From: Ani Sinha <anisinha@redhat.com>
To: "Paolo Bonzini" <pbonzini@redhat.com>,
"Peter Maydell" <peter.maydell@linaro.org>,
"Marcelo Tosatti" <mtosatti@redhat.com>,
"Song Gao" <gaosong@loongson.cn>,
"Huacai Chen" <chenhuacai@kernel.org>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Aurelien Jarno" <aurelien@aurel32.net>,
"Jiaxun Yang" <jiaxun.yang@flygoat.com>,
"Aleksandar Rikalo" <arikalo@gmail.com>,
"Nicholas Piggin" <npiggin@gmail.com>,
"Harsh Prateek Bora" <harshpb@linux.ibm.com>,
"Chinmay Rath" <rathc@linux.ibm.com>,
"Palmer Dabbelt" <palmer@dabbelt.com>,
"Alistair Francis" <alistair.francis@wdc.com>,
"Weiwei Li" <liwei1518@gmail.com>,
"Daniel Henrique Barboza" <dbarboza@ventanamicro.com>,
"Liu Zhiwei" <zhiwei_liu@linux.alibaba.com>,
"Halil Pasic" <pasic@linux.ibm.com>,
"Christian Borntraeger" <borntraeger@linux.ibm.com>,
"Eric Farman" <farman@linux.ibm.com>,
"Matthew Rosato" <mjrosato@linux.ibm.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Ilya Leoshkevich" <iii@linux.ibm.com>,
"David Hildenbrand" <david@kernel.org>,
"Thomas Huth" <thuth@redhat.com>
Cc: vkuznets@redhat.com, kraxel@redhat.com, qemu-devel@nongnu.org,
Ani Sinha <anisinha@redhat.com>,
kvm@vger.kernel.org, qemu-arm@nongnu.org, qemu-ppc@nongnu.org,
qemu-riscv@nongnu.org, qemu-s390x@nongnu.org
Subject: [PATCH v1 04/28] accel/kvm: add changes required to support KVM VM file descriptor change
Date: Fri, 12 Dec 2025 20:33:32 +0530 [thread overview]
Message-ID: <20251212150359.548787-5-anisinha@redhat.com> (raw)
In-Reply-To: <20251212150359.548787-1-anisinha@redhat.com>
This change adds common kvm specific support to handle KVM VM file descriptor
change. KVM VM file descriptor can change as a part of confidential guest reset
mechanism. A new function api kvm_arch_vmfd_change_ops() per
architecture platform is added in order to implement architecture specific
changes required to support it. A subsequent patch will add x86 specific
implementation for kvm_arch_vmfd_change_ops as currently only x86 supports
confidential guest reset.
Signed-off-by: Ani Sinha <anisinha@redhat.com>
---
accel/kvm/kvm-all.c | 70 ++++++++++++++++++++++++++++++++++++--
include/system/kvm.h | 1 +
target/arm/kvm.c | 5 +++
target/i386/kvm/kvm.c | 5 +++
target/loongarch/kvm/kvm.c | 5 +++
target/mips/kvm.c | 5 +++
target/ppc/kvm.c | 5 +++
target/riscv/kvm/kvm-cpu.c | 5 +++
target/s390x/kvm/kvm.c | 5 +++
9 files changed, 103 insertions(+), 3 deletions(-)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 28006d73c5..c9564bf681 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -2415,11 +2415,9 @@ void kvm_irqchip_set_qemuirq_gsi(KVMState *s, qemu_irq irq, int gsi)
g_hash_table_insert(s->gsimap, irq, GINT_TO_POINTER(gsi));
}
-static void kvm_irqchip_create(KVMState *s)
+static void do_kvm_irqchip_create(KVMState *s)
{
int ret;
-
- assert(s->kernel_irqchip_split != ON_OFF_AUTO_AUTO);
if (kvm_check_extension(s, KVM_CAP_IRQCHIP)) {
;
} else if (kvm_check_extension(s, KVM_CAP_S390_IRQCHIP)) {
@@ -2452,7 +2450,13 @@ static void kvm_irqchip_create(KVMState *s)
fprintf(stderr, "Create kernel irqchip failed: %s\n", strerror(-ret));
exit(1);
}
+}
+static void kvm_irqchip_create(KVMState *s)
+{
+ assert(s->kernel_irqchip_split != ON_OFF_AUTO_AUTO);
+
+ do_kvm_irqchip_create(s);
kvm_kernel_irqchip = true;
/* If we have an in-kernel IRQ chip then we must have asynchronous
* interrupt delivery (though the reverse is not necessarily true)
@@ -2607,6 +2611,65 @@ static int kvm_setup_dirty_ring(KVMState *s)
return 0;
}
+static int kvm_reset_vmfd(MachineState *ms)
+{
+ KVMState *s;
+ KVMMemoryListener *kml;
+ int ret, type;
+ Error *err = NULL;
+
+ s = KVM_STATE(ms->accelerator);
+ kml = &s->memory_listener;
+
+ memory_listener_unregister(&kml->listener);
+ memory_listener_unregister(&kvm_io_listener);
+
+ if (s->vmfd >= 0) {
+ close(s->vmfd);
+ }
+
+ type = find_kvm_machine_type(ms);
+ if (type < 0) {
+ return -EINVAL;
+ }
+
+ ret = do_kvm_create_vm(s, type);
+ if (ret < 0) {
+ return ret;
+ }
+
+ s->vmfd = ret;
+
+ kvm_setup_dirty_ring(s);
+
+ /* rebind memory to new vm fd */
+ ret = ram_block_rebind(&err);
+ if (ret < 0) {
+ return ret;
+ }
+ assert(!err);
+
+ ret = kvm_arch_vmfd_change_ops(ms, s);
+ if (ret < 0) {
+ return ret;
+ }
+
+ if (s->kernel_irqchip_allowed) {
+ do_kvm_irqchip_create(s);
+ }
+
+ /* these can be only called after ram_block_rebind() */
+ memory_listener_register(&kml->listener, &address_space_memory);
+ memory_listener_register(&kvm_io_listener, &address_space_io);
+
+ /*
+ * kvm fd has changed. Commit the irq routes to KVM once more.
+ */
+ kvm_irqchip_commit_routes(s);
+
+ return ret;
+}
+
static int kvm_init(AccelState *as, MachineState *ms)
{
MachineClass *mc = MACHINE_GET_CLASS(ms);
@@ -4014,6 +4077,7 @@ static void kvm_accel_class_init(ObjectClass *oc, const void *data)
AccelClass *ac = ACCEL_CLASS(oc);
ac->name = "KVM";
ac->init_machine = kvm_init;
+ ac->reset_vmfd = kvm_reset_vmfd;
ac->has_memory = kvm_accel_has_memory;
ac->allowed = &kvm_allowed;
ac->gdbstub_supported_sstep_flags = kvm_gdbstub_sstep_flags;
diff --git a/include/system/kvm.h b/include/system/kvm.h
index 8f9eecf044..ade13dd8cc 100644
--- a/include/system/kvm.h
+++ b/include/system/kvm.h
@@ -358,6 +358,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s);
int kvm_arch_pre_create_vcpu(CPUState *cpu, Error **errp);
int kvm_arch_init_vcpu(CPUState *cpu);
int kvm_arch_destroy_vcpu(CPUState *cpu);
+int kvm_arch_vmfd_change_ops(MachineState *ms, KVMState *s);
#ifdef TARGET_KVM_HAVE_RESET_PARKED_VCPU
void kvm_arch_reset_parked_vcpu(unsigned long vcpu_id, int kvm_fd);
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 0d57081e69..919bf95ae1 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -1568,6 +1568,11 @@ void kvm_arch_init_irq_routing(KVMState *s)
{
}
+int kvm_arch_vmfd_change_ops(MachineState *ms, KVMState *s)
+{
+ abort();
+}
+
int kvm_arch_irqchip_create(KVMState *s)
{
if (kvm_kernel_irqchip_split()) {
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 02819de625..cdfcb70f40 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -3252,6 +3252,11 @@ static int kvm_vm_enable_energy_msrs(KVMState *s)
return 0;
}
+int kvm_arch_vmfd_change_ops(MachineState *ms, KVMState *s)
+{
+ abort();
+}
+
int kvm_arch_init(MachineState *ms, KVMState *s)
{
int ret;
diff --git a/target/loongarch/kvm/kvm.c b/target/loongarch/kvm/kvm.c
index 26e40c9bdc..4171781346 100644
--- a/target/loongarch/kvm/kvm.c
+++ b/target/loongarch/kvm/kvm.c
@@ -1312,6 +1312,11 @@ int kvm_arch_irqchip_create(KVMState *s)
return kvm_check_extension(s, KVM_CAP_DEVICE_CTRL);
}
+int kvm_arch_vmfd_change_ops(MachineState *ms, KVMState *s)
+{
+ return 0;
+}
+
void kvm_arch_pre_run(CPUState *cs, struct kvm_run *run)
{
}
diff --git a/target/mips/kvm.c b/target/mips/kvm.c
index 912cd5dfa0..28730da06b 100644
--- a/target/mips/kvm.c
+++ b/target/mips/kvm.c
@@ -44,6 +44,11 @@ unsigned long kvm_arch_vcpu_id(CPUState *cs)
return cs->cpu_index;
}
+int kvm_arch_vmfd_change_ops(MachineState *ms, KVMState *s)
+{
+ return 0;
+}
+
int kvm_arch_init(MachineState *ms, KVMState *s)
{
/* MIPS has 128 signals */
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 43124bf1c7..a48dc7670b 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -180,6 +180,11 @@ int kvm_arch_irqchip_create(KVMState *s)
return 0;
}
+int kvm_arch_vmfd_change_ops(MachineState *ms, KVMState *s)
+{
+ return 0;
+}
+
static int kvm_arch_sync_sregs(PowerPCCPU *cpu)
{
CPUPPCState *cenv = &cpu->env;
diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c
index 47e672c7aa..ca384a8b85 100644
--- a/target/riscv/kvm/kvm-cpu.c
+++ b/target/riscv/kvm/kvm-cpu.c
@@ -1545,6 +1545,11 @@ int kvm_arch_irqchip_create(KVMState *s)
return kvm_check_extension(s, KVM_CAP_DEVICE_CTRL);
}
+int kvm_arch_vmfd_change_ops(MachineState *ms, KVMState *s)
+{
+ return 0;
+}
+
int kvm_arch_process_async_events(CPUState *cs)
{
return 0;
diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c
index 916dac1f14..671c854634 100644
--- a/target/s390x/kvm/kvm.c
+++ b/target/s390x/kvm/kvm.c
@@ -393,6 +393,11 @@ int kvm_arch_irqchip_create(KVMState *s)
return 0;
}
+int kvm_arch_vmfd_change_ops(MachineState *ms, KVMState *s)
+{
+ return 0;
+}
+
unsigned long kvm_arch_vcpu_id(CPUState *cpu)
{
return cpu->cpu_index;
--
2.42.0
next prev parent reply other threads:[~2025-12-12 15:09 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-12 15:03 [PATCH v1 00/28] Introduce support for confidential guest reset Ani Sinha
2025-12-12 15:03 ` [PATCH v1 01/28] i386/kvm: avoid installing duplicate msr entries in msr_handlers Ani Sinha
2025-12-12 15:03 ` [PATCH v1 02/28] hw/accel: add a per-accelerator callback to change VM accelerator handle Ani Sinha
2025-12-12 15:03 ` [PATCH v1 03/28] system/physmem: add helper to reattach existing memory after KVM VM fd change Ani Sinha
2025-12-12 15:03 ` Ani Sinha [this message]
2025-12-12 15:03 ` [PATCH v1 05/28] accel/kvm: mark guest state as unprotected after vm file descriptor change Ani Sinha
2025-12-12 15:03 ` [PATCH v1 06/28] accel/kvm: add a notifier to indicate KVM VM file descriptor has changed Ani Sinha
2025-12-12 15:03 ` [PATCH v1 07/28] kvm/i386: implement architecture support for kvm file descriptor change Ani Sinha
2025-12-12 15:03 ` [PATCH v1 08/28] hw/i386: refactor x86_bios_rom_init for reuse in confidential guest reset Ani Sinha
2025-12-12 15:03 ` [PATCH v1 09/28] kvm/i386: reload firmware for " Ani Sinha
2025-12-12 15:03 ` [PATCH v1 10/28] accel/kvm: Add notifier to inform that the KVM VM file fd is about to be changed Ani Sinha
2025-12-12 15:03 ` [PATCH v1 11/28] accel/kvm: rebind current VCPUs to the new KVM VM file descriptor upon reset Ani Sinha
2025-12-12 15:03 ` [PATCH v1 12/28] i386/tdx: refactor TDX firmware memory initialization code into a new function Ani Sinha
2025-12-12 15:03 ` [PATCH v1 13/28] i386/tdx: finalize TDX guest state upon reset Ani Sinha
2025-12-12 15:03 ` [PATCH v1 14/28] i386/tdx: add a pre-vmfd change notifier to reset tdx state Ani Sinha
2025-12-12 15:03 ` [PATCH v1 15/28] i386/sev: add migration blockers only once Ani Sinha
2025-12-12 15:03 ` [PATCH v1 16/28] i386/sev: add notifiers " Ani Sinha
2025-12-12 15:03 ` [PATCH v1 17/28] i386/sev: free existing launch update data and kernel hashes data on init Ani Sinha
2025-12-12 15:03 ` [PATCH v1 18/28] i386/sev: add support for confidential guest reset Ani Sinha
2025-12-12 15:03 ` [PATCH v1 19/28] hw/vfio: generate new file fd for pseudo device and rebind existing descriptors Ani Sinha
2025-12-12 15:03 ` [PATCH v1 20/28] kvm/i8254: add support for confidential guest reset Ani Sinha
2025-12-12 15:03 ` [PATCH v1 21/28] hw/hyperv/vmbus: " Ani Sinha
2025-12-12 15:03 ` [PATCH v1 22/28] accel/kvm: add a per-confidential class callback to unlock guest state Ani Sinha
2025-12-12 15:03 ` [PATCH v1 23/28] kvm/xen-emu: re-initialize capabilities during confidential guest reset Ani Sinha
2025-12-12 15:03 ` [PATCH v1 24/28] kvm/xen_evtchn: add support for " Ani Sinha
2025-12-12 15:03 ` [PATCH v1 25/28] ppc/openpic: create a new openpic device and reattach mem region on coco reset Ani Sinha
2025-12-12 15:03 ` [PATCH v1 26/28] kvm/vcpu: add notifiers to inform vcpu file descriptor change Ani Sinha
2025-12-12 15:03 ` [PATCH v1 27/28] kvm/i386/apic: set local apic after vcpu file descriptors changed Ani Sinha
2025-12-12 15:03 ` [PATCH v1 28/28] kvm/clock: add support for confidential guest reset Ani Sinha
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251212150359.548787-5-anisinha@redhat.com \
--to=anisinha@redhat.com \
--cc=alistair.francis@wdc.com \
--cc=arikalo@gmail.com \
--cc=aurelien@aurel32.net \
--cc=borntraeger@linux.ibm.com \
--cc=chenhuacai@kernel.org \
--cc=david@kernel.org \
--cc=dbarboza@ventanamicro.com \
--cc=farman@linux.ibm.com \
--cc=gaosong@loongson.cn \
--cc=harshpb@linux.ibm.com \
--cc=iii@linux.ibm.com \
--cc=jiaxun.yang@flygoat.com \
--cc=kraxel@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=liwei1518@gmail.com \
--cc=mjrosato@linux.ibm.com \
--cc=mtosatti@redhat.com \
--cc=npiggin@gmail.com \
--cc=palmer@dabbelt.com \
--cc=pasic@linux.ibm.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=philmd@linaro.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
--cc=qemu-riscv@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=rathc@linux.ibm.com \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
--cc=vkuznets@redhat.com \
--cc=zhiwei_liu@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).