From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: xiaoyao.li@intel.com, michael.roth@amd.com
Subject: [PATCH 0/7] target/i386: VM type infrastructure and KVM_SEV_INIT2 support
Date: Tue, 19 Mar 2024 14:59:53 +0100 [thread overview]
Message-ID: <20240319140000.1014247-1-pbonzini@redhat.com> (raw)
This series adds another vendor-neutral part of the SEV-SNP/TDX support
patches, namely support for KVM_CAP_VM_TYPES. In Linux 6.10 this will
also be available for SEV and SEV-ES, so introduce it now already.
Also, Linux 6.10 will _not_ allow KVM_GET/SET_* ioctls for VMs with
encrypted state and a VM type other than KVM_X86_DEFAULT_VM, so prepare
for that.
The patches are not yet available in kvm.git, hence the hackish
linux-headers update in patch 1. Apart from that, however, the API
should be final.
Tested by booting a SEV-ES guest.
Paolo
Based-on: <20240229060038.606591-1-xiaoyao.li@intel.com>
Paolo Bonzini (6):
linux-headers hack
runstate: skip initial CPU reset if reset is not actually possible
KVM: track whether guest state is encrypted
KVM: remove kvm_arch_cpu_check_are_resettable
target/i386: introduce x86-confidential-guest
target/i386: SEV: use KVM_SEV_INIT2 if possible
Xiaoyao Li (1):
target/i386: Implement mc->kvm_type() to get VM type
include/sysemu/kvm.h | 12 ++-----
include/sysemu/kvm_int.h | 1 +
linux-headers/asm-x86/kvm.h | 8 +++++
linux-headers/linux/kvm.h | 2 ++
target/i386/confidential-guest.h | 59 ++++++++++++++++++++++++++++++++
target/i386/kvm/kvm_i386.h | 2 ++
accel/kvm/kvm-accel-ops.c | 2 +-
accel/kvm/kvm-all.c | 19 ++++++----
hw/i386/x86.c | 6 ++++
system/runstate.c | 15 +++++++-
target/arm/kvm.c | 5 ---
target/i386/confidential-guest.c | 33 ++++++++++++++++++
target/i386/kvm/kvm.c | 49 +++++++++++++++++++++++---
target/i386/sev.c | 48 ++++++++++++++++++++++----
target/loongarch/kvm/kvm.c | 5 ---
target/mips/kvm.c | 5 ---
target/ppc/kvm.c | 5 ---
target/riscv/kvm/kvm-cpu.c | 5 ---
target/s390x/kvm/kvm.c | 5 ---
target/i386/meson.build | 2 +-
20 files changed, 226 insertions(+), 62 deletions(-)
create mode 100644 target/i386/confidential-guest.h
create mode 100644 target/i386/confidential-guest.c
--
2.44.0
next reply other threads:[~2024-03-19 14:01 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-19 13:59 Paolo Bonzini [this message]
2024-03-19 13:59 ` [PATCH 1/7] linux-headers hack Paolo Bonzini
2024-03-19 13:59 ` [PATCH 2/7] runstate: skip initial CPU reset if reset is not actually possible Paolo Bonzini
2024-03-19 14:16 ` Daniel P. Berrangé
2024-03-19 13:59 ` [PATCH 3/7] KVM: track whether guest state is encrypted Paolo Bonzini
2024-03-22 16:44 ` Xiaoyao Li
2024-03-19 13:59 ` [PATCH 4/7] KVM: remove kvm_arch_cpu_check_are_resettable Paolo Bonzini
2024-03-22 16:45 ` Xiaoyao Li
2024-03-19 13:59 ` [PATCH 5/7] target/i386: introduce x86-confidential-guest Paolo Bonzini
2024-03-22 15:23 ` Xiaoyao Li
2024-03-19 13:59 ` [PATCH 6/7] target/i386: Implement mc->kvm_type() to get VM type Paolo Bonzini
2024-03-19 14:15 ` Daniel P. Berrangé
2024-03-19 14:25 ` Paolo Bonzini
2024-03-19 14:27 ` Daniel P. Berrangé
2024-03-19 14:29 ` Paolo Bonzini
2024-03-19 14:39 ` Daniel P. Berrangé
2024-03-22 15:06 ` Xiaoyao Li
2024-03-19 14:00 ` [PATCH 7/7] target/i386: SEV: use KVM_SEV_INIT2 if possible Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240319140000.1014247-1-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=michael.roth@amd.com \
--cc=qemu-devel@nongnu.org \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.