Re: [PATCH v3 48/49] hw/i386/sev: Use guest_memfd for legacy ROMs

On Thu, Mar 28, 2024 at 08:45:03AM +0800, Xiaoyao Li wrote: > On 3/21/2024 2:12 AM, Isaku Yamahata wrote: > > On Wed, Mar 20, 2024 at 03:39:44AM -0500, > > Michael Roth wrote: > > > > > TODO: make this SNP-specific if TDX disables legacy ROMs in general > >

[ANNOUNCE] QEMU 9.0.0 is now available

Hello, On behalf of the QEMU Team, I'd like to announce the availability of the QEMU 9.0.0 release. This release contains 2700+ commits from 220 authors. You can grab the tarball from our download page here: https://www.qemu.org/download/#source The full list of changes are available at:

[ANNOUNCE] QEMU 9.0.0-rc4 is now available

Hello, On behalf of the QEMU Team, I'd like to announce the availability of the fifth release candidate for the QEMU 9.0 release. This release is meant for testing purposes and should not be used in a production environment. http://download.qemu.org/qemu-9.0.0-rc4.tar.xz

[ANNOUNCE] QEMU 9.0.0-rc3 is now available

Hello, On behalf of the QEMU Team, I'd like to announce the availability of the fourth release candidate for the QEMU 9.0 release. This release is meant for testing purposes and should not be used in a production environment. http://download.qemu.org/qemu-9.0.0-rc3.tar.xz

[PATCH for-9.1 v1 0/3] Add SEV/SEV-ES machine compat options for KVM_SEV_INIT2

: section 11.5.7 also documents that FTW should be all 1's, whereas QEMU currently sets all zeroes. Should that be changed as part of this, or are there other reasons for setting 0? Thanks, Mike Michael Roth (3

[PATCH v1 3/3] hw/i386/sev: Use legacy SEV VM types for older machine types

version. Avoid this by continuing to use the older KVM_SEV_INIT/KVM_SEV_ES_INIT APIs for older machine types. Signed-off-by: Michael Roth --- hw/i386/pc.c | 5 + hw/i386/pc_piix.c| 1 + hw/i386/pc_q35.c | 1 + include/hw/i386/pc.h | 3 +++ target/i386/sev.c| 1 + 5 files

[PATCH v1 2/3] hw/i386: Add 9.1 machine types for i440fx/q35

Define the 9.1 machine types and make them identical to 9.0 for now. This will be needed to add PC compat options for 9.1+ features. Signed-off-by: Michael Roth --- hw/i386/pc_piix.c | 12 +++- hw/i386/pc_q35.c | 11 ++- 2 files changed, 21 insertions(+), 2 deletions(-) diff

[PATCH v1 1/3] i386/sev: Add 'legacy-vm-type' parameter for SEV guest objects

interface, while still providing a mechanism to maintain backward compatibility with VMs created using the older interfaces, provide a new command-line parameter: -object sev-guest,legacy-vm-type=true,... and have it default to false. Signed-off-by: Michael Roth --- qapi/qom.json | 11

[ANNOUNCE] QEMU 9.0.0-rc2 is now available

Hello, On behalf of the QEMU Team, I'd like to announce the availability of the third release candidate for the QEMU 9.0 release. This release is meant for testing purposes and should not be used in a production environment. http://download.qemu.org/qemu-9.0.0-rc2.tar.xz

[ANNOUNCE] QEMU 9.0.0-rc1 is now available

Hello, On behalf of the QEMU Team, I'd like to announce the availability of the second release candidate for the QEMU 9.0 release. This release is meant for testing purposes and should not be used in a production environment. http://download.qemu.org/qemu-9.0.0-rc1.tar.xz

Re: [PATCH 19/26] RAMBlock: Add support of KVM private guest memfd

On Fri, Mar 22, 2024 at 07:11:09PM +0100, Paolo Bonzini wrote: > From: Michael Roth This should be: From: Xiaoyao Li Looks like the author got reset in my tree for some reason and I failed to notice it before posting. Sorry for the mix-up. -Mike > > Add KVM guest_memf

Re: [PATCH RFC v3 00/49] Add AMD Secure Nested Paging (SEV-SNP) support

On Wed, Mar 20, 2024 at 03:38:56AM -0500, Michael Roth wrote: > > Testing > --- > > This series has been tested against the following host kernel tree, which > is a snapshot of the latest WIP SNP hypervisor tree at the time of this > posting. It will likely not be kept

Re: [PATCH v3 11/49] physmem: Introduce ram_block_discard_guest_memfd_range()

On Wed, Mar 20, 2024 at 09:04:52PM +0100, David Hildenbrand wrote: > On 20.03.24 18:38, Michael Roth wrote: > > On Wed, Mar 20, 2024 at 10:37:14AM +0100, David Hildenbrand wrote: > > > On 20.03.24 09:39, Michael Roth wrote: > > > > From: Xiaoyao Li > > > &

Re: [PATCH v3 47/49] hw/i386/sev: Add support to encrypt BIOS when SEV-SNP is enabled

On Wed, Mar 20, 2024 at 12:22:34PM +, Daniel P. Berrangé wrote: > On Wed, Mar 20, 2024 at 03:39:43AM -0500, Michael Roth wrote: > > TODO: Brijesh as author, me as co-author (vice-versa depending) > > drop flash handling? we only support BIOS now > > A reminder tha

Re: [PATCH v3 40/49] hw/i386/sev: Add function to get SEV metadata from OVMF header

On Wed, Mar 20, 2024 at 10:55:35AM -0700, Isaku Yamahata wrote: > On Wed, Mar 20, 2024 at 03:39:36AM -0500, > Michael Roth wrote: > > > From: Brijesh Singh > > > > A recent version of OVMF expanded the reset vector GUID list to add > > SEV-specific metadata

Re: [PATCH v3 37/49] i386/sev: Add the SNP launch start context

On Wed, Mar 20, 2024 at 10:58:30AM +0100, Paolo Bonzini wrote: > On 3/20/24 09:39, Michael Roth wrote: > > From: Brijesh Singh > > > > The SNP_LAUNCH_START is called first to create a cryptographic launch > > context within the firmware. > > > > Signe

Re: [PATCH v3 31/49] i386/sev: Update query-sev QAPI format to handle SEV-SNP

On Wed, Mar 20, 2024 at 12:10:04PM +, Daniel P. Berrangé wrote: > On Wed, Mar 20, 2024 at 03:39:27AM -0500, Michael Roth wrote: > > Most of the current 'query-sev' command is relevant to both legacy > > SEV/SEV-ES guests and SEV-SNP guests, with 2 exceptions: > > > &g

Re: [PATCH v3 25/49] i386/sev: Skip RAMBlock notifiers for SNP

On Wed, Mar 20, 2024 at 10:46:29AM +0100, Paolo Bonzini wrote: > On 3/20/24 09:39, Michael Roth wrote: > > SEV uses these notifiers to register/pin pages prior to guest use, since > > they could potentially be used for private memory where page migration > > is not support

Re: [PATCH v3 23/49] i386/sev: Add a sev_snp_enabled() helper

On Wed, Mar 20, 2024 at 12:35:09PM +, Daniel P. Berrangé wrote: > On Wed, Mar 20, 2024 at 03:39:19AM -0500, Michael Roth wrote: > > Add a simple helper to check if the current guest type is SNP. Also have > > SNP-enabled imply that SEV-ES is enabled as well, and fix up any p

Re: [PATCH v3 22/49] i386/sev: Introduce 'sev-snp-guest' object

On Wed, Mar 20, 2024 at 11:58:57AM +, Daniel P. Berrangé wrote: > On Wed, Mar 20, 2024 at 03:39:18AM -0500, Michael Roth wrote: > > From: Brijesh Singh > > > > SEV-SNP support relies on a different set of properties/state than the > > existing 'sev-guest' ob

Re: [PATCH v3 21/49] i386/sev: Introduce "sev-common" type to encapsulate common SEV state

On Wed, Mar 20, 2024 at 11:47:28AM +, Daniel P. Berrangé wrote: > On Wed, Mar 20, 2024 at 03:39:17AM -0500, Michael Roth wrote: > > Currently all SEV/SEV-ES functionality is managed through a single > > 'sev-guest' QOM type. With upcoming support for SEV-SNP, taking this &g

Re: [PATCH v3 21/49] i386/sev: Introduce "sev-common" type to encapsulate common SEV state

On Wed, Mar 20, 2024 at 11:44:13AM +, Daniel P. Berrangé wrote: > On Wed, Mar 20, 2024 at 03:39:17AM -0500, Michael Roth wrote: > > Currently all SEV/SEV-ES functionality is managed through a single > > 'sev-guest' QOM type. With upcoming support for SEV-SNP, taking this &g

Re: [PATCH v3 19/49] kvm: Make kvm_convert_memory() obey ram_block_discard_is_enabled()

On Wed, Mar 20, 2024 at 05:26:00PM +0100, Paolo Bonzini wrote: > On 3/20/24 09:39, Michael Roth wrote: > > Some subsystems like VFIO might disable ram block discard for > > uncoordinated cases. Since kvm_convert_memory()/guest_memfd don't > > implement a RamDiscardManager hand

Re: [PATCH v3 11/49] physmem: Introduce ram_block_discard_guest_memfd_range()

On Wed, Mar 20, 2024 at 10:37:14AM +0100, David Hildenbrand wrote: > On 20.03.24 09:39, Michael Roth wrote: > > From: Xiaoyao Li > > > > When memory page is converted from private to shared, the original > > private memory is back'e

[PATCH v3 08/49] trace/kvm: Split address space and slot id in trace_kvm_set_user_memory()

From: Xiaoyao Li The upper 16 bits of kvm_userspace_memory_region::slot are address space id. Parse it separately in trace_kvm_set_user_memory(). Signed-off-by: Xiaoyao Li Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c| 5 +++-- accel/kvm/trace-events | 2 +- 2 files changed, 4

[PATCH v3 07/49] HostMem: Add mechanism to opt in kvm guest memfd via MachineState

ire_guest_memfd" to "guest_memfd" in struct HostMemoryBackend; (David Hildenbrand) Signed-off-by: Michael Roth --- backends/hostmem-file.c | 1 + backends/hostmem-memfd.c | 1 + backends/hostmem-ram.c | 1 + backends/hostmem.c | 1 + hw/core/machine.c| 5 + include/hw

[PATCH v3 04/49] [HACK] linux-headers: Update headers for 6.8 + kvm-coco-queue + SNP

LM_BASE_ADDR_HIGH 8 #define LM_END_ADDR_LOW 12 #define LM_END_ADDR_HIGH16 #define LM_VRING_STATE_OFFSET 0x20 Signed-off-by: Michael Roth --- include/standard-headers/asm-x86/bootparam.h | 17 +- include/standard-headers/asm-x86/kvm_para.h

[PATCH v3 05/49] [TEMP] hw/i386: Remove redeclaration of struct setup_data

TODO: this needs to be done as part of header update to avoid temporary build bisect breakage. Keeping it separate for reference. It is now provided by kernel headers. Signed-off-by: Michael Roth --- hw/i386/x86.c | 8 1 file changed, 8 deletions(-) diff --git a/hw/i386/x86.c b/hw

[PATCH v3 06/49] RAMBlock: Add support of KVM private guest memfd

essage; (Daniel P. Berrangé) - remove flags in ram_block_add(); (David Hildenbrand) Changes in v3: - rename gmem to guest_memfd; - close(guest_memfd) when RAMBlock is released; (Daniel P. Berrangé) - Suqash the patch that introduces memory_region_has_guest_memfd(). Signed-off-by: Michae

[PATCH v3 49/49] hw/i386: Add support for loading BIOS using guest_memfd

enablement since those interfaces rely on the use of ROM memory regions which make use of the KVM_MEM_READONLY memslot flag, which is not supported for guest_memfd-backed memslots. Signed-off-by: Michael Roth --- hw/i386/x86.c | 36 +++- 1 file changed, 23 insertions

[PATCH v3 48/49] hw/i386/sev: Use guest_memfd for legacy ROMs

this handling is needed to allow QEMU to continue running existing SNP guest kernels. Signed-off-by: Michael Roth --- hw/i386/pc.c | 13 + hw/i386/pc_sysfw.c | 13 ++--- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/hw/i386/pc.c b/hw/i386/pc.c index

[PATCH v3 47/49] hw/i386/sev: Add support to encrypt BIOS when SEV-SNP is enabled

TODO: Brijesh as author, me as co-author (vice-versa depending) drop flash handling? we only support BIOS now Signed-off-by: Michael Roth --- hw/i386/pc_sysfw.c| 12 +++- hw/i386/x86.c | 2 +- include/hw/i386/x86.h | 2 +- target/i386/sev

[PATCH v3 46/49] i386/sev: Allow measured direct kernel boot on SNP

of the page is reserved for SEV launch secrets which are not usable anyway on SNP. If the user disabled kernel hashes, QEMU pre-validates the kernel hashes page as a zero page. Signed-off-by: Dov Murik Signed-off-by: Michael Roth --- include/hw/i386/pc.h | 2 ++ target/i386/sev.c| 36

[PATCH v3 45/49] i386/sev: Reorder struct declarations

From: Dov Murik Move the declaration of PaddedSevHashTable before SevSnpGuest so we can add a new such field to the latter. No functional change intended. Signed-off-by: Dov Murik Signed-off-by: Michael Roth --- target/i386/sev.c | 56 +++ 1 file

[PATCH v3 44/49] i386/sev: Extract build_kernel_loader_hashes

From: Dov Murik Extract the building of the kernel hashes table out from sev_add_kernel_loader_hashes() to allow building it in other memory areas (for SNP support). No functional change intended. Signed-off-by: Dov Murik Signed-off-by: Michael Roth --- target/i386/sev.c | 101

[PATCH v3 43/49] qapi, i386: Move kernel-hashes to SevCommonProperties

From: Dov Murik In order to enable kernel-hashes for SNP, pull it from SevGuestProperties to its parent SevCommonProperties so it will be available for both SEV and SNP. Signed-off-by: Dov Murik Signed-off-by: Michael Roth --- qapi/qom.json | 14 +++--- target/i386/sev.c | 44

[PATCH v3 42/49] i386/sev: Add support for SNP CPUID validation

, use this interface to validate the CPUID entries reported by KVM_GET_CPUID2 prior to initial guest start and populate the CPUID page reserved by OVMF with the resulting encrypted data. [1] SEV SNP Firmware ABI Specification, Rev. 0.8, 8.13.2.6 Signed-off-by: Michael Roth --- target/i386/sev.c

[PATCH v3 41/49] i386/sev: Add support for populating OVMF metadata pages

From: Brijesh Singh OVMF reserves various pages so they can be pre-initialized/validated prior to launching the guest. Add support for populating these pages with the expected content. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth --- target/i386/sev.c | 75

[PATCH v3 03/49] scripts/update-linux-headers: Add bits.h to file imports

Signed-off-by: Michael Roth --- scripts/update-linux-headers.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh index 579b03dc82..b992ed7b15 100755 --- a/scripts/update-linux-headers.sh +++ b/scripts/update

[PATCH v3 40/49] hw/i386/sev: Add function to get SEV metadata from OVMF header

to retieve the SEV metadata pointer from the OVMF GUID list. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth --- hw/i386/pc_sysfw_ovmf.c | 33 + include/hw/i386/pc.h| 26 ++ 2 files changed, 59 insertions(+) diff --git a/hw

[PATCH v3 39/49] i386/sev: Set CPU state to protected once SNP guest payload is finalized

continue trying to re-sync vCPU data during guest runtime. Signed-off-by: Michael Roth --- target/i386/sev.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index 4155342e72..4d862eef78 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -975,6 +975,7

[PATCH v3 38/49] i386/sev: Add handling to encrypt/finalize guest launch data

From: Brijesh Singh Process any queued up launch data and encrypt/measure it into the SNP guest instance prior to initial guest launch. Signed-off-by: Brijesh Singh Co-authored-by: Michael Roth Signed-off-by: Michael Roth --- target/i386/sev.c| 101

[PATCH v3 37/49] i386/sev: Add the SNP launch start context

From: Brijesh Singh The SNP_LAUNCH_START is called first to create a cryptographic launch context within the firmware. Signed-off-by: Brijesh Singh Signed-off-by: Michael Roth --- target/i386/sev.c| 42 +++- target/i386/trace-events | 1 + 2 files

[PATCH v3 36/49] i386/sev: Add KVM_EXIT_VMGEXIT handling for Extended Guest Requests

format. Add a certs-path parameter to the sev-snp-guest object so that it can be used to inject any certificate data into these Extended Guest Requests. Signed-off-by: Michael Roth --- qapi/qom.json | 7 +++- target/i386/sev.c | 85 +++ 2 files

[PATCH v3 35/49] i386/sev: Add KVM_EXIT_VMGEXIT handling for Page State Changes (MSR-based)

for these. Signed-off-by: Michael Roth --- target/i386/sev.c | 16 1 file changed, 16 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index 0c6a253138..b54422b28e 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -1560,6 +1560,18 @@ out_unmap: return 0

[PATCH v3 34/49] i386/sev: Add KVM_EXIT_VMGEXIT handling for Page State Changes

for handling KVM_EXIT_VMGEXIT events, and then implement handling for Page State Change requests on top of that. [1] https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf Signed-off-by: Michael Roth --- target/i386/kvm/kvm.c | 3 + target/i386/sev.c

[PATCH v3 33/49] kvm: Make kvm_convert_memory() non-static

Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c | 2 +- include/sysemu/kvm.h | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index b5872fdc07..bf0ae0c8ad 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -2913,7

[PATCH v3 32/49] i386/sev: Don't return launch measurements for SEV-SNP guests

For SEV-SNP guests, launch measurement is queried from within the guest during attestation, so don't attempt to return it as part of query-sev-launch-measure. Signed-off-by: Michael Roth --- target/i386/sev.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/target/i386

[PATCH v3 31/49] i386/sev: Update query-sev QAPI format to handle SEV-SNP

appropriately). The corresponding HMP command has also been fixed up similarly. Signed-off-by: Michael Roth --- qapi/misc-target.json | 71 ++- target/i386/sev.c | 50 -- target/i386/sev.h | 3 ++ 3 files changed, 94

[PATCH v3 02/49] scripts/update-linux-headers: Add setup_data.h to import list

bisect breakage. Signed-off-by: Michael Roth --- scripts/update-linux-headers.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh index a0006eec6f..579b03dc82 100755 --- a/scripts/update-linux-headers.sh +++ b/scripts/update

[PATCH v3 30/49] i386/cpu: Set SEV-SNP CPUID bit when SNP enabled

SNP guests will rely on this bit to determine certain feature support. Signed-off-by: Michael Roth --- target/i386/cpu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 33760a2ee1..3fdaac3472 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c

[PATCH v3 29/49] i386/sev: Don't disable block discarding for SNP

SEV/SEV-ES rely on pinned memory to back guest RAM so discarding isn't actually possible. With SNP, only guest_memfd pages are used for private guest memory, so discarding of shared memory is still possible, so only disable discard for SEV/SEV-ES. Signed-off-by: Michael Roth --- target/i386

[PATCH v3 28/49] i386/sev: Disable SMM for SNP

SNP does not support SMM. Signed-off-by: Michael Roth --- target/i386/sev.c | 8 1 file changed, 8 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c index b06c796aae..134e8f7c22 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -881,6 +881,7 @@ static int

[PATCH v3 27/49] i386/sev: Set ms->require_guest_memfd for SNP

SNP requires guest_memfd for private guest memory, so enable it so that the appropriate guest_memfd backend will be available for normal RAM regions. Signed-off-by: Michael Roth --- target/i386/sev.c | 5 + 1 file changed, 5 insertions(+) diff --git a/target/i386/sev.c b/target/i386/sev.c

[PATCH v3 26/49] i386/sev: Skip machine-init-done notifiers for SNP

of using guest attestation instead. Signed-off-by: Michael Roth --- target/i386/sev.c | 10 +- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 774262d834..e4deb7b41e 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -989,9 +989,17

[PATCH v3 25/49] i386/sev: Skip RAMBlock notifiers for SNP

memory. Signed-off-by: Michael Roth --- target/i386/sev.c | 10 +- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/target/i386/sev.c b/target/i386/sev.c index 61af312a11..774262d834 100644 --- a/target/i386/sev.c +++ b/target/i386/sev.c @@ -982,7 +982,15 @@ static int

[PATCH v3 24/49] target/i386: Add handling for KVM_X86_SNP_VM VM type

An SNP VM requires VM type KVM_X86_SNP_VM to be passed to kvm_ioctl(KVM_CREATE_VM). Add it to the list of supported VM types, and return it appropriately via X86ConfidentialGuestClass->kvm_type(). Signed-off-by: Michael Roth --- target/i386/kvm/kvm.c | 1 + target/i386/sev.c |

[PATCH v3 23/49] i386/sev: Add a sev_snp_enabled() helper

Add a simple helper to check if the current guest type is SNP. Also have SNP-enabled imply that SEV-ES is enabled as well, and fix up any places where the sev_es_enabled() check is expecting a pure/non-SNP guest. Signed-off-by: Michael Roth --- target/i386/sev.c | 13 - target/i386

[PATCH v3 22/49] i386/sev: Introduce 'sev-snp-guest' object

characters, but this is generally well below the default limit for linux hosts where command-line sizes are defined by the sysconf-configurable ARG_MAX value, which defaults to 2097152 characters for Ubuntu hosts, for example. Signed-off-by: Brijesh Singh Co-developed-by: Michael Roth Acked-by: Markus

[PATCH v3 01/49] Revert "linux-headers hack" from sevinit2 base tree

TODO: Either apply this in advance of sevinit2 patches, or drop this in favor of a separate preceeding sync of 6.8 kvm-next. A separate standalone linux-headers sync will be used instead. Signed-off-by: Michael Roth --- linux-headers/asm-x86/kvm.h | 8 linux-headers/linux/kvm.h | 2

[PATCH v3 21/49] i386/sev: Introduce "sev-common" type to encapsulate common SEV state

now points to common state, use the name 'sev_common'; in cases where that now points to state specific to 'sev-guest' instance, use the name 'sev_guest' Signed-off-by: Michael Roth --- qapi/qom.json | 32 ++-- target/i386/sev.c |

[PATCH v3 20/49] trace/kvm: Add trace for KVM_EXIT_MEMORY_FAULT

Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c| 3 +++ accel/kvm/trace-events | 1 + 2 files changed, 4 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 6ae03c880f..b5872fdc07 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -3145,6 +3145,9 @@ int

[PATCH v3 18/49] q35: Introduce smm_ranges property for q35-pci-host

Signed-off-by: Sean Christopherson Signed-off-by: Xiaoyao Li Signed-off-by: Michael Roth --- hw/i386/pc_q35.c | 2 ++ hw/pci-host/q35.c | 42 +++ include/hw/i386/pc.h | 1 + include/hw/pci-host/q35.h | 1 + 4 files changed, 33

[PATCH v3 19/49] kvm: Make kvm_convert_memory() obey ram_block_discard_is_enabled()

pages. Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 53ce4f091e..6ae03c880f 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -2962,10 +2962,14 @@ stat

[PATCH v3 17/49] pci-host/q35: Move PAM initialization above SMRAM initialization

From: Isaku Yamahata In mch_realize(), process PAM initialization before SMRAM initialization so that later patch can skill all the SMRAM related with a single check. Signed-off-by: Isaku Yamahata Signed-off-by: Xiaoyao Li Signed-off-by: Michael Roth --- hw/pci-host/q35.c | 19

[PATCH v3 16/49] memory: Introduce memory_region_init_ram_guest_memfd()

this function is dropped in this v5 series; Signed-off-by: Michael Roth --- include/exec/memory.h | 6 ++ system/memory.c | 25 + 2 files changed, 31 insertions(+) diff --git a/include/exec/memory.h b/include/exec/memory.h index 679a847685..1e351f6fc8 100644

[PATCH v3 15/49] kvm/memory: Make memory type private by default if it has guest memfd backend

to private when memory region has valid guest memfd backend. Signed-off-by: Xiaoyao Li Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 9a8b365a69..53ce4f091e 100644 --- a/accel/kvm

[PATCH v3 14/49] trace/kvm: Add trace for page convertion between shared and private

Signed-off-by: Isaku Yamahata Signed-off-by: Xiaoyao Li Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c| 2 ++ accel/kvm/trace-events | 1 + 2 files changed, 3 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index a9c19ab9a1..9a8b365a69 100644 --- a/accel/kvm/kvm

[PATCH v3 13/49] [FIXUP] "kvm: handle KVM_EXIT_MEMORY_FAULT": drop qemu_host_page_size

TODO: squash into "kvm: handle KVM_EXIT_MEMORY_FAULT" qemu_host_page_size has been superseded by qemu_real_host_page_size() in newer QEMU, so update the patch accordingly. Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletion

[PATCH v3 12/49] kvm: handle KVM_EXIT_MEMORY_FAULT

warn_report() to error_report(); (Daniel) Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c | 94 - 1 file changed, 84 insertions(+), 10 deletions(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index df7a32735a..2fdc07a472 100644

[PATCH v3 11/49] physmem: Introduce ram_block_discard_guest_memfd_range()

Li Reviewed-by: David Hildenbrand --- Changes in v5: - Collect Reviewed-by from David; Changes in in v4: - Drop ram_block_convert_range() and open code its implementation in the next Patch. Signed-off-by: Michael Roth --- include/exec/cpu-common.h | 2 ++ system/physmem.c | 23

[PATCH RFC v3 00/49] Add AMD Secure Nested Paging (SEV-SNP) support

act build_kernel_loader_hashes i386/sev: Reorder struct declarations i386/sev: Allow measured direct kernel boot on SNP Isaku Yamahata (2): pci-host/q35: Move PAM initialization above SMRAM initialization q35: Introduce smm_ranges property for q35-pci-host Michael Roth (30):

[PATCH v3 10/49] kvm: Introduce support for memory_attributes

-by: Michael Roth --- accel/kvm/kvm-all.c | 44 include/sysemu/kvm.h | 3 +++ 2 files changed, 47 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index e83429b31e..df7a32735a 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm

[PATCH v3 09/49] kvm: Enable KVM_SET_USER_MEMORY_REGION2 for memslot

-by: Xiaoyao Li --- Changes in v4: - update KVM_MEM_PRIVATE to KVM_MEM_GUEST_MEMFD; (Isaku) Signed-off-by: Michael Roth --- accel/kvm/kvm-all.c | 56 ++-- accel/kvm/trace-events | 2 +- include/sysemu/kvm_int.h | 2 ++ 3 files changed, 51 insertions

[ANNOUNCE] QEMU 9.0.0-rc0 is now available

Hello, On behalf of the QEMU Team, I'd like to announce the availability of the first release candidate for the QEMU 9.0 release. This release is meant for testing purposes and should not be used in a production environment. http://download.qemu.org/qemu-9.0.0-rc0.tar.xz

Re: [qemu-web PATCH] Add QEMU 8.2.0 release announcement

Quoting Stefan Hajnoczi (2023-12-20 10:32:53) > On Wed, 20 Dec 2023 at 11:18, Michael Roth wrote: > > > > Quoting Stefan Hajnoczi (2023-12-20 10:02:37) > > > Cc: Michael Roth > > > Signed-off-by: Stefan Hajnoczi > > > --- &

[ANNOUNCE] QEMU 8.2.0 is now available

Hello, On behalf of the QEMU Team, I'd like to announce the availability of the QEMU 8.2.0 release. This release contains 3200+ commits from 238 authors. You can grab the tarball from our download page here: https://www.qemu.org/download/#source The full list of changes are available at:

Re: [qemu-web PATCH] Add QEMU 8.2.0 release announcement

Quoting Stefan Hajnoczi (2023-12-20 10:02:37) > Cc: Michael Roth > Signed-off-by: Stefan Hajnoczi > --- > _posts/2023-12-20-qemu-8-2-0.md | 29 + > 1 file changed, 29 insertions(+) > create mode 100644 _posts/2023-12-20-qemu-8-2-0.md > > dif

[ANNOUNCE] QEMU 8.2.0-rc4 is now available

Hello, On behalf of the QEMU Team, I'd like to announce the availability of the fifth release candidate for the QEMU 8.2 release. This release is meant for testing purposes and should not be used in a production environment. http://download.qemu.org/qemu-8.2.0-rc4.tar.xz

[ANNOUNCE] QEMU 8.2.0-rc3 is now available

: Avoid SEV-ES crash due to missing MSR_EFER_LMA bit (Michael Roth) 80a37b039e: hw/ufs: avoid generating the same ID string for different LU devices (Akinobu Mita) 2e8ed6a970: tests/avocado: mark ReplayKernelNormal.test_mips64el_malta as flaky (Alex Bennée) d369ad5558: tests/avocado: Update yamon

Re: [PATCH v2 for-8.2?] i386/sev: Avoid SEV-ES crash due to missing MSR_EFER_LMA bit

On Wed, Dec 06, 2023 at 07:20:14PM +0200, Maxim Levitsky wrote: > On Tue, 2023-12-05 at 16:28 -0600, Michael Roth wrote: > > Commit 7191f24c7fcf ("accel/kvm/kvm-all: Handle register access errors") > > added error checking for KVM_SET_SREGS/KVM_SET_SREGS2. In doing

[PATCH v3 for-8.2] i386/sev: Avoid SEV-ES crash due to missing MSR_EFER_LMA bit

i Cc: Tom Lendacky Cc: Akihiko Odaki Cc: Philippe Mathieu-Daudé Cc: Lara Lazier Cc: Vitaly Kuznetsov Cc: Maxim Levitsky Cc: k...@vger.kernel.org Fixes: 7191f24c7fcf ("accel/kvm/kvm-all: Handle register access errors") Signed-off-by: Michael Roth --- target/i386/kvm/kvm.c | 8 +++

Re: [PATCH v2 for-8.2?] i386/sev: Avoid SEV-ES crash due to missing MSR_EFER_LMA bit

On Wed, Dec 06, 2023 at 04:04:43PM +0100, Paolo Bonzini wrote: > On Wed, Dec 6, 2023 at 3:46 PM Michael Roth wrote: > > > There is no need to check cr0_old or sev_es_enabled(); EFER.LMA is > > > simply EFER.LME && CR0.PG. > > > > Yah, I originally had it l

Re: [PATCH v2 for-8.2?] i386/sev: Avoid SEV-ES crash due to missing MSR_EFER_LMA bit

On Wed, Dec 06, 2023 at 02:41:13PM +0100, Paolo Bonzini wrote: > On Tue, Dec 5, 2023 at 11:28 PM Michael Roth wrote: > > @@ -3637,12 +3638,18 @@ static int kvm_get_sregs(X86CPU *cpu) > > env->gdt.limit = sregs.gdt.limit; > > env->gdt.base = sregs.gdt.base; >

Re: [PATCH v2 for-8.2?] i386/sev: Avoid SEV-ES crash due to missing MSR_EFER_LMA bit

On Wed, Dec 06, 2023 at 12:48:35PM +0100, Philippe Mathieu-Daudé wrote: > Hi Michael, > > (Cc'ing Lara, Vitaly and Maxim) > > On 5/12/23 23:28, Michael Roth wrote: > > Commit 7191f24c7fcf ("accel/kvm/kvm-all: Handle register access errors") > > a

Re: [PATCH for-8.2?] i386/sev: Avoid SEV-ES crash due to missing MSR_EFER_LMA bit

Quoting Stefan Hajnoczi (2023-12-05 16:27:51) > On Tue, 5 Dec 2023 at 17:12, Michael Roth wrote: > > > > Commit 7191f24c7fcf ("accel/kvm/kvm-all: Handle register access errors") > > added error checking for KVM_SET_SREGS/KVM_SET_SREGS2. In doing so, it > >

[PATCH v2 for-8.2?] i386/sev: Avoid SEV-ES crash due to missing MSR_EFER_LMA bit

m Lendacky Cc: Akihiko Odaki Cc: k...@vger.kernel.org Fixes: 7191f24c7fcf ("accel/kvm/kvm-all: Handle register access errors") Signed-off-by: Michael Roth --- v2: - Add handling for KVM_GET_SREGS, not just KVM_GET_SREGS2 target/i386/kvm/kvm.c | 14 ++ 1 file changed, 14

[PATCH for-8.2?] i386/sev: Avoid SEV-ES crash due to missing MSR_EFER_LMA bit

m Lendacky Cc: Akihiko Odaki Cc: k...@vger.kernel.org Fixes: 7191f24c7fcf ("accel/kvm/kvm-all: Handle register access errors") Signed-off-by: Michael Roth --- target/i386/kvm/kvm.c | 7 +++ 1 file changed, 7 insertions(+) diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kv

[ANNOUNCE] QEMU 8.2.0-rc2 is now available

Hello, On behalf of the QEMU Team, I'd like to announce the availability of the third release candidate for the QEMU 8.2 release. This release is meant for testing purposes and should not be used in a production environment. http://download.qemu.org/qemu-8.2.0-rc2.tar.xz

[ANNOUNCE] QEMU 8.2.0-rc1 is now available

Hello, On behalf of the QEMU Team, I'd like to announce the availability of the second release candidate for the QEMU 8.2 release. This release is meant for testing purposes and should not be used in a production environment. http://download.qemu.org/qemu-8.2.0-rc1.tar.xz

[ANNOUNCE] QEMU 8.2.0-rc0 is now available

Hello, On behalf of the QEMU Team, I'd like to announce the availability of the first release candidate for the QEMU 8.2 release. This release is meant for testing purposes and should not be used in a production environment. http://download.qemu.org/qemu-8.2.0-rc0.tar.xz

[ANNOUNCE] QEMU 8.1.0 is now available

Hello, On behalf of the QEMU Team, I'd like to announce the availability of the QEMU 8.1.0 release. This release contains 2900+ commits from 250 authors. You can grab the tarball from our download page here: https://www.qemu.org/download/#source The full list of changes are available at:

[ANNOUNCE] QEMU 8.1.0-rc4 is now available

Hello, On behalf of the QEMU Team, I'd like to announce the availability of the fifth release candidate for the QEMU 8.1 release. This release is meant for testing purposes and should not be used in a production environment. http://download.qemu.org/qemu-8.1.0-rc4.tar.xz

[ANNOUNCE] QEMU 7.2.5 Stable released

Hi everyone, The QEMU v7.2.5 stable release is now available. You can grab the tarball from our download page here: https://www.qemu.org/download/#source v7.2.5 is now tagged in the official qemu.git repository, and the stable-7.2 branch has been updated accordingly:

[ANNOUNCE] QEMU 8.0.4 Stable released

Hi everyone, The QEMU v8.0.4 stable release is now available. You can grab the tarball from our download page here: https://www.qemu.org/download/#source v8.0.4 is now tagged in the official qemu.git repository, and the stable-8.0 branch has been updated accordingly:

[ANNOUNCE] QEMU 8.1.0-rc3 is now available

Hello, On behalf of the QEMU Team, I'd like to announce the availability of the fourth release candidate for the QEMU 8.1 release. This release is meant for testing purposes and should not be used in a production environment. http://download.qemu.org/qemu-8.1.0-rc3.tar.xz

Re: [RFC PATCH 00/19] QEMU gmem implemention

On Tue, Aug 01, 2023 at 09:45:41AM +0800, Xiaoyao Li wrote: > On 8/1/2023 12:51 AM, Daniel P. Berrangé wrote: > > On Mon, Jul 31, 2023 at 12:21:42PM -0400, Xiaoyao Li wrote: > > > This is the first RFC version of enabling KVM gmem[1] as the backend for > > > private memory of KVM_X86_PROTECTED_VM.

[ANNOUNCE] QEMU 8.1.0-rc2 is now available

Hello, On behalf of the QEMU Team, I'd like to announce the availability of the third release candidate for the QEMU 8.1 release. This release is meant for testing purposes and should not be used in a production environment. http://download.qemu.org/qemu-8.1.0-rc2.tar.xz

Re: how to build qemu 8.1 - keycodemapdb?

Quoting Daniel P. Berrangé (2023-07-26 04:18:37) > On Wed, Jul 26, 2023 at 12:05:41PM +0300, Michael Tokarev wrote: > > 26.07.2023 11:50, Daniel P. Berrangé wrote: > > .. > > > > make-release.sh apparently does the right thing. But the published > > > > tarball does not include the 3 required

[ANNOUNCE] QEMU 8.1.0-rc1 is now available

Hello, On behalf of the QEMU Team, I'd like to announce the availability of the second release candidate for the QEMU 8.1 release. This release is meant for testing purposes and should not be used in a production environment. http://download.qemu.org/qemu-8.1.0-rc1.tar.xz

  1   2   3   4   5   6   7   8   9   10   >