* [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06
@ 2021-09-08 10:03 Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 01/43] target/i386: add missing bits to CR4_RESERVED_MASK Paolo Bonzini
` (44 more replies)
0 siblings, 45 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:03 UTC (permalink / raw)
To: qemu-devel
The following changes since commit f9128631fbeb40a55f7bc145397981c963d40909:
Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/block-pull-request' into staging (2021-09-07 13:24:43 +0100)
are available in the Git repository at:
https://gitlab.com/bonzini/qemu.git tags/for-upstream
for you to fetch changes up to 3b942628231462c56c883a6273cf137d2a382f8f:
ebpf: only include in system emulators (2021-09-08 08:07:04 +0200)
----------------------------------------------------------------
* SGX support (Sean, Yang)
* vGIF and vVMLOAD/VMSAVE support (Lara)
* Fix LA57 support in TCG (Daniel)
* Avoid pointless warnings for static user-only compilation (Thomas)
* Fix --disable-system compilation if libbpf is found
* target-i386.rst restructuring
----------------------------------------------------------------
v3->v4: added docs changes and build system bugfixes
Daniel P. Berrangé (1):
target/i386: add missing bits to CR4_RESERVED_MASK
Lara Lazier (7):
target/i386: VMRUN and VMLOAD canonicalizations
target/i386: Added VGIF feature
target/i386: Moved int_ctl into CPUX86State structure
target/i386: Added VGIF V_IRQ masking capability
target/i386: Added ignore TPR check in ctl_has_irq
target/i386: Added changed priority check for VIRQ
target/i386: Added vVMLOAD and vVMSAVE feature
Paolo Bonzini (6):
fw_cfg: add etc/msr_feature_control
docs: standardize book titles to === with overline
docs: standardize directory index to --- with overline
docs/system: standardize man page sections to --- with overline
docs/system: move x86 CPU configuration to a separate document
ebpf: only include in system emulators
Sean Christopherson (21):
memory: Add RAM_PROTECTED flag to skip IOMMU mappings
hostmem: Add hostmem-epc as a backend for SGX EPC
i386: Add 'sgx-epc' device to expose EPC sections to guest
vl: Add sgx compound properties to expose SGX EPC sections to guest
i386: Add primary SGX CPUID and MSR defines
i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX
i386: Add SGX CPUID leaf FEAT_SGX_12_0_EBX
i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX
i386: Add get/set/migrate support for SGX_LEPUBKEYHASH MSRs
i386: Add feature control MSR dependency when SGX is enabled
i386: Update SGX CPUID info according to hardware/KVM/user input
i386: kvm: Add support for exposing PROVISIONKEY to guest
i386: Propagate SGX CPUID sub-leafs to KVM
Adjust min CPUID level to 0x12 when SGX is enabled
hw/i386/fw_cfg: Set SGX bits in feature control fw_cfg accordingly
hw/i386/pc: Account for SGX EPC sections when calculating device memory
i386/pc: Add e820 entry for SGX EPC section(s)
i386: acpi: Add SGX EPC entry to ACPI tables
q35: Add support for SGX EPC
i440fx: Add support for SGX EPC
docs/system: Add SGX documentation to the system manual
Thomas Huth (1):
meson.build: Do not look for VNC-related libraries if have_system is not set
Yang Zhong (7):
qom: Add memory-backend-epc ObjectOptions support
hostmem-epc: Add the reset interface for EPC backend reset
sgx-epc: Add the reset interface for sgx-epc virt device
sgx-epc: Avoid bios reset during sgx epc initialization
hostmem-epc: Make prealloc consistent with qemu cmdline during reset
Kconfig: Add CONFIG_SGX support
sgx-epc: Add the fill_device_info() callback support
backends/hostmem-epc.c | 118 ++++++++++++++
backends/meson.build | 1 +
configs/devices/i386-softmmu/default.mak | 1 +
docs/about/index.rst | 3 +-
docs/devel/index.rst | 3 +-
docs/index.rst | 1 +
docs/interop/index.rst | 3 +-
docs/specs/index.rst | 3 +-
docs/system/cpu-models-x86.rst.inc | 4 +-
docs/system/i386/cpu.rst | 1 +
docs/system/i386/sgx.rst | 165 +++++++++++++++++++
docs/system/index.rst | 3 +-
docs/system/qemu-block-drivers.rst | 4 +
docs/system/qemu-cpu-models.rst | 10 +-
docs/system/qemu-manpage.rst | 10 +-
docs/system/target-i386.rst | 9 +-
docs/tools/index.rst | 3 +-
docs/tools/qemu-img.rst | 1 +
docs/tools/qemu-nbd.rst | 1 +
docs/tools/qemu-pr-helper.rst | 1 +
docs/tools/qemu-storage-daemon.rst | 1 +
docs/tools/qemu-trace-stap.rst | 1 +
docs/user/index.rst | 3 +-
ebpf/meson.build | 2 +-
hw/i386/Kconfig | 5 +
hw/i386/acpi-build.c | 22 +++
hw/i386/fw_cfg.c | 10 +-
hw/i386/meson.build | 2 +
hw/i386/pc.c | 15 +-
hw/i386/pc_piix.c | 4 +
hw/i386/pc_q35.c | 3 +
hw/i386/sgx-epc.c | 265 +++++++++++++++++++++++++++++++
hw/i386/sgx-stub.c | 13 ++
hw/i386/sgx.c | 84 ++++++++++
hw/i386/x86.c | 29 ++++
hw/nvram/fw_cfg.c | 1 +
hw/vfio/common.c | 1 +
include/exec/memory.h | 15 +-
include/hw/i386/pc.h | 8 +
include/hw/i386/sgx-epc.h | 67 ++++++++
include/hw/i386/x86.h | 1 +
meson.build | 2 +-
monitor/hmp-cmds.c | 10 ++
qapi/machine.json | 52 +++++-
qapi/qom.json | 19 +++
qemu-options.hx | 10 +-
softmmu/memory.c | 5 +
softmmu/physmem.c | 3 +-
target/i386/cpu.c | 199 +++++++++++++++++++++--
target/i386/cpu.h | 39 +++++
target/i386/kvm/kvm.c | 75 +++++++++
target/i386/kvm/kvm_i386.h | 2 +
target/i386/machine.c | 42 ++++-
target/i386/svm.h | 8 +
target/i386/tcg/seg_helper.c | 2 +-
target/i386/tcg/sysemu/excp_helper.c | 2 +-
target/i386/tcg/sysemu/misc_helper.c | 11 +-
target/i386/tcg/sysemu/svm_helper.c | 121 +++++++++-----
58 files changed, 1418 insertions(+), 81 deletions(-)
create mode 100644 backends/hostmem-epc.c
create mode 100644 docs/system/i386/cpu.rst
create mode 100644 docs/system/i386/sgx.rst
create mode 100644 hw/i386/sgx-epc.c
create mode 100644 hw/i386/sgx-stub.c
create mode 100644 hw/i386/sgx.c
create mode 100644 include/hw/i386/sgx-epc.h
--
2.31.1
^ permalink raw reply [flat|nested] 55+ messages in thread
* [PULL v4 01/43] target/i386: add missing bits to CR4_RESERVED_MASK
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
@ 2021-09-08 10:03 ` Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 02/43] target/i386: VMRUN and VMLOAD canonicalizations Paolo Bonzini
` (43 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:03 UTC (permalink / raw)
To: qemu-devel; +Cc: Daniel P. Berrangé, Richard W . M . Jones
From: Daniel P. Berrangé <berrange@redhat.com>
Booting Fedora kernels with -cpu max hangs very early in boot. Disabling
the la57 CPUID bit fixes the problem. git bisect traced the regression to
commit 213ff024a2f92020290296cb9dc29c2af3d4a221 (HEAD, refs/bisect/bad)
Author: Lara Lazier <laramglazier@gmail.com>
Date: Wed Jul 21 17:26:50 2021 +0200
target/i386: Added consistency checks for CR4
All MBZ bits in CR4 must be zero. (APM2 15.5)
Added reserved bitmask and added checks in both
helper_vmrun and helper_write_crN.
Signed-off-by: Lara Lazier <laramglazier@gmail.com>
Message-Id: <20210721152651.14683-2-laramglazier@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
In this commit CR4_RESERVED_MASK is missing CR4_LA57_MASK and
two others. Adding this lets Fedora kernels boot once again.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Message-Id: <20210831175033.175584-1-berrange@redhat.com>
[Removed VMXE/SMXE, matching the commit message. - Paolo]
Fixes: 213ff024a2 ("target/i386: Added consistency checks for CR4", 2021-07-22)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 6c50d3ab4f..21b33fbe2e 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -257,6 +257,7 @@ typedef enum X86Seg {
| CR4_DE_MASK | CR4_PSE_MASK | CR4_PAE_MASK \
| CR4_MCE_MASK | CR4_PGE_MASK | CR4_PCE_MASK \
| CR4_OSFXSR_MASK | CR4_OSXMMEXCPT_MASK |CR4_UMIP_MASK \
+ | CR4_LA57_MASK \
| CR4_FSGSBASE_MASK | CR4_PCIDE_MASK | CR4_OSXSAVE_MASK \
| CR4_SMEP_MASK | CR4_SMAP_MASK | CR4_PKE_MASK | CR4_PKS_MASK))
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 02/43] target/i386: VMRUN and VMLOAD canonicalizations
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 01/43] target/i386: add missing bits to CR4_RESERVED_MASK Paolo Bonzini
@ 2021-09-08 10:03 ` Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 03/43] target/i386: Added VGIF feature Paolo Bonzini
` (42 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:03 UTC (permalink / raw)
To: qemu-devel; +Cc: Lara Lazier
From: Lara Lazier <laramglazier@gmail.com>
APM2 requires that VMRUN and VMLOAD canonicalize (sign extend to 63
from 48/57) all base addresses in the segment registers that have been
respectively loaded.
Signed-off-by: Lara Lazier <laramglazier@gmail.com>
Message-Id: <20210804113058.45186-1-laramglazier@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.c | 19 +++++++++++--------
target/i386/cpu.h | 2 ++
target/i386/tcg/sysemu/svm_helper.c | 27 +++++++++++++++++----------
3 files changed, 30 insertions(+), 18 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 97e250e876..fbca4e5860 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5115,6 +5115,15 @@ static void x86_register_cpudef_types(const X86CPUDefinition *def)
}
+uint32_t cpu_x86_virtual_addr_width(CPUX86State *env)
+{
+ if (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_LA57) {
+ return 57; /* 57 bits virtual */
+ } else {
+ return 48; /* 48 bits virtual */
+ }
+}
+
void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
uint32_t *eax, uint32_t *ebx,
uint32_t *ecx, uint32_t *edx)
@@ -5517,16 +5526,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
break;
case 0x80000008:
/* virtual & phys address size in low 2 bytes. */
+ *eax = cpu->phys_bits;
if (env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_LM) {
/* 64 bit processor */
- *eax = cpu->phys_bits; /* configurable physical bits */
- if (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_LA57) {
- *eax |= 0x00003900; /* 57 bits virtual */
- } else {
- *eax |= 0x00003000; /* 48 bits virtual */
- }
- } else {
- *eax = cpu->phys_bits;
+ *eax |= (cpu_x86_virtual_addr_width(env) << 8);
}
*ebx = env->features[FEAT_8000_0008_EBX];
if (cs->nr_cores * cs->nr_threads > 1) {
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 21b33fbe2e..aafc2eb696 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1955,6 +1955,8 @@ typedef struct PropValue {
} PropValue;
void x86_cpu_apply_props(X86CPU *cpu, PropValue *props);
+uint32_t cpu_x86_virtual_addr_width(CPUX86State *env);
+
/* cpu.c other functions (cpuid) */
void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
uint32_t *eax, uint32_t *ebx,
diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/svm_helper.c
index 0d549b3d6c..0e7de4e054 100644
--- a/target/i386/tcg/sysemu/svm_helper.c
+++ b/target/i386/tcg/sysemu/svm_helper.c
@@ -41,6 +41,16 @@ static inline void svm_save_seg(CPUX86State *env, hwaddr addr,
((sc->flags >> 8) & 0xff) | ((sc->flags >> 12) & 0x0f00));
}
+/*
+ * VMRUN and VMLOAD canonicalizes (i.e., sign-extend to bit 63) all base
+ * addresses in the segment registers that have been loaded.
+ */
+static inline void svm_canonicalization(CPUX86State *env, target_ulong *seg_base)
+{
+ uint16_t shift_amt = 64 - cpu_x86_virtual_addr_width(env);
+ *seg_base = ((((long) *seg_base) << shift_amt) >> shift_amt);
+}
+
static inline void svm_load_seg(CPUX86State *env, hwaddr addr,
SegmentCache *sc)
{
@@ -53,6 +63,7 @@ static inline void svm_load_seg(CPUX86State *env, hwaddr addr,
sc->limit = x86_ldl_phys(cs, addr + offsetof(struct vmcb_seg, limit));
flags = x86_lduw_phys(cs, addr + offsetof(struct vmcb_seg, attrib));
sc->flags = ((flags & 0xff) << 8) | ((flags & 0x0f00) << 12);
+ svm_canonicalization(env, &sc->base);
}
static inline void svm_load_seg_cache(CPUX86State *env, hwaddr addr,
@@ -245,16 +256,6 @@ void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend)
env->tsc_offset = x86_ldq_phys(cs, env->vm_vmcb +
offsetof(struct vmcb, control.tsc_offset));
- env->gdt.base = x86_ldq_phys(cs, env->vm_vmcb + offsetof(struct vmcb,
- save.gdtr.base));
- env->gdt.limit = x86_ldl_phys(cs, env->vm_vmcb + offsetof(struct vmcb,
- save.gdtr.limit));
-
- env->idt.base = x86_ldq_phys(cs, env->vm_vmcb + offsetof(struct vmcb,
- save.idtr.base));
- env->idt.limit = x86_ldl_phys(cs, env->vm_vmcb + offsetof(struct vmcb,
- save.idtr.limit));
-
new_cr0 = x86_ldq_phys(cs, env->vm_vmcb + offsetof(struct vmcb, save.cr0));
if (new_cr0 & SVM_CR0_RESERVED_MASK) {
cpu_vmexit(env, SVM_EXIT_ERR, 0, GETPC());
@@ -308,6 +309,10 @@ void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend)
R_SS);
svm_load_seg_cache(env, env->vm_vmcb + offsetof(struct vmcb, save.ds),
R_DS);
+ svm_load_seg(env, env->vm_vmcb + offsetof(struct vmcb, save.idtr),
+ &env->idt);
+ svm_load_seg(env, env->vm_vmcb + offsetof(struct vmcb, save.gdtr),
+ &env->gdt);
env->eip = x86_ldq_phys(cs,
env->vm_vmcb + offsetof(struct vmcb, save.rip));
@@ -446,6 +451,7 @@ void helper_vmload(CPUX86State *env, int aflag)
env->lstar = x86_ldq_phys(cs, addr + offsetof(struct vmcb, save.lstar));
env->cstar = x86_ldq_phys(cs, addr + offsetof(struct vmcb, save.cstar));
env->fmask = x86_ldq_phys(cs, addr + offsetof(struct vmcb, save.sfmask));
+ svm_canonicalization(env, &env->kernelgsbase);
#endif
env->star = x86_ldq_phys(cs, addr + offsetof(struct vmcb, save.star));
env->sysenter_cs = x86_ldq_phys(cs,
@@ -454,6 +460,7 @@ void helper_vmload(CPUX86State *env, int aflag)
save.sysenter_esp));
env->sysenter_eip = x86_ldq_phys(cs, addr + offsetof(struct vmcb,
save.sysenter_eip));
+
}
void helper_vmsave(CPUX86State *env, int aflag)
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 03/43] target/i386: Added VGIF feature
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 01/43] target/i386: add missing bits to CR4_RESERVED_MASK Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 02/43] target/i386: VMRUN and VMLOAD canonicalizations Paolo Bonzini
@ 2021-09-08 10:03 ` Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 04/43] target/i386: Moved int_ctl into CPUX86State structure Paolo Bonzini
` (41 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:03 UTC (permalink / raw)
To: qemu-devel; +Cc: Lara Lazier
From: Lara Lazier <laramglazier@gmail.com>
VGIF allows STGI and CLGI to execute in guest mode and control virtual
interrupts in guest mode.
When the VGIF feature is enabled then:
* executing STGI in the guest sets bit 9 of the VMCB offset 60h.
* executing CLGI in the guest clears bit 9 of the VMCB offset 60h.
Signed-off-by: Lara Lazier <laramglazier@gmail.com>
Message-Id: <20210730070742.9674-1-laramglazier@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.c | 3 ++-
target/i386/svm.h | 6 ++++++
target/i386/tcg/sysemu/svm_helper.c | 31 +++++++++++++++++++++++++++--
3 files changed, 37 insertions(+), 3 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index fbca4e5860..86064ea1f9 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -631,7 +631,8 @@ void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
#define TCG_EXT3_FEATURES (CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM | \
CPUID_EXT3_CR8LEG | CPUID_EXT3_ABM | CPUID_EXT3_SSE4A)
#define TCG_EXT4_FEATURES 0
-#define TCG_SVM_FEATURES CPUID_SVM_NPT
+#define TCG_SVM_FEATURES (CPUID_SVM_NPT | CPUID_SVM_VGIF | \
+ CPUID_SVM_SVME_ADDR_CHK)
#define TCG_KVM_FEATURES 0
#define TCG_7_0_EBX_FEATURES (CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_SMAP | \
CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ADX | \
diff --git a/target/i386/svm.h b/target/i386/svm.h
index adc058dc76..036597a2ff 100644
--- a/target/i386/svm.h
+++ b/target/i386/svm.h
@@ -9,6 +9,12 @@
#define V_IRQ_SHIFT 8
#define V_IRQ_MASK (1 << V_IRQ_SHIFT)
+#define V_GIF_ENABLED_SHIFT 25
+#define V_GIF_ENABLED_MASK (1 << V_GIF_ENABLED_SHIFT)
+
+#define V_GIF_SHIFT 9
+#define V_GIF_MASK (1 << V_GIF_SHIFT)
+
#define V_INTR_PRIO_SHIFT 16
#define V_INTR_PRIO_MASK (0x0f << V_INTR_PRIO_SHIFT)
diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/svm_helper.c
index 0e7de4e054..66c2c1e61f 100644
--- a/target/i386/tcg/sysemu/svm_helper.c
+++ b/target/i386/tcg/sysemu/svm_helper.c
@@ -121,6 +121,17 @@ static inline bool is_efer_invalid_state (CPUX86State *env)
return false;
}
+static inline bool virtual_gif_enabled(CPUX86State *env, uint32_t *int_ctl)
+{
+ if (likely(env->hflags & HF_GUEST_MASK)) {
+ *int_ctl = x86_ldl_phys(env_cpu(env),
+ env->vm_vmcb + offsetof(struct vmcb, control.int_ctl));
+ return (env->features[FEAT_SVM] & CPUID_SVM_VGIF)
+ && (*int_ctl & V_GIF_ENABLED_MASK);
+ }
+ return false;
+}
+
void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend)
{
CPUState *cs = env_cpu(env);
@@ -510,13 +521,29 @@ void helper_vmsave(CPUX86State *env, int aflag)
void helper_stgi(CPUX86State *env)
{
cpu_svm_check_intercept_param(env, SVM_EXIT_STGI, 0, GETPC());
- env->hflags2 |= HF2_GIF_MASK;
+
+ CPUState *cs = env_cpu(env);
+ uint32_t int_ctl;
+ if (virtual_gif_enabled(env, &int_ctl)) {
+ x86_stl_phys(cs, env->vm_vmcb + offsetof(struct vmcb, control.int_ctl),
+ int_ctl | V_GIF_MASK);
+ } else {
+ env->hflags2 |= HF2_GIF_MASK;
+ }
}
void helper_clgi(CPUX86State *env)
{
cpu_svm_check_intercept_param(env, SVM_EXIT_CLGI, 0, GETPC());
- env->hflags2 &= ~HF2_GIF_MASK;
+
+ CPUState *cs = env_cpu(env);
+ uint32_t int_ctl;
+ if (virtual_gif_enabled(env, &int_ctl)) {
+ x86_stl_phys(cs, env->vm_vmcb + offsetof(struct vmcb, control.int_ctl),
+ int_ctl & ~V_GIF_MASK);
+ } else {
+ env->hflags2 &= ~HF2_GIF_MASK;
+ }
}
bool cpu_svm_has_intercept(CPUX86State *env, uint32_t type)
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 04/43] target/i386: Moved int_ctl into CPUX86State structure
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (2 preceding siblings ...)
2021-09-08 10:03 ` [PULL v4 03/43] target/i386: Added VGIF feature Paolo Bonzini
@ 2021-09-08 10:03 ` Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 05/43] target/i386: Added VGIF V_IRQ masking capability Paolo Bonzini
` (40 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:03 UTC (permalink / raw)
To: qemu-devel; +Cc: Lara Lazier
From: Lara Lazier <laramglazier@gmail.com>
Moved int_ctl into the CPUX86State structure. It removes some
unnecessary stores and loads, and prepares for tracking the vIRQ
state even when it is masked due to vGIF.
Signed-off-by: Lara Lazier <laramglazier@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.c | 2 +-
target/i386/cpu.h | 1 +
target/i386/machine.c | 22 ++++++++++++-
target/i386/tcg/seg_helper.c | 2 +-
target/i386/tcg/sysemu/misc_helper.c | 4 +--
target/i386/tcg/sysemu/svm_helper.c | 48 +++++++++-------------------
6 files changed, 41 insertions(+), 38 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 86064ea1f9..ddc3b63cb8 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5655,7 +5655,7 @@ static void x86_cpu_reset(DeviceState *dev)
env->old_exception = -1;
/* init to reset state */
-
+ env->int_ctl = 0;
env->hflags2 |= HF2_GIF_MASK;
env->hflags &= ~HF_GUEST_MASK;
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index aafc2eb696..3dfe630d7e 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1578,6 +1578,7 @@ typedef struct CPUX86State {
uint64_t nested_cr3;
uint32_t nested_pg_mode;
uint8_t v_tpr;
+ uint32_t int_ctl;
/* KVM states, automatically cleared on reset */
uint8_t nmi_injected;
diff --git a/target/i386/machine.c b/target/i386/machine.c
index f6f094f1c9..b0943118d1 100644
--- a/target/i386/machine.c
+++ b/target/i386/machine.c
@@ -203,7 +203,7 @@ static int cpu_pre_save(void *opaque)
X86CPU *cpu = opaque;
CPUX86State *env = &cpu->env;
int i;
-
+ env->v_tpr = env->int_ctl & V_TPR_MASK;
/* FPU */
env->fpus_vmstate = (env->fpus & ~0x3800) | (env->fpstt & 0x7) << 11;
env->fptag_vmstate = 0;
@@ -1356,6 +1356,25 @@ static const VMStateDescription vmstate_svm_npt = {
}
};
+static bool svm_guest_needed(void *opaque)
+{
+ X86CPU *cpu = opaque;
+ CPUX86State *env = &cpu->env;
+
+ return tcg_enabled() && env->int_ctl;
+}
+
+static const VMStateDescription vmstate_svm_guest = {
+ .name = "cpu/svm_guest",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .needed = svm_guest_needed,
+ .fields = (VMStateField[]){
+ VMSTATE_UINT32(env.int_ctl, X86CPU),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
#ifndef TARGET_X86_64
static bool intel_efer32_needed(void *opaque)
{
@@ -1524,6 +1543,7 @@ const VMStateDescription vmstate_x86_cpu = {
&vmstate_msr_intel_pt,
&vmstate_msr_virt_ssbd,
&vmstate_svm_npt,
+ &vmstate_svm_guest,
#ifndef TARGET_X86_64
&vmstate_efer32,
#endif
diff --git a/target/i386/tcg/seg_helper.c b/target/i386/tcg/seg_helper.c
index 3ed20ca31d..cef68b610a 100644
--- a/target/i386/tcg/seg_helper.c
+++ b/target/i386/tcg/seg_helper.c
@@ -1166,7 +1166,6 @@ bool x86_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
break;
#if !defined(CONFIG_USER_ONLY)
case CPU_INTERRUPT_VIRQ:
- /* FIXME: this should respect TPR */
cpu_svm_check_intercept_param(env, SVM_EXIT_VINTR, 0, 0);
intno = x86_ldl_phys(cs, env->vm_vmcb
+ offsetof(struct vmcb, control.int_vector));
@@ -1174,6 +1173,7 @@ bool x86_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
"Servicing virtual hardware INT=0x%02x\n", intno);
do_interrupt_x86_hardirq(env, intno, 1);
cs->interrupt_request &= ~CPU_INTERRUPT_VIRQ;
+ env->int_ctl &= ~V_IRQ_MASK;
break;
#endif
}
diff --git a/target/i386/tcg/sysemu/misc_helper.c b/target/i386/tcg/sysemu/misc_helper.c
index e7a2ebde81..91b0fc916b 100644
--- a/target/i386/tcg/sysemu/misc_helper.c
+++ b/target/i386/tcg/sysemu/misc_helper.c
@@ -73,7 +73,7 @@ target_ulong helper_read_crN(CPUX86State *env, int reg)
if (!(env->hflags2 & HF2_VINTR_MASK)) {
val = cpu_get_apic_tpr(env_archcpu(env)->apic_state);
} else {
- val = env->v_tpr;
+ val = env->int_ctl & V_TPR_MASK;
}
break;
}
@@ -121,7 +121,7 @@ void helper_write_crN(CPUX86State *env, int reg, target_ulong t0)
cpu_set_apic_tpr(env_archcpu(env)->apic_state, t0);
qemu_mutex_unlock_iothread();
}
- env->v_tpr = t0 & 0x0f;
+ env->int_ctl = (env->int_ctl & ~V_TPR_MASK) | (t0 & V_TPR_MASK);
break;
default:
env->cr[reg] = t0;
diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/svm_helper.c
index 66c2c1e61f..24c58b6a38 100644
--- a/target/i386/tcg/sysemu/svm_helper.c
+++ b/target/i386/tcg/sysemu/svm_helper.c
@@ -76,14 +76,14 @@ static inline void svm_load_seg_cache(CPUX86State *env, hwaddr addr,
sc->base, sc->limit, sc->flags);
}
-static inline bool ctl_has_irq(uint32_t int_ctl)
+static inline bool ctl_has_irq(CPUX86State *env)
{
uint32_t int_prio;
uint32_t tpr;
- int_prio = (int_ctl & V_INTR_PRIO_MASK) >> V_INTR_PRIO_SHIFT;
- tpr = int_ctl & V_TPR_MASK;
- return (int_ctl & V_IRQ_MASK) && (int_prio >= tpr);
+ int_prio = (env->int_ctl & V_INTR_PRIO_MASK) >> V_INTR_PRIO_SHIFT;
+ tpr = env->int_ctl & V_TPR_MASK;
+ return (env->int_ctl & V_IRQ_MASK) && (int_prio >= tpr);
}
static inline bool is_efer_invalid_state (CPUX86State *env)
@@ -121,13 +121,11 @@ static inline bool is_efer_invalid_state (CPUX86State *env)
return false;
}
-static inline bool virtual_gif_enabled(CPUX86State *env, uint32_t *int_ctl)
+static inline bool virtual_gif_enabled(CPUX86State *env)
{
if (likely(env->hflags & HF_GUEST_MASK)) {
- *int_ctl = x86_ldl_phys(env_cpu(env),
- env->vm_vmcb + offsetof(struct vmcb, control.int_ctl));
return (env->features[FEAT_SVM] & CPUID_SVM_VGIF)
- && (*int_ctl & V_GIF_ENABLED_MASK);
+ && (env->int_ctl & V_GIF_ENABLED_MASK);
}
return false;
}
@@ -139,7 +137,6 @@ void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend)
target_ulong addr;
uint64_t nested_ctl;
uint32_t event_inj;
- uint32_t int_ctl;
uint32_t asid;
uint64_t new_cr0;
uint64_t new_cr3;
@@ -292,11 +289,10 @@ void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend)
cpu_x86_update_cr3(env, new_cr3);
env->cr[2] = x86_ldq_phys(cs,
env->vm_vmcb + offsetof(struct vmcb, save.cr2));
- int_ctl = x86_ldl_phys(cs,
+ env->int_ctl = x86_ldl_phys(cs,
env->vm_vmcb + offsetof(struct vmcb, control.int_ctl));
env->hflags2 &= ~(HF2_HIF_MASK | HF2_VINTR_MASK);
- if (int_ctl & V_INTR_MASKING_MASK) {
- env->v_tpr = int_ctl & V_TPR_MASK;
+ if (env->int_ctl & V_INTR_MASKING_MASK) {
env->hflags2 |= HF2_VINTR_MASK;
if (env->eflags & IF_MASK) {
env->hflags2 |= HF2_HIF_MASK;
@@ -362,7 +358,7 @@ void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend)
env->hflags2 |= HF2_GIF_MASK;
- if (ctl_has_irq(int_ctl)) {
+ if (ctl_has_irq(env)) {
CPUState *cs = env_cpu(env);
cs->interrupt_request |= CPU_INTERRUPT_VIRQ;
@@ -522,11 +518,8 @@ void helper_stgi(CPUX86State *env)
{
cpu_svm_check_intercept_param(env, SVM_EXIT_STGI, 0, GETPC());
- CPUState *cs = env_cpu(env);
- uint32_t int_ctl;
- if (virtual_gif_enabled(env, &int_ctl)) {
- x86_stl_phys(cs, env->vm_vmcb + offsetof(struct vmcb, control.int_ctl),
- int_ctl | V_GIF_MASK);
+ if (virtual_gif_enabled(env)) {
+ env->int_ctl |= V_GIF_MASK;
} else {
env->hflags2 |= HF2_GIF_MASK;
}
@@ -536,11 +529,8 @@ void helper_clgi(CPUX86State *env)
{
cpu_svm_check_intercept_param(env, SVM_EXIT_CLGI, 0, GETPC());
- CPUState *cs = env_cpu(env);
- uint32_t int_ctl;
- if (virtual_gif_enabled(env, &int_ctl)) {
- x86_stl_phys(cs, env->vm_vmcb + offsetof(struct vmcb, control.int_ctl),
- int_ctl & ~V_GIF_MASK);
+ if (virtual_gif_enabled(env)) {
+ env->int_ctl &= ~V_GIF_MASK;
} else {
env->hflags2 &= ~HF2_GIF_MASK;
}
@@ -688,7 +678,6 @@ void cpu_vmexit(CPUX86State *env, uint32_t exit_code, uint64_t exit_info_1,
void do_vmexit(CPUX86State *env)
{
CPUState *cs = env_cpu(env);
- uint32_t int_ctl;
if (env->hflags & HF_INHIBIT_IRQ_MASK) {
x86_stl_phys(cs,
@@ -731,16 +720,8 @@ void do_vmexit(CPUX86State *env)
env->vm_vmcb + offsetof(struct vmcb, save.cr3), env->cr[3]);
x86_stq_phys(cs,
env->vm_vmcb + offsetof(struct vmcb, save.cr4), env->cr[4]);
-
- int_ctl = x86_ldl_phys(cs,
- env->vm_vmcb + offsetof(struct vmcb, control.int_ctl));
- int_ctl &= ~(V_TPR_MASK | V_IRQ_MASK);
- int_ctl |= env->v_tpr & V_TPR_MASK;
- if (cs->interrupt_request & CPU_INTERRUPT_VIRQ) {
- int_ctl |= V_IRQ_MASK;
- }
x86_stl_phys(cs,
- env->vm_vmcb + offsetof(struct vmcb, control.int_ctl), int_ctl);
+ env->vm_vmcb + offsetof(struct vmcb, control.int_ctl), env->int_ctl);
x86_stq_phys(cs, env->vm_vmcb + offsetof(struct vmcb, save.rflags),
cpu_compute_eflags(env));
@@ -763,6 +744,7 @@ void do_vmexit(CPUX86State *env)
env->intercept = 0;
env->intercept_exceptions = 0;
cs->interrupt_request &= ~CPU_INTERRUPT_VIRQ;
+ env->int_ctl = 0;
env->tsc_offset = 0;
env->gdt.base = x86_ldq_phys(cs, env->vm_hsave + offsetof(struct vmcb,
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 05/43] target/i386: Added VGIF V_IRQ masking capability
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (3 preceding siblings ...)
2021-09-08 10:03 ` [PULL v4 04/43] target/i386: Moved int_ctl into CPUX86State structure Paolo Bonzini
@ 2021-09-08 10:03 ` Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 06/43] target/i386: Added ignore TPR check in ctl_has_irq Paolo Bonzini
` (39 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:03 UTC (permalink / raw)
To: qemu-devel; +Cc: Lara Lazier
From: Lara Lazier <laramglazier@gmail.com>
VGIF provides masking capability for when virtual interrupts
are taken. (APM2)
Signed-off-by: Lara Lazier <laramglazier@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.c | 7 +++++--
target/i386/cpu.h | 2 ++
target/i386/tcg/sysemu/svm_helper.c | 12 ++++++++++++
3 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index ddc3b63cb8..6b029f1bdf 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5657,6 +5657,7 @@ static void x86_cpu_reset(DeviceState *dev)
/* init to reset state */
env->int_ctl = 0;
env->hflags2 |= HF2_GIF_MASK;
+ env->hflags2 |= HF2_VGIF_MASK;
env->hflags &= ~HF_GUEST_MASK;
cpu_x86_update_cr0(env, 0x60000010);
@@ -6540,10 +6541,12 @@ int x86_cpu_pending_interrupt(CPUState *cs, int interrupt_request)
!(env->hflags & HF_INHIBIT_IRQ_MASK))))) {
return CPU_INTERRUPT_HARD;
#if !defined(CONFIG_USER_ONLY)
- } else if ((interrupt_request & CPU_INTERRUPT_VIRQ) &&
+ } else if (env->hflags2 & HF2_VGIF_MASK) {
+ if((interrupt_request & CPU_INTERRUPT_VIRQ) &&
(env->eflags & IF_MASK) &&
!(env->hflags & HF_INHIBIT_IRQ_MASK)) {
- return CPU_INTERRUPT_VIRQ;
+ return CPU_INTERRUPT_VIRQ;
+ }
#endif
}
}
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 3dfe630d7e..24e8ec5273 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -203,6 +203,7 @@ typedef enum X86Seg {
#define HF2_MPX_PR_SHIFT 5 /* BNDCFGx.BNDPRESERVE */
#define HF2_NPT_SHIFT 6 /* Nested Paging enabled */
#define HF2_IGNNE_SHIFT 7 /* Ignore CR0.NE=0 */
+#define HF2_VGIF_SHIFT 8 /* Can take VIRQ*/
#define HF2_GIF_MASK (1 << HF2_GIF_SHIFT)
#define HF2_HIF_MASK (1 << HF2_HIF_SHIFT)
@@ -212,6 +213,7 @@ typedef enum X86Seg {
#define HF2_MPX_PR_MASK (1 << HF2_MPX_PR_SHIFT)
#define HF2_NPT_MASK (1 << HF2_NPT_SHIFT)
#define HF2_IGNNE_MASK (1 << HF2_IGNNE_SHIFT)
+#define HF2_VGIF_MASK (1 << HF2_VGIF_SHIFT)
#define CR0_PE_SHIFT 0
#define CR0_MP_SHIFT 1
diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/svm_helper.c
index 24c58b6a38..4612dae1ac 100644
--- a/target/i386/tcg/sysemu/svm_helper.c
+++ b/target/i386/tcg/sysemu/svm_helper.c
@@ -130,6 +130,11 @@ static inline bool virtual_gif_enabled(CPUX86State *env)
return false;
}
+static inline bool virtual_gif_set(CPUX86State *env)
+{
+ return !virtual_gif_enabled(env) || (env->int_ctl & V_GIF_MASK);
+}
+
void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend)
{
CPUState *cs = env_cpu(env);
@@ -364,6 +369,10 @@ void helper_vmrun(CPUX86State *env, int aflag, int next_eip_addend)
cs->interrupt_request |= CPU_INTERRUPT_VIRQ;
}
+ if (virtual_gif_set(env)) {
+ env->hflags2 |= HF2_VGIF_MASK;
+ }
+
/* maybe we need to inject an event */
event_inj = x86_ldl_phys(cs, env->vm_vmcb + offsetof(struct vmcb,
control.event_inj));
@@ -520,6 +529,7 @@ void helper_stgi(CPUX86State *env)
if (virtual_gif_enabled(env)) {
env->int_ctl |= V_GIF_MASK;
+ env->hflags2 |= HF2_VGIF_MASK;
} else {
env->hflags2 |= HF2_GIF_MASK;
}
@@ -531,6 +541,7 @@ void helper_clgi(CPUX86State *env)
if (virtual_gif_enabled(env)) {
env->int_ctl &= ~V_GIF_MASK;
+ env->hflags2 &= ~HF2_VGIF_MASK;
} else {
env->hflags2 &= ~HF2_GIF_MASK;
}
@@ -812,6 +823,7 @@ void do_vmexit(CPUX86State *env)
env->vm_vmcb + offsetof(struct vmcb, control.event_inj), 0);
env->hflags2 &= ~HF2_GIF_MASK;
+ env->hflags2 &= ~HF2_VGIF_MASK;
/* FIXME: Resets the current ASID register to zero (host ASID). */
/* Clears the V_IRQ and V_INTR_MASKING bits inside the processor. */
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 06/43] target/i386: Added ignore TPR check in ctl_has_irq
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (4 preceding siblings ...)
2021-09-08 10:03 ` [PULL v4 05/43] target/i386: Added VGIF V_IRQ masking capability Paolo Bonzini
@ 2021-09-08 10:03 ` Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 07/43] target/i386: Added changed priority check for VIRQ Paolo Bonzini
` (38 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:03 UTC (permalink / raw)
To: qemu-devel; +Cc: Lara Lazier
From: Lara Lazier <laramglazier@gmail.com>
The APM2 states that if V_IGN_TPR is nonzero, the current
virtual interrupt ignores the (virtual) TPR.
Signed-off-by: Lara Lazier <laramglazier@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/tcg/sysemu/svm_helper.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/svm_helper.c
index 4612dae1ac..a35b79548a 100644
--- a/target/i386/tcg/sysemu/svm_helper.c
+++ b/target/i386/tcg/sysemu/svm_helper.c
@@ -83,6 +83,11 @@ static inline bool ctl_has_irq(CPUX86State *env)
int_prio = (env->int_ctl & V_INTR_PRIO_MASK) >> V_INTR_PRIO_SHIFT;
tpr = env->int_ctl & V_TPR_MASK;
+
+ if (env->int_ctl & V_IGN_TPR_MASK) {
+ return env->int_ctl & V_IRQ_MASK;
+ }
+
return (env->int_ctl & V_IRQ_MASK) && (int_prio >= tpr);
}
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 07/43] target/i386: Added changed priority check for VIRQ
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (5 preceding siblings ...)
2021-09-08 10:03 ` [PULL v4 06/43] target/i386: Added ignore TPR check in ctl_has_irq Paolo Bonzini
@ 2021-09-08 10:03 ` Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 08/43] target/i386: Added vVMLOAD and vVMSAVE feature Paolo Bonzini
` (37 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:03 UTC (permalink / raw)
To: qemu-devel; +Cc: Lara Lazier
From: Lara Lazier <laramglazier@gmail.com>
Writes to cr8 affect v_tpr. This could set or unset an interrupt
request as the priority might have changed.
Signed-off-by: Lara Lazier <laramglazier@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.h | 15 +++++++++++++++
target/i386/tcg/sysemu/misc_helper.c | 7 +++++++
target/i386/tcg/sysemu/svm_helper.c | 15 ---------------
3 files changed, 22 insertions(+), 15 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 24e8ec5273..6b09b8b62f 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -2246,6 +2246,21 @@ static inline uint64_t cr4_reserved_bits(CPUX86State *env)
return reserved_bits;
}
+static inline bool ctl_has_irq(CPUX86State *env)
+{
+ uint32_t int_prio;
+ uint32_t tpr;
+
+ int_prio = (env->int_ctl & V_INTR_PRIO_MASK) >> V_INTR_PRIO_SHIFT;
+ tpr = env->int_ctl & V_TPR_MASK;
+
+ if (env->int_ctl & V_IGN_TPR_MASK) {
+ return (env->int_ctl & V_IRQ_MASK);
+ }
+
+ return (env->int_ctl & V_IRQ_MASK) && (int_prio >= tpr);
+}
+
#if defined(TARGET_X86_64) && \
defined(CONFIG_USER_ONLY) && \
defined(CONFIG_LINUX)
diff --git a/target/i386/tcg/sysemu/misc_helper.c b/target/i386/tcg/sysemu/misc_helper.c
index 91b0fc916b..9ccaa054c4 100644
--- a/target/i386/tcg/sysemu/misc_helper.c
+++ b/target/i386/tcg/sysemu/misc_helper.c
@@ -122,6 +122,13 @@ void helper_write_crN(CPUX86State *env, int reg, target_ulong t0)
qemu_mutex_unlock_iothread();
}
env->int_ctl = (env->int_ctl & ~V_TPR_MASK) | (t0 & V_TPR_MASK);
+
+ CPUState *cs = env_cpu(env);
+ if (ctl_has_irq(env)) {
+ cpu_interrupt(cs, CPU_INTERRUPT_VIRQ);
+ } else {
+ cpu_reset_interrupt(cs, CPU_INTERRUPT_VIRQ);
+ }
break;
default:
env->cr[reg] = t0;
diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/svm_helper.c
index a35b79548a..7bbd3a18c9 100644
--- a/target/i386/tcg/sysemu/svm_helper.c
+++ b/target/i386/tcg/sysemu/svm_helper.c
@@ -76,21 +76,6 @@ static inline void svm_load_seg_cache(CPUX86State *env, hwaddr addr,
sc->base, sc->limit, sc->flags);
}
-static inline bool ctl_has_irq(CPUX86State *env)
-{
- uint32_t int_prio;
- uint32_t tpr;
-
- int_prio = (env->int_ctl & V_INTR_PRIO_MASK) >> V_INTR_PRIO_SHIFT;
- tpr = env->int_ctl & V_TPR_MASK;
-
- if (env->int_ctl & V_IGN_TPR_MASK) {
- return env->int_ctl & V_IRQ_MASK;
- }
-
- return (env->int_ctl & V_IRQ_MASK) && (int_prio >= tpr);
-}
-
static inline bool is_efer_invalid_state (CPUX86State *env)
{
if (!(env->efer & MSR_EFER_SVME)) {
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 08/43] target/i386: Added vVMLOAD and vVMSAVE feature
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (6 preceding siblings ...)
2021-09-08 10:03 ` [PULL v4 07/43] target/i386: Added changed priority check for VIRQ Paolo Bonzini
@ 2021-09-08 10:03 ` Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 09/43] memory: Add RAM_PROTECTED flag to skip IOMMU mappings Paolo Bonzini
` (36 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:03 UTC (permalink / raw)
To: qemu-devel; +Cc: Lara Lazier
From: Lara Lazier <laramglazier@gmail.com>
The feature allows the VMSAVE and VMLOAD instructions to execute in guest mode without
causing a VMEXIT. (APM2 15.33.1)
Signed-off-by: Lara Lazier <laramglazier@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.h | 2 ++
target/i386/svm.h | 2 ++
target/i386/tcg/sysemu/excp_helper.c | 2 +-
target/i386/tcg/sysemu/svm_helper.c | 29 ++++++++++++++++++++++++++++
4 files changed, 34 insertions(+), 1 deletion(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 6b09b8b62f..71ae3141c3 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -2261,6 +2261,8 @@ static inline bool ctl_has_irq(CPUX86State *env)
return (env->int_ctl & V_IRQ_MASK) && (int_prio >= tpr);
}
+hwaddr get_hphys(CPUState *cs, hwaddr gphys, MMUAccessType access_type,
+ int *prot);
#if defined(TARGET_X86_64) && \
defined(CONFIG_USER_ONLY) && \
defined(CONFIG_LINUX)
diff --git a/target/i386/svm.h b/target/i386/svm.h
index 036597a2ff..f9a785489d 100644
--- a/target/i386/svm.h
+++ b/target/i386/svm.h
@@ -24,6 +24,8 @@
#define V_INTR_MASKING_SHIFT 24
#define V_INTR_MASKING_MASK (1 << V_INTR_MASKING_SHIFT)
+#define V_VMLOAD_VMSAVE_ENABLED_MASK (1 << 1)
+
#define SVM_INTERRUPT_SHADOW_MASK 1
#define SVM_IOIO_STR_SHIFT 2
diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/excp_helper.c
index b6d940e04e..7af887be4d 100644
--- a/target/i386/tcg/sysemu/excp_helper.c
+++ b/target/i386/tcg/sysemu/excp_helper.c
@@ -358,7 +358,7 @@ do_check_protect_pse36:
return error_code;
}
-static hwaddr get_hphys(CPUState *cs, hwaddr gphys, MMUAccessType access_type,
+hwaddr get_hphys(CPUState *cs, hwaddr gphys, MMUAccessType access_type,
int *prot)
{
CPUX86State *env = &X86_CPU(cs)->env;
diff --git a/target/i386/tcg/sysemu/svm_helper.c b/target/i386/tcg/sysemu/svm_helper.c
index 7bbd3a18c9..6d39611eb6 100644
--- a/target/i386/tcg/sysemu/svm_helper.c
+++ b/target/i386/tcg/sysemu/svm_helper.c
@@ -120,6 +120,25 @@ static inline bool virtual_gif_enabled(CPUX86State *env)
return false;
}
+static inline bool virtual_vm_load_save_enabled(CPUX86State *env, uint32_t exit_code, uintptr_t retaddr)
+{
+ uint64_t lbr_ctl;
+
+ if (likely(env->hflags & HF_GUEST_MASK)) {
+ if (likely(!(env->hflags2 & HF2_NPT_MASK)) || !(env->efer & MSR_EFER_LMA)) {
+ cpu_vmexit(env, exit_code, 0, retaddr);
+ }
+
+ lbr_ctl = x86_ldl_phys(env_cpu(env), env->vm_vmcb + offsetof(struct vmcb,
+ control.lbr_ctl));
+ return (env->features[FEAT_SVM] & CPUID_SVM_V_VMSAVE_VMLOAD)
+ && (lbr_ctl & V_VMLOAD_VMSAVE_ENABLED_MASK);
+
+ }
+
+ return false;
+}
+
static inline bool virtual_gif_set(CPUX86State *env)
{
return !virtual_gif_enabled(env) || (env->int_ctl & V_GIF_MASK);
@@ -431,6 +450,7 @@ void helper_vmload(CPUX86State *env, int aflag)
{
CPUState *cs = env_cpu(env);
target_ulong addr;
+ int prot;
cpu_svm_check_intercept_param(env, SVM_EXIT_VMLOAD, 0, GETPC());
@@ -440,6 +460,10 @@ void helper_vmload(CPUX86State *env, int aflag)
addr = (uint32_t)env->regs[R_EAX];
}
+ if (virtual_vm_load_save_enabled(env, SVM_EXIT_VMLOAD, GETPC())) {
+ addr = get_hphys(cs, addr, MMU_DATA_LOAD, &prot);
+ }
+
qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmload! " TARGET_FMT_lx
"\nFS: %016" PRIx64 " | " TARGET_FMT_lx "\n",
addr, x86_ldq_phys(cs, addr + offsetof(struct vmcb,
@@ -473,6 +497,7 @@ void helper_vmsave(CPUX86State *env, int aflag)
{
CPUState *cs = env_cpu(env);
target_ulong addr;
+ int prot;
cpu_svm_check_intercept_param(env, SVM_EXIT_VMSAVE, 0, GETPC());
@@ -482,6 +507,10 @@ void helper_vmsave(CPUX86State *env, int aflag)
addr = (uint32_t)env->regs[R_EAX];
}
+ if (virtual_vm_load_save_enabled(env, SVM_EXIT_VMSAVE, GETPC())) {
+ addr = get_hphys(cs, addr, MMU_DATA_STORE, &prot);
+ }
+
qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmsave! " TARGET_FMT_lx
"\nFS: %016" PRIx64 " | " TARGET_FMT_lx "\n",
addr, x86_ldq_phys(cs,
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 09/43] memory: Add RAM_PROTECTED flag to skip IOMMU mappings
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (7 preceding siblings ...)
2021-09-08 10:03 ` [PULL v4 08/43] target/i386: Added vVMLOAD and vVMSAVE feature Paolo Bonzini
@ 2021-09-08 10:03 ` Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 10/43] hostmem: Add hostmem-epc as a backend for SGX EPC Paolo Bonzini
` (35 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:03 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
Add a new RAMBlock flag to denote "protected" memory, i.e. memory that
looks and acts like RAM but is inaccessible via normal mechanisms,
including DMA. Use the flag to skip protected memory regions when
mapping RAM for DMA in VFIO.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
v1-->v2:
- Unified the "share" and "protected" arguments with ram_flags in the
memory_region_init_ram_from_fd()(Paolo).
Message-Id: <20210719112136.57018-2-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/vfio/common.c | 1 +
include/exec/memory.h | 15 ++++++++++++++-
softmmu/memory.c | 5 +++++
softmmu/physmem.c | 3 ++-
4 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index 8728d4d5c2..1289cfa8be 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -562,6 +562,7 @@ static bool vfio_listener_skipped_section(MemoryRegionSection *section)
{
return (!memory_region_is_ram(section->mr) &&
!memory_region_is_iommu(section->mr)) ||
+ memory_region_is_protected(section->mr) ||
/*
* Sizing an enabled 64-bit BAR can cause spurious mappings to
* addresses in the upper part of the 64-bit address space. These
diff --git a/include/exec/memory.h b/include/exec/memory.h
index c3d417d317..9446874d21 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -190,6 +190,9 @@ typedef struct IOMMUTLBEvent {
*/
#define RAM_NORESERVE (1 << 7)
+/* RAM that isn't accessible through normal means. */
+#define RAM_PROTECTED (1 << 8)
+
static inline void iommu_notifier_init(IOMMUNotifier *n, IOMMUNotify fn,
IOMMUNotifierFlag flags,
hwaddr start, hwaddr end,
@@ -1267,7 +1270,7 @@ void memory_region_init_ram_from_file(MemoryRegion *mr,
* @name: the name of the region.
* @size: size of the region.
* @ram_flags: RamBlock flags. Supported flags: RAM_SHARED, RAM_PMEM,
- * RAM_NORESERVE.
+ * RAM_NORESERVE, RAM_PROTECTED.
* @fd: the fd to mmap.
* @offset: offset within the file referenced by fd
* @errp: pointer to Error*, to store an error if it happens.
@@ -1568,6 +1571,16 @@ static inline bool memory_region_is_romd(MemoryRegion *mr)
return mr->rom_device && mr->romd_mode;
}
+/**
+ * memory_region_is_protected: check whether a memory region is protected
+ *
+ * Returns %true if a memory region is protected RAM and cannot be accessed
+ * via standard mechanisms, e.g. DMA.
+ *
+ * @mr: the memory region being queried
+ */
+bool memory_region_is_protected(MemoryRegion *mr);
+
/**
* memory_region_get_iommu: check whether a memory region is an iommu
*
diff --git a/softmmu/memory.c b/softmmu/memory.c
index bfedaf9c4d..54cd0e9824 100644
--- a/softmmu/memory.c
+++ b/softmmu/memory.c
@@ -1811,6 +1811,11 @@ bool memory_region_is_ram_device(MemoryRegion *mr)
return mr->ram_device;
}
+bool memory_region_is_protected(MemoryRegion *mr)
+{
+ return mr->ram && (mr->ram_block->flags & RAM_PROTECTED);
+}
+
uint8_t memory_region_get_dirty_log_mask(MemoryRegion *mr)
{
uint8_t mask = mr->dirty_log_mask;
diff --git a/softmmu/physmem.c b/softmmu/physmem.c
index 23e77cb771..088660d973 100644
--- a/softmmu/physmem.c
+++ b/softmmu/physmem.c
@@ -2055,7 +2055,8 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, MemoryRegion *mr,
int64_t file_size, file_align;
/* Just support these ram flags by now. */
- assert((ram_flags & ~(RAM_SHARED | RAM_PMEM | RAM_NORESERVE)) == 0);
+ assert((ram_flags & ~(RAM_SHARED | RAM_PMEM | RAM_NORESERVE |
+ RAM_PROTECTED)) == 0);
if (xen_enabled()) {
error_setg(errp, "-mem-path not supported with Xen");
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 10/43] hostmem: Add hostmem-epc as a backend for SGX EPC
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (8 preceding siblings ...)
2021-09-08 10:03 ` [PULL v4 09/43] memory: Add RAM_PROTECTED flag to skip IOMMU mappings Paolo Bonzini
@ 2021-09-08 10:03 ` Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 11/43] qom: Add memory-backend-epc ObjectOptions support Paolo Bonzini
` (34 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:03 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
EPC (Enclave Page Cahe) is a specialized type of memory used by Intel
SGX (Software Guard Extensions). The SDM desribes EPC as:
The Enclave Page Cache (EPC) is the secure storage used to store
enclave pages when they are a part of an executing enclave. For an
EPC page, hardware performs additional access control checks to
restrict access to the page. After the current page access checks
and translations are performed, the hardware checks that the EPC
page is accessible to the program currently executing. Generally an
EPC page is only accessed by the owner of the executing enclave or
an instruction which is setting up an EPC page.
Because of its unique requirements, Linux manages EPC separately from
normal memory. Similar to memfd, the device /dev/sgx_vepc can be
opened to obtain a file descriptor which can in turn be used to mmap()
EPC memory.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
v1-->v2:
- Unified the "share" and "protected" arguments with ram_flags in the
memory_region_init_ram_from_fd()(Paolo).
Message-Id: <20210719112136.57018-3-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
backends/hostmem-epc.c | 92 ++++++++++++++++++++++++++++++++++++++++++
backends/meson.build | 1 +
2 files changed, 93 insertions(+)
create mode 100644 backends/hostmem-epc.c
diff --git a/backends/hostmem-epc.c b/backends/hostmem-epc.c
new file mode 100644
index 0000000000..b512a68cb0
--- /dev/null
+++ b/backends/hostmem-epc.c
@@ -0,0 +1,92 @@
+/*
+ * QEMU host SGX EPC memory backend
+ *
+ * Copyright (C) 2019 Intel Corporation
+ *
+ * Authors:
+ * Sean Christopherson <sean.j.christopherson@intel.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#include <sys/ioctl.h>
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qom/object_interfaces.h"
+#include "qapi/error.h"
+#include "sysemu/hostmem.h"
+
+#define TYPE_MEMORY_BACKEND_EPC "memory-backend-epc"
+
+#define MEMORY_BACKEND_EPC(obj) \
+ OBJECT_CHECK(HostMemoryBackendEpc, (obj), TYPE_MEMORY_BACKEND_EPC)
+
+typedef struct HostMemoryBackendEpc HostMemoryBackendEpc;
+
+struct HostMemoryBackendEpc {
+ HostMemoryBackend parent_obj;
+};
+
+static void
+sgx_epc_backend_memory_alloc(HostMemoryBackend *backend, Error **errp)
+{
+ uint32_t ram_flags;
+ char *name;
+ int fd;
+
+ if (!backend->size) {
+ error_setg(errp, "can't create backend with size 0");
+ return;
+ }
+
+ fd = qemu_open_old("/dev/sgx_vepc", O_RDWR);
+ if (fd < 0) {
+ error_setg_errno(errp, errno,
+ "failed to open /dev/sgx_vepc to alloc SGX EPC");
+ return;
+ }
+
+ name = object_get_canonical_path(OBJECT(backend));
+ ram_flags = (backend->share ? RAM_SHARED : 0) | RAM_PROTECTED;
+ memory_region_init_ram_from_fd(&backend->mr, OBJECT(backend),
+ name, backend->size, ram_flags,
+ fd, 0, errp);
+ g_free(name);
+}
+
+static void sgx_epc_backend_instance_init(Object *obj)
+{
+ HostMemoryBackend *m = MEMORY_BACKEND(obj);
+
+ m->share = true;
+ m->merge = false;
+ m->dump = false;
+}
+
+static void sgx_epc_backend_class_init(ObjectClass *oc, void *data)
+{
+ HostMemoryBackendClass *bc = MEMORY_BACKEND_CLASS(oc);
+
+ bc->alloc = sgx_epc_backend_memory_alloc;
+}
+
+static const TypeInfo sgx_epc_backed_info = {
+ .name = TYPE_MEMORY_BACKEND_EPC,
+ .parent = TYPE_MEMORY_BACKEND,
+ .instance_init = sgx_epc_backend_instance_init,
+ .class_init = sgx_epc_backend_class_init,
+ .instance_size = sizeof(HostMemoryBackendEpc),
+};
+
+static void register_types(void)
+{
+ int fd = qemu_open_old("/dev/sgx_vepc", O_RDWR);
+ if (fd >= 0) {
+ close(fd);
+
+ type_register_static(&sgx_epc_backed_info);
+ }
+}
+
+type_init(register_types);
diff --git a/backends/meson.build b/backends/meson.build
index d4221831fc..46fd16b269 100644
--- a/backends/meson.build
+++ b/backends/meson.build
@@ -16,5 +16,6 @@ softmmu_ss.add(when: ['CONFIG_VHOST_USER', 'CONFIG_VIRTIO'], if_true: files('vho
softmmu_ss.add(when: 'CONFIG_VIRTIO_CRYPTO', if_true: files('cryptodev-vhost.c'))
softmmu_ss.add(when: ['CONFIG_VIRTIO_CRYPTO', 'CONFIG_VHOST_CRYPTO'], if_true: files('cryptodev-vhost-user.c'))
softmmu_ss.add(when: 'CONFIG_GIO', if_true: [files('dbus-vmstate.c'), gio])
+softmmu_ss.add(when: 'CONFIG_LINUX', if_true: files('hostmem-epc.c'))
subdir('tpm')
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 11/43] qom: Add memory-backend-epc ObjectOptions support
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (9 preceding siblings ...)
2021-09-08 10:03 ` [PULL v4 10/43] hostmem: Add hostmem-epc as a backend for SGX EPC Paolo Bonzini
@ 2021-09-08 10:03 ` Paolo Bonzini
2021-09-08 14:51 ` Eric Blake
2021-09-08 10:03 ` [PULL v4 12/43] i386: Add 'sgx-epc' device to expose EPC sections to guest Paolo Bonzini
` (33 subsequent siblings)
44 siblings, 1 reply; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:03 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong
From: Yang Zhong <yang.zhong@intel.com>
Add the new 'memory-backend-epc' user creatable QOM object in
the ObjectOptions to support SGX since v6.1, or the sgx backend
object cannot bootup.
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
v1-->v2:
- Added the new MemoryBackendEpcProperties and related documents,
and updated the blurb(Eric Blake).
Message-Id: <20210719112136.57018-4-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
qapi/qom.json | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/qapi/qom.json b/qapi/qom.json
index a25616bc7a..16ba30e5b9 100644
--- a/qapi/qom.json
+++ b/qapi/qom.json
@@ -647,6 +647,23 @@
'*hugetlbsize': 'size',
'*seal': 'bool' } }
+##
+# @MemoryBackendEpcProperties:
+#
+# Properties for memory-backend-epc objects.
+#
+# The @share boolean option is true by default with epc
+#
+# The @merge boolean option is false by default with epc
+#
+# The @dump boolean option is false by default with epc
+#
+# Since: 6.1
+##
+{ 'struct': 'MemoryBackendEpcProperties',
+ 'base': 'MemoryBackendProperties',
+ 'data': {} }
+
##
# @PrManagerHelperProperties:
#
@@ -797,6 +814,7 @@
{ 'name': 'memory-backend-memfd',
'if': 'CONFIG_LINUX' },
'memory-backend-ram',
+ 'memory-backend-epc',
'pef-guest',
'pr-manager-helper',
'qtest',
@@ -855,6 +873,7 @@
'memory-backend-memfd': { 'type': 'MemoryBackendMemfdProperties',
'if': 'CONFIG_LINUX' },
'memory-backend-ram': 'MemoryBackendProperties',
+ 'memory-backend-epc': 'MemoryBackendEpcProperties',
'pr-manager-helper': 'PrManagerHelperProperties',
'qtest': 'QtestProperties',
'rng-builtin': 'RngProperties',
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 12/43] i386: Add 'sgx-epc' device to expose EPC sections to guest
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (10 preceding siblings ...)
2021-09-08 10:03 ` [PULL v4 11/43] qom: Add memory-backend-epc ObjectOptions support Paolo Bonzini
@ 2021-09-08 10:03 ` Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 13/43] vl: Add sgx compound properties to expose SGX " Paolo Bonzini
` (32 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:03 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
SGX EPC is enumerated through CPUID, i.e. EPC "devices" need to be
realized prior to realizing the vCPUs themselves, which occurs long
before generic devices are parsed and realized. Because of this,
do not allow 'sgx-epc' devices to be instantiated after vCPUS have
been created.
The 'sgx-epc' device is essentially a placholder at this time, it will
be fully implemented in a future patch along with a dedicated command
to create 'sgx-epc' devices.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-5-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/meson.build | 1 +
hw/i386/sgx-epc.c | 161 ++++++++++++++++++++++++++++++++++++++
include/hw/i386/sgx-epc.h | 44 +++++++++++
3 files changed, 206 insertions(+)
create mode 100644 hw/i386/sgx-epc.c
create mode 100644 include/hw/i386/sgx-epc.h
diff --git a/hw/i386/meson.build b/hw/i386/meson.build
index 80dad29f2b..27476b36bb 100644
--- a/hw/i386/meson.build
+++ b/hw/i386/meson.build
@@ -5,6 +5,7 @@ i386_ss.add(files(
'e820_memory_layout.c',
'multiboot.c',
'x86.c',
+ 'sgx-epc.c',
))
i386_ss.add(when: 'CONFIG_X86_IOMMU', if_true: files('x86-iommu.c'),
diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c
new file mode 100644
index 0000000000..aa487dea79
--- /dev/null
+++ b/hw/i386/sgx-epc.c
@@ -0,0 +1,161 @@
+/*
+ * SGX EPC device
+ *
+ * Copyright (C) 2019 Intel Corporation
+ *
+ * Authors:
+ * Sean Christopherson <sean.j.christopherson@intel.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "hw/i386/pc.h"
+#include "hw/i386/sgx-epc.h"
+#include "hw/mem/memory-device.h"
+#include "hw/qdev-properties.h"
+#include "monitor/qdev.h"
+#include "qapi/error.h"
+#include "qapi/visitor.h"
+#include "qemu/config-file.h"
+#include "qemu/error-report.h"
+#include "qemu/option.h"
+#include "qemu/units.h"
+#include "target/i386/cpu.h"
+#include "exec/address-spaces.h"
+
+static Property sgx_epc_properties[] = {
+ DEFINE_PROP_UINT64(SGX_EPC_ADDR_PROP, SGXEPCDevice, addr, 0),
+ DEFINE_PROP_LINK(SGX_EPC_MEMDEV_PROP, SGXEPCDevice, hostmem,
+ TYPE_MEMORY_BACKEND, HostMemoryBackend *),
+ DEFINE_PROP_END_OF_LIST(),
+};
+
+static void sgx_epc_get_size(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ Error *local_err = NULL;
+ uint64_t value;
+
+ value = memory_device_get_region_size(MEMORY_DEVICE(obj), &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+
+ visit_type_uint64(v, name, &value, errp);
+}
+
+static void sgx_epc_init(Object *obj)
+{
+ object_property_add(obj, SGX_EPC_SIZE_PROP, "uint64", sgx_epc_get_size,
+ NULL, NULL, NULL);
+}
+
+static void sgx_epc_realize(DeviceState *dev, Error **errp)
+{
+ PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
+ X86MachineState *x86ms = X86_MACHINE(pcms);
+ SGXEPCDevice *epc = SGX_EPC(dev);
+ const char *path;
+
+ if (x86ms->boot_cpus != 0) {
+ error_setg(errp, "'" TYPE_SGX_EPC "' can't be created after vCPUs,"
+ "e.g. via -device");
+ return;
+ }
+
+ if (!epc->hostmem) {
+ error_setg(errp, "'" SGX_EPC_MEMDEV_PROP "' property is not set");
+ return;
+ } else if (host_memory_backend_is_mapped(epc->hostmem)) {
+ path = object_get_canonical_path_component(OBJECT(epc->hostmem));
+ error_setg(errp, "can't use already busy memdev: %s", path);
+ return;
+ }
+
+ error_setg(errp, "'" TYPE_SGX_EPC "' not supported");
+}
+
+static void sgx_epc_unrealize(DeviceState *dev)
+{
+ SGXEPCDevice *epc = SGX_EPC(dev);
+
+ host_memory_backend_set_mapped(epc->hostmem, false);
+}
+
+static uint64_t sgx_epc_md_get_addr(const MemoryDeviceState *md)
+{
+ const SGXEPCDevice *epc = SGX_EPC(md);
+
+ return epc->addr;
+}
+
+static void sgx_epc_md_set_addr(MemoryDeviceState *md, uint64_t addr,
+ Error **errp)
+{
+ object_property_set_uint(OBJECT(md), SGX_EPC_ADDR_PROP, addr, errp);
+}
+
+static uint64_t sgx_epc_md_get_plugged_size(const MemoryDeviceState *md,
+ Error **errp)
+{
+ return 0;
+}
+
+static MemoryRegion *sgx_epc_md_get_memory_region(MemoryDeviceState *md,
+ Error **errp)
+{
+ SGXEPCDevice *epc = SGX_EPC(md);
+
+ if (!epc->hostmem) {
+ error_setg(errp, "'" SGX_EPC_MEMDEV_PROP "' property must be set");
+ return NULL;
+ }
+
+ return host_memory_backend_get_memory(epc->hostmem);
+}
+
+static void sgx_epc_md_fill_device_info(const MemoryDeviceState *md,
+ MemoryDeviceInfo *info)
+{
+ /* TODO */
+}
+
+static void sgx_epc_class_init(ObjectClass *oc, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(oc);
+ MemoryDeviceClass *mdc = MEMORY_DEVICE_CLASS(oc);
+
+ dc->hotpluggable = false;
+ dc->realize = sgx_epc_realize;
+ dc->unrealize = sgx_epc_unrealize;
+ dc->desc = "SGX EPC section";
+ device_class_set_props(dc, sgx_epc_properties);
+
+ mdc->get_addr = sgx_epc_md_get_addr;
+ mdc->set_addr = sgx_epc_md_set_addr;
+ mdc->get_plugged_size = sgx_epc_md_get_plugged_size;
+ mdc->get_memory_region = sgx_epc_md_get_memory_region;
+ mdc->fill_device_info = sgx_epc_md_fill_device_info;
+}
+
+static TypeInfo sgx_epc_info = {
+ .name = TYPE_SGX_EPC,
+ .parent = TYPE_DEVICE,
+ .instance_size = sizeof(SGXEPCDevice),
+ .instance_init = sgx_epc_init,
+ .class_init = sgx_epc_class_init,
+ .class_size = sizeof(DeviceClass),
+ .interfaces = (InterfaceInfo[]) {
+ { TYPE_MEMORY_DEVICE },
+ { }
+ },
+};
+
+static void sgx_epc_register_types(void)
+{
+ type_register_static(&sgx_epc_info);
+}
+
+type_init(sgx_epc_register_types)
diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h
new file mode 100644
index 0000000000..5fd9ae2d0c
--- /dev/null
+++ b/include/hw/i386/sgx-epc.h
@@ -0,0 +1,44 @@
+/*
+ * SGX EPC device
+ *
+ * Copyright (C) 2019 Intel Corporation
+ *
+ * Authors:
+ * Sean Christopherson <sean.j.christopherson@intel.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#ifndef QEMU_SGX_EPC_H
+#define QEMU_SGX_EPC_H
+
+#include "sysemu/hostmem.h"
+
+#define TYPE_SGX_EPC "sgx-epc"
+#define SGX_EPC(obj) \
+ OBJECT_CHECK(SGXEPCDevice, (obj), TYPE_SGX_EPC)
+#define SGX_EPC_CLASS(oc) \
+ OBJECT_CLASS_CHECK(SGXEPCDeviceClass, (oc), TYPE_SGX_EPC)
+#define SGX_EPC_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(SGXEPCDeviceClass, (obj), TYPE_SGX_EPC)
+
+#define SGX_EPC_ADDR_PROP "addr"
+#define SGX_EPC_SIZE_PROP "size"
+#define SGX_EPC_MEMDEV_PROP "memdev"
+
+/**
+ * SGXEPCDevice:
+ * @addr: starting guest physical address, where @SGXEPCDevice is mapped.
+ * Default value: 0, means that address is auto-allocated.
+ * @hostmem: host memory backend providing memory for @SGXEPCDevice
+ */
+typedef struct SGXEPCDevice {
+ /* private */
+ DeviceState parent_obj;
+
+ /* public */
+ uint64_t addr;
+ HostMemoryBackend *hostmem;
+} SGXEPCDevice;
+
+#endif
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 13/43] vl: Add sgx compound properties to expose SGX EPC sections to guest
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (11 preceding siblings ...)
2021-09-08 10:03 ` [PULL v4 12/43] i386: Add 'sgx-epc' device to expose EPC sections to guest Paolo Bonzini
@ 2021-09-08 10:03 ` Paolo Bonzini
2021-09-08 14:52 ` Eric Blake
2021-09-08 10:03 ` [PULL v4 14/43] i386: Add primary SGX CPUID and MSR defines Paolo Bonzini
` (31 subsequent siblings)
44 siblings, 1 reply; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:03 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
Because SGX EPC is enumerated through CPUID, EPC "devices" need to be
realized prior to realizing the vCPUs themselves, i.e. long before
generic devices are parsed and realized. From a virtualization
perspective, the CPUID aspect also means that EPC sections cannot be
hotplugged without paravirtualizing the guest kernel (hardware does
not support hotplugging as EPC sections must be locked down during
pre-boot to provide EPC's security properties).
So even though EPC sections could be realized through the generic
-devices command, they need to be created much earlier for them to
actually be usable by the guest. Place all EPC sections in a
contiguous block, somewhat arbitrarily starting after RAM above 4g.
Ensuring EPC is in a contiguous region simplifies calculations, e.g.
device memory base, PCI hole, etc..., allows dynamic calculation of the
total EPC size, e.g. exposing EPC to guests does not require -maxmem,
and last but not least allows all of EPC to be enumerated in a single
ACPI entry, which is expected by some kernels, e.g. Windows 7 and 8.
The new compound properties command for sgx like below:
......
-object memory-backend-epc,id=mem1,size=28M,prealloc=on \
-object memory-backend-epc,id=mem2,size=10M \
-M sgx-epc.0.memdev=mem1,sgx-epc.1.memdev=mem2
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
v3-->v4:
- Moved sgx compound property setter/getter from MachineState
to X86MachineState(Paolo).
- Re-defined struct SgxEPC, removed 'id' property and added struct
SgxEPCList for sgx-epc.0.{memdev}(Paolo).
- Removed g_malloc0(), and changed the 'SGXEPCState *sgx_epc' to
'SGXEPCState sgx_epc' in struct PCMachineState(Paolo).
- Changed the SGX compound property cmdline from sgx-epc.{memdev}.0
to sgx-epc.0.{memdev}(Paolo).
v2-->v3:
- Removed the QemuOptsList for sgx-epc virtual device and used the '-M' to
replace '-sgx-epc' with compound properties(Paolo).
Message-Id: <20210719112136.57018-6-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/meson.build | 1 +
hw/i386/sgx-epc.c | 20 ++++++++----
hw/i386/sgx.c | 67 +++++++++++++++++++++++++++++++++++++++
hw/i386/x86.c | 29 +++++++++++++++++
include/hw/i386/pc.h | 6 ++++
include/hw/i386/sgx-epc.h | 14 ++++++++
include/hw/i386/x86.h | 1 +
qapi/machine.json | 26 +++++++++++++++
qemu-options.hx | 10 ++++--
9 files changed, 166 insertions(+), 8 deletions(-)
create mode 100644 hw/i386/sgx.c
diff --git a/hw/i386/meson.build b/hw/i386/meson.build
index 27476b36bb..fefce9e4ba 100644
--- a/hw/i386/meson.build
+++ b/hw/i386/meson.build
@@ -6,6 +6,7 @@ i386_ss.add(files(
'multiboot.c',
'x86.c',
'sgx-epc.c',
+ 'sgx.c'
))
i386_ss.add(when: 'CONFIG_X86_IOMMU', if_true: files('x86-iommu.c'),
diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c
index aa487dea79..924dea22f0 100644
--- a/hw/i386/sgx-epc.c
+++ b/hw/i386/sgx-epc.c
@@ -14,13 +14,8 @@
#include "hw/i386/sgx-epc.h"
#include "hw/mem/memory-device.h"
#include "hw/qdev-properties.h"
-#include "monitor/qdev.h"
#include "qapi/error.h"
#include "qapi/visitor.h"
-#include "qemu/config-file.h"
-#include "qemu/error-report.h"
-#include "qemu/option.h"
-#include "qemu/units.h"
#include "target/i386/cpu.h"
#include "exec/address-spaces.h"
@@ -56,6 +51,8 @@ static void sgx_epc_realize(DeviceState *dev, Error **errp)
{
PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
X86MachineState *x86ms = X86_MACHINE(pcms);
+ MemoryDeviceState *md = MEMORY_DEVICE(dev);
+ SGXEPCState *sgx_epc = &pcms->sgx_epc;
SGXEPCDevice *epc = SGX_EPC(dev);
const char *path;
@@ -74,7 +71,18 @@ static void sgx_epc_realize(DeviceState *dev, Error **errp)
return;
}
- error_setg(errp, "'" TYPE_SGX_EPC "' not supported");
+ epc->addr = sgx_epc->base + sgx_epc->size;
+
+ memory_region_add_subregion(&sgx_epc->mr, epc->addr - sgx_epc->base,
+ host_memory_backend_get_memory(epc->hostmem));
+
+ host_memory_backend_set_mapped(epc->hostmem, true);
+
+ sgx_epc->sections = g_renew(SGXEPCDevice *, sgx_epc->sections,
+ sgx_epc->nr_sections + 1);
+ sgx_epc->sections[sgx_epc->nr_sections++] = epc;
+
+ sgx_epc->size += memory_device_get_region_size(md, errp);
}
static void sgx_epc_unrealize(DeviceState *dev)
diff --git a/hw/i386/sgx.c b/hw/i386/sgx.c
new file mode 100644
index 0000000000..e77deb0b00
--- /dev/null
+++ b/hw/i386/sgx.c
@@ -0,0 +1,67 @@
+/*
+ * SGX common code
+ *
+ * Copyright (C) 2021 Intel Corporation
+ *
+ * Authors:
+ * Yang Zhong<yang.zhong@intel.com>
+ * Sean Christopherson <sean.j.christopherson@intel.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+#include "qemu/osdep.h"
+#include "hw/i386/pc.h"
+#include "hw/i386/sgx-epc.h"
+#include "hw/mem/memory-device.h"
+#include "monitor/qdev.h"
+#include "qapi/error.h"
+#include "exec/address-spaces.h"
+
+static int sgx_epc_set_property(void *opaque, const char *name,
+ const char *value, Error **errp)
+{
+ Object *obj = opaque;
+ Error *err = NULL;
+
+ object_property_parse(obj, name, value, &err);
+ if (err != NULL) {
+ error_propagate(errp, err);
+ return -1;
+ }
+ return 0;
+}
+
+void pc_machine_init_sgx_epc(PCMachineState *pcms)
+{
+ SGXEPCState *sgx_epc = &pcms->sgx_epc;
+ X86MachineState *x86ms = X86_MACHINE(pcms);
+ Error *err = NULL;
+ SgxEPCList *list = NULL;
+ Object *obj;
+
+ memset(sgx_epc, 0, sizeof(SGXEPCState));
+ sgx_epc->base = 0x100000000ULL + x86ms->above_4g_mem_size;
+
+ memory_region_init(&sgx_epc->mr, OBJECT(pcms), "sgx-epc", UINT64_MAX);
+ memory_region_add_subregion(get_system_memory(), sgx_epc->base,
+ &sgx_epc->mr);
+
+ for (list = x86ms->sgx_epc_list; list; list = list->next) {
+ obj = object_new("sgx-epc");
+
+ /* set the memdev link with memory backend */
+ sgx_epc_set_property(obj, SGX_EPC_MEMDEV_PROP, list->value->memdev,
+ &err);
+ object_property_set_bool(obj, "realized", true, &err);
+ object_unref(obj);
+ }
+
+ if ((sgx_epc->base + sgx_epc->size) < sgx_epc->base) {
+ error_report("Size of all 'sgx-epc' =0x%"PRIu64" causes EPC to wrap",
+ sgx_epc->size);
+ exit(EXIT_FAILURE);
+ }
+
+ memory_region_set_size(&sgx_epc->mr, sgx_epc->size);
+}
diff --git a/hw/i386/x86.c b/hw/i386/x86.c
index 00448ed55a..41ef9a84a9 100644
--- a/hw/i386/x86.c
+++ b/hw/i386/x86.c
@@ -30,6 +30,8 @@
#include "qapi/error.h"
#include "qapi/qmp/qerror.h"
#include "qapi/qapi-visit-common.h"
+#include "qapi/clone-visitor.h"
+#include "qapi/qapi-visit-machine.h"
#include "qapi/visitor.h"
#include "sysemu/qtest.h"
#include "sysemu/whpx.h"
@@ -1263,6 +1265,27 @@ static void x86_machine_set_bus_lock_ratelimit(Object *obj, Visitor *v,
visit_type_uint64(v, name, &x86ms->bus_lock_ratelimit, errp);
}
+static void machine_get_sgx_epc(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ X86MachineState *x86ms = X86_MACHINE(obj);
+ SgxEPCList *list = x86ms->sgx_epc_list;
+
+ visit_type_SgxEPCList(v, name, &list, errp);
+}
+
+static void machine_set_sgx_epc(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ X86MachineState *x86ms = X86_MACHINE(obj);
+ SgxEPCList *list;
+
+ list = x86ms->sgx_epc_list;
+ visit_type_SgxEPCList(v, name, &x86ms->sgx_epc_list, errp);
+
+ qapi_free_SgxEPCList(list);
+}
+
static void x86_machine_initfn(Object *obj)
{
X86MachineState *x86ms = X86_MACHINE(obj);
@@ -1322,6 +1345,12 @@ static void x86_machine_class_init(ObjectClass *oc, void *data)
x86_machine_set_bus_lock_ratelimit, NULL, NULL);
object_class_property_set_description(oc, X86_MACHINE_BUS_LOCK_RATELIMIT,
"Set the ratelimit for the bus locks acquired in VMs");
+
+ object_class_property_add(oc, "sgx-epc", "SgxEPC",
+ machine_get_sgx_epc, machine_set_sgx_epc,
+ NULL, NULL);
+ object_class_property_set_description(oc, "sgx-epc",
+ "SGX EPC device");
}
static const TypeInfo x86_machine_info = {
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 4d2e35a152..f2869437ab 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -12,6 +12,7 @@
#include "hw/acpi/acpi_dev_interface.h"
#include "hw/hotplug.h"
#include "qom/object.h"
+#include "hw/i386/sgx-epc.h"
#define HPET_INTCAP "hpet-intcap"
@@ -49,6 +50,8 @@ typedef struct PCMachineState {
/* ACPI Memory hotplug IO base address */
hwaddr memhp_io_base;
+
+ SGXEPCState sgx_epc;
} PCMachineState;
#define PC_MACHINE_ACPI_DEVICE_PROP "acpi-device"
@@ -198,6 +201,9 @@ extern const size_t pc_compat_6_1_len;
extern GlobalProperty pc_compat_6_0[];
extern const size_t pc_compat_6_0_len;
+/* sgx-epc.c */
+void pc_machine_init_sgx_epc(PCMachineState *pcms);
+
extern GlobalProperty pc_compat_5_2[];
extern const size_t pc_compat_5_2_len;
diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h
index 5fd9ae2d0c..2b2490892b 100644
--- a/include/hw/i386/sgx-epc.h
+++ b/include/hw/i386/sgx-epc.h
@@ -41,4 +41,18 @@ typedef struct SGXEPCDevice {
HostMemoryBackend *hostmem;
} SGXEPCDevice;
+/*
+ * @base: address in guest physical address space where EPC regions start
+ * @mr: address space container for memory devices
+ */
+typedef struct SGXEPCState {
+ uint64_t base;
+ uint64_t size;
+
+ MemoryRegion mr;
+
+ struct SGXEPCDevice **sections;
+ int nr_sections;
+} SGXEPCState;
+
#endif
diff --git a/include/hw/i386/x86.h b/include/hw/i386/x86.h
index 6e9244a82c..23267a3674 100644
--- a/include/hw/i386/x86.h
+++ b/include/hw/i386/x86.h
@@ -62,6 +62,7 @@ struct X86MachineState {
unsigned pci_irq_mask;
unsigned apic_id_limit;
uint16_t boot_cpus;
+ SgxEPCList *sgx_epc_list;
OnOffAuto smm;
OnOffAuto acpi;
diff --git a/qapi/machine.json b/qapi/machine.json
index 157712f006..10d36da83f 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
@@ -1194,6 +1194,32 @@
}
}
+##
+# @SgxEPC:
+#
+# Sgx EPC cmdline information
+#
+# @memdev: memory backend linked with device
+#
+# Since: 6.1
+##
+{ 'struct': 'SgxEPC',
+ 'data': { 'memdev': 'str' }
+}
+
+##
+# @SgxEPCProperties:
+#
+# Properties for SgxEPC objects.
+#
+# @sgx-epc: sgx epc section properties.
+#
+# Since: 6.1
+##
+{ 'struct': 'SgxEPCProperties',
+ 'data': { 'sgx-epc': ['SgxEPC'] }
+}
+
##
# @MemoryDeviceInfo:
#
diff --git a/qemu-options.hx b/qemu-options.hx
index 8f603cc7e6..ceca52818a 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -126,8 +126,14 @@ SRST
-m 512M
ERST
-HXCOMM Deprecated by -machine
-DEF("M", HAS_ARG, QEMU_OPTION_M, "", QEMU_ARCH_ALL)
+DEF("M", HAS_ARG, QEMU_OPTION_M,
+ " sgx-epc.0.memdev=memid\n",
+ QEMU_ARCH_ALL)
+
+SRST
+``sgx-epc.0.memdev=@var{memid}``
+ Define an SGX EPC section.
+ERST
DEF("cpu", HAS_ARG, QEMU_OPTION_cpu,
"-cpu cpu select CPU ('-cpu help' for list)\n", QEMU_ARCH_ALL)
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 14/43] i386: Add primary SGX CPUID and MSR defines
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (12 preceding siblings ...)
2021-09-08 10:03 ` [PULL v4 13/43] vl: Add sgx compound properties to expose SGX " Paolo Bonzini
@ 2021-09-08 10:03 ` Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 15/43] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX Paolo Bonzini
` (30 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:03 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
Add CPUID defines for SGX and SGX Launch Control (LC), as well as
defines for their associated FEATURE_CONTROL MSR bits. Define the
Launch Enclave Public Key Hash MSRs (LE Hash MSRs), which exist
when SGX LC is present (in CPUID), and are writable when SGX LC is
enabled (in FEATURE_CONTROL).
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-7-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.c | 4 ++--
target/i386/cpu.h | 12 ++++++++++++
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 6b029f1bdf..21d2a325ea 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -795,7 +795,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
[FEAT_7_0_EBX] = {
.type = CPUID_FEATURE_WORD,
.feat_names = {
- "fsgsbase", "tsc-adjust", NULL, "bmi1",
+ "fsgsbase", "tsc-adjust", "sgx", "bmi1",
"hle", "avx2", NULL, "smep",
"bmi2", "erms", "invpcid", "rtm",
NULL, NULL, "mpx", NULL,
@@ -821,7 +821,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
"la57", NULL, NULL, NULL,
NULL, NULL, "rdpid", NULL,
"bus-lock-detect", "cldemote", NULL, "movdiri",
- "movdir64b", NULL, NULL, "pks",
+ "movdir64b", NULL, "sgxlc", "pks",
},
.cpuid = {
.eax = 7,
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 71ae3141c3..a3fe44455d 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -389,9 +389,17 @@ typedef enum X86Seg {
#define MSR_IA32_PKRS 0x6e1
#define FEATURE_CONTROL_LOCKED (1<<0)
+#define FEATURE_CONTROL_VMXON_ENABLED_INSIDE_SMX (1ULL << 1)
#define FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX (1<<2)
+#define FEATURE_CONTROL_SGX_LC (1ULL << 17)
+#define FEATURE_CONTROL_SGX (1ULL << 18)
#define FEATURE_CONTROL_LMCE (1<<20)
+#define MSR_IA32_SGXLEPUBKEYHASH0 0x8c
+#define MSR_IA32_SGXLEPUBKEYHASH1 0x8d
+#define MSR_IA32_SGXLEPUBKEYHASH2 0x8e
+#define MSR_IA32_SGXLEPUBKEYHASH3 0x8f
+
#define MSR_P6_PERFCTR0 0xc1
#define MSR_IA32_SMBASE 0x9e
@@ -718,6 +726,8 @@ typedef uint64_t FeatureWordArray[FEATURE_WORDS];
/* Support RDFSBASE/RDGSBASE/WRFSBASE/WRGSBASE */
#define CPUID_7_0_EBX_FSGSBASE (1U << 0)
+/* Support SGX */
+#define CPUID_7_0_EBX_SGX (1U << 2)
/* 1st Group of Advanced Bit Manipulation Extensions */
#define CPUID_7_0_EBX_BMI1 (1U << 3)
/* Hardware Lock Elision */
@@ -805,6 +815,8 @@ typedef uint64_t FeatureWordArray[FEATURE_WORDS];
#define CPUID_7_0_ECX_MOVDIRI (1U << 27)
/* Move 64 Bytes as Direct Store Instruction */
#define CPUID_7_0_ECX_MOVDIR64B (1U << 28)
+/* Support SGX Launch Control */
+#define CPUID_7_0_ECX_SGX_LC (1U << 30)
/* Protection Keys for Supervisor-mode Pages */
#define CPUID_7_0_ECX_PKS (1U << 31)
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 15/43] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (13 preceding siblings ...)
2021-09-08 10:03 ` [PULL v4 14/43] i386: Add primary SGX CPUID and MSR defines Paolo Bonzini
@ 2021-09-08 10:03 ` Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 16/43] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EBX Paolo Bonzini
` (29 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:03 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
CPUID leaf 12_0_EAX is an Intel-defined feature bits leaf enumerating
the CPU's SGX capabilities, e.g. supported SGX instruction sets.
Currently there are four enumerated capabilities:
- SGX1 instruction set, i.e. "base" SGX
- SGX2 instruction set for dynamic EPC management
- ENCLV instruction set for VMM oversubscription of EPC
- ENCLS-C instruction set for thread safe variants of ENCLS
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-8-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.c | 20 ++++++++++++++++++++
target/i386/cpu.h | 1 +
2 files changed, 21 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 21d2a325ea..2cd1487bae 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -654,6 +654,7 @@ void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
/* missing:
CPUID_XSAVE_XSAVEC, CPUID_XSAVE_XSAVES */
#define TCG_14_0_ECX_FEATURES 0
+#define TCG_SGX_12_0_EAX_FEATURES 0
FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
[FEAT_1_EDX] = {
@@ -1182,6 +1183,25 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
.tcg_features = TCG_14_0_ECX_FEATURES,
},
+ [FEAT_SGX_12_0_EAX] = {
+ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ "sgx1", "sgx2", NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ },
+ .cpuid = {
+ .eax = 0x12,
+ .needs_ecx = true, .ecx = 0,
+ .reg = R_EAX,
+ },
+ .tcg_features = TCG_SGX_12_0_EAX_FEATURES,
+ },
};
typedef struct FeatureMask {
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index a3fe44455d..959f679077 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -578,6 +578,7 @@ typedef enum FeatureWord {
FEAT_VMX_BASIC,
FEAT_VMX_VMFUNC,
FEAT_14_0_ECX,
+ FEAT_SGX_12_0_EAX, /* CPUID[EAX=0x12,ECX=0].EAX (SGX) */
FEATURE_WORDS,
} FeatureWord;
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 16/43] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EBX
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (14 preceding siblings ...)
2021-09-08 10:03 ` [PULL v4 15/43] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX Paolo Bonzini
@ 2021-09-08 10:03 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 17/43] i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX Paolo Bonzini
` (28 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:03 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
CPUID leaf 12_0_EBX is an Intel-defined feature bits leaf enumerating
the platform's SGX extended capabilities. Currently there is a single
capabilitiy:
- EXINFO: record information about #PFs and #GPs in the enclave's SSA
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-9-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.c | 21 +++++++++++++++++++++
target/i386/cpu.h | 1 +
2 files changed, 22 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 2cd1487bae..c0d5c3c621 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -655,6 +655,7 @@ void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
CPUID_XSAVE_XSAVEC, CPUID_XSAVE_XSAVES */
#define TCG_14_0_ECX_FEATURES 0
#define TCG_SGX_12_0_EAX_FEATURES 0
+#define TCG_SGX_12_0_EBX_FEATURES 0
FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
[FEAT_1_EDX] = {
@@ -1202,6 +1203,26 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
},
.tcg_features = TCG_SGX_12_0_EAX_FEATURES,
},
+
+ [FEAT_SGX_12_0_EBX] = {
+ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ "sgx-exinfo" , NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ },
+ .cpuid = {
+ .eax = 0x12,
+ .needs_ecx = true, .ecx = 0,
+ .reg = R_EBX,
+ },
+ .tcg_features = TCG_SGX_12_0_EBX_FEATURES,
+ },
};
typedef struct FeatureMask {
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 959f679077..cf52f70575 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -579,6 +579,7 @@ typedef enum FeatureWord {
FEAT_VMX_VMFUNC,
FEAT_14_0_ECX,
FEAT_SGX_12_0_EAX, /* CPUID[EAX=0x12,ECX=0].EAX (SGX) */
+ FEAT_SGX_12_0_EBX, /* CPUID[EAX=0x12,ECX=0].EBX (SGX MISCSELECT[31:0]) */
FEATURE_WORDS,
} FeatureWord;
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 17/43] i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (15 preceding siblings ...)
2021-09-08 10:03 ` [PULL v4 16/43] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EBX Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 18/43] i386: Add get/set/migrate support for SGX_LEPUBKEYHASH MSRs Paolo Bonzini
` (27 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
CPUID leaf 12_1_EAX is an Intel-defined feature bits leaf enumerating
the platform's SGX capabilities that may be utilized by an enclave, e.g.
whether or not an enclave can gain access to the provision key.
Currently there are six capabilities:
- INIT: set when the enclave has has been initialized by EINIT. Cannot
be set by software, i.e. forced to zero in CPUID.
- DEBUG: permits a debugger to read/write into the enclave.
- MODE64BIT: the enclave runs in 64-bit mode
- PROVISIONKEY: grants has access to the provision key
- EINITTOKENKEY: grants access to the EINIT token key, i.e. the
enclave can generate EINIT tokens
- KSS: Key Separation and Sharing enabled for the enclave.
Note that the entirety of CPUID.0x12.0x1, i.e. all registers, enumerates
the allowed ATTRIBUTES (128 bits), but only bits 31:0 are directly
exposed to the user (via FEAT_12_1_EAX). Bits 63:32 are currently all
reserved and bits 127:64 correspond to the allowed XSAVE Feature Request
Mask, which is calculated based on other CPU features, e.g. XSAVE, MPX,
AVX, etc... and is not exposed to the user.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-10-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.c | 21 +++++++++++++++++++++
target/i386/cpu.h | 1 +
2 files changed, 22 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index c0d5c3c621..e9ecbf59e5 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -656,6 +656,7 @@ void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1,
#define TCG_14_0_ECX_FEATURES 0
#define TCG_SGX_12_0_EAX_FEATURES 0
#define TCG_SGX_12_0_EBX_FEATURES 0
+#define TCG_SGX_12_1_EAX_FEATURES 0
FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
[FEAT_1_EDX] = {
@@ -1223,6 +1224,26 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
},
.tcg_features = TCG_SGX_12_0_EBX_FEATURES,
},
+
+ [FEAT_SGX_12_1_EAX] = {
+ .type = CPUID_FEATURE_WORD,
+ .feat_names = {
+ NULL, "sgx-debug", "sgx-mode64", NULL,
+ "sgx-provisionkey", "sgx-tokenkey", NULL, "sgx-kss",
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL,
+ },
+ .cpuid = {
+ .eax = 0x12,
+ .needs_ecx = true, .ecx = 1,
+ .reg = R_EAX,
+ },
+ .tcg_features = TCG_SGX_12_1_EAX_FEATURES,
+ },
};
typedef struct FeatureMask {
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index cf52f70575..e18cceb851 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -580,6 +580,7 @@ typedef enum FeatureWord {
FEAT_14_0_ECX,
FEAT_SGX_12_0_EAX, /* CPUID[EAX=0x12,ECX=0].EAX (SGX) */
FEAT_SGX_12_0_EBX, /* CPUID[EAX=0x12,ECX=0].EBX (SGX MISCSELECT[31:0]) */
+ FEAT_SGX_12_1_EAX, /* CPUID[EAX=0x12,ECX=1].EAX (SGX ATTRIBUTES[31:0]) */
FEATURE_WORDS,
} FeatureWord;
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 18/43] i386: Add get/set/migrate support for SGX_LEPUBKEYHASH MSRs
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (16 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 17/43] i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 19/43] fw_cfg: add etc/msr_feature_control Paolo Bonzini
` (26 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Kai Huang, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
On real hardware, on systems that supports SGX Launch Control, those
MSRs are initialized to digest of Intel's signing key; on systems that
don't support SGX Launch Control, those MSRs are not available but
hardware always uses digest of Intel's signing key in EINIT.
KVM advertises SGX LC via CPUID if and only if the MSRs are writable.
Unconditionally initialize those MSRs to digest of Intel's signing key
when CPU is realized and reset to reflect the fact. This avoids
potential bug in case kvm_arch_put_registers() is called before
kvm_arch_get_registers() is called, in which case guest's virtual
SGX_LEPUBKEYHASH MSRs will be set to 0, although KVM initializes those
to digest of Intel's signing key by default, since KVM allows those MSRs
to be updated by Qemu to support live migration.
Save/restore the SGX Launch Enclave Public Key Hash MSRs if SGX Launch
Control (LC) is exposed to the guest. Likewise, migrate the MSRs if they
are writable by the guest.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Kai Huang <kai.huang@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-11-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.c | 17 ++++++++++++++++-
target/i386/cpu.h | 1 +
target/i386/kvm/kvm.c | 22 ++++++++++++++++++++++
target/i386/machine.c | 20 ++++++++++++++++++++
4 files changed, 59 insertions(+), 1 deletion(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index e9ecbf59e5..59cb2c2d03 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5700,6 +5700,16 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
}
}
+#ifndef CONFIG_USER_ONLY
+static void x86_cpu_set_sgxlepubkeyhash(CPUX86State *env)
+{
+ env->msr_ia32_sgxlepubkeyhash[0] = 0xa6053e051270b7acULL;
+ env->msr_ia32_sgxlepubkeyhash[1] = 0x6cfbe8ba8b3b413dULL;
+ env->msr_ia32_sgxlepubkeyhash[2] = 0xc4916d99f2b3735dULL;
+ env->msr_ia32_sgxlepubkeyhash[3] = 0xd4f8c05909f9bb3bULL;
+}
+#endif
+
static void x86_cpu_reset(DeviceState *dev)
{
CPUState *s = CPU(dev);
@@ -5832,6 +5842,8 @@ static void x86_cpu_reset(DeviceState *dev)
if (kvm_enabled()) {
kvm_arch_reset_vcpu(cpu);
}
+
+ x86_cpu_set_sgxlepubkeyhash(env);
#endif
}
@@ -6214,6 +6226,10 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
& CPUID_EXT2_AMD_ALIASES);
}
+#ifndef CONFIG_USER_ONLY
+ x86_cpu_set_sgxlepubkeyhash(env);
+#endif
+
/*
* note: the call to the framework needs to happen after feature expansion,
* but before the checks/modifications to ucode_rev, mwait, phys_bits.
@@ -6901,7 +6917,6 @@ static const TypeInfo x86_cpu_type_info = {
.class_init = x86_cpu_common_class_init,
};
-
/* "base" CPU model, used by query-cpu-model-expansion */
static void x86_cpu_base_class_init(ObjectClass *oc, void *data)
{
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index e18cceb851..07daf1d811 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1516,6 +1516,7 @@ typedef struct CPUX86State {
uint64_t mcg_status;
uint64_t msr_ia32_misc_enable;
uint64_t msr_ia32_feature_control;
+ uint64_t msr_ia32_sgxlepubkeyhash[4];
uint64_t msr_fixed_ctr_ctrl;
uint64_t msr_global_ctrl;
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 500d2e0e68..11551648f9 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -3107,6 +3107,17 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
}
}
+ if (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_SGX_LC) {
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH0,
+ env->msr_ia32_sgxlepubkeyhash[0]);
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH1,
+ env->msr_ia32_sgxlepubkeyhash[1]);
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH2,
+ env->msr_ia32_sgxlepubkeyhash[2]);
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH3,
+ env->msr_ia32_sgxlepubkeyhash[3]);
+ }
+
/* Note: MSR_IA32_FEATURE_CONTROL is written separately, see
* kvm_put_msr_feature_control. */
}
@@ -3446,6 +3457,13 @@ static int kvm_get_msrs(X86CPU *cpu)
}
}
+ if (env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_SGX_LC) {
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH0, 0);
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH1, 0);
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH2, 0);
+ kvm_msr_entry_add(cpu, MSR_IA32_SGXLEPUBKEYHASH3, 0);
+ }
+
ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_MSRS, cpu->kvm_msr_buf);
if (ret < 0) {
return ret;
@@ -3735,6 +3753,10 @@ static int kvm_get_msrs(X86CPU *cpu)
case MSR_IA32_RTIT_ADDR0_A ... MSR_IA32_RTIT_ADDR3_B:
env->msr_rtit_addrs[index - MSR_IA32_RTIT_ADDR0_A] = msrs[i].data;
break;
+ case MSR_IA32_SGXLEPUBKEYHASH0 ... MSR_IA32_SGXLEPUBKEYHASH3:
+ env->msr_ia32_sgxlepubkeyhash[index - MSR_IA32_SGXLEPUBKEYHASH0] =
+ msrs[i].data;
+ break;
}
}
diff --git a/target/i386/machine.c b/target/i386/machine.c
index b0943118d1..4367931623 100644
--- a/target/i386/machine.c
+++ b/target/i386/machine.c
@@ -1415,6 +1415,25 @@ static const VMStateDescription vmstate_msr_tsx_ctrl = {
}
};
+static bool intel_sgx_msrs_needed(void *opaque)
+{
+ X86CPU *cpu = opaque;
+ CPUX86State *env = &cpu->env;
+
+ return !!(env->features[FEAT_7_0_ECX] & CPUID_7_0_ECX_SGX_LC);
+}
+
+static const VMStateDescription vmstate_msr_intel_sgx = {
+ .name = "cpu/intel_sgx",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .needed = intel_sgx_msrs_needed,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT64_ARRAY(env.msr_ia32_sgxlepubkeyhash, X86CPU, 4),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
const VMStateDescription vmstate_x86_cpu = {
.name = "cpu",
.version_id = 12,
@@ -1551,6 +1570,7 @@ const VMStateDescription vmstate_x86_cpu = {
&vmstate_nested_state,
#endif
&vmstate_msr_tsx_ctrl,
+ &vmstate_msr_intel_sgx,
NULL
}
};
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 19/43] fw_cfg: add etc/msr_feature_control
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (17 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 18/43] i386: Add get/set/migrate support for SGX_LEPUBKEYHASH MSRs Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 20/43] i386: Add feature control MSR dependency when SGX is enabled Paolo Bonzini
` (25 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel
The file already existed, but nobody had noticed the warning until now.
Add it at the bottom, since that is where unknown files go in legacy mode.
Fixes: 217f1b4a721 ("target-i386: Publish advised value of MSR_IA32_FEATURE_CONTROL via fw_cfg")
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/nvram/fw_cfg.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 9b8dcca4ea..c06b30de11 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -878,6 +878,7 @@ static struct {
{ "etc/tpm/log", 150 },
{ "etc/acpi/rsdp", 160 },
{ "bootorder", 170 },
+ { "etc/msr_feature_control", 180 },
#define FW_CFG_ORDER_OVERRIDE_LAST 200
};
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 20/43] i386: Add feature control MSR dependency when SGX is enabled
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (18 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 19/43] fw_cfg: add etc/msr_feature_control Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 21/43] i386: Update SGX CPUID info according to hardware/KVM/user input Paolo Bonzini
` (24 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
SGX adds multiple flags to FEATURE_CONTROL to enable SGX and Flexible
Launch Control.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-12-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/kvm/kvm.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 11551648f9..6dc40161e0 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -1877,6 +1877,11 @@ int kvm_arch_init_vcpu(CPUState *cs)
!!(c->ecx & CPUID_EXT_SMX);
}
+ c = cpuid_find_entry(&cpuid_data.cpuid, 7, 0);
+ if (c && (c->ebx & CPUID_7_0_EBX_SGX)) {
+ has_msr_feature_control = true;
+ }
+
if (env->mcg_cap & MCG_LMCE_P) {
has_msr_mcg_ext_ctl = has_msr_feature_control = true;
}
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 21/43] i386: Update SGX CPUID info according to hardware/KVM/user input
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (19 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 20/43] i386: Add feature control MSR dependency when SGX is enabled Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-09 13:09 ` Philippe Mathieu-Daudé
2021-09-08 10:04 ` [PULL v4 22/43] i386: kvm: Add support for exposing PROVISIONKEY to guest Paolo Bonzini
` (23 subsequent siblings)
44 siblings, 1 reply; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
Expose SGX to the guest if and only if KVM is enabled and supports
virtualization of SGX. While the majority of ENCLS can be emulated to
some degree, because SGX uses a hardware-based root of trust, the
attestation aspects of SGX cannot be emulated in software, i.e.
ultimately emulation will fail as software cannot generate a valid
quote/report. The complexity of partially emulating SGX in Qemu far
outweighs the value added, e.g. an SGX specific simulator for userspace
applications can emulate SGX for development and testing purposes.
Note, access to the PROVISIONKEY is not yet advertised to the guest as
KVM blocks access to the PROVISIONKEY by default and requires userspace
to provide additional credentials (via ioctl()) to expose PROVISIONKEY.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
v3-->v4:
- Replaced g_malloc0() with directly ....
Message-Id: <20210719112136.57018-13-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/sgx.c | 17 +++++++++
include/hw/i386/sgx-epc.h | 2 +
target/i386/cpu.c | 77 +++++++++++++++++++++++++++++++++++++++
3 files changed, 96 insertions(+)
diff --git a/hw/i386/sgx.c b/hw/i386/sgx.c
index e77deb0b00..5f988c6368 100644
--- a/hw/i386/sgx.c
+++ b/hw/i386/sgx.c
@@ -18,6 +18,23 @@
#include "qapi/error.h"
#include "exec/address-spaces.h"
+int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size)
+{
+ PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
+ SGXEPCDevice *epc;
+
+ if (pcms->sgx_epc.size == 0 || pcms->sgx_epc.nr_sections <= section_nr) {
+ return 1;
+ }
+
+ epc = pcms->sgx_epc.sections[section_nr];
+
+ *addr = epc->addr;
+ *size = memory_device_get_region_size(MEMORY_DEVICE(epc), &error_fatal);
+
+ return 0;
+}
+
static int sgx_epc_set_property(void *opaque, const char *name,
const char *value, Error **errp)
{
diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h
index 2b2490892b..f85fd2a4ca 100644
--- a/include/hw/i386/sgx-epc.h
+++ b/include/hw/i386/sgx-epc.h
@@ -55,4 +55,6 @@ typedef struct SGXEPCState {
int nr_sections;
} SGXEPCState;
+int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size);
+
#endif
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 59cb2c2d03..38cf507199 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -36,6 +36,7 @@
#ifndef CONFIG_USER_ONLY
#include "exec/address-spaces.h"
#include "hw/boards.h"
+#include "hw/i386/sgx-epc.h"
#endif
#include "disas/capstone.h"
@@ -5334,6 +5335,25 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
*ecx |= CPUID_7_0_ECX_OSPKE;
}
*edx = env->features[FEAT_7_0_EDX]; /* Feature flags */
+
+ /*
+ * SGX cannot be emulated in software. If hardware does not
+ * support enabling SGX and/or SGX flexible launch control,
+ * then we need to update the VM's CPUID values accordingly.
+ */
+ if ((*ebx & CPUID_7_0_EBX_SGX) &&
+ (!kvm_enabled() ||
+ !(kvm_arch_get_supported_cpuid(cs->kvm_state, 0x7, 0, R_EBX) &
+ CPUID_7_0_EBX_SGX))) {
+ *ebx &= ~CPUID_7_0_EBX_SGX;
+ }
+
+ if ((*ecx & CPUID_7_0_ECX_SGX_LC) &&
+ (!(*ebx & CPUID_7_0_EBX_SGX) || !kvm_enabled() ||
+ !(kvm_arch_get_supported_cpuid(cs->kvm_state, 0x7, 0, R_ECX) &
+ CPUID_7_0_ECX_SGX_LC))) {
+ *ecx &= ~CPUID_7_0_ECX_SGX_LC;
+ }
} else if (count == 1) {
*eax = env->features[FEAT_7_1_EAX];
*ebx = 0;
@@ -5469,6 +5489,63 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
}
break;
}
+ case 0x12:
+#ifndef CONFIG_USER_ONLY
+ if (!kvm_enabled() ||
+ !(env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_SGX)) {
+ *eax = *ebx = *ecx = *edx = 0;
+ break;
+ }
+
+ /*
+ * SGX sub-leafs CPUID.0x12.{0x2..N} enumerate EPC sections. Retrieve
+ * the EPC properties, e.g. confidentiality and integrity, from the
+ * host's first EPC section, i.e. assume there is one EPC section or
+ * that all EPC sections have the same security properties.
+ */
+ if (count > 1) {
+ uint64_t epc_addr, epc_size;
+
+ if (sgx_epc_get_section(count - 2, &epc_addr, &epc_size)) {
+ *eax = *ebx = *ecx = *edx = 0;
+ break;
+ }
+ host_cpuid(index, 2, eax, ebx, ecx, edx);
+ *eax = (uint32_t)(epc_addr & 0xfffff000) | 0x1;
+ *ebx = (uint32_t)(epc_addr >> 32);
+ *ecx = (uint32_t)(epc_size & 0xfffff000) | (*ecx & 0xf);
+ *edx = (uint32_t)(epc_size >> 32);
+ break;
+ }
+
+ /*
+ * SGX sub-leafs CPUID.0x12.{0x0,0x1} are heavily dependent on hardware
+ * and KVM, i.e. QEMU cannot emulate features to override what KVM
+ * supports. Features can be further restricted by userspace, but not
+ * made more permissive.
+ */
+ *eax = kvm_arch_get_supported_cpuid(cs->kvm_state, 0x12, count, R_EAX);
+ *ebx = kvm_arch_get_supported_cpuid(cs->kvm_state, 0x12, count, R_EBX);
+ *ecx = kvm_arch_get_supported_cpuid(cs->kvm_state, 0x12, count, R_ECX);
+ *edx = kvm_arch_get_supported_cpuid(cs->kvm_state, 0x12, count, R_EDX);
+
+ if (count == 0) {
+ *eax &= env->features[FEAT_SGX_12_0_EAX];
+ *ebx &= env->features[FEAT_SGX_12_0_EBX];
+ } else {
+ *eax &= env->features[FEAT_SGX_12_1_EAX];
+ *ebx &= 0; /* ebx reserve */
+ *ecx &= env->features[FEAT_XSAVE_COMP_LO];
+ *edx &= env->features[FEAT_XSAVE_COMP_HI];
+
+ /* FP and SSE are always allowed regardless of XSAVE/XCR0. */
+ *ecx |= XSTATE_FP_MASK | XSTATE_SSE_MASK;
+
+ /* Access to PROVISIONKEY requires additional credentials. */
+ *eax &= ~(1U << 4);
+ }
+#endif
+ break;
case 0x14: {
/* Intel Processor Trace Enumeration */
*eax = 0;
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 22/43] i386: kvm: Add support for exposing PROVISIONKEY to guest
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (20 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 21/43] i386: Update SGX CPUID info according to hardware/KVM/user input Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 23/43] i386: Propagate SGX CPUID sub-leafs to KVM Paolo Bonzini
` (22 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
If the guest want to fully use SGX, the guest needs to be able to
access provisioning key. Add a new KVM_CAP_SGX_ATTRIBUTE to KVM to
support provisioning key to KVM guests.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-14-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.c | 5 ++++-
target/i386/kvm/kvm.c | 29 +++++++++++++++++++++++++++++
target/i386/kvm/kvm_i386.h | 2 ++
3 files changed, 35 insertions(+), 1 deletion(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 38cf507199..3b1f9cbdf6 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5542,7 +5542,10 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
*ecx |= XSTATE_FP_MASK | XSTATE_SSE_MASK;
/* Access to PROVISIONKEY requires additional credentials. */
- *eax &= ~(1U << 4);
+ if ((*eax & (1U << 4)) &&
+ !kvm_enable_sgx_provisioning(cs->kvm_state)) {
+ *eax &= ~(1U << 4);
+ }
}
#endif
break;
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 6dc40161e0..488926a95f 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -4644,6 +4644,35 @@ void kvm_arch_update_guest_debug(CPUState *cpu, struct kvm_guest_debug *dbg)
}
}
+static bool has_sgx_provisioning;
+
+static bool __kvm_enable_sgx_provisioning(KVMState *s)
+{
+ int fd, ret;
+
+ if (!kvm_vm_check_extension(s, KVM_CAP_SGX_ATTRIBUTE)) {
+ return false;
+ }
+
+ fd = qemu_open_old("/dev/sgx_provision", O_RDONLY);
+ if (fd < 0) {
+ return false;
+ }
+
+ ret = kvm_vm_enable_cap(s, KVM_CAP_SGX_ATTRIBUTE, 0, fd);
+ if (ret) {
+ error_report("Could not enable SGX PROVISIONKEY: %s", strerror(-ret));
+ exit(1);
+ }
+ close(fd);
+ return true;
+}
+
+bool kvm_enable_sgx_provisioning(KVMState *s)
+{
+ return MEMORIZE(__kvm_enable_sgx_provisioning(s), has_sgx_provisioning);
+}
+
static bool host_supports_vmx(void)
{
uint32_t ecx, unused;
diff --git a/target/i386/kvm/kvm_i386.h b/target/i386/kvm/kvm_i386.h
index 54667b35f0..a978509d50 100644
--- a/target/i386/kvm/kvm_i386.h
+++ b/target/i386/kvm/kvm_i386.h
@@ -51,4 +51,6 @@ bool kvm_hyperv_expand_features(X86CPU *cpu, Error **errp);
uint64_t kvm_swizzle_msi_ext_dest_id(uint64_t address);
+bool kvm_enable_sgx_provisioning(KVMState *s);
+
#endif
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 23/43] i386: Propagate SGX CPUID sub-leafs to KVM
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (21 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 22/43] i386: kvm: Add support for exposing PROVISIONKEY to guest Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 24/43] Adjust min CPUID level to 0x12 when SGX is enabled Paolo Bonzini
` (21 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
The SGX sub-leafs are enumerated at CPUID 0x12. Indices 0 and 1 are
always present when SGX is supported, and enumerate SGX features and
capabilities. Indices >=2 are directly correlated with the platform's
EPC sections. Because the number of EPC sections is dynamic and user
defined, the number of SGX sub-leafs is "NULL" terminated.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-15-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/kvm/kvm.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 488926a95f..f6bbf33bc1 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -1703,6 +1703,25 @@ int kvm_arch_init_vcpu(CPUState *cs)
}
break;
case 0x7:
+ case 0x12:
+ for (j = 0; ; j++) {
+ c->function = i;
+ c->flags = KVM_CPUID_FLAG_SIGNIFCANT_INDEX;
+ c->index = j;
+ cpu_x86_cpuid(env, i, j, &c->eax, &c->ebx, &c->ecx, &c->edx);
+
+ if (j > 1 && (c->eax & 0xf) != 1) {
+ break;
+ }
+
+ if (cpuid_i == KVM_MAX_CPUID_ENTRIES) {
+ fprintf(stderr, "cpuid_data is full, no space for "
+ "cpuid(eax:0x12,ecx:0x%x)\n", j);
+ abort();
+ }
+ c = &cpuid_data.entries[cpuid_i++];
+ }
+ break;
case 0x14: {
uint32_t times;
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 24/43] Adjust min CPUID level to 0x12 when SGX is enabled
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (22 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 23/43] i386: Propagate SGX CPUID sub-leafs to KVM Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 25/43] hw/i386/fw_cfg: Set SGX bits in feature control fw_cfg accordingly Paolo Bonzini
` (20 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
SGX capabilities are enumerated through CPUID_0x12.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-16-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
target/i386/cpu.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 3b1f9cbdf6..2774550501 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -6153,6 +6153,11 @@ void x86_cpu_expand_features(X86CPU *cpu, Error **errp)
if (sev_enabled()) {
x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000001F);
}
+
+ /* SGX requires CPUID[0x12] for EPC enumeration */
+ if (env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_SGX) {
+ x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x12);
+ }
}
/* Set cpuid_*level* based on cpuid_min_*level, if not explicitly set */
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 25/43] hw/i386/fw_cfg: Set SGX bits in feature control fw_cfg accordingly
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (23 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 24/43] Adjust min CPUID level to 0x12 when SGX is enabled Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 26/43] hw/i386/pc: Account for SGX EPC sections when calculating device memory Paolo Bonzini
` (19 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
Request SGX an SGX Launch Control to be enabled in FEATURE_CONTROL
when the features are exposed to the guest. Our design is the SGX
Launch Control bit will be unconditionally set in FEATURE_CONTROL,
which is unlike host bios.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-17-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/fw_cfg.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/hw/i386/fw_cfg.c b/hw/i386/fw_cfg.c
index 4e68d5dea4..f6d036dfbe 100644
--- a/hw/i386/fw_cfg.c
+++ b/hw/i386/fw_cfg.c
@@ -159,7 +159,7 @@ void fw_cfg_build_feature_control(MachineState *ms, FWCfgState *fw_cfg)
{
X86CPU *cpu = X86_CPU(ms->possible_cpus->cpus[0].cpu);
CPUX86State *env = &cpu->env;
- uint32_t unused, ecx, edx;
+ uint32_t unused, ebx, ecx, edx;
uint64_t feature_control_bits = 0;
uint64_t *val;
@@ -174,6 +174,14 @@ void fw_cfg_build_feature_control(MachineState *ms, FWCfgState *fw_cfg)
feature_control_bits |= FEATURE_CONTROL_LMCE;
}
+ cpu_x86_cpuid(env, 0x7, 0, &unused, &ebx, &ecx, &unused);
+ if (ebx & CPUID_7_0_EBX_SGX) {
+ feature_control_bits |= FEATURE_CONTROL_SGX;
+ }
+ if (ecx & CPUID_7_0_ECX_SGX_LC) {
+ feature_control_bits |= FEATURE_CONTROL_SGX_LC;
+ }
+
if (!feature_control_bits) {
return;
}
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 26/43] hw/i386/pc: Account for SGX EPC sections when calculating device memory
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (24 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 25/43] hw/i386/fw_cfg: Set SGX bits in feature control fw_cfg accordingly Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 27/43] i386/pc: Add e820 entry for SGX EPC section(s) Paolo Bonzini
` (18 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
Add helpers to detect if SGX EPC exists above 4g, and if so, where SGX
EPC above 4g ends. Use the helpers to adjust the device memory range
if SGX EPC exists above 4g.
For multiple virtual EPC sections, we just put them together physically
contiguous for the simplicity because we don't support EPC NUMA affinity
now. Once the SGX EPC NUMA support in the kernel SGX driver, we will
support this in the future.
Note that SGX EPC is currently hardcoded to reside above 4g.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-18-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/pc.c | 11 ++++++++++-
include/hw/i386/sgx-epc.h | 7 +++++++
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 7e523b913c..58700af138 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -913,8 +913,15 @@ void pc_memory_init(PCMachineState *pcms,
exit(EXIT_FAILURE);
}
+ if (pcms->sgx_epc.size != 0) {
+ machine->device_memory->base = sgx_epc_above_4g_end(&pcms->sgx_epc);
+ } else {
+ machine->device_memory->base =
+ 0x100000000ULL + x86ms->above_4g_mem_size;
+ }
+
machine->device_memory->base =
- ROUND_UP(0x100000000ULL + x86ms->above_4g_mem_size, 1 * GiB);
+ ROUND_UP(machine->device_memory->base, 1 * GiB);
if (pcmc->enforce_aligned_dimm) {
/* size device region assuming 1G page max alignment per slot */
@@ -999,6 +1006,8 @@ uint64_t pc_pci_hole64_start(void)
if (!pcmc->broken_reserved_end) {
hole64_start += memory_region_size(&ms->device_memory->mr);
}
+ } else if (pcms->sgx_epc.size != 0) {
+ hole64_start = sgx_epc_above_4g_end(&pcms->sgx_epc);
} else {
hole64_start = 0x100000000ULL + x86ms->above_4g_mem_size;
}
diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h
index f85fd2a4ca..155e8fad3e 100644
--- a/include/hw/i386/sgx-epc.h
+++ b/include/hw/i386/sgx-epc.h
@@ -57,4 +57,11 @@ typedef struct SGXEPCState {
int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size);
+static inline uint64_t sgx_epc_above_4g_end(SGXEPCState *sgx_epc)
+{
+ assert(sgx_epc != NULL && sgx_epc->base >= 0x100000000ULL);
+
+ return sgx_epc->base + sgx_epc->size;
+}
+
#endif
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 27/43] i386/pc: Add e820 entry for SGX EPC section(s)
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (25 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 26/43] hw/i386/pc: Account for SGX EPC sections when calculating device memory Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 28/43] i386: acpi: Add SGX EPC entry to ACPI tables Paolo Bonzini
` (17 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
Note that SGX EPC is currently guaranteed to reside in a single
contiguous chunk of memory regardless of the number of EPC sections.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-19-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/pc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 58700af138..1260fb6197 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -883,6 +883,10 @@ void pc_memory_init(PCMachineState *pcms,
e820_add_entry(0x100000000ULL, x86ms->above_4g_mem_size, E820_RAM);
}
+ if (pcms->sgx_epc.size != 0) {
+ e820_add_entry(pcms->sgx_epc.base, pcms->sgx_epc.size, E820_RESERVED);
+ }
+
if (!pcmc->has_reserved_memory &&
(machine->ram_slots ||
(machine->maxram_size > machine->ram_size))) {
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 28/43] i386: acpi: Add SGX EPC entry to ACPI tables
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (26 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 27/43] i386/pc: Add e820 entry for SGX EPC section(s) Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 29/43] q35: Add support for SGX EPC Paolo Bonzini
` (16 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
The ACPI Device entry for SGX EPC is essentially a hack whose primary
purpose is to provide software with a way to autoprobe SGX support,
e.g. to allow software to implement SGX support as a driver. Details
on the individual EPC sections are not enumerated through ACPI tables,
i.e. software must enumerate the EPC sections via CPUID. Furthermore,
software expects to see only a single EPC Device in the ACPI tables
regardless of the number of EPC sections in the system.
However, several versions of Windows do rely on the ACPI tables to
enumerate the address and size of the EPC. So, regardless of the number
of EPC sections exposed to the guest, create exactly *one* EPC device
with a _CRS entry that spans the entirety of all EPC sections (which are
guaranteed to be contiguous in Qemu).
Note, NUMA support for EPC memory is intentionally not considered as
enumerating EPC NUMA information is not yet defined for bare metal.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-20-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/acpi-build.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index d1f5fa3b5a..10f52c0c7c 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1841,6 +1841,28 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
}
#endif
+ if (pcms->sgx_epc.size != 0) {
+ uint64_t epc_base = pcms->sgx_epc.base;
+ uint64_t epc_size = pcms->sgx_epc.size;
+
+ dev = aml_device("EPC");
+ aml_append(dev, aml_name_decl("_HID", aml_eisaid("INT0E0C")));
+ aml_append(dev, aml_name_decl("_STR",
+ aml_unicode("Enclave Page Cache 1.0")));
+ crs = aml_resource_template();
+ aml_append(crs,
+ aml_qword_memory(AML_POS_DECODE, AML_MIN_FIXED,
+ AML_MAX_FIXED, AML_NON_CACHEABLE,
+ AML_READ_WRITE, 0, epc_base,
+ epc_base + epc_size - 1, 0, epc_size));
+ aml_append(dev, aml_name_decl("_CRS", crs));
+
+ method = aml_method("_STA", 0, AML_NOTSERIALIZED);
+ aml_append(method, aml_return(aml_int(0x0f)));
+ aml_append(dev, method);
+
+ aml_append(sb_scope, dev);
+ }
aml_append(dsdt, sb_scope);
/* copy AML table into ACPI tables blob and patch header there */
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 29/43] q35: Add support for SGX EPC
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (27 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 28/43] i386: acpi: Add SGX EPC entry to ACPI tables Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 30/43] i440fx: " Paolo Bonzini
` (15 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
Enable SGX EPC virtualization, which is currently only support by KVM.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-21-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/pc_q35.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index 46cd542d17..216e044d45 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -177,6 +177,9 @@ static void pc_q35_init(MachineState *machine)
x86ms->below_4g_mem_size = machine->ram_size;
}
+ if (x86ms->sgx_epc_list) {
+ pc_machine_init_sgx_epc(pcms);
+ }
x86_cpus_init(x86ms, pcmc->default_cpu_version);
kvmclock_create(pcmc->kvmclock_create_always);
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 30/43] i440fx: Add support for SGX EPC
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (28 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 29/43] q35: Add support for SGX EPC Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 31/43] hostmem-epc: Add the reset interface for EPC backend reset Paolo Bonzini
` (14 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
Enable SGX EPC virtualization, which is currently only support by KVM.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-22-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/pc_piix.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index c5da7739ce..dabb66b51d 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -153,6 +153,10 @@ static void pc_init1(MachineState *machine,
}
}
+ if (x86ms->sgx_epc_list) {
+ pc_machine_init_sgx_epc(pcms);
+ }
+
x86_cpus_init(x86ms, pcmc->default_cpu_version);
if (pcmc->kvmclock_enabled) {
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 31/43] hostmem-epc: Add the reset interface for EPC backend reset
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (29 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 30/43] i440fx: " Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 32/43] sgx-epc: Add the reset interface for sgx-epc virt device Paolo Bonzini
` (13 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong
From: Yang Zhong <yang.zhong@intel.com>
Add the sgx_memory_backend_reset() interface to handle EPC backend
reset when VM is reset. This reset function will destroy previous
backend memory region and re-mmap the EPC section for guest.
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-23-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
backends/hostmem-epc.c | 16 ++++++++++++++++
include/hw/i386/pc.h | 2 ++
2 files changed, 18 insertions(+)
diff --git a/backends/hostmem-epc.c b/backends/hostmem-epc.c
index b512a68cb0..3bd1535d82 100644
--- a/backends/hostmem-epc.c
+++ b/backends/hostmem-epc.c
@@ -16,6 +16,7 @@
#include "qom/object_interfaces.h"
#include "qapi/error.h"
#include "sysemu/hostmem.h"
+#include "hw/i386/pc.h"
#define TYPE_MEMORY_BACKEND_EPC "memory-backend-epc"
@@ -55,6 +56,21 @@ sgx_epc_backend_memory_alloc(HostMemoryBackend *backend, Error **errp)
g_free(name);
}
+void sgx_memory_backend_reset(HostMemoryBackend *backend, int fd,
+ Error **errp)
+{
+ MemoryRegion *mr = &backend->mr;
+
+ mr->enabled = false;
+
+ /* destroy the old memory region if it exist */
+ if (fd > 0 && mr->destructor) {
+ mr->destructor(mr);
+ }
+
+ sgx_epc_backend_memory_alloc(backend, errp);
+}
+
static void sgx_epc_backend_instance_init(Object *obj)
{
HostMemoryBackend *m = MEMORY_BACKEND(obj);
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index f2869437ab..a5ae380b4b 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -203,6 +203,8 @@ extern const size_t pc_compat_6_0_len;
/* sgx-epc.c */
void pc_machine_init_sgx_epc(PCMachineState *pcms);
+void sgx_memory_backend_reset(HostMemoryBackend *backend, int fd,
+ Error **errp);
extern GlobalProperty pc_compat_5_2[];
extern const size_t pc_compat_5_2_len;
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 32/43] sgx-epc: Add the reset interface for sgx-epc virt device
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (30 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 31/43] hostmem-epc: Add the reset interface for EPC backend reset Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 33/43] sgx-epc: Avoid bios reset during sgx epc initialization Paolo Bonzini
` (12 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong
From: Yang Zhong <yang.zhong@intel.com>
If the VM is reset, we need make sure sgx virt epc in clean status.
Once the VM is reset, and sgx epc virt device will be reseted by
reset callback registered by qemu_register_reset(). Since this epc
virt device depend on backend, this reset will call backend reset
interface to re-mmap epc to guest.
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-24-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/sgx-epc.c | 94 ++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 81 insertions(+), 13 deletions(-)
diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c
index 924dea22f0..9880d832d5 100644
--- a/hw/i386/sgx-epc.c
+++ b/hw/i386/sgx-epc.c
@@ -18,6 +18,9 @@
#include "qapi/visitor.h"
#include "target/i386/cpu.h"
#include "exec/address-spaces.h"
+#include "sysemu/reset.h"
+
+uint32_t epc_num;
static Property sgx_epc_properties[] = {
DEFINE_PROP_UINT64(SGX_EPC_ADDR_PROP, SGXEPCDevice, addr, 0),
@@ -47,12 +50,84 @@ static void sgx_epc_init(Object *obj)
NULL, NULL, NULL);
}
+static void sgx_epc_del_subregion(DeviceState *dev)
+{
+ PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
+ SGXEPCState *sgx_epc = &pcms->sgx_epc;
+ SGXEPCDevice *epc = SGX_EPC(dev);
+
+ /* del subregion and related operations */
+ memory_region_del_subregion(&sgx_epc->mr,
+ host_memory_backend_get_memory(epc->hostmem));
+ host_memory_backend_set_mapped(epc->hostmem, false);
+ g_free(sgx_epc->sections);
+ sgx_epc->sections = NULL;
+
+ /* multiple epc devices, only zero the first time */
+ if (epc_num == sgx_epc->nr_sections) {
+ sgx_epc->size = 0;
+ sgx_epc->nr_sections = 0;
+ }
+}
+
+static void sgx_epc_initialization(DeviceState *dev)
+{
+ PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
+ SGXEPCState *sgx_epc = &pcms->sgx_epc;
+ MemoryDeviceState *md = MEMORY_DEVICE(dev);
+ SGXEPCDevice *epc = SGX_EPC(dev);
+ Error *errp = NULL;
+
+ if (!epc->hostmem) {
+ error_setg(&errp, "'" SGX_EPC_MEMDEV_PROP "' property is not set");
+ return;
+ }
+
+ epc->addr = sgx_epc->base + sgx_epc->size;
+
+ memory_region_add_subregion(&sgx_epc->mr, epc->addr - sgx_epc->base,
+ host_memory_backend_get_memory(epc->hostmem));
+
+ host_memory_backend_set_mapped(epc->hostmem, true);
+
+ sgx_epc->sections = g_renew(SGXEPCDevice *, sgx_epc->sections,
+ sgx_epc->nr_sections + 1);
+ sgx_epc->sections[sgx_epc->nr_sections++] = epc;
+
+ sgx_epc->size += memory_device_get_region_size(md, &errp);
+}
+
+static void sgx_epc_reset(void *opaque)
+{
+ DeviceState *dev = opaque;
+ SGXEPCDevice *epc = SGX_EPC(dev);
+ Error *errp = NULL;
+ int fd;
+
+ if (!epc->hostmem) {
+ error_setg(&errp, "'" SGX_EPC_MEMDEV_PROP "' property is not set");
+ return;
+ }
+
+ /* delete subregion and related operations */
+ sgx_epc_del_subregion(dev);
+
+ /* reset sgx backend */
+ fd = memory_region_get_fd(host_memory_backend_get_memory(epc->hostmem));
+ sgx_memory_backend_reset(epc->hostmem, fd, &errp);
+ if (errp) {
+ error_setg(&errp, "failed to call sgx_memory_backend_reset");
+ return;
+ }
+
+ /* re-add subregion and related operations */
+ sgx_epc_initialization(dev);
+}
+
static void sgx_epc_realize(DeviceState *dev, Error **errp)
{
PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
X86MachineState *x86ms = X86_MACHINE(pcms);
- MemoryDeviceState *md = MEMORY_DEVICE(dev);
- SGXEPCState *sgx_epc = &pcms->sgx_epc;
SGXEPCDevice *epc = SGX_EPC(dev);
const char *path;
@@ -71,18 +146,11 @@ static void sgx_epc_realize(DeviceState *dev, Error **errp)
return;
}
- epc->addr = sgx_epc->base + sgx_epc->size;
+ sgx_epc_initialization(dev);
+ epc_num++;
- memory_region_add_subregion(&sgx_epc->mr, epc->addr - sgx_epc->base,
- host_memory_backend_get_memory(epc->hostmem));
-
- host_memory_backend_set_mapped(epc->hostmem, true);
-
- sgx_epc->sections = g_renew(SGXEPCDevice *, sgx_epc->sections,
- sgx_epc->nr_sections + 1);
- sgx_epc->sections[sgx_epc->nr_sections++] = epc;
-
- sgx_epc->size += memory_device_get_region_size(md, errp);
+ /* register the reset callback for sgx reset */
+ qemu_register_reset(sgx_epc_reset, dev);
}
static void sgx_epc_unrealize(DeviceState *dev)
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 33/43] sgx-epc: Avoid bios reset during sgx epc initialization
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (31 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 32/43] sgx-epc: Add the reset interface for sgx-epc virt device Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 34/43] hostmem-epc: Make prealloc consistent with qemu cmdline during reset Paolo Bonzini
` (11 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong
From: Yang Zhong <yang.zhong@intel.com>
Since bios do the reset when qemu boot up, and sgx epc will be
reset by the registered reset callback function. Like this, the
sgx epc will do two times initialization. This patch will check
protected mode from cr0 register, and will bypass reset operation
from bios. The reset callback will only accept reset operation
from guest.
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-25-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/sgx-epc.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c
index 9880d832d5..70075db37c 100644
--- a/hw/i386/sgx-epc.c
+++ b/hw/i386/sgx-epc.c
@@ -19,6 +19,7 @@
#include "target/i386/cpu.h"
#include "exec/address-spaces.h"
#include "sysemu/reset.h"
+#include "sysemu/hw_accel.h"
uint32_t epc_num;
@@ -97,6 +98,21 @@ static void sgx_epc_initialization(DeviceState *dev)
sgx_epc->size += memory_device_get_region_size(md, &errp);
}
+static bool check_reset_from_guest(void)
+{
+ CPUState *cs = first_cpu;
+ X86CPU *cpu = X86_CPU(cs);
+ CPUX86State *env = &cpu->env;
+
+ cpu_synchronize_state(cs);
+
+ if (env->cr[0] & CR0_PE_MASK) {
+ return true;
+ }
+
+ return false;
+}
+
static void sgx_epc_reset(void *opaque)
{
DeviceState *dev = opaque;
@@ -104,6 +120,9 @@ static void sgx_epc_reset(void *opaque)
Error *errp = NULL;
int fd;
+ if (!check_reset_from_guest())
+ return;
+
if (!epc->hostmem) {
error_setg(&errp, "'" SGX_EPC_MEMDEV_PROP "' property is not set");
return;
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 34/43] hostmem-epc: Make prealloc consistent with qemu cmdline during reset
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (32 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 33/43] sgx-epc: Avoid bios reset during sgx epc initialization Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 35/43] Kconfig: Add CONFIG_SGX support Paolo Bonzini
` (10 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong
From: Yang Zhong <yang.zhong@intel.com>
If qemu cmdline set the prealloc property for sgx epc and VM do the
reset the prealloc property will be different with cmdline settings.
This patch can make sure same prealloc property setting with cmdline.
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-26-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
backends/hostmem-epc.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/backends/hostmem-epc.c b/backends/hostmem-epc.c
index 3bd1535d82..9836358841 100644
--- a/backends/hostmem-epc.c
+++ b/backends/hostmem-epc.c
@@ -60,6 +60,8 @@ void sgx_memory_backend_reset(HostMemoryBackend *backend, int fd,
Error **errp)
{
MemoryRegion *mr = &backend->mr;
+ void *ptr;
+ uint64_t sz;
mr->enabled = false;
@@ -69,6 +71,14 @@ void sgx_memory_backend_reset(HostMemoryBackend *backend, int fd,
}
sgx_epc_backend_memory_alloc(backend, errp);
+
+ ptr = memory_region_get_ram_ptr(&backend->mr);
+ sz = memory_region_size(&backend->mr);
+
+ if (backend->prealloc) {
+ os_mem_prealloc(memory_region_get_fd(&backend->mr), ptr, sz,
+ backend->prealloc_threads, errp);
+ }
}
static void sgx_epc_backend_instance_init(Object *obj)
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 35/43] Kconfig: Add CONFIG_SGX support
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (33 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 34/43] hostmem-epc: Make prealloc consistent with qemu cmdline during reset Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-09 13:16 ` Philippe Mathieu-Daudé
2021-09-08 10:04 ` [PULL v4 36/43] sgx-epc: Add the fill_device_info() callback support Paolo Bonzini
` (9 subsequent siblings)
44 siblings, 1 reply; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong
From: Yang Zhong <yang.zhong@intel.com>
Add new CONFIG_SGX for sgx support in the Qemu, and the Kconfig
default enable sgx in the i386 platform.
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-32-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
backends/meson.build | 2 +-
configs/devices/i386-softmmu/default.mak | 1 +
hw/i386/Kconfig | 5 +++++
hw/i386/meson.build | 4 ++--
hw/i386/sgx-stub.c | 13 +++++++++++++
5 files changed, 22 insertions(+), 3 deletions(-)
create mode 100644 hw/i386/sgx-stub.c
diff --git a/backends/meson.build b/backends/meson.build
index 46fd16b269..6e68945528 100644
--- a/backends/meson.build
+++ b/backends/meson.build
@@ -16,6 +16,6 @@ softmmu_ss.add(when: ['CONFIG_VHOST_USER', 'CONFIG_VIRTIO'], if_true: files('vho
softmmu_ss.add(when: 'CONFIG_VIRTIO_CRYPTO', if_true: files('cryptodev-vhost.c'))
softmmu_ss.add(when: ['CONFIG_VIRTIO_CRYPTO', 'CONFIG_VHOST_CRYPTO'], if_true: files('cryptodev-vhost-user.c'))
softmmu_ss.add(when: 'CONFIG_GIO', if_true: [files('dbus-vmstate.c'), gio])
-softmmu_ss.add(when: 'CONFIG_LINUX', if_true: files('hostmem-epc.c'))
+softmmu_ss.add(when: 'CONFIG_SGX', if_true: files('hostmem-epc.c'))
subdir('tpm')
diff --git a/configs/devices/i386-softmmu/default.mak b/configs/devices/i386-softmmu/default.mak
index 84d1a2487c..598c6646df 100644
--- a/configs/devices/i386-softmmu/default.mak
+++ b/configs/devices/i386-softmmu/default.mak
@@ -22,6 +22,7 @@
#CONFIG_TPM_CRB=n
#CONFIG_TPM_TIS_ISA=n
#CONFIG_VTD=n
+#CONFIG_SGX=n
# Boards:
#
diff --git a/hw/i386/Kconfig b/hw/i386/Kconfig
index ddedcef0b2..962d2c981b 100644
--- a/hw/i386/Kconfig
+++ b/hw/i386/Kconfig
@@ -6,6 +6,10 @@ config SEV
select X86_FW_OVMF
depends on KVM
+config SGX
+ bool
+ depends on KVM
+
config PC
bool
imply APPLESMC
@@ -21,6 +25,7 @@ config PC
imply PVPANIC_ISA
imply QXL
imply SEV
+ imply SGX
imply SGA
imply TEST_DEVICES
imply TPM_CRB
diff --git a/hw/i386/meson.build b/hw/i386/meson.build
index fefce9e4ba..c502965219 100644
--- a/hw/i386/meson.build
+++ b/hw/i386/meson.build
@@ -5,8 +5,6 @@ i386_ss.add(files(
'e820_memory_layout.c',
'multiboot.c',
'x86.c',
- 'sgx-epc.c',
- 'sgx.c'
))
i386_ss.add(when: 'CONFIG_X86_IOMMU', if_true: files('x86-iommu.c'),
@@ -18,6 +16,8 @@ i386_ss.add(when: 'CONFIG_Q35', if_true: files('pc_q35.c'))
i386_ss.add(when: 'CONFIG_VMMOUSE', if_true: files('vmmouse.c'))
i386_ss.add(when: 'CONFIG_VMPORT', if_true: files('vmport.c'))
i386_ss.add(when: 'CONFIG_VTD', if_true: files('intel_iommu.c'))
+i386_ss.add(when: 'CONFIG_SGX', if_true: files('sgx-epc.c','sgx.c'),
+ if_false: files('sgx-stub.c'))
i386_ss.add(when: 'CONFIG_ACPI', if_true: files('acpi-common.c'))
i386_ss.add(when: 'CONFIG_ACPI_HW_REDUCED', if_true: files('generic_event_device_x86.c'))
diff --git a/hw/i386/sgx-stub.c b/hw/i386/sgx-stub.c
new file mode 100644
index 0000000000..edf17c3309
--- /dev/null
+++ b/hw/i386/sgx-stub.c
@@ -0,0 +1,13 @@
+#include "qemu/osdep.h"
+#include "hw/i386/pc.h"
+#include "hw/i386/sgx-epc.h"
+
+void pc_machine_init_sgx_epc(PCMachineState *pcms)
+{
+ return;
+}
+
+int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size)
+{
+ return 1;
+}
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 36/43] sgx-epc: Add the fill_device_info() callback support
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (34 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 35/43] Kconfig: Add CONFIG_SGX support Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 14:54 ` Eric Blake
2021-09-08 10:04 ` [PULL v4 37/43] docs: standardize book titles to === with overline Paolo Bonzini
` (8 subsequent siblings)
44 siblings, 1 reply; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong
From: Yang Zhong <yang.zhong@intel.com>
Since there is no fill_device_info() callback support, and when we
execute "info memory-devices" command in the monitor, the segfault
will be found.
This patch will add this callback support and "info memory-devices"
will show sgx epc memory exposed to guest. The result as below:
qemu) info memory-devices
Memory device [sgx-epc]: ""
memaddr: 0x180000000
size: 29360128
memdev: /objects/mem1
Memory device [sgx-epc]: ""
memaddr: 0x181c00000
size: 10485760
memdev: /objects/mem2
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
v3-->v4:
- Removed the epc device 'id' from compound property(Paolo).
v1-->v2:
- "Since: 5.1" to "Since: 6.1"(Eric Blake).
Message-Id: <20210719112136.57018-33-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/i386/sgx-epc.c | 11 ++++++++++-
monitor/hmp-cmds.c | 10 ++++++++++
qapi/machine.json | 26 +++++++++++++++++++++++++-
3 files changed, 45 insertions(+), 2 deletions(-)
diff --git a/hw/i386/sgx-epc.c b/hw/i386/sgx-epc.c
index 70075db37c..7fc3dd81b9 100644
--- a/hw/i386/sgx-epc.c
+++ b/hw/i386/sgx-epc.c
@@ -214,7 +214,16 @@ static MemoryRegion *sgx_epc_md_get_memory_region(MemoryDeviceState *md,
static void sgx_epc_md_fill_device_info(const MemoryDeviceState *md,
MemoryDeviceInfo *info)
{
- /* TODO */
+ SgxEPCDeviceInfo *se = g_new0(SgxEPCDeviceInfo, 1);
+ SGXEPCDevice *epc = SGX_EPC(md);
+
+ se->memaddr = epc->addr;
+ se->size = object_property_get_uint(OBJECT(epc), SGX_EPC_SIZE_PROP,
+ NULL);
+ se->memdev = object_get_canonical_path(OBJECT(epc->hostmem));
+
+ info->u.sgx_epc.data = se;
+ info->type = MEMORY_DEVICE_INFO_KIND_SGX_EPC;
}
static void sgx_epc_class_init(ObjectClass *oc, void *data)
diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index e00255f7ee..0d414d60c7 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -1823,6 +1823,7 @@ void hmp_info_memory_devices(Monitor *mon, const QDict *qdict)
VirtioMEMDeviceInfo *vmi;
MemoryDeviceInfo *value;
PCDIMMDeviceInfo *di;
+ SgxEPCDeviceInfo *se;
for (info = info_list; info; info = info->next) {
value = info->value;
@@ -1870,6 +1871,15 @@ void hmp_info_memory_devices(Monitor *mon, const QDict *qdict)
vmi->block_size);
monitor_printf(mon, " memdev: %s\n", vmi->memdev);
break;
+ case MEMORY_DEVICE_INFO_KIND_SGX_EPC:
+ se = value->u.sgx_epc.data;
+ monitor_printf(mon, "Memory device [%s]: \"%s\"\n",
+ MemoryDeviceInfoKind_str(value->type),
+ se->id ? se->id : "");
+ monitor_printf(mon, " memaddr: 0x%" PRIx64 "\n", se->memaddr);
+ monitor_printf(mon, " size: %" PRIu64 "\n", se->size);
+ monitor_printf(mon, " memdev: %s\n", se->memdev);
+ break;
default:
g_assert_not_reached();
}
diff --git a/qapi/machine.json b/qapi/machine.json
index 10d36da83f..61514c6d9f 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
@@ -1220,6 +1220,29 @@
'data': { 'sgx-epc': ['SgxEPC'] }
}
+##
+# @SgxEPCDeviceInfo:
+#
+# Sgx EPC state information
+#
+# @id: device's ID
+#
+# @memaddr: physical address in memory, where device is mapped
+#
+# @size: size of memory that the device provides
+#
+# @memdev: memory backend linked with device
+#
+# Since: 6.1
+##
+{ 'struct': 'SgxEPCDeviceInfo',
+ 'data': { '*id': 'str',
+ 'memaddr': 'size',
+ 'size': 'size',
+ 'memdev': 'str'
+ }
+}
+
##
# @MemoryDeviceInfo:
#
@@ -1234,7 +1257,8 @@
'data': { 'dimm': 'PCDIMMDeviceInfo',
'nvdimm': 'PCDIMMDeviceInfo',
'virtio-pmem': 'VirtioPMEMDeviceInfo',
- 'virtio-mem': 'VirtioMEMDeviceInfo'
+ 'virtio-mem': 'VirtioMEMDeviceInfo',
+ 'sgx-epc': 'SgxEPCDeviceInfo'
}
}
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 37/43] docs: standardize book titles to === with overline
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (35 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 36/43] sgx-epc: Add the fill_device_info() callback support Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 38/43] docs: standardize directory index to --- " Paolo Bonzini
` (7 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Peter Maydell
Documents within a Sphinx manual are separate files and therefore can use
different conventions for headings. However, keeping some consistency is
useful so that included files are easy to get right.
This patch uses a standard heading format for book titles, so that it is
obvious when a file sits at the top level toctree of a book or man page.
The heading is irrelevant for man pages, but keep it consistent as well.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
docs/index.rst | 1 +
docs/system/qemu-block-drivers.rst | 1 +
docs/system/qemu-cpu-models.rst | 1 +
docs/system/qemu-manpage.rst | 5 +++--
docs/tools/qemu-img.rst | 1 +
docs/tools/qemu-nbd.rst | 1 +
docs/tools/qemu-pr-helper.rst | 1 +
docs/tools/qemu-storage-daemon.rst | 1 +
docs/tools/qemu-trace-stap.rst | 1 +
9 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/docs/index.rst b/docs/index.rst
index 5f7eaaa632..0b9ee9901d 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -3,6 +3,7 @@
You can adapt this file completely to your liking, but it should at least
contain the root `toctree` directive.
+================================
Welcome to QEMU's documentation!
================================
diff --git a/docs/system/qemu-block-drivers.rst b/docs/system/qemu-block-drivers.rst
index bd99d4fa8e..eb276481d6 100644
--- a/docs/system/qemu-block-drivers.rst
+++ b/docs/system/qemu-block-drivers.rst
@@ -1,5 +1,6 @@
:orphan:
+============================
QEMU block drivers reference
============================
diff --git a/docs/system/qemu-cpu-models.rst b/docs/system/qemu-cpu-models.rst
index 53d7538c47..8c51e2bf49 100644
--- a/docs/system/qemu-cpu-models.rst
+++ b/docs/system/qemu-cpu-models.rst
@@ -1,5 +1,6 @@
:orphan:
+==================================
QEMU / KVM CPU model configuration
==================================
diff --git a/docs/system/qemu-manpage.rst b/docs/system/qemu-manpage.rst
index e9a25d0680..d6f44e265b 100644
--- a/docs/system/qemu-manpage.rst
+++ b/docs/system/qemu-manpage.rst
@@ -6,8 +6,9 @@
parts of the documentation that go in the manpage as well as the
HTML manual.
-Title
-=====
+=======================
+QEMU User Documentation
+=======================
Synopsis
--------
diff --git a/docs/tools/qemu-img.rst b/docs/tools/qemu-img.rst
index b7d602a288..fe6c30d509 100644
--- a/docs/tools/qemu-img.rst
+++ b/docs/tools/qemu-img.rst
@@ -1,3 +1,4 @@
+=======================
QEMU disk image utility
=======================
diff --git a/docs/tools/qemu-nbd.rst b/docs/tools/qemu-nbd.rst
index ee862fa0bc..e39a9f4b1a 100644
--- a/docs/tools/qemu-nbd.rst
+++ b/docs/tools/qemu-nbd.rst
@@ -1,3 +1,4 @@
+=====================================
QEMU Disk Network Block Device Server
=====================================
diff --git a/docs/tools/qemu-pr-helper.rst b/docs/tools/qemu-pr-helper.rst
index ac036180ac..eaebe40da0 100644
--- a/docs/tools/qemu-pr-helper.rst
+++ b/docs/tools/qemu-pr-helper.rst
@@ -1,3 +1,4 @@
+==================================
QEMU persistent reservation helper
==================================
diff --git a/docs/tools/qemu-storage-daemon.rst b/docs/tools/qemu-storage-daemon.rst
index 3ec4bdd914..b8ef4486f1 100644
--- a/docs/tools/qemu-storage-daemon.rst
+++ b/docs/tools/qemu-storage-daemon.rst
@@ -1,3 +1,4 @@
+===================
QEMU Storage Daemon
===================
diff --git a/docs/tools/qemu-trace-stap.rst b/docs/tools/qemu-trace-stap.rst
index fb70445c75..d53073b52b 100644
--- a/docs/tools/qemu-trace-stap.rst
+++ b/docs/tools/qemu-trace-stap.rst
@@ -1,3 +1,4 @@
+=========================
QEMU SystemTap trace tool
=========================
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 38/43] docs: standardize directory index to --- with overline
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (36 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 37/43] docs: standardize book titles to === with overline Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 39/43] docs/system: standardize man page sections " Paolo Bonzini
` (6 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Peter Maydell
Use a standard heading format for the index.rst file in a directory.
Using overlines makes it clear that individual documents can use e.g.
=== for chapter titles and --- for section titles, as suggested in the
Linux kernel guidelines[1]. They could do it anyway, because documents
included in a toctree are parsed separately and therefore are not tied
to the same conventions for headings. However, keeping some consistency is
useful since sometimes files are included from multiple places.
[1] https://www.kernel.org/doc/html/latest/doc-guide/sphinx.html
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
docs/about/index.rst | 3 ++-
docs/devel/index.rst | 3 ++-
docs/interop/index.rst | 3 ++-
docs/specs/index.rst | 3 ++-
docs/system/index.rst | 3 ++-
docs/tools/index.rst | 3 ++-
docs/user/index.rst | 3 ++-
7 files changed, 14 insertions(+), 7 deletions(-)
diff --git a/docs/about/index.rst b/docs/about/index.rst
index beb762aa0a..5bea653c07 100644
--- a/docs/about/index.rst
+++ b/docs/about/index.rst
@@ -1,5 +1,6 @@
+----------
About QEMU
-==========
+----------
QEMU is a generic and open source machine emulator and virtualizer.
diff --git a/docs/devel/index.rst b/docs/devel/index.rst
index 5522db7241..f95df10b3e 100644
--- a/docs/devel/index.rst
+++ b/docs/devel/index.rst
@@ -1,5 +1,6 @@
+---------------------
Developer Information
-=====================
+---------------------
This section of the manual documents various parts of the internals of QEMU.
You only need to read it if you are interested in reading or
diff --git a/docs/interop/index.rst b/docs/interop/index.rst
index f9801a9c20..47b9ed82bb 100644
--- a/docs/interop/index.rst
+++ b/docs/interop/index.rst
@@ -1,5 +1,6 @@
+------------------------------------------------
System Emulation Management and Interoperability
-================================================
+------------------------------------------------
This section of the manual contains documents and specifications that
are useful for making QEMU interoperate with other software.
diff --git a/docs/specs/index.rst b/docs/specs/index.rst
index 65e9663916..ecc43896bb 100644
--- a/docs/specs/index.rst
+++ b/docs/specs/index.rst
@@ -1,5 +1,6 @@
+----------------------------------------------
System Emulation Guest Hardware Specifications
-==============================================
+----------------------------------------------
This section of the manual contains specifications of
guest hardware that is specific to QEMU.
diff --git a/docs/system/index.rst b/docs/system/index.rst
index 7b9276c05f..73bbedbc22 100644
--- a/docs/system/index.rst
+++ b/docs/system/index.rst
@@ -1,5 +1,6 @@
+----------------
System Emulation
-================
+----------------
This section of the manual is the overall guide for users using QEMU
for full system emulation (as opposed to user-mode emulation).
diff --git a/docs/tools/index.rst b/docs/tools/index.rst
index ef6041a490..1edd5a8054 100644
--- a/docs/tools/index.rst
+++ b/docs/tools/index.rst
@@ -1,5 +1,6 @@
+-----
Tools
-=====
+-----
This section of the manual documents QEMU's "tools": its
command line utilities and other standalone programs.
diff --git a/docs/user/index.rst b/docs/user/index.rst
index 9faa4badd7..2c4e29f3db 100644
--- a/docs/user/index.rst
+++ b/docs/user/index.rst
@@ -1,5 +1,6 @@
+-------------------
User Mode Emulation
-===================
+-------------------
This section of the manual is the overall guide for users using QEMU
for user-mode emulation. In this mode, QEMU can launch
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 39/43] docs/system: standardize man page sections to --- with overline
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (37 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 38/43] docs: standardize directory index to --- " Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 40/43] docs/system: move x86 CPU configuration to a separate document Paolo Bonzini
` (5 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Peter Maydell
Man pages in docs/system use file inclusion heavily. Use headings with
overlines in the main files, so that the same included file work well
from both manuals and man pages.
This style of heading is a bit more heavy-weight, so it is not used by
the other man pages in interop/ and tools/. If in the future they
are changed to use include files, for example to avoid having sections
named "synopsis" or "description", they can switch to --- with overline
as well.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
docs/system/qemu-block-drivers.rst | 3 +++
docs/system/qemu-cpu-models.rst | 9 ++++++---
docs/system/qemu-manpage.rst | 5 +++++
3 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/docs/system/qemu-block-drivers.rst b/docs/system/qemu-block-drivers.rst
index eb276481d6..c2c0114cec 100644
--- a/docs/system/qemu-block-drivers.rst
+++ b/docs/system/qemu-block-drivers.rst
@@ -4,16 +4,19 @@
QEMU block drivers reference
============================
+--------
Synopsis
--------
QEMU block driver reference manual
+-----------
Description
-----------
.. include:: qemu-block-drivers.rst.inc
+--------
See also
--------
diff --git a/docs/system/qemu-cpu-models.rst b/docs/system/qemu-cpu-models.rst
index 8c51e2bf49..5cf6e46f8a 100644
--- a/docs/system/qemu-cpu-models.rst
+++ b/docs/system/qemu-cpu-models.rst
@@ -4,18 +4,21 @@
QEMU / KVM CPU model configuration
==================================
+--------
Synopsis
-''''''''
+--------
QEMU CPU Modelling Infrastructure manual
+-----------
Description
-'''''''''''
+-----------
.. include:: cpu-models-x86.rst.inc
.. include:: cpu-models-mips.rst.inc
+--------
See also
-''''''''
+--------
The HTML documentation of QEMU for more precise information and Linux user mode emulator invocation.
diff --git a/docs/system/qemu-manpage.rst b/docs/system/qemu-manpage.rst
index d6f44e265b..c47a412758 100644
--- a/docs/system/qemu-manpage.rst
+++ b/docs/system/qemu-manpage.rst
@@ -10,6 +10,7 @@
QEMU User Documentation
=======================
+--------
Synopsis
--------
@@ -17,11 +18,13 @@ Synopsis
|qemu_system| [options] [disk_image]
+-----------
Description
-----------
.. include:: target-i386-desc.rst.inc
+-------
Options
-------
@@ -34,11 +37,13 @@ not need a disk image.
.. include:: mux-chardev.rst.inc
+-----
Notes
-----
.. include:: device-url-syntax.rst.inc
+--------
See also
--------
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 40/43] docs/system: move x86 CPU configuration to a separate document
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (38 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 39/43] docs/system: standardize man page sections " Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 41/43] docs/system: Add SGX documentation to the system manual Paolo Bonzini
` (4 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Peter Maydell
Currently, cpu-models-x86.rst.inc is included in target-i386.rst directly.
To make the toctree more homogeneous when adding more documentation,
include it through a first-class .rst file.
Together with the previous changes to the man page skeletons, this also
frees "===" for the headings, so that cpu-models-x86.rst.inc need not
assume anything about the headings used by target-i386.rst.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
docs/system/cpu-models-x86.rst.inc | 4 ++--
docs/system/i386/cpu.rst | 1 +
docs/system/target-i386.rst | 8 +++++++-
3 files changed, 10 insertions(+), 3 deletions(-)
create mode 100644 docs/system/i386/cpu.rst
diff --git a/docs/system/cpu-models-x86.rst.inc b/docs/system/cpu-models-x86.rst.inc
index 9119f5dff5..6e8be7d79b 100644
--- a/docs/system/cpu-models-x86.rst.inc
+++ b/docs/system/cpu-models-x86.rst.inc
@@ -1,5 +1,5 @@
Recommendations for KVM CPU model configuration on x86 hosts
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+============================================================
The information that follows provides recommendations for configuring
CPU models on x86 hosts. The goals are to maximise performance, while
@@ -368,7 +368,7 @@ featureset, which prevents guests having optimal performance.
Syntax for configuring CPU models
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+=================================
The examples below illustrate the approach to configuring the various
CPU models / features in QEMU and libvirt.
diff --git a/docs/system/i386/cpu.rst b/docs/system/i386/cpu.rst
new file mode 100644
index 0000000000..738719da9a
--- /dev/null
+++ b/docs/system/i386/cpu.rst
@@ -0,0 +1 @@
+.. include:: ../cpu-models-x86.rst.inc
diff --git a/docs/system/target-i386.rst b/docs/system/target-i386.rst
index 22ba5ce2c0..c9720a8cd1 100644
--- a/docs/system/target-i386.rst
+++ b/docs/system/target-i386.rst
@@ -19,7 +19,13 @@ Board-specific documentation
i386/microvm
i386/pc
-.. include:: cpu-models-x86.rst.inc
+Architectural features
+~~~~~~~~~~~~~~~~~~~~~~
+
+.. toctree::
+ :maxdepth: 1
+
+ i386/cpu
.. _pcsys_005freq:
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 41/43] docs/system: Add SGX documentation to the system manual
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (39 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 40/43] docs/system: move x86 CPU configuration to a separate document Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 42/43] meson.build: Do not look for VNC-related libraries if have_system is not set Paolo Bonzini
` (3 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel; +Cc: Yang Zhong, Sean Christopherson
From: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-34-yang.zhong@intel.com>
[Convert to reStructuredText, and adopt the standard === --- ~~~ headings
suggested for example by Linux. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
docs/system/i386/sgx.rst | 165 ++++++++++++++++++++++++++++++++++++
docs/system/target-i386.rst | 1 +
2 files changed, 166 insertions(+)
create mode 100644 docs/system/i386/sgx.rst
diff --git a/docs/system/i386/sgx.rst b/docs/system/i386/sgx.rst
new file mode 100644
index 0000000000..f103ae2a2f
--- /dev/null
+++ b/docs/system/i386/sgx.rst
@@ -0,0 +1,165 @@
+Software Guard eXtensions (SGX)
+===============================
+
+Overview
+--------
+
+Intel Software Guard eXtensions (SGX) is a set of instructions and mechanisms
+for memory accesses in order to provide security accesses for sensitive
+applications and data. SGX allows an application to use it's pariticular
+address space as an *enclave*, which is a protected area provides confidentiality
+and integrity even in the presence of privileged malware. Accesses to the
+enclave memory area from any software not resident in the enclave are prevented,
+including those from privileged software.
+
+Virtual SGX
+-----------
+
+SGX feature is exposed to guest via SGX CPUID. Looking at SGX CPUID, we can
+report the same CPUID info to guest as on host for most of SGX CPUID. With
+reporting the same CPUID guest is able to use full capacity of SGX, and KVM
+doesn't need to emulate those info.
+
+The guest's EPC base and size are determined by Qemu, and KVM needs Qemu to
+notify such info to it before it can initialize SGX for guest.
+
+Virtual EPC
+~~~~~~~~~~~
+
+By default, Qemu does not assign EPC to a VM, i.e. fully enabling SGX in a VM
+requires explicit allocation of EPC to the VM. Similar to other specialized
+memory types, e.g. hugetlbfs, EPC is exposed as a memory backend.
+
+SGX EPC is enumerated through CPUID, i.e. EPC "devices" need to be realized
+prior to realizing the vCPUs themselves, which occurs long before generic
+devices are parsed and realized. This limitation means that EPC does not
+require -maxmem as EPC is not treated as {cold,hot}plugged memory.
+
+Qemu does not artificially restrict the number of EPC sections exposed to a
+guest, e.g. Qemu will happily allow you to create 64 1M EPC sections. Be aware
+that some kernels may not recognize all EPC sections, e.g. the Linux SGX driver
+is hardwired to support only 8 EPC sections.
+
+The following Qemu snippet creates two EPC sections, with 64M pre-allocated
+to the VM and an additional 28M mapped but not allocated::
+
+ -object memory-backend-epc,id=mem1,size=64M,prealloc=on \
+ -object memory-backend-epc,id=mem2,size=28M \
+ -M sgx-epc.0.memdev=mem1,sgx-epc.1.memdev=mem2
+
+Note:
+
+The size and location of the virtual EPC are far less restricted compared
+to physical EPC. Because physical EPC is protected via range registers,
+the size of the physical EPC must be a power of two (though software sees
+a subset of the full EPC, e.g. 92M or 128M) and the EPC must be naturally
+aligned. KVM SGX's virtual EPC is purely a software construct and only
+requires the size and location to be page aligned. Qemu enforces the EPC
+size is a multiple of 4k and will ensure the base of the EPC is 4k aligned.
+To simplify the implementation, EPC is always located above 4g in the guest
+physical address space.
+
+Migration
+~~~~~~~~~
+
+Qemu/KVM doesn't prevent live migrating SGX VMs, although from hardware's
+perspective, SGX doesn't support live migration, since both EPC and the SGX
+key hierarchy are bound to the physical platform. However live migration
+can be supported in the sense if guest software stack can support recreating
+enclaves when it suffers sudden lose of EPC; and if guest enclaves can detect
+SGX keys being changed, and handle gracefully. For instance, when ERESUME fails
+with #PF.SGX, guest software can gracefully detect it and recreate enclaves;
+and when enclave fails to unseal sensitive information from outside, it can
+detect such error and sensitive information can be provisioned to it again.
+
+CPUID
+~~~~~
+
+Due to its myriad dependencies, SGX is currently not listed as supported
+in any of Qemu's built-in CPU configuration. To expose SGX (and SGX Launch
+Control) to a guest, you must either use `-cpu host` to pass-through the
+host CPU model, or explicitly enable SGX when using a built-in CPU model,
+e.g. via `-cpu <model>,+sgx` or `-cpu <model>,+sgx,+sgxlc`.
+
+All SGX sub-features enumerated through CPUID, e.g. SGX2, MISCSELECT,
+ATTRIBUTES, etc... can be restricted via CPUID flags. Be aware that enforcing
+restriction of MISCSELECT, ATTRIBUTES and XFRM requires intercepting ECREATE,
+i.e. may marginally reduce SGX performance in the guest. All SGX sub-features
+controlled via -cpu are prefixed with "sgx", e.g.::
+
+ $ qemu-system-x86_64 -cpu help | xargs printf "%s\n" | grep sgx
+ sgx
+ sgx-debug
+ sgx-encls-c
+ sgx-enclv
+ sgx-exinfo
+ sgx-kss
+ sgx-mode64
+ sgx-provisionkey
+ sgx-tokenkey
+ sgx1
+ sgx2
+ sgxlc
+
+The following Qemu snippet passes through the host CPU but restricts access to
+the provision and EINIT token keys::
+
+ -cpu host,-sgx-provisionkey,-sgx-tokenkey
+
+SGX sub-features cannot be emulated, i.e. sub-features that are not present
+in hardware cannot be forced on via '-cpu'.
+
+Virtualize SGX Launch Control
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Qemu SGX support for Launch Control (LC) is passive, in the sense that it
+does not actively change the LC configuration. Qemu SGX provides the user
+the ability to set/clear the CPUID flag (and by extension the associated
+IA32_FEATURE_CONTROL MSR bit in fw_cfg) and saves/restores the LE Hash MSRs
+when getting/putting guest state, but Qemu does not add new controls to
+directly modify the LC configuration. Similar to hardware behavior, locking
+the LC configuration to a non-Intel value is left to guest firmware. Unlike
+host bios setting for SGX launch control(LC), there is no special bios setting
+for SGX guest by our design. If host is in locked mode, we can still allow
+creating VM with SGX.
+
+Feature Control
+~~~~~~~~~~~~~~~
+
+Qemu SGX updates the `etc/msr_feature_control` fw_cfg entry to set the SGX
+(bit 18) and SGX LC (bit 17) flags based on their respective CPUID support,
+i.e. existing guest firmware will automatically set SGX and SGX LC accordingly,
+assuming said firmware supports fw_cfg.msr_feature_control.
+
+Launching a guest
+-----------------
+
+To launch a SGX guest:
+
+.. parsed-literal::
+
+ |qemu_system_x86| \\
+ -cpu host,+sgx-provisionkey \\
+ -object memory-backend-epc,id=mem1,size=64M,prealloc=on \\
+ -object memory-backend-epc,id=mem2,size=28M \\
+ -M sgx-epc.0.memdev=mem1,sgx-epc.1.memdev=mem2
+
+Utilizing SGX in the guest requires a kernel/OS with SGX support.
+The support can be determined in guest by::
+
+ $ grep sgx /proc/cpuinfo
+
+and SGX epc info by::
+
+ $ dmesg | grep sgx
+ [ 1.242142] sgx: EPC section 0x180000000-0x181bfffff
+ [ 1.242319] sgx: EPC section 0x181c00000-0x1837fffff
+
+References
+----------
+
+- `SGX Homepage <https://software.intel.com/sgx>`__
+
+- `SGX SDK <https://github.com/intel/linux-sgx.git>`__
+
+- SGX specification: Intel SDM Volume 3
diff --git a/docs/system/target-i386.rst b/docs/system/target-i386.rst
index c9720a8cd1..6a86d63863 100644
--- a/docs/system/target-i386.rst
+++ b/docs/system/target-i386.rst
@@ -26,6 +26,7 @@ Architectural features
:maxdepth: 1
i386/cpu
+ i386/sgx
.. _pcsys_005freq:
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 42/43] meson.build: Do not look for VNC-related libraries if have_system is not set
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (40 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 41/43] docs/system: Add SGX documentation to the system manual Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 43/43] ebpf: only include in system emulators Paolo Bonzini
` (2 subsequent siblings)
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel
Cc: Philippe Mathieu-Daudé, Thomas Huth, Daniel P . Berrangé
From: Thomas Huth <thuth@redhat.com>
When running "./configure --static --disable-system" there is currently
a warning if the static version of libpng is missing:
WARNING: Static library 'png16' not found for dependency 'libpng', may not
be statically linked
Since it does not make sense to look for the VNC-related libraries at all
when we're building without system emulator binaries, let's add a check
for have_system here to silence this warning.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210906153939.165567-1-thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meson.build b/meson.build
index 7e58e6279b..f07236d947 100644
--- a/meson.build
+++ b/meson.build
@@ -931,7 +931,7 @@ vnc = not_found
png = not_found
jpeg = not_found
sasl = not_found
-if not get_option('vnc').disabled()
+if have_system and not get_option('vnc').disabled()
vnc = declare_dependency() # dummy dependency
png = dependency('libpng', required: get_option('vnc_png'),
method: 'pkg-config', kwargs: static_kwargs)
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* [PULL v4 43/43] ebpf: only include in system emulators
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (41 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 42/43] meson.build: Do not look for VNC-related libraries if have_system is not set Paolo Bonzini
@ 2021-09-08 10:04 ` Paolo Bonzini
2021-09-09 13:25 ` [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Peter Maydell
2021-09-11 12:59 ` Peter Maydell
44 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-08 10:04 UTC (permalink / raw)
To: qemu-devel
eBPF files are being included in user emulators. That is useless, and
it also breaks --disable-system compilation because ebpf/trace-events is
only processed if a system emulator is included in the build.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/566
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
ebpf/meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ebpf/meson.build b/ebpf/meson.build
index 9cd0635370..2dd0fd8948 100644
--- a/ebpf/meson.build
+++ b/ebpf/meson.build
@@ -1 +1 @@
-common_ss.add(when: libbpf, if_true: files('ebpf_rss.c'), if_false: files('ebpf_rss-stub.c'))
+softmmu_ss.add(when: libbpf, if_true: files('ebpf_rss.c'), if_false: files('ebpf_rss-stub.c'))
--
2.31.1
^ permalink raw reply related [flat|nested] 55+ messages in thread
* Re: [PULL v4 11/43] qom: Add memory-backend-epc ObjectOptions support
2021-09-08 10:03 ` [PULL v4 11/43] qom: Add memory-backend-epc ObjectOptions support Paolo Bonzini
@ 2021-09-08 14:51 ` Eric Blake
0 siblings, 0 replies; 55+ messages in thread
From: Eric Blake @ 2021-09-08 14:51 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: Yang Zhong, qemu-devel
On Wed, Sep 08, 2021 at 12:03:54PM +0200, Paolo Bonzini wrote:
> From: Yang Zhong <yang.zhong@intel.com>
>
> Add the new 'memory-backend-epc' user creatable QOM object in
> the ObjectOptions to support SGX since v6.1, or the sgx backend
> object cannot bootup.
>
> Signed-off-by: Yang Zhong <yang.zhong@intel.com>
>
> v1-->v2:
> - Added the new MemoryBackendEpcProperties and related documents,
> and updated the blurb(Eric Blake).
A bit odd to see this in the pull request, but probably too late to
worry about it now unless there is another reason to respin it.
(Generally, patch version information should be...
> Message-Id: <20210719112136.57018-4-yang.zhong@intel.com>
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
...here, after the --- separator, so that 'git am' will drop it).
> qapi/qom.json | 19 +++++++++++++++++++
> 1 file changed, 19 insertions(+)
>
> diff --git a/qapi/qom.json b/qapi/qom.json
> index a25616bc7a..16ba30e5b9 100644
> --- a/qapi/qom.json
> +++ b/qapi/qom.json
> @@ -647,6 +647,23 @@
> '*hugetlbsize': 'size',
> '*seal': 'bool' } }
>
> +##
> +# @MemoryBackendEpcProperties:
> +#
> +# Properties for memory-backend-epc objects.
> +#
> +# The @share boolean option is true by default with epc
> +#
> +# The @merge boolean option is false by default with epc
> +#
> +# The @dump boolean option is false by default with epc
> +#
> +# Since: 6.1
Unless there's a reason to respin the pull request, we'll need a
followup patch to bump this to 6.2.
> +##
> +{ 'struct': 'MemoryBackendEpcProperties',
> + 'base': 'MemoryBackendProperties',
> + 'data': {} }
> +
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
^ permalink raw reply [flat|nested] 55+ messages in thread
* Re: [PULL v4 13/43] vl: Add sgx compound properties to expose SGX EPC sections to guest
2021-09-08 10:03 ` [PULL v4 13/43] vl: Add sgx compound properties to expose SGX " Paolo Bonzini
@ 2021-09-08 14:52 ` Eric Blake
2021-09-09 3:01 ` Yang Zhong
0 siblings, 1 reply; 55+ messages in thread
From: Eric Blake @ 2021-09-08 14:52 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: Yang Zhong, qemu-devel, Sean Christopherson
On Wed, Sep 08, 2021 at 12:03:56PM +0200, Paolo Bonzini wrote:
> From: Sean Christopherson <sean.j.christopherson@intel.com>
>
> Because SGX EPC is enumerated through CPUID, EPC "devices" need to be
> realized prior to realizing the vCPUs themselves, i.e. long before
> generic devices are parsed and realized. From a virtualization
> perspective, the CPUID aspect also means that EPC sections cannot be
> hotplugged without paravirtualizing the guest kernel (hardware does
> not support hotplugging as EPC sections must be locked down during
> pre-boot to provide EPC's security properties).
>
> qapi/machine.json | 26 +++++++++++++++
> qemu-options.hx | 10 ++++--
> 9 files changed, 166 insertions(+), 8 deletions(-)
> create mode 100644 hw/i386/sgx.c
...
> +++ b/qapi/machine.json
> @@ -1194,6 +1194,32 @@
> }
> }
>
> +##
> +# @SgxEPC:
> +#
> +# Sgx EPC cmdline information
> +#
> +# @memdev: memory backend linked with device
> +#
> +# Since: 6.1
Another instance where we'll want the followup patch to correct things
to 6.2.
> +##
> +{ 'struct': 'SgxEPC',
> + 'data': { 'memdev': 'str' }
> +}
> +
> +##
> +# @SgxEPCProperties:
> +#
> +# Properties for SgxEPC objects.
> +#
> +# @sgx-epc: sgx epc section properties.
> +#
> +# Since: 6.1
> +##
> +{ 'struct': 'SgxEPCProperties',
> + 'data': { 'sgx-epc': ['SgxEPC'] }
> +}
> +
> ##
> # @MemoryDeviceInfo:
> #
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 8f603cc7e6..ceca52818a 100644
> --- a/qemu-options.hx
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
^ permalink raw reply [flat|nested] 55+ messages in thread
* Re: [PULL v4 36/43] sgx-epc: Add the fill_device_info() callback support
2021-09-08 10:04 ` [PULL v4 36/43] sgx-epc: Add the fill_device_info() callback support Paolo Bonzini
@ 2021-09-08 14:54 ` Eric Blake
0 siblings, 0 replies; 55+ messages in thread
From: Eric Blake @ 2021-09-08 14:54 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: Yang Zhong, qemu-devel
On Wed, Sep 08, 2021 at 12:04:19PM +0200, Paolo Bonzini wrote:
> From: Yang Zhong <yang.zhong@intel.com>
>
> Since there is no fill_device_info() callback support, and when we
> execute "info memory-devices" command in the monitor, the segfault
> will be found.
>
> This patch will add this callback support and "info memory-devices"
> will show sgx epc memory exposed to guest. The result as below:
>
> +++ b/qapi/machine.json
> @@ -1220,6 +1220,29 @@
> 'data': { 'sgx-epc': ['SgxEPC'] }
> }
>
> +##
> +# @SgxEPCDeviceInfo:
> +#
> +# Sgx EPC state information
> +#
> +# @id: device's ID
> +#
> +# @memaddr: physical address in memory, where device is mapped
> +#
> +# @size: size of memory that the device provides
> +#
> +# @memdev: memory backend linked with device
> +#
> +# Since: 6.1
And another spot for a followup patch for 6.2 designation.
> +##
> +{ 'struct': 'SgxEPCDeviceInfo',
> + 'data': { '*id': 'str',
> + 'memaddr': 'size',
> + 'size': 'size',
> + 'memdev': 'str'
> + }
> +}
> +
> ##
> # @MemoryDeviceInfo:
> #
> @@ -1234,7 +1257,8 @@
> 'data': { 'dimm': 'PCDIMMDeviceInfo',
> 'nvdimm': 'PCDIMMDeviceInfo',
> 'virtio-pmem': 'VirtioPMEMDeviceInfo',
> - 'virtio-mem': 'VirtioMEMDeviceInfo'
> + 'virtio-mem': 'VirtioMEMDeviceInfo',
> + 'sgx-epc': 'SgxEPCDeviceInfo'
> }
> }
>
> --
> 2.31.1
>
>
>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
^ permalink raw reply [flat|nested] 55+ messages in thread
* Re: [PULL v4 13/43] vl: Add sgx compound properties to expose SGX EPC sections to guest
2021-09-08 14:52 ` Eric Blake
@ 2021-09-09 3:01 ` Yang Zhong
0 siblings, 0 replies; 55+ messages in thread
From: Yang Zhong @ 2021-09-09 3:01 UTC (permalink / raw)
To: Eric Blake; +Cc: yang.zhong, pbonzini, qemu-devel, seanjc
On Wed, Sep 08, 2021 at 09:52:40AM -0500, Eric Blake wrote:
> On Wed, Sep 08, 2021 at 12:03:56PM +0200, Paolo Bonzini wrote:
> > From: Sean Christopherson <sean.j.christopherson@intel.com>
> >
> > Because SGX EPC is enumerated through CPUID, EPC "devices" need to be
> > realized prior to realizing the vCPUs themselves, i.e. long before
> > generic devices are parsed and realized. From a virtualization
> > perspective, the CPUID aspect also means that EPC sections cannot be
> > hotplugged without paravirtualizing the guest kernel (hardware does
> > not support hotplugging as EPC sections must be locked down during
> > pre-boot to provide EPC's security properties).
> >
>
> > qapi/machine.json | 26 +++++++++++++++
> > qemu-options.hx | 10 ++++--
> > 9 files changed, 166 insertions(+), 8 deletions(-)
> > create mode 100644 hw/i386/sgx.c
> ...
> > +++ b/qapi/machine.json
> > @@ -1194,6 +1194,32 @@
> > }
> > }
> >
> > +##
> > +# @SgxEPC:
> > +#
> > +# Sgx EPC cmdline information
> > +#
> > +# @memdev: memory backend linked with device
> > +#
> > +# Since: 6.1
>
> Another instance where we'll want the followup patch to correct things
> to 6.2.
>
Eric, i will cleanup this in the next version of https://patchew.org/QEMU/20210908081937.77254-1-yang.zhong@intel.com/.
There is one special patch to do pure cleanup based on this PULL. thanks!
Yang
^ permalink raw reply [flat|nested] 55+ messages in thread
* Re: [PULL v4 21/43] i386: Update SGX CPUID info according to hardware/KVM/user input
2021-09-08 10:04 ` [PULL v4 21/43] i386: Update SGX CPUID info according to hardware/KVM/user input Paolo Bonzini
@ 2021-09-09 13:09 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 55+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-09-09 13:09 UTC (permalink / raw)
To: qemu-devel, Yang Zhong; +Cc: Paolo Bonzini, Sean Christopherson
On 9/8/21 12:04 PM, Paolo Bonzini wrote:
> From: Sean Christopherson <sean.j.christopherson@intel.com>
>
> Expose SGX to the guest if and only if KVM is enabled and supports
> virtualization of SGX. While the majority of ENCLS can be emulated to
> some degree, because SGX uses a hardware-based root of trust, the
> attestation aspects of SGX cannot be emulated in software, i.e.
> ultimately emulation will fail as software cannot generate a valid
> quote/report. The complexity of partially emulating SGX in Qemu far
> outweighs the value added, e.g. an SGX specific simulator for userspace
> applications can emulate SGX for development and testing purposes.
>
> Note, access to the PROVISIONKEY is not yet advertised to the guest as
> KVM blocks access to the PROVISIONKEY by default and requires userspace
> to provide additional credentials (via ioctl()) to expose PROVISIONKEY.
>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
> Signed-off-by: Yang Zhong <yang.zhong@intel.com>
'---' separator goes here.
>
> v3-->v4:
> - Replaced g_malloc0() with directly ....
> Message-Id: <20210719112136.57018-13-yang.zhong@intel.com>
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> hw/i386/sgx.c | 17 +++++++++
> include/hw/i386/sgx-epc.h | 2 +
> target/i386/cpu.c | 77 +++++++++++++++++++++++++++++++++++++++
> 3 files changed, 96 insertions(+)
>
> diff --git a/hw/i386/sgx.c b/hw/i386/sgx.c
> index e77deb0b00..5f988c6368 100644
> --- a/hw/i386/sgx.c
> +++ b/hw/i386/sgx.c
> @@ -18,6 +18,23 @@
> #include "qapi/error.h"
> #include "exec/address-spaces.h"
>
> +int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size)
> +{
> + PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
> + SGXEPCDevice *epc;
> +
> + if (pcms->sgx_epc.size == 0 || pcms->sgx_epc.nr_sections <= section_nr) {
> + return 1;
> + }
> +
> + epc = pcms->sgx_epc.sections[section_nr];
> +
> + *addr = epc->addr;
> + *size = memory_device_get_region_size(MEMORY_DEVICE(epc), &error_fatal);
> +
> + return 0;
Undocumented, but IIUC this return a boolean.
> +}
> +
> static int sgx_epc_set_property(void *opaque, const char *name,
> const char *value, Error **errp)
> {
> diff --git a/include/hw/i386/sgx-epc.h b/include/hw/i386/sgx-epc.h
> index 2b2490892b..f85fd2a4ca 100644
> --- a/include/hw/i386/sgx-epc.h
> +++ b/include/hw/i386/sgx-epc.h
> @@ -55,4 +55,6 @@ typedef struct SGXEPCState {
> int nr_sections;
> } SGXEPCState;
>
> +int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size);
bool.
> +
> #endif
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 59cb2c2d03..38cf507199 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -36,6 +36,7 @@
> #ifndef CONFIG_USER_ONLY
> #include "exec/address-spaces.h"
> #include "hw/boards.h"
> +#include "hw/i386/sgx-epc.h"
> #endif
>
> #include "disas/capstone.h"
> @@ -5334,6 +5335,25 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
> *ecx |= CPUID_7_0_ECX_OSPKE;
> }
> *edx = env->features[FEAT_7_0_EDX]; /* Feature flags */
> +
> + /*
> + * SGX cannot be emulated in software. If hardware does not
> + * support enabling SGX and/or SGX flexible launch control,
> + * then we need to update the VM's CPUID values accordingly.
> + */
> + if ((*ebx & CPUID_7_0_EBX_SGX) &&
> + (!kvm_enabled() ||
> + !(kvm_arch_get_supported_cpuid(cs->kvm_state, 0x7, 0, R_EBX) &
> + CPUID_7_0_EBX_SGX))) {
> + *ebx &= ~CPUID_7_0_EBX_SGX;
> + }
> +
> + if ((*ecx & CPUID_7_0_ECX_SGX_LC) &&
> + (!(*ebx & CPUID_7_0_EBX_SGX) || !kvm_enabled() ||
> + !(kvm_arch_get_supported_cpuid(cs->kvm_state, 0x7, 0, R_ECX) &
> + CPUID_7_0_ECX_SGX_LC))) {
> + *ecx &= ~CPUID_7_0_ECX_SGX_LC;
> + }
> } else if (count == 1) {
> *eax = env->features[FEAT_7_1_EAX];
> *ebx = 0;
> @@ -5469,6 +5489,63 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
> }
> break;
> }
> + case 0x12:
> +#ifndef CONFIG_USER_ONLY
> + if (!kvm_enabled() ||
> + !(env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_SGX)) {
> + *eax = *ebx = *ecx = *edx = 0;
> + break;
> + }
> +
> + /*
> + * SGX sub-leafs CPUID.0x12.{0x2..N} enumerate EPC sections. Retrieve
> + * the EPC properties, e.g. confidentiality and integrity, from the
> + * host's first EPC section, i.e. assume there is one EPC section or
> + * that all EPC sections have the same security properties.
> + */
> + if (count > 1) {
> + uint64_t epc_addr, epc_size;
> +
> + if (sgx_epc_get_section(count - 2, &epc_addr, &epc_size)) {
Missing stub for when CONFIG_SGX=n:
bool sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size)
{
g_assert_not_reached();
}
^ permalink raw reply [flat|nested] 55+ messages in thread
* Re: [PULL v4 35/43] Kconfig: Add CONFIG_SGX support
2021-09-08 10:04 ` [PULL v4 35/43] Kconfig: Add CONFIG_SGX support Paolo Bonzini
@ 2021-09-09 13:16 ` Philippe Mathieu-Daudé
2021-09-09 13:33 ` Philippe Mathieu-Daudé
0 siblings, 1 reply; 55+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-09-09 13:16 UTC (permalink / raw)
To: qemu-devel, Yang Zhong; +Cc: Paolo Bonzini, Markus Armbruster
On 9/8/21 12:04 PM, Paolo Bonzini wrote:
> From: Yang Zhong <yang.zhong@intel.com>
>
> Add new CONFIG_SGX for sgx support in the Qemu, and the Kconfig
> default enable sgx in the i386 platform.
>
> Signed-off-by: Yang Zhong <yang.zhong@intel.com>
> Message-Id: <20210719112136.57018-32-yang.zhong@intel.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> backends/meson.build | 2 +-
> configs/devices/i386-softmmu/default.mak | 1 +
> hw/i386/Kconfig | 5 +++++
> hw/i386/meson.build | 4 ++--
> hw/i386/sgx-stub.c | 13 +++++++++++++
> 5 files changed, 22 insertions(+), 3 deletions(-)
> create mode 100644 hw/i386/sgx-stub.c
>
> diff --git a/backends/meson.build b/backends/meson.build
> index 46fd16b269..6e68945528 100644
> --- a/backends/meson.build
> +++ b/backends/meson.build
> @@ -16,6 +16,6 @@ softmmu_ss.add(when: ['CONFIG_VHOST_USER', 'CONFIG_VIRTIO'], if_true: files('vho
> softmmu_ss.add(when: 'CONFIG_VIRTIO_CRYPTO', if_true: files('cryptodev-vhost.c'))
> softmmu_ss.add(when: ['CONFIG_VIRTIO_CRYPTO', 'CONFIG_VHOST_CRYPTO'], if_true: files('cryptodev-vhost-user.c'))
> softmmu_ss.add(when: 'CONFIG_GIO', if_true: [files('dbus-vmstate.c'), gio])
> -softmmu_ss.add(when: 'CONFIG_LINUX', if_true: files('hostmem-epc.c'))
> +softmmu_ss.add(when: 'CONFIG_SGX', if_true: files('hostmem-epc.c'))
>
> subdir('tpm')
> diff --git a/configs/devices/i386-softmmu/default.mak b/configs/devices/i386-softmmu/default.mak
> index 84d1a2487c..598c6646df 100644
> --- a/configs/devices/i386-softmmu/default.mak
> +++ b/configs/devices/i386-softmmu/default.mak
> @@ -22,6 +22,7 @@
> #CONFIG_TPM_CRB=n
> #CONFIG_TPM_TIS_ISA=n
> #CONFIG_VTD=n
> +#CONFIG_SGX=n
>
> # Boards:
> #
> diff --git a/hw/i386/Kconfig b/hw/i386/Kconfig
> index ddedcef0b2..962d2c981b 100644
> --- a/hw/i386/Kconfig
> +++ b/hw/i386/Kconfig
> @@ -6,6 +6,10 @@ config SEV
> select X86_FW_OVMF
> depends on KVM
>
> +config SGX
> + bool
> + depends on KVM
> +
> config PC
> bool
> imply APPLESMC
> @@ -21,6 +25,7 @@ config PC
> imply PVPANIC_ISA
> imply QXL
> imply SEV
> + imply SGX
> imply SGA
> imply TEST_DEVICES
> imply TPM_CRB
> diff --git a/hw/i386/meson.build b/hw/i386/meson.build
> index fefce9e4ba..c502965219 100644
> --- a/hw/i386/meson.build
> +++ b/hw/i386/meson.build
> @@ -5,8 +5,6 @@ i386_ss.add(files(
> 'e820_memory_layout.c',
> 'multiboot.c',
> 'x86.c',
> - 'sgx-epc.c',
> - 'sgx.c'
> ))
>
> i386_ss.add(when: 'CONFIG_X86_IOMMU', if_true: files('x86-iommu.c'),
> @@ -18,6 +16,8 @@ i386_ss.add(when: 'CONFIG_Q35', if_true: files('pc_q35.c'))
> i386_ss.add(when: 'CONFIG_VMMOUSE', if_true: files('vmmouse.c'))
> i386_ss.add(when: 'CONFIG_VMPORT', if_true: files('vmport.c'))
> i386_ss.add(when: 'CONFIG_VTD', if_true: files('intel_iommu.c'))
> +i386_ss.add(when: 'CONFIG_SGX', if_true: files('sgx-epc.c','sgx.c'),
> + if_false: files('sgx-stub.c'))
>
> i386_ss.add(when: 'CONFIG_ACPI', if_true: files('acpi-common.c'))
> i386_ss.add(when: 'CONFIG_ACPI_HW_REDUCED', if_true: files('generic_event_device_x86.c'))
> diff --git a/hw/i386/sgx-stub.c b/hw/i386/sgx-stub.c
> new file mode 100644
> index 0000000000..edf17c3309
> --- /dev/null
> +++ b/hw/i386/sgx-stub.c
Ah, here comes the stub.
> @@ -0,0 +1,13 @@
> +#include "qemu/osdep.h"
> +#include "hw/i386/pc.h"
> +#include "hw/i386/sgx-epc.h"
> +
> +void pc_machine_init_sgx_epc(PCMachineState *pcms)
> +{
> + return;
Nack.
If an user tries to use sgx-epc.0.memdev=memid with a build with SGX
not built in, you silently ignore the security request and keep booting
the machine... Use something like:
error_report("Support for SGX EPC not built-in");
exit(EXIT_FAILURE);
Or better pass an Error* argument to pc_machine_init_sgx_epc() to
propagate the error.
> +}
> +
> +int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size)
> +{
> + return 1;
No, this code is unreachable:
g_assert_not_reached();
> +}
>
^ permalink raw reply [flat|nested] 55+ messages in thread
* Re: [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (42 preceding siblings ...)
2021-09-08 10:04 ` [PULL v4 43/43] ebpf: only include in system emulators Paolo Bonzini
@ 2021-09-09 13:25 ` Peter Maydell
2021-09-09 13:32 ` Philippe Mathieu-Daudé
2021-09-11 12:59 ` Peter Maydell
44 siblings, 1 reply; 55+ messages in thread
From: Peter Maydell @ 2021-09-09 13:25 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: QEMU Developers
On Wed, 8 Sept 2021 at 11:07, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> The following changes since commit f9128631fbeb40a55f7bc145397981c963d40909:
>
> Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/block-pull-request' into staging (2021-09-07 13:24:43 +0100)
>
> are available in the Git repository at:
>
> https://gitlab.com/bonzini/qemu.git tags/for-upstream
>
> for you to fetch changes up to 3b942628231462c56c883a6273cf137d2a382f8f:
>
> ebpf: only include in system emulators (2021-09-08 08:07:04 +0200)
>
> ----------------------------------------------------------------
> * SGX support (Sean, Yang)
> * vGIF and vVMLOAD/VMSAVE support (Lara)
> * Fix LA57 support in TCG (Daniel)
> * Avoid pointless warnings for static user-only compilation (Thomas)
> * Fix --disable-system compilation if libbpf is found
> * target-i386.rst restructuring
>
Philippe seems to have some review remarks on the SGX patches,
and also I found that on my local machine this was pretty
consistently hanging in the migration test. David G says there's
a maybe fix for that in another pullreq, so I'll see if that helps...
-- PMM
^ permalink raw reply [flat|nested] 55+ messages in thread
* Re: [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06
2021-09-09 13:25 ` [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Peter Maydell
@ 2021-09-09 13:32 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 55+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-09-09 13:32 UTC (permalink / raw)
To: Peter Maydell, Yang Zhong; +Cc: Paolo Bonzini, QEMU Developers
On 9/9/21 3:25 PM, Peter Maydell wrote:
> On Wed, 8 Sept 2021 at 11:07, Paolo Bonzini <pbonzini@redhat.com> wrote:
>>
>> The following changes since commit f9128631fbeb40a55f7bc145397981c963d40909:
>>
>> Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/block-pull-request' into staging (2021-09-07 13:24:43 +0100)
>>
>> are available in the Git repository at:
>>
>> https://gitlab.com/bonzini/qemu.git tags/for-upstream
>>
>> for you to fetch changes up to 3b942628231462c56c883a6273cf137d2a382f8f:
>>
>> ebpf: only include in system emulators (2021-09-08 08:07:04 +0200)
>>
>> ----------------------------------------------------------------
>> * SGX support (Sean, Yang)
>> * vGIF and vVMLOAD/VMSAVE support (Lara)
>> * Fix LA57 support in TCG (Daniel)
>> * Avoid pointless warnings for static user-only compilation (Thomas)
>> * Fix --disable-system compilation if libbpf is found
>> * target-i386.rst restructuring
>>
>
> Philippe seems to have some review remarks on the SGX patches,
I wanted to comment on the latest "Kconfig: Add CONFIG_SGX support"
patch and didn't really realize the latest was the pull request.
I meant to NAck the patch, but since it is pulled, the issue I reported
can be fixed on top (we are not close to releasing), I don't want to
give Paolo more work... Sorry for the noise.
> and also I found that on my local machine this was pretty
> consistently hanging in the migration test. David G says there's
> a maybe fix for that in another pullreq, so I'll see if that helps...
>
> -- PMM
>
^ permalink raw reply [flat|nested] 55+ messages in thread
* Re: [PULL v4 35/43] Kconfig: Add CONFIG_SGX support
2021-09-09 13:16 ` Philippe Mathieu-Daudé
@ 2021-09-09 13:33 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 55+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-09-09 13:33 UTC (permalink / raw)
To: qemu-devel, Yang Zhong; +Cc: Paolo Bonzini, Markus Armbruster
On 9/9/21 3:16 PM, Philippe Mathieu-Daudé wrote:
> On 9/8/21 12:04 PM, Paolo Bonzini wrote:
>> From: Yang Zhong <yang.zhong@intel.com>
>>
>> Add new CONFIG_SGX for sgx support in the Qemu, and the Kconfig
>> default enable sgx in the i386 platform.
>>
>> Signed-off-by: Yang Zhong <yang.zhong@intel.com>
>> Message-Id: <20210719112136.57018-32-yang.zhong@intel.com>
>> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
>> ---
>> backends/meson.build | 2 +-
>> configs/devices/i386-softmmu/default.mak | 1 +
>> hw/i386/Kconfig | 5 +++++
>> hw/i386/meson.build | 4 ++--
>> hw/i386/sgx-stub.c | 13 +++++++++++++
>> 5 files changed, 22 insertions(+), 3 deletions(-)
>> create mode 100644 hw/i386/sgx-stub.c
>> diff --git a/hw/i386/sgx-stub.c b/hw/i386/sgx-stub.c
>> new file mode 100644
>> index 0000000000..edf17c3309
>> --- /dev/null
>> +++ b/hw/i386/sgx-stub.c
>
> Ah, here comes the stub.
>
>> @@ -0,0 +1,13 @@
>> +#include "qemu/osdep.h"
>> +#include "hw/i386/pc.h"
>> +#include "hw/i386/sgx-epc.h"
>> +
>> +void pc_machine_init_sgx_epc(PCMachineState *pcms)
>> +{
>> + return;
>
> Nack.
>
> If an user tries to use sgx-epc.0.memdev=memid with a build with SGX
> not built in, you silently ignore the security request and keep booting
> the machine... Use something like:
>
> error_report("Support for SGX EPC not built-in");
> exit(EXIT_FAILURE);
>
> Or better pass an Error* argument to pc_machine_init_sgx_epc() to
> propagate the error.
If this get merged, please send a follow up patch to clean that.
>> +}
>> +
>> +int sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size)
>> +{
>> + return 1;
>
> No, this code is unreachable:
>
> g_assert_not_reached();
>
>> +}
>>
>
^ permalink raw reply [flat|nested] 55+ messages in thread
* Re: [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
` (43 preceding siblings ...)
2021-09-09 13:25 ` [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Peter Maydell
@ 2021-09-11 12:59 ` Peter Maydell
2021-09-11 13:05 ` Paolo Bonzini
44 siblings, 1 reply; 55+ messages in thread
From: Peter Maydell @ 2021-09-11 12:59 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: QEMU Developers
On Wed, 8 Sept 2021 at 11:07, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> The following changes since commit f9128631fbeb40a55f7bc145397981c963d40909:
>
> Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/block-pull-request' into staging (2021-09-07 13:24:43 +0100)
>
> are available in the Git repository at:
>
> https://gitlab.com/bonzini/qemu.git tags/for-upstream
>
> for you to fetch changes up to 3b942628231462c56c883a6273cf137d2a382f8f:
>
> ebpf: only include in system emulators (2021-09-08 08:07:04 +0200)
>
> ----------------------------------------------------------------
> * SGX support (Sean, Yang)
> * vGIF and vVMLOAD/VMSAVE support (Lara)
> * Fix LA57 support in TCG (Daniel)
> * Avoid pointless warnings for static user-only compilation (Thomas)
> * Fix --disable-system compilation if libbpf is found
> * target-i386.rst restructuring
>
> ----------------------------------------------------------------
I gave this a retry and it now fails to compile (all hosts):
../../hw/i386/sgx-stub.c: In function ‘pc_machine_init_sgx_epc’:
../../hw/i386/sgx-stub.c:7:12: error: ‘sgx_epc’ undeclared (first use
in this function)
7 | memset(sgx_epc, 0, sizeof(SGXEPCState));
| ^~~~~~~
../../hw/i386/sgx-stub.c:7:12: note: each undeclared identifier is
reported only once for each function it appears in
-- PMM
^ permalink raw reply [flat|nested] 55+ messages in thread
* Re: [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06
2021-09-11 12:59 ` Peter Maydell
@ 2021-09-11 13:05 ` Paolo Bonzini
0 siblings, 0 replies; 55+ messages in thread
From: Paolo Bonzini @ 2021-09-11 13:05 UTC (permalink / raw)
To: Peter Maydell; +Cc: QEMU Developers
[-- Attachment #1: Type: text/plain, Size: 1674 bytes --]
Yes this is not anymore the tag I had posted... I was working on the review
comments.
Paolo
Il sab 11 set 2021, 15:00 Peter Maydell <peter.maydell@linaro.org> ha
scritto:
> On Wed, 8 Sept 2021 at 11:07, Paolo Bonzini <pbonzini@redhat.com> wrote:
> >
> > The following changes since commit
> f9128631fbeb40a55f7bc145397981c963d40909:
> >
> > Merge remote-tracking branch
> 'remotes/stefanha-gitlab/tags/block-pull-request' into staging (2021-09-07
> 13:24:43 +0100)
> >
> > are available in the Git repository at:
> >
> > https://gitlab.com/bonzini/qemu.git tags/for-upstream
> >
> > for you to fetch changes up to 3b942628231462c56c883a6273cf137d2a382f8f:
> >
> > ebpf: only include in system emulators (2021-09-08 08:07:04 +0200)
> >
> > ----------------------------------------------------------------
> > * SGX support (Sean, Yang)
> > * vGIF and vVMLOAD/VMSAVE support (Lara)
> > * Fix LA57 support in TCG (Daniel)
> > * Avoid pointless warnings for static user-only compilation (Thomas)
> > * Fix --disable-system compilation if libbpf is found
> > * target-i386.rst restructuring
> >
> > ----------------------------------------------------------------
>
> I gave this a retry and it now fails to compile (all hosts):
>
> ../../hw/i386/sgx-stub.c: In function ‘pc_machine_init_sgx_epc’:
> ../../hw/i386/sgx-stub.c:7:12: error: ‘sgx_epc’ undeclared (first use
> in this function)
> 7 | memset(sgx_epc, 0, sizeof(SGXEPCState));
> | ^~~~~~~
> ../../hw/i386/sgx-stub.c:7:12: note: each undeclared identifier is
> reported only once for each function it appears in
>
>
> -- PMM
>
>
[-- Attachment #2: Type: text/html, Size: 2313 bytes --]
^ permalink raw reply [flat|nested] 55+ messages in thread
end of thread, other threads:[~2021-09-11 13:06 UTC | newest]
Thread overview: 55+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-08 10:03 [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 01/43] target/i386: add missing bits to CR4_RESERVED_MASK Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 02/43] target/i386: VMRUN and VMLOAD canonicalizations Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 03/43] target/i386: Added VGIF feature Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 04/43] target/i386: Moved int_ctl into CPUX86State structure Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 05/43] target/i386: Added VGIF V_IRQ masking capability Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 06/43] target/i386: Added ignore TPR check in ctl_has_irq Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 07/43] target/i386: Added changed priority check for VIRQ Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 08/43] target/i386: Added vVMLOAD and vVMSAVE feature Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 09/43] memory: Add RAM_PROTECTED flag to skip IOMMU mappings Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 10/43] hostmem: Add hostmem-epc as a backend for SGX EPC Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 11/43] qom: Add memory-backend-epc ObjectOptions support Paolo Bonzini
2021-09-08 14:51 ` Eric Blake
2021-09-08 10:03 ` [PULL v4 12/43] i386: Add 'sgx-epc' device to expose EPC sections to guest Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 13/43] vl: Add sgx compound properties to expose SGX " Paolo Bonzini
2021-09-08 14:52 ` Eric Blake
2021-09-09 3:01 ` Yang Zhong
2021-09-08 10:03 ` [PULL v4 14/43] i386: Add primary SGX CPUID and MSR defines Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 15/43] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EAX Paolo Bonzini
2021-09-08 10:03 ` [PULL v4 16/43] i386: Add SGX CPUID leaf FEAT_SGX_12_0_EBX Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 17/43] i386: Add SGX CPUID leaf FEAT_SGX_12_1_EAX Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 18/43] i386: Add get/set/migrate support for SGX_LEPUBKEYHASH MSRs Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 19/43] fw_cfg: add etc/msr_feature_control Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 20/43] i386: Add feature control MSR dependency when SGX is enabled Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 21/43] i386: Update SGX CPUID info according to hardware/KVM/user input Paolo Bonzini
2021-09-09 13:09 ` Philippe Mathieu-Daudé
2021-09-08 10:04 ` [PULL v4 22/43] i386: kvm: Add support for exposing PROVISIONKEY to guest Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 23/43] i386: Propagate SGX CPUID sub-leafs to KVM Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 24/43] Adjust min CPUID level to 0x12 when SGX is enabled Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 25/43] hw/i386/fw_cfg: Set SGX bits in feature control fw_cfg accordingly Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 26/43] hw/i386/pc: Account for SGX EPC sections when calculating device memory Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 27/43] i386/pc: Add e820 entry for SGX EPC section(s) Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 28/43] i386: acpi: Add SGX EPC entry to ACPI tables Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 29/43] q35: Add support for SGX EPC Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 30/43] i440fx: " Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 31/43] hostmem-epc: Add the reset interface for EPC backend reset Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 32/43] sgx-epc: Add the reset interface for sgx-epc virt device Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 33/43] sgx-epc: Avoid bios reset during sgx epc initialization Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 34/43] hostmem-epc: Make prealloc consistent with qemu cmdline during reset Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 35/43] Kconfig: Add CONFIG_SGX support Paolo Bonzini
2021-09-09 13:16 ` Philippe Mathieu-Daudé
2021-09-09 13:33 ` Philippe Mathieu-Daudé
2021-09-08 10:04 ` [PULL v4 36/43] sgx-epc: Add the fill_device_info() callback support Paolo Bonzini
2021-09-08 14:54 ` Eric Blake
2021-09-08 10:04 ` [PULL v4 37/43] docs: standardize book titles to === with overline Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 38/43] docs: standardize directory index to --- " Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 39/43] docs/system: standardize man page sections " Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 40/43] docs/system: move x86 CPU configuration to a separate document Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 41/43] docs/system: Add SGX documentation to the system manual Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 42/43] meson.build: Do not look for VNC-related libraries if have_system is not set Paolo Bonzini
2021-09-08 10:04 ` [PULL v4 43/43] ebpf: only include in system emulators Paolo Bonzini
2021-09-09 13:25 ` [PULL v4 00/43] (Mostly) x86 changes for 2021-09-06 Peter Maydell
2021-09-09 13:32 ` Philippe Mathieu-Daudé
2021-09-11 12:59 ` Peter Maydell
2021-09-11 13:05 ` Paolo Bonzini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).