qemu-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] a0b9c5: target/i386: sgx: mark device not use

From: Richard Henderson
Subject: [Qemu-commits] [qemu/qemu] a0b9c5: target/i386: sgx: mark device not user creatable
Date: Thu, 11 Nov 2021 03:00:56 -0800 
  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: a0b9c5f75c05c12d30328a305377383652e62e63
      
https://github.com/qemu/qemu/commit/a0b9c5f75c05c12d30328a305377383652e62e63
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2021-11-09 (Tue, 09 Nov 2021)

  Changed paths:
    M hw/i386/sgx-epc.c

  Log Message:
  -----------
  target/i386: sgx: mark device not user creatable

The device is created by the machine based on the sgx-epc property.
It should not be created by users.

Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: ef149763a8fcce70b85dfda27cc1222ecf765750
      
https://github.com/qemu/qemu/commit/ef149763a8fcce70b85dfda27cc1222ecf765750
  Author: Greg Kurz <groug@kaod.org>
  Date:   2021-11-10 (Wed, 10 Nov 2021)

  Changed paths:
    M include/qemu/rcu.h
    M util/rcu.c

  Log Message:
  -----------
  rcu: Introduce force_rcu notifier

The drain_rcu_call() function can be blocked as long as an RCU reader
stays in a read-side critical section. This is typically what happens
when a TCG vCPU is executing a busy loop. It can deadlock the QEMU
monitor as reported in https://gitlab.com/qemu-project/qemu/-/issues/650 .

This can be avoided by allowing drain_rcu_call() to enforce an RCU grace
period. Since each reader might need to do specific actions to end a
read-side critical section, do it with notifiers.

Prepare ground for this by adding a notifier list to the RCU reader
struct and use it in wait_for_readers() if drain_rcu_call() is in
progress. An API is added for readers to register their notifiers.

This is largely based on a draft from Paolo Bonzini.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20211109183523.47726-2-groug@kaod.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: dd47a8f654d84f666b235ce8891e17ee76f9be8b
      
https://github.com/qemu/qemu/commit/dd47a8f654d84f666b235ce8891e17ee76f9be8b
  Author: Greg Kurz <groug@kaod.org>
  Date:   2021-11-10 (Wed, 10 Nov 2021)

  Changed paths:
    M accel/tcg/tcg-accel-ops-mttcg.c
    M accel/tcg/tcg-accel-ops-rr.c

  Log Message:
  -----------
  accel/tcg: Register a force_rcu notifier

A TCG vCPU doing a busy loop systematicaly hangs the QEMU monitor
if the user passes 'device_add' without argument. This is because
drain_cpu_all() which is called from qmp_device_add() cannot return
if readers don't exit read-side critical sections. That is typically
what busy-looping TCG vCPUs do:

int cpu_exec(CPUState *cpu)
{
[...]
    rcu_read_lock();
[...]
    while (!cpu_handle_exception(cpu, &ret)) {
        // Busy loop keeps vCPU here
    }
[...]
    rcu_read_unlock();

    return ret;
}

For MTTCG, have all vCPU threads register a force_rcu notifier that will
kick them out of the loop using async_run_on_cpu(). The notifier is called
with the rcu_registry_lock mutex held, using async_run_on_cpu() ensures
there are no deadlocks.

For RR, a single thread runs all vCPUs. Just register a single notifier
that kicks the current vCPU to the next one.

For MTTCG:
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>

For RR:
Suggested-by: Richard Henderson <richard.henderson@linaro.org>

Fixes: 7bed89958bfb ("device_core: use drain_call_rcu in in qmp_device_add")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/650
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20211109183523.47726-3-groug@kaod.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: bd989ed44f847cba20b46a743770c152e188f365
      
https://github.com/qemu/qemu/commit/bd989ed44f847cba20b46a743770c152e188f365
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2021-11-10 (Wed, 10 Nov 2021)

  Changed paths:
    M hw/core/numa.c

  Log Message:
  -----------
  numa: avoid crash with SGX and "info numa"

Add the MEMORY_DEVICE_INFO_KIND_SGX_EPC case, so that enclave
memory is included in the output of "info numa" instead of crashing
the monitor.

Fixes: a7c565a941 ("sgx-epc: Add the fill_device_info() callback support", 
2021-09-30)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 2c3132279b9a962c27adaea53b4c8e8480385706
      
https://github.com/qemu/qemu/commit/2c3132279b9a962c27adaea53b4c8e8480385706
  Author: Yang Zhong <yang.zhong@intel.com>
  Date:   2021-11-10 (Wed, 10 Nov 2021)

  Changed paths:
    M hw/i386/sgx.c

  Log Message:
  -----------
  sgx: Reset the vEPC regions during VM reboot

For bare-metal SGX on real hardware, the hardware provides guarantees
SGX state at reboot.  For instance, all pages start out uninitialized.
The vepc driver provides a similar guarantee today for freshly-opened
vepc instances, but guests such as Windows expect all pages to be in
uninitialized state on startup, including after every guest reboot.

Qemu can invoke the ioctl to bring its vEPC pages back to uninitialized
state. There is a possibility that some pages fail to be removed if they
are SECS pages, and the child and SECS pages could be in separate vEPC
regions.  Therefore, the ioctl returns the number of EREMOVE failures,
telling Qemu to try the ioctl again after it's done with all vEPC regions.

The related kernel patches:
Link: https://lkml.kernel.org/r/20211021201155.1523989-3-pbonzini@redhat.com

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20211101162009.62161-6-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 1b9fc6d8ba6667ceb56a3392e84656dcaed0d676
      
https://github.com/qemu/qemu/commit/1b9fc6d8ba6667ceb56a3392e84656dcaed0d676
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2021-11-11 (Thu, 11 Nov 2021)

  Changed paths:
    M accel/tcg/tcg-accel-ops-mttcg.c
    M accel/tcg/tcg-accel-ops-rr.c
    M hw/core/numa.c
    M hw/i386/sgx-epc.c
    M hw/i386/sgx.c
    M include/qemu/rcu.h
    M util/rcu.c

  Log Message:
  -----------
  Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* Fixes for SGX
* force_rcu notifiers

# gpg: Signature made Wed 10 Nov 2021 10:57:48 PM CET
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
  sgx: Reset the vEPC regions during VM reboot
  numa: avoid crash with SGX and "info numa"
  accel/tcg: Register a force_rcu notifier
  rcu: Introduce force_rcu notifier
  target/i386: sgx: mark device not user creatable

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


Compare: https://github.com/qemu/qemu/compare/b30187ef02d7...1b9fc6d8ba66
reply via email to
[Prev in Thread] Current Thread [Next in Thread]