From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: xiaoyao.li@intel.com, michael.roth@amd.com
Subject: [PATCH 0/7] target/i386: VM type infrastructure and KVM_SEV_INIT2 support
Date: Tue, 19 Mar 2024 14:59:53 +0100 [thread overview]
Message-ID: <20240319140000.1014247-1-pbonzini@redhat.com> (raw)
This series adds another vendor-neutral part of the SEV-SNP/TDX support
patches, namely support for KVM_CAP_VM_TYPES. In Linux 6.10 this will
also be available for SEV and SEV-ES, so introduce it now already.
Also, Linux 6.10 will _not_ allow KVM_GET/SET_* ioctls for VMs with
encrypted state and a VM type other than KVM_X86_DEFAULT_VM, so prepare
for that.
The patches are not yet available in kvm.git, hence the hackish
linux-headers update in patch 1. Apart from that, however, the API
should be final.
Tested by booting a SEV-ES guest.
Paolo
Based-on: <20240229060038.606591-1-xiaoyao.li@intel.com>
Paolo Bonzini (6):
linux-headers hack
runstate: skip initial CPU reset if reset is not actually possible
KVM: track whether guest state is encrypted
KVM: remove kvm_arch_cpu_check_are_resettable
target/i386: introduce x86-confidential-guest
target/i386: SEV: use KVM_SEV_INIT2 if possible
Xiaoyao Li (1):
target/i386: Implement mc->kvm_type() to get VM type
include/sysemu/kvm.h | 12 ++-----
include/sysemu/kvm_int.h | 1 +
linux-headers/asm-x86/kvm.h | 8 +++++
linux-headers/linux/kvm.h | 2 ++
target/i386/confidential-guest.h | 59 ++++++++++++++++++++++++++++++++
target/i386/kvm/kvm_i386.h | 2 ++
accel/kvm/kvm-accel-ops.c | 2 +-
accel/kvm/kvm-all.c | 19 ++++++----
hw/i386/x86.c | 6 ++++
system/runstate.c | 15 +++++++-
target/arm/kvm.c | 5 ---
target/i386/confidential-guest.c | 33 ++++++++++++++++++
target/i386/kvm/kvm.c | 49 +++++++++++++++++++++++---
target/i386/sev.c | 48 ++++++++++++++++++++++----
target/loongarch/kvm/kvm.c | 5 ---
target/mips/kvm.c | 5 ---
target/ppc/kvm.c | 5 ---
target/riscv/kvm/kvm-cpu.c | 5 ---
target/s390x/kvm/kvm.c | 5 ---
target/i386/meson.build | 2 +-
20 files changed, 226 insertions(+), 62 deletions(-)
create mode 100644 target/i386/confidential-guest.h
create mode 100644 target/i386/confidential-guest.c
--
2.44.0
next reply other threads:[~2024-03-19 14:01 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-19 13:59 Paolo Bonzini [this message]
2024-03-19 13:59 ` [PATCH 1/7] linux-headers hack Paolo Bonzini
2024-03-19 13:59 ` [PATCH 2/7] runstate: skip initial CPU reset if reset is not actually possible Paolo Bonzini
2024-03-19 14:16 ` Daniel P. Berrangé
2024-03-19 13:59 ` [PATCH 3/7] KVM: track whether guest state is encrypted Paolo Bonzini
2024-03-22 16:44 ` Xiaoyao Li
2024-03-19 13:59 ` [PATCH 4/7] KVM: remove kvm_arch_cpu_check_are_resettable Paolo Bonzini
2024-03-22 16:45 ` Xiaoyao Li
2024-03-19 13:59 ` [PATCH 5/7] target/i386: introduce x86-confidential-guest Paolo Bonzini
2024-03-22 15:23 ` Xiaoyao Li
2024-03-19 13:59 ` [PATCH 6/7] target/i386: Implement mc->kvm_type() to get VM type Paolo Bonzini
2024-03-19 14:15 ` Daniel P. Berrangé
2024-03-19 14:25 ` Paolo Bonzini
2024-03-19 14:27 ` Daniel P. Berrangé
2024-03-19 14:29 ` Paolo Bonzini
2024-03-19 14:39 ` Daniel P. Berrangé
2024-03-22 15:06 ` Xiaoyao Li
2024-03-19 14:00 ` [PATCH 7/7] target/i386: SEV: use KVM_SEV_INIT2 if possible Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240319140000.1014247-1-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=michael.roth@amd.com \
--cc=qemu-devel@nongnu.org \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).