[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 44894a: memory: Add RAM_PROTECTED flag to ski
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] 44894a: memory: Add RAM_PROTECTED flag to skip IOMMU mappings |
|
Date: |
Wed, 29 Sep 2021 02:01:28 -0700 |
Branch: refs/heads/staging
Home: https://github.com/qemu/qemu
Commit: 44894aa08e1eaa1a7a11ea28b1e8cf6301aa679e
https://github.com/qemu/qemu/commit/44894aa08e1eaa1a7a11ea28b1e8cf6301aa679e
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M hw/vfio/common.c
M include/exec/memory.h
M softmmu/memory.c
M softmmu/physmem.c
Log Message:
-----------
memory: Add RAM_PROTECTED flag to skip IOMMU mappings
Add a new RAMBlock flag to denote "protected" memory, i.e. memory that
looks and acts like RAM but is inaccessible via normal mechanisms,
including DMA. Use the flag to skip protected memory regions when
mapping RAM for DMA in VFIO.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: b21c676be94296e99279484e5d576a6a54f0cf4a
https://github.com/qemu/qemu/commit/b21c676be94296e99279484e5d576a6a54f0cf4a
Author: Yang Zhong <yang.zhong@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M configs/devices/i386-softmmu/default.mak
M hw/i386/Kconfig
Log Message:
-----------
Kconfig: Add CONFIG_SGX support
Add new CONFIG_SGX for sgx support in the Qemu, and the Kconfig
default enable sgx in the i386 platform.
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-32-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 031c00a61769ab3d4711afd1b39470dcaf403ff1
https://github.com/qemu/qemu/commit/031c00a61769ab3d4711afd1b39470dcaf403ff1
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
A backends/hostmem-epc.c
M backends/meson.build
A include/hw/i386/hostmem-epc.h
Log Message:
-----------
hostmem: Add hostmem-epc as a backend for SGX EPC
EPC (Enclave Page Cahe) is a specialized type of memory used by Intel
SGX (Software Guard Extensions). The SDM desribes EPC as:
The Enclave Page Cache (EPC) is the secure storage used to store
enclave pages when they are a part of an executing enclave. For an
EPC page, hardware performs additional access control checks to
restrict access to the page. After the current page access checks
and translations are performed, the hardware checks that the EPC
page is accessible to the program currently executing. Generally an
EPC page is only accessed by the owner of the executing enclave or
an instruction which is setting up an EPC page.
Because of its unique requirements, Linux manages EPC separately from
normal memory. Similar to memfd, the device /dev/sgx_vepc can be
opened to obtain a file descriptor which can in turn be used to mmap()
EPC memory.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-3-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: fbe2199e2115aefbd161cddca2e7d00b823b6e09
https://github.com/qemu/qemu/commit/fbe2199e2115aefbd161cddca2e7d00b823b6e09
Author: Yang Zhong <yang.zhong@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M qapi/qom.json
Log Message:
-----------
qom: Add memory-backend-epc ObjectOptions support
Add the new 'memory-backend-epc' user creatable QOM object in
the ObjectOptions to support SGX since v6.1, or the sgx backend
object cannot bootup.
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-4-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 0407a016916e37ea1b0eb3b37208d63709b25577
https://github.com/qemu/qemu/commit/0407a016916e37ea1b0eb3b37208d63709b25577
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M hw/i386/meson.build
A hw/i386/sgx-epc.c
A include/hw/i386/sgx-epc.h
Log Message:
-----------
i386: Add 'sgx-epc' device to expose EPC sections to guest
SGX EPC is enumerated through CPUID, i.e. EPC "devices" need to be
realized prior to realizing the vCPUs themselves, which occurs long
before generic devices are parsed and realized. Because of this,
do not allow 'sgx-epc' devices to be instantiated after vCPUS have
been created.
The 'sgx-epc' device is essentially a placholder at this time, it will
be fully implemented in a future patch along with a dedicated command
to create 'sgx-epc' devices.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-5-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: c0e96d02a98eefb00c6e601bea0a5d82be55d8a8
https://github.com/qemu/qemu/commit/c0e96d02a98eefb00c6e601bea0a5d82be55d8a8
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M hw/i386/sgx-epc.c
M hw/i386/x86.c
M include/hw/i386/pc.h
M include/hw/i386/sgx-epc.h
M include/hw/i386/x86.h
M qapi/machine.json
M qemu-options.hx
Log Message:
-----------
vl: Add sgx compound properties to expose SGX EPC sections to guest
Because SGX EPC is enumerated through CPUID, EPC "devices" need to be
realized prior to realizing the vCPUs themselves, i.e. long before
generic devices are parsed and realized. From a virtualization
perspective, the CPUID aspect also means that EPC sections cannot be
hotplugged without paravirtualizing the guest kernel (hardware does
not support hotplugging as EPC sections must be locked down during
pre-boot to provide EPC's security properties).
So even though EPC sections could be realized through the generic
-devices command, they need to be created much earlier for them to
actually be usable by the guest. Place all EPC sections in a
contiguous block, somewhat arbitrarily starting after RAM above 4g.
Ensuring EPC is in a contiguous region simplifies calculations, e.g.
device memory base, PCI hole, etc..., allows dynamic calculation of the
total EPC size, e.g. exposing EPC to guests does not require -maxmem,
and last but not least allows all of EPC to be enumerated in a single
ACPI entry, which is expected by some kernels, e.g. Windows 7 and 8.
The new compound properties command for sgx like below:
......
-object memory-backend-epc,id=mem1,size=28M,prealloc=on \
-object memory-backend-epc,id=mem2,size=10M \
-M sgx-epc.0.memdev=mem1,sgx-epc.1.memdev=mem2
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-6-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 2a1c0c606a7003b3673e578206035917036dd481
https://github.com/qemu/qemu/commit/2a1c0c606a7003b3673e578206035917036dd481
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M target/i386/cpu.c
M target/i386/cpu.h
Log Message:
-----------
i386: Add primary SGX CPUID and MSR defines
Add CPUID defines for SGX and SGX Launch Control (LC), as well as
defines for their associated FEATURE_CONTROL MSR bits. Define the
Launch Enclave Public Key Hash MSRs (LE Hash MSRs), which exist
when SGX LC is present (in CPUID), and are writable when SGX LC is
enabled (in FEATURE_CONTROL).
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-7-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 30e42f5fa24830736f4967e6ba927f06a7a3de98
https://github.com/qemu/qemu/commit/30e42f5fa24830736f4967e6ba927f06a7a3de98
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M target/i386/cpu.c
M target/i386/cpu.h
Log Message:
-----------
i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX
CPUID leaf 12_0_EAX is an Intel-defined feature bits leaf enumerating
the CPU's SGX capabilities, e.g. supported SGX instruction sets.
Currently there are four enumerated capabilities:
- SGX1 instruction set, i.e. "base" SGX
- SGX2 instruction set for dynamic EPC management
- ENCLV instruction set for VMM oversubscription of EPC
- ENCLS-C instruction set for thread safe variants of ENCLS
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-8-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 6ac1b5c6fd8b58ad409d388854bf6179d1aab806
https://github.com/qemu/qemu/commit/6ac1b5c6fd8b58ad409d388854bf6179d1aab806
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M target/i386/cpu.c
M target/i386/cpu.h
Log Message:
-----------
i386: Add SGX CPUID leaf FEAT_SGX_12_0_EBX
CPUID leaf 12_0_EBX is an Intel-defined feature bits leaf enumerating
the platform's SGX extended capabilities. Currently there is a single
capabilitiy:
- EXINFO: record information about #PFs and #GPs in the enclave's SSA
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-9-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: c2fce7cff0b7003632dbe207ff8da7d9762b7093
https://github.com/qemu/qemu/commit/c2fce7cff0b7003632dbe207ff8da7d9762b7093
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M target/i386/cpu.c
M target/i386/cpu.h
Log Message:
-----------
i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX
CPUID leaf 12_1_EAX is an Intel-defined feature bits leaf enumerating
the platform's SGX capabilities that may be utilized by an enclave, e.g.
whether or not an enclave can gain access to the provision key.
Currently there are six capabilities:
- INIT: set when the enclave has has been initialized by EINIT. Cannot
be set by software, i.e. forced to zero in CPUID.
- DEBUG: permits a debugger to read/write into the enclave.
- MODE64BIT: the enclave runs in 64-bit mode
- PROVISIONKEY: grants has access to the provision key
- EINITTOKENKEY: grants access to the EINIT token key, i.e. the
enclave can generate EINIT tokens
- KSS: Key Separation and Sharing enabled for the enclave.
Note that the entirety of CPUID.0x12.0x1, i.e. all registers, enumerates
the allowed ATTRIBUTES (128 bits), but only bits 31:0 are directly
exposed to the user (via FEAT_12_1_EAX). Bits 63:32 are currently all
reserved and bits 127:64 correspond to the allowed XSAVE Feature Request
Mask, which is calculated based on other CPU features, e.g. XSAVE, MPX,
AVX, etc... and is not exposed to the user.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-10-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: a04e4118b4b4a870f997fcd2cfa753eed4fe03fb
https://github.com/qemu/qemu/commit/a04e4118b4b4a870f997fcd2cfa753eed4fe03fb
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M target/i386/cpu.c
M target/i386/cpu.h
M target/i386/kvm/kvm.c
M target/i386/machine.c
Log Message:
-----------
i386: Add get/set/migrate support for SGX_LEPUBKEYHASH MSRs
On real hardware, on systems that supports SGX Launch Control, those
MSRs are initialized to digest of Intel's signing key; on systems that
don't support SGX Launch Control, those MSRs are not available but
hardware always uses digest of Intel's signing key in EINIT.
KVM advertises SGX LC via CPUID if and only if the MSRs are writable.
Unconditionally initialize those MSRs to digest of Intel's signing key
when CPU is realized and reset to reflect the fact. This avoids
potential bug in case kvm_arch_put_registers() is called before
kvm_arch_get_registers() is called, in which case guest's virtual
SGX_LEPUBKEYHASH MSRs will be set to 0, although KVM initializes those
to digest of Intel's signing key by default, since KVM allows those MSRs
to be updated by Qemu to support live migration.
Save/restore the SGX Launch Enclave Public Key Hash MSRs if SGX Launch
Control (LC) is exposed to the guest. Likewise, migrate the MSRs if they
are writable by the guest.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Kai Huang <kai.huang@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-11-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 5fc7d156fc187bd84221f06f11ec1ea3526be2ed
https://github.com/qemu/qemu/commit/5fc7d156fc187bd84221f06f11ec1ea3526be2ed
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M target/i386/kvm/kvm.c
Log Message:
-----------
i386: Add feature control MSR dependency when SGX is enabled
SGX adds multiple flags to FEATURE_CONTROL to enable SGX and Flexible
Launch Control.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-12-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: eb05f519d6e3737ebdfe8ef4bbe7e9f5a8b370a4
https://github.com/qemu/qemu/commit/eb05f519d6e3737ebdfe8ef4bbe7e9f5a8b370a4
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M hw/i386/meson.build
A hw/i386/sgx-stub.c
A hw/i386/sgx.c
M include/hw/i386/pc.h
M include/hw/i386/sgx-epc.h
M target/i386/cpu.c
Log Message:
-----------
i386: Update SGX CPUID info according to hardware/KVM/user input
Expose SGX to the guest if and only if KVM is enabled and supports
virtualization of SGX. While the majority of ENCLS can be emulated to
some degree, because SGX uses a hardware-based root of trust, the
attestation aspects of SGX cannot be emulated in software, i.e.
ultimately emulation will fail as software cannot generate a valid
quote/report. The complexity of partially emulating SGX in Qemu far
outweighs the value added, e.g. an SGX specific simulator for userspace
applications can emulate SGX for development and testing purposes.
Note, access to the PROVISIONKEY is not yet advertised to the guest as
KVM blocks access to the PROVISIONKEY by default and requires userspace
to provide additional credentials (via ioctl()) to expose PROVISIONKEY.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-13-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: b6326a2870802f32a82c9673292a7eeac3c01e27
https://github.com/qemu/qemu/commit/b6326a2870802f32a82c9673292a7eeac3c01e27
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M target/i386/cpu.c
M target/i386/kvm/kvm.c
M target/i386/kvm/kvm_i386.h
Log Message:
-----------
i386: kvm: Add support for exposing PROVISIONKEY to guest
If the guest want to fully use SGX, the guest needs to be able to
access provisioning key. Add a new KVM_CAP_SGX_ATTRIBUTE to KVM to
support provisioning key to KVM guests.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-14-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 2d54388b3ac4402bbef8731443fd452400039c77
https://github.com/qemu/qemu/commit/2d54388b3ac4402bbef8731443fd452400039c77
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M target/i386/kvm/kvm.c
Log Message:
-----------
i386: Propagate SGX CPUID sub-leafs to KVM
The SGX sub-leafs are enumerated at CPUID 0x12. Indices 0 and 1 are
always present when SGX is supported, and enumerate SGX features and
capabilities. Indices >=2 are directly correlated with the platform's
EPC sections. Because the number of EPC sections is dynamic and user
defined, the number of SGX sub-leafs is "NULL" terminated.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-15-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 3d1bc48520ce9e10198b347b6a2908470289559a
https://github.com/qemu/qemu/commit/3d1bc48520ce9e10198b347b6a2908470289559a
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M target/i386/cpu.c
Log Message:
-----------
Adjust min CPUID level to 0x12 when SGX is enabled
SGX capabilities are enumerated through CPUID_0x12.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-16-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: bf2b249c002c420b1d93c7c5e63af193c5a482a8
https://github.com/qemu/qemu/commit/bf2b249c002c420b1d93c7c5e63af193c5a482a8
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M hw/i386/fw_cfg.c
Log Message:
-----------
hw/i386/fw_cfg: Set SGX bits in feature control fw_cfg accordingly
Request SGX an SGX Launch Control to be enabled in FEATURE_CONTROL
when the features are exposed to the guest. Our design is the SGX
Launch Control bit will be unconditionally set in FEATURE_CONTROL,
which is unlike host bios.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-17-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 0fe562dbbd92d04137b3930d55460df837a094e1
https://github.com/qemu/qemu/commit/0fe562dbbd92d04137b3930d55460df837a094e1
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M hw/i386/pc.c
M include/hw/i386/sgx-epc.h
Log Message:
-----------
hw/i386/pc: Account for SGX EPC sections when calculating device memory
Add helpers to detect if SGX EPC exists above 4g, and if so, where SGX
EPC above 4g ends. Use the helpers to adjust the device memory range
if SGX EPC exists above 4g.
For multiple virtual EPC sections, we just put them together physically
contiguous for the simplicity because we don't support EPC NUMA affinity
now. Once the SGX EPC NUMA support in the kernel SGX driver, we will
support this in the future.
Note that SGX EPC is currently hardcoded to reside above 4g.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-18-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 50b114d0cf063b3f3ecd36150f5e952eebc7002a
https://github.com/qemu/qemu/commit/50b114d0cf063b3f3ecd36150f5e952eebc7002a
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M hw/i386/pc.c
Log Message:
-----------
i386/pc: Add e820 entry for SGX EPC section(s)
Note that SGX EPC is currently guaranteed to reside in a single
contiguous chunk of memory regardless of the number of EPC sections.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-19-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: a7d5f02ab6805edafcb3fd29bb6d960ed5979735
https://github.com/qemu/qemu/commit/a7d5f02ab6805edafcb3fd29bb6d960ed5979735
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M hw/i386/acpi-build.c
Log Message:
-----------
i386: acpi: Add SGX EPC entry to ACPI tables
The ACPI Device entry for SGX EPC is essentially a hack whose primary
purpose is to provide software with a way to autoprobe SGX support,
e.g. to allow software to implement SGX support as a driver. Details
on the individual EPC sections are not enumerated through ACPI tables,
i.e. software must enumerate the EPC sections via CPUID. Furthermore,
software expects to see only a single EPC Device in the ACPI tables
regardless of the number of EPC sections in the system.
However, several versions of Windows do rely on the ACPI tables to
enumerate the address and size of the EPC. So, regardless of the number
of EPC sections exposed to the guest, create exactly *one* EPC device
with a _CRS entry that spans the entirety of all EPC sections (which are
guaranteed to be contiguous in Qemu).
Note, NUMA support for EPC memory is intentionally not considered as
enumerating EPC NUMA information is not yet defined for bare metal.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-20-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 65dfe517b27f81093dcfb322af9e206b48eb95e0
https://github.com/qemu/qemu/commit/65dfe517b27f81093dcfb322af9e206b48eb95e0
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M hw/i386/pc_q35.c
Log Message:
-----------
q35: Add support for SGX EPC
Enable SGX EPC virtualization, which is currently only support by KVM.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-21-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 9d5a06c4c0d071e4ad6bbda491d7d663a6e9c101
https://github.com/qemu/qemu/commit/9d5a06c4c0d071e4ad6bbda491d7d663a6e9c101
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M hw/i386/pc_piix.c
Log Message:
-----------
i440fx: Add support for SGX EPC
Enable SGX EPC virtualization, which is currently only support by KVM.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-22-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 3a06de8acc1f288ec01e4a277e9b41318059ccea
https://github.com/qemu/qemu/commit/3a06de8acc1f288ec01e4a277e9b41318059ccea
Author: Yang Zhong <yang.zhong@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M hw/i386/sgx-epc.c
M monitor/hmp-cmds.c
M qapi/machine.json
Log Message:
-----------
sgx-epc: Add the fill_device_info() callback support
Since there is no fill_device_info() callback support, and when we
execute "info memory-devices" command in the monitor, the segfault
will be found.
This patch will add this callback support and "info memory-devices"
will show sgx epc memory exposed to guest. The result as below:
qemu) info memory-devices
Memory device [sgx-epc]: ""
memaddr: 0x180000000
size: 29360128
memdev: /objects/mem1
Memory device [sgx-epc]: ""
memaddr: 0x181c00000
size: 10485760
memdev: /objects/mem2
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-33-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 2cc3109a713fb45a910b6a3e8a7cf243335fdb4f
https://github.com/qemu/qemu/commit/2cc3109a713fb45a910b6a3e8a7cf243335fdb4f
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
A docs/system/i386/sgx.rst
M docs/system/target-i386.rst
Log Message:
-----------
docs/system: Add SGX documentation to the system manual
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-34-yang.zhong@intel.com>
[Convert to reStructuredText, and adopt the standard === --- ~~~ headings
suggested for example by Linux. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 175267802b8967311a7fa597162c1206e95e8aac
https://github.com/qemu/qemu/commit/175267802b8967311a7fa597162c1206e95e8aac
Author: Yang Zhong <yang.zhong@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M hmp-commands-info.hx
M hw/i386/sgx-stub.c
M hw/i386/sgx.c
A include/hw/i386/sgx.h
M include/monitor/hmp-target.h
M qapi/misc-target.json
M target/i386/monitor.c
M tests/qtest/qmp-cmd-test.c
Log Message:
-----------
target/i386: Add HMP and QMP interfaces for SGX
The QMP and HMP interfaces can be used by monitor or QMP tools to retrieve
the SGX information from VM side when SGX is enabled on Intel platform.
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210910102258.46648-2-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 0adac6dee28cd4322c558cde17d8361137a9bec7
https://github.com/qemu/qemu/commit/0adac6dee28cd4322c558cde17d8361137a9bec7
Author: Yang Zhong <yang.zhong@intel.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M hw/i386/sgx-stub.c
M hw/i386/sgx.c
M include/hw/i386/sgx.h
M qapi/misc-target.json
M target/i386/monitor.c
M tests/qtest/qmp-cmd-test.c
Log Message:
-----------
target/i386: Add the query-sgx-capabilities QMP command
Libvirt can use query-sgx-capabilities to get the host
sgx capabilities to decide how to allocate SGX EPC size to VM.
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210910102258.46648-3-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 50fe92f7541f0f1902252a7a1fa122878e691144
https://github.com/qemu/qemu/commit/50fe92f7541f0f1902252a7a1fa122878e691144
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M meson.build
M pc-bios/descriptors/meson.build
M pc-bios/meson.build
Log Message:
-----------
meson: unpack edk2 firmware even if --disable-blobs
The edk2 firmware blobs are needed to run bios-tables-test. Unpack
them if any UEFI-enabled target is selected, so that the test can run.
This is a bit more than is actually necessary, since bios-tables-test
does not run for all UEFI-enabled targets, but it is the easiest
way to write this logic.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210923105529.3845741-1-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 495eeaef03bfd01b6cab965e34eeb419a1563b83
https://github.com/qemu/qemu/commit/495eeaef03bfd01b6cab965e34eeb419a1563b83
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M pc-bios/meson.build
M tests/qtest/meson.build
Log Message:
-----------
tests: qtest: bios-tables-test depends on the unpacked edk2 ROMs
Skip the test if bzip2 is not available, and run it after they are
uncompressed.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210923105529.3845741-2-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 27665637473b9fe78810163c926a628052d5e1c0
https://github.com/qemu/qemu/commit/27665637473b9fe78810163c926a628052d5e1c0
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M target/i386/sev.c
Log Message:
-----------
target/i386: Fix memory leak in sev_read_file_base64()
In sev_read_file_base64() we call g_file_get_contents(), which
allocates memory for the file contents. We then base64-decode the
contents (which allocates another buffer for the decoded data), but
forgot to free the memory for the original file data.
Use g_autofree to ensure that the file data is freed.
Fixes: Coverity CID 1459997
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210820165650.2839-1-peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: e46acd47ed3180ed5ad3cd89519bddced262a123
https://github.com/qemu/qemu/commit/e46acd47ed3180ed5ad3cd89519bddced262a123
Author: Peter Xu <peterx@redhat.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M accel/hvf/hvf-accel-ops.c
M accel/kvm/kvm-all.c
M hw/i386/xen/xen-hvm.c
M hw/intc/openpic_kvm.c
M hw/remote/proxy-memory-listener.c
M hw/vfio/common.c
M hw/vfio/spapr.c
M hw/virtio/vhost-vdpa.c
M hw/virtio/vhost.c
M hw/virtio/virtio.c
M hw/xen/xen_pt.c
M include/exec/memory.h
M include/sysemu/kvm_int.h
M softmmu/physmem.c
M target/arm/kvm.c
M target/i386/hax/hax-mem.c
M target/i386/kvm/kvm.c
M target/i386/nvmm/nvmm-all.c
M target/i386/whpx/whpx-all.c
Log Message:
-----------
memory: Name all the memory listeners
Provide a name field for all the memory listeners. It can be used to identify
which memory listener is which.
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20210817013553.30584-2-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 1a60a7c4b8e06f6587943ce94204fc1ebb5bbce4
https://github.com/qemu/qemu/commit/1a60a7c4b8e06f6587943ce94204fc1ebb5bbce4
Author: Peter Xu <peterx@redhat.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M softmmu/memory.c
M softmmu/trace-events
Log Message:
-----------
memory: Add tracepoint for dirty sync
Trace at memory_region_sync_dirty_bitmap() for log_sync() or global_log_sync()
on memory regions. One trace line should suffice when it finishes, so as to
estimate the time used for each log sync process.
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20210817013706.30986-1-peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: c1b06faf90f7172513d18aa67a7546691bda608f
https://github.com/qemu/qemu/commit/c1b06faf90f7172513d18aa67a7546691bda608f
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M io/dns-resolver.c
M meson.build
M qapi/sockets.json
M util/qemu-sockets.c
Log Message:
-----------
build-sys: add HAVE_IPPROTO_MPTCP
The QAPI schema shouldn't rely on C system headers #define, but on
configure-time project #define, so we can express the build condition in
a C-independent way.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210907121943.3498701-3-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 824ba1e99c8bc12048636ea43dec923385ff042f
https://github.com/qemu/qemu/commit/824ba1e99c8bc12048636ea43dec923385ff042f
Author: Thomas Huth <thuth@redhat.com>
Date: 2021-09-28 (Tue, 28 Sep 2021)
Changed paths:
M meson_options.txt
Log Message:
-----------
meson_options.txt: Switch the default value for the vnc option to 'auto'
There is no reason why VNC should always be enabled and not be set to
the default value. We already switched the setting in the "configure"
script in commit 3a6a1256d4 ("configure: Allow vnc to get disabled with
--without-default-features"), so let's do that in meson_options.txt now,
too.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20210903081358.956267-3-thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit: 1341107a0a6e87bfa61447fb6802b4a4ce4e6bcf
https://github.com/qemu/qemu/commit/1341107a0a6e87bfa61447fb6802b4a4ce4e6bcf
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2021-09-29 (Wed, 29 Sep 2021)
Changed paths:
M accel/hvf/hvf-accel-ops.c
M accel/kvm/kvm-all.c
A backends/hostmem-epc.c
M backends/meson.build
M configs/devices/i386-softmmu/default.mak
A docs/system/i386/sgx.rst
M docs/system/target-i386.rst
M hmp-commands-info.hx
M hw/i386/Kconfig
M hw/i386/acpi-build.c
M hw/i386/fw_cfg.c
M hw/i386/meson.build
M hw/i386/pc.c
M hw/i386/pc_piix.c
M hw/i386/pc_q35.c
A hw/i386/sgx-epc.c
A hw/i386/sgx-stub.c
A hw/i386/sgx.c
M hw/i386/x86.c
M hw/i386/xen/xen-hvm.c
M hw/intc/openpic_kvm.c
M hw/remote/proxy-memory-listener.c
M hw/vfio/common.c
M hw/vfio/spapr.c
M hw/virtio/vhost-vdpa.c
M hw/virtio/vhost.c
M hw/virtio/virtio.c
M hw/xen/xen_pt.c
M include/exec/memory.h
A include/hw/i386/hostmem-epc.h
M include/hw/i386/pc.h
A include/hw/i386/sgx-epc.h
A include/hw/i386/sgx.h
M include/hw/i386/x86.h
M include/monitor/hmp-target.h
M include/sysemu/kvm_int.h
M io/dns-resolver.c
M meson.build
M meson_options.txt
M monitor/hmp-cmds.c
M pc-bios/descriptors/meson.build
M pc-bios/meson.build
M qapi/machine.json
M qapi/misc-target.json
M qapi/qom.json
M qapi/sockets.json
M qemu-options.hx
M softmmu/memory.c
M softmmu/physmem.c
M softmmu/trace-events
M target/arm/kvm.c
M target/i386/cpu.c
M target/i386/cpu.h
M target/i386/hax/hax-mem.c
M target/i386/kvm/kvm.c
M target/i386/kvm/kvm_i386.h
M target/i386/machine.c
M target/i386/monitor.c
M target/i386/nvmm/nvmm-all.c
M target/i386/sev.c
M target/i386/whpx/whpx-all.c
M tests/qtest/meson.build
M tests/qtest/qmp-cmd-test.c
M util/qemu-sockets.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into
staging
* SGX implementation for x86
* Miscellaneous bugfixes
* Fix dependencies from ROMs to qtests
# gpg: Signature made Tue 28 Sep 2021 13:50:33 BST
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini-gitlab/tags/for-upstream: (33 commits)
meson_options.txt: Switch the default value for the vnc option to 'auto'
build-sys: add HAVE_IPPROTO_MPTCP
memory: Add tracepoint for dirty sync
memory: Name all the memory listeners
target/i386: Fix memory leak in sev_read_file_base64()
tests: qtest: bios-tables-test depends on the unpacked edk2 ROMs
meson: unpack edk2 firmware even if --disable-blobs
target/i386: Add the query-sgx-capabilities QMP command
target/i386: Add HMP and QMP interfaces for SGX
docs/system: Add SGX documentation to the system manual
sgx-epc: Add the fill_device_info() callback support
i440fx: Add support for SGX EPC
q35: Add support for SGX EPC
i386: acpi: Add SGX EPC entry to ACPI tables
i386/pc: Add e820 entry for SGX EPC section(s)
hw/i386/pc: Account for SGX EPC sections when calculating device memory
hw/i386/fw_cfg: Set SGX bits in feature control fw_cfg accordingly
Adjust min CPUID level to 0x12 when SGX is enabled
i386: Propagate SGX CPUID sub-leafs to KVM
i386: kvm: Add support for exposing PROVISIONKEY to guest
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare: https://github.com/qemu/qemu/compare/e75f2b239da9...1341107a0a6e
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 44894a: memory: Add RAM_PROTECTED flag to skip IOMMU mappings,
Peter Maydell <=