| /openbmc/linux/arch/s390/kvm/ |
| H A D | gaccess.h | 3 * access guest memory
20 * kvm_s390_real_to_abs - convert guest real address to guest absolute address
21 * @prefix - guest prefix
22 * @gra - guest real address
24 * Returns the guest absolute address that corresponds to the passed guest real
37 * kvm_s390_real_to_abs - convert guest real address to guest absolute address
38 * @vcpu - guest virtual cpu
39 * @gra - guest real address
41 * Returns the guest absolute address that corresponds to the passed guest real
42 * address @gra of a virtual guest cpu by applying its prefix.
[all …]
|
| /openbmc/qemu/qga/ |
| H A D | qapi-schema.json | 5 # = QEMU guest agent protocol commands and structs
19 'guest-file-open',
20 'guest-fsfreeze-freeze',
21 'guest-fsfreeze-freeze-list',
22 'guest-fsfreeze-status',
23 'guest-fsfreeze-thaw',
24 'guest-get-time',
25 'guest-set-vcpus',
26 'guest-sync',
27 'guest-sync-delimited' ],
[all …]
|
| /openbmc/linux/Documentation/virt/kvm/x86/ |
| H A D | mmu.rst | 8 for presenting a standard x86 mmu to the guest, while translating guest
14 the guest should not be able to determine that it is running
19 the guest must not be able to touch host memory not assigned
28 Linux memory management code must be in control of guest memory
32 report writes to guest memory to enable live migration
47 gfn guest frame number
48 gpa guest physical address
49 gva guest virtual address
50 ngpa nested guest physical address
51 ngva nested guest virtual address
[all …]
|
| H A D | running-nested-guests.rst | 7 A nested guest is the ability to run a guest inside another guest (it
9 example is a KVM guest that in turn runs on a KVM guest (the rest of
15 | (Nested Guest) | | (Nested Guest) |
19 | L1 (Guest Hypervisor) |
33 - L1 – level-1 guest; a VM running on L0; also called the "guest
36 - L2 – level-2 guest; a VM running on L1, this is the "nested guest"
46 (guest hypervisor), L3 (nested guest).
61 Provider, using nested KVM lets you rent a large enough "guest
62 hypervisor" (level-1 guest). This in turn allows you to create
66 - Live migration of "guest hypervisors" and their nested guests, for
[all …]
|
| H A D | amd-memory-encryption.rst | 52 The SEV guest key management is handled by a separate processor called the AMD
55 encrypting bootstrap code, snapshot, migrating and debugging the guest. For more
101 context. To create the encryption context, user must provide a guest policy,
112 __u32 policy; /* guest's policy */
114 … __u64 dh_uaddr; /* userspace address pointing to the guest owner's PDH key */
117 … __u64 session_addr; /* userspace address which points to the guest session information */
132 of the memory contents that can be sent to the guest owner as an attestation
152 data encrypted by the KVM_SEV_LAUNCH_UPDATE_DATA command. The guest owner may
153 wait to provide the guest with confidential information until it can verify the
154 measurement. Since the guest owner knows the initial contents of the guest at
[all …]
|
| H A D | msr.rst | 25 in guest RAM. This memory is expected to hold a copy of the following
40 guest has to check version before and after grabbing
64 guest RAM, plus an enable bit in bit 0. This memory is expected to hold
87 guest has to check version before and after grabbing
127 coordinated between the guest and the hypervisor. Availability
139 | | | guest vcpu has been paused by |
196 which must be in guest RAM and must be zeroed. This memory is expected
221 a token that will be used to notify the guest when missing page becomes
225 is currently supported, when set, it indicates that the guest is dealing
227 'flags' is '0' it means that this is regular page fault. Guest is
[all …]
|
| /openbmc/qemu/docs/system/i386/ |
| H A D | amd-memory-encryption.rst | 8 (code and data) secured such that only the guest itself has access to the
18 encrypted guest. These SEV commands can be issued via KVM_MEMORY_ENCRYPT_OP
22 support to additionally protect the guest register state. In order to allow a
23 hypervisor to perform functions on behalf of a guest, there is architectural
24 support for notifying a guest's operating system when certain types of VMEXITs
25 are about to occur. This allows the guest to selectively share information with
31 Boot images (such as bios) must be encrypted before a guest can be booted. The
38 For a SEV-ES guest, the ``LAUNCH_UPDATE_VMSA`` command is also used to encrypt the
39 guest register state, or VM save area (VMSA), for all of the guest vCPUs.
42 the firmware. To create this context, guest owner must provide a guest policy,
[all …]
|
| H A D | xen.rst | 1 Xen HVM guest support
24 Additionally, virtual APIC support can be advertised to the guest through the
33 advertised to a Xen guest. If Hyper-V is also enabled, the Xen identification
44 Setting this property enables the Xen guest support. If Xen version 4.5 or
47 vector support to the guest.
59 Xen grant tables are the means by which a Xen guest grants access to its
62 table can reference 512 pages of guest memory. The default number of frames
63 is 64, allowing for 32768 pages of guest memory to be accessed by PV backends
70 The Xen PCI platform device is enabled automatically for a Xen guest. This
71 allows a guest to unplug all emulated devices, in order to use paravirtual
[all …]
|
| /openbmc/qemu/qapi/ |
| H A D | run-state.json | 16 # @finish-migrate: guest is paused to finish the migration process
18 # @inmigrate: guest is paused waiting for an incoming migration. Note
24 # @internal-error: An internal error that prevents further guest
30 # @paused: guest has been paused via the 'stop' command
32 # @postmigrate: guest is paused following a successful 'migrate'
34 # @prelaunch: QEMU was started with -S and guest has not started
36 # @restore-vm: guest is paused to restore VM state
38 # @running: guest is actively running
40 # @save-vm: guest is paused to save the VM state
42 # @shutdown: guest is shut down (and -no-shutdown is in use)
[all …]
|
| H A D | dump.json | 8 # = Dump guest memory
14 # An enumeration of guest-memory-dump's format.
49 # @dump-guest-memory:
51 # Dump guest's memory to vmcore. It is a synchronous operation that
52 # can take very long depending on the amount of guest memory.
54 # @paging: if true, do paging to get guest's memory mapping. This
58 # of RAM. This can happen for a large guest, or a malicious guest
63 # 1. The guest may be in a catastrophic state or can have
65 # 2. The guest can be in real-mode even if paging is enabled. For
66 # example, the guest uses ACPI to sleep, and ACPI sleep state
[all …]
|
| /openbmc/linux/Documentation/arch/x86/ |
| H A D | tdx.rst | 7 Intel's Trust Domain Extensions (TDX) protect confidential guest VMs from
8 the host and physical attacks by isolating the guest register state and by
9 encrypting the guest memory. In TDX, a special module running in a special
10 mode sits between the host and the guest and manages the guest/host
13 Since the host cannot directly access guest registers or memory, much
14 normal functionality of a hypervisor must be moved into the guest. This is
16 guest kernel. A #VE is handled entirely inside the guest kernel, but some
20 guest to the hypervisor or the TDX module.
64 indicates a bug in the guest. The guest may try to handle the #GP with a
70 The "just works" MSRs do not need any special guest handling. They might
[all …]
|
| /openbmc/linux/Documentation/virt/hyperv/ |
| H A D | vmbus.rst | 5 VMbus is a software construct provided by Hyper-V to guest VMs. It
7 devices that Hyper-V presents to guest VMs. The control path is
8 used to offer synthetic devices to the guest VM and, in some cases,
10 channels for communicating between the device driver in the guest VM
12 signaling primitives to allow Hyper-V and the guest to interrupt
16 entry in a running Linux guest. The VMbus driver (drivers/hv/vmbus_drv.c)
37 Guest VMs may have multiple instances of the synthetic SCSI
47 the device in the guest VM. For example, the Linux driver for the
65 guest, and the "out" ring buffer is for messages from the guest to
67 viewed by the guest side. The ring buffers are memory that is
[all …]
|
| /openbmc/linux/tools/virtio/ringtest/ |
| H A D | virtio_ring_0_9.c | 41 struct guest { struct
52 } guest; argument
78 guest.avail_idx = 0; in alloc_ring()
79 guest.kicked_avail_idx = -1; in alloc_ring()
80 guest.last_used_idx = 0; in alloc_ring()
83 guest.free_head = 0; in alloc_ring()
89 guest.num_free = ring_size; in alloc_ring()
98 /* guest side */
107 if (!guest.num_free) in add_inbuf()
111 head = (ring_size - 1) & (guest.avail_idx++); in add_inbuf()
[all …]
|
| H A D | ring.c | 27 * Guest adds descriptors with unique index values and DESC_HW in flags.
59 struct guest { struct
65 } guest; variable
92 guest.avail_idx = 0; in alloc_ring()
93 guest.kicked_avail_idx = -1; in alloc_ring()
94 guest.last_used_idx = 0; in alloc_ring()
103 guest.num_free = ring_size; in alloc_ring()
111 /* guest side */
116 if (!guest.num_free) in add_inbuf()
119 guest.num_free--; in add_inbuf()
[all …]
|
| /openbmc/qemu/include/hw/hyperv/ |
| H A D | dynmem-proto.h | 104 * limitations on hot-add, the guest can specify
138 * trans_id: The guest is responsible for manufacturing this ID.
163 * Version negotiation message. Sent from the guest to the host.
164 * The guest is free to try different versions until the host
168 * is_last_attempt: If TRUE, this is the last version guest will request.
180 * Version response message; Host to Guest and indicates
181 * if the host has accepted the version sent by the guest.
183 * is_accepted: If TRUE, host has accepted the version and the guest
185 * guest should re-try with a different version.
197 * Message reporting capabilities. This is sent from the guest to the
[all …]
|
| /openbmc/qemu/docs/interop/ |
| H A D | virtio-balloon-stats.rst | 4 The virtio balloon driver supports guest memory statistics reporting. These
10 guest-stats-polling-interval property. This value can be:
21 polling the guest's balloon driver for new stats in the specified time
24 To retrieve those stats, clients have to query the guest-stats property,
27 * A key named 'stats', containing all available stats. If the guest
44 a buggy guest can't influence its value. The value is 0 if the guest
52 - As noted above, if a guest doesn't support a particular stat its value
53 will always be -1. However, it's also possible that a guest temporarily
57 - Polling can be enabled even if the guest doesn't have stats support
58 or the balloon driver wasn't loaded in the guest. If this is the case
[all …]
|
| /openbmc/linux/drivers/gpu/drm/vboxvideo/ |
| H A D | vboxvideo.h | 10 * The last 4096 bytes of the guest VRAM contains the generic info for all
24 * The Virtual Graphics Adapter information in the guest VRAM is stored by the
25 * guest video driver using structures prepended by VBOXVIDEOINFOHDR.
27 * When the guest driver writes dword 0 to the VBE_DISPI_INDEX_VBOX_VIDEO
30 * actual information chain. That way the guest driver can have some
40 * The guest driver writes dword 0xffffffff to the VBE_DISPI_INDEX_VBOX_VIDEO
46 * The guest writes the VBE_DISPI_INDEX_VBOX_VIDEO index register, the
67 * Guest starts writing to the buffer by initializing a record entry in the
69 * written. As data is written to the ring buffer, the guest increases
146 /* guest->host commands */
[all …]
|
| /openbmc/linux/arch/mips/kvm/ |
| H A D | tlb.c | 92 * Sets the root GuestID to match the current guest GuestID, for TLB operation
121 /* Set root GuestID for root probe and write of guest TLB entry */ in kvm_vz_host_tlb_inv()
153 * kvm_vz_guest_tlb_lookup() - Lookup a guest VZ TLB mapping.
155 * @gpa: Guest virtual address in a TLB mapped guest segment.
156 * @gpa: Pointer to output guest physical address it maps to.
158 * Converts a guest virtual address in a guest TLB mapped segment to a guest
159 * physical address, by probing the guest TLB.
161 * Returns: 0 if guest TLB mapping exists for @gva. *@gpa will have been
163 * -EFAULT if no guest TLB mapping exists for @gva. *@gpa may not
175 /* Probe the guest TLB for a mapping */ in kvm_vz_guest_tlb_lookup()
[all …]
|
| /openbmc/qemu/docs/system/ |
| H A D | security.rst | 23 use cases rely on hardware virtualization extensions to execute guest code
29 - Guest
50 QEMU to provide guest isolation or any security guarantees.
58 Guest Isolation
61 Guest isolation is the confinement of guest code to the virtual machine. When
62 guest code gains control of execution on the host this is called escaping the
67 QEMU presents an attack surface to the guest in the form of emulated devices.
68 The guest must not be able to gain control of QEMU. Bugs in emulated devices
70 guest has escaped the virtual machine and is able to act in the context of the
74 malicious guest must not gain control of other guests or access their data.
[all …]
|
| H A D | confidential-guest-support.rst | 1 Confidential Guest Support
5 guest's memory and other state, meaning that a compromised hypervisor
13 Guests. We use the term "Confidential Guest Support" to distinguish
14 this from other aspects of guest security (such as security against
17 Running a Confidential Guest
20 To run a confidential guest you need to add two command line parameters:
22 1. Use ``-object`` to create a "confidential guest support" object. The
25 2. Set the ``confidential-guest-support`` machine parameter to the ID of
32 -machine ...,confidential-guest-support=sev0 \
33 -object sev-guest,id=sev0,cbitpos=47,reduced-phys-bits=1
[all …]
|
| /openbmc/linux/Documentation/virt/kvm/s390/ |
| H A D | s390-pv.rst | 10 access VM state like guest memory or guest registers. Instead, the
15 Each guest starts in non-protected mode and then may make a request to
16 transition into protected mode. On transition, KVM registers the guest
20 The Ultravisor will secure and decrypt the guest's boot memory
22 starts/stops and injected interrupts while the guest is running.
24 As access to the guest's state, such as the SIE state description, is
29 reduce exposed guest state.
40 field (offset 0x54). If the guest cpu is not enabled for the interrupt
50 access to the guest memory.
72 Secure Interception General Register Save Area. Guest GRs and most of
[all …]
|
| /openbmc/qemu/tests/qtest/ |
| H A D | libqtest-single.h | 170 * @addr: Guest address to write to.
173 * Writes an 8-bit value to guest memory.
182 * @addr: Guest address to write to.
185 * Writes a 16-bit value to guest memory.
194 * @addr: Guest address to write to.
197 * Writes a 32-bit value to guest memory.
206 * @addr: Guest address to write to.
209 * Writes a 64-bit value to guest memory.
218 * @addr: Guest address to read from.
220 * Reads an 8-bit value from guest memory.
[all …]
|
| /openbmc/qemu/docs/specs/ |
| H A D | ppc-spapr-hcalls.rst | 11 The subset in LoPAR is selected based on the requirements of Linux as a guest.
15 running in the guest and QEMU.
24 generally provided by the firmware inside the guest to the operating system. It
30 "firmware" blob in the guest is a small stub of a few instructions which
37 ``r4``: Guest physical address of RTAS parameter block.
49 When the guest runs in "real mode" (in powerpc terminology this means with MMU
50 disabled, i.e. guest effective address equals to guest physical address), it
54 non-cacheable accesses to any guest physical addresses that the
55 guest can use in order to access IO devices while in real mode.
57 This is typically used by the firmware running in the guest.
[all …]
|
| /openbmc/linux/tools/perf/Documentation/ |
| H A D | guest-files.txt | 4 Guest OS /proc/kallsyms file copy. perf reads it to get guest
5 kernel symbols. Users copy it out from guest OS.
8 Guest OS /proc/modules file copy. perf reads it to get guest
9 kernel module information. Users copy it out from guest OS.
12 Guest OS kernel vmlinux.
14 --guest-code::
15 Indicate that guest code can be found in the hypervisor process,
|
| /openbmc/linux/drivers/misc/vmw_vmci/ |
| H A D | vmci_route.c | 34 * guest. in vmci_route()
49 * If this message already came from a guest then we in vmci_route()
57 * We must be acting as a guest in order to send to in vmci_route()
87 * If it is not from a guest but we are acting as a in vmci_route()
88 * guest, then we need to send it down to the host. in vmci_route()
100 * an "outer host" through the guest device. in vmci_route()
122 * Otherwise we already received it from a guest and in vmci_route()
132 * If it came from a guest then it must have a in vmci_route()
149 * a guest. in vmci_route()
152 /* It will have a context if it is meant for a guest. */ in vmci_route()
[all …]
|