Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* target/i386: qemu-vmsr-helper fixes
* target/i386: mask off SGX/SGX_LC feature words for non-PC machine
* tests/vm/openbsd:

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* target/i386: qemu-vmsr-helper fixes
* target/i386: mask off SGX/SGX_LC feature words for non-PC machine
* tests/vm/openbsd: Install tomli
* fix issue with 64-bit features (vmx kvm-unit-tests)

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmaqHL4UHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroPuuwgAhZwTHl1MkjIbIX7IRq39ORmOmk9a
# vNqn32MLsUnSpV1JYrwzLgsNciTDhNkEL56Y4XwFbSUUyen0vvmcEH+/bCVKWb98
# jBk0iHXzfkk3GBd/ZLd4NW/LEeOZY4YBFNzyfhQGP47vSUAle/+VDdqukfJ9rj3J
# o8Mx3YJjYcvoI21WZyhyLGdJtj/yBPwCfxrmhhJAWctIES78/sp1tP0UfmFcysss
# nd7PrAoAXPc2MhBTJk7IwyXSJCnGnDsE4rQXqiVV+TN0S60Zcz+1jzqx0vgzHAk4
# 2oFKdnqxwSO8A2LVDdFpkSAM9F+LFv5a1hrHPikuBjIad9WdDIoPNU6qiw==
# =9vso
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 31 Jul 2024 09:15:10 PM AEST
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
qemu-vmsr-helper: implement --verbose/-v
qemu-vmsr-helper: fix socket loop breakage
target/i386: Clean up error cases for vmsr_read_thread_stat()
target/i386: Fix typo that assign same value twice
target/i386/cpu: Mask off SGX/SGX_LC feature words for non-PC machine
target/i386/cpu: Add dependencies of CPUID 0x12 leaves
target/i386/cpu: Explicitly express SGX_LC and SGX feature words dependency
target/i386/cpu: Remove unnecessary SGX feature words checks
target/i386: Change unavail from u32 to u64
tests/vm/openbsd: Install tomli

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

target/i386/cpu: Mask off SGX/SGX_LC feature words for non-PC machine

Only PC machine supports SGX, so mask off SGX related feature words for
non-PC machine (microvm).

Signed-off-by: Zhao Liu <zhao

target/i386/cpu: Mask off SGX/SGX_LC feature words for non-PC machine

Only PC machine supports SGX, so mask off SGX related feature words for
non-PC machine (microvm).

Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Link: https://lore.kernel.org/r/20240730045544.2516284-5-zhao1.liu@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

target/i386: the sgx_epc_get_section stub is reachable

The sgx_epc_get_section stub is reachable from cpu_x86_cpuid. It
should not assert, instead it should just return true just like
the "real" sg

target/i386: the sgx_epc_get_section stub is reachable

The sgx_epc_get_section stub is reachable from cpu_x86_cpuid. It
should not assert, instead it should just return true just like
the "real" sgx_epc_get_section does when SGX is disabled.

Reported-by: Vladimír Beneš <vbenes@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <20220201190941.106001-1-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 219615740425d9683588207b40a365e6741691a6)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* configure: use a native non-cross compiler for linux-user
* meson: cleanups
* target/i386: miscellaneous cleanups and optim

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* configure: use a native non-cross compiler for linux-user
* meson: cleanups
* target/i386: miscellaneous cleanups and optimizations
* target/i386: implement CMPccXADD
* target/i386: the sgx_epc_get_section stub is reachable
* esp: check for NULL result from scsi_device_find()

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmWRImYUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroNd7AgAgcyJGiMfUkXqhefplpm06RDXQIa8
# FuoJqPb21lO75DQKfaFRAc4xGLagjJROMJGHMm9HvMu2VlwvOydkQlfFRspENxQ/
# 5XzGdb/X0A7HA/mwUfnMB1AZx0Vs32VI5IBSc6acc9fmgeZ84XQEoM3KBQHUik7X
# mSkE4eltR9gJ+4IaGo4voZtK+YoVD8nEcuqmnKihSPWizev0FsZ49aNMtaYa9qC/
# Xs3kiQd/zPibHDHJu0ulFsNZgxtUcvlLHTCf8gO4dHWxCFLXGubMush83McpRtNB
# Qoh6cTLH+PBXfrxMR3zmTZMNvo8Euls3s07Y8TkNP4vdIIE/kMeMDW1wJw==
# =mq30
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 31 Dec 2023 08:12:22 GMT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (46 commits)
meson.build: report graphics backends separately
configure, meson: rename targetos to host_os
meson: rename config_all
meson: remove CONFIG_ALL
meson: remove config_targetos
meson: remove CONFIG_POSIX and CONFIG_WIN32 from config_targetos
meson: remove OS definitions from config_targetos
meson: always probe u2f and canokey if the option is enabled
meson: move subdirs to "Collect sources" section
meson: move config-host.h definitions together
meson: move CFI detection code with other compiler flags
meson: keep subprojects together
meson: move accelerator dependency checks together
meson: move option validation together
meson: move program checks together
meson: add more sections to main meson.build
configure: unify again the case arms in probe_target_compiler
configure: remove unnecessary subshell
Makefile: clean qemu-iotests output
meson: use version_compare() to compare version
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

target/i386: the sgx_epc_get_section stub is reachable

The sgx_epc_get_section stub is reachable from cpu_x86_cpuid. It
should not assert, instead it should just return true just like
the "real" sg

target/i386: the sgx_epc_get_section stub is reachable

The sgx_epc_get_section stub is reachable from cpu_x86_cpuid. It
should not assert, instead it should just return true just like
the "real" sgx_epc_get_section does when SGX is disabled.

Reported-by: Vladimír Beneš <vbenes@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <20220201190941.106001-1-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* improve compatibility for macOS scripts/entitlement.sh (Evan)
* add support for KVM_GUESTDBG_BLOCKIRQ (Maxim)
* update linu

Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* improve compatibility for macOS scripts/entitlement.sh (Evan)
* add support for KVM_GUESTDBG_BLOCKIRQ (Maxim)
* update linux-headers to Linux 5.16 (myself)
* configure cleanups (myself)
* lsi53c895a assertion failure fix (Philippe)
* fix incorrect description for die-id (Yanan)
* support for NUMA in SGX enclave memory (Yang Zhong)

# gpg: Signature made Wed 15 Dec 2021 02:49:44 AM PST
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [unknown]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
configure: remove dead variables
doc: Add the SGX numa description
numa: Support SGX numa in the monitor and Libvirt interfaces
numa: Enable numa for SGX EPC sections
kvm: add support for KVM_GUESTDBG_BLOCKIRQ
gdbstub, kvm: let KVM report supported singlestep flags
gdbstub: reject unsupported flags in handle_set_qemu_sstep
linux-headers: update to 5.16-rc1
virtio-gpu: do not byteswap padding
scripts/entitlement.sh: Use backward-compatible cp flags
qapi/machine.json: Fix incorrect description for die-id
tests/qtest: Add fuzz-lsi53c895a-test
hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

numa: Enable numa for SGX EPC sections

The basic SGX did not enable numa for SGX EPC sections, which
result in all EPC sections located in numa node 0. This patch
enable SGX numa function in the gue

numa: Enable numa for SGX EPC sections

The basic SGX did not enable numa for SGX EPC sections, which
result in all EPC sections located in numa node 0. This patch
enable SGX numa function in the guest and the EPC section can
work with RAM as one numa node.

The Guest kernel related log:
[ 0.009981] ACPI: SRAT: Node 0 PXM 0 [mem 0x180000000-0x183ffffff]
[ 0.009982] ACPI: SRAT: Node 1 PXM 1 [mem 0x184000000-0x185bfffff]
The SRAT table can normally show SGX EPC sections menory info in different
numa nodes.

The SGX EPC numa related command:
......
-m 4G,maxmem=20G \
-smp sockets=2,cores=2 \
-cpu host,+sgx-provisionkey \
-object memory-backend-ram,size=2G,host-nodes=0,policy=bind,id=node0 \
-object memory-backend-epc,id=mem0,size=64M,prealloc=on,host-nodes=0,policy=bind \
-numa node,nodeid=0,cpus=0-1,memdev=node0 \
-object memory-backend-ram,size=2G,host-nodes=1,policy=bind,id=node1 \
-object memory-backend-epc,id=mem1,size=28M,prealloc=on,host-nodes=1,policy=bind \
-numa node,nodeid=1,cpus=2-3,memdev=node1 \
-M sgx-epc.0.memdev=mem0,sgx-epc.0.node=0,sgx-epc.1.memdev=mem1,sgx-epc.1.node=1 \
......

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20211101162009.62161-2-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* SEV and SGX cleanups (Philippe, Dov)
* bugfixes for "check-block"
* bugfix for static build
* ObjectOptions cleanups (

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* SEV and SGX cleanups (Philippe, Dov)
* bugfixes for "check-block"
* bugfix for static build
* ObjectOptions cleanups (Thomas)
* binutils fix for PVH (Cole)
* HVF cleanup (Alex)

# gpg: Signature made Wed 13 Oct 2021 01:47:56 AM PDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]

* remotes/bonzini/tags/for-upstream: (40 commits)
ebpf: really include it only in system emulators
target/i386/sev: Use local variable for kvm_sev_launch_measure
target/i386/sev: Use local variable for kvm_sev_launch_start
monitor: Tidy up find_device_state()
Revert "hw/misc: applesmc: use host osk as default on macs"
hw/i386/sgx: Move qmp_query_sgx() and hmp_info_sgx() to hw/i386/sgx.c
hw/i386/sgx: Move qmp_query_sgx_capabilities() to hw/i386/sgx.c
hw/i386/sgx: Have sgx_epc_get_section() return a boolean
MAINTAINERS: Cover SGX documentation file with X86/KVM section
hvf: Determine slot count from struct layout
tests: tcg: Fix PVH test with binutils 2.36+
qapi: Make some ObjectTypes depend on the build settings
MAINTAINERS: Cover SEV-related files with X86/KVM section
monitor: Reduce hmp_info_sev() declaration
target/i386/sev: Move qmp_query_sev() & hmp_info_sev() to sev.c
target/i386/sev: Move qmp_query_sev_launch_measure() to sev.c
target/i386/sev: Move qmp_query_sev_capabilities() to sev.c
target/i386/sev: Move qmp_sev_inject_launch_secret() to sev.c
target/i386/sev: Move qmp_query_sev_attestation_report() to sev.c
target/i386/sev: Remove stubs by using code elision
...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

hw/i386/sgx: Move qmp_query_sgx() and hmp_info_sgx() to hw/i386/sgx.c

Move qmp_query_sgx() and hmp_info_sgx() from target/i386/monitor.c
to hw/i386/sgx.c, removing the sgx_get_info() indirection and

hw/i386/sgx: Move qmp_query_sgx() and hmp_info_sgx() to hw/i386/sgx.c

Move qmp_query_sgx() and hmp_info_sgx() from target/i386/monitor.c
to hw/i386/sgx.c, removing the sgx_get_info() indirection and the
"hw/i386/sgx.h" header.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211007175612.496366-5-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

hw/i386/sgx: Move qmp_query_sgx_capabilities() to hw/i386/sgx.c

Move qmp_query_sgx_capabilities() from target/i386/monitor.c to
hw/i386/sgx.c, removing the sgx_get_capabilities() indirection.

Sugge

hw/i386/sgx: Move qmp_query_sgx_capabilities() to hw/i386/sgx.c

Move qmp_query_sgx_capabilities() from target/i386/monitor.c to
hw/i386/sgx.c, removing the sgx_get_capabilities() indirection.

Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211007175612.496366-4-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

hw/i386/sgx: Have sgx_epc_get_section() return a boolean

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211007175612.496366-3-philmd@redhat.com>
Signed-off-by: Paolo Bonzin

hw/i386/sgx: Have sgx_epc_get_section() return a boolean

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211007175612.496366-3-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

* SGX implementation for x86
* Miscellaneous bugfixes
* Fix dependencies from ROMs to qtests

# gpg: Signature ma

Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

* SGX implementation for x86
* Miscellaneous bugfixes
* Fix dependencies from ROMs to qtests

# gpg: Signature made Thu 30 Sep 2021 14:30:35 BST
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83

* remotes/bonzini-gitlab/tags/for-upstream: (33 commits)
meson_options.txt: Switch the default value for the vnc option to 'auto'
build-sys: add HAVE_IPPROTO_MPTCP
memory: Add tracepoint for dirty sync
memory: Name all the memory listeners
target/i386: Fix memory leak in sev_read_file_base64()
tests: qtest: bios-tables-test depends on the unpacked edk2 ROMs
meson: unpack edk2 firmware even if --disable-blobs
target/i386: Add the query-sgx-capabilities QMP command
target/i386: Add HMP and QMP interfaces for SGX
docs/system: Add SGX documentation to the system manual
sgx-epc: Add the fill_device_info() callback support
i440fx: Add support for SGX EPC
q35: Add support for SGX EPC
i386: acpi: Add SGX EPC entry to ACPI tables
i386/pc: Add e820 entry for SGX EPC section(s)
hw/i386/pc: Account for SGX EPC sections when calculating device memory
hw/i386/fw_cfg: Set SGX bits in feature control fw_cfg accordingly
Adjust min CPUID level to 0x12 when SGX is enabled
i386: Propagate SGX CPUID sub-leafs to KVM
i386: kvm: Add support for exposing PROVISIONKEY to guest
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

target/i386: Add the query-sgx-capabilities QMP command

Libvirt can use query-sgx-capabilities to get the host
sgx capabilities to decide how to allocate SGX EPC size to VM.

Signed-off-by: Yang Zho

target/i386: Add the query-sgx-capabilities QMP command

Libvirt can use query-sgx-capabilities to get the host
sgx capabilities to decide how to allocate SGX EPC size to VM.

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210910102258.46648-3-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

target/i386: Add HMP and QMP interfaces for SGX

The QMP and HMP interfaces can be used by monitor or QMP tools to retrieve
the SGX information from VM side when SGX is enabled on Intel platform.

Si

target/i386: Add HMP and QMP interfaces for SGX

The QMP and HMP interfaces can be used by monitor or QMP tools to retrieve
the SGX information from VM side when SGX is enabled on Intel platform.

Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210910102258.46648-2-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

i386: Update SGX CPUID info according to hardware/KVM/user input

Expose SGX to the guest if and only if KVM is enabled and supports
virtualization of SGX. While the majority of ENCLS can be emulate

i386: Update SGX CPUID info according to hardware/KVM/user input

Expose SGX to the guest if and only if KVM is enabled and supports
virtualization of SGX. While the majority of ENCLS can be emulated to
some degree, because SGX uses a hardware-based root of trust, the
attestation aspects of SGX cannot be emulated in software, i.e.
ultimately emulation will fail as software cannot generate a valid
quote/report. The complexity of partially emulating SGX in Qemu far
outweighs the value added, e.g. an SGX specific simulator for userspace
applications can emulate SGX for development and testing purposes.

Note, access to the PROVISIONKEY is not yet advertised to the guest as
KVM blocks access to the PROVISIONKEY by default and requires userspace
to provide additional credentials (via ioctl()) to expose PROVISIONKEY.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210719112136.57018-13-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...