On Fri, Apr 19, 2024 at 05:25:12PM +0100, Daniel P. Berrangé wrote:
> On Fri, Apr 19, 2024 at 04:56:50PM +0100, Jean-Philippe Brucker wrote:
> > Add a new RmeGuest object, inheriting from ConfidentialGuestSupport, to
> > support the Arm Realm Management Extension (RME). It
the feature is automatically enabled, unless the user disables
it on the command-line. Change it to OnOffAuto, and automatically
disable it for confidential VMs, unless the user explicitly enables it.
Signed-off-by: Jean-Philippe Brucker
---
v1->v2: separate patch, use OnOffAuto
---
docs/system/
e QEMU to crash with a bus error.
Handle reboot requests by the guest more gracefully, by indicating to
runstate.c that the vCPUs of a Realm are not resettable, and that QEMU
should exit.
Reviewed-by: Richard Henderson
Signed-off-by: Jean-Philippe Brucker
---
target/arm/kvm.c | 3 ++-
1 file chan
The host cannot access registers of a Realm. Instead of showing all
registers as zero in "info registers", display a message about this
restriction.
Signed-off-by: Jean-Philippe Brucker
---
v1->v2: new
---
target/arm/cpu.c | 5 +
1 file changed, 5 insertions(+)
diff --git
regression of 2.8ms on a fast desktop,
5.7% of the QEMU setup time). On a slower host, the regression could be
much larger.
Instead, add a special case to initialize the kernel's BSS IPA range.
Signed-off-by: Jean-Philippe Brucker
---
v1->v2: new
---
target/arm/kvm_arm.h | 5 +
hw/arm/boo
acceleration via FEAT_SHA256 (Armv8.0) and not FEAT_SHA512
(Armv8.2). Future CPUs supporting RME are likely to also support
FEAT_SHA512.
Cc: Eric Blake
Cc: Markus Armbruster
Cc: Daniel P. Berrangé
Cc: Eduardo Habkost
Signed-off-by: Jean-Philippe Brucker
---
v1->v2: use enum, pick defa
, at which point the realm is sealed.
Signed-off-by: Jean-Philippe Brucker
---
v1->v2:
* Use g_assert_not_reached() in stubs
* Init from kvm_arch_init() rather than hw/arm/virt
* Cache rme_guest
---
target/arm/kvm_arm.h | 16 +++
target/arm/kvm-rme.c |
by
KVM_GET_REG_LIST.
Signed-off-by: Jean-Philippe Brucker
---
v1->v2: only do the GP regs, since they are sync'd explicitly. Other
registers use the existing reglist facility.
---
target/arm/cpu.h | 3 +++
target/arm/kvm_arm.h | 1 +
target/arm/kvm-rme.c | 10
target/arm/kvm.c |
ints and
watchpoints, and influence the Realm Initial Measurement.
Signed-off-by: Jean-Philippe Brucker
---
v1->v2: new
---
target/arm/cpu.h | 4 ++
target/arm/kvm_arm.h | 2 +
target/arm/arm-qmp-cmds.c | 1 +
target/arm/cpu64.c| 77 ++
attestation.
Signed-off-by: Jean-Philippe Brucker
---
v1->v2: new
---
include/hw/loader.h | 15 +++
hw/core/loader.c| 15 +++
2 files changed, 30 insertions(+)
diff --git a/include/hw/loader.h b/include/hw/loader.h
index 8685e27334..79fab25dd9 100644
--- a/include
gt;cgs member.
Signed-off-by: Jean-Philippe Brucker
---
v1->v2: new
---
hw/arm/virt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index eca9a96b5a..bed19d0b79 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -2071,6 +2071,8 @@ st
Collect the images copied into guest RAM into a sorted list, and issue
POPULATE_REALM KVM ioctls once we've created the Realm Descriptor. The
images are part of the Realm Initial Measurement.
Signed-off-by: Jean-Philippe Brucker
---
v1->v2: Use a ROM loader notifier
---
target/arm/kvm-rm
Add a "num-pmu-counters" CPU parameter to configure the number of
counters that KVM presents to the guest. This is needed for Realm VMs,
whose parameters include the number of PMU counters and influence the
Realm Initial Measurement.
Signed-off-by: Jean-Philippe Brucker
---
v
->require_guest_memfd is not yet
merged.
Signed-off-by: Jean-Philippe Brucker
---
v1->v2: new
---
target/arm/kvm-rme.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/arm/kvm-rme.c b/target/arm/kvm-rme.c
index 8f39e54aaa..71cc1d4147 100644
--- a/target/arm/kvm-rme.c
+++ b/target/arm/kvm-rme.c
@@
information to the host, hence will not store its variables in clear
persistent memory. We can therefore replace the flash device with RAM,
and load the firmware there.
Signed-off-by: Jean-Philippe Brucker
---
v1->v2: new
---
include/hw/arm/boot.h | 9 +
hw/arm/boot.c |
/20240322181116.1228416-1-pbonz...@redhat.com/
Jean-Philippe Brucker (22):
kvm: Merge kvm_check_extension() and kvm_vm_check_extension()
target/arm: Add confidential guest support
target/arm/kvm: Return immediately on error in kvm_arch_init()
target/arm/kvm-rme: Initialize realm
hw/arm/virt: Add support
Returning an error to kvm_init() is fatal anyway, no need to continue
the initialization.
Signed-off-by: Jean-Philippe Brucker
---
v1->v2: new
---
target/arm/kvm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 3371ffa
kernel.org/kvm/875ybi0ytc@redhat.com/
[3] https://github.com/torvalds/linux/commit/92b591a4c46b
Cc: Marcelo Tosatti
Cc: Nicholas Piggin
Cc: Daniel Henrique Barboza
Cc: qemu-...@nongnu.org
Suggested-by: Cornelia Huck
Signed-off-by: Jean-Philippe Brucker
---
v1:
https://lore.kernel.org/
. Berrangé
Cc: Eduardo Habkost
Signed-off-by: Jean-Philippe Brucker
---
v1->v2: Move parsing early, store as-is rather than reverted
---
qapi/qom.json| 15 +-
target/arm/kvm-rme.c | 111 +++
2 files changed, 125 insertions(+), 1 delet
When confidential-guest-support is enabled for the virt machine, call
the RME init function, and add the RME flag to the VM type.
Signed-off-by: Jean-Philippe Brucker
---
v1->v2:
* Don't explicitly disable steal_time, it's now done through KVM capabilities
* Split patch
---
hw/arm/virt.c |
When RME is enabled, the upper GPA bit is used to distinguish protected
from unprotected addresses. Reserve it when setting up the guest memory
map.
Signed-off-by: Jean-Philippe Brucker
---
v1->v2: separate patch
---
hw/arm/virt.c | 14 --
1 file changed, 12 insertions(+)
to probe the VM's
capabilities.
KVM only reports the maximum IPA it supports, but RMM may support
smaller sizes. If the VM creation fails with the value returned by KVM,
then retry with the smaller working address. This needs a better
solution.
Signed-off-by: Jean-Philippe Brucker
---
target/arm
The confidential guest support in KVM limits the number of registers
that we can read and write. Split the get/put_registers function to
prepare for it.
Signed-off-by: Jean-Philippe Brucker
---
target/arm/kvm.c | 30 --
1 file changed, 28 insertions(+), 2 deletions
in following patches.
Cc: Eric Blake
Cc: Markus Armbruster
Cc: Daniel P. Berrangé
Cc: Eduardo Habkost
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Richard Henderson
Signed-off-by: Jean-Philippe Brucker
---
docs/system/confidential-guest-support.rst | 1 +
qapi/qom.json
On Wed, Feb 21, 2024 at 11:41:57AM +0100, Eric Auger wrote:
> Hi,
>
> On 2/13/24 13:00, Michael S. Tsirkin wrote:
> > On Tue, Feb 13, 2024 at 12:24:22PM +0100, Eric Auger wrote:
> >> Hi Michael,
> >> On 2/13/24 12:09, Michael S. Tsirkin wrote:
> >>> On Tue, Feb 13, 2024 at 11:32:13AM +0100, Eric
for machines older than 9.0 to behave similarly. We use
> hw_compat_8_2 to acheive that goal.
For the series:
Reviewed-by: Jean-Philippe Brucker
>
> Outstanding series [2] remains useful to let resv regions beeing
> communicated on time before the probe request.
>
> [1] [PATCH
On Thu, Feb 08, 2024 at 09:16:35AM +0100, Eric Auger wrote:
> >> diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
> >> index ec2ba11d1d..7870bdbeee 100644
> >> --- a/hw/virtio/virtio-iommu.c
> >> +++ b/hw/virtio/virtio-iommu.c
> >> @@ -1314,7 +1314,11 @@ static void
Hi Eric,
On Thu, Feb 01, 2024 at 05:32:22PM +0100, Eric Auger wrote:
> aw-bits is a new option that allows to set the bit width of
> the input address range. This value will be used as a default for
> the device config input_range.end. By default it is set to 64 bits
> which is the current value.
On Mon, Jan 29, 2024 at 05:38:55PM +0100, Eric Auger wrote:
> > There may be a separate argument for clearing bypass. With a coldplugged
> > VFIO device the flow is:
> >
> > 1. Map the whole guest address space in VFIO to implement boot-bypass.
> >This allocates all guest pages, which takes a
On Mon, Jan 29, 2024 at 03:07:41PM +0100, Eric Auger wrote:
> Hi Jean-Philippe,
>
> On 1/29/24 13:23, Jean-Philippe Brucker wrote:
> > Hi Eric,
> >
> > On Tue, Jan 23, 2024 at 07:15:54PM +0100, Eric Auger wrote:
> >> In [1] and [2] we attempted to fix a case wh
Hi Eric,
On Tue, Jan 23, 2024 at 07:15:54PM +0100, Eric Auger wrote:
> In [1] and [2] we attempted to fix a case where a VFIO-PCI device
> protected with a virtio-iommu is assigned to an x86 guest. On x86
> the physical IOMMU may have an address width (gaw) of 39 or 48 bits
> whereas the
Hi,
On Thu, Jan 18, 2024 at 10:43:55AM +0100, Eric Auger wrote:
> Hi Zhenzhong,
> On 1/18/24 08:10, Duan, Zhenzhong wrote:
> > Hi Eric,
> >
> >> -Original Message-
> >> From: Eric Auger
> >> Cc: m...@redhat.com; c...@redhat.com
> >> Subject: [RFC 0/7] VIRTIO-IOMMU/VFIO: Fix host iommu
("granule 0x1 larger than system page size
0x1000") instead of crashing the VMM. A guest OS now discovers that the
host needs DMA buffers aligned on 64k and could actually support this case
(but Linux won't because it can't control the origin of all DMA buffers).
Later, support for pa
.
Signed-off-by: Jean-Philippe Brucker
---
target/arm/helper.c | 22 --
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index ff1970981e..bec293bc93 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -1475,6 +1475,22
On Fri, Nov 10, 2023 at 10:19:30AM +, Peter Maydell wrote:
> On Fri, 10 Nov 2023 at 09:07, Jean-Philippe Brucker
> wrote:
> >
> > Since commit 9036e917f8 ("{include/}hw/arm: refactor virt PPI logic"),
> > GIC maintenance IRQ registration fails on arm64:
>
red by its PPI index. Just
like commit fa68ecb330db ("hw/arm/virt: fix PMU IRQ registration"), use
INITID_TO_PPI(). A search of "GIC_FDT_IRQ_TYPE_PPI" indicates that there
shouldn't be more similar issues.
Fixes: 9036e917f8 ("{include/}hw/arm: refactor virt PPI logic&quo
= g_list_insert_before(list, l, new_reg);
> +return g_list_insert_before(list, l, reg);
> +}
> +} else if (range_lob(r) < range_lob(range_iter)) {
> + range_set_bounds(range_iter, range_upb(r) + 1,
> +
On Wed, Sep 13, 2023 at 10:01:42AM +0200, Eric Auger wrote:
> The implementation populates the array of per IOMMUDevice
> host reserved regions.
>
> It is forbidden to have conflicting sets of host IOVA ranges
> to be applied onto the same IOMMU MR (implied by different
> host devices).
>
>
Hi Eric,
On Wed, Sep 13, 2023 at 10:01:40AM +0200, Eric Auger wrote:
> For the time being the per device reserved regions are
> just a duplicate of IOMMU wide reserved regions. Subsequent
> patches will combine those with host reserved regions, if any.
>
> Signed-off-by: Eric Auger
> ---
>
On Thu, Aug 10, 2023 at 02:16:56PM +0100, Peter Maydell wrote:
> This didn't build for the linux-user targets. I squashed
> this into patch 6:
>
> diff --git a/target/arm/cpu.c b/target/arm/cpu.c
> index 7df1f7600b1..d906d2b1caa 100644
> --- a/target/arm/cpu.c
> +++ b/target/arm/cpu.c
> @@
The AT instruction is UNDEFINED if the {NSE,NS} configuration is
invalid. Add a function to check this on all AT instructions that apply
to an EL lower than 3.
Suggested-by: Peter Maydell
Signed-off-by: Jean-Philippe Brucker
---
target/arm/helper.c | 38
gime. This causes
problems with RMM, which issues TLBI VAE2IS instructions with
HCR_EL2.E2H enabled. Update vae2_tlbmask() to take HCR_EL2.E2H into
account.
Add vae2_tlbbits() as well, since the top-byte-ignore configuration is
different between the EL2&0 and EL2 regime.
Signed-off-by: Jean-Philippe
FEAT_RME enabled, I couldn't see any difference
with and without the el_change hook, so I kept it simple.
* Also added the .raw_write callback for CNTHCTL_EL2.
v2:
https://lore.kernel.org/all/20230802170157.401491-1-jean-phili...@linaro.org/
Jean-Philippe Brucker (6):
target/arm/ptw: Load stage
a new
trace event for gt_update_irq().
Signed-off-by: Jean-Philippe Brucker
---
target/arm/cpu.h| 4 +++
target/arm/cpu.c| 4 +++
target/arm/helper.c | 65 ++---
target/arm/trace-events | 7 +++--
4 files changed, 66 insertions(+), 14
.
Rename get_phys_addr_with_secure(), since it's only used to handle AT
instructions.
Signed-off-by: Jean-Philippe Brucker
Reviewed-by: Peter Maydell
---
target/arm/internals.h | 25 ++---
target/arm/helper.c| 8 ++--
target/arm/ptw.c | 11 ++-
3 files
().
Signed-off-by: Jean-Philippe Brucker
Reviewed-by: Peter Maydell
---
target/arm/internals.h | 18 +-
target/arm/helper.c| 27 ---
target/arm/ptw.c | 12 ++--
3 files changed, 27 insertions(+), 30 deletions(-)
diff --git a/target/arm
In realm state, stage-2 translation tables are fetched from the realm
physical address space (R_PGRQD).
Signed-off-by: Jean-Philippe Brucker
Reviewed-by: Peter Maydell
---
target/arm/ptw.c | 26 ++
1 file changed, 18 insertions(+), 8 deletions(-)
diff --git a/target
On Mon, Aug 07, 2023 at 10:54:05AM +0100, Peter Maydell wrote:
> On Fri, 4 Aug 2023 at 19:08, Peter Maydell wrote:
> >
> > On Wed, 2 Aug 2023 at 18:02, Jean-Philippe Brucker
> > wrote:
> > >
> > > The AT instruction is UNDEFINED if the {NSE,NS} configu
function, which is a bit invasive but seems cleaner.
v1:
https://lore.kernel.org/qemu-devel/20230719153018.1456180-2-jean-phili...@linaro.org/
Jean-Philippe Brucker (6):
target/arm/ptw: Load stage-2 tables from realm physical space
target/arm/helper: Fix tlbmask and tlbbits for TLBI VAE2
The AT instruction is UNDEFINED if the {NSE,NS} configuration is
invalid. Add a function to check this on all AT instructions that apply
to an EL lower than 3.
Suggested-by: Peter Maydell
Signed-off-by: Jean-Philippe Brucker
---
target/arm/helper.c | 36 +---
1
In realm state, stage-2 translation tables are fetched from the realm
physical address space (R_PGRQD).
Signed-off-by: Jean-Philippe Brucker
---
target/arm/ptw.c | 26 ++
1 file changed, 18 insertions(+), 8 deletions(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
.
Rename get_phys_addr_with_secure(), since it's only used to handle AT
instructions.
Signed-off-by: Jean-Philippe Brucker
Reviewed-by: Peter Maydell
---
target/arm/internals.h | 25 ++---
target/arm/helper.c| 8 ++--
target/arm/ptw.c | 11 ++-
3 files
a new
trace event for gt_update_irq().
Signed-off-by: Jean-Philippe Brucker
---
target/arm/cpu.h| 3 +++
target/arm/helper.c | 54 -
target/arm/trace-events | 7 +++---
3 files changed, 50 insertions(+), 14 deletions(-)
diff --git a/target/arm
().
Signed-off-by: Jean-Philippe Brucker
Reviewed-by: Peter Maydell
---
target/arm/internals.h | 18 +-
target/arm/helper.c| 27 ---
target/arm/ptw.c | 12 ++--
3 files changed, 27 insertions(+), 30 deletions(-)
diff --git a/target/arm
gime. This causes
problems with RMM, which issues TLBI VAE2IS instructions with
HCR_EL2.E2H enabled. Update vae2_tlbmask() to take HCR_EL2.E2H into
account.
Add vae2_tlbbits() as well, since the top-byte-ignore configuration is
different between the EL2&0 and EL2 regime.
Signed-off-by: Jean-Philippe
On Thu, Jul 20, 2023 at 05:39:56PM +0100, Peter Maydell wrote:
> On Wed, 19 Jul 2023 at 16:56, Jean-Philippe Brucker
> wrote:
> >
> > GPC checks are not performed on the output address for AT instructions,
> > as stated by ARM DDI 0487J in D8.12.2:
> >
On Thu, Jul 20, 2023 at 05:35:49PM +0100, Peter Maydell wrote:
> On Wed, 19 Jul 2023 at 16:56, Jean-Philippe Brucker
> wrote:
> >
> > When HCR_EL2.E2H is enabled, TLB entries are formed using the EL2&0
> > translation regime, instead of the EL2 translation regime. Th
On Thu, Jul 20, 2023 at 01:05:58PM +0100, Peter Maydell wrote:
> On Wed, 19 Jul 2023 at 16:56, Jean-Philippe Brucker
> wrote:
> >
> > With these patches I'm able to boot a Realm guest under
> > "-cpu max,x-rme=on". They are based on Peter's series which fixes
("virtio-iommu: Fix 64kB host page size VFIO device
> assignment")
Reviewed-by: Jean-Philippe Brucker
> ---
> hw/virtio/virtio-iommu.c | 8 +---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c
ls to boot because hyp-stub accesses to SME
regs are trapped to EL3, which doesn't support RME+SME at the moment.
The right fix is probably in TF-A but I haven't investigated yet.
Jean-Philippe Brucker (5):
target/arm/ptw: Load stage-2 tables from realm physical space
target/arm/helper: Fix va
().
Signed-off-by: Jean-Philippe Brucker
---
I haven't tested AT instructions in Realm/Root space yet, but it looks
like the patch is needed. RMM doesn't issue AT instructions like KVM
does in non-secure state (which triggered the bug in the previous
patch).
---
target/arm/internals.h | 18
When FEAT_RME is implemented, these bits override the value of
CNT[VP]_CTL_EL0.IMASK in Realm and Root state.
Signed-off-by: Jean-Philippe Brucker
---
target/arm/helper.c | 21 +++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/target/arm/helper.c b/target/arm
gime. This causes
problems with RMM, which issues TLBI VAE2IS instructions with
HCR_EL2.E2H enabled. Update vae2_tlbmask() to take HCR_EL2.E2H into
account.
Signed-off-by: Jean-Philippe Brucker
---
target/arm/helper.c | 26 ++
1 file changed, 18 insertions(+), 8 deletions(-)
.
Rename get_phys_addr_with_secure(), since it's only used to handle AT
instructions.
Signed-off-by: Jean-Philippe Brucker
---
This incidentally fixes a problem with AT S1E1 instructions which can
output an IPA and should definitely not cause a GPC.
---
target/arm/internals.h | 25
In realm state, stage-2 translation tables are fetched from the realm
physical address space (R_PGRQD).
Signed-off-by: Jean-Philippe Brucker
---
target/arm/ptw.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/target/arm/ptw.c b/target/arm/ptw.c
index d1de934702
e() which returns the
> correct security space to use for the ptw load, and use it to
> determine the correct .in_secure and .in_space fields for the
> stage 2 lookup for the ptw load.
>
> Reported-by: Jean-Philippe Brucker
> Fixes: fe4a5472ccd6 ("target/arm: Use get_p
ets started.
>
> Also get benefit of this series to do some cleanups in some traces
> which may confuse the end user.
For both patches:
Reviewed-by: Jean-Philippe Brucker
Tested-by: Jean-Philippe Brucker
On Thu, Jul 06, 2023 at 04:42:02PM +0100, Peter Maydell wrote:
> > > Do you have a repro case for this bug? Did it work
> > > before commit fe4a5472ccd6 ?
> >
> > Yes I bisected to fe4a5472ccd6 by trying to run TF-A, following
> > instructions here:
> >
On Thu, Jul 06, 2023 at 03:28:32PM +0100, Peter Maydell wrote:
> On Thu, 6 Jul 2023 at 15:12, Jean-Philippe Brucker
> wrote:
> >
> > Arm TF-A fails to boot via semihosting following a recent change to the
> > MMU code. Semihosting attempts to read parameters passed by TF
On Wed, Jul 05, 2023 at 03:16:31PM +0200, Eric Auger wrote:
> >>> diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c index
> >>> 1eaf81bab5..0d9f7196fe 100644
> >>> --- a/hw/virtio/virtio-iommu.c
> >>> +++ b/hw/virtio/virtio-iommu.c
> >>> @@ -1101,29 +1101,24 @@ static int
> >>>
t;)
Signed-off-by: Jean-Philippe Brucker
---
I'm not entirely sure why the semihosting parameters are accessed
through stage-1 translation rather than directly as physical addresses,
but I'm not familiar with semihosting.
---
target/arm/ptw.c | 6 ++
1 file changed, 2 insertions(+), 4 deletion
On Wed, Jul 05, 2023 at 10:13:11AM +, Duan, Zhenzhong wrote:
> >-Original Message-
> >From: Jean-Philippe Brucker
> >Sent: Wednesday, July 5, 2023 4:29 PM
> >Subject: Re: [PATCH 1/2] virtio-iommu: Fix 64kB host page size VFIO device
> >assignment
> &
On Wed, Jul 05, 2023 at 04:52:09AM +, Duan, Zhenzhong wrote:
> Hi Eric,
>
> >-Original Message-
> >From: Eric Auger
> >Sent: Tuesday, July 4, 2023 7:15 PM
> >Subject: [PATCH 1/2] virtio-iommu: Fix 64kB host page size VFIO device
> >assignment
> >
> >When running on a 64kB page size
rnel.org/kvmarm/20230201125328.2186498-1-jean-phili...@linaro.org/
I've been using these patches for pKVM, and also tested the normal stage-2
flow with Linux and VFIO
Tested-by: Jean-Philippe Brucker
On Mon, Apr 24, 2023 at 03:01:54PM +0200, Cornelia Huck wrote:
> > @@ -2480,6 +2471,7 @@ static int kvm_init(MachineState *ms)
> > }
> >
> > s->vmfd = ret;
> > +s->check_extension_vm = kvm_check_extension(s,
> > KVM_CAP_CHECK_EXTENSION_VM);
>
> Hm, it's a bit strange to set
kernel.org/kvm/875ybi0ytc@redhat.com/
[3] https://github.com/torvalds/linux/commit/92b591a4c46b
Suggested-by: Cornelia Huck
Signed-off-by: Jean-Philippe Brucker
---
include/sysemu/kvm.h | 2 --
include/sysemu/kvm_int.h | 1 +
accel/kvm/kvm-all.c | 26 +-
targe
On Thu, Apr 13, 2023 at 08:01:54PM +0900, Akihiko Odaki wrote:
> Yes, that's right. The guest can dynamically create and delete VFs. The
> device is emulated by QEMU: igb, an Intel NIC recently added to QEMU and
> projected to be released as part of QEMU 8.0.
Ah great, that's really useful, I'll
Hello,
On Thu, Apr 13, 2023 at 01:49:43PM +0900, Akihiko Odaki wrote:
> Hi,
>
> Recently I encountered a problem with the combination of Linux's
> virtio-iommu driver and QEMU when a SR-IOV virtual function gets disabled.
> I'd like to ask you what kind of solution is appropriate here and
Hi Mostafa,
On Sun, Feb 05, 2023 at 09:44:07AM +, Mostafa Saleh wrote:
> Allow TLB to be tagged with VMID.
>
> If stage-1 is only supported, VMID is set to -1 and ignored from STE
> and CMD_TLBI_NH* cmds.
>
> Signed-off-by: Mostafa Saleh
> ---
> hw/arm/smmu-common.c | 24
Two small changes to support TTB1. Since [v1] I removed the unused
SMMU_MAX_VA_BITS and added tags, thanks!
[v1]
https://lore.kernel.org/qemu-devel/20230210163731.970130-1-jean-phili...@linaro.org/
Jean-Philippe Brucker (2):
hw/arm/smmu-common: Support 64-bit addresses
hw/arm/smmu-common
Addresses targeting the second translation table (TTB1) in the SMMU have
all upper bits set. Ensure the IOMMU region covers all 64 bits.
Reviewed-by: Richard Henderson
Signed-off-by: Jean-Philippe Brucker
---
include/hw/arm/smmu-common.h | 2 --
hw/arm/smmu-common.c | 2 +-
2 files
Addresses targeting the second translation table (TTB1) in the SMMU have
all upper bits set (except for the top byte when TBI is enabled). Fix
the TTB1 check.
Reported-by: Ola Hugosson
Reviewed-by: Eric Auger
Reviewed-by: Richard Henderson
Signed-off-by: Jean-Philippe Brucker
---
hw/arm/smmu
On Mon, Feb 13, 2023 at 05:30:03PM +0100, Eric Auger wrote:
> Hi Jean,
>
> On 2/10/23 17:37, Jean-Philippe Brucker wrote:
> > Addresses targeting the second translation table (TTB1) in the SMMU have
> > all upper bits set (except for the top byte when TBI is enabled). F
Addresses targeting the second translation table (TTB1) in the SMMU have
all upper bits set (except for the top byte when TBI is enabled). Fix
the TTB1 check.
Reported-by: Ola Hugosson
Signed-off-by: Jean-Philippe Brucker
---
hw/arm/smmu-common.c | 2 +-
1 file changed, 1 insertion(+), 1
Two small changes to support TTB1. Note that I had to modify the Linux
driver in order to test this (see below), but other OSes might use TTB1.
Jean-Philippe Brucker (2):
hw/arm/smmu-common: Support 64-bit addresses
hw/arm/smmu-common: Fix TTB1 handling
hw/arm/smmu-common.c | 4 ++--
1 file
Addresses targeting the second translation table (TTB1) in the SMMU have
all upper bits set. Ensure the IOMMU region covers all 64 bits.
Signed-off-by: Jean-Philippe Brucker
---
hw/arm/smmu-common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/arm/smmu-common.c b/hw
On Fri, Jan 27, 2023 at 01:54:23PM -1000, Richard Henderson wrote:
> > static void rme_vm_state_change(void *opaque, bool running, RunState
> > state)
> > {
> > int ret;
> > @@ -72,6 +115,9 @@ static void rme_vm_state_change(void *opaque, bool
> > running, RunState state)
> >
On Fri, Jan 27, 2023 at 12:37:12PM -1000, Richard Henderson wrote:
> On 1/27/23 05:07, Jean-Philippe Brucker wrote:
> > +static int kvm_arm_rme_get_core_regs(CPUState *cs)
> > +{
> > +int i, ret;
> > +struct kvm_one_reg reg;
> > +ARMCPU *cpu = ARM_C
Hi Richard,
Thanks a lot for the review
On Fri, Jan 27, 2023 at 10:37:12AM -1000, Richard Henderson wrote:
> At present I would expect exactly one object class to be present in the
> qemu-system-aarch64 binary that would pass the
> machine_check_confidential_guest_support test done by core code.
On Fri, Jan 27, 2023 at 11:07:35AM -1000, Richard Henderson wrote:
> > +/*
> > + * Since the devicetree is included in the initial measurement, it must
> > + * not contain random data.
> > + */
> > +if (virt_machine_is_confidential(vms)) {
> > +vms->dtb_randomness =
Pass the num_bps and num_wps parameters to Realm creation. These
parameters contribute to the initial Realm measurement.
Signed-off-by: Jean-Philippe Brucker
---
qapi/qom.json| 8 +++-
target/arm/kvm-rme.c | 34 +-
2 files changed, 40 insertions
Pass the num_cntrs parameter to Realm creation. These parameters
contribute to the initial Realm measurement.
Signed-off-by: Jean-Philippe Brucker
---
qapi/qom.json| 5 -
target/arm/kvm-rme.c | 21 -
2 files changed, 24 insertions(+), 2 deletions(-)
diff --git
Initialize the GPA space and populate it with boot images (kernel,
initrd, firmware, etc). Populating has to be done at VM start time,
because the images are loaded during reset by rom_reset()
Signed-off-by: Jean-Philippe Brucker
---
target/arm/kvm_arm.h | 6
target/arm/kvm-rme.c | 79
Copy the KVM definitions for Arm RME from the development branch.
Don't merge, they will be added from the periodic Linux header sync.
Signed-off-by: Jean-Philippe Brucker
---
linux-headers/asm-arm64/kvm.h | 63 +++
linux-headers/linux/kvm.h | 21
The Realm Personalization Value (RPV) is provided by the user to
distinguish Realms that have the same initial measurement.
The user provides a 512-bit hexadecimal number.
Signed-off-by: Jean-Philippe Brucker
---
qapi/qom.json| 5 ++-
target/arm/kvm-rme.c | 72
This option selects which measurement algorithm to use for attestation.
Supported values are sha256 and sha512.
Signed-off-by: Jean-Philippe Brucker
---
qapi/qom.json| 14 -
target/arm/kvm-rme.c | 71
2 files changed, 84 insertions
The target code calls kvm_arm_vcpu_init() to mark the vCPU as part of a
realm. RME support does not use the register lists, because the host can
only set the boot PC and registers x0-x7. The rest is private to the
Realm and saved/restored by the RMM.
Signed-off-by: Jean-Philippe Brucker
located in high memory can still fit.
* pvtime is disabled for the moment. Since the hypervisor has to write
into the shared pvtime page before scheduling a vcpu, it seems
incompatible with confidential guests.
Signed-off-by: Jean-Philippe Brucker
---
hw/arm/virt.c | 48
e QEMU to crash with a bus error.
Handle reboot requests by the guest more gracefully, by indicating to
runstate.c that the vCPUs of a Realm are not resettable, and that QEMU
should exit.
Signed-off-by: Jean-Philippe Brucker
---
target/arm/kvm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
The confidential guest support in KVM limits the number of registers
that we can read and write. Split the get/put_registers function to
prepare for it.
Signed-off-by: Jean-Philippe Brucker
---
target/arm/kvm64.c | 30 --
1 file changed, 28 insertions(+), 2 deletions
1 - 100 of 426 matches
Mail list logo
