 8 +++
target/i386
KVM requires userspace to pass XFAM configuration via CPUID 0xD leaves.
Convert tdx_caps->xfam_fixed0/1 into corresponding
tdx_cpuid_lookup[].tdx_fixed0/1 field of CPUID 0xD leaves. Thus the
requirement can be applied naturally.
Signed-off-by: Xiaoyao Li
---
target/i386/cpu.c |
801 - 900 of 6550 matches
Mail list logo
