GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/1.0/patches/2197503/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2197503,
    "url": "http://patchwork.ozlabs.org/api/1.0/patches/2197503/?format=api",
    "project": {
        "id": 14,
        "url": "http://patchwork.ozlabs.org/api/1.0/projects/14/?format=api",
        "name": "QEMU Development",
        "link_name": "qemu-devel",
        "list_id": "qemu-devel.nongnu.org",
        "list_email": "qemu-devel@nongnu.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": ""
    },
    "msgid": "<20260218015151.4052-8-graf@amazon.com>",
    "date": "2026-02-18T01:51:47",
    "name": "[07/10] hw/nitro: Add nitro machine",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "1113e86363a216647d393c602bb55b912ae3fb05",
    "submitter": {
        "id": 76572,
        "url": "http://patchwork.ozlabs.org/api/1.0/people/76572/?format=api",
        "name": "Alexander Graf",
        "email": "graf@amazon.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260218015151.4052-8-graf@amazon.com/mbox/",
    "series": [
        {
            "id": 492503,
            "url": "http://patchwork.ozlabs.org/api/1.0/series/492503/?format=api",
            "date": "2026-02-18T01:51:40",
            "name": "Native Nitro Enclaves support",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/492503/mbox/"
        }
    ],
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2197503/checks/",
    "tags": {},
    "headers": {
        "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=amazon.com header.i=@amazon.com header.a=rsa-sha256\n header.s=amazoncorp2 header.b=V5r6/x8q;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"
        ],
        "Received": [
            "from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fG00R5NKSz1xwr\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 18 Feb 2026 12:53:27 +1100 (AEDT)",
            "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1vsWkU-00086Y-Bs; Tue, 17 Feb 2026 20:53:06 -0500",
            "from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <prvs=502105d20=graf@amazon.de>)\n id 1vsWkS-0007ul-Js; Tue, 17 Feb 2026 20:53:04 -0500",
            "from pdx-out-007.esa.us-west-2.outbound.mail-perimeter.amazon.com\n ([52.34.181.151])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <prvs=502105d20=graf@amazon.de>)\n id 1vsWkQ-0005Mh-I5; Tue, 17 Feb 2026 20:53:04 -0500",
            "from ip-10-5-9-48.us-west-2.compute.internal (HELO\n smtpout.naws.us-west-2.prod.farcaster.email.amazon.dev) ([10.5.9.48])\n by internal-pdx-out-007.esa.us-west-2.outbound.mail-perimeter.amazon.com with\n ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Feb 2026 01:52:58 +0000",
            "from EX19MTAUWC002.ant.amazon.com [205.251.233.111:29963]\n by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.0.130:2525]\n with esmtp (Farcaster)\n id 20c66c80-36cd-4714-b2e8-62c87725b16d;\n Wed, 18 Feb 2026 01:52:57 +0000 (UTC)",
            "from EX19D020UWC004.ant.amazon.com (10.13.138.149) by\n EX19MTAUWC002.ant.amazon.com (10.250.64.143) with Microsoft SMTP Server\n (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.35;\n Wed, 18 Feb 2026 01:52:56 +0000",
            "from ip-10-253-83-51.amazon.com (172.19.99.218) by\n EX19D020UWC004.ant.amazon.com (10.13.138.149) with Microsoft SMTP Server\n (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.35;\n Wed, 18 Feb 2026 01:52:54 +0000"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2;\n t=1771379582; x=1802915582;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=bEUY4fw2pSBs47CRXjbvno7ZwAwzhf7d45scl3+ZioI=;\n b=V5r6/x8qRlH+cNlK5Wi1AOfRe/jo8qYfnK8R50lFbXstY8dlSv2s8cE4\n D2PZuzTBIUB30uLS7KzElDXgdbdRyPQfzdmSBlcfiV+Lcpk09XW12ZPwB\n epH00C0vqGgx9cBTx8+OuRjCC7O/eorfmfDAXNtNxpBaC/5U6zQiBTnmO\n YFA177qairFWP0qqES4CK5Dn2NjB/38a5BY7b69kvfzy9uSVh5Yj48TpM\n yxHVbliDSvirUYxl6w34jHE+GsBjJzGrZLk6+P5nDgfLencZ6N1u4Z2E1\n OZLriWcZGgGw2YjtuM8MpRa0EDQEA32iyKL4YPOqi3/5f0a7eLrR3bBr8 w==;",
        "X-CSE-ConnectionGUID": "tIGKpSJZTUiaxq8SDuCVQA==",
        "X-CSE-MsgGUID": "W5/WHuQ6RLugrgeBCmUOlg==",
        "X-IronPort-AV": "E=Sophos;i=\"6.21,297,1763424000\"; d=\"scan'208\";a=\"13256458\"",
        "X-Farcaster-Flow-ID": "20c66c80-36cd-4714-b2e8-62c87725b16d",
        "From": "Alexander Graf <graf@amazon.com>",
        "To": "<qemu-devel@nongnu.org>",
        "CC": "<qemu-arm@nongnu.org>, Peter Maydell <peter.maydell@linaro.org>, \"Thomas\n Huth\" <thuth@redhat.com>, <alex.bennee@linaro.org>, <philmd@linaro.org>,\n <berrange@redhat.com>, <marcandre.lureau@redhat.com>, Cornelia Huck\n <cohuck@redhat.com>, <mst@redhat.com>, Dorjoy Chowdhury\n <dorjoychy111@gmail.com>, Pierrick Bouvier <pierrick.bouvier@linaro.org>,\n Paolo Bonzini <pbonzini@redhat.com>, Tyler Fanelli <tfanelli@redhat.com>,\n <mknaust@amazon.com>, <nh-open-source@amazon.com>",
        "Subject": "[PATCH 07/10] hw/nitro: Add nitro machine",
        "Date": "Wed, 18 Feb 2026 01:51:47 +0000",
        "Message-ID": "<20260218015151.4052-8-graf@amazon.com>",
        "X-Mailer": "git-send-email 2.47.1",
        "In-Reply-To": "<20260218015151.4052-1-graf@amazon.com>",
        "References": "<20260218015151.4052-1-graf@amazon.com>",
        "MIME-Version": "1.0",
        "X-Originating-IP": "[172.19.99.218]",
        "X-ClientProxiedBy": "EX19D032UWA001.ant.amazon.com (10.13.139.62) To\n EX19D020UWC004.ant.amazon.com (10.13.138.149)",
        "Content-Type": "text/plain; charset=\"utf-8\"",
        "Content-Transfer-Encoding": "base64",
        "Received-SPF": "pass client-ip=52.34.181.151;\n envelope-from=prvs=502105d20=graf@amazon.de;\n helo=pdx-out-007.esa.us-west-2.outbound.mail-perimeter.amazon.com",
        "X-Spam_score_int": "-19",
        "X-Spam_score": "-2.0",
        "X-Spam_bar": "--",
        "X-Spam_report": "(-2.0 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.043,\n DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,\n HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001,\n RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,\n SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01,\n UNPARSEABLE_RELAY=0.001 autolearn=ham autolearn_force=no",
        "X-Spam_action": "no action",
        "X-BeenThere": "qemu-devel@nongnu.org",
        "X-Mailman-Version": "2.1.29",
        "Precedence": "list",
        "List-Id": "qemu development <qemu-devel.nongnu.org>",
        "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>",
        "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>",
        "List-Post": "<mailto:qemu-devel@nongnu.org>",
        "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>",
        "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>",
        "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org",
        "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"
    },
    "content": "Add a machine model to spawn a Nitro Enclave. Unlike the existing -M\nnitro-enclave, this machine model works exclusively with the -accel\nnitro accelerator to drive real Nitro Enclave creation. It supports\nmemory allocation, number of CPU selection, both x86_64 as well as\naarch64, implements the Enclave heartbeat logic and debug serial\nconsole.\n\nTo use it, create an EIF file and run\n\n  $ qemu-system-x86_64 -accel nitro,debug-mode=on -M nitro -nographic \\\n                       -kernel test.eif\n\nor\n\n  $ qemu-system-aarch64 -accel nitro,debug-mode=on -M nitro -nographic \\\n                       -kernel test.eif\n\nSigned-off-by: Alexander Graf <graf@amazon.com>\n---\n hw/nitro/Kconfig           |   7 ++\n hw/nitro/machine.c         | 180 +++++++++++++++++++++++++++++++++++++\n hw/nitro/meson.build       |   1 +\n include/hw/nitro/machine.h |  20 +++++\n 4 files changed, 208 insertions(+)\n create mode 100644 hw/nitro/machine.c\n create mode 100644 include/hw/nitro/machine.h",
    "diff": "diff --git a/hw/nitro/Kconfig b/hw/nitro/Kconfig\nindex 6fe050d35d..910068c23c 100644\n--- a/hw/nitro/Kconfig\n+++ b/hw/nitro/Kconfig\n@@ -5,3 +5,10 @@ config NITRO_SERIAL_VSOCK\n config NITRO_HEARTBEAT\n     bool\n     depends on NITRO\n+\n+config NITRO_MACHINE\n+    bool\n+    default y\n+    depends on NITRO\n+    select NITRO_HEARTBEAT\n+    select NITRO_SERIAL_VSOCK\ndiff --git a/hw/nitro/machine.c b/hw/nitro/machine.c\nnew file mode 100644\nindex 0000000000..197adfbdb5\n--- /dev/null\n+++ b/hw/nitro/machine.c\n@@ -0,0 +1,180 @@\n+/*\n+ * Nitro Enclaves (accel) machine\n+ *\n+ * Copyright © 2026 Amazon.com, Inc. or its affiliates. All Rights Reserved.\n+ *\n+ * Authors:\n+ *   Alexander Graf <graf@amazon.com>\n+ *\n+ * Nitro Enclaves machine model for -accel nitro. This machine behaves\n+ * like the nitro-enclave machine, but uses the real Nitro Enclaves\n+ * backend to launch the virtual machine. It requires use of the -accel\n+ * nitro.\n+ *\n+ * SPDX-License-Identifier: GPL-2.0-or-later\n+ */\n+\n+#include \"qemu/osdep.h\"\n+#include \"qemu/error-report.h\"\n+#include \"qapi/error.h\"\n+#include \"qom/object_interfaces.h\"\n+#include \"chardev/char.h\"\n+#include \"hw/core/boards.h\"\n+#include \"hw/core/cpu.h\"\n+#include \"hw/core/sysbus.h\"\n+#include \"hw/core/qdev-properties-system.h\"\n+#include \"hw/nitro/heartbeat.h\"\n+#include \"hw/nitro/machine.h\"\n+#include \"hw/nitro/serial-vsock.h\"\n+#include \"system/address-spaces.h\"\n+#include \"system/hostmem.h\"\n+#include \"system/system.h\"\n+#include \"system/nitro-accel.h\"\n+#include \"qemu/accel.h\"\n+#include \"hw/arm/machines-qom.h\"\n+\n+#define EIF_LOAD_ADDR   (8 * 1024 * 1024)\n+\n+static void nitro_create_cpu(const char *cpu_type, int index)\n+{\n+    Object *obj = object_new(cpu_type);\n+\n+    /* x86 CPUs require an apic-id before realize */\n+    if (object_property_find(obj, \"apic-id\")) {\n+        object_property_set_int(obj, \"apic-id\", index, &error_fatal);\n+    }\n+\n+    qdev_realize(DEVICE(obj), NULL, &error_fatal);\n+}\n+\n+static void nitro_machine_init(MachineState *machine)\n+{\n+    const char *eif_path = machine->kernel_filename;\n+    const char *cpu_type = machine->cpu_type;\n+    g_autofree char *eif_data = NULL;\n+    gsize eif_size;\n+    int i;\n+\n+    if (!nitro_enabled()) {\n+        error_report(\"The 'nitro' machine requires -accel nitro\");\n+        exit(1);\n+    }\n+\n+    if (!cpu_type) {\n+        ObjectClass *oc = cpu_class_by_name(target_cpu_type(), \"host\");\n+\n+        if (!oc) {\n+            error_report(\"nitro: no 'host' CPU available\");\n+            exit(1);\n+        }\n+        cpu_type = object_class_get_name(oc);\n+    }\n+\n+    if (!eif_path) {\n+        error_report(\"nitro: -kernel <eif-file> is required\");\n+        exit(1);\n+    }\n+\n+    /* Expose memory as normal QEMU RAM. Needs to be huge page backed. */\n+    memory_region_add_subregion(get_system_memory(), 0, machine->ram);\n+\n+    /*\n+     * Load EIF (-kernel) as raw blob at the EIF_LOAD_ADDR into guest RAM.\n+     * The Nitro Hypervisor will extract its contents and bootstrap the\n+     * Enclave from it.\n+     */\n+    if (!g_file_get_contents(eif_path, &eif_data, &eif_size, NULL)) {\n+        error_report(\"nitro: failed to read EIF '%s'\", eif_path);\n+        exit(1);\n+    }\n+    address_space_write(&address_space_memory, EIF_LOAD_ADDR,\n+                        MEMTXATTRS_UNSPECIFIED, eif_data, eif_size);\n+\n+    /* Nitro Enclaves require a heartbeat device. Provide one. */\n+    sysbus_realize_and_unref(SYS_BUS_DEVICE(qdev_new(TYPE_NITRO_HEARTBEAT)),\n+                             &error_fatal);\n+\n+    /*\n+     * In debug mode, Nitro Enclaves expose the guest's serial output via\n+     * vsock. When the accel is in debug mode, wire the vsock serial to\n+     * the machine's serial port so that -nographic automatically works\n+     */\n+    if (object_property_get_bool(OBJECT(current_accel()), \"debug-mode\", NULL)) {\n+        Chardev *chr = serial_hd(0);\n+\n+        if (chr) {\n+            DeviceState *dev = qdev_new(TYPE_NITRO_SERIAL_VSOCK);\n+\n+            qdev_prop_set_chr(dev, \"chardev\", chr);\n+            sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal);\n+        }\n+    }\n+\n+    /*\n+     * Spawn vCPUs. While the real Nitro Enclaves CPUs are owned by the\n+     * underlying hypervisor, we still want to maintain a local view of\n+     * them to trigger VM creation when vCPU 0 starts and to give us an\n+     * object to interact with.\n+     */\n+    for (i = 0; i < machine->smp.cpus; i++) {\n+        nitro_create_cpu(cpu_type, i);\n+    }\n+}\n+\n+static bool nitro_create_memfd_backend(MachineState *ms, const char *path,\n+                                       Error **errp)\n+{\n+    MachineClass *mc = MACHINE_GET_CLASS(ms);\n+    Object *root = object_get_objects_root();\n+    Object *obj;\n+    bool r = false;\n+\n+    obj = object_new(TYPE_MEMORY_BACKEND_MEMFD);\n+\n+    /* Nitro Enclaves require huge page backing */\n+    if (!object_property_set_int(obj, \"size\", ms->ram_size, errp) ||\n+        !object_property_set_bool(obj, \"hugetlb\", true, errp)) {\n+        goto out;\n+    }\n+\n+    object_property_add_child(root, mc->default_ram_id, obj);\n+\n+    if (!user_creatable_complete(USER_CREATABLE(obj), errp)) {\n+        goto out;\n+    }\n+    r = object_property_set_link(OBJECT(ms), \"memory-backend\", obj, errp);\n+\n+out:\n+    object_unref(obj);\n+    return r;\n+}\n+\n+static void nitro_machine_class_init(ObjectClass *oc, const void *data)\n+{\n+    MachineClass *mc = MACHINE_CLASS(oc);\n+\n+    mc->desc = \"Nitro Enclave\";\n+    mc->init = nitro_machine_init;\n+    mc->create_default_memdev = nitro_create_memfd_backend;\n+    mc->default_ram_id = \"ram\";\n+    mc->max_cpus = 4096;\n+}\n+\n+static const TypeInfo nitro_machine_info = {\n+    .name = TYPE_NITRO_MACHINE,\n+    .parent = TYPE_MACHINE,\n+    .instance_size = sizeof(NitroMachineState),\n+    .class_init = nitro_machine_class_init,\n+    .interfaces = (const InterfaceInfo[]) {\n+        /* x86_64 and aarch64 only */\n+        { TYPE_TARGET_AARCH64_MACHINE },\n+        { }\n+    },\n+};\n+\n+static void nitro_machine_register(void)\n+{\n+    type_register_static(&nitro_machine_info);\n+}\n+\n+type_init(nitro_machine_register);\ndiff --git a/hw/nitro/meson.build b/hw/nitro/meson.build\nindex b921da2b97..813f5a9c87 100644\n--- a/hw/nitro/meson.build\n+++ b/hw/nitro/meson.build\n@@ -1,2 +1,3 @@\n system_ss.add(when: 'CONFIG_NITRO_SERIAL_VSOCK', if_true: files('serial-vsock.c'))\n system_ss.add(when: 'CONFIG_NITRO_HEARTBEAT', if_true: files('heartbeat.c'))\n+system_ss.add(when: 'CONFIG_NITRO_MACHINE', if_true: files('machine.c'))\ndiff --git a/include/hw/nitro/machine.h b/include/hw/nitro/machine.h\nnew file mode 100644\nindex 0000000000..d78ba7d6dc\n--- /dev/null\n+++ b/include/hw/nitro/machine.h\n@@ -0,0 +1,20 @@\n+/*\n+ * Nitro Enclaves (accel) machine\n+ *\n+ * SPDX-License-Identifier: GPL-2.0-or-later\n+ */\n+\n+#ifndef HW_NITRO_MACHINE_H\n+#define HW_NITRO_MACHINE_H\n+\n+#include \"hw/core/boards.h\"\n+#include \"qom/object.h\"\n+\n+#define TYPE_NITRO_MACHINE MACHINE_TYPE_NAME(\"nitro\")\n+OBJECT_DECLARE_SIMPLE_TYPE(NitroMachineState, NITRO_MACHINE)\n+\n+struct NitroMachineState {\n+    MachineState parent;\n+};\n+\n+#endif /* HW_NITRO_MACHINE_H */\n",
    "prefixes": [
        "07/10"
    ]
}