- 14 3月, 2018 23 次提交
-
-
由 Alexey Kardashevskiy 提交于
At the moment we unconditionally avoid mapping MSIX data of a BAR and emulate MSIX table in QEMU. However it is 1) not always necessary as a platform may provide a paravirt interface for MSIX configuration; 2) can affect the speed of MMIO access by emulating them in QEMU when frequently accessed registers share same system page with MSIX data, this is particularly a problem for systems with the page size bigger than 4KB. A new capability - VFIO_REGION_INFO_CAP_MSIX_MAPPABLE - has been added to the kernel [1] which tells the userspace that mapping of the MSIX data is possible now. This makes use of it so from now on QEMU tries mapping the entire BAR as a whole and emulate MSIX on top of that. [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a32295c612c57990d17fb0f41e7134394b2f35f6Signed-off-by: NAlexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: NDavid Gibson <david@gibson.dropbear.id.au> Signed-off-by: NAlex Williamson <alex.williamson@redhat.com>
-
由 Alexey Kardashevskiy 提交于
At the moment if vfio_memory_listener is registered in the system memory address space, it maps/unmaps every RAM memory region for DMA. It expects system page size aligned memory sections so vfio_dma_map would not fail and so far this has been the case. A mapping failure would be fatal. A side effect of such behavior is that some MMIO pages would not be mapped silently. However we are going to change MSIX BAR handling so we will end having non-aligned sections in vfio_memory_listener (more details is in the next patch) and vfio_dma_map will exit QEMU. In order to avoid fatal failures on what previously was not a failure and was just silently ignored, this checks the section alignment to the smallest supported IOMMU page size and prints an error if not aligned; it also prints an error if vfio_dma_map failed despite the page size check. Both errors are not fatal; only MMIO RAM regions are checked (aka "RAM device" regions). If the amount of errors printed is overwhelming, the MSIX relocation could be used to avoid excessive error output. This is unlikely to cause any behavioral change. Signed-off-by: NAlexey Kardashevskiy <aik@ozlabs.ru> [aw: Fix Int128 bit ops] Signed-off-by: NAlex Williamson <alex.williamson@redhat.com>
-
由 Gerd Hoffmann 提交于
Wire up dmabuf-based display. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Signed-off-by: NAlex Williamson <alex.williamson@redhat.com>
-
由 Gerd Hoffmann 提交于
Wire up region-based display. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed By: Kirti Wankhede <kwankhede@nvidia.com> Signed-off-by: NAlex Williamson <alex.williamson@redhat.com>
-
由 Gerd Hoffmann 提交于
Infrastructure for display support. Must be enabled using 'display' property. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed By: Kirti Wankhede <kwankhede@nvidia.com> Signed-off-by: NAlex Williamson <alex.williamson@redhat.com>
-
由 Gerd Hoffmann 提交于
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed by: Kirti Wankhede <kwankhede@nvidia.com> Signed-off-by: NAlex Williamson <alex.williamson@redhat.com>
-
由 Gerd Hoffmann 提交于
Using the new graphic_console_close() function. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Signed-off-by: NAlex Williamson <alex.williamson@redhat.com>
-
由 Gerd Hoffmann 提交于
This patch allows to unbind devices from QemuConsoles, using the new graphic_console_close() function. The QemuConsole will show a static display then, saying the device was unplugged. When re-plugging a display later on the QemuConsole will be reused. Eventually we will allocate and release QemuConsoles dynamically at some point in the future, that'll need more infrastructure though to notify user interfaces (gtk, sdl, spice, ...) about QemuConsoles coming and going. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Signed-off-by: NAlex Williamson <alex.williamson@redhat.com>
-
由 Gerd Hoffmann 提交于
Map drm fourcc codes to pixman formats. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed by: Kirti Wankhede <kwankhede@nvidia.com> Signed-off-by: NAlex Williamson <alex.williamson@redhat.com>
-
由 Gerd Hoffmann 提交于
So we can use the drm fourcc codes without a dependency on libdrm-devel. Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Signed-off-by: NAlex Williamson <alex.williamson@redhat.com>
-
由 Brijesh Singh 提交于
The function can be used to get the current SEV capabilities. The capabilities include platform diffie-hellman key (pdh) and certificate chain. The key can be provided to the external entities which wants to establish a trusted channel between SEV firmware and guest owner. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
The command can be used by libvirt to query the SEV capabilities. Cc: "Daniel P. Berrangé" <berrange@redhat.com> Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
The command can be used by libvirt to retrieve the measurement of SEV guest. This measurement is a signature of the memory contents that was encrypted through the LAUNCH_UPDATE_DATA. Cc: "Daniel P. Berrangé" <berrange@redhat.com> Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
The command can be used to show the SEV information when memory encryption is enabled on AMD platform. Cc: Eric Blake <eblake@redhat.com> Cc: "Daniel P. Berrangé" <berrange@redhat.com> Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Reviewed-by: N"Dr. David Alan Gilbert" <dgilbert@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
When SEV is enabled, CPUID 0x8000_001F should provide additional information regarding the feature (such as which page table bit is used to mark the pages as encrypted etc). The details for memory encryption CPUID is available in AMD APM (https://support.amd.com/TechDocs/24594.pdf) Section E.4.17 Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Reviewed-by: NEduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
SEV guest migration is not implemented yet. Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Reviewed-by: NDr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
SEV launch flow requires us to issue LAUNCH_FINISH command before guest is ready to run. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
During machine creation we encrypted the guest bios image, the LAUNCH_MEASURE command can be used to retrieve the measurement of the encrypted memory region. This measurement is a signature of the memory contents that can be sent to the guest owner as an attestation that the memory was encrypted correctly by the firmware. VM management tools like libvirt can query the measurement using query-sev-launch-measure QMP command. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
SEV requires that guest bios must be encrypted before booting the guest. Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
The KVM_SEV_LAUNCH_UPDATE_DATA command is used to encrypt a guest memory region using the VM Encryption Key created using LAUNCH_START. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
The KVM_SEV_LAUNCH_START command creates a new VM encryption key (VEK). The encryption key created with the command will be used for encrypting the bootstrap images (such as guest bios). Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
When SEV is enabled, the hardware encryption engine uses a tweak such that the two identical plaintext at different location will have a different ciphertexts. So swapping or moving a ciphertexts of two guest pages will not result in plaintexts being swapped. Hence relocating a physical backing pages of the SEV guest will require some additional steps in KVM driver. The KVM_MEMORY_ENCRYPT_{UN,}REG_REGION ioctl can be used to register/unregister the guest memory region which may contain the encrypted data. KVM driver will internally handle the relocating physical backing pages of registered memory regions. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
When memory encryption is enabled, KVM_SEV_INIT command is used to initialize the platform. The command loads the SEV related persistent data from non-volatile storage and initializes the platform context. This command should be first issued before invoking any other guest commands provided by the SEV firmware. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
- 13 3月, 2018 11 次提交
-
-
由 Brijesh Singh 提交于
The header file provide the ioctl command and structure to communicate with /dev/sev device. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com>
-
由 Brijesh Singh 提交于
The QMP query command can used to retrieve the SEV information when memory encryption is enabled on AMD platform. Cc: Eric Blake <eblake@redhat.com> Cc: "Daniel P. Berrangé" <berrange@redhat.com> Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
Add a new memory encryption object 'sev-guest'. The object will be used to create encrypted VMs on AMD EPYC CPU. The object provides the properties to pass guest owner's public Diffie-hellman key, guest policy and session information required to create the memory encryption context within the SEV firmware. e.g to launch SEV guest # $QEMU \ -object sev-guest,id=sev0 \ -machine ....,memory-encryption=sev0 Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
Inorder to integerate the Secure Encryption Virtualization (SEV) support add few high-level memory encryption APIs which can be used for encrypting the guest memory region. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: kvm@vger.kernel.org Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
Split from a patch by Brijesh Singh (brijesh.singh@amd.com). Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com>
-
由 Brijesh Singh 提交于
Create a documentation entry to describe the AMD Secure Encrypted Virtualization (SEV) feature. Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Brijesh Singh 提交于
When CPU supports memory encryption feature, the property can be used to specify the encryption object to use when launching an encrypted guest. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Eduardo Habkost <ehabkost@redhat.com> Cc: Marcel Apfelbaum <marcel@redhat.com> Cc: Stefan Hajnoczi <stefanha@gmail.com> Signed-off-by: NBrijesh Singh <brijesh.singh@amd.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Liran Alon 提交于
This MSR returns the number of #SMIs that occurred on CPU since boot. KVM commit 52797bf9a875 ("KVM: x86: Add emulation of MSR_SMI_COUNT") introduced support for emulating this MSR. This commit adds support for QEMU to save/load this MSR for migration purposes. Signed-off-by: NLiran Alon <liran.alon@oracle.com> Reviewed-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Paolo Bonzini 提交于
Note that VIRTIO_GPU_CAPSET_VIRGL2 was added manually so it has to be added manually after re-running scripts/update-linux-headers.sh. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
-
由 Peter Maydell 提交于
7cdc61be vga: fix region calculation # gpg: Signature made Mon 12 Mar 2018 10:59:24 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/vga-20180312-pull-request: vga: fix region calculation Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
modules: use gmodule-export. audio: add driver registry, enable module builds. # gpg: Signature made Mon 12 Mar 2018 10:42:19 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/audio-20180312-pull-request: audio/sdl: build as module audio/pulseaudio: build as module audio/oss: build as module audio/alsa: build as module build: enable audio modules audio: add module loading support audio: add driver registry modules: use gmodule-export Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
- 12 3月, 2018 6 次提交
-
-
由 Peter Maydell 提交于
gtk,spice: add dmabuf support. sdl,vnc,gtk: bugfixes. ui/qapi: add device ID and head parameters to screendump. build: try improve handling of clang warnings. # gpg: Signature made Mon 12 Mar 2018 09:13:28 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/ui-20180312-pull-request: qapi: Add device ID and head parameters to screendump spice: add cursor_dmabuf support spice: add scanout_dmabuf support spice: drop dprint() debug logging vnc: deal with surface NULL pointers ui/gtk-egl: add cursor_dmabuf support ui/gtk-egl: add scanout_dmabuf support ui/gtk: use GtkGlArea on wayland only ui/opengl: Makefile cleanup ui/gtk: group gtk.mo declarations in Makefile ui/gtk: make GtkGlArea usage a runtime option sdl: workaround bug in sdl 2.0.8 headers make: switch language file build to be gtk module aware build: try improve handling of clang warnings Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
Migration pull 2018-03-09 # gpg: Signature made Fri 09 Mar 2018 17:52:46 GMT # gpg: using RSA key 0516331EBC5BFDE7 # gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" # Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7 * remotes/dgilbert/tags/pull-migration-20180309a: tests: Silence migration-test 'bad' test migration: fix applying wrong capabilities migration/block: rename MAX_INFLIGHT_IO to MAX_IO_BUFFERS migration/block: reset dirty bitmap before read in bulk phase migration: do not transfer ram during bulk storage migration migration: fix minor finalize leak Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Peter Maydell 提交于
target-arm queue: * i.MX: Add i.MX7 SOC implementation and i.MX7 Sabre board * Report the correct core count in A53 L2CTLR on the ZynqMP board * linux-user: preliminary SVE support work (signal handling) * hw/arm/boot: fix memory leak in case of error loading ELF file * hw/arm/boot: avoid reading off end of buffer if passed very small image file * hw/arm: Use more CONFIG switches for the object files * target/arm: Add "-cpu max" support * hw/arm/virt: Support -machine gic-version=max * hw/sd: improve debug tracing * hw/sd: sdcard: Add the Tuning Command (CMD 19) * MAINTAINERS: add Philippe as odd-fixes maintainer for SD # gpg: Signature made Fri 09 Mar 2018 17:24:23 GMT # gpg: using RSA key 3C2525ED14360CDE # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" # gpg: aka "Peter Maydell <pmaydell@gmail.com>" # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20180309: (25 commits) MAINTAINERS: Add entries for SD (SDHCI, SDBus, SDCard) sdhci: Fix a typo in comment sdcard: Add the Tuning Command (CMD19) sdcard: Display which protocol is used when tracing (SD or SPI) sdcard: Display command name when tracing CMD/ACMD sdcard: Do not trace CMD55, except when we already expect an ACMD hw/arm/virt: Support -machine gic-version=max hw/arm/virt: Add "max" to the list of CPU types "virt" supports target/arm: Make 'any' CPU just an alias for 'max' target/arm: Add "-cpu max" support target/arm: Move definition of 'host' cpu type into cpu.c target/arm: Query host CPU features on-demand at instance init arm: avoid heap-buffer-overflow in load_aarch64_image arm: fix load ELF error leak hw/arm: Use more CONFIG switches for the object files aarch64-linux-user: Add support for SVE signal frame records aarch64-linux-user: Add support for EXTRA signal frame records aarch64-linux-user: Remove struct target_aux_context aarch64-linux-user: Split out helpers for guest signal handling linux-user: Implement aarch64 PR_SVE_SET/GET_VL ... Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
-
由 Gerd Hoffmann 提交于
Typically the scanline length and the line offset are identical. But in case they are not our calculation for region_end is incorrect. Using line_offset is fine for all scanlines, except the last one where we have to use the actual scanline length. Fixes: CVE-2018-7550 Reported-by: NRoss Lagerwall <ross.lagerwall@citrix.com> Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NPrasad J Pandit <pjp@fedoraproject.org> Tested-by: NRoss Lagerwall <ross.lagerwall@citrix.com> Message-id: 20180309143704.13420-1-kraxel@redhat.com
-
由 Gerd Hoffmann 提交于
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 20180306074053.22856-8-kraxel@redhat.com
-
由 Gerd Hoffmann 提交于
Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Message-id: 20180306074053.22856-7-kraxel@redhat.com
-