The VMM will set vTPM enabled when the vTPM is initialized
successfully, otherwise, TDVMCALL_SERVICE.Query returns vTPM is
unsupported, OVMF will not try to initialize vTPM anymore.
Signed-off-by: Xiaocheng Dong <xiaocheng.dong@intel.com>
During live migration, the destination TD are initialized via importing
states from the source. So some TD-scope initialization work (e.g.
TDH.MNG.INIT) shouldn't be performed on the destination TD, and some
initialization work should be performed after the TD states are
imported. Add a flag to indicate to KVM to do post-initialization of the
TD after the migration is done.
Signed-off-by: Wei Wang <wei.w.wang@intel.com>
tdx_mig_savevm_state_ram_start_epoch is assigned to the cgs migration
framework's API, tdx_mig_savevm_state_ram_start_epoch to send a TDX
migration epoch. Migration epoch is used by TDX to enforce one guest
physical page is migrated only once during an epoch (i.e. in one memory
save iteration).
The epoch is obtained via sending a KVM_TDX_MIG_EXPORT_TRACK command to
the tdx-mig driver, with the TDX_MIG_EXPORT_TRACK_F_IN_ORDER_DONE flag
cleared to indicate this is a regaular migration epoch exported at the
beginning of each iteration. The driver then loads the epoch data into
the shared memory.
Signed-off-by: Wei Wang <wei.w.wang@intel.com>
tdx_mig_setup is assigned to the cgs migration framework's
savevm_state_setup API (invoked on the source side) and loadvm_state_setup
API (invoked on the destination side). The setup work includes:
- create a kvm_device from the tdx-mig driver in KVM. The device fd is
returned for later communication with the device.
- negotiate with the driver for the size if the memory to map, this
includes:
-- KVM_SET_DEVICE_ATTR: sets the configurable attr (only the migration
buffer size currently) of the device to KVM. The migration flow
currently finds and send dirty pages one by one, so the migration
buffer size set to the driver is 4KB (TAGET_PAGE_SIZE);
-- KVM_GET_DEVICE_ATTR: gets the negotiated kvm_device's attr. This
obtains from KVM the sizes of the 4 parts (i.e. mbmd buffer size,
migration buffer size, mac list buffer size, and gpa list buffer
size) of shared memory.
- map the 4 parts of shared memory.
Signed-off-by: Wei Wang <wei.w.wang@intel.com>
Add tdx_premig_is_done to check if pre-migration is done. It sends the
KVM_TDX_GET_MIGRATION_INFO command to kvm to check if the pre-migration
is done. This can be checked when user initiates live migration, and
the migration flows proceeds only when pre-migration is done.
Signed-off-by: Wei Wang <wei.w.wang@intel.com>
Pre-migration is initiated by user providing the vsock port via the
qom command, e.g. "qom-set /objects/tdx0/ vsockport 1234". Upon
receiving the command, QEMU sends the KVM_TDX_SET_MIGRATION_INFO command,
along with the migration info, including the vsock port and being source
or destination TD, to KVM, and KVM will notify MigTD to get the info
data and start the pre-migration setup.
Signed-off-by: Wei Wang <wei.w.wang@intel.com>
Pre-migration requires the user TD to be bound to a MigTD, and this needs
to be done before TD is finalized. Pass the process id of the MigTD to KVM
to find the corresponding MigTD to bind.
The binding attributes (defined in TDX ABI spec, Table 4.53) are
configurable by users via the "migtd-attr" option. If user doesn't have
one specified, the default attributes will be used.
Signed-off-by: Wei Wang <wei.w.wang@intel.com>
Pull in recent TDX updates, which are not backwards compatible.
It's just to make this series runnable. It will be updated by script
scripts/update-linux-headers.sh
once TDX support is upstreamed in linux kernel
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Pull in restricted_mem APIs.
It's just to make this series runnable. It will be updated by script
scripts/update-linux-headers.sh
once restricted_mem support is upstreamed in linux kernel.
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
The next version of Linux will introduce boolean statistics, which
can only have 0 or 1 values. Convert them to the new QAPI fields
added in the previous commit.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Update to c5eb0a61238d ("Linux 5.18-rc6"). Mechanical search and
replace of vfio defines with white space massaging.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
The SEV FW >= 0.23 added a new command that can be used to query the
attestation report containing the SHA-256 digest of the guest memory
and VMSA encrypted with the LAUNCH_UPDATE and sign it with the PEK.
Note, we already have a command (LAUNCH_MEASURE) that can be used to
query the SHA-256 digest of the guest memory encrypted through the
LAUNCH_UPDATE. The main difference between previous and this command
is that the report is signed with the PEK and unlike the LAUNCH_MEASURE
command the ATTESATION_REPORT command can be called while the guest
is running.
Add a QMP interface "query-sev-attestation-report" that can be used
to get the report encoded in base64.
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Tom Lendacky <Thomas.Lendacky@amd.com>
Cc: Eric Blake <eblake@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org
Reviewed-by: James Bottomley <jejb@linux.ibm.com>
Tested-by: James Bottomley <jejb@linux.ibm.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
Message-Id: <20210429170728.24322-1-brijesh.singh@amd.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
commit 3650b228f83adda7e5ee532e2b90429c03f7b9ec
Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
[aw: drop pvrdma_ring.h changes to avoid revert of d73415a315 ("qemu/atomic.h: rename atomic_ to qatomic_")]
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
5.8-rc1 inadvertently broke userspace ABI compatibility. Merge
again with latest kvm/master to undo that.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Update to commit b1da3acc781c ("Merge tag 'ecryptfs-5.6-rc3-fixes' of
git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs")
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Improve the KVM_{GET,SET}_NESTED_STATE structs by detailing the format
of VMX nested state data in a struct.
In order to avoid changing the ioctl values of
KVM_{GET,SET}_NESTED_STATE, there is a need to preserve
sizeof(struct kvm_nested_state). This is done by defining the data
struct as "data.vmx[0]". It was the most elegant way I found to
preserve struct size while still keeping struct readable and easy to
maintain. It does have a misfortunate side-effect that now it has to be
accessed as "data.vmx[0]" rather than just "data.vmx".
Because we are already modifying these structs, I also modified the
following:
* Define the "format" field values as macros.
* Rename vmcs_pa to vmcs12_pa for better readability.
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Maran Wilson <maran.wilson@oracle.com>
Message-Id: <20190619162140.133674-7-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This is simply running the newly-updated script on Linux, in
order to obtain the new header files and all the other updates
from the recent Linux merge window.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Update to kvm/next commit dd5bd0a65ff6 ("Merge tag 'kvm-s390-next-4.20-1'
of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into HEAD")
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
