Add the sgx_memory_backend_reset() interface to handle EPC backend
reset when VM is reset. This reset function will destroy previous
backend memory region and re-mmap the EPC section for guest.
Signed-off-by: Yang Zhong
---
backends/hostmem-epc.c | 16
include/hw/i386/pc.h
accept reset operation
from guest.
Signed-off-by: Yang Zhong
---
hw/i386/sgx-epc.c | 19 +++
1 file changed, 19 insertions(+)
diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c
index 99a7fb8ba1..a1784d4c8f 100644
--- a/hw/i386/sgx-epc.c
+++ b/hw/i386/sgx-epc.c
@@ -19,6 +19,7
From: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
docs/intel-sgx.txt | 167 +
1 file changed, 167 insertions(+)
create mode 100644 docs/intel-sgx.txt
diff --git a/docs/intel-sgx.txt b/docs/intel-sgx.txt
new
as
enumerating EPC NUMA information is not yet defined for bare metal.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/acpi-build.c | 22 ++
1 file changed, 22 insertions(+)
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 796ffc6f5c
to guest.
Signed-off-by: Yang Zhong
---
hw/i386/sgx-epc.c | 94 ---
1 file changed, 81 insertions(+), 13 deletions(-)
diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c
index 904531107a..99a7fb8ba1 100644
--- a/hw/i386/sgx-epc.c
+++ b/hw/i386/sgx-epc.c
s below:
qemu) info memory-devices
Memory device [sgx-epc]: "epc1"
memaddr: 0x18000
size: 29360128
memdev: /objects/mem1
Memory device [sgx-epc]: "epc2"
memaddr: 0x181c0
size: 10485760
memdev: /objects/mem2
Signed-off-by: Yang Zhong
v1-->v2:
- "Since
mic and user
defined, the number of SGX sub-leafs is "NULL" terminated.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
target/i386/kvm/kvm.c | 19 +++
1 file changed, 19 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
ind
for the simplicity because we don't support EPC NUMA affinity
now. Once the SGX EPC NUMA support in the kernel SGX driver, we will
support this in the future.
Note that SGX EPC is currently hardcoded to reside above 4g.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/pc.c
The command can be used to show the SGX information in the monitor
when SGX is enabled on intel platform.
Signed-off-by: Yang Zhong
---
hmp-commands-info.hx | 15 +++
include/monitor/hmp.h | 1 +
monitor/hmp-cmds.c| 6 ++
3 files changed, 22 insertions(+)
diff --git
Add new CONFIG_SGX for sgx support in the Qemu, and the Kconfig
default enable sgx in the i386 platform.
Signed-off-by: Yang Zhong
---
backends/meson.build | 2 +-
default-configs/devices/i386-softmmu.mak | 1 +
hw/i386/Kconfig | 5 +
hw/i386
Signed-off-by: Yang Zhong
---
target/i386/cpu.c | 21 +
target/i386/cpu.h | 1 +
2 files changed, 22 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index a99d9cd3b6..9009d21fec 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -655,6 +655,7 @@ void
From: Sean Christopherson
SGX capabilities are enumerated through CPUID_0x12.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
target/i386/cpu.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index d5c0f5dba2..4172081cee 100644
If qemu cmdline set the prealloc property for sgx epc and VM do the
reset the prealloc property will be different with cmdline settings.
This patch can make sure same prealloc property setting with cmdline.
Signed-off-by: Yang Zhong
---
backends/hostmem-epc.c | 10 ++
1 file changed, 10
The Qemu should enable bit mask macro like Linux did in the
kernel, the GENMASK(h, l) and GENMASK_ULL(h, l) will set the
bit to 1 from l to h bit in the 32 bit or 64 bit long type.
Signed-off-by: Yang Zhong
---
include/qemu/bitops.h | 7 +++
1 file changed, 7 insertions(+)
diff --git
Signed-off-by: Yang Zhong
---
target/i386/cpu.c | 21 +
target/i386/cpu.h | 1 +
2 files changed, 22 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 4d60e62f9e..a99d9cd3b6 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -654,6 +654,7 @@ void
From: Sean Christopherson
If the guest want to fully use SGX, the guest needs to be able to
access provisioning key. Add a new KVM_CAP_SGX_ATTRIBUTE to KVM to
support provisioning key to KVM guests.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
target/i386/cpu.c
From: Sean Christopherson
Enable SGX EPC virtualization, which is currently only support by KVM.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/pc_q35.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 46a0f196f4
or dynamic EPC management
- ENCLV instruction set for VMM oversubscription of EPC
- ENCLS-C instruction set for thread safe variants of ENCLS
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
target/i386/cpu.c | 20
target/i386/cpu.h | 1 +
2 files c
From: Sean Christopherson
Enable SGX EPC virtualization, which is currently only support by KVM.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/pc_piix.c | 4
1 file changed, 4 insertions(+)
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 30b8bd6ea9
to the PROVISIONKEY is not yet advertised to the guest as
KVM blocks access to the PROVISIONKEY by default and requires userspace
to provide additional credentials (via ioctl()) to expose PROVISIONKEY.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/sgx.c | 17
From: Sean Christopherson
Note that SGX EPC is currently guaranteed to reside in a single
contiguous chunk of memory regardless of the number of EPC sections.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/pc.c | 4
1 file changed, 4 insertions(+)
diff --git
Control (LC) is exposed to the guest. Likewise, migrate the MSRs if they
are writable by the guest.
Signed-off-by: Sean Christopherson
Signed-off-by: Kai Huang
Signed-off-by: Yang Zhong
---
target/i386/cpu.c | 17 -
target/i386/cpu.h | 1 +
target/i386/kvm/kvm.c | 22
vCPUS have
been created.
The 'sgx-epc' device is essentially a placholder at this time, it will
be fully implemented in a future patch along with a dedicated command
to create 'sgx-epc' devices.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/meson.build | 1 +
h
From: Sean Christopherson
SGX adds multiple flags to FEATURE_CONTROL to enable SGX and Flexible
Launch Control.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
target/i386/kvm/kvm.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386
-off-by: Yang Zhong
---
hw/i386/fw_cfg.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/hw/i386/fw_cfg.c b/hw/i386/fw_cfg.c
index 4e68d5dea4..f6d036dfbe 100644
--- a/hw/i386/fw_cfg.c
+++ b/hw/i386/fw_cfg.c
@@ -159,7 +159,7 @@ void fw_cfg_build_feature_control
Add the new 'memory-backend-epc' user creatable QOM object in
the ObjectOptions to support SGX since v6.1, or the sgx backend
object cannot bootup.
Signed-off-by: Yang Zhong
v1-->v2:
- Added the new MemoryBackendEpcProperties and related documents,
and updated the blurb(Eric Bl
Add e820 entry for SGX EPC section(s)
i386: acpi: Add SGX EPC entry to ACPI tables
q35: Add support for SGX EPC
i440fx: Add support for SGX EPC
doc: Add the SGX doc
Yang Zhong (12):
qom: Add memory-backend-epc ObjectOptions support
hostmem-epc: Add the reset interface for EPC backend rese
is
enabled (in FEATURE_CONTROL).
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
target/i386/cpu.c | 4 ++--
target/i386/cpu.h | 12
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 5f595a0d7e..b82674c8d9 100644
pc,id=mem1,size=28M \
-object memory-backend-epc,id=mem2,size=10M \
-M
sgx-epc.id.0=epc1,sgx-epc.memdev.0=mem1,sgx-epc.id.1=epc2,sgx-epc.memdev.1=mem2
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
v2-->v3:
- Removed the QemuOptsList for sgx-epc virtual device and
stopherson
Signed-off-by: Yang Zhong
v1-->v2:
- Unified the "share" and "protected" arguments with ram_flags in the
memory_region_init_ram_from_fd()(Paolo).
---
hw/vfio/common.c | 1 +
include/exec/memory.h | 15 ++-
softmmu/memory.c | 5
to mmap()
EPC memory.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
v1-->v2:
- Unified the "share" and "protected" arguments with ram_flags in the
memory_region_init_ram_from_fd()(Paolo).
---
backends/hostmem-epc.c | 92 +
Fixes: d5015b801340 ("softmmu/memory: Pass ram_flags to
qemu_ram_alloc_from_fd()")
Signed-off-by: Yang Zhong
Reviewed-by: David Hildenbrand
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Pankaj Gupta
Reviewed-by: Peter Xu
---
hw/remote/memory.c | 2 +-
1 file changed, 1 inser
Fixes: d5015b801340 ("softmmu/memory: Pass ram_flags to
qemu_ram_alloc_from_fd()")
Signed-off-by: Yang Zhong
Reviewed-by: David Hildenbrand
---
hw/remote/memory.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/remote/memory.c b/hw/remote/memory.c
index
On Thu, Jul 08, 2021 at 09:26:17AM +0200, David Hildenbrand wrote:
> On 08.07.21 09:12, Yang Zhong wrote:
> >The commit(d5015b80) missed the ram_flags to memory_region_init_ram_from_fd()
> >in the hw/remote/memory.c.
>
> Yes, seems like that call was added just after
The commit(d5015b80) missed the ram_flags to memory_region_init_ram_from_fd()
in the hw/remote/memory.c.
Signed-off-by: Yang Zhong
---
hw/remote/memory.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/remote/memory.c b/hw/remote/memory.c
index 472ed2a272..6e21ab1a45
On Thu, Jun 03, 2021 at 04:22:55PM +0200, Claudio Fontana wrote:
> On 6/3/21 4:08 PM, Dr. David Alan Gilbert wrote:
> > * Yang Zhong (yang.zh...@intel.com) wrote:
> >> On Sun, May 23, 2021 at 03:23:30PM +0300, Gal Hammer wrote:
> >>> Hi Yang,
> >>>
>
On Sun, May 23, 2021 at 03:23:30PM +0300, Gal Hammer wrote:
> Hi Yang,
>
> On Thu, 20 May 2021 at 11:27, Yang Zhong wrote:
>
> > Hello all,
> >
> > I found the latest Qemu release can't bootup the VM with latest guest
> > kernel(>5.13).
> >
&g
Hello all,
I found the latest Qemu release can't bootup the VM with latest guest
kernel(>5.13).
The normal v6.0.0 release is good to bootup the latest guest kernel.
There are two issues were found
1. Guest kernel panic.
2. kvm disabled by bios
The panic log as below:
[2.250024] BUG:
Add the sgx_get_info() interface for hmp and QMP usage, which
will get the SGX info from this API.
Signed-off-by: Yang Zhong
---
hw/i386/sgx-epc.c | 22 ++
include/hw/i386/pc.h | 1 +
include/hw/i386/sgx-epc.h | 1 +
monitor/hmp-cmds.c| 20
s below:
qemu) info memory-devices
Memory device [sgx-epc]: "epc1"
memaddr: 0x18000
size: 29360128
memdev: /objects/mem1
Memory device [sgx-epc]: "epc2"
memaddr: 0x181c0
size: 10485760
memdev: /objects/mem2
Signed-off-by: Yang Zhong
v1-->v2:
- "Since
This QMP query command can be used by some userspaces to retrieve
the SGX information when SGX is enabled on Intel platform.
Signed-off-by: Yang Zhong
v1-->v2:
- "Since: 5.1" to "Since: 6.1", and grammar error(Eric Blake).
---
monitor/qmp-cmds.c | 6
From: Sean Christopherson
Enable SGX EPC virtualization, which is currently only support by KVM.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/pc_piix.c | 4
1 file changed, 4 insertions(+)
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 5ac2edbf1f
Libvirt can use qmp_query_sgx_capabilities() to get the host
sgx capabilities.
Signed-off-by: Yang Zhong
v1-->v2:
- Changed the blurb error and "Since: 5.1" to "Since: 6.1"(Eric Blake).
---
hw/i386/sgx-epc.c | 66 +
From: Sean Christopherson
Enable SGX EPC virtualization, which is currently only support by KVM.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/pc_q35.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 46a0f196f4
The Qemu should enable bit mask macro like Linux did in the
kernel, the GENMASK(h, l) and GENMASK_ULL(h, l) will set the
bit to 1 from l to h bit in the 32 bit or 64 bit long type.
Signed-off-by: Yang Zhong
---
include/qemu/bitops.h | 7 +++
1 file changed, 7 insertions(+)
diff --git
Add new CONFIG_SGX for sgx support in the Qemu, and the Kconfig
default enable sgx in the i386 platform.
Signed-off-by: Yang Zhong
---
backends/meson.build | 2 +-
default-configs/devices/i386-softmmu.mak | 1 +
hw/i386/Kconfig | 5 +
hw/i386
-off-by: Yang Zhong
---
hw/i386/fw_cfg.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/hw/i386/fw_cfg.c b/hw/i386/fw_cfg.c
index e48a54fa36..ec99743c22 100644
--- a/hw/i386/fw_cfg.c
+++ b/hw/i386/fw_cfg.c
@@ -157,7 +157,7 @@ void fw_cfg_build_feature_control
Add the sgx_memory_backend_reset() interface to handle EPC backend
reset when VM is reset. This reset function will destroy previous
backend memory region and re-mmap the EPC section for guest.
Signed-off-by: Yang Zhong
---
backends/hostmem-epc.c | 16
include/hw/i386/pc.h
From: Sean Christopherson
Note that SGX EPC is currently guaranteed to reside in a single
contiguous chunk of memory regardless of the number of EPC sections.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/pc.c | 4
1 file changed, 4 insertions(+)
diff --git
to the PROVISIONKEY is not yet advertised to the guest as
KVM blocks access to the PROVISIONKEY by default and requires userspace
to provide additional credentials (via ioctl()) to expose PROVISIONKEY.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/sgx-epc.c | 17
to guest.
Signed-off-by: Yang Zhong
---
hw/i386/sgx-epc.c | 94 ---
1 file changed, 81 insertions(+), 13 deletions(-)
diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c
index d5ba7bb68c..fbacec6e00 100644
--- a/hw/i386/sgx-epc.c
+++ b/hw/i386/sgx-epc.c
for the simplicity because we don't support EPC NUMA affinity
now. Once the SGX EPC NUMA support in the kernel SGX driver, we will
support this in the future.
Note that SGX EPC is currently hardcoded to reside above 4g.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/pc.c
From: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
docs/intel-sgx.txt | 173 +
1 file changed, 173 insertions(+)
create mode 100644 docs/intel-sgx.txt
diff --git a/docs/intel-sgx.txt b/docs/intel-sgx.txt
new
Control (LC) is exposed to the guest. Likewise, migrate the MSRs if they
are writable by the guest.
Signed-off-by: Sean Christopherson
Signed-off-by: Kai Huang
Signed-off-by: Yang Zhong
---
target/i386/cpu.c | 17 -
target/i386/cpu.h | 1 +
target/i386/kvm/kvm.c | 22
as
enumerating EPC NUMA information is not yet defined for bare metal.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/acpi-build.c | 22 ++
1 file changed, 22 insertions(+)
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index bfecb0038c
The command can be used to show the SGX information in the monitor
when SGX is enabled on intel platform.
Signed-off-by: Yang Zhong
---
hmp-commands-info.hx | 15 +++
include/monitor/hmp.h | 1 +
monitor/hmp-cmds.c| 6 ++
3 files changed, 22 insertions(+)
diff --git
ynamic EPC management
- ENCLV instruction set for VMM oversubscription of EPC
- ENCLS-C instruction set for thread safe variants of ENCLS
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
target/i386/cpu.c | 20
target/i386/cpu.h | 1 +
2 files changed, 21
From: Sean Christopherson
SGX capabilities are enumerated through CPUID_0x12.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
target/i386/cpu.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 63253bf606..41050960c5 100644
From: Sean Christopherson
KVM_CAP_SGX_ATTRIBUTE is a proposed capability for Intel SGX that can be
used by userspace to enable privileged attributes, e.g. access to the
PROVISIONKEY.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
v1-->v2:
- Changed the KVM_CAP_SGX_ATTRIB
mic and user
defined, the number of SGX sub-leafs is "NULL" terminated.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
target/i386/kvm/kvm.c | 19 +++
1 file changed, 19 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
ind
-off-by: Yang Zhong
---
target/i386/cpu.c | 21 +
target/i386/cpu.h | 1 +
2 files changed, 22 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index e723f52e22..ec12e12a33 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -678,6 +678,7 @@ static void
Add the new 'memory-backend-epc' user creatable QOM object in
the ObjectOptions to support SGX since v6.1, or the sgx backend
object cannot bootup.
Signed-off-by: Yang Zhong
v1-->v2:
- Added the new MemoryBackendEpcProperties and related documents,
and updated the blurb(Eric Bl
-off-by: Yang Zhong
---
target/i386/cpu.c | 21 +
target/i386/cpu.h | 1 +
2 files changed, 22 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 5443f69fa5..e723f52e22 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -677,6 +677,7 @@ static void
From: Sean Christopherson
If the guest want to fully use SGX, the guest needs to be able to
access provisioning key. Add a new KVM_CAP_SGX_ATTRIBUTE to KVM to
support provisioning key to KVM guests.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
target/i386/cpu.c
vCPUS have
been created.
The 'sgx-epc' device is essentially a placholder at this time, it will
be fully implemented in a future patch along with a dedicated command
to create 'sgx-epc' devices.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/meson.build | 1 +
h
memory
i386/pc: Add e820 entry for SGX EPC section(s)
i386: acpi: Add SGX EPC entry to ACPI tables
q35: Add support for SGX EPC
i440fx: Add support for SGX EPC
doc: Add the SGX doc
Yang Zhong (10):
qom: Add memory-backend-epc ObjectOptions support
hostmem: Add the reset interface for
total EPC size, e.g. exposing EPC to guests does not require -maxmem,
and last but not least allows all of EPC to be enumerated in a single
ACPI entry, which is expected by some kernels, e.g. Windows 7 and 8.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/sgx-epc.c
From: Sean Christopherson
SGX adds multiple flags to FEATURE_CONTROL to enable SGX and Flexible
Launch Control.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
target/i386/kvm/kvm.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386
is
enabled (in FEATURE_CONTROL).
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
target/i386/cpu.c | 4 ++--
target/i386/cpu.h | 12
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index ad99cad0e7..544d7be43c 100644
to mmap()
EPC memory.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
v1-->v2:
- Unified the "share" and "protected" arguments with ram_flags in the
memory_region_init_ram_from_fd()(Paolo).
---
backends/hostmem-epc.c | 92 +
stopherson
Signed-off-by: Yang Zhong
v1-->v2:
- Unified the "share" and "protected" arguments with ram_flags in the
memory_region_init_ram_from_fd()(Paolo).
---
backends/hostmem-memfd.c | 3 ++-
hw/misc/ivshmem.c| 4 ++--
hw/remote/memory.c | 2
On Fri, May 07, 2021 at 02:45:21PM +0200, Paolo Bonzini wrote:
> On 07/05/21 07:24, Yang Zhong wrote:
> > Paolo, i will revert this patch, but in order to disable sgx epc memory
> > region
> > as DMA target, we still need to skip this memory region while adding this
&g
On Mon, May 03, 2021 at 07:01:27PM +0200, Paolo Bonzini wrote:
> On 30/04/21 08:24, Yang Zhong wrote:
> >From: Sean Christopherson
> >
> >Add a new RAMBlock flag to denote "protected" memory, i.e. memory that
> >looks and acts like RAM but is inaccessible vi
On Mon, May 03, 2021 at 12:56:55PM -0500, Eric Blake wrote:
> On 4/30/21 1:24 AM, Yang Zhong wrote:
> > Add the new 'memory-backend-epc' user creatable QOM object in
> > the ObjectOptions to support SGX, or the sgx backend object
> > cannot bootup.
> >
&g
On Mon, May 03, 2021 at 12:58:34PM -0500, Eric Blake wrote:
> On 4/30/21 1:24 AM, Yang Zhong wrote:
> > This QMP query command can be used by some userspaces to retrieve
> > the SGX information when SGX is enabled on Intel platform.
> >
> > Signed-off-by: Yang Zhon
On Mon, May 03, 2021 at 01:00:37PM -0500, Eric Blake wrote:
> On 4/30/21 1:24 AM, Yang Zhong wrote:
> > The libvirt can use qmp_query_sgx_capabilities() to get the host
>
> s/The libvirt/Libvirt/
>
> > sgx capabilitis.
> >
>
> capabilities
>
Eric,
On Mon, May 03, 2021 at 01:01:22PM -0500, Eric Blake wrote:
> On 4/30/21 1:24 AM, Yang Zhong wrote:
> > Since there is no fill_device_info() callback support, and when we
> > execute "info memory-devices" command in the monitor, the segfault
> > will be foun
On Thu, May 06, 2021 at 02:17:21PM +1200, Kai Huang wrote:
> On Fri, 2021-04-30 at 14:24 +0800, Yang Zhong wrote:
> > From: Sean Christopherson
> >
> > KVM_CAP_SGX_ATTRIBUTE is a proposed capability for Intel SGX that can be
> > used by userspace to enable privile
From: Sean Christopherson
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
docs/intel-sgx.txt | 173 +
1 file changed, 173 insertions(+)
create mode 100644 docs/intel-sgx.txt
diff --git a/docs/intel-sgx.txt b/docs/intel-sgx.txt
new
Add new CONFIG_SGX for sgx support in the Qemu, and the Kconfig
default enable sgx in the i386 platform.
Signed-off-by: Yang Zhong
---
backends/meson.build | 2 +-
default-configs/devices/i386-softmmu.mak | 1 +
hw/i386/Kconfig | 5 +
hw/i386
s below:
qemu) info memory-devices
Memory device [sgx-epc]: "epc1"
memaddr: 0x18000
size: 29360128
memdev: /objects/mem1
Memory device [sgx-epc]: "epc2"
memaddr: 0x181c0
size: 10485760
memdev: /objects/mem2
Signed-off-by: Yang Zhong
---
hw/i386/sgx-epc.c |
The Qemu should enable bit mask macro like Linux did in the
kernel, the GENMASK(h, l) and GENMASK_ULL(h, l) will set the
bit to 1 from l to h bit in the 32 bit or 64 bit long type.
Signed-off-by: Yang Zhong
---
include/qemu/bitops.h | 7 +++
1 file changed, 7 insertions(+)
diff --git
The libvirt can use qmp_query_sgx_capabilities() to get the host
sgx capabilitis.
Signed-off-by: Yang Zhong
---
hw/i386/sgx-epc.c | 66 ++
include/hw/i386/pc.h | 1 +
monitor/qmp-cmds.c | 5 +++
qapi/misc.json | 19
to guest.
Signed-off-by: Yang Zhong
---
hw/i386/sgx-epc.c | 94 ---
1 file changed, 81 insertions(+), 13 deletions(-)
diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c
index d5ba7bb68c..fbacec6e00 100644
--- a/hw/i386/sgx-epc.c
+++ b/hw/i386/sgx-epc.c
Add the sgx_get_info() interface for hmp and QMP usage, which
will get the SGX info from this API.
Signed-off-by: Yang Zhong
---
hw/i386/sgx-epc.c | 22 ++
include/hw/i386/pc.h | 1 +
include/hw/i386/sgx-epc.h | 1 +
monitor/hmp-cmds.c| 20
The command can be used to show the SGX information in the monitor
when SGX is enabled on intel platform.
Signed-off-by: Yang Zhong
---
hmp-commands-info.hx | 15 +++
include/monitor/hmp.h | 1 +
monitor/hmp-cmds.c| 6 ++
3 files changed, 22 insertions(+)
diff --git
Add the sgx_memory_backend_reset() interface to handle EPC backend
reset when VM is reset. This reset function will destroy previous
backend memory region and re-mmap the EPC section for guest.
Signed-off-by: Yang Zhong
---
backends/hostmem-epc.c | 16
include/hw/i386/pc.h
as
enumerating EPC NUMA information is not yet defined for bare metal.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/acpi-build.c | 22 ++
1 file changed, 22 insertions(+)
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index de98750aef
From: Sean Christopherson
Enable SGX EPC virtualization, which is currently only support by KVM.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/pc_q35.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 53450190f5
mic and user
defined, the number of SGX sub-leafs is "NULL" terminated.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
target/i386/kvm/kvm.c | 19 +++
1 file changed, 19 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
ind
to the PROVISIONKEY is not yet advertised to the guest as
KVM blocks access to the PROVISIONKEY by default and requires userspace
to provide additional credentials (via ioctl()) to expose PROVISIONKEY.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/sgx-epc.c | 17
for the simplicity because we don't support EPC NUMA affinity
now. Once the SGX EPC NUMA support in the kernel SGX driver, we will
support this in the future.
Note that SGX EPC is currently hardcoded to reside above 4g.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
hw/i386/pc.c
From: Sean Christopherson
If the guest want to fully use SGX, the guest needs to be able to
access provisioning key. Add a new KVM_CAP_SGX_ATTRIBUTE to KVM to
support provisioning key to KVM guests.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
target/i386/cpu.c
From: Sean Christopherson
SGX capabilities are enumerated through CPUID_0x12.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
target/i386/cpu.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 63253bf606..41050960c5 100644
-off-by: Yang Zhong
---
target/i386/cpu.c | 21 +
target/i386/cpu.h | 1 +
2 files changed, 22 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index e723f52e22..ec12e12a33 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -678,6 +678,7 @@ static void
From: Sean Christopherson
KVM_CAP_SGX_ATTRIBUTE is a proposed capability for Intel SGX that can be
used by userspace to enable privileged attributes, e.g. access to the
PROVISIONKEY.
Signed-off-by: Sean Christopherson
Signed-off-by: Yang Zhong
---
linux-headers/linux/kvm.h | 1 +
1 file
This QMP query command can be used by some userspaces to retrieve
the SGX information when SGX is enabled on Intel platform.
Signed-off-by: Yang Zhong
---
monitor/qmp-cmds.c | 6 ++
qapi/misc.json | 42 ++
tests/qtest/qmp-cmd-test.c
-off-by: Yang Zhong
---
hw/i386/fw_cfg.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/hw/i386/fw_cfg.c b/hw/i386/fw_cfg.c
index e48a54fa36..ec99743c22 100644
--- a/hw/i386/fw_cfg.c
+++ b/hw/i386/fw_cfg.c
@@ -157,7 +157,7 @@ void fw_cfg_build_feature_control
-off-by: Yang Zhong
---
target/i386/cpu.c | 21 +
target/i386/cpu.h | 1 +
2 files changed, 22 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 5443f69fa5..e723f52e22 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -677,6 +677,7 @@ static void
Control (LC) is exposed to the guest. Likewise, migrate the MSRs if they
are writable by the guest.
Signed-off-by: Sean Christopherson
Signed-off-by: Kai Huang
Signed-off-by: Yang Zhong
---
target/i386/cpu.c | 17 -
target/i386/cpu.h | 1 +
target/i386/kvm/kvm.c | 22
201 - 300 of 708 matches
Mail list logo
