kvm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [RFC PATCH 00/20] i386: Add support for Intel SGX
@ 2019-08-06 18:56 Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 01/20] hostmem: Add hostmem-epc as a backend for SGX EPC Sean Christopherson
                   ` (21 more replies)
  0 siblings, 22 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

This series enables exposing Intel Software Guard Extensions (SGX) to KVM
guests.  This series is firmly RFC due to SGX support not yet being
accepted into the Linux kernel, let alone KVM.

The primary goal of this RFC is to get feedback on the overall approach,
especially with respect to Enclave Page Cache (EPC) handling, but any
feedback whatsoever would be greatly appreciated.  Please don't hesitate
to ask for more details and/or clarification.

The code is based on 'https://github.com/ehabkost/qemu.git x86-next',
which currently points at commit:

  ff656fcd33 ("i386: Fix Snowridge CPU model name and features")


Brief arch blurb (providing useful documentation in a cover letter is
impractical due to scope of SGX):

  SGX is a set of instructions and mechanisms that enable ring 3
  applications to set aside private regions of code and data for the
  purpose of establishing and running enclaves.  An enclave is a secure
  entity whose private memory can only be accessed by code running within
  the enclave.  Accesses from outside the enclave, including software
  running at a higher privilege level and other enclaves, are disallowed
  by hardware.

Overviews and details:

  SGX arch kernel doc - https://patchwork.kernel.org/patch/11043125/

  SGX arch overview   - https://www.youtube.com/watch?v=mPT_vJrlHlg

Gory details on SGX are also available in all recent versions of Intel's
SDM, e.g. chapters 37-42 in Vol. 3 of the May 2019 version of the SDM.


Linux kernel and KVM enabling:

  SGX kernel enabling - https://lkml.kernel.org/r/20190713170804.2340-1-jarkko.sakkinen@linux.intel.com

  SGX KVM enabling    - https://lkml.kernel.org/r/20190727055214.9282-1-sean.j.christopherson@intel.com


QEMU points of interest:

Basics - SGX is exposed the guest if and only if KVM is enabled and
         supports virtualization of SGX, and the kernel provides access
         to "raw" EPC.  Because SGX uses a hardware-based root of trust,
         the attestation aspects of SGX cannot be emulated in software,
         i.e. ultimately emulation will fail as software cannot generate
         a valid quote/report.  The complexity of partially emulating SGX
         in Qemu far outweighs the value added, e.g. an SGX specific
         simulator for userspace applications can emulate SGX for
         development and testing purposes.

EPC - Because of its unique requirements, the kernel manages EPC separately
      from normal memory.  Similar to memfd, the device /dev/sgx/virt_epc
      can be opened to obtain a file descriptor which can in turn be used
      to mmap() EPC memory.

      The notable quirk with EPC from QEMU's perspective is that EPC is
      enumerated via CPUID, which complicates realizing EPC as a normal
      device due to vCPU creation depending on the location/size of EPC
      sections.

Migration - Physical EPC is encrypted with an ephemeral key that is
            (re)generated at CPU reset, i.e. is platform specific.  Thus,
            migrating EPC contents between physical platforms is
            infeasible.  However, live migration is not blocked by SGX as
            kernels and applications are conditioned to gracefully handle
            EPC invalidation due to the EPC being zapped on power state
            transitions that power down the CPU, e.g. S3.  I.e. from the
            guest's perspective, live migration appears and is handled
            like an unannounced suspend/resume cycle.

NUMA - How EPC NUMA affinity will be enumerated to the kernel is not yet
       defined (initial hardware support for SGX was limited to single
       socket systems).

Sean Christopherson (20):
  hostmem: Add hostmem-epc as a backend for SGX EPC
  i386: Add 'sgx-epc' device to expose EPC sections to guest
  vl: Add "sgx-epc" option to expose SGX EPC sections to guest
  i386: Add primary SGX CPUID and MSR defines
  i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX
  i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX
  i386: Add SGX CPUID leaf FEAT_SGX_12_1_EBX
  i386: Add get/set/migrate support for SGX LE public key hash MSRs
  i386: Add feature control MSR dependency when SGX is enabled
  i386: Update SGX CPUID info according to hardware/KVM/user input
  linux-headers: Add temporary placeholder for KVM_CAP_SGX_ATTRIBUTE
  i386: kvm: Add support for exposing PROVISIONKEY to guest
  i386: Propagate SGX CPUID sub-leafs to KVM
  i386: Adjust min CPUID level to 0x12 when SGX is enabled
  hw/i386/pc: Set SGX bits in feature control fw_cfg accordingly
  hw/i386/pc: Account for SGX EPC sections when calculating device
    memory
  i386/pc: Add e820 entry for SGX EPC section(s)
  i386: acpi: Add SGX EPC entry to ACPI tables
  q35: Add support for SGX EPC
  i440fx: Add support for SGX EPC

 backends/Makefile.objs    |   1 +
 backends/hostmem-epc.c    |  91 ++++++++++++
 hw/i386/Makefile.objs     |   1 +
 hw/i386/acpi-build.c      |  22 +++
 hw/i386/pc.c              |  23 ++-
 hw/i386/pc_piix.c         |   3 +
 hw/i386/pc_q35.c          |   2 +
 hw/i386/sgx-epc.c         | 291 ++++++++++++++++++++++++++++++++++++++
 include/hw/i386/pc.h      |   3 +
 include/hw/i386/sgx-epc.h |  75 ++++++++++
 linux-headers/linux/kvm.h |   1 +
 qapi/misc.json            |  32 ++++-
 qemu-options.hx           |  12 ++
 target/i386/cpu.c         | 148 ++++++++++++++++++-
 target/i386/cpu.h         |  14 ++
 target/i386/kvm-stub.c    |   5 +
 target/i386/kvm.c         |  70 +++++++++
 target/i386/kvm_i386.h    |   3 +
 target/i386/machine.c     |  20 +++
 vl.c                      |   9 ++
 20 files changed, 820 insertions(+), 6 deletions(-)
 create mode 100644 backends/hostmem-epc.c
 create mode 100644 hw/i386/sgx-epc.c
 create mode 100644 include/hw/i386/sgx-epc.h

-- 
2.22.0


^ permalink raw reply	[flat|nested] 26+ messages in thread

* [RFC PATCH 01/20] hostmem: Add hostmem-epc as a backend for SGX EPC
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 02/20] i386: Add 'sgx-epc' device to expose EPC sections to guest Sean Christopherson
                   ` (20 subsequent siblings)
  21 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

EPC (Enclave Page Cache) is a specialized type of memory used by Intel
SGX (Software Guard Extensions).  The SDM desribes EPC as:

    The Enclave Page Cache (EPC) is the secure storage used to store
    enclave pages when they are a part of an executing enclave. For an
    EPC page, hardware performs additional access control checks to
    restrict access to the page. After the current page access checks
    and translations are performed, the hardware checks that the EPC
    page is accessible to the program currently executing. Generally an
    EPC page is only accessed by the owner of the executing enclave or
    an instruction which is setting up an EPC page.

Because of its unique requirements, Linux manages EPC separately from
normal memory.  Similar to memfd, the device /dev/sgx/virt_epc can be
opened to obtain a file descriptor which can in turn be used to mmap()
EPC memory.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 backends/Makefile.objs |  1 +
 backends/hostmem-epc.c | 91 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 92 insertions(+)
 create mode 100644 backends/hostmem-epc.c

diff --git a/backends/Makefile.objs b/backends/Makefile.objs
index 981e8e122f..6e96549c5e 100644
--- a/backends/Makefile.objs
+++ b/backends/Makefile.objs
@@ -17,3 +17,4 @@ endif
 common-obj-$(call land,$(CONFIG_VHOST_USER),$(CONFIG_VIRTIO)) += vhost-user.o
 
 common-obj-$(CONFIG_LINUX) += hostmem-memfd.o
+common-obj-$(CONFIG_LINUX) += hostmem-epc.o
diff --git a/backends/hostmem-epc.c b/backends/hostmem-epc.c
new file mode 100644
index 0000000000..24a22dede5
--- /dev/null
+++ b/backends/hostmem-epc.c
@@ -0,0 +1,91 @@
+/*
+ * QEMU host SGX EPC memory backend
+ *
+ * Copyright (C) 2019 Intel Corporation
+ *
+ * Authors:
+ *   Sean Christopherson <sean.j.christopherson@intel.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#include <sys/ioctl.h>
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qom/object_interfaces.h"
+#include "qapi/error.h"
+#include "sysemu/hostmem.h"
+
+#define TYPE_MEMORY_BACKEND_EPC "memory-backend-epc"
+
+#define MEMORY_BACKEND_EPC(obj)                                        \
+    OBJECT_CHECK(HostMemoryBackendEpc, (obj), TYPE_MEMORY_BACKEND_EPC)
+
+typedef struct HostMemoryBackendEpc HostMemoryBackendEpc;
+
+struct HostMemoryBackendEpc {
+    HostMemoryBackend parent_obj;
+};
+
+static void
+sgx_epc_backend_memory_alloc(HostMemoryBackend *backend, Error **errp)
+{
+    char *name;
+    int fd;
+
+    if (!backend->size) {
+        error_setg(errp, "can't create backend with size 0");
+        return;
+    }
+    backend->force_prealloc = mem_prealloc;
+
+    fd = open("/dev/sgx/virt_epc", O_RDWR);
+    if (fd < 0) {
+        error_setg_errno(errp, errno,
+                         "failed to open /dev/sgx/virt_epc to alloc SGX EPC");
+        return;
+    }
+
+    name = object_get_canonical_path(OBJECT(backend));
+    memory_region_init_ram_from_fd(&backend->mr, OBJECT(backend),
+                                   name, backend->size,
+                                   backend->share, fd, errp);
+    g_free(name);
+}
+
+static void sgx_epc_backend_instance_init(Object *obj)
+{
+    HostMemoryBackend *m = MEMORY_BACKEND(obj);
+
+    m->share = true;
+    m->merge = false;
+    m->dump = false;
+}
+
+static void sgx_epc_backend_class_init(ObjectClass *oc, void *data)
+{
+    HostMemoryBackendClass *bc = MEMORY_BACKEND_CLASS(oc);
+
+    bc->alloc = sgx_epc_backend_memory_alloc;
+}
+
+static const TypeInfo sgx_epc_backed_info = {
+    .name = TYPE_MEMORY_BACKEND_EPC,
+    .parent = TYPE_MEMORY_BACKEND,
+    .instance_init = sgx_epc_backend_instance_init,
+    .class_init = sgx_epc_backend_class_init,
+    .instance_size = sizeof(HostMemoryBackendEpc),
+};
+
+static void register_types(void)
+{
+    int fd = open("/dev/sgx/virt_epc", O_RDWR);
+    if (fd >= 0) {
+        close(fd);
+
+        type_register_static(&sgx_epc_backed_info);
+    }
+}
+
+type_init(register_types);
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 02/20] i386: Add 'sgx-epc' device to expose EPC sections to guest
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 01/20] hostmem: Add hostmem-epc as a backend for SGX EPC Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-07  5:57   ` [Qemu-devel] " Markus Armbruster
  2019-08-06 18:56 ` [RFC PATCH 03/20] vl: Add "sgx-epc" option to expose SGX " Sean Christopherson
                   ` (19 subsequent siblings)
  21 siblings, 1 reply; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

SGX EPC is enumerated through CPUID, i.e. EPC "devices" need to be
realized prior to realizing the vCPUs themselves, which occurs long
before generic devices are parsed and realized.  Because of this,
do not allow 'sgx-epc' devices to be instantiated after vCPUS have
been created.

The 'sgx-epc' device is essentially a placholder at this time, it will
be fully implemented in a future patch along with a dedicated command
to create 'sgx-epc' devices.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 hw/i386/Makefile.objs     |   1 +
 hw/i386/sgx-epc.c         | 169 ++++++++++++++++++++++++++++++++++++++
 include/hw/i386/sgx-epc.h |  44 ++++++++++
 qapi/misc.json            |  32 +++++++-
 4 files changed, 244 insertions(+), 2 deletions(-)
 create mode 100644 hw/i386/sgx-epc.c
 create mode 100644 include/hw/i386/sgx-epc.h

diff --git a/hw/i386/Makefile.objs b/hw/i386/Makefile.objs
index 5d9c9efd5f..18c9693d9d 100644
--- a/hw/i386/Makefile.objs
+++ b/hw/i386/Makefile.objs
@@ -13,3 +13,4 @@ obj-$(CONFIG_VMMOUSE) += vmmouse.o
 
 obj-y += kvmvapic.o
 obj-y += acpi-build.o
+obj-y += sgx-epc.o
diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c
new file mode 100644
index 0000000000..73221ba86b
--- /dev/null
+++ b/hw/i386/sgx-epc.c
@@ -0,0 +1,169 @@
+/*
+ * SGX EPC device
+ *
+ * Copyright (C) 2019 Intel Corporation
+ *
+ * Authors:
+ *   Sean Christopherson <sean.j.christopherson@intel.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "hw/i386/pc.h"
+#include "hw/i386/sgx-epc.h"
+#include "hw/mem/memory-device.h"
+#include "monitor/qdev.h"
+#include "qapi/error.h"
+#include "qapi/visitor.h"
+#include "qemu/config-file.h"
+#include "qemu/error-report.h"
+#include "qemu/option.h"
+#include "qemu/units.h"
+#include "target/i386/cpu.h"
+
+static Property sgx_epc_properties[] = {
+    DEFINE_PROP_UINT64(SGX_EPC_ADDR_PROP, SGXEPCDevice, addr, 0),
+    DEFINE_PROP_LINK(SGX_EPC_MEMDEV_PROP, SGXEPCDevice, hostmem,
+                     TYPE_MEMORY_BACKEND, HostMemoryBackend *),
+    DEFINE_PROP_END_OF_LIST(),
+};
+
+static void sgx_epc_get_size(Object *obj, Visitor *v, const char *name,
+                             void *opaque, Error **errp)
+{
+    Error *local_err = NULL;
+    uint64_t value;
+
+    value = memory_device_get_region_size(MEMORY_DEVICE(obj), &local_err);
+    if (local_err) {
+        error_propagate(errp, local_err);
+        return;
+    }
+
+    visit_type_uint64(v, name, &value, errp);
+}
+
+static void sgx_epc_init(Object *obj)
+{
+    object_property_add(obj, SGX_EPC_SIZE_PROP, "uint64", sgx_epc_get_size,
+                        NULL, NULL, NULL, &error_abort);
+}
+
+static void sgx_epc_realize(DeviceState *dev, Error **errp)
+{
+    PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
+    SGXEPCDevice *epc = SGX_EPC(dev);
+
+    if (pcms->boot_cpus != 0) {
+        error_setg(errp,
+            "'" TYPE_SGX_EPC "' can't be created after vCPUs, e.g. via -device");
+        return;
+    }
+
+    if (!epc->hostmem) {
+        error_setg(errp, "'" SGX_EPC_MEMDEV_PROP "' property is not set");
+        return;
+    } else if (host_memory_backend_is_mapped(epc->hostmem)) {
+        char *path = object_get_canonical_path_component(OBJECT(epc->hostmem));
+        error_setg(errp, "can't use already busy memdev: %s", path);
+        g_free(path);
+        return;
+    }
+
+    error_setg(errp, "'" TYPE_SGX_EPC "' not supported");
+}
+
+static void sgx_epc_unrealize(DeviceState *dev, Error **errp)
+{
+    SGXEPCDevice *epc = SGX_EPC(dev);
+
+    host_memory_backend_set_mapped(epc->hostmem, false);
+}
+
+static uint64_t sgx_epc_md_get_addr(const MemoryDeviceState *md)
+{
+    const SGXEPCDevice *epc = SGX_EPC(md);
+
+    return epc->addr;
+}
+
+static void sgx_epc_md_set_addr(MemoryDeviceState *md, uint64_t addr,
+                                Error **errp)
+{
+    object_property_set_uint(OBJECT(md), addr, SGX_EPC_ADDR_PROP, errp);
+}
+
+static uint64_t sgx_epc_md_get_plugged_size(const MemoryDeviceState *md,
+                                            Error **errp)
+{
+    return 0;
+}
+
+static MemoryRegion *sgx_epc_md_get_memory_region(MemoryDeviceState *md,
+                                                  Error **errp)
+{
+    SGXEPCDevice *epc = SGX_EPC(md);
+
+    if (!epc->hostmem) {
+        error_setg(errp, "'" SGX_EPC_MEMDEV_PROP "' property must be set");
+        return NULL;
+    }
+
+    return host_memory_backend_get_memory(epc->hostmem);
+}
+
+static void sgx_epc_md_fill_device_info(const MemoryDeviceState *md,
+                                        MemoryDeviceInfo *info)
+{
+    SGXEPCDeviceInfo *di = g_new0(SGXEPCDeviceInfo, 1);
+    const SGXEPCDevice *epc = SGX_EPC(md);
+    const DeviceState *dev = DEVICE(md);
+
+    if (dev->id) {
+        di->has_id = true;
+        di->id = g_strdup(dev->id);
+    }
+    di->addr = epc->addr;
+    di->node = 0 /* TODO: EPC NUMA spec not yet defined */;
+    di->size = memory_device_get_region_size(MEMORY_DEVICE(epc), &error_fatal);
+    di->memdev = object_get_canonical_path(OBJECT(epc->hostmem));
+}
+
+static void sgx_epc_class_init(ObjectClass *oc, void *data)
+{
+    DeviceClass *dc = DEVICE_CLASS(oc);
+    MemoryDeviceClass *mdc = MEMORY_DEVICE_CLASS(oc);
+
+    dc->hotpluggable = false;
+    dc->realize = sgx_epc_realize;
+    dc->unrealize = sgx_epc_unrealize;
+    dc->props = sgx_epc_properties;
+    dc->desc = "SGX EPC section";
+
+    mdc->get_addr = sgx_epc_md_get_addr;
+    mdc->set_addr = sgx_epc_md_set_addr;
+    mdc->get_plugged_size = sgx_epc_md_get_plugged_size;
+    mdc->get_memory_region = sgx_epc_md_get_memory_region;
+    mdc->fill_device_info = sgx_epc_md_fill_device_info;
+}
+
+static TypeInfo sgx_epc_info = {
+    .name          = TYPE_SGX_EPC,
+    .parent        = TYPE_DEVICE,
+    .instance_size = sizeof(SGXEPCDevice),
+    .instance_init = sgx_epc_init,
+    .class_init    = sgx_epc_class_init,
+    .class_size    = sizeof(DeviceClass),
+    .interfaces = (InterfaceInfo[]) {
+        { TYPE_MEMORY_DEVICE },
+        { }
+    },
+};
+
+static void sgx_epc_register_types(void)
+{
+    type_register_static(&sgx_epc_info);
+}
+
+type_init(sgx_epc_register_types)
diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h
new file mode 100644
index 0000000000..5fd9ae2d0c
--- /dev/null
+++ b/include/hw/i386/sgx-epc.h
@@ -0,0 +1,44 @@
+/*
+ * SGX EPC device
+ *
+ * Copyright (C) 2019 Intel Corporation
+ *
+ * Authors:
+ *   Sean Christopherson <sean.j.christopherson@intel.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#ifndef QEMU_SGX_EPC_H
+#define QEMU_SGX_EPC_H
+
+#include "sysemu/hostmem.h"
+
+#define TYPE_SGX_EPC "sgx-epc"
+#define SGX_EPC(obj) \
+    OBJECT_CHECK(SGXEPCDevice, (obj), TYPE_SGX_EPC)
+#define SGX_EPC_CLASS(oc) \
+    OBJECT_CLASS_CHECK(SGXEPCDeviceClass, (oc), TYPE_SGX_EPC)
+#define SGX_EPC_GET_CLASS(obj) \
+    OBJECT_GET_CLASS(SGXEPCDeviceClass, (obj), TYPE_SGX_EPC)
+
+#define SGX_EPC_ADDR_PROP "addr"
+#define SGX_EPC_SIZE_PROP "size"
+#define SGX_EPC_MEMDEV_PROP "memdev"
+
+/**
+ * SGXEPCDevice:
+ * @addr: starting guest physical address, where @SGXEPCDevice is mapped.
+ *         Default value: 0, means that address is auto-allocated.
+ * @hostmem: host memory backend providing memory for @SGXEPCDevice
+ */
+typedef struct SGXEPCDevice {
+    /* private */
+    DeviceState parent_obj;
+
+    /* public */
+    uint64_t addr;
+    HostMemoryBackend *hostmem;
+} SGXEPCDevice;
+
+#endif
diff --git a/qapi/misc.json b/qapi/misc.json
index a7fba7230c..965905c9e8 100644
--- a/qapi/misc.json
+++ b/qapi/misc.json
@@ -1573,19 +1573,47 @@
           }
 }
 
+##
+# @SGXEPCDeviceInfo:
+#
+# SGX EPC state information
+#
+# @id: device's ID
+#
+# @addr: physical address, where device is mapped
+#
+# @size: size of memory that the device provides
+#
+# @node: NUMA node number where device is plugged in
+#
+# @memdev: memory backend linked with device
+#
+# Since: TBD
+##
+{ 'struct': 'SGXEPCDeviceInfo',
+  'data': { '*id': 'str',
+            'addr': 'int',
+            'size': 'int',
+            'node': 'int',
+            'memdev': 'str'
+          }
+}
+
 ##
 # @MemoryDeviceInfo:
 #
 # Union containing information about a memory device
 #
-# nvdimm is included since 2.12. virtio-pmem is included since 4.1.
+# nvdimm is included since 2.12. virtio-pmem is included since 4.1,
+# sgx-epc is included since TBD.
 #
 # Since: 2.1
 ##
 { 'union': 'MemoryDeviceInfo',
   'data': { 'dimm': 'PCDIMMDeviceInfo',
             'nvdimm': 'PCDIMMDeviceInfo',
-            'virtio-pmem': 'VirtioPMEMDeviceInfo'
+            'virtio-pmem': 'VirtioPMEMDeviceInfo',
+            'sgx-epc': 'SGXEPCDeviceInfo'
           }
 }
 
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 03/20] vl: Add "sgx-epc" option to expose SGX EPC sections to guest
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 01/20] hostmem: Add hostmem-epc as a backend for SGX EPC Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 02/20] i386: Add 'sgx-epc' device to expose EPC sections to guest Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-09-06 21:49   ` [Qemu-devel] " Larry Dewey
  2019-08-06 18:56 ` [RFC PATCH 04/20] i386: Add primary SGX CPUID and MSR defines Sean Christopherson
                   ` (18 subsequent siblings)
  21 siblings, 1 reply; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

Because SGX EPC is enumerated through CPUID, EPC "devices" need to be
realized prior to realizing the vCPUs themselves, i.e. long before
generic devices are parsed and realized.  From a virtualization
perspective, the CPUID aspect also means that EPC sections cannot be
hotplugged without paravirtualizing the guest kernel (hardware does
not support hotplugging as EPC sections must be locked down during
pre-boot to provide EPC's security properties).

So even though EPC sections could be realized through the generic
-devices command, they need to be created much earlier for them to
actually be usable by the guest.  Place all EPC sections in a
contiguous block, somewhat arbitrarily starting after RAM above 4g.
Ensuring EPC is in a contiguous region simplifies calculations, e.g.
device memory base, PCI hole, etc..., allows dynamic calculation of the
total EPC size, e.g. exposing EPC to guests does not require -maxmem,
and last but not least allows all of EPC to be enumerated in a single
ACPI entry, which is expected by some kernels, e.g. Windows 7 and 8.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 hw/i386/sgx-epc.c         | 107 +++++++++++++++++++++++++++++++++++++-
 include/hw/i386/pc.h      |   3 ++
 include/hw/i386/sgx-epc.h |  18 +++++++
 qemu-options.hx           |  12 +++++
 vl.c                      |   9 ++++
 5 files changed, 148 insertions(+), 1 deletion(-)

diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c
index 73221ba86b..09aba1f8ea 100644
--- a/hw/i386/sgx-epc.c
+++ b/hw/i386/sgx-epc.c
@@ -53,6 +53,8 @@ static void sgx_epc_init(Object *obj)
 static void sgx_epc_realize(DeviceState *dev, Error **errp)
 {
     PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
+    MemoryDeviceState *md = MEMORY_DEVICE(dev);
+    SGXEPCState *sgx_epc = pcms->sgx_epc;
     SGXEPCDevice *epc = SGX_EPC(dev);
 
     if (pcms->boot_cpus != 0) {
@@ -71,7 +73,18 @@ static void sgx_epc_realize(DeviceState *dev, Error **errp)
         return;
     }
 
-    error_setg(errp, "'" TYPE_SGX_EPC "' not supported");
+    epc->addr = sgx_epc->base + sgx_epc->size;
+
+    memory_region_add_subregion(&sgx_epc->mr, epc->addr - sgx_epc->base,
+                                host_memory_backend_get_memory(epc->hostmem));
+
+    host_memory_backend_set_mapped(epc->hostmem, true);
+
+    sgx_epc->sections = g_renew(SGXEPCDevice *, sgx_epc->sections,
+                                sgx_epc->nr_sections + 1);
+    sgx_epc->sections[sgx_epc->nr_sections++] = epc;
+
+    sgx_epc->size += memory_device_get_region_size(md, errp);
 }
 
 static void sgx_epc_unrealize(DeviceState *dev, Error **errp)
@@ -167,3 +180,95 @@ static void sgx_epc_register_types(void)
 }
 
 type_init(sgx_epc_register_types)
+
+
+static int sgx_epc_set_property(void *opaque, const char *name,
+                                const char *value, Error **errp)
+{
+    Object *obj = opaque;
+    Error *err = NULL;
+
+    object_property_parse(obj, value, name, &err);
+    if (err != NULL) {
+        error_propagate(errp, err);
+        return -1;
+    }
+    return 0;
+}
+
+static int sgx_epc_init_func(void *opaque, QemuOpts *opts, Error **errp)
+{
+    Error *err = NULL;
+    Object *obj;
+
+    obj = object_new("sgx-epc");
+
+    qdev_set_id(DEVICE(obj), qemu_opts_id(opts));
+
+    if (qemu_opt_foreach(opts, sgx_epc_set_property, obj, &err)) {
+        goto out;
+    }
+
+    object_property_set_bool(obj, true, "realized", &err);
+
+out:
+    if (err != NULL) {
+        error_propagate(errp, err);
+    }
+    object_unref(obj);
+    return err != NULL ? -1 : 0;
+}
+
+void pc_machine_init_sgx_epc(PCMachineState *pcms)
+{
+    SGXEPCState *sgx_epc;
+
+    if (!sgx_epc_enabled) {
+        return;
+    }
+
+    sgx_epc = g_malloc0(sizeof(*sgx_epc));
+    pcms->sgx_epc = sgx_epc;
+
+    sgx_epc->base = 0x100000000ULL + pcms->above_4g_mem_size;
+
+    memory_region_init(&sgx_epc->mr, OBJECT(pcms), "sgx-epc", UINT64_MAX);
+    memory_region_add_subregion(get_system_memory(), sgx_epc->base,
+                                &sgx_epc->mr);
+
+    qemu_opts_foreach(qemu_find_opts("sgx-epc"), sgx_epc_init_func, NULL,
+                      &error_fatal);
+
+    if ((sgx_epc->base + sgx_epc->size) < sgx_epc->base) {
+        error_report("Size of all 'sgx-epc' =0x%"PRIu64" causes EPC to wrap",
+                     sgx_epc->size);
+        exit(EXIT_FAILURE);
+    }
+
+    memory_region_set_size(&sgx_epc->mr, sgx_epc->size);
+}
+
+static QemuOptsList sgx_epc_opts = {
+    .name = "sgx-epc",
+    .implied_opt_name = "id",
+    .head = QTAILQ_HEAD_INITIALIZER(sgx_epc_opts.head),
+    .desc = {
+        {
+            .name = "id",
+            .type = QEMU_OPT_STRING,
+            .help = "SGX EPC section ID",
+        },{
+            .name = "memdev",
+            .type = QEMU_OPT_STRING,
+            .help = "memory object backend",
+        },
+        { /* end of list */ }
+    },
+};
+
+static void sgx_epc_register_opts(void)
+{
+    qemu_add_opts(&sgx_epc_opts);
+}
+
+opts_init(sgx_epc_register_opts);
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 859b64c51d..bb9071c3bd 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -8,6 +8,7 @@
 #include "hw/block/flash.h"
 #include "net/net.h"
 #include "hw/i386/ioapic.h"
+#include "hw/i386/sgx-epc.h"
 
 #include "qemu/range.h"
 #include "qemu/bitmap.h"
@@ -69,6 +70,8 @@ struct PCMachineState {
     /* Address space used by IOAPIC device. All IOAPIC interrupts
      * will be translated to MSI messages in the address space. */
     AddressSpace *ioapic_as;
+
+    SGXEPCState *sgx_epc;
 };
 
 #define PC_MACHINE_ACPI_DEVICE_PROP "acpi-device"
diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h
index 5fd9ae2d0c..562c66148f 100644
--- a/include/hw/i386/sgx-epc.h
+++ b/include/hw/i386/sgx-epc.h
@@ -41,4 +41,22 @@ typedef struct SGXEPCDevice {
     HostMemoryBackend *hostmem;
 } SGXEPCDevice;
 
+/*
+ * @base: address in guest physical address space where EPC regions start
+ * @mr: address space container for memory devices
+ */
+typedef struct SGXEPCState {
+    uint64_t base;
+    uint64_t size;
+
+    MemoryRegion mr;
+
+    struct SGXEPCDevice **sections;
+    int nr_sections;
+} SGXEPCState;
+
+extern int sgx_epc_enabled;
+
+void pc_machine_init_sgx_epc(PCMachineState *pcms);
+
 #endif
diff --git a/qemu-options.hx b/qemu-options.hx
index 9621e934c0..8e83dbddbd 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -103,6 +103,9 @@ NOTE: this parameter is deprecated. Please use @option{-global}
 @option{migration.send-configuration}=@var{on|off} instead.
 @item memory-encryption=@var{}
 Memory encryption object to use. The default is none.
+@item epc=size
+Defines the maximum size of the guest's SGX EPC, required for running
+SGX enclaves in the guest.  The default is 0.
 @end table
 ETEXI
 
@@ -394,6 +397,15 @@ STEXI
 Preallocate memory when using -mem-path.
 ETEXI
 
+DEF("sgx-epc", HAS_ARG, QEMU_OPTION_sgx_epc,
+    "-sgx-epc memdev=memid[,id=epcid]\n",
+    QEMU_ARCH_I386)
+STEXI
+@item -sgx-epc memdev=@var{memid}[,id=@var{epcid}]
+@findex -sgx-epc
+Define an SGX EPC section.
+ETEXI
+
 DEF("k", HAS_ARG, QEMU_OPTION_k,
     "-k language     use keyboard layout (for example 'fr' for French)\n",
     QEMU_ARCH_ALL)
diff --git a/vl.c b/vl.c
index b426b32134..8d3621ec4d 100644
--- a/vl.c
+++ b/vl.c
@@ -141,6 +141,7 @@ const char* keyboard_layout = NULL;
 ram_addr_t ram_size;
 const char *mem_path = NULL;
 int mem_prealloc = 0; /* force preallocation of physical target memory */
+int sgx_epc_enabled;
 bool enable_mlock = false;
 bool enable_cpu_pm = false;
 int nb_nics;
@@ -3193,6 +3194,14 @@ int main(int argc, char **argv, char **envp)
             case QEMU_OPTION_mem_prealloc:
                 mem_prealloc = 1;
                 break;
+            case QEMU_OPTION_sgx_epc:
+                opts = qemu_opts_parse_noisily(qemu_find_opts("sgx-epc"),
+                                               optarg, false);
+                if (!opts) {
+                    exit(1);
+                }
+                sgx_epc_enabled = 1;
+                break;
             case QEMU_OPTION_d:
                 log_mask = optarg;
                 break;
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 04/20] i386: Add primary SGX CPUID and MSR defines
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (2 preceding siblings ...)
  2019-08-06 18:56 ` [RFC PATCH 03/20] vl: Add "sgx-epc" option to expose SGX " Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 05/20] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX Sean Christopherson
                   ` (17 subsequent siblings)
  21 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

Add CPUID defines for SGX and SGX Launch Control (LC), as well as
defines for their associated FEATURE_CONTROL MSR bits.  Define the
Launch Enclave Public Key Hash MSRs (LE Hash MSRs), which exist
when SGX LC is present (in CPUID), and are writable when SGX LC is
enabled (in FEATURE_CONTROL).

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 target/i386/cpu.c |  4 ++--
 target/i386/cpu.h | 10 ++++++++++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 19751e37a7..f529fb0dc8 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1041,7 +1041,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
     [FEAT_7_0_EBX] = {
         .type = CPUID_FEATURE_WORD,
         .feat_names = {
-            "fsgsbase", "tsc-adjust", NULL, "bmi1",
+            "fsgsbase", "tsc-adjust", "sgx", "bmi1",
             "hle", "avx2", NULL, "smep",
             "bmi2", "erms", "invpcid", "rtm",
             NULL, NULL, "mpx", NULL,
@@ -1067,7 +1067,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
             "la57", NULL, NULL, NULL,
             NULL, NULL, "rdpid", NULL,
             NULL, "cldemote", NULL, "movdiri",
-            "movdir64b", NULL, NULL, NULL,
+            "movdir64b", NULL, "sgxlc", NULL,
         },
         .cpuid = {
             .eax = 7,
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 8b3dc5533e..62adb2e0d0 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -350,9 +350,17 @@ typedef enum X86Seg {
 #define MSR_IA32_TSCDEADLINE            0x6e0
 
 #define FEATURE_CONTROL_LOCKED                    (1<<0)
+#define FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX  (1<<1)
 #define FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX (1<<2)
+#define FEATURE_CONTROL_SGX_LC                    (1<<17)
+#define FEATURE_CONTROL_SGX                       (1<<18)
 #define FEATURE_CONTROL_LMCE                      (1<<20)
 
+#define MSR_IA32_SGXLEPUBKEYHASH0       0x8c
+#define MSR_IA32_SGXLEPUBKEYHASH1       0x8d
+#define MSR_IA32_SGXLEPUBKEYHASH2       0x8e
+#define MSR_IA32_SGXLEPUBKEYHASH3       0x8f
+
 #define MSR_P6_PERFCTR0                 0xc1
 
 #define MSR_IA32_SMBASE                 0x9e
@@ -641,6 +649,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
 #define CPUID_SVM_PFTHRESHOLD  (1U << 12)
 
 #define CPUID_7_0_EBX_FSGSBASE (1U << 0)
+#define CPUID_7_0_EBX_SGX      (1U << 2)
 #define CPUID_7_0_EBX_BMI1     (1U << 3)
 #define CPUID_7_0_EBX_HLE      (1U << 4)
 #define CPUID_7_0_EBX_AVX2     (1U << 5)
@@ -684,6 +693,7 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
 #define CPUID_7_0_ECX_CLDEMOTE (1U << 25)  /* CLDEMOTE Instruction */
 #define CPUID_7_0_ECX_MOVDIRI  (1U << 27)  /* MOVDIRI Instruction */
 #define CPUID_7_0_ECX_MOVDIR64B (1U << 28) /* MOVDIR64B Instruction */
+#define CPUID_7_0_ECX_SGX_LC   (1U << 30)
 
 #define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network Instructions */
 #define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation Single Precision */
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 05/20] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (3 preceding siblings ...)
  2019-08-06 18:56 ` [RFC PATCH 04/20] i386: Add primary SGX CPUID and MSR defines Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 06/20] i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX Sean Christopherson
                   ` (16 subsequent siblings)
  21 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

CPUID leaf 12_0_EAX is an Intel-defined feature bits leaf enumerating
the CPU's SGX capabilities, e.g. supported SGX instruction sets.
Currently there are four enumerated capabilities:

  - SGX1 instruction set, i.e. "base" SGX
  - SGX2 instruction set for dynamic EPC management
  - ENCLV instruction set for VMM oversubscription of EPC
  - ENCLS-C instruction set for thread safe variants of ENCLS

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 target/i386/cpu.c | 20 ++++++++++++++++++++
 target/i386/cpu.h |  1 +
 2 files changed, 21 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index f529fb0dc8..e954eca4dd 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -775,6 +775,7 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
 #define TCG_XSAVE_FEATURES (CPUID_XSAVE_XSAVEOPT | CPUID_XSAVE_XGETBV1)
           /* missing:
           CPUID_XSAVE_XSAVEC, CPUID_XSAVE_XSAVES */
+#define TCG_SGX_12_0_EAX_FEATURES 0
 
 typedef enum FeatureWordType {
    CPUID_FEATURE_WORD,
@@ -1224,6 +1225,25 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
             },
         },
     },
+    [FEAT_SGX_12_0_EAX] = {
+        .type = CPUID_FEATURE_WORD,
+        .feat_names = {
+            "sgx1", "sgx2", NULL, NULL,
+            NULL, "sgx-enclv", "sgx-encls-c", NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+        },
+        .cpuid = {
+            .eax = 0x12,
+            .needs_ecx = true, .ecx = 0,
+            .reg = R_EAX,
+        },
+        .tcg_features = TCG_SGX_12_0_EAX_FEATURES,
+    },
 };
 
 typedef struct X86RegisterInfo32 {
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 62adb2e0d0..6803b1b41d 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -506,6 +506,7 @@ typedef enum FeatureWord {
     FEAT_XSAVE_COMP_HI, /* CPUID[EAX=0xd,ECX=0].EDX */
     FEAT_ARCH_CAPABILITIES,
     FEAT_CORE_CAPABILITY,
+    FEAT_SGX_12_0_EAX,  /* CPUID[EAX=0x12,ECX=0].EAX (SGX) */
     FEATURE_WORDS,
 } FeatureWord;
 
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 06/20] i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (4 preceding siblings ...)
  2019-08-06 18:56 ` [RFC PATCH 05/20] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 07/20] i386: Add SGX CPUID leaf FEAT_SGX_12_1_EBX Sean Christopherson
                   ` (15 subsequent siblings)
  21 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

CPUID leaf 12_1_EAX is an Intel-defined feature bits leaf enumerating
the platform's SGX capabilities that may be utilized by an enclave, e.g.
whether or not an enclave can gain access to the provision key.
Currently there are six capabilities:

  - INIT: set when the enclave has has been initialized by EINIT.  Cannot
          be set by software, i.e. forced to zero in CPUID.
  - DEBUG: permits a debugger to read/write into the enclave.
  - MODE64BIT: the enclave runs in 64-bit mode
  - PROVISIONKEY: grants has access to the provision key
  - EINITTOKENKEY: grants access to the EINIT token key, i.e. the
                   enclave can generate EINIT tokens
  - KSS: Key Separation and Sharing enabled for the enclave.

Note that the entirety of CPUID.0x12.0x1, i.e. all registers, enumerates
the allowed ATTRIBUTES (128 bits), but only bits 31:0 are directly
exposed to the user (via FEAT_12_1_EAX).  Bits 63:32 are currently all
reserved and bits 127:64 correspond to the allowed XSAVE Feature Request
Mask, which is calculated based on other CPU features, e.g. XSAVE, MPX,
AVX, etc... and is not exposed to the user.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 target/i386/cpu.c | 20 ++++++++++++++++++++
 target/i386/cpu.h |  1 +
 2 files changed, 21 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index e954eca4dd..e3dd76d3ba 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -776,6 +776,7 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
           /* missing:
           CPUID_XSAVE_XSAVEC, CPUID_XSAVE_XSAVES */
 #define TCG_SGX_12_0_EAX_FEATURES 0
+#define TCG_SGX_12_1_EAX_FEATURES 0
 
 typedef enum FeatureWordType {
    CPUID_FEATURE_WORD,
@@ -1244,6 +1245,25 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
         },
         .tcg_features = TCG_SGX_12_0_EAX_FEATURES,
     },
+    [FEAT_SGX_12_1_EAX] = {
+        .type = CPUID_FEATURE_WORD,
+        .feat_names = {
+            NULL /* sgx-init */, "sgx-debug", "sgx-mode64", NULL,
+            "sgx-provisionkey", "sgx-tokenkey", NULL, "sgx-kss",
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+        },
+        .cpuid = {
+            .eax = 0x12,
+            .needs_ecx = true, .ecx = 1,
+            .reg = R_EAX,
+        },
+        .tcg_features = TCG_SGX_12_1_EAX_FEATURES,
+    },
 };
 
 typedef struct X86RegisterInfo32 {
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 6803b1b41d..fe4660effa 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -507,6 +507,7 @@ typedef enum FeatureWord {
     FEAT_ARCH_CAPABILITIES,
     FEAT_CORE_CAPABILITY,
     FEAT_SGX_12_0_EAX,  /* CPUID[EAX=0x12,ECX=0].EAX (SGX) */
+    FEAT_SGX_12_1_EAX,  /* CPUID[EAX=0x12,ECX=1].EAX (SGX ATTRIBUTES[31:0]) */
     FEATURE_WORDS,
 } FeatureWord;
 
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 07/20] i386: Add SGX CPUID leaf FEAT_SGX_12_1_EBX
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (5 preceding siblings ...)
  2019-08-06 18:56 ` [RFC PATCH 06/20] i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 08/20] i386: Add get/set/migrate support for SGX LE public key hash MSRs Sean Christopherson
                   ` (14 subsequent siblings)
  21 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

CPUID leaf 12_1_EBX is an Intel-defined feature bits leaf enumerating
the platform's SGX extended capabilities.  Currently there is a single
capabilitiy:

  - EXINFO: record information about #PFs and #GPs in the enclave's SSA

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 target/i386/cpu.c | 20 ++++++++++++++++++++
 target/i386/cpu.h |  1 +
 2 files changed, 21 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index e3dd76d3ba..ab08c1765e 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -777,6 +777,7 @@ static void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
           CPUID_XSAVE_XSAVEC, CPUID_XSAVE_XSAVES */
 #define TCG_SGX_12_0_EAX_FEATURES 0
 #define TCG_SGX_12_1_EAX_FEATURES 0
+#define TCG_SGX_12_1_EBX_FEATURES 0
 
 typedef enum FeatureWordType {
    CPUID_FEATURE_WORD,
@@ -1264,6 +1265,25 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
         },
         .tcg_features = TCG_SGX_12_1_EAX_FEATURES,
     },
+    [FEAT_SGX_12_1_EBX] = {
+        .type = CPUID_FEATURE_WORD,
+        .feat_names = {
+            "sgx-exinfo" , NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, NULL,
+        },
+        .cpuid = {
+            .eax = 0x12,
+            .needs_ecx = true, .ecx = 1,
+            .reg = R_EBX,
+        },
+        .tcg_features = TCG_SGX_12_1_EBX_FEATURES,
+    },
 };
 
 typedef struct X86RegisterInfo32 {
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index fe4660effa..4139c94669 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -508,6 +508,7 @@ typedef enum FeatureWord {
     FEAT_CORE_CAPABILITY,
     FEAT_SGX_12_0_EAX,  /* CPUID[EAX=0x12,ECX=0].EAX (SGX) */
     FEAT_SGX_12_1_EAX,  /* CPUID[EAX=0x12,ECX=1].EAX (SGX ATTRIBUTES[31:0]) */
+    FEAT_SGX_12_1_EBX,  /* CPUID[EAX=0x12,ECX=1].EBX (SGX MISCSELECT[31:0]) */
     FEATURE_WORDS,
 } FeatureWord;
 
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 08/20] i386: Add get/set/migrate support for SGX LE public key hash MSRs
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (6 preceding siblings ...)
  2019-08-06 18:56 ` [RFC PATCH 07/20] i386: Add SGX CPUID leaf FEAT_SGX_12_1_EBX Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 09/20] i386: Add feature control MSR dependency when SGX is enabled Sean Christopherson
                   ` (13 subsequent siblings)
  21 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

Save/restore the SGX Launch Enclave Public Key Hash MSRs if SGX Launch
Control (LC) is exposed to the guest.  KVM advertises SGX LC via CPUID
if and only if the MSRs are writable.  KVM also resets the MSRs to a
constant value (Intel's Skylake era key) when SGX LC is fully enabled,
i.e. the vCPU MSRs won't be set to a random or hardware specific value.

Likewise, migrate the MSRs if they are exposed to the guest.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 target/i386/cpu.h     |  1 +
 target/i386/kvm.c     | 21 +++++++++++++++++++++
 target/i386/machine.c | 20 ++++++++++++++++++++
 3 files changed, 42 insertions(+)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 4139c94669..a4161b6d2b 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1247,6 +1247,7 @@ typedef struct CPUX86State {
     uint64_t mcg_status;
     uint64_t msr_ia32_misc_enable;
     uint64_t msr_ia32_feature_control;
+    uint64_t msr_ia32_sgxlepubkeyhash[4];
 
     uint64_t msr_fixed_ctr_ctrl;
     uint64_t msr_global_ctrl;
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index dbbb13772a..07565820bd 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -2643,6 +2643,17 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
             }
         }
 
+        if (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_SGX_LC) {
+            kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH0,
+                              env->msr_ia32_sgxlepubkeyhash[0]);
+            kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH1,
+                              env->msr_ia32_sgxlepubkeyhash[1]);
+            kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH2,
+                              env->msr_ia32_sgxlepubkeyhash[2]);
+            kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH3,
+                              env->msr_ia32_sgxlepubkeyhash[3]);
+        }
+
         /* Note: MSR_IA32_FEATURE_CONTROL is written separately, see
          *       kvm_put_msr_feature_control. */
     }
@@ -2978,6 +2989,13 @@ static int kvm_get_msrs(X86CPU *cpu)
         }
     }
 
+    if (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_SGX_LC) {
+        kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH0, 0);
+        kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH1, 0);
+        kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH2, 0);
+        kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH3, 0);
+    }
+
     ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_MSRS, cpu->kvm_msr_buf);
     if (ret < 0) {
         return ret;
@@ -3251,6 +3269,9 @@ static int kvm_get_msrs(X86CPU *cpu)
         case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B:
             env->msr_rtit_addrs[index - MSR_IA32_RTIT_ADDR0_A] = msrs[i].data;
             break;
+        case MSR_IA32_SGXLEPUBKEYHASH0 ... MSR_IA32_SGXLEPUBKEYHASH3:
+            env->msr_ia32_sgxlepubkeyhash[index - MSR_IA32_SGXLEPUBKEYHASH0] = msrs[i].data;
+            break;
         }
     }
 
diff --git a/target/i386/machine.c b/target/i386/machine.c
index b1146093b5..12e93c5b73 100644
--- a/target/i386/machine.c
+++ b/target/i386/machine.c
@@ -1257,6 +1257,25 @@ static const VMStateDescription vmstate_efer32 = {
 };
 #endif
 
+static bool intel_sgx_msrs_needed(void *opaque)
+{
+    X86CPU *cpu = opaque;
+    CPUX86State *env = &cpu->env;
+
+    return !!(env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_SGX_LC);
+}
+
+static const VMStateDescription vmstate_msr_intel_sgx = {
+    .name = "cpu/intel_sgx",
+    .version_id = 1,
+    .minimum_version_id = 1,
+    .needed = intel_sgx_msrs_needed,
+    .fields = (VMStateField[]) {
+        VMSTATE_UINT64_ARRAY(env.msr_ia32_sgxlepubkeyhash, X86CPU, 4),
+        VMSTATE_END_OF_LIST()
+    }
+};
+
 VMStateDescription vmstate_x86_cpu = {
     .name = "cpu",
     .version_id = 12,
@@ -1389,6 +1408,7 @@ VMStateDescription vmstate_x86_cpu = {
 #ifdef CONFIG_KVM
         &vmstate_nested_state,
 #endif
+        &vmstate_msr_intel_sgx,
         NULL
     }
 };
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 09/20] i386: Add feature control MSR dependency when SGX is enabled
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (7 preceding siblings ...)
  2019-08-06 18:56 ` [RFC PATCH 08/20] i386: Add get/set/migrate support for SGX LE public key hash MSRs Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 10/20] i386: Update SGX CPUID info according to hardware/KVM/user input Sean Christopherson
                   ` (12 subsequent siblings)
  21 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

SGX adds multiple flags to FEATURE_CONTROL to enable SGX and Flexible
Launch Control.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 target/i386/kvm.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 07565820bd..e40c4fd673 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -1657,6 +1657,11 @@ int kvm_arch_init_vcpu(CPUState *cs)
                                   !!(c->ecx & CPUID_EXT_SMX);
     }
 
+    c = cpuid_find_entry(&cpuid_data.cpuid, 7, 0);
+    if (c && (c->ebx & CPUID_7_0_EBX_SGX)) {
+        has_msr_feature_control = true;
+    }
+
     if (env->mcg_cap & MCG_LMCE_P) {
         has_msr_mcg_ext_ctl = has_msr_feature_control = true;
     }
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 10/20] i386: Update SGX CPUID info according to hardware/KVM/user input
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (8 preceding siblings ...)
  2019-08-06 18:56 ` [RFC PATCH 09/20] i386: Add feature control MSR dependency when SGX is enabled Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 11/20] linux-headers: Add temporary placeholder for KVM_CAP_SGX_ATTRIBUTE Sean Christopherson
                   ` (11 subsequent siblings)
  21 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

Expose SGX to the guest if and only if KVM is enabled and supports
virtualization of SGX.  While the majority of ENCLS can be emulated to
some degree, because SGX uses a hardware-based root of trust, the
attestation aspects of SGX cannot be emulated in software, i.e.
ultimately emulation will fail as software cannot generate a valid
quote/report.  The complexity of partially emulating SGX in Qemu far
outweighs the value added, e.g. an SGX specific simulator for userspace
applications can emulate SGX for development and testing purposes.

Note, access to the PROVISIONKEY is not yet advertised to the guest as
KVM blocks access to the PROVISIONKEY by default and requires userspace
to provide additional credentials (via ioctl()) to expose PROVISIONKEY.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 hw/i386/sgx-epc.c         | 17 +++++++++
 include/hw/i386/sgx-epc.h |  1 +
 target/i386/cpu.c         | 76 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 94 insertions(+)

diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c
index 09aba1f8ea..7f26e9cb10 100644
--- a/hw/i386/sgx-epc.c
+++ b/hw/i386/sgx-epc.c
@@ -181,6 +181,23 @@ static void sgx_epc_register_types(void)
 
 type_init(sgx_epc_register_types)
 
+int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size)
+{
+    PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
+    SGXEPCDevice *epc;
+
+    if (pcms->sgx_epc == NULL || pcms->sgx_epc->nr_sections <= section_nr) {
+        return 1;
+    }
+
+    epc = pcms->sgx_epc->sections[section_nr];
+
+    *addr = epc->addr;
+    *size = memory_device_get_region_size(MEMORY_DEVICE(epc), &error_fatal);
+
+    return 0;
+}
+
 
 static int sgx_epc_set_property(void *opaque, const char *name,
                                 const char *value, Error **errp)
diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h
index 562c66148f..91ed4773e3 100644
--- a/include/hw/i386/sgx-epc.h
+++ b/include/hw/i386/sgx-epc.h
@@ -58,5 +58,6 @@ typedef struct SGXEPCState {
 extern int sgx_epc_enabled;
 
 void pc_machine_init_sgx_epc(PCMachineState *pcms);
+int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size);
 
 #endif
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index ab08c1765e..1bb9586230 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -57,6 +57,7 @@
 #include "hw/xen/xen.h"
 #include "hw/i386/apic_internal.h"
 #include "hw/boards.h"
+#include "hw/i386/sgx-epc.h"
 #endif
 
 #include "disas/capstone.h"
@@ -4359,6 +4360,25 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
                 *ecx |= CPUID_7_0_ECX_OSPKE;
             }
             *edx = env->features[FEAT_7_0_EDX]; /* Feature flags */
+
+            /*
+             * SGX cannot be emulated in software.  If hardware does not
+             * support enabling SGX and/or SGX flexible launch control,
+             * then we need to update the VM's CPUID values accordingly.
+             */
+            if ((*ebx & CPUID_7_0_EBX_SGX) &&
+                (!kvm_enabled() ||
+                 !(kvm_arch_get_supported_cpuid(cs->kvm_state, 0x7, 0, R_EBX) &
+                    CPUID_7_0_EBX_SGX))) {
+                *ebx &= ~CPUID_7_0_EBX_SGX;
+            }
+
+            if ((*ecx & CPUID_7_0_ECX_SGX_LC) &&
+                (!(*ebx & CPUID_7_0_EBX_SGX) || !kvm_enabled() ||
+                 !(kvm_arch_get_supported_cpuid(cs->kvm_state, 0x7, 0, R_ECX) &
+                    CPUID_7_0_ECX_SGX_LC))) {
+                *ecx &= ~CPUID_7_0_ECX_SGX_LC;
+            }
         } else {
             *eax = 0;
             *ebx = 0;
@@ -4488,6 +4508,62 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
         }
         break;
     }
+    case 0x12:
+#ifndef CONFIG_USER_ONLY
+        if (!kvm_enabled() ||
+            !(env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_SGX)) {
+            *eax = *ebx = *ecx = *edx = 0;
+            break;
+        }
+
+        /*
+         * SGX sub-leafs CPUID.0x12.{0x2..N} enumerate EPC sections.  Retrieve
+         * the EPC properties, e.g. confidentiality and integrity, from the
+         * host's first EPC section, i.e. assume there is one EPC section or
+         * that all EPC sections have the same security properties.
+         */
+        if (count > 1) {
+            uint64_t epc_addr, epc_size;
+
+            if (sgx_epc_get_section(count - 2, &epc_addr, &epc_size)) {
+                *eax = *ebx = *ecx = *edx = 0;
+                break;
+            }
+            host_cpuid(index, 2, eax, ebx, ecx, edx);
+            *eax = (uint32_t)(epc_addr & 0xfffff000) | 0x1;
+            *ebx = (uint32_t)(epc_addr >> 32);
+            *ecx = (uint32_t)(epc_size & 0xfffff000) | (*ecx & 0xf);
+            *edx = (uint32_t)(epc_size >> 32);
+            break;
+        }
+
+        /*
+         * SGX sub-leafs CPUID.0x12.{0x0,0x1} are heavily dependent on hardware
+         * and KVM, i.e. QEMU cannot emulate features to override what KVM
+         * supports.  Features can be further restricted by userspace, but not
+         * made more permissive.
+         */
+        *eax = kvm_arch_get_supported_cpuid(cs->kvm_state, 0x12, count, R_EAX);
+        *ebx = kvm_arch_get_supported_cpuid(cs->kvm_state, 0x12, count, R_EBX);
+        *ecx = kvm_arch_get_supported_cpuid(cs->kvm_state, 0x12, count, R_ECX);
+        *edx = kvm_arch_get_supported_cpuid(cs->kvm_state, 0x12, count, R_EDX);
+
+        if (count == 0) {
+            *eax &= env->features[FEAT_SGX_12_0_EAX];
+        } else {
+            *eax &= env->features[FEAT_SGX_12_1_EAX];
+            *ebx &= env->features[FEAT_SGX_12_1_EBX];
+            *ecx &= env->features[FEAT_XSAVE_COMP_LO];
+            *edx &= env->features[FEAT_XSAVE_COMP_HI];
+
+            /* FP and SSE are always allowed regardless of XSAVE/XCR0. */
+            *ecx |= XSTATE_FP_MASK | XSTATE_SSE_MASK;
+
+            /* Access to PROVISIONKEY requires additional credentials. */
+            *eax &= ~(1U << 4);
+        }
+#endif
+        break;
     case 0x14: {
         /* Intel Processor Trace Enumeration */
         *eax = 0;
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 11/20] linux-headers: Add temporary placeholder for KVM_CAP_SGX_ATTRIBUTE
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (9 preceding siblings ...)
  2019-08-06 18:56 ` [RFC PATCH 10/20] i386: Update SGX CPUID info according to hardware/KVM/user input Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 12/20] i386: kvm: Add support for exposing PROVISIONKEY to guest Sean Christopherson
                   ` (10 subsequent siblings)
  21 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

KVM_CAP_SGX_ATTRIBUTE is a proposed capability for Intel SGX that can be
used by userspace to enable privileged attributes, e.g. access to the
PROVISIONKEY.  The capability number is a placeholder defined well above
existing capabilities so that it's stable during development.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 linux-headers/linux/kvm.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index c8423e760c..a88fba824c 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -993,6 +993,7 @@ struct kvm_ppc_resize_hpt {
 #define KVM_CAP_ARM_SVE 170
 #define KVM_CAP_ARM_PTRAUTH_ADDRESS 171
 #define KVM_CAP_ARM_PTRAUTH_GENERIC 172
+#define KVM_CAP_SGX_ATTRIBUTE 200
 
 #ifdef KVM_CAP_IRQ_ROUTING
 
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 12/20] i386: kvm: Add support for exposing PROVISIONKEY to guest
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (10 preceding siblings ...)
  2019-08-06 18:56 ` [RFC PATCH 11/20] linux-headers: Add temporary placeholder for KVM_CAP_SGX_ATTRIBUTE Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 13/20] i386: Propagate SGX CPUID sub-leafs to KVM Sean Christopherson
                   ` (9 subsequent siblings)
  21 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

KVM (and the Linux kernel in general) restricts access to a subset of
enclave attributes to provide additional security for an uncompromised
kernel, e.g. to prevent malware from using the PROVISIONKEY to ensure
its nodes are running inside a geniune SGX enclave and/or to obtain a
stable fingerprint.  Currently, only the PROVISIONKEY is restricted by
KVM/Linux.

To expose privileged attributes to a KVM guest, QEMU must prove to KVM
that it is allowed to access an attribute by passing KVM an open file
descriptor pointing at the associated SGX attribute file, e.g.
/dev/sgx/provision, using the capability ioctl() KVM_CAP_SGX_ATTRIBUTE.

If requested by the user (via its CPUID bit), attempt to enable guest
access to the PROVISIONKEY.  Do not error out if /dev/sgx/provision is
inaccessible, i.e. treat failure like any other unavailable feature.
Exit immediately if enabling fails as KVM should report support for
PROVISIONKEY via CPUID if and only if it supports KVM_CAP_SGX_ATTRIBUTE.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 target/i386/cpu.c      |  5 ++++-
 target/i386/kvm-stub.c |  5 +++++
 target/i386/kvm.c      | 25 +++++++++++++++++++++++++
 target/i386/kvm_i386.h |  3 +++
 4 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 1bb9586230..a951a02baa 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -4560,7 +4560,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
             *ecx |= XSTATE_FP_MASK | XSTATE_SSE_MASK;
 
             /* Access to PROVISIONKEY requires additional credentials. */
-            *eax &= ~(1U << 4);
+            if ((*eax & (1U << 4)) &&
+                !kvm_enable_sgx_provisioning(cs->kvm_state)) {
+                *eax &= ~(1U << 4);
+            }
         }
 #endif
         break;
diff --git a/target/i386/kvm-stub.c b/target/i386/kvm-stub.c
index 872ef7df4c..b4708386b5 100644
--- a/target/i386/kvm-stub.c
+++ b/target/i386/kvm-stub.c
@@ -38,6 +38,11 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *env, uint32_t function,
 {
     abort();
 }
+
+bool kvm_enable_sgx_provisioning(void)
+{
+    return false;
+}
 #endif
 
 bool kvm_hv_vpindex_settable(void)
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index e40c4fd673..dcda0bb0e9 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -4111,6 +4111,31 @@ void kvm_arch_update_guest_debug(CPUState *cpu, struct kvm_guest_debug *dbg)
     }
 }
 
+static bool has_sgx_provisioning;
+
+static bool __kvm_enable_sgx_provisioning(KVMState *s)
+{
+    int fd, ret;
+
+    fd = open("/dev/sgx/provision", O_RDONLY);
+    if (fd < 0) {
+        return false;
+    }
+
+    ret = kvm_vm_enable_cap(s, KVM_CAP_SGX_ATTRIBUTE, 0, fd);
+    if (ret) {
+        error_report("Could not enable SGX PROVISIONKEY: %s", strerror(-ret));
+        exit(1);
+    }
+    close(fd);
+    return true;
+}
+
+bool kvm_enable_sgx_provisioning(KVMState *s)
+{
+    return MEMORIZE(__kvm_enable_sgx_provisioning(s), has_sgx_provisioning);
+}
+
 static bool host_supports_vmx(void)
 {
     uint32_t ecx, unused;
diff --git a/target/i386/kvm_i386.h b/target/i386/kvm_i386.h
index 06fe06bdb3..d9c3018744 100644
--- a/target/i386/kvm_i386.h
+++ b/target/i386/kvm_i386.h
@@ -66,4 +66,7 @@ bool kvm_enable_x2apic(void);
 bool kvm_has_x2apic_api(void);
 
 bool kvm_hv_vpindex_settable(void);
+
+bool kvm_enable_sgx_provisioning(KVMState *s);
+
 #endif
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 13/20] i386: Propagate SGX CPUID sub-leafs to KVM
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (11 preceding siblings ...)
  2019-08-06 18:56 ` [RFC PATCH 12/20] i386: kvm: Add support for exposing PROVISIONKEY to guest Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 14/20] i386: Adjust min CPUID level to 0x12 when SGX is enabled Sean Christopherson
                   ` (8 subsequent siblings)
  21 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

The SGX sub-leafs are enumerated at CPUID 0x12.  Indices 0 and 1 are
always present when SGX is supported, and enumerate SGX features and
capabilities.  Indices >=2 are directly correlated with the platform's
EPC sections.  Because the number of EPC sections is dynamic and user
defined, the number of SGX sub-leafs is "NULL" terminated.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 target/i386/kvm.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index dcda0bb0e9..8a3dccf54e 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -1497,6 +1497,25 @@ int kvm_arch_init_vcpu(CPUState *cs)
                 c = &cpuid_data.entries[cpuid_i++];
             }
             break;
+        case 0x12:
+            for (j = 0; ; j++) {
+                c->function = i;
+                c->flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
+                c->index = j;
+                cpu_x86_cpuid(env, i, j, &c->eax, &c->ebx, &c->ecx, &c->edx);
+
+                if (j > 1 && (c->eax & 0xf) != 1) {
+                    break;
+                }
+
+                if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
+                    fprintf(stderr, "cpuid_data is full, no space for "
+                                "cpuid(eax:0x12,ecx:0x%x)\n", j);
+                    abort();
+                }
+                c = &cpuid_data.entries[cpuid_i++];
+            }
+            break;
         case 0x14: {
             uint32_t times;
 
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 14/20] i386: Adjust min CPUID level to 0x12 when SGX is enabled
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (12 preceding siblings ...)
  2019-08-06 18:56 ` [RFC PATCH 13/20] i386: Propagate SGX CPUID sub-leafs to KVM Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 15/20] hw/i386/pc: Set SGX bits in feature control fw_cfg accordingly Sean Christopherson
                   ` (7 subsequent siblings)
  21 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

SGX capabilities are enumerated through CPUID_0x12.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 target/i386/cpu.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index a951a02baa..0e6b9980d9 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5233,6 +5233,11 @@ static void x86_cpu_expand_features(X86CPU *cpu, Error **errp)
         if (sev_enabled()) {
             x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000001F);
         }
+
+        /* SGX requires CPUID[0x12] for EPC enumeration */
+        if (env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_SGX) {
+            x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x12);
+        }
     }
 
     /* Set cpuid_*level* based on cpuid_min_*level, if not explicitly set */
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 15/20] hw/i386/pc: Set SGX bits in feature control fw_cfg accordingly
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (13 preceding siblings ...)
  2019-08-06 18:56 ` [RFC PATCH 14/20] i386: Adjust min CPUID level to 0x12 when SGX is enabled Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 16/20] hw/i386/pc: Account for SGX EPC sections when calculating device memory Sean Christopherson
                   ` (6 subsequent siblings)
  21 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

Request SGX an SGX Launch Control to be enabled in FEATURE_CONTROL when
the features are exposed to the guest.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 hw/i386/pc.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 549c437050..8c8b404799 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1670,7 +1670,7 @@ static void pc_build_feature_control_file(PCMachineState *pcms)
     MachineState *ms = MACHINE(pcms);
     X86CPU *cpu = X86_CPU(ms->possible_cpus->cpus[0].cpu);
     CPUX86State *env = &cpu->env;
-    uint32_t unused, ecx, edx;
+    uint32_t unused, ebx, ecx, edx;
     uint64_t feature_control_bits = 0;
     uint64_t *val;
 
@@ -1685,6 +1685,14 @@ static void pc_build_feature_control_file(PCMachineState *pcms)
         feature_control_bits |= FEATURE_CONTROL_LMCE;
     }
 
+    cpu_x86_cpuid(env, 0x7, 0, &unused, &ebx, &ecx, &unused);
+    if (ebx & CPUID_7_0_EBX_SGX) {
+        feature_control_bits |= FEATURE_CONTROL_SGX;
+    }
+    if (ecx & CPUID_7_0_ECX_SGX_LC) {
+        feature_control_bits |= FEATURE_CONTROL_SGX_LC;
+    }
+
     if (!feature_control_bits) {
         return;
     }
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 16/20] hw/i386/pc: Account for SGX EPC sections when calculating device memory
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (14 preceding siblings ...)
  2019-08-06 18:56 ` [RFC PATCH 15/20] hw/i386/pc: Set SGX bits in feature control fw_cfg accordingly Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 17/20] i386/pc: Add e820 entry for SGX EPC section(s) Sean Christopherson
                   ` (5 subsequent siblings)
  21 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

Add helpers to detect if SGX EPC exists above 4g, and if so, where SGX
EPC above 4g ends.  Use the helpers to adjust the device memory range
if SGX EPC exists above 4g.

Note that SGX EPC is currently hardcoded to reside above 4g.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 hw/i386/pc.c              | 10 +++++++++-
 include/hw/i386/sgx-epc.h | 12 ++++++++++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 8c8b404799..614d464394 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1882,8 +1882,14 @@ void pc_memory_init(PCMachineState *pcms,
             exit(EXIT_FAILURE);
         }
 
+        if (sgx_epc_above_4g(pcms->sgx_epc)) {
+            machine->device_memory->base = sgx_epc_above_4g_end(pcms->sgx_epc);
+        } else {
+            machine->device_memory->base =
+                0x100000000ULL + pcms->above_4g_mem_size;
+        }
         machine->device_memory->base =
-            ROUND_UP(0x100000000ULL + pcms->above_4g_mem_size, 1 * GiB);
+            ROUND_UP(machine->device_memory->base, 1 * GiB);
 
         if (pcmc->enforce_aligned_dimm) {
             /* size device region assuming 1G page max alignment per slot */
@@ -1962,6 +1968,8 @@ uint64_t pc_pci_hole64_start(void)
         if (!pcmc->broken_reserved_end) {
             hole64_start += memory_region_size(&ms->device_memory->mr);
         }
+    } else if (sgx_epc_above_4g(pcms->sgx_epc)) {
+            hole64_start = sgx_epc_above_4g_end(pcms->sgx_epc);
     } else {
         hole64_start = 0x100000000ULL + pcms->above_4g_mem_size;
     }
diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h
index 91ed4773e3..136449cd80 100644
--- a/include/hw/i386/sgx-epc.h
+++ b/include/hw/i386/sgx-epc.h
@@ -60,4 +60,16 @@ extern int sgx_epc_enabled;
 void pc_machine_init_sgx_epc(PCMachineState *pcms);
 int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size);
 
+static inline bool sgx_epc_above_4g(SGXEPCState *sgx_epc)
+{
+    return sgx_epc != NULL;
+}
+
+static inline uint64_t sgx_epc_above_4g_end(SGXEPCState *sgx_epc)
+{
+    assert(sgx_epc != NULL && sgx_epc->base >= 0x100000000ULL);
+
+    return sgx_epc->base + sgx_epc->size;
+}
+
 #endif
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 17/20] i386/pc: Add e820 entry for SGX EPC section(s)
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (15 preceding siblings ...)
  2019-08-06 18:56 ` [RFC PATCH 16/20] hw/i386/pc: Account for SGX EPC sections when calculating device memory Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 18/20] i386: acpi: Add SGX EPC entry to ACPI tables Sean Christopherson
                   ` (4 subsequent siblings)
  21 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

Note that SGX EPC is currently guaranteed to reside in a single
contiguous chunk of memory regardless of the number of EPC sections.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 hw/i386/pc.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 614d464394..1b555e46f3 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1850,6 +1850,9 @@ void pc_memory_init(PCMachineState *pcms,
                                     ram_above_4g);
         e820_add_entry(0x100000000ULL, pcms->above_4g_mem_size, E820_RAM);
     }
+    if (pcms->sgx_epc != NULL) {
+        e820_add_entry(pcms->sgx_epc->base, pcms->sgx_epc->size, E820_RESERVED);
+    }
 
     if (!pcmc->has_reserved_memory &&
         (machine->ram_slots ||
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 18/20] i386: acpi: Add SGX EPC entry to ACPI tables
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (16 preceding siblings ...)
  2019-08-06 18:56 ` [RFC PATCH 17/20] i386/pc: Add e820 entry for SGX EPC section(s) Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 19/20] q35: Add support for SGX EPC Sean Christopherson
                   ` (3 subsequent siblings)
  21 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

The ACPI Device entry for SGX EPC is essentially a hack whose primary
purpose is to provide software with a way to autoprobe SGX support,
e.g. to allow software to implement SGX support as a driver.  Details
on the individual EPC sections are not enumerated through ACPI tables,
i.e. software must enumerate the EPC sections via CPUID.  Furthermore,
software expects to see only a single EPC Device in the ACPI tables
regardless of the number of EPC sections in the system.

However, several versions of Windows do rely on the ACPI tables to
enumerate the address and size of the EPC.  So, regardless of the number
of EPC sections exposed to the guest, create exactly *one* EPC device
with a _CRS entry that spans the entirety of all EPC sections (which are
guaranteed to be contiguous in QEMU).

Note, NUMA support for EPC memory is intentionally not considered as
enumerating EPC NUMA information is not yet defined for bare metal.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 hw/i386/acpi-build.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index f3fdfefcd5..73d5321e0e 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2222,6 +2222,28 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
         aml_append(sb_scope, dev);
     }
 
+    if (pcms->sgx_epc) {
+        uint64_t epc_base = pcms->sgx_epc->base;
+        uint64_t epc_size = pcms->sgx_epc->size;
+
+        dev = aml_device("EPC");
+        aml_append(dev, aml_name_decl("_HID", aml_eisaid("INT0E0C")));
+        aml_append(dev, aml_name_decl("_STR",
+                                      aml_unicode("Enclave Page Cache 1.0")));
+        crs = aml_resource_template();
+        aml_append(crs,
+                   aml_qword_memory(AML_POS_DECODE, AML_MIN_FIXED,
+                                    AML_MAX_FIXED, AML_NON_CACHEABLE,
+                                    AML_READ_WRITE, 0, epc_base,
+                                    epc_base + epc_size - 1, 0, epc_size));
+        aml_append(dev, aml_name_decl("_CRS", crs));
+
+        method = aml_method("_STA", 0, AML_NOTSERIALIZED);
+        aml_append(method, aml_return(aml_int(0x0f)));
+        aml_append(dev, method);
+
+        aml_append(sb_scope, dev);
+    }
     aml_append(dsdt, sb_scope);
 
     /* copy AML table into ACPI tables blob and patch header there */
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 19/20] q35: Add support for SGX EPC
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (17 preceding siblings ...)
  2019-08-06 18:56 ` [RFC PATCH 18/20] i386: acpi: Add SGX EPC entry to ACPI tables Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-06 18:56 ` [RFC PATCH 20/20] i440fx: " Sean Christopherson
                   ` (2 subsequent siblings)
  21 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

SGX EPC virtualization is currently only support by KVM.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 hw/i386/pc_q35.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 397e1fdd2f..ed385b8ca2 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -178,6 +178,8 @@ static void pc_q35_init(MachineState *machine)
 
     if (xen_enabled()) {
         xen_hvm_init(pcms, &ram_memory);
+    } else {
+        pc_machine_init_sgx_epc(pcms);
     }
 
     pc_cpus_init(pcms);
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* [RFC PATCH 20/20] i440fx: Add support for SGX EPC
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (18 preceding siblings ...)
  2019-08-06 18:56 ` [RFC PATCH 19/20] q35: Add support for SGX EPC Sean Christopherson
@ 2019-08-06 18:56 ` Sean Christopherson
  2019-08-06 19:28 ` [Qemu-devel] [RFC PATCH 00/20] i386: Add support for Intel SGX no-reply
  2019-08-06 20:48 ` no-reply
  21 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-08-06 18:56 UTC (permalink / raw)
  To: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Markus Armbruster, Marcelo Tosatti
  Cc: qemu-devel, kvm

SGX EPC virtualization is currently only support by KVM.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
---
 hw/i386/pc_piix.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index c2280c72ef..3e70c6e311 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -151,6 +151,9 @@ static void pc_init1(MachineState *machine,
             pcms->above_4g_mem_size = 0;
             pcms->below_4g_mem_size = machine->ram_size;
         }
+        if (pcmc->pci_enabled) {
+            pc_machine_init_sgx_epc(pcms);
+        }
     }
 
     pc_cpus_init(pcms);
-- 
2.22.0


^ permalink raw reply related	[flat|nested] 26+ messages in thread

* Re: [Qemu-devel] [RFC PATCH 00/20] i386: Add support for Intel SGX
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (19 preceding siblings ...)
  2019-08-06 18:56 ` [RFC PATCH 20/20] i440fx: " Sean Christopherson
@ 2019-08-06 19:28 ` no-reply
  2019-08-06 20:48 ` no-reply
  21 siblings, 0 replies; 26+ messages in thread
From: no-reply @ 2019-08-06 19:28 UTC (permalink / raw)
  To: sean.j.christopherson
  Cc: ehabkost, imammedo, mst, marcel.apfelbaum, pbonzini, rth, cohuck,
	eblake, armbru, mtosatti, qemu-devel, kvm

Patchew URL: https://patchew.org/QEMU/20190806185649.2476-1-sean.j.christopherson@intel.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Subject: [Qemu-devel] [RFC PATCH 00/20] i386: Add support for Intel SGX
Message-id: 20190806185649.2476-1-sean.j.christopherson@intel.com

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]         patchew/20190806185649.2476-1-sean.j.christopherson@intel.com -> patchew/20190806185649.2476-1-sean.j.christopherson@intel.com
Submodule 'capstone' (https://git.qemu.org/git/capstone.git) registered for path 'capstone'
Submodule 'dtc' (https://git.qemu.org/git/dtc.git) registered for path 'dtc'
Submodule 'roms/QemuMacDrivers' (https://git.qemu.org/git/QemuMacDrivers.git) registered for path 'roms/QemuMacDrivers'
Submodule 'roms/SLOF' (https://git.qemu.org/git/SLOF.git) registered for path 'roms/SLOF'
Submodule 'roms/edk2' (https://git.qemu.org/git/edk2.git) registered for path 'roms/edk2'
Submodule 'roms/ipxe' (https://git.qemu.org/git/ipxe.git) registered for path 'roms/ipxe'
Submodule 'roms/openbios' (https://git.qemu.org/git/openbios.git) registered for path 'roms/openbios'
Submodule 'roms/openhackware' (https://git.qemu.org/git/openhackware.git) registered for path 'roms/openhackware'
Submodule 'roms/opensbi' (https://git.qemu.org/git/opensbi.git) registered for path 'roms/opensbi'
Submodule 'roms/qemu-palcode' (https://git.qemu.org/git/qemu-palcode.git) registered for path 'roms/qemu-palcode'
Submodule 'roms/seabios' (https://git.qemu.org/git/seabios.git/) registered for path 'roms/seabios'
Submodule 'roms/seabios-hppa' (https://git.qemu.org/git/seabios-hppa.git) registered for path 'roms/seabios-hppa'
Submodule 'roms/sgabios' (https://git.qemu.org/git/sgabios.git) registered for path 'roms/sgabios'
Submodule 'roms/skiboot' (https://git.qemu.org/git/skiboot.git) registered for path 'roms/skiboot'
Submodule 'roms/u-boot' (https://git.qemu.org/git/u-boot.git) registered for path 'roms/u-boot'
Submodule 'roms/u-boot-sam460ex' (https://git.qemu.org/git/u-boot-sam460ex.git) registered for path 'roms/u-boot-sam460ex'
Submodule 'slirp' (https://git.qemu.org/git/libslirp.git) registered for path 'slirp'
Submodule 'tests/fp/berkeley-softfloat-3' (https://git.qemu.org/git/berkeley-softfloat-3.git) registered for path 'tests/fp/berkeley-softfloat-3'
Submodule 'tests/fp/berkeley-testfloat-3' (https://git.qemu.org/git/berkeley-testfloat-3.git) registered for path 'tests/fp/berkeley-testfloat-3'
Submodule 'ui/keycodemapdb' (https://git.qemu.org/git/keycodemapdb.git) registered for path 'ui/keycodemapdb'
Cloning into 'capstone'...
Submodule path 'capstone': checked out '22ead3e0bfdb87516656453336160e0a37b066bf'
Cloning into 'dtc'...
Submodule path 'dtc': checked out '88f18909db731a627456f26d779445f84e449536'
Cloning into 'roms/QemuMacDrivers'...
Submodule path 'roms/QemuMacDrivers': checked out '90c488d5f4a407342247b9ea869df1c2d9c8e266'
Cloning into 'roms/SLOF'...
Submodule path 'roms/SLOF': checked out 'ba1ab360eebe6338bb8d7d83a9220ccf7e213af3'
Cloning into 'roms/edk2'...
Submodule path 'roms/edk2': checked out '20d2e5a125e34fc8501026613a71549b2a1a3e54'
Submodule 'SoftFloat' (https://github.com/ucb-bar/berkeley-softfloat-3.git) registered for path 'ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3'
Submodule 'CryptoPkg/Library/OpensslLib/openssl' (https://github.com/openssl/openssl) registered for path 'CryptoPkg/Library/OpensslLib/openssl'
Cloning into 'ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3'...
Submodule path 'roms/edk2/ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3': checked out 'b64af41c3276f97f0e181920400ee056b9c88037'
Cloning into 'CryptoPkg/Library/OpensslLib/openssl'...
Submodule path 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl': checked out '50eaac9f3337667259de725451f201e784599687'
Submodule 'boringssl' (https://boringssl.googlesource.com/boringssl) registered for path 'boringssl'
Submodule 'krb5' (https://github.com/krb5/krb5) registered for path 'krb5'
Submodule 'pyca.cryptography' (https://github.com/pyca/cryptography.git) registered for path 'pyca-cryptography'
Cloning into 'boringssl'...
Submodule path 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl': checked out '2070f8ad9151dc8f3a73bffaa146b5e6937a583f'
Cloning into 'krb5'...
Submodule path 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/krb5': checked out 'b9ad6c49505c96a088326b62a52568e3484f2168'
Cloning into 'pyca-cryptography'...
Submodule path 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography': checked out '09403100de2f6f1cdd0d484dcb8e620f1c335c8f'
Cloning into 'roms/ipxe'...
Submodule path 'roms/ipxe': checked out 'de4565cbe76ea9f7913a01f331be3ee901bb6e17'
Cloning into 'roms/openbios'...
Submodule path 'roms/openbios': checked out 'c79e0ecb84f4f1ee3f73f521622e264edd1bf174'
Cloning into 'roms/openhackware'...
Submodule path 'roms/openhackware': checked out 'c559da7c8eec5e45ef1f67978827af6f0b9546f5'
Cloning into 'roms/opensbi'...
Submodule path 'roms/opensbi': checked out 'ce228ee0919deb9957192d723eecc8aaae2697c6'
Cloning into 'roms/qemu-palcode'...
Submodule path 'roms/qemu-palcode': checked out 'bf0e13698872450164fa7040da36a95d2d4b326f'
Cloning into 'roms/seabios'...
Submodule path 'roms/seabios': checked out 'a5cab58e9a3fb6e168aba919c5669bea406573b4'
Cloning into 'roms/seabios-hppa'...
Submodule path 'roms/seabios-hppa': checked out '0f4fe84658165e96ce35870fd19fc634e182e77b'
Cloning into 'roms/sgabios'...
Submodule path 'roms/sgabios': checked out 'cbaee52287e5f32373181cff50a00b6c4ac9015a'
Cloning into 'roms/skiboot'...
Submodule path 'roms/skiboot': checked out '261ca8e779e5138869a45f174caa49be6a274501'
Cloning into 'roms/u-boot'...
Submodule path 'roms/u-boot': checked out 'd3689267f92c5956e09cc7d1baa4700141662bff'
Cloning into 'roms/u-boot-sam460ex'...
Submodule path 'roms/u-boot-sam460ex': checked out '60b3916f33e617a815973c5a6df77055b2e3a588'
Cloning into 'slirp'...
Submodule path 'slirp': checked out '126c04acbabd7ad32c2b018fe10dfac2a3bc1210'
Cloning into 'tests/fp/berkeley-softfloat-3'...
Submodule path 'tests/fp/berkeley-softfloat-3': checked out 'b64af41c3276f97f0e181920400ee056b9c88037'
Cloning into 'tests/fp/berkeley-testfloat-3'...
Submodule path 'tests/fp/berkeley-testfloat-3': checked out '5a59dcec19327396a011a17fd924aed4fec416b3'
Cloning into 'ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out '6b3d716e2b6472eb7189d3220552280ef3d832ce'
Switched to a new branch 'test'
88f6b6b i440fx: Add support for SGX EPC
1cc3a7c q35: Add support for SGX EPC
19593c8 i386: acpi: Add SGX EPC entry to ACPI tables
bf6e456 i386/pc: Add e820 entry for SGX EPC section(s)
45bd563 hw/i386/pc: Account for SGX EPC sections when calculating device memory
427b437 hw/i386/pc: Set SGX bits in feature control fw_cfg accordingly
8b354d9 i386: Adjust min CPUID level to 0x12 when SGX is enabled
9f79c37 i386: Propagate SGX CPUID sub-leafs to KVM
1214b69 i386: kvm: Add support for exposing PROVISIONKEY to guest
a0e8db2 linux-headers: Add temporary placeholder for KVM_CAP_SGX_ATTRIBUTE
c8b58e5 i386: Update SGX CPUID info according to hardware/KVM/user input
cec40de i386: Add feature control MSR dependency when SGX is enabled
084a80f i386: Add get/set/migrate support for SGX LE public key hash MSRs
8cdb3f5 i386: Add SGX CPUID leaf FEAT_SGX_12_1_EBX
4baa417 i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX
58a1f80 i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX
992c530 i386: Add primary SGX CPUID and MSR defines
b2436a7 vl: Add "sgx-epc" option to expose SGX EPC sections to guest
1ad151c i386: Add 'sgx-epc' device to expose EPC sections to guest
3807ef1 hostmem: Add hostmem-epc as a backend for SGX EPC

=== OUTPUT BEGIN ===
1/20 Checking commit 3807ef1edf72 (hostmem: Add hostmem-epc as a backend for SGX EPC)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#37: 
new file mode 100644

total: 0 errors, 1 warnings, 95 lines checked

Patch 1/20 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
2/20 Checking commit 1ad151c8a37a (i386: Add 'sgx-epc' device to expose EPC sections to guest)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#30: 
new file mode 100644

WARNING: line over 80 characters
#94: FILE: hw/i386/sgx-epc.c:60:
+            "'" TYPE_SGX_EPC "' can't be created after vCPUs, e.g. via -device");

WARNING: Block comments use a leading /* on a separate line
#162: FILE: hw/i386/sgx-epc.c:128:
+    di->node = 0 /* TODO: EPC NUMA spec not yet defined */;

total: 0 errors, 3 warnings, 265 lines checked

Patch 2/20 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/20 Checking commit b2436a7d3978 (vl: Add "sgx-epc" option to expose SGX EPC sections to guest)
WARNING: Block comments use a leading /* on a separate line
#147: FILE: hw/i386/sgx-epc.c:265:
+        { /* end of list */ }

total: 0 errors, 1 warnings, 204 lines checked

Patch 3/20 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
4/20 Checking commit 992c530ef717 (i386: Add primary SGX CPUID and MSR defines)
ERROR: spaces required around that '<<' (ctx:VxV)
#46: FILE: target/i386/cpu.h:353:
+#define FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX  (1<<1)
                                                     ^

ERROR: spaces required around that '<<' (ctx:VxV)
#48: FILE: target/i386/cpu.h:355:
+#define FEATURE_CONTROL_SGX_LC                    (1<<17)
                                                     ^

ERROR: spaces required around that '<<' (ctx:VxV)
#49: FILE: target/i386/cpu.h:356:
+#define FEATURE_CONTROL_SGX                       (1<<18)
                                                     ^

total: 3 errors, 0 warnings, 47 lines checked

Patch 4/20 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

5/20 Checking commit 58a1f8087e54 (i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX)
6/20 Checking commit 4baa417cdf54 (i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX)
WARNING: Block comments use a leading /* on a separate line
#50: FILE: target/i386/cpu.c:1251:
+            NULL /* sgx-init */, "sgx-debug", "sgx-mode64", NULL,

total: 0 errors, 1 warnings, 39 lines checked

Patch 6/20 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/20 Checking commit 8cdb3f58b140 (i386: Add SGX CPUID leaf FEAT_SGX_12_1_EBX)
8/20 Checking commit 084a80f3d2bd (i386: Add get/set/migrate support for SGX LE public key hash MSRs)
ERROR: line over 90 characters
#71: FILE: target/i386/kvm.c:3273:
+            env->msr_ia32_sgxlepubkeyhash[index - MSR_IA32_SGXLEPUBKEYHASH0] = msrs[i].data;

total: 1 errors, 0 warnings, 78 lines checked

Patch 8/20 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

9/20 Checking commit cec40de7ffd8 (i386: Add feature control MSR dependency when SGX is enabled)
10/20 Checking commit c8b58e5b0b68 (i386: Update SGX CPUID info according to hardware/KVM/user input)
11/20 Checking commit a0e8db24ba97 (linux-headers: Add temporary placeholder for KVM_CAP_SGX_ATTRIBUTE)
12/20 Checking commit 1214b6995d8e (i386: kvm: Add support for exposing PROVISIONKEY to guest)
13/20 Checking commit 9f79c37092ee (i386: Propagate SGX CPUID sub-leafs to KVM)
14/20 Checking commit 8b354d984599 (i386: Adjust min CPUID level to 0x12 when SGX is enabled)
15/20 Checking commit 427b437b1f4a (hw/i386/pc: Set SGX bits in feature control fw_cfg accordingly)
16/20 Checking commit 45bd56319897 (hw/i386/pc: Account for SGX EPC sections when calculating device memory)
17/20 Checking commit bf6e45641073 (i386/pc: Add e820 entry for SGX EPC section(s))
18/20 Checking commit 19593c815040 (i386: acpi: Add SGX EPC entry to ACPI tables)
19/20 Checking commit 1cc3a7c09de6 (q35: Add support for SGX EPC)
20/20 Checking commit 88f6b6bb2f2b (i440fx: Add support for SGX EPC)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20190806185649.2476-1-sean.j.christopherson@intel.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

^ permalink raw reply	[flat|nested] 26+ messages in thread

* Re: [Qemu-devel] [RFC PATCH 00/20] i386: Add support for Intel SGX
  2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
                   ` (20 preceding siblings ...)
  2019-08-06 19:28 ` [Qemu-devel] [RFC PATCH 00/20] i386: Add support for Intel SGX no-reply
@ 2019-08-06 20:48 ` no-reply
  21 siblings, 0 replies; 26+ messages in thread
From: no-reply @ 2019-08-06 20:48 UTC (permalink / raw)
  To: sean.j.christopherson
  Cc: ehabkost, imammedo, mst, marcel.apfelbaum, pbonzini, rth, cohuck,
	eblake, armbru, mtosatti, qemu-devel, kvm

Patchew URL: https://patchew.org/QEMU/20190806185649.2476-1-sean.j.christopherson@intel.com/



Hi,

This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-fedora V=1 NETWORK=1
time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
=== TEST SCRIPT END ===

PASS 2 fdc-test /x86_64/fdc/no_media_on_start
PASS 3 fdc-test /x86_64/fdc/read_without_media
PASS 13 test-opts-visitor /visitor/opts/i64/range/max/pos/b
==10034==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 4 fdc-test /x86_64/fdc/media_change
PASS 5 fdc-test /x86_64/fdc/sense_interrupt
PASS 6 fdc-test /x86_64/fdc/relative_seek
---
PASS 33 test-opts-visitor /visitor/opts/dict/unvisited
PASS 10 fdc-test /x86_64/fdc/read_no_dma_1
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  tests/test-coroutine -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-coroutine" 
==10057==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-coroutine /basic/no-dangling-access
PASS 2 test-coroutine /basic/lifecycle
PASS 3 test-coroutine /basic/yield
==10057==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffc6afbb000; bottom 0x7f28cdef8000; size: 0x00d39d0c3000 (908872921088)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 4 test-coroutine /basic/nesting
---
PASS 12 test-aio /aio/event/flush
PASS 13 test-aio /aio/event/wait/no-flush-cb
PASS 11 fdc-test /x86_64/fdc/read_no_dma_18
==10076==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 14 test-aio /aio/timer/schedule
PASS 15 test-aio /aio/coroutine/queue-chaining
PASS 16 test-aio /aio-gsource/flush
---
PASS 28 test-aio /aio-gsource/timer/schedule
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  tests/test-aio-multithread -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-aio-multithread" 
PASS 1 test-aio-multithread /aio/multi/lifecycle
==10082==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 12 fdc-test /x86_64/fdc/read_no_dma_19
PASS 13 fdc-test /x86_64/fdc/fuzz-registers
PASS 2 test-aio-multithread /aio/multi/schedule
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/ide-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="ide-test" 
PASS 3 test-aio-multithread /aio/multi/mutex/contended
==10105==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 ide-test /x86_64/ide/identify
==10116==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 2 ide-test /x86_64/ide/flush
==10122==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 4 test-aio-multithread /aio/multi/mutex/handoff
PASS 3 ide-test /x86_64/ide/bmdma/simple_rw
==10133==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 5 test-aio-multithread /aio/multi/mutex/mcs
PASS 4 ide-test /x86_64/ide/bmdma/trim
==10144==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 6 test-aio-multithread /aio/multi/mutex/pthread
PASS 5 ide-test /x86_64/ide/bmdma/short_prdt
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  tests/test-throttle -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-throttle" 
==10154==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-throttle /throttle/leak_bucket
PASS 2 test-throttle /throttle/compute_wait
PASS 3 test-throttle /throttle/init
---
PASS 14 test-throttle /throttle/config/max
PASS 15 test-throttle /throttle/config/iops_size
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  tests/test-thread-pool -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-thread-pool" 
==10152==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10161==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-thread-pool /thread-pool/submit
PASS 2 test-thread-pool /thread-pool/submit-aio
PASS 3 test-thread-pool /thread-pool/submit-co
PASS 4 test-thread-pool /thread-pool/submit-many
PASS 6 ide-test /x86_64/ide/bmdma/one_sector_short_prdt
==10168==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 7 ide-test /x86_64/ide/bmdma/long_prdt
PASS 5 test-thread-pool /thread-pool/cancel
==10174==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10174==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffe145ca000; bottom 0x7f5b9fbfe000; size: 0x00a2749cc000 (697741131776)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 8 ide-test /x86_64/ide/bmdma/no_busmaster
---
PASS 13 test-hbitmap /hbitmap/set/general
PASS 14 test-hbitmap /hbitmap/set/twice
PASS 15 test-hbitmap /hbitmap/set/overlap
==10190==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 16 test-hbitmap /hbitmap/reset/empty
PASS 17 test-hbitmap /hbitmap/reset/general
PASS 10 ide-test /x86_64/ide/flush/empty_drive
---
PASS 28 test-hbitmap /hbitmap/truncate/shrink/medium
PASS 29 test-hbitmap /hbitmap/truncate/shrink/large
PASS 30 test-hbitmap /hbitmap/meta/zero
==10195==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 11 ide-test /x86_64/ide/flush/retry_pci
==10201==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 12 ide-test /x86_64/ide/flush/retry_isa
==10207==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 13 ide-test /x86_64/ide/cdrom/pio
==10213==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 31 test-hbitmap /hbitmap/meta/one
PASS 32 test-hbitmap /hbitmap/meta/byte
PASS 33 test-hbitmap /hbitmap/meta/word
PASS 14 ide-test /x86_64/ide/cdrom/pio_large
==10219==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 34 test-hbitmap /hbitmap/meta/sector
PASS 35 test-hbitmap /hbitmap/serialize/align
PASS 15 ide-test /x86_64/ide/cdrom/dma
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/ahci-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="ahci-test" 
==10233==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 36 test-hbitmap /hbitmap/serialize/basic
PASS 37 test-hbitmap /hbitmap/serialize/part
PASS 38 test-hbitmap /hbitmap/serialize/zeroes
---
PASS 42 test-hbitmap /hbitmap/next_dirty_area/next_dirty_area_1
PASS 43 test-hbitmap /hbitmap/next_dirty_area/next_dirty_area_4
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  tests/test-bdrv-drain -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-bdrv-drain" 
==10242==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10239==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 test-bdrv-drain /bdrv-drain/nested
PASS 2 test-bdrv-drain /bdrv-drain/multiparent
PASS 3 test-bdrv-drain /bdrv-drain/set_aio_context
---
PASS 17 test-bdrv-drain /bdrv-drain/graph-change/drain_all
PASS 18 test-bdrv-drain /bdrv-drain/iothread/drain_all
=================================================================
==10242==ERROR: AddressSanitizer: heap-use-after-free on address 0x61200002c7f0 at pc 0x55643dc6d6a6 bp 0x7fc567eb8680 sp 0x7fc567eb8678
WRITE of size 1 at 0x61200002c7f0 thread T9
PASS 2 ahci-test /x86_64/ahci/pci_spec
    #0 0x55643dc6d6a5 in aio_notify /tmp/qemu-test/src/util/async.c:351:9
---
  Right alloca redzone:    cb
  Shadow gap:              cc
==10242==ABORTING
ERROR - too few tests run (expected 40, got 18)
make: *** [/tmp/qemu-test/src/tests/Makefile.include:904: check-unit] Error 1
make: *** Waiting for unfinished jobs....
==10259==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 3 ahci-test /x86_64/ahci/pci_enable
==10265==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 4 ahci-test /x86_64/ahci/hba_spec
==10271==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 5 ahci-test /x86_64/ahci/hba_enable
==10277==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 6 ahci-test /x86_64/ahci/identify
==10283==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 7 ahci-test /x86_64/ahci/max
==10289==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 8 ahci-test /x86_64/ahci/reset
==10295==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10295==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffd7836e000; bottom 0x7f661affe000; size: 0x00975d370000 (650103947264)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 9 ahci-test /x86_64/ahci/io/pio/lba28/simple/zero
==10301==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10301==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffef1990000; bottom 0x7f4d8f1fe000; size: 0x00b162792000 (761861316608)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 10 ahci-test /x86_64/ahci/io/pio/lba28/simple/low
==10307==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10307==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffd9b159000; bottom 0x7f44749fe000; size: 0x00b92675b000 (795214196736)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 11 ahci-test /x86_64/ahci/io/pio/lba28/simple/high
==10313==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10313==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffe57c1d000; bottom 0x7f76c53fe000; size: 0x00879281f000 (582278574080)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 12 ahci-test /x86_64/ahci/io/pio/lba28/double/zero
==10319==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10319==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffd504ba000; bottom 0x7fb9561fe000; size: 0x0043fa2bc000 (291959980032)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 13 ahci-test /x86_64/ahci/io/pio/lba28/double/low
==10325==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10325==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7fff7e87b000; bottom 0x7efd8e1fe000; size: 0x0101f067d000 (1107839930368)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 14 ahci-test /x86_64/ahci/io/pio/lba28/double/high
==10331==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10331==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffe7ede7000; bottom 0x7fe3abf24000; size: 0x001ad2ec3000 (115207843840)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 15 ahci-test /x86_64/ahci/io/pio/lba28/long/zero
==10337==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10337==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffc5691f000; bottom 0x7f30bfffe000; size: 0x00cb96921000 (874404515840)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 16 ahci-test /x86_64/ahci/io/pio/lba28/long/low
==10343==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10343==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7fff8b570000; bottom 0x7f19b09fe000; size: 0x00e5dab72000 (987216945152)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 17 ahci-test /x86_64/ahci/io/pio/lba28/long/high
==10349==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 18 ahci-test /x86_64/ahci/io/pio/lba28/short/zero
==10355==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 19 ahci-test /x86_64/ahci/io/pio/lba28/short/low
==10361==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 20 ahci-test /x86_64/ahci/io/pio/lba28/short/high
==10367==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10367==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffe4b400000; bottom 0x7fd1957fe000; size: 0x002cb5c02000 (192027828224)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 21 ahci-test /x86_64/ahci/io/pio/lba48/simple/zero
==10373==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10373==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffeae2cd000; bottom 0x7f88f61fe000; size: 0x0075b80cf000 (505599029248)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 22 ahci-test /x86_64/ahci/io/pio/lba48/simple/low
==10379==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10379==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffcc67ba000; bottom 0x7f1cad7fe000; size: 0x00e018fbc000 (962491826176)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 23 ahci-test /x86_64/ahci/io/pio/lba48/simple/high
==10385==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10385==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffcfda32000; bottom 0x7fc7155fe000; size: 0x0035e8434000 (231529988096)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 24 ahci-test /x86_64/ahci/io/pio/lba48/double/zero
==10391==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10391==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffc9c5b4000; bottom 0x7fed42ffe000; size: 0x000f595b6000 (65923670016)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 25 ahci-test /x86_64/ahci/io/pio/lba48/double/low
==10397==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10397==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffd77387000; bottom 0x7ff71bdfe000; size: 0x00065b589000 (27302334464)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 26 ahci-test /x86_64/ahci/io/pio/lba48/double/high
==10403==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10403==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7fffaec5a000; bottom 0x7ff9aa1fe000; size: 0x000604a5c000 (25847775232)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 27 ahci-test /x86_64/ahci/io/pio/lba48/long/zero
==10409==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10409==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffd275aa000; bottom 0x7f48145fe000; size: 0x00b512fac000 (777707503616)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 28 ahci-test /x86_64/ahci/io/pio/lba48/long/low
==10415==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10415==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffe26ba0000; bottom 0x7f515af24000; size: 0x00accbc7c000 (742153240576)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 29 ahci-test /x86_64/ahci/io/pio/lba48/long/high
==10421==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 30 ahci-test /x86_64/ahci/io/pio/lba48/short/zero
==10427==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 31 ahci-test /x86_64/ahci/io/pio/lba48/short/low
==10433==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 32 ahci-test /x86_64/ahci/io/pio/lba48/short/high
==10439==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 33 ahci-test /x86_64/ahci/io/dma/lba28/fragmented
==10445==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 34 ahci-test /x86_64/ahci/io/dma/lba28/retry
==10451==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 35 ahci-test /x86_64/ahci/io/dma/lba28/simple/zero
==10457==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 36 ahci-test /x86_64/ahci/io/dma/lba28/simple/low
==10463==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 37 ahci-test /x86_64/ahci/io/dma/lba28/simple/high
==10469==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 38 ahci-test /x86_64/ahci/io/dma/lba28/double/zero
==10475==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 39 ahci-test /x86_64/ahci/io/dma/lba28/double/low
==10481==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 40 ahci-test /x86_64/ahci/io/dma/lba28/double/high
==10487==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 41 ahci-test /x86_64/ahci/io/dma/lba28/long/zero
==10493==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 42 ahci-test /x86_64/ahci/io/dma/lba28/long/low
==10499==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 43 ahci-test /x86_64/ahci/io/dma/lba28/long/high
==10505==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 44 ahci-test /x86_64/ahci/io/dma/lba28/short/zero
==10512==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 45 ahci-test /x86_64/ahci/io/dma/lba28/short/low
==10518==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 46 ahci-test /x86_64/ahci/io/dma/lba28/short/high
==10524==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 47 ahci-test /x86_64/ahci/io/dma/lba48/simple/zero
==10530==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 48 ahci-test /x86_64/ahci/io/dma/lba48/simple/low
==10536==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 49 ahci-test /x86_64/ahci/io/dma/lba48/simple/high
==10542==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 50 ahci-test /x86_64/ahci/io/dma/lba48/double/zero
==10548==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 51 ahci-test /x86_64/ahci/io/dma/lba48/double/low
==10554==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 52 ahci-test /x86_64/ahci/io/dma/lba48/double/high
==10560==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 53 ahci-test /x86_64/ahci/io/dma/lba48/long/zero
==10566==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 54 ahci-test /x86_64/ahci/io/dma/lba48/long/low
==10572==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 55 ahci-test /x86_64/ahci/io/dma/lba48/long/high
==10578==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 56 ahci-test /x86_64/ahci/io/dma/lba48/short/zero
==10584==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 57 ahci-test /x86_64/ahci/io/dma/lba48/short/low
==10590==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 58 ahci-test /x86_64/ahci/io/dma/lba48/short/high
==10596==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 59 ahci-test /x86_64/ahci/io/ncq/simple
==10602==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 60 ahci-test /x86_64/ahci/io/ncq/retry
==10608==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 61 ahci-test /x86_64/ahci/flush/simple
==10614==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 62 ahci-test /x86_64/ahci/flush/retry
==10621==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10626==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 63 ahci-test /x86_64/ahci/flush/migrate
==10635==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10640==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 64 ahci-test /x86_64/ahci/migrate/sanity
==10649==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10654==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 65 ahci-test /x86_64/ahci/migrate/dma/simple
==10663==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10668==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 66 ahci-test /x86_64/ahci/migrate/dma/halted
==10677==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10682==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 67 ahci-test /x86_64/ahci/migrate/ncq/simple
==10691==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10696==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 68 ahci-test /x86_64/ahci/migrate/ncq/halted
==10705==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 69 ahci-test /x86_64/ahci/cdrom/eject
==10710==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 70 ahci-test /x86_64/ahci/cdrom/dma/single
==10716==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 71 ahci-test /x86_64/ahci/cdrom/dma/multi
==10722==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 72 ahci-test /x86_64/ahci/cdrom/pio/single
==10728==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
==10728==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7ffdfd02f000; bottom 0x7ff5abfdc000; size: 0x000851053000 (35719032832)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 73 ahci-test /x86_64/ahci/cdrom/pio/multi
==10734==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 74 ahci-test /x86_64/ahci/cdrom/pio/bcl
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/hd-geo-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="hd-geo-test" 
PASS 1 hd-geo-test /x86_64/hd-geo/ide/none
==10748==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 2 hd-geo-test /x86_64/hd-geo/ide/drive/cd_0
==10754==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 3 hd-geo-test /x86_64/hd-geo/ide/drive/mbr/blank
==10760==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 4 hd-geo-test /x86_64/hd-geo/ide/drive/mbr/lba
==10766==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 5 hd-geo-test /x86_64/hd-geo/ide/drive/mbr/chs
==10772==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 6 hd-geo-test /x86_64/hd-geo/ide/device/mbr/blank
==10778==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 7 hd-geo-test /x86_64/hd-geo/ide/device/mbr/lba
==10784==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 8 hd-geo-test /x86_64/hd-geo/ide/device/mbr/chs
==10790==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 9 hd-geo-test /x86_64/hd-geo/ide/device/user/chs
==10795==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 10 hd-geo-test /x86_64/hd-geo/ide/device/user/chst
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/boot-order-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="boot-order-test" 
PASS 1 boot-order-test /x86_64/boot-order/pc
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==10863==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!

Looking for expected file 'tests/data/acpi/pc/FACP'
Using expected file 'tests/data/acpi/pc/FACP'
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==10869==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!

Looking for expected file 'tests/data/acpi/q35/FACP'
Using expected file 'tests/data/acpi/q35/FACP'
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==10875==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!

Looking for expected file 'tests/data/acpi/pc/FACP.bridge'
Looking for expected file 'tests/data/acpi/pc/FACP'
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==10881==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!

Looking for expected file 'tests/data/acpi/pc/FACP.ipmikcs'
Looking for expected file 'tests/data/acpi/pc/FACP'
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==10887==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!

Looking for expected file 'tests/data/acpi/pc/FACP.cphp'
Looking for expected file 'tests/data/acpi/pc/FACP'
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==10894==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!

Looking for expected file 'tests/data/acpi/pc/FACP.memhp'
Looking for expected file 'tests/data/acpi/pc/FACP'
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==10900==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!

Looking for expected file 'tests/data/acpi/pc/FACP.numamem'
Looking for expected file 'tests/data/acpi/pc/FACP'
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==10906==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!

Looking for expected file 'tests/data/acpi/pc/FACP.dimmpxm'
Looking for expected file 'tests/data/acpi/pc/FACP'
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==10915==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!

Looking for expected file 'tests/data/acpi/q35/FACP.bridge'
Looking for expected file 'tests/data/acpi/q35/FACP'
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==10921==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!

Looking for expected file 'tests/data/acpi/q35/FACP.mmio64'
Looking for expected file 'tests/data/acpi/q35/FACP'
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==10927==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!

Looking for expected file 'tests/data/acpi/q35/FACP.ipmibt'
Looking for expected file 'tests/data/acpi/q35/FACP'
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==10933==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!

Looking for expected file 'tests/data/acpi/q35/FACP.cphp'
Looking for expected file 'tests/data/acpi/q35/FACP'
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==10940==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!

Looking for expected file 'tests/data/acpi/q35/FACP.memhp'
Looking for expected file 'tests/data/acpi/q35/FACP'
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==10946==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!

Looking for expected file 'tests/data/acpi/q35/FACP.numamem'
Looking for expected file 'tests/data/acpi/q35/FACP'
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==10952==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!

Looking for expected file 'tests/data/acpi/q35/FACP.dimmpxm'
Looking for expected file 'tests/data/acpi/q35/FACP'
---
PASS 1 i440fx-test /x86_64/i440fx/defaults
PASS 2 i440fx-test /x86_64/i440fx/pam
PASS 3 i440fx-test /x86_64/i440fx/firmware/bios
==11036==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 4 i440fx-test /x86_64/i440fx/firmware/pflash
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/fw_cfg-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="fw_cfg-test" 
PASS 1 fw_cfg-test /x86_64/fw_cfg/signature
---
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/drive_del-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="drive_del-test" 
PASS 1 drive_del-test /x86_64/drive_del/without-dev
PASS 2 drive_del-test /x86_64/drive_del/after_failed_device_add
==11124==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 3 drive_del-test /x86_64/blockdev/drive_del_device_del
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/wdt_ib700-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="wdt_ib700-test" 
PASS 1 wdt_ib700-test /x86_64/wdt_ib700/pause
---
PASS 1 usb-hcd-uhci-test /x86_64/uhci/pci/init
PASS 2 usb-hcd-uhci-test /x86_64/uhci/pci/port1
PASS 3 usb-hcd-uhci-test /x86_64/uhci/pci/hotplug
==11319==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 4 usb-hcd-uhci-test /x86_64/uhci/pci/hotplug/usb-storage
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/usb-hcd-xhci-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="usb-hcd-xhci-test" 
PASS 1 usb-hcd-xhci-test /x86_64/xhci/pci/init
PASS 2 usb-hcd-xhci-test /x86_64/xhci/pci/hotplug
==11328==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 3 usb-hcd-xhci-test /x86_64/xhci/pci/hotplug/usb-uas
PASS 4 usb-hcd-xhci-test /x86_64/xhci/pci/hotplug/usb-ccid
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/cpu-plug-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="cpu-plug-test" 
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11434==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 1 vmgenid-test /x86_64/vmgenid/vmgenid/set-guid
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11440==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 2 vmgenid-test /x86_64/vmgenid/vmgenid/set-guid-auto
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11446==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 3 vmgenid-test /x86_64/vmgenid/vmgenid/query-monitor
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/tpm-crb-swtpm-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="tpm-crb-swtpm-test" 
SKIP 1 tpm-crb-swtpm-test /x86_64/tpm/crb-swtpm/test # SKIP swtpm not in PATH or missing --tpm2 support
---
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11551==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11556==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 3 migration-test /x86_64/migration/fd_proto
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11564==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11569==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 4 migration-test /x86_64/migration/postcopy/unix
PASS 5 migration-test /x86_64/migration/postcopy/recovery
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11599==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11604==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 6 migration-test /x86_64/migration/precopy/unix
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11613==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11618==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 7 migration-test /x86_64/migration/precopy/tcp
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11627==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory
qemu-system-x86_64: Back to tcg accelerator
==11632==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 8 migration-test /x86_64/migration/xbzrle/unix
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/test-x86-cpuid-compat -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-x86-cpuid-compat" 
PASS 1 test-x86-cpuid-compat /x86/cpuid/parsing-plus-minus
---
PASS 30 test-x86-cpuid-compat /x86_64/x86/cpuid/auto-xlevel2/486/fixed
PASS 31 test-x86-cpuid-compat /x86_64/x86/cpuid/auto-level7/pc-i440fx-1.4/off
PASS 32 test-x86-cpuid-compat /x86_64/x86/cpuid/auto-level7/pc-i440fx-1.5/on
qemu-system-x86_64: warning: Unknown firmware file in legacy mode: etc/msr_feature_control
PASS 33 test-x86-cpuid-compat /x86_64/x86/cpuid/auto-level7/pc-i440fx-2.3/off
PASS 34 test-x86-cpuid-compat /x86_64/x86/cpuid/auto-level7/pc-i440fx-2.3/on
PASS 35 test-x86-cpuid-compat /x86_64/x86/cpuid/auto-level7/pc-i440fx-2.9/off
---
PASS 6 numa-test /x86_64/numa/pc/dynamic/cpu
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/qmp-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="qmp-test" 
PASS 1 qmp-test /x86_64/qmp/protocol
==11961==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 2 qmp-test /x86_64/qmp/oob
PASS 3 qmp-test /x86_64/qmp/preconfig
PASS 4 qmp-test /x86_64/qmp/missing-any-arg
---
PASS 6 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/sdhci-pci/sdhci/sdhci-tests/registers
PASS 7 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/tpci200/ipack/ipoctal232/ipoctal232-tests/nop
PASS 8 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/tpci200/pci-device/pci-device-tests/nop
==12370==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 9 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-9p-pci/pci-device/pci-device-tests/nop
PASS 10 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-9p-pci/virtio/virtio-tests/nop
PASS 11 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-9p-pci/virtio-9p/virtio-9p-tests/config
---
PASS 20 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-9p-pci/virtio-9p/virtio-9p-tests/fs/flush/ignored
PASS 21 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-balloon-pci/pci-device/pci-device-tests/nop
PASS 22 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-balloon-pci/virtio/virtio-tests/nop
==12383==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 23 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-blk-pci/virtio-blk/virtio-blk-tests/indirect
==12390==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 24 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-blk-pci/virtio-blk/virtio-blk-tests/config
==12397==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 25 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-blk-pci/virtio-blk/virtio-blk-tests/basic
==12404==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 26 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-blk-pci/virtio-blk/virtio-blk-tests/resize
==12411==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 27 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-blk-pci/virtio-blk-pci-tests/msix
==12418==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 28 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-blk-pci/virtio-blk-pci-tests/idx
==12425==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 29 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-blk-pci/virtio-blk-pci-tests/nxvirtq
==12432==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 30 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-blk-pci/virtio-blk-pci-tests/hotplug
PASS 31 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-net-pci/virtio-net/virtio-net-tests/basic
PASS 32 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-net-pci/virtio-net/virtio-net-tests/rx_stop_cont
---
PASS 40 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-rng-pci/pci-device/pci-device-tests/nop
PASS 41 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-rng-pci/virtio/virtio-tests/nop
PASS 42 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-rng-pci/virtio-rng-pci-tests/hotplug
==12543==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 43 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-scsi-pci/pci-device/pci-device-tests/nop
==12549==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 44 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-scsi-pci/virtio-scsi/virtio-scsi-tests/hotplug
==12555==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 45 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-scsi-pci/virtio-scsi/virtio-scsi-tests/unaligned-write-same
==12561==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 46 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-scsi-pci/virtio-scsi-pci-tests/iothread-attach-node
PASS 47 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-serial-pci/pci-device/pci-device-tests/nop
PASS 48 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/virtio-serial-pci/virtio/virtio-tests/nop
---
PASS 67 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/i82562/pci-device/pci-device-tests/nop
PASS 68 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/i82801/pci-device/pci-device-tests/nop
PASS 69 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/ES1370/pci-device/pci-device-tests/nop
==12706==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 70 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/megasas/pci-device/pci-device-tests/nop
PASS 71 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/megasas/megasas-tests/dcmd/pd-get-info/fuzz
PASS 72 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/ne2k_pci/pci-device/pci-device-tests/nop
PASS 73 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/nvme/pci-device/pci-device-tests/nop
==12718==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 74 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/nvme/nvme-tests/oob-cmb-access
==12724==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases!
PASS 75 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/pcnet/pci-device/pci-device-tests/nop
PASS 76 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/pci-ohci/pci-device/pci-device-tests/nop
PASS 77 qos-test /x86_64/pc/i440FX-pcihost/pci-bus-pc/pci-bus/pci-ohci/pci-ohci-tests/ohci_pci-test-hotplug


The full log is available at
http://patchew.org/logs/20190806185649.2476-1-sean.j.christopherson@intel.com/testing.asan/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

^ permalink raw reply	[flat|nested] 26+ messages in thread

* Re: [Qemu-devel] [RFC PATCH 02/20] i386: Add 'sgx-epc' device to expose EPC sections to guest
  2019-08-06 18:56 ` [RFC PATCH 02/20] i386: Add 'sgx-epc' device to expose EPC sections to guest Sean Christopherson
@ 2019-08-07  5:57   ` Markus Armbruster
  0 siblings, 0 replies; 26+ messages in thread
From: Markus Armbruster @ 2019-08-07  5:57 UTC (permalink / raw)
  To: Sean Christopherson
  Cc: Eduardo Habkost, Igor Mammedov, Michael S. Tsirkin,
	Marcel Apfelbaum, Paolo Bonzini, Richard Henderson,
	Cornelia Huck, Eric Blake, Marcelo Tosatti, qemu-devel, kvm

Quick QAPI schema sanity check, mostly.

Sean Christopherson <sean.j.christopherson@intel.com> writes:

> SGX EPC is enumerated through CPUID, i.e. EPC "devices" need to be
> realized prior to realizing the vCPUs themselves, which occurs long
> before generic devices are parsed and realized.  Because of this,
> do not allow 'sgx-epc' devices to be instantiated after vCPUS have
> been created.
>
> The 'sgx-epc' device is essentially a placholder at this time, it will
> be fully implemented in a future patch along with a dedicated command
> to create 'sgx-epc' devices.
>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
> ---
>  hw/i386/Makefile.objs     |   1 +
>  hw/i386/sgx-epc.c         | 169 ++++++++++++++++++++++++++++++++++++++
>  include/hw/i386/sgx-epc.h |  44 ++++++++++
>  qapi/misc.json            |  32 +++++++-
>  4 files changed, 244 insertions(+), 2 deletions(-)
>  create mode 100644 hw/i386/sgx-epc.c
>  create mode 100644 include/hw/i386/sgx-epc.h
>
> diff --git a/hw/i386/Makefile.objs b/hw/i386/Makefile.objs
> index 5d9c9efd5f..18c9693d9d 100644
> --- a/hw/i386/Makefile.objs
> +++ b/hw/i386/Makefile.objs
> @@ -13,3 +13,4 @@ obj-$(CONFIG_VMMOUSE) += vmmouse.o
>  
>  obj-y += kvmvapic.o
>  obj-y += acpi-build.o
> +obj-y += sgx-epc.o
> diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c
> new file mode 100644
> index 0000000000..73221ba86b
> --- /dev/null
> +++ b/hw/i386/sgx-epc.c
> @@ -0,0 +1,169 @@
> +/*
> + * SGX EPC device
> + *
> + * Copyright (C) 2019 Intel Corporation
> + *
> + * Authors:
> + *   Sean Christopherson <sean.j.christopherson@intel.com>
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
> + * See the COPYING file in the top-level directory.
> + */
> +#include "qemu/osdep.h"
> +#include "hw/i386/pc.h"
> +#include "hw/i386/sgx-epc.h"
> +#include "hw/mem/memory-device.h"
> +#include "monitor/qdev.h"
> +#include "qapi/error.h"
> +#include "qapi/visitor.h"
> +#include "qemu/config-file.h"
> +#include "qemu/error-report.h"
> +#include "qemu/option.h"
> +#include "qemu/units.h"
> +#include "target/i386/cpu.h"
> +
> +static Property sgx_epc_properties[] = {
> +    DEFINE_PROP_UINT64(SGX_EPC_ADDR_PROP, SGXEPCDevice, addr, 0),
> +    DEFINE_PROP_LINK(SGX_EPC_MEMDEV_PROP, SGXEPCDevice, hostmem,
> +                     TYPE_MEMORY_BACKEND, HostMemoryBackend *),
> +    DEFINE_PROP_END_OF_LIST(),
> +};
> +
> +static void sgx_epc_get_size(Object *obj, Visitor *v, const char *name,
> +                             void *opaque, Error **errp)
> +{
> +    Error *local_err = NULL;
> +    uint64_t value;
> +
> +    value = memory_device_get_region_size(MEMORY_DEVICE(obj), &local_err);
> +    if (local_err) {
> +        error_propagate(errp, local_err);
> +        return;
> +    }
> +
> +    visit_type_uint64(v, name, &value, errp);
> +}
> +
> +static void sgx_epc_init(Object *obj)
> +{
> +    object_property_add(obj, SGX_EPC_SIZE_PROP, "uint64", sgx_epc_get_size,
> +                        NULL, NULL, NULL, &error_abort);
> +}
> +
> +static void sgx_epc_realize(DeviceState *dev, Error **errp)
> +{
> +    PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
> +    SGXEPCDevice *epc = SGX_EPC(dev);
> +
> +    if (pcms->boot_cpus != 0) {
> +        error_setg(errp,
> +            "'" TYPE_SGX_EPC "' can't be created after vCPUs, e.g. via -device");
> +        return;
> +    }
> +
> +    if (!epc->hostmem) {
> +        error_setg(errp, "'" SGX_EPC_MEMDEV_PROP "' property is not set");
> +        return;
> +    } else if (host_memory_backend_is_mapped(epc->hostmem)) {
> +        char *path = object_get_canonical_path_component(OBJECT(epc->hostmem));
> +        error_setg(errp, "can't use already busy memdev: %s", path);
> +        g_free(path);
> +        return;
> +    }


Please avoid "return; else":

       if (!epc->hostmem) {
           error_setg(errp, "'" SGX_EPC_MEMDEV_PROP "' property is not set");
           return;
       }
       if (host_memory_backend_is_mapped(epc->hostmem)) {
           char *path = object_get_canonical_path_component(OBJECT(epc->hostmem));
           error_setg(errp, "can't use already busy memdev: %s", path);
           g_free(path);
           return;
       }

> +
> +    error_setg(errp, "'" TYPE_SGX_EPC "' not supported");
> +}
> +
> +static void sgx_epc_unrealize(DeviceState *dev, Error **errp)
> +{
> +    SGXEPCDevice *epc = SGX_EPC(dev);
> +
> +    host_memory_backend_set_mapped(epc->hostmem, false);
> +}
> +
> +static uint64_t sgx_epc_md_get_addr(const MemoryDeviceState *md)
> +{
> +    const SGXEPCDevice *epc = SGX_EPC(md);
> +
> +    return epc->addr;
> +}
> +
> +static void sgx_epc_md_set_addr(MemoryDeviceState *md, uint64_t addr,
> +                                Error **errp)
> +{
> +    object_property_set_uint(OBJECT(md), addr, SGX_EPC_ADDR_PROP, errp);
> +}
> +
> +static uint64_t sgx_epc_md_get_plugged_size(const MemoryDeviceState *md,
> +                                            Error **errp)
> +{
> +    return 0;
> +}
> +
> +static MemoryRegion *sgx_epc_md_get_memory_region(MemoryDeviceState *md,
> +                                                  Error **errp)
> +{
> +    SGXEPCDevice *epc = SGX_EPC(md);
> +
> +    if (!epc->hostmem) {
> +        error_setg(errp, "'" SGX_EPC_MEMDEV_PROP "' property must be set");
> +        return NULL;
> +    }
> +
> +    return host_memory_backend_get_memory(epc->hostmem);
> +}
> +
> +static void sgx_epc_md_fill_device_info(const MemoryDeviceState *md,
> +                                        MemoryDeviceInfo *info)
> +{
> +    SGXEPCDeviceInfo *di = g_new0(SGXEPCDeviceInfo, 1);
> +    const SGXEPCDevice *epc = SGX_EPC(md);
> +    const DeviceState *dev = DEVICE(md);
> +
> +    if (dev->id) {
> +        di->has_id = true;
> +        di->id = g_strdup(dev->id);
> +    }
> +    di->addr = epc->addr;
> +    di->node = 0 /* TODO: EPC NUMA spec not yet defined */;
> +    di->size = memory_device_get_region_size(MEMORY_DEVICE(epc), &error_fatal);
> +    di->memdev = object_get_canonical_path(OBJECT(epc->hostmem));
> +}
> +
> +static void sgx_epc_class_init(ObjectClass *oc, void *data)
> +{
> +    DeviceClass *dc = DEVICE_CLASS(oc);
> +    MemoryDeviceClass *mdc = MEMORY_DEVICE_CLASS(oc);
> +
> +    dc->hotpluggable = false;
> +    dc->realize = sgx_epc_realize;
> +    dc->unrealize = sgx_epc_unrealize;
> +    dc->props = sgx_epc_properties;
> +    dc->desc = "SGX EPC section";
> +
> +    mdc->get_addr = sgx_epc_md_get_addr;
> +    mdc->set_addr = sgx_epc_md_set_addr;
> +    mdc->get_plugged_size = sgx_epc_md_get_plugged_size;
> +    mdc->get_memory_region = sgx_epc_md_get_memory_region;
> +    mdc->fill_device_info = sgx_epc_md_fill_device_info;
> +}
> +
> +static TypeInfo sgx_epc_info = {
> +    .name          = TYPE_SGX_EPC,
> +    .parent        = TYPE_DEVICE,
> +    .instance_size = sizeof(SGXEPCDevice),
> +    .instance_init = sgx_epc_init,
> +    .class_init    = sgx_epc_class_init,
> +    .class_size    = sizeof(DeviceClass),
> +    .interfaces = (InterfaceInfo[]) {
> +        { TYPE_MEMORY_DEVICE },
> +        { }
> +    },
> +};
> +
> +static void sgx_epc_register_types(void)
> +{
> +    type_register_static(&sgx_epc_info);
> +}
> +
> +type_init(sgx_epc_register_types)
> diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h
> new file mode 100644
> index 0000000000..5fd9ae2d0c
> --- /dev/null
> +++ b/include/hw/i386/sgx-epc.h
> @@ -0,0 +1,44 @@
> +/*
> + * SGX EPC device
> + *
> + * Copyright (C) 2019 Intel Corporation
> + *
> + * Authors:
> + *   Sean Christopherson <sean.j.christopherson@intel.com>
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
> + * See the COPYING file in the top-level directory.
> + */
> +#ifndef QEMU_SGX_EPC_H
> +#define QEMU_SGX_EPC_H
> +
> +#include "sysemu/hostmem.h"
> +
> +#define TYPE_SGX_EPC "sgx-epc"
> +#define SGX_EPC(obj) \
> +    OBJECT_CHECK(SGXEPCDevice, (obj), TYPE_SGX_EPC)
> +#define SGX_EPC_CLASS(oc) \
> +    OBJECT_CLASS_CHECK(SGXEPCDeviceClass, (oc), TYPE_SGX_EPC)
> +#define SGX_EPC_GET_CLASS(obj) \
> +    OBJECT_GET_CLASS(SGXEPCDeviceClass, (obj), TYPE_SGX_EPC)
> +
> +#define SGX_EPC_ADDR_PROP "addr"
> +#define SGX_EPC_SIZE_PROP "size"
> +#define SGX_EPC_MEMDEV_PROP "memdev"
> +
> +/**
> + * SGXEPCDevice:
> + * @addr: starting guest physical address, where @SGXEPCDevice is mapped.
> + *         Default value: 0, means that address is auto-allocated.
> + * @hostmem: host memory backend providing memory for @SGXEPCDevice
> + */
> +typedef struct SGXEPCDevice {
> +    /* private */
> +    DeviceState parent_obj;
> +
> +    /* public */
> +    uint64_t addr;
> +    HostMemoryBackend *hostmem;
> +} SGXEPCDevice;
> +
> +#endif
> diff --git a/qapi/misc.json b/qapi/misc.json
> index a7fba7230c..965905c9e8 100644
> --- a/qapi/misc.json
> +++ b/qapi/misc.json
> @@ -1573,19 +1573,47 @@
>            }
>  }
>  
> +##
> +# @SGXEPCDeviceInfo:
> +#
> +# SGX EPC state information
> +#
> +# @id: device's ID
> +#
> +# @addr: physical address, where device is mapped
> +#
> +# @size: size of memory that the device provides
> +#
> +# @node: NUMA node number where device is plugged in
> +#
> +# @memdev: memory backend linked with device
> +#
> +# Since: TBD
> +##
> +{ 'struct': 'SGXEPCDeviceInfo',
> +  'data': { '*id': 'str',
> +            'addr': 'int',
> +            'size': 'int',
> +            'node': 'int',
> +            'memdev': 'str'
> +          }
> +}
> +
>  ##
>  # @MemoryDeviceInfo:
>  #
>  # Union containing information about a memory device
>  #
> -# nvdimm is included since 2.12. virtio-pmem is included since 4.1.
> +# nvdimm is included since 2.12. virtio-pmem is included since 4.1,
> +# sgx-epc is included since TBD.
>  #
>  # Since: 2.1
>  ##
>  { 'union': 'MemoryDeviceInfo',
>    'data': { 'dimm': 'PCDIMMDeviceInfo',
>              'nvdimm': 'PCDIMMDeviceInfo',
> -            'virtio-pmem': 'VirtioPMEMDeviceInfo'
> +            'virtio-pmem': 'VirtioPMEMDeviceInfo',
> +            'sgx-epc': 'SGXEPCDeviceInfo'
>            }
>  }

This adds a fourth kind of MemoryDeviceInfo.  Their doc comments all
neglect to tell us what a "DIMM Device" is, why it's a "PC DIMM Device",
how that differs from an "NVDIMM Device", what a "Virtio PMEM Device"
is, and now what an "SGX EPC Device" is.

I'd appreciate a brief explanation, possibly with a reference to
pertinent documentation elsewhere.  I'm not demanding you do that for
the existing kinds, too.  Igor, perhaps?

^ permalink raw reply	[flat|nested] 26+ messages in thread

* Re: [Qemu-devel] [RFC PATCH 03/20] vl: Add "sgx-epc" option to expose SGX EPC sections to guest
  2019-08-06 18:56 ` [RFC PATCH 03/20] vl: Add "sgx-epc" option to expose SGX " Sean Christopherson
@ 2019-09-06 21:49   ` Larry Dewey
  2019-09-10 19:45     ` Sean Christopherson
  0 siblings, 1 reply; 26+ messages in thread
From: Larry Dewey @ 2019-09-06 21:49 UTC (permalink / raw)
  To: sean.j.christopherson; +Cc: kvm, qemu-devel

[-- Attachment #1: Type: text/plain, Size: 9550 bytes --]

I was playing with the new objects, etc, and found if the user
specifies -sgx-epc, and a memory device, but does not specify -cpu
host, +sgx, the vm runs without any warnings, while obviously not doing
anything to the memory. Perhaps some warnings if not everything which
is required is provided?

On Tue, 2019-08-06 at 11:56 -0700, Sean Christopherson wrote:
> Because SGX EPC is enumerated through CPUID, EPC "devices" need to be
> realized prior to realizing the vCPUs themselves, i.e. long before
> generic devices are parsed and realized.  From a virtualization
> perspective, the CPUID aspect also means that EPC sections cannot be
> hotplugged without paravirtualizing the guest kernel (hardware does
> not support hotplugging as EPC sections must be locked down during
> pre-boot to provide EPC's security properties).
> 
> So even though EPC sections could be realized through the generic
> -devices command, they need to be created much earlier for them to
> actually be usable by the guest.  Place all EPC sections in a
> contiguous block, somewhat arbitrarily starting after RAM above 4g.
> Ensuring EPC is in a contiguous region simplifies calculations, e.g.
> device memory base, PCI hole, etc..., allows dynamic calculation of
> the
> total EPC size, e.g. exposing EPC to guests does not require -maxmem,
> and last but not least allows all of EPC to be enumerated in a single
> ACPI entry, which is expected by some kernels, e.g. Windows 7 and 8.
> 
> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
> ---
>  hw/i386/sgx-epc.c         | 107
> +++++++++++++++++++++++++++++++++++++-
>  include/hw/i386/pc.h      |   3 ++
>  include/hw/i386/sgx-epc.h |  18 +++++++
>  qemu-options.hx           |  12 +++++
>  vl.c                      |   9 ++++
>  5 files changed, 148 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c
> index 73221ba86b..09aba1f8ea 100644
> --- a/hw/i386/sgx-epc.c
> +++ b/hw/i386/sgx-epc.c
> @@ -53,6 +53,8 @@ static void sgx_epc_init(Object *obj)
>  static void sgx_epc_realize(DeviceState *dev, Error **errp)
>  {
>      PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
> +    MemoryDeviceState *md = MEMORY_DEVICE(dev);
> +    SGXEPCState *sgx_epc = pcms->sgx_epc;
>      SGXEPCDevice *epc = SGX_EPC(dev);
>  
>      if (pcms->boot_cpus != 0) {
> @@ -71,7 +73,18 @@ static void sgx_epc_realize(DeviceState *dev,
> Error **errp)
>          return;
>      }
>  
> -    error_setg(errp, "'" TYPE_SGX_EPC "' not supported");
> +    epc->addr = sgx_epc->base + sgx_epc->size;
> +
> +    memory_region_add_subregion(&sgx_epc->mr, epc->addr - sgx_epc-
> >base,
> +                                host_memory_backend_get_memory(epc-
> >hostmem));
> +
> +    host_memory_backend_set_mapped(epc->hostmem, true);
> +
> +    sgx_epc->sections = g_renew(SGXEPCDevice *, sgx_epc->sections,
> +                                sgx_epc->nr_sections + 1);
> +    sgx_epc->sections[sgx_epc->nr_sections++] = epc;
> +
> +    sgx_epc->size += memory_device_get_region_size(md, errp);
>  }
>  
>  static void sgx_epc_unrealize(DeviceState *dev, Error **errp)
> @@ -167,3 +180,95 @@ static void sgx_epc_register_types(void)
>  }
>  
>  type_init(sgx_epc_register_types)
> +
> +
> +static int sgx_epc_set_property(void *opaque, const char *name,
> +                                const char *value, Error **errp)
> +{
> +    Object *obj = opaque;
> +    Error *err = NULL;
> +
> +    object_property_parse(obj, value, name, &err);
> +    if (err != NULL) {
> +        error_propagate(errp, err);
> +        return -1;
> +    }
> +    return 0;
> +}
> +
> +static int sgx_epc_init_func(void *opaque, QemuOpts *opts, Error
> **errp)
> +{
> +    Error *err = NULL;
> +    Object *obj;
> +
> +    obj = object_new("sgx-epc");
> +
> +    qdev_set_id(DEVICE(obj), qemu_opts_id(opts));
> +
> +    if (qemu_opt_foreach(opts, sgx_epc_set_property, obj, &err)) {
> +        goto out;
> +    }
> +
> +    object_property_set_bool(obj, true, "realized", &err);
> +
> +out:
> +    if (err != NULL) {
> +        error_propagate(errp, err);
> +    }
> +    object_unref(obj);
> +    return err != NULL ? -1 : 0;
> +}
> +
> +void pc_machine_init_sgx_epc(PCMachineState *pcms)
> +{
> +    SGXEPCState *sgx_epc;
> +
> +    if (!sgx_epc_enabled) {
> +        return;
> +    }
> +
> +    sgx_epc = g_malloc0(sizeof(*sgx_epc));
> +    pcms->sgx_epc = sgx_epc;
> +
> +    sgx_epc->base = 0x100000000ULL + pcms->above_4g_mem_size;
> +
> +    memory_region_init(&sgx_epc->mr, OBJECT(pcms), "sgx-epc",
> UINT64_MAX);
> +    memory_region_add_subregion(get_system_memory(), sgx_epc->base,
> +                                &sgx_epc->mr);
> +
> +    qemu_opts_foreach(qemu_find_opts("sgx-epc"), sgx_epc_init_func,
> NULL,
> +                      &error_fatal);
> +
> +    if ((sgx_epc->base + sgx_epc->size) < sgx_epc->base) {
> +        error_report("Size of all 'sgx-epc' =0x%"PRIu64" causes EPC
> to wrap",
> +                     sgx_epc->size);
> +        exit(EXIT_FAILURE);
> +    }
> +
> +    memory_region_set_size(&sgx_epc->mr, sgx_epc->size);
> +}
> +
> +static QemuOptsList sgx_epc_opts = {
> +    .name = "sgx-epc",
> +    .implied_opt_name = "id",
> +    .head = QTAILQ_HEAD_INITIALIZER(sgx_epc_opts.head),
> +    .desc = {
> +        {
> +            .name = "id",
> +            .type = QEMU_OPT_STRING,
> +            .help = "SGX EPC section ID",
> +        },{
> +            .name = "memdev",
> +            .type = QEMU_OPT_STRING,
> +            .help = "memory object backend",
> +        },
> +        { /* end of list */ }
> +    },
> +};
> +
> +static void sgx_epc_register_opts(void)
> +{
> +    qemu_add_opts(&sgx_epc_opts);
> +}
> +
> +opts_init(sgx_epc_register_opts);
> diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
> index 859b64c51d..bb9071c3bd 100644
> --- a/include/hw/i386/pc.h
> +++ b/include/hw/i386/pc.h
> @@ -8,6 +8,7 @@
>  #include "hw/block/flash.h"
>  #include "net/net.h"
>  #include "hw/i386/ioapic.h"
> +#include "hw/i386/sgx-epc.h"
>  
>  #include "qemu/range.h"
>  #include "qemu/bitmap.h"
> @@ -69,6 +70,8 @@ struct PCMachineState {
>      /* Address space used by IOAPIC device. All IOAPIC interrupts
>       * will be translated to MSI messages in the address space. */
>      AddressSpace *ioapic_as;
> +
> +    SGXEPCState *sgx_epc;
>  };
>  
>  #define PC_MACHINE_ACPI_DEVICE_PROP "acpi-device"
> diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h
> index 5fd9ae2d0c..562c66148f 100644
> --- a/include/hw/i386/sgx-epc.h
> +++ b/include/hw/i386/sgx-epc.h
> @@ -41,4 +41,22 @@ typedef struct SGXEPCDevice {
>      HostMemoryBackend *hostmem;
>  } SGXEPCDevice;
>  
> +/*
> + * @base: address in guest physical address space where EPC regions
> start
> + * @mr: address space container for memory devices
> + */
> +typedef struct SGXEPCState {
> +    uint64_t base;
> +    uint64_t size;
> +
> +    MemoryRegion mr;
> +
> +    struct SGXEPCDevice **sections;
> +    int nr_sections;
> +} SGXEPCState;
> +
> +extern int sgx_epc_enabled;
> +
> +void pc_machine_init_sgx_epc(PCMachineState *pcms);
> +
>  #endif
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 9621e934c0..8e83dbddbd 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -103,6 +103,9 @@ NOTE: this parameter is deprecated. Please use
> @option{-global}
>  @option{migration.send-configuration}=@var{on|off} instead.
>  @item memory-encryption=@var{}
>  Memory encryption object to use. The default is none.
> +@item epc=size
> +Defines the maximum size of the guest's SGX EPC, required for
> running
> +SGX enclaves in the guest.  The default is 0.
>  @end table
>  ETEXI
>  
> @@ -394,6 +397,15 @@ STEXI
>  Preallocate memory when using -mem-path.
>  ETEXI
>  
> +DEF("sgx-epc", HAS_ARG, QEMU_OPTION_sgx_epc,
> +    "-sgx-epc memdev=memid[,id=epcid]\n",
> +    QEMU_ARCH_I386)
> +STEXI
> +@item -sgx-epc memdev=@var{memid}[,id=@var{epcid}]
> +@findex -sgx-epc
> +Define an SGX EPC section.
> +ETEXI
> +
>  DEF("k", HAS_ARG, QEMU_OPTION_k,
>      "-k language     use keyboard layout (for example 'fr' for
> French)\n",
>      QEMU_ARCH_ALL)
> diff --git a/vl.c b/vl.c
> index b426b32134..8d3621ec4d 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -141,6 +141,7 @@ const char* keyboard_layout = NULL;
>  ram_addr_t ram_size;
>  const char *mem_path = NULL;
>  int mem_prealloc = 0; /* force preallocation of physical target
> memory */
> +int sgx_epc_enabled;
>  bool enable_mlock = false;
>  bool enable_cpu_pm = false;
>  int nb_nics;
> @@ -3193,6 +3194,14 @@ int main(int argc, char **argv, char **envp)
>              case QEMU_OPTION_mem_prealloc:
>                  mem_prealloc = 1;
>                  break;
> +            case QEMU_OPTION_sgx_epc:
> +                opts = qemu_opts_parse_noisily(qemu_find_opts("sgx-
> epc"),
> +                                               optarg, false);
> +                if (!opts) {
> +                    exit(1);
> +                }
> +                sgx_epc_enabled = 1;
> +                break;
>              case QEMU_OPTION_d:
>                  log_mask = optarg;
>                  break;
-- 
Larry Dewey
Software Engineer
SUSE
1800 S. Novell Pl
Provo, UT 84606
(P)+1 801.861.7605
ldewey@suse.com

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 26+ messages in thread

* Re: [Qemu-devel] [RFC PATCH 03/20] vl: Add "sgx-epc" option to expose SGX EPC sections to guest
  2019-09-06 21:49   ` [Qemu-devel] " Larry Dewey
@ 2019-09-10 19:45     ` Sean Christopherson
  0 siblings, 0 replies; 26+ messages in thread
From: Sean Christopherson @ 2019-09-10 19:45 UTC (permalink / raw)
  To: Larry Dewey; +Cc: kvm, qemu-devel

On Fri, Sep 06, 2019 at 09:49:44PM +0000, Larry Dewey wrote:
> I was playing with the new objects, etc, and found if the user
> specifies -sgx-epc, and a memory device, but does not specify -cpu
> host, +sgx, the vm runs without any warnings, while obviously not doing
> anything to the memory. Perhaps some warnings if not everything which
> is required is provided?

Yeah, I waffled on what to do in this scenario.  Ditto for the opposite
scenario of having SGX enabled without EPC.   I agree a warning or error
would be helpful for EPC-without-SGX.  The SGX-without-EPC case at least
makes some sense, e.g. to mimic BIOS not partitioning EPC, and doesn't
waste resources.

^ permalink raw reply	[flat|nested] 26+ messages in thread

end of thread, other threads:[~2019-09-10 19:45 UTC | newest]

Thread overview: 26+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-06 18:56 [RFC PATCH 00/20] i386: Add support for Intel SGX Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 01/20] hostmem: Add hostmem-epc as a backend for SGX EPC Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 02/20] i386: Add 'sgx-epc' device to expose EPC sections to guest Sean Christopherson
2019-08-07  5:57   ` [Qemu-devel] " Markus Armbruster
2019-08-06 18:56 ` [RFC PATCH 03/20] vl: Add "sgx-epc" option to expose SGX " Sean Christopherson
2019-09-06 21:49   ` [Qemu-devel] " Larry Dewey
2019-09-10 19:45     ` Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 04/20] i386: Add primary SGX CPUID and MSR defines Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 05/20] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 06/20] i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 07/20] i386: Add SGX CPUID leaf FEAT_SGX_12_1_EBX Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 08/20] i386: Add get/set/migrate support for SGX LE public key hash MSRs Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 09/20] i386: Add feature control MSR dependency when SGX is enabled Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 10/20] i386: Update SGX CPUID info according to hardware/KVM/user input Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 11/20] linux-headers: Add temporary placeholder for KVM_CAP_SGX_ATTRIBUTE Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 12/20] i386: kvm: Add support for exposing PROVISIONKEY to guest Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 13/20] i386: Propagate SGX CPUID sub-leafs to KVM Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 14/20] i386: Adjust min CPUID level to 0x12 when SGX is enabled Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 15/20] hw/i386/pc: Set SGX bits in feature control fw_cfg accordingly Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 16/20] hw/i386/pc: Account for SGX EPC sections when calculating device memory Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 17/20] i386/pc: Add e820 entry for SGX EPC section(s) Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 18/20] i386: acpi: Add SGX EPC entry to ACPI tables Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 19/20] q35: Add support for SGX EPC Sean Christopherson
2019-08-06 18:56 ` [RFC PATCH 20/20] i440fx: " Sean Christopherson
2019-08-06 19:28 ` [Qemu-devel] [RFC PATCH 00/20] i386: Add support for Intel SGX no-reply
2019-08-06 20:48 ` no-reply

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).