5636aff5b1
- target/i386: csv: Support inject secret for CSV3 guest only if the extension is enabled
- target/i386: csv: Support load kernel hashes for CSV3 guest only if the extension is enabled
- target/i386: csv: Request to set private memory of CSV3 guest if the extension is enabled
- target/i386: kvm: Support to get and enable extensions for Hygon CoCo guest
- qapi/qom,target/i386: csv-guest: Introduce secret-header-file=str and secret-file=str options
- bakcend: VirtCCA:resolve hugepage memory waste issue in vhost-user scenario
- parallels: fix ext_off assertion failure due to overflow
- backends/cryptodev-vhost-user: Fix local_error leaks
- hw/usb/hcd-ehci: Fix debug printf format string
- target/riscv/vector_helper.c: fix 'vmvr_v' memcpy endianess
- target/riscv/vector_helper.c: optimize loops in ldst helpers
- target/riscv/vector_helper.c: set vstart = 0 in GEN_VEXT_VSLIDEUP_VX()
- target/hexagon: don't look for static glib
- virtio-net: Fix network stall at the host side waiting for kick
- Add if condition to avoid assertion failed error in blockdev_init
- target/arm: Use float_status copy in sme_fmopa_s
- target/arm: take HSTR traps of cp15 accesses to EL2, not EL1
- target/arm: Reinstate "vfp" property on AArch32 CPUs
- target/i386/cpu: Fix notes for CPU models
- target/arm: LDAPR should honour SCTLR_ELx.nAA
- target/riscv: Avoid bad shift in riscv_cpu_do_interrupt()
- hvf: remove unused but set variable
- hw/misc/nrf51_rng: Don't use BIT_MASK() when we mean BIT()
- Avoid taking address of out-of-bounds array index
- target/arm: Fix VCMLA Dd, Dn, Dm[idx]
- target/arm: Fix UMOPA/UMOPS of 16-bit values
- target/arm: Fix SVE/SME gross MTE suppression checks
- target/arm: Fix nregs computation in do_{ld,st}_zpa
- crypto: fix error check on gcry_md_open
- Change vmstate_cpuhp_sts vmstateDescription version_id
- hw/pci: Remove unused pci_irq_pulse() method
- hw/intc: Don't clear pending bits on IRQ lowering
- target/arm: Drop user-only special case in sve_stN_r
- migration: Ensure vmstate_save() sets errp
- target/i386: fix hang when using slow path for ptw_setl
- contrib/plugins: add compat for g_memdup2
- hw/audio/hda: fix memory leak on audio setup
- crypto: perform runtime check for hash/hmac support in gcrypt
- target/arm: Fix incorrect aa64_tidcp1 feature check
- target/arm: fix exception syndrome for AArch32 bkpt insn
- target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU
- linux-user: Print tid not pid with strace
- target/arm: Fix A64 scalar SQSHRN and SQRSHRN
- target/arm: Don't assert for 128-bit tile accesses when SVL is 128
- hw/timer/exynos4210_mct: fix possible int overflow
- target/arm: Avoid shifts by -1 in tszimm_shr() and tszimm_shl()
- hw/audio/virtio-snd: Always use little endian audio format
- target/riscv: Fix vcompress with rvv_ta_all_1s
- usb-hub: Fix handling port power control messages
Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
(cherry picked from commit d4a20b24ff377fd07fcbf2b72eecaf07a3ac4cc0)
106 lines
3.7 KiB
Diff
106 lines
3.7 KiB
Diff
From 9eb75830e70638d12efa0ec15a2f8b55e7c905da Mon Sep 17 00:00:00 2001
|
|
From: hanliyang <hanliyang@hygon.cn>
|
|
Date: Sat, 28 Sep 2024 14:46:28 +0800
|
|
Subject: [PATCH] target/i386: kvm: Support to get and enable extensions for
|
|
Hygon CoCo guest
|
|
|
|
To enable advanced Hygon CoCo features, we should detect these features
|
|
during the initialization of VMs in the KVM accelerator. It is
|
|
suggested to enable these features if they are detected, allowing the
|
|
guest VM to run with additional functionalities.
|
|
|
|
Signed-off-by: hanliyang <hanliyang@hygon.cn>
|
|
---
|
|
linux-headers/linux/kvm.h | 7 +++++++
|
|
target/i386/csv.c | 2 ++
|
|
target/i386/csv.h | 2 ++
|
|
target/i386/kvm/csv-stub.c | 2 ++
|
|
target/i386/kvm/kvm.c | 17 +++++++++++++++++
|
|
5 files changed, 30 insertions(+)
|
|
|
|
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
|
|
index 05e499b45b..ab28e9af5e 100644
|
|
--- a/linux-headers/linux/kvm.h
|
|
+++ b/linux-headers/linux/kvm.h
|
|
@@ -1204,6 +1204,13 @@ struct kvm_ppc_resize_hpt {
|
|
#define KVM_CAP_ARM_TMM 300
|
|
|
|
#define KVM_CAP_SEV_ES_GHCB 500
|
|
+#define KVM_CAP_HYGON_COCO_EXT 501
|
|
+/* support userspace to request firmware to build CSV3 guest's memory space */
|
|
+#define KVM_CAP_HYGON_COCO_EXT_CSV3_SET_PRIV_MEM (1 << 0)
|
|
+/* support request to update CSV3 guest's memory region multiple times */
|
|
+#define KVM_CAP_HYGON_COCO_EXT_CSV3_MULT_LUP_DATA (1 << 1)
|
|
+/* support request to inject secret to CSV3 guest */
|
|
+#define KVM_CAP_HYGON_COCO_EXT_CSV3_INJ_SECRET (1 << 2)
|
|
|
|
#define KVM_CAP_ARM_VIRT_MSI_BYPASS 799
|
|
|
|
diff --git a/target/i386/csv.c b/target/i386/csv.c
|
|
index 571beeb61f..4aed225763 100644
|
|
--- a/target/i386/csv.c
|
|
+++ b/target/i386/csv.c
|
|
@@ -34,6 +34,8 @@
|
|
#include "csv.h"
|
|
|
|
bool csv_kvm_cpu_reset_inhibit;
|
|
+uint32_t kvm_hygon_coco_ext;
|
|
+uint32_t kvm_hygon_coco_ext_inuse;
|
|
|
|
struct ConfidentialGuestMemoryEncryptionOps csv3_memory_encryption_ops = {
|
|
.save_setup = sev_save_setup,
|
|
diff --git a/target/i386/csv.h b/target/i386/csv.h
|
|
index 8621f0b6fd..c1d4cec3e0 100644
|
|
--- a/target/i386/csv.h
|
|
+++ b/target/i386/csv.h
|
|
@@ -58,6 +58,8 @@ bool csv3_enabled(void);
|
|
#define CSV_OUTGOING_PAGE_WINDOW_SIZE (4094 * TARGET_PAGE_SIZE)
|
|
|
|
extern bool csv_kvm_cpu_reset_inhibit;
|
|
+extern uint32_t kvm_hygon_coco_ext;
|
|
+extern uint32_t kvm_hygon_coco_ext_inuse;
|
|
|
|
typedef struct CsvBatchCmdList CsvBatchCmdList;
|
|
typedef void (*CsvDestroyCmdNodeFn) (void *data);
|
|
diff --git a/target/i386/kvm/csv-stub.c b/target/i386/kvm/csv-stub.c
|
|
index 4d1376f268..8662d33206 100644
|
|
--- a/target/i386/kvm/csv-stub.c
|
|
+++ b/target/i386/kvm/csv-stub.c
|
|
@@ -15,3 +15,5 @@
|
|
#include "csv.h"
|
|
|
|
bool csv_kvm_cpu_reset_inhibit;
|
|
+uint32_t kvm_hygon_coco_ext;
|
|
+uint32_t kvm_hygon_coco_ext_inuse;
|
|
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
|
|
index 925f4f8040..12e920bbb4 100644
|
|
--- a/target/i386/kvm/kvm.c
|
|
+++ b/target/i386/kvm/kvm.c
|
|
@@ -2639,6 +2639,23 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
|
|
}
|
|
}
|
|
|
|
+ if (is_hygon_cpu()) {
|
|
+ /* check and enable Hygon coco extensions */
|
|
+ kvm_hygon_coco_ext = (uint32_t)kvm_vm_check_extension(s,
|
|
+ KVM_CAP_HYGON_COCO_EXT);
|
|
+ if (kvm_hygon_coco_ext) {
|
|
+ ret = kvm_vm_enable_cap(s, KVM_CAP_HYGON_COCO_EXT, 0,
|
|
+ (uint64_t)kvm_hygon_coco_ext);
|
|
+ if (ret == -EINVAL) {
|
|
+ error_report("kvm: Failed to enable KVM_CAP_HYGON_COCO_EXT cap: %s",
|
|
+ strerror(-ret));
|
|
+ kvm_hygon_coco_ext_inuse = 0;
|
|
+ } else {
|
|
+ kvm_hygon_coco_ext_inuse = (uint32_t)ret;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+
|
|
ret = kvm_get_supported_msrs(s);
|
|
if (ret < 0) {
|
|
return ret;
|
|
--
|
|
2.41.0.windows.1
|
|
|