Update to QEMU 9.0 including IGVM v4 patch series + direct VMSA #15
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This routine allocates the QEMU struct type representing the VFIO container. It is minimal currently and future changes will do more initialization. Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
Since the QEMU struct type representing the VFIO container is deduced from the IOMMU type exposed by the host, this type should be well defined *before* creating the container struct. This will be necessary to instantiate a QOM object of the correct type in future changes. Rework vfio_set_iommu() to extract the part doing the container initialization and move it under vfio_create_container(). Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
VFIOContainerBase was made a QOM interface because we believed that a QOM object would expose all the IOMMU backends to the QEMU machine and human interface. This only applies to user creatable devices or objects. Change the VFIOContainerBase nature from interface to object and make the necessary adjustments in the VFIO_IOMMU hierarchy. Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
Instead of allocating the container struct, create a QOM object of the appropriate type. Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
This allows us to move the initialization code from vfio_container_init(), which we will soon remove. Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
Instead, use VFIO_IOMMU_GET_CLASS() to get the class pointer. Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
It's now empty. Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
Just as we did for the VFIOContainerBase object, introduce an instance_init() handler for the legacy VFIOContainer object and do the specific initialization there. Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
…() handler vfio_container_destroy() clears the resources allocated VFIOContainerBase object. Now that VFIOContainerBase is a QOM object, add an instance_finalize() handler to do the cleanup. It will be called through object_unref(). Suggested-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Eric Auger <eric.auger@redhat.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
…ging SD/MMC patches queue One fix and various cleanups for the SD card model. # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmZ5cRUACgkQ4+MsLN6t # wN59Qw//cUdjD287pB5Ml5aQqr9sOTyVnHUceZtz7AOZ5w8RM2tlPDgOImeLOvU6 # OV7qfWvNaUxtQxhfh5jpe8Pj4eHBtRQzA6a1AWToEvnN4189QWHZpqf5TUa4AlFS # uAk7k2TkoNv9zbNKca0bP3L1x6sT9l0VPZBLaLbgdXDIX2ycD0r3NVQxXb/bJRgM # 6pFRcLCF/isKzLQDwqnTa11hB/JDTvOU7xnY0kazGRvyWjbSvE2sOJzLNJXHkW0I # /FNfRbOKJo2t+47Z5qSXUFFLeIEBTy7VqNBsOQ6sMIgrWzbOSrtBcuxKp0p9NCGH # fdZHlDVRnNGXewUya4RjbmXiCNuGL4zJ82b2BaQZVd5ZwU2opIr8xO96WCojQ4dZ # +Dq3uv7su3PUVOh95i38Eo93OG9jXFx642XD4q2uKu5j70IoGXAkIoLUcFkZZdGS # 9rCsaNUHyHJrN6nXf3Cekvkqxz36p6QXaUF9I1vB0JF6CrexMD35sBUK+RE9k4uW # LnqL7ZwQDGDGVl3kPS/VCXv1mMim4aRLSEIveq7Ui6dKzaaJMIIodZ8CFMuyTTsD # cGE+Cd053nf6SzX3+kEZftNdjtJ906O8xIAw+RNdARYx003l4kUxgsPDk7ELyzIP # Tb+VlZl2P+ROJmeWvRMTW7ZQ49M9IEMrg8zlGF4hLCxB1JndeOA= # =O5er # -----END PGP SIGNATURE----- # gpg: Signature made Mon 24 Jun 2024 06:13:57 AM PDT # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] * tag 'sdmmc-20240624' of https://github.com/philmd/qemu: hw/sd/sdcard: Add comments around registers and commands hw/sd/sdcard: Inline BLK_READ_BLOCK / BLK_WRITE_BLOCK macros hw/sd/sdcard: Add sd_invalid_mode_for_cmd to report invalid mode switch hw/sd/sdcard: Only call sd_req_get_address() where address is used hw/sd/sdcard: Factor sd_req_get_address() method out hw/sd/sdcard: Only call sd_req_get_rca() where RCA is used hw/sd/sdcard: Factor sd_req_get_rca() method out hw/sd/sdcard: Have cmd_valid_while_locked() return a boolean value hw/sd/sdcard: Trace update of block count (CMD23) hw/sd/sdcard: Remove explicit entries for illegal commands hw/sd/sdcard: Remove ACMD6 handler for SPI mode hw/sd/sdcard: Use Load/Store API to fill some CID/CSD registers hw/sd/sdcard: Use registerfield CSR::CURRENT_STATE definition hw/sd/sdcard: Use HWBLOCK_SHIFT definition instead of magic values hw/sd/sdcard: Fix typo in SEND_OP_COND command name hw/sd/sdcard: Rewrite sd_cmd_ALL_SEND_CID using switch case (CMD2) hw/sd/sdcard: Correct code indentation hw/sd/sdcard: Avoid OOB in sd_read_byte() during unexpected CMD switch bswap: Add st24_be_p() to store 24 bits in big-endian order Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
…to staging vfio queue: * Add a host IOMMU device abstraction * VIRTIO-IOMMU/VFIO: Fix host iommu geometry handling * QOMify VFIOContainer # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmZ541QACgkQUaNDx8/7 # 7KFdnQ/8Dih3HI2qtY93bTxg0lmJ+ZMibojTkEkTu3kSvwoI12wkiSMFKzzTWpZE # UtGyIqQQij8IfQtIz87uQskv7oFiZKG6JWMTAX4uJ8ZIgZiih29/e/38VGEbogBh # yO+1Pqr3ETlyLnQcu9ruBTJ293LXovmD4d9feoaVdURBNZ1EqIh7sv/y7YdUsR+i # tXa6kW1ZIlKBI54o/uuODHWQYyOHs39VtZ6JZvgxVVEQsNikcJsosK9ts9A1EByi # 0roQVXm2QAK/nPXlmMGLvJWzQcdeXQ6W6hzYkO2HqGnCLURnpW+y/ZVbNcxGOOiU # 2G6L0TASlqA3yqCJeLuZZqjM6S2VbnvrA8omyg4QnygIHppYjp2CdcCmUpg6wfze # rkgbVLNasX+le4ss2emuHPh55dLDP20yW83DeGeqSgE//foaJWhtOK/cnvs04zV2 # D6oSAVsOsZ6ozYlQckYnaxIBANDKLRnzCXVZLUCmHxCUhxHuiNJUsHfZYIv/Zxen # C5ZjD/JPgx3onkoKbNfTRTgwOCdXhVPjWnnp7Su49jymsekqdk1ntln4ixDT3Vol # ghQPQLjICBc8qXiOJAcFDwqLf/telPlzUUzvlDeC4BYMnpBAP6rQ3JJ8i0vCCiWv # zKCtmbcDqDRMDpWyJWM3XA/kVKP9i2tNa1R/ej2SleCFLgRapBw= # =3koe # -----END PGP SIGNATURE----- # gpg: Signature made Mon 24 Jun 2024 02:21:24 PM PDT # gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1 # gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1 * tag 'pull-vfio-20240624' of https://github.com/legoater/qemu: (42 commits) vfio/container: Move vfio_container_destroy() to an instance_finalize() handler vfio/container: Introduce vfio_iommu_legacy_instance_init() vfio/container: Remove vfio_container_init() vfio/container: Remove VFIOContainerBase::ops vfio/container: Introduce an instance_init() handler vfio/container: Switch to QOM vfio/container: Change VFIOContainerBase to use QOM vfio/container: Discover IOMMU type before creating the container vfio/container: Introduce vfio_create_container() vfio/container: Introduce vfio_get_iommu_class_name() vfio/container: Modify vfio_get_iommu_type() to use a container fd vfio/container: Simplify vfio_container_init() vfio/container: Introduce vfio_address_space_insert() vfio/common: Extract vIOMMU code from vfio_sync_dirty_bitmap() vfio/common: Move dirty tracking ranges update to helper vfio: Remove unused declarations from vfio-common.h vfio: Make vfio_devices_dma_logging_start() return bool memory: Remove IOMMU MR iommu_set_iova_range API hw/vfio: Remove memory_region_iommu_set_iova_ranges() call virtio-iommu: Remove the implementation of iommu_set_iova_range ... Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
AIA extends the width of all IRQ CSRs to 64bit even in 32bit systems by adding missing half CSRs. This seems to be missed while adding support for virtual IRQs. The whole logic seems to be correct except the width of the masks. Fixes: 1697837 ("target/riscv: Add M-mode virtual interrupt and IRQ filtering support.") Fixes: 40336d5 ("target/riscv: Add HS-mode virtual interrupt and IRQ filtering support.") Signed-off-by: Rajnesh Kanwal <rkanwal@rivosinc.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Acked-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20240520125157.311503-2-rkanwal@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Qemu maps IRQs 0:15 for core interrupts and 16 onward for guest interrupts which are later translated to hgiep in `riscv_cpu_set_irq()` function. With virtual IRQ support added, software now can fully use the whole local interrupt range without any actual hardware attached. This change moves the guest interrupt range after the core local interrupt range to avoid clash. Fixes: 1697837 ("target/riscv: Add M-mode virtual interrupt and IRQ filtering support.") Fixes: 40336d5 ("target/riscv: Add HS-mode virtual interrupt and IRQ filtering support.") Signed-off-by: Rajnesh Kanwal <rkanwal@rivosinc.com> Acked-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Message-ID: <20240520125157.311503-3-rkanwal@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
According to RISC-V crypto spec, Zvkb extension is a subset of the Zvbb extension [1]. 1: https://github.com/riscv/riscv-crypto/blob/1769c2609bf4535632e0c0fd715778f212bb272e/doc/vector/riscv-crypto-vector-zvkb.adoc?plain=1#L10 Signed-off-by: Jerry Zhang Jian <jerry.zhangjian@sifive.com> Reviewed-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20240528130349.20193-1-jerry.zhangjian@sifive.com> [ Changes by AF: - Tidy up commit message - Rebase ] Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
We need #address-cells properties in all interrupt controllers that are referred by an interrupt-map [1]. For the RISC-V machine, both PLIC and APLIC controllers must have this property. PLIC already sets it in create_fdt_socket_plic(). Set the property for APLIC in create_fdt_one_aplic(). [1] https://lore.kernel.org/linux-arm-kernel/CAL_JsqJE15D-xXxmELsmuD+JQHZzxGzdXvikChn6KFWqk6NzPw@mail.gmail.com/ Suggested-by: Anup Patel <apatel@ventanamicro.com> Fixes: e6faee6 ("hw/riscv: virt: Add optional AIA APLIC support to virt machine") Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20240531202759.911601-2-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
We'll change the aplic DT nodename in the next patch and the name is hardcoded in 2 different functions. Create a helper to change a single place later. While we're at it, in create_fdt_socket_aplic(), move 'aplic_name' inside the conditional to avoid allocating a string that won't be used when socket == NULL. Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20240531202759.911601-3-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
The correct name of the aplic controller node, as per Linux kernel DT docs [1], is 'interrupt-controller@addr'. [1] Documentation/devicetree/bindings/interrupt-controller/riscv,aplic.yaml Reported-by: Conor Dooley <conor@kernel.org> Fixes: e6faee6 ("hw/riscv: virt: Add optional AIA APLIC support to virt machine") Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20240531202759.911601-4-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
The DT docs for riscv,aplic [1] predicts a 'qemu,aplic' enum in the 'compatible' property. [1] Documentation/devicetree/bindings/interrupt-controller/riscv,aplic.yaml Reported-by: Conor Dooley <conor@kernel.org> Fixes: e6faee6 ("hw/riscv: virt: Add optional AIA APLIC support to virt machine") Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20240531202759.911601-5-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
The DT docs for riscv,aplic [1] predicts a 'riscv,delegation' property. Not 'riscv,delegate'. [1] Documentation/devicetree/bindings/interrupt-controller/riscv,aplic.yaml Reported-by: Conor Dooley <conor@kernel.org> Fixes: e6faee6 ("hw/riscv: virt: Add optional AIA APLIC support to virt machine") Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20240531202759.911601-6-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
The Linux DT docs for imsic [1] predicts an 'interrupt-controller@addr' node, not 'imsic@addr', given this node inherits the 'interrupt-controller' node. [1] Documentation/devicetree/bindings/interrupt-controller/riscv,imsics.yaml Reported-by: Conor Dooley <conor@kernel.org> Fixes: 28d8c28 ("hw/riscv: virt: Add optional AIA IMSIC support to virt machine") Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20240531202759.911601-7-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
The DT docs for riscv,imsics [1] predicts a 'qemu,imsics' enum in the 'compatible' property. [1] Documentation/devicetree/bindings/interrupt-controller/riscv,imsics.yaml Reported-by: Conor Dooley <conor@kernel.org> Fixes: 28d8c28 ("hw/riscv: virt: Add optional AIA IMSIC support to virt machine") Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20240531202759.911601-8-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
The DT docs for riscv,imsics [1] requires a 'msi-cell' property. Add one and set it zero. [1] Documentation/devicetree/bindings/interrupt-controller/riscv,imsics.yaml Reported-by: Conor Dooley <conor@kernel.org> Fixes: 28d8c28 ("hw/riscv: virt: Add optional AIA IMSIC support to virt machine") Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Message-ID: <20240531202759.911601-9-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
This patch implements insert/remove software breakpoint process. For RISC-V, GDB treats single-step similarly to breakpoint: add a breakpoint at the next step address, then continue. So this also works for single-step debugging. Implement kvm_arch_update_guest_debug(): Set the control flag when there are active breakpoints. This will help KVM to know the status in the userspace. Add some stubs which are necessary for building, and will be implemented later. Signed-off-by: Chao Du <duchao@eswincomputing.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com> Acked-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20240606014501.20763-2-duchao@eswincomputing.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
If the breakpoint belongs to the userspace then set the ret value. Signed-off-by: Chao Du <duchao@eswincomputing.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com> Acked-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20240606014501.20763-3-duchao@eswincomputing.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
To enable the KVM GUEST DEBUG for RISC-V at QEMU side. Signed-off-by: Chao Du <duchao@eswincomputing.com> Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com> Reviewed-by: Andrew Jones <ajones@ventanamicro.com> Acked-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20240606014501.20763-4-duchao@eswincomputing.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Public the conversion function of priv_spec in cpu.h, so that tcg-cpu.c could also use it. Signed-off-by: Jim Shu <jim.shu@sifive.com> Signed-off-by: Fea.Wang <fea.wang@sifive.com> Reviewed-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20240606135454.119186-2-fea.wang@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Add macros and variables for RISC-V privilege 1.13 support. Signed-off-by: Fea.Wang <fea.wang@sifive.com> Reviewed-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Weiwei Li <liwei1518@gmail.com> Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20240606135454.119186-3-fea.wang@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Based on privilege 1.13 spec, there should be a bit56 for 'P1P13' in mstateen0 that controls access to the hedeleg. Signed-off-by: Fea.Wang <fea.wang@sifive.com> Reviewed-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: Weiwei Li <liwei1518@gmail.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20240606135454.119186-4-fea.wang@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Based on privileged spec 1.13, the RV32 needs to implement MEDELEGH and HEDELEGH for exception codes 32-47 for reserving and exception codes 48-63 for custom use. Add the CSR number though the implementation is just reading zero and writing ignore. Besides, for accessing HEDELEGH, it should be controlled by mstateen0 'P1P13' bit. Signed-off-by: Fea.Wang <fea.wang@sifive.com> Reviewed-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20240606135454.119186-5-fea.wang@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Based on the priv-1.13.0, add the exception codes for Software-check and Hardware-error. Signed-off-by: Fea.Wang <fea.wang@sifive.com> Reviewed-by: Frank Chang <frank.chang@sifive.com> Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-ID: <20240606135454.119186-6-fea.wang@sifive.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
…taging Misc HW patches queue - Prevent NULL deref in sPAPR network model (Oleg) - Automatic deprecation of versioned machine types (Daniel) - Correct 'dump-guest-core' property name in hint (Akihiko) - Prevent IRQ leak in MacIO IDE model (Mark) - Remove dead #ifdef'ry related to unsupported macOS 12.0 (Akihiko) - Remove "hw/hw.h" where unnecessary (Thomas) # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmaDiSQACgkQ4+MsLN6t # wN4jmBAA2kxwFAGbKvokANDAZBwWmJdnuIPcqS+jdo/wCuQXOo1ROADd3NFlgQWx # z1xOv/LiAmQiUeeiP+nlA8gWCdW93PErU07og1p1+N2D1sBO6oG5QDlT/tTFuEGd # IL21jG2xWkEemd3PSN2pHKrytpS0e4S0cNZIKgTUTKdv+Mb2ZEiQi7K4zUTjcmjz # nlsSjTXdyKBmoiqNGhITWfbR2IUWjtCpzUO44ceqXd5HDpvfGhpKI7Uwun1W2xNU # yw1XrAFd64Qhd/lvc28G1DLfDdtRIoaRGxgLzQbU6621s0o50Ecs6TNHseuUAKvd # tQhOtM8IEuZ6jVw8nswCPIcJyjbeY29kjI4WmD2weF1fZbDey6Emlrf+dkJUIuCb # TximyTXw3rb1nREUVsEQLF69BKjTjE5+ETaplcTWGHCoH2+uA/5MqygalTH1Ub9W # TwVWSUwpNvIJ3RTsT20YVowkill8piF+ECldTKzJuWjqDviiJDoMm5EFdkkcUB20 # nMyhGoiXtiQ4NYU0/B6HbHOXZkqLbhWcx9G281xJ+RRwjUyVxXD3zHGR9AoOp9ls # EAo/2URJtGN95LJmzCtaD+oo0wRZ5+7lmnqHPPXkYUdwFm4bhe3dP4NggIrS0cXn # 19wvBqQuPwywxIbFEu6327YtfPRcImWIlFthWnm9lUyDmbOqDKw= # =fLCx # -----END PGP SIGNATURE----- # gpg: Signature made Mon 01 Jul 2024 09:59:16 PM PDT # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] * tag 'hw-misc-20240702' of https://github.com/philmd/qemu: (22 commits) Remove inclusion of hw/hw.h from files that don't need it net/vmnet: Drop ifdef for macOS versions older than 12.0 block/file-posix: Drop ifdef for macOS versions older than 12.0 audio: Drop ifdef for macOS versions older than 12.0 hvf: Drop ifdef for macOS versions older than 12.0 hw/ide/macio: switch from using qemu_allocate_irq() to qdev input GPIOs system/physmem: Fix reference to dump-guest-core docs: document special exception for machine type deprecation & removal hw/i386: remove obsolete manual deprecation reason string of i440fx machines hw/ppc: remove obsolete manual deprecation reason string of spapr machines hw: skip registration of outdated versioned machine types hw: set deprecation info for all versioned machine types include/hw: temporarily disable deletion of versioned machine types include/hw: add macros for deprecation & removal of versioned machines hw/i386: convert 'q35' machine definitions to use new macros hw/i386: convert 'i440fx' machine definitions to use new macros hw/m68k: convert 'virt' machine definitions to use new macros hw/ppc: convert 'spapr' machine definitions to use new macros hw/s390x: convert 'ccw' machine definitions to use new macros hw/arm: convert 'virt' machine definitions to use new macros ... Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
…into staging aspeed queue: * Coverity fixes * Deprecation of tacoma-bmc machine * Buffer overflow fix in GPIO model * Minor cleanup # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmaDs3QACgkQUaNDx8/7 # 7KEc/BAAj5AS3rLm3NPpU13y1P1hcjuSm1/PVGTJQH+m4K9UaAkJ8VhRB0Y/rdU6 # ygGhKaCHyk96+I49Csz886YU9Wg9qnxaYJAbornHZJVGNy5tuVpQKM20kfgN3XFN # ENJR3e+J6Ye7kCtR1ujcf0mydWDaDyq0i82ykURsudcQLMnGq1gBQGadYjt1hJoN # F9HDPgUJ8/wjQnG8BomsrnuvUSpRTbGNV66FNxXdQ6C6d6OTKQfNnXXqrKO+8QPK # B5XB9FjTk017DUog1jdE1SaEMowml8CmUhjMwLHOcyWhcZpEk90aMX8cQhefUs9y # O6kNin2UYEjcTHA/lyfMQJQMNDDZTE32MyP1LwRE/5ZiHqrT7ViqNvZSPBGBueUz # 9B0xiQTuYqcRqlwgyU73DvnTgrsKFdKQSldj5dXYVnWCKeKY/sCWApHMJxN9xMCA # Uw1E4QfCLkd+TM6DoJAkBHWFsgi44Aym11VU4VviGNRNTgmTptgQzmHiYGNFiGZG # OypVPM8Ti6UeVnW65l9J9f7xA0jDB+XQjhCCaoax9GlUMA4C4/Aln5OXXxIWRWFd # XA3Gn3c/S2j7rMqdfAk68xDHuAJ3wShHlw6HLRd1Xki05WFTeLj1lejLHMdfpNmr # DkQimzHShBqZzZGxc7FsO0keGY8kyIJkZhbCCbZrFXJXQGRdBao= # =LxwO # -----END PGP SIGNATURE----- # gpg: Signature made Tue 02 Jul 2024 12:59:48 AM PDT # gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1 # gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1 * tag 'pull-aspeed-20240702' of https://github.com/legoater/qemu: hw/net:ftgmac100: fix coding style aspeed/sdmc: Remove extra R_MAIN_STATUS case aspeed/soc: Fix possible divide by zero aspeed/sdmc: Check RAM size value at realize time aspeed: Deprecate the tacoma-bmc machine hw/gpio/aspeed: Add reg_table_count to AspeedGPIOClass Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
…ging
SD/MMC patches queue
- Deprecate SD spec v1.10
- Improve tracing
- Fix endianness on DAT lines
- Introduce helpers for commands transmitting data on the DAT lines
- Convert most commands to new helpers
- Register various optional commands
- Add command {name, type, class} fields to SDProto structure
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmaDtrEACgkQ4+MsLN6t
# wN7wABAAjjo+8ZYTxyh+P5oPvv4ec0SLFyTzOyDlzl/8rif9l54UP1kvBGtDYBaF
# hdHM/BguTQVdomObCrjmcXLmb/+ZnQ23x8Bn8rm1mqjXmV8UvuZ9KReAhQeEgBNN
# rtWClQqgtuBAbhh2uh0zNmwPhzCavSostd5nQtJXvUfCZUIyTmUBqUNFCZc+RkGy
# q6kUDzlgrH7uLzVMU5M6QvmOT1LbmWGQAdV+zWXBKXEBgysxzmm6bC7wRCoN+wPQ
# 9OtdHEZsxEDaIJFK7YcDu0lCOsGFzu62d8N7TA/v4nIWaxrppm4FK7kxgmsO15uY
# jEq3p2PbDj6UVYrqGpuw4qMcJ0Cs6dkGEfCw9eqwYyhAPd/Y+s/NBAgc6BieZWj6
# D32goEWykLorxu9sPGgR9qNWo7gbHanMo4ps3v4++D8Qtb3CpANXDIC5H1WR9azH
# tdiepDx0nW9bSo/hE32bL70TA8noqUCsrr1yIN7eydpJ2ZTa2ywMfIifLnowoOD2
# mPQ/QvUsAwJdjGXsz21loQdycOsuBmqZ4bKU45ez3bxKdq1LFC4q6xsVPeS0UVFy
# 6dSj2Bi44Y+Ub/UoNij2/6WzuIfNtSKXrs47et2v2SFjuPJt0g34cv3mLCz6CQQZ
# 2WFk42vyGSZ9gmWmt+G64nksQlifVWnGQP6jub9ThQ5rxqzFTU0=
# =vqY+
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 02 Jul 2024 01:13:37 AM PDT
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
* tag 'sdmmc-20240702' of https://github.com/philmd/qemu: (67 commits)
hw/sd/sdcard: Add sd_acmd_SEND_SCR handler (ACMD51)
hw/sd/sdcard: Add sd_acmd_SET_CLR_CARD_DETECT handler (ACMD42)
hw/sd/sdcard: Add sd_acmd_SD_APP_OP_COND handler (ACMD41)
hw/sd/sdcard: Add sd_acmd_SET_WR_BLK_ERASE_COUNT handler (ACMD23)
hw/sd/sdcard: Add sd_acmd_SEND_NUM_WR_BLOCKS handler (ACMD22)
hw/sd/sdcard: Add sd_acmd_SD_STATUS handler (ACMD13)
hw/sd/sdcard: Add sd_acmd_SET_BUS_WIDTH handler (ACMD6)
hw/sd/sdcard: Add spi_cmd_CRC_ON_OFF handler (CMD59)
hw/sd/sdcard: Add spi_cmd_READ_OCR handler (CMD58)
hw/sd/sdcard: Add sd_cmd_APP_CMD handler (CMD55)
hw/sd/sdcard: Add sd_cmd_LOCK_UNLOCK handler (CMD42)
hw/sd/sdcard: Add sd_cmd_ERASE handler (CMD38)
hw/sd/sdcard: Add sd_cmd_ERASE_WR_BLK_START/END handlers (CMD32 & CMD33)
hw/sd/sdcard: Add sd_cmd_SEND_WRITE_PROT handler (CMD30)
hw/sd/sdcard: Add sd_cmd_SET/CLR_WRITE_PROT handler (CMD28 & CMD29)
hw/sd/sdcard: Add sd_cmd_PROGRAM_CSD handler (CMD27)
hw/sd/sdcard: Add sd_cmd_WRITE_SINGLE_BLOCK handler (CMD24)
hw/sd/sdcard: Add sd_cmd_READ_SINGLE_BLOCK handler (CMD17)
hw/sd/sdcard: Add sd_cmd_SET_BLOCKLEN handler (CMD16)
hw/sd/sdcard: Add sd_cmd_GO_INACTIVE_STATE handler (CMD15)
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
…into staging * Fix interrupt controller migration on s390x with TCG and enable qtest * Fix memory leaks in qtests * Use a proper qom-tree parent for s390x virtio-net devices * Add hotplug avocado test for virtio-blk * Fix Travis jobs (need python3-tomli now) # -----BEGIN PGP SIGNATURE----- # # iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmaD1qsRHHRodXRoQHJl # ZGhhdC5jb20ACgkQLtnXdP5wLbWOtg//a+6nRcV8crCGzMaxhH32NxcjvV7TPiAI # FioqOsomKfKKTMIDlbjsgQiQWqGrN/mdnxSzasypxZrC3eoDYJCIUyQfR2iGe4t2 # JJ4gQhQGuXkSstGErj8yw83UnG1drG+XuZ/psSij4/R2ft6Me8miFSh3cCgIm541 # 0DtffV6rAXIEqA+bswKsPq+7bq6ZCxZjaWgKhzfP5RNnpjPvHYMDDPZt9a2Fk9xC # d3TILh/0djuVr8nZNUkQJBT5EU6dxVDb1JMqn4G6e6kWtiDBh/XwvMtC0KHVCJH1 # tHDz7n+FpwBfpo1cz0Y/Bn9pTW4K9KZ+GVlLOihfbh7Eaix0+RPzLKCigLVg1v8I # HaNFr70FxF5Xzmvie36arEKf0CwQCinxvfM9USBD0uP3tOzSZwX2XxM0+FBIjUf3 # fYIY8qV1hQZM5tXFxtU5LW4A64pVGwEHlEIcodxo8mY/DnZUdIvB5L5C4rxATnVr # t2eWc23sGdMZgKxUtlG0PIr80ImkYBWFOLztUmDPOff6igiyw2ZxaLQHyERPEc0O # 1CL4K4K5FKNtJgjSwJyU1NquGKk85vUSjiUW1JOvInUFjRECIQ7+R41p6FU+eTHO # l50cKaf2TCWqDOwMOjFYOHj6TWZGXnTmkSN60g0OLioy3UY+Kghd2Zq+aTK5ptyh # 1BhcvTin9Zg= # =lLG3 # -----END PGP SIGNATURE----- # gpg: Signature made Tue 02 Jul 2024 03:30:03 AM PDT # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [full] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full] * tag 'pull-request-2024-07-02' of https://gitlab.com/thuth/qemu: pc-bios/s390-ccw: Remove duplicated LDFLAGS .travis.yml: Install python3-tomli in all build jobs tests/avocado: add hotplug_blk test hw/s390x: Attach default virtio-net devices to the /machine/virtual-css-bridge docs: add precision about capstone for execlog plugin tests/qtest: Free GThread tests/qtest: Free paths tests/qtest: Free old machine variable name tests/qtest: Free unused QMP response tests/qtest: Use qtest_add_data_func_full() tests/qtest/migration-test: enable on s390x with TCG hw/intc/s390_flic: Fix interrupt controller migration on s390x with TCG Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
The IGVM library allows Independent Guest Virtual Machine files to be parsed and processed. IGVM files are used to configure guest memory layout, initial processor state and other configuration pertaining to secure virtual machines. This adds the --enable-igvm configure option, enabled by default, which attempts to locate and link against the IGVM library via pkgconfig and sets CONFIG_IGVM if found. The library is added to the system_ss target in backends/meson.build where the IGVM parsing will be performed by the ConfidentialGuestSupport object. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
In preparation for supporting the processing of IGVM files to configure guests, this adds a set of functions to ConfidentialGuestSupport allowing configuration of secure virtual machines that can be implemented for each supported isolation platform type such as Intel TDX or AMD SEV-SNP. These functions will be called by IGVM processing code in subsequent patches. This commit provides a default implementation of the functions that either perform no action or generate an error when they are called. Targets that support ConfidentalGuestSupport should override these implementations. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
Adds an IGVM loader to QEMU which processes a given IGVM file and applies the directives within the file to the current guest configuration. The IGVM loader can be used to configure both confidential and non-confidential guests. For confidential guests, the ConfidentialGuestSupport object for the system is used to encrypt memory, apply the initial CPU state and perform other confidential guest operations. The loader is configured via a new IgvmCfg QOM object which allows the user to provide a path to the IGVM file to process. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
An IGVM file contains configuration of guest state that should be applied during configuration of the guest, before the guest is started. This patch allows the user to add an igvm-cfg object to an X86 machine configuration that allows an IGVM file to be configured that will be applied to the guest before it is started. If an IGVM configuration is provided then the IGVM file is processed at the end of the board initialization, before the state transition to PHASE_MACHINE_INITIALIZED. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
…h IGVM When using an IGVM file the configuration of the system firmware is defined by IGVM directives contained in the file. In this case the user should not configure any pflash devices. This commit skips initialization of the ROM mode when pflash0 is not set then checks to ensure no pflash devices have been configured when using IGVM, exiting with an error message if this is not the case. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
The function sev_encrypt_flash() checks to see if the return value of launch_update_data() < 0, but the function returns a non-zero (and not necessarily negative) result on error. This means that some errors in updating launch data will result in the function returning success. In addition, the function takes an Error parameter which is not used when an error is actually returned. The return value is now checked for non-zero to indicate an error and a suitable error message is logged. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
The class function and implementations for updating launch data return a code in case of error. In some cases an error message is generated and in other cases, just the error return value is used. This small refactor adds an 'Error **errp' parameter to all functions which consistently set an error condition if a non-zero value is returned. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
…ache() The x86 segment registers are identified by the X86Seg enumeration which includes LDTR and TR as well as the normal segment registers. The function 'cpu_x86_load_seg_cache()' uses the enum to determine which segment to set. However, specifying R_LDTR or R_TR results in an out-of-bounds access of the segment array. Possibly by coincidence, the function does correctly set LDTR or TR in this case as the structures for these registers immediately follow the array which is accessed out of bounds. This patch adds correct handling for R_LDTR and R_TR in the function. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
When an SEV guest is started, the reset vector and state are extracted from metadata that is contained in the firmware volume. In preparation for using IGVM to setup the initial CPU state, the code has been refactored to populate vmcb_save_area for each CPU which is then applied during guest startup and CPU reset. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
The ConfidentialGuestSupport object defines a number of virtual functions that are called during processing of IGVM directives to query or configure initial guest state. In order to support processing of IGVM files, these functions need to be implemented by relevant isolation hardware support code such as SEV. This commit implements the required functions for SEV-ES and adds support for processing IGVM files for configuring the guest. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
IGVM support has been implemented for Confidential Guests that support AMD SEV and AMD SEV-ES. Add some documentation that gives some background on the IGVM format and how to use it to configure a confidential guest. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
Create an enum entry within FirmwareDevice for 'igvm' to describe that an IGVM file can be used to map firmware into memory as an alternative to pre-existing firmware devices. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
For confidential guests a policy can be provided that defines the security level, debug status, expected launch measurement and other parameters that define the configuration of the confidential platform. This commit adds a new function named set_guest_policy() that can be implemented by each confidential platform, such as AMD SEV to set the policy. This will allow configuration of the policy from a multi-platform resource such as an IGVM file without the IGVM processor requiring specific implementation details for each platform. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
The initialization sections in IGVM files contain configuration that should be applied to the guest platform before it is started. This includes guest policy and other information that can affect the security level and the startup measurement of a guest. This commit introduces handling of the initialization sections during processing of the IGVM file. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
Adds a handler for the guest policy initialization IGVM section and builds an SEV policy based on this information and the ID block directive if present. The policy is applied using by calling 'set_guest_policy()' on the ConfidentialGuestSupport object. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
The new cgs_set_guest_policy() function is provided to receive the guest policy flags, SNP ID block and SNP ID authentication from guest configuration such as an IGVM file and apply it to the platform prior to launching the guest. The policy is used to populate values for the existing 'policy', 'id_block' and 'id_auth' parameters. When provided, the guest policy is applied and the ID block configuration is used to verify the launch measurement and signatures. The guest is only successfully started if the expected launch measurements match the actual measurements and the signatures are valid. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
IGVM files can contain an initial VMSA that should be applied to each vcpu as part of the initial guest state. The sev_features flags are provided as part of the VMSA structure. However, KVM only allows sev_features to be set during initialization and not as the guest is being prepared for launch. This patch queries KVM for the supported set of sev_features flags and processes the IGVM file during kvm_init to determine any sev_features flags set in the IGVM file. These are then provided in the call to KVM_SEV_INIT2 to ensure the guest state matches that specified in the IGVM file. This does cause the IGVM file to be processed twice. Firstly to extract the sev_features then secondly to actually configure the guest. However, the first pass is largely ignored meaning the overhead is minimal. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
Previously the VMSA could not be set directly. Instead the current CPU state was automatically populated into a VMSA within kvm as part of KVM_SEV_SNP_LAUNCH_FINISH. This meant that it was hard to ensure the VMSA provided by IGVM matched the resulting one in kvm. KVM has been updated to allow the VMSA to be provided via KVM_SEV_SNP_LAUNCH_UPDATE. In this case, kvm does not perform any specific synchronisation during FINISH and the VMSA is guaranteed to match that provided by QEMU. Signed-off-by: Roy Hopkins <roy.hopkins@suse.com>
This was referenced Jul 19, 2024
Closed
|
Hi @roy-hopkins, just testing out this PR. I am using the latest main branch of Coconut, ivgm 0.3.3, Qemu from this PR, Linux from coconut-svsm/linux#6, and the current EDK2 branch for coconut. Any idea what might go wrong here? Qemu command line: |
I think you need to use the latest version of OVMF from tianocore/edk2 as the current coconut version does not seem to be compatible with the latest SEV-SNP host changes. Try building the latest master branch: https://github.com/tianocore/edk2. |
|
Yes, that works. Thanks! |
|
Apologies for the confusion. Will this PR be merged? Or is it recommended to use https://github.com/roy-hopkins/qemu/tree/igvm_master_v5? Thank you! |
|
Superseded by #16 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
This branch is based on QEMU master commit 1a2d52c with the IGVM patch series v4 applied. Also, the top commit provides a modification to the handling of IGVM VMSA directives to directly set the VMSA in KVM via the KVM_SEV_SNP_LAUNCH_UPDATE ioctl.
Compatibility
This version of QEMU works with the host kernel in the kvm 'next' branch: https://git.kernel.org/pub/scm/virt/kvm/kvm.git/log/?h=next. However, the change to VMSA handling requires a corresponding patch to the kernel. In order to support SVSM, a further set of patches are also required.
A kernel based on kvm/next including SVSM, SEV-SNP VMPL2 guest and VMSA patches will be provided via a PR in COCONUT-SVSM/linux.
Reason for direct VMSA update
The patch that updates VMSA handling can be dropped from this branch and SVSM will still work correctly. However, due to the way the VMSA is handled for each vCPU in KVM this will result in the launch measurement never matching the pre-calculated launch measurement of the IGVM file. The previous SVSM kernel included a sev_feature flag that indicated use of an SVSM which then changed this behaviour to get the measurement to match but this cannot be supported anymore.
New Command line
The QEMU command line to launch a guest with SVSM has changed since the previous version. In particular
init-flagsis not supported anymore (which is how we used to indicate an SVSM was present) and IGVM now has its own object: