- 14 3月, 2018 11 次提交
-
-
由 Brijesh Singh 提交于
The command can be used by libvirt to retrieve the measurement of SEV guest. This measurement is a signature of the memory contents that was encrypted through the LAUNCH_UPDATE_DATA. Cc: "Daniel P. Berrangé" <berrange@redhat.com> Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
The command can be used to show the SEV information when memory encryption is enabled on AMD platform. Cc: Eric Blake <eblake@redhat.com> Cc: "Daniel P. Berrangé" <berrange@redhat.com> Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Reviewed-by: N"Dr. David Alan Gilbert" <dgilbert@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
When SEV is enabled, CPUID 0x8000_001F should provide additional information regarding the feature (such as which page table bit is used to mark the pages as encrypted etc). The details for memory encryption CPUID is available in AMD APM (https://support.amd.com/TechDocs/24594.pdf) Section E.4.17 Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: NEduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
SEV guest migration is not implemented yet. Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
SEV launch flow requires us to issue LAUNCH_FINISH command before guest is ready to run. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
During machine creation we encrypted the guest bios image, the LAUNCH_MEASURE command can be used to retrieve the measurement of the encrypted memory region. This measurement is a signature of the memory contents that can be sent to the guest owner as an attestation that the memory was encrypted correctly by the firmware. VM management tools like libvirt can query the measurement using query-sev-launch-measure QMP command. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
SEV requires that guest bios must be encrypted before booting the guest. Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
The KVM_SEV_LAUNCH_UPDATE_DATA command is used to encrypt a guest memory region using the VM Encryption Key created using LAUNCH_START. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
The KVM_SEV_LAUNCH_START command creates a new VM encryption key (VEK). The encryption key created with the command will be used for encrypting the bootstrap images (such as guest bios). Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
When SEV is enabled, the hardware encryption engine uses a tweak such that the two identical plaintext at different location will have a different ciphertexts. So swapping or moving a ciphertexts of two guest pages will not result in plaintexts being swapped. Hence relocating a physical backing pages of the SEV guest will require some additional steps in KVM driver. The KVM_MEMORY_ENCRYPT_{UN,}REG_REGION ioctl can be used to register/unregister the guest memory region which may contain the encrypted data. KVM driver will internally handle the relocating physical backing pages of registered memory regions. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
When memory encryption is enabled, KVM_SEV_INIT command is used to initialize the platform. The command loads the SEV related persistent data from non-volatile storage and initializes the platform context. This command should be first issued before invoking any other guest commands provided by the SEV firmware. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 13 3月, 2018 11 次提交
-
-
由 Brijesh Singh 提交于
The header file provide the ioctl command and structure to communicate with /dev/sev device. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com>
-
由 Brijesh Singh 提交于
The QMP query command can used to retrieve the SEV information when memory encryption is enabled on AMD platform. Cc: Eric Blake <eblake@redhat.com> Cc: "Daniel P. Berrangé" <berrange@redhat.com> Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
Add a new memory encryption object 'sev-guest'. The object will be used to create encrypted VMs on AMD EPYC CPU. The object provides the properties to pass guest owner's public Diffie-hellman key, guest policy and session information required to create the memory encryption context within the SEV firmware. e.g to launch SEV guest # $QEMU \ -object sev-guest,id=sev0 \ -machine ....,memory-encryption=sev0 Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
Inorder to integerate the Secure Encryption Virtualization (SEV) support add few high-level memory encryption APIs which can be used for encrypting the guest memory region. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: kvm@vger.kernel.org Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
Split from a patch by Brijesh Singh (brijesh.singh@amd.com). Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com>
-
由 Brijesh Singh 提交于
Create a documentation entry to describe the AMD Secure Encrypted Virtualization (SEV) feature. Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
When CPU supports memory encryption feature, the property can be used to specify the encryption object to use when launching an encrypted guest. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Eduardo Habkost <ehabkost@redhat.com> Cc: Marcel Apfelbaum <marcel@redhat.com> Cc: Stefan Hajnoczi <stefanha@gmail.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Liran Alon 提交于
This MSR returns the number of #SMIs that occurred on CPU since boot. KVM commit 52797bf9a875 ("KVM: x86: Add emulation of MSR_SMI_COUNT") introduced support for emulating this MSR. This commit adds support for QEMU to save/load this MSR for migration purposes. Signed-off-by: NLiran Alon <liran.alon@oracle.com> Reviewed-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
Note that VIRTIO_GPU_CAPSET_VIRGL2 was added manually so it has to be added manually after re-running scripts/update-linux-headers.sh. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Peter Maydell 提交于
7cdc61be vga: fix region calculation # gpg: Signature made Mon 12 Mar 2018 10:59:24 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/vga-20180312-pull-request: vga: fix region calculation Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
modules: use gmodule-export. audio: add driver registry, enable module builds. # gpg: Signature made Mon 12 Mar 2018 10:42:19 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/audio-20180312-pull-request: audio/sdl: build as module audio/pulseaudio: build as module audio/oss: build as module audio/alsa: build as module build: enable audio modules audio: add module loading support audio: add driver registry modules: use gmodule-export Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 12 3月, 2018 18 次提交
-
-
由 Peter Maydell 提交于
gtk,spice: add dmabuf support. sdl,vnc,gtk: bugfixes. ui/qapi: add device ID and head parameters to screendump. build: try improve handling of clang warnings. # gpg: Signature made Mon 12 Mar 2018 09:13:28 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/ui-20180312-pull-request: qapi: Add device ID and head parameters to screendump spice: add cursor_dmabuf support spice: add scanout_dmabuf support spice: drop dprint() debug logging vnc: deal with surface NULL pointers ui/gtk-egl: add cursor_dmabuf support ui/gtk-egl: add scanout_dmabuf support ui/gtk: use GtkGlArea on wayland only ui/opengl: Makefile cleanup ui/gtk: group gtk.mo declarations in Makefile ui/gtk: make GtkGlArea usage a runtime option sdl: workaround bug in sdl 2.0.8 headers make: switch language file build to be gtk module aware build: try improve handling of clang warnings Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Migration pull 2018-03-09 # gpg: Signature made Fri 09 Mar 2018 17:52:46 GMT # gpg: using RSA key 0516331EBC5BFDE7 # gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" # Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7 * remotes/dgilbert/tags/pull-migration-20180309a: tests: Silence migration-test 'bad' test migration: fix applying wrong capabilities migration/block: rename MAX_INFLIGHT_IO to MAX_IO_BUFFERS migration/block: reset dirty bitmap before read in bulk phase migration: do not transfer ram during bulk storage migration migration: fix minor finalize leak Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
target-arm queue: * i.MX: Add i.MX7 SOC implementation and i.MX7 Sabre board * Report the correct core count in A53 L2CTLR on the ZynqMP board * linux-user: preliminary SVE support work (signal handling) * hw/arm/boot: fix memory leak in case of error loading ELF file * hw/arm/boot: avoid reading off end of buffer if passed very small image file * hw/arm: Use more CONFIG switches for the object files * target/arm: Add "-cpu max" support * hw/arm/virt: Support -machine gic-version=max * hw/sd: improve debug tracing * hw/sd: sdcard: Add the Tuning Command (CMD 19) * MAINTAINERS: add Philippe as odd-fixes maintainer for SD # gpg: Signature made Fri 09 Mar 2018 17:24:23 GMT # gpg: using RSA key 3C2525ED14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" # gpg: aka "Peter Maydell <pmaydell@gmail.com>" # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20180309: (25 commits) MAINTAINERS: Add entries for SD (SDHCI, SDBus, SDCard) sdhci: Fix a typo in comment sdcard: Add the Tuning Command (CMD19) sdcard: Display which protocol is used when tracing (SD or SPI) sdcard: Display command name when tracing CMD/ACMD sdcard: Do not trace CMD55, except when we already expect an ACMD hw/arm/virt: Support -machine gic-version=max hw/arm/virt: Add "max" to the list of CPU types "virt" supports target/arm: Make 'any' CPU just an alias for 'max' target/arm: Add "-cpu max" support target/arm: Move definition of 'host' cpu type into cpu.c target/arm: Query host CPU features on-demand at instance init arm: avoid heap-buffer-overflow in load_aarch64_image arm: fix load ELF error leak hw/arm: Use more CONFIG switches for the object files aarch64-linux-user: Add support for SVE signal frame records aarch64-linux-user: Add support for EXTRA signal frame records aarch64-linux-user: Remove struct target_aux_context aarch64-linux-user: Split out helpers for guest signal handling linux-user: Implement aarch64 PR_SVE_SET/GET_VL ... Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Gerd Hoffmann 提交于
Typically the scanline length and the line offset are identical. But in case they are not our calculation for region_end is incorrect. Using line_offset is fine for all scanlines, except the last one where we have to use the actual scanline length. Fixes: CVE-2018-7550 Reported-by: NRoss Lagerwall <ross.lagerwall@citrix.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NPrasad J Pandit <pjp@fedoraproject.org> Tested-by: NRoss Lagerwall <ross.lagerwall@citrix.com> Message-id: 20180309143704.13420-1-kraxel@redhat.com
-
由 Gerd Hoffmann 提交于
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 20180306074053.22856-8-kraxel@redhat.com
-
由 Gerd Hoffmann 提交于
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 20180306074053.22856-7-kraxel@redhat.com
-
由 Gerd Hoffmann 提交于
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 20180306074053.22856-6-kraxel@redhat.com
-
由 Gerd Hoffmann 提交于
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 20180306074053.22856-5-kraxel@redhat.com
-
由 Gerd Hoffmann 提交于
Add audio/ to common-obj-m variable. Also run both audio and ui variables through unnest-vars. This avoids sdl.mo (exists in both audio/ and ui/) name clashes. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 20180306074053.22856-4-kraxel@redhat.com
-
由 Gerd Hoffmann 提交于
Make audio_driver_lookup() try load the module in case it doesn't find the driver in the registry. Also load all modules for -audio-help, so the help output includes the help text for modular audio drivers. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20180306074053.22856-3-kraxel@redhat.com
-
由 Gerd Hoffmann 提交于
Add registry for audio drivers, using the existing audio_driver struct. Make all drivers register themself. The old list of audio_driver struct pointers is now a list of audio driver names, specifying the priority (aka probe order) in case no driver is explicitly asked for. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20180306074053.22856-2-kraxel@redhat.com
-
由 Peter Maydell 提交于
Block layer patches # gpg: Signature made Fri 09 Mar 2018 15:09:20 GMT # gpg: using RSA key 7F09B272C88F2FD6 # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: (56 commits) qemu-iotests: fix 203 migration completion race iotests: Tweak 030 in order to trigger a race condition with parallel jobs iotests: Skip test for ENOMEM error iotests: Mark all tests executable iotests: Test creating overlay when guest running qemu-iotests: Test ssh image creation over QMP qemu-iotests: Test qcow2 over file image creation with QMP block: Fail bdrv_truncate() with negative size file-posix: Fix no-op bdrv_truncate() with falloc preallocation ssh: Support .bdrv_co_create ssh: Pass BlockdevOptionsSsh to connect_to_ssh() ssh: QAPIfy host-key-check option ssh: Use QAPI BlockdevOptionsSsh object sheepdog: Support .bdrv_co_create sheepdog: QAPIfy "redundancy" create option nfs: Support .bdrv_co_create nfs: Use QAPI options in nfs_client_open() rbd: Use qemu_rbd_connect() in qemu_rbd_do_create() rbd: Assign s->snap/image_name in qemu_rbd_open() rbd: Support .bdrv_co_create ... Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Gerd Hoffmann 提交于
As we want qemu symbols be exported to modules we should use the gmodule-export-2.0 pkg-config instead of gmodule-2.0. Cc: Marc-André Lureau <marcandre.lureau@gmail.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 20180308085301.8875-2-kraxel@redhat.com
-
由 Thomas Huth 提交于
QEMU's screendump command can only take dumps from the primary display. When using multiple VGA cards, there is no way to get a dump from a secondary card or other display heads yet. So let's add a 'device' and a 'head' parameter to the HMP and QMP commands to be able to specify alternative devices and heads with the screendump command, too. Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> Acked-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: NGerd Hoffmann <kraxel@redhat.com> Signed-off-by: NThomas Huth <thuth@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Message-id: 1520267868-31778-1-git-send-email-thuth@redhat.com Signed-off-by: NGerd Hoffmann <kraxel@redhat.com>
-
由 Gerd Hoffmann 提交于
Add support for cursor dmabufs. qemu has to render the cursor for that, so in case a cursor is present qemu allocates a new dmabuf, blits the scanout, blends in the pointer and passes on the new dmabuf to spice-server. Without cursor qemu continues to simply pass on the scanout dmabuf as-is. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20180308090618.30147-4-kraxel@redhat.com
-
由 Gerd Hoffmann 提交于
Add support for scanout dmabufs. Just pass them through to spice-server. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20180308090618.30147-3-kraxel@redhat.com
-
由 Gerd Hoffmann 提交于
Some calls are deleted, some are converted into tracepoints. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20180308090618.30147-2-kraxel@redhat.com
-
由 Gerd Hoffmann 提交于
Secondary displays in multihead setups are allowed to have a NULL DisplaySurface. Typically user interfaces handle this by hiding the window which shows the display in question. This isn't an option for vnc though because it simply hasn't a concept of windows or outputs. So handle the situation by showing a placeholder DisplaySurface instead. Also check in console_select whenever a surface is preset in the first place before requesting an update. This fixes a segfault which can be triggered by switching to an unused display (via vtrl-alt-<nr>) in a multihead setup, for example using -device virtio-vga,max_outputs=2. Cc: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NPhilippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: NChristian Borntraeger <borntraeger@de.ibm.com> Message-id: 20180308161803.6152-1-kraxel@redhat.com
-