Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.0/patches/2197506/?format=api
{ "id": 2197506, "url": "http://patchwork.ozlabs.org/api/1.0/patches/2197506/?format=api", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/1.0/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "" }, "msgid": "<20260218015151.4052-5-graf@amazon.com>", "date": "2026-02-18T01:51:44", "name": "[04/10] hw/nitro/nitro-serial-vsock: Nitro Enclaves vsock console", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "28a256ac0bae4088c2559af84c7cff7acd08fbe7", "submitter": { "id": 76572, "url": "http://patchwork.ozlabs.org/api/1.0/people/76572/?format=api", "name": "Alexander Graf", "email": "graf@amazon.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260218015151.4052-5-graf@amazon.com/mbox/", "series": [ { "id": 492503, "url": "http://patchwork.ozlabs.org/api/1.0/series/492503/?format=api", "date": "2026-02-18T01:51:40", "name": "Native Nitro Enclaves support", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/492503/mbox/" } ], "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2197506/checks/", "tags": {}, "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=amazon.com header.i=@amazon.com header.a=rsa-sha256\n header.s=amazoncorp2 header.b=k/Pu82E8;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fG00y7543z1xwC\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 18 Feb 2026 12:53:54 +1100 (AEDT)", "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1vsWk0-0007E8-KP; Tue, 17 Feb 2026 20:52:36 -0500", "from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <prvs=502105d20=graf@amazon.de>)\n id 1vsWjy-0007D5-Kq; Tue, 17 Feb 2026 20:52:34 -0500", "from pdx-out-010.esa.us-west-2.outbound.mail-perimeter.amazon.com\n ([52.12.53.23])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <prvs=502105d20=graf@amazon.de>)\n id 1vsWjw-0005GB-Hi; Tue, 17 Feb 2026 20:52:34 -0500", "from ip-10-5-9-48.us-west-2.compute.internal (HELO\n smtpout.naws.us-west-2.prod.farcaster.email.amazon.dev) ([10.5.9.48])\n by internal-pdx-out-010.esa.us-west-2.outbound.mail-perimeter.amazon.com with\n ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Feb 2026 01:52:28 +0000", "from EX19MTAUWB002.ant.amazon.com [205.251.233.48:31640]\n by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.55.107:2525]\n with esmtp (Farcaster)\n id 415e14a0-c25f-4b68-92fd-684b081b5a96;\n Wed, 18 Feb 2026 01:52:27 +0000 (UTC)", "from EX19D020UWC004.ant.amazon.com (10.13.138.149) by\n EX19MTAUWB002.ant.amazon.com (10.250.64.231) with Microsoft SMTP Server\n (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.35;\n Wed, 18 Feb 2026 01:52:27 +0000", "from ip-10-253-83-51.amazon.com (172.19.99.218) by\n EX19D020UWC004.ant.amazon.com (10.13.138.149) with Microsoft SMTP Server\n (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.35;\n Wed, 18 Feb 2026 01:52:25 +0000" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2;\n t=1771379552; x=1802915552;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=QVGSh6QomGasFEgLBMFo/YmaboU2VJXN/YN9VZOxI5s=;\n b=k/Pu82E8T0hox3JXGYDfA+5rmYDpwh5d2MS0Dr+v13eY35PMAJpZNzMi\n 0q3jDu69pBei5LrXEiwJu4vrIE+d2UOjMcvUsQSlFlGGgmffED4MYFT9h\n hCtvlS+EZkNEfv0JP75sA3iUOR65ZTGth3lzf17qO+QDsh01K8i/6rEMV\n JYkaBpXKUOU7TDQMWCafrpg5LjP4I5ag13Y+y42iNMnvMki77sfnOX87U\n /QPFZYTIAsJEq5SepFwtB3Vva7wR7sMSLGuUBQboQi2f1vOIsBUZ3JT+K\n qxm5Pa0fPeGVVzypOQ3EwDXpuMOHzFRo/joTS7tN4yvMOROCZu9wzayrn w==;", "X-CSE-ConnectionGUID": "JaUHGOg3QVKPhJFJtHZSHw==", "X-CSE-MsgGUID": "atKWgTiwTpKoGKsb9VXQbg==", "X-IronPort-AV": "E=Sophos;i=\"6.21,297,1763424000\"; d=\"scan'208\";a=\"13134030\"", "X-Farcaster-Flow-ID": "415e14a0-c25f-4b68-92fd-684b081b5a96", "From": "Alexander Graf <graf@amazon.com>", "To": "<qemu-devel@nongnu.org>", "CC": "<qemu-arm@nongnu.org>, Peter Maydell <peter.maydell@linaro.org>, \"Thomas\n Huth\" <thuth@redhat.com>, <alex.bennee@linaro.org>, <philmd@linaro.org>,\n <berrange@redhat.com>, <marcandre.lureau@redhat.com>, Cornelia Huck\n <cohuck@redhat.com>, <mst@redhat.com>, Dorjoy Chowdhury\n <dorjoychy111@gmail.com>, Pierrick Bouvier <pierrick.bouvier@linaro.org>,\n Paolo Bonzini <pbonzini@redhat.com>, Tyler Fanelli <tfanelli@redhat.com>,\n <mknaust@amazon.com>, <nh-open-source@amazon.com>", "Subject": "[PATCH 04/10] hw/nitro/nitro-serial-vsock: Nitro Enclaves vsock\n console", "Date": "Wed, 18 Feb 2026 01:51:44 +0000", "Message-ID": "<20260218015151.4052-5-graf@amazon.com>", "X-Mailer": "git-send-email 2.47.1", "In-Reply-To": "<20260218015151.4052-1-graf@amazon.com>", "References": "<20260218015151.4052-1-graf@amazon.com>", "MIME-Version": "1.0", "X-Originating-IP": "[172.19.99.218]", "X-ClientProxiedBy": "EX19D043UWC001.ant.amazon.com (10.13.139.202) To\n EX19D020UWC004.ant.amazon.com (10.13.138.149)", "Content-Type": "text/plain; charset=\"utf-8\"", "Content-Transfer-Encoding": "base64", "Received-SPF": "pass client-ip=52.12.53.23;\n envelope-from=prvs=502105d20=graf@amazon.de;\n helo=pdx-out-010.esa.us-west-2.outbound.mail-perimeter.amazon.com", "X-Spam_score_int": "-19", "X-Spam_score": "-2.0", "X-Spam_bar": "--", "X-Spam_report": "(-2.0 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.043,\n DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,\n HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001,\n RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,\n SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01,\n UNPARSEABLE_RELAY=0.001 autolearn=ham autolearn_force=no", "X-Spam_action": "no action", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "qemu development <qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org" }, "content": "Nitro Enclaves support a special \"debug\" mode. When in debug mode, the\nNitro Hypervisor provides a vsock port that the parent can connect to to\nreceive serial console output of the Enclave. Add a new nitro-serial-vsock\ndriver that implements short-circuit logic to establish the vsock\nconnection to that port and feed its data into a chardev, so that a machine\nmodel can use it as serial device.\n\nSigned-off-by: Alexander Graf <graf@amazon.com>\n---\n MAINTAINERS | 6 ++\n hw/Kconfig | 1 +\n hw/meson.build | 1 +\n hw/nitro/Kconfig | 3 +\n hw/nitro/meson.build | 1 +\n hw/nitro/serial-vsock.c | 154 ++++++++++++++++++++++++++++++++\n hw/nitro/trace-events | 4 +\n hw/nitro/trace.h | 4 +\n include/hw/nitro/serial-vsock.h | 26 ++++++\n meson.build | 1 +\n 10 files changed, 201 insertions(+)\n create mode 100644 hw/nitro/Kconfig\n create mode 100644 hw/nitro/meson.build\n create mode 100644 hw/nitro/serial-vsock.c\n create mode 100644 hw/nitro/trace-events\n create mode 100644 hw/nitro/trace.h\n create mode 100644 include/hw/nitro/serial-vsock.h", "diff": "diff --git a/MAINTAINERS b/MAINTAINERS\nindex 3d002143ae..53ce075e9a 100644\n--- a/MAINTAINERS\n+++ b/MAINTAINERS\n@@ -3022,6 +3022,12 @@ F: hw/vmapple/*\n F: include/hw/vmapple/*\n F: docs/system/arm/vmapple.rst\n \n+Nitro Enclaves (native)\n+M: Alexander Graf <graf@amazon.com>\n+S: Maintained\n+F: hw/nitro/\n+F: include/hw/nitro/\n+\n Subsystems\n ----------\n Overall Audio backends\ndiff --git a/hw/Kconfig b/hw/Kconfig\nindex f8f92b5d03..b3ce1520a6 100644\n--- a/hw/Kconfig\n+++ b/hw/Kconfig\n@@ -22,6 +22,7 @@ source isa/Kconfig\n source mem/Kconfig\n source misc/Kconfig\n source net/Kconfig\n+source nitro/Kconfig\n source nubus/Kconfig\n source nvme/Kconfig\n source nvram/Kconfig\ndiff --git a/hw/meson.build b/hw/meson.build\nindex 66e46b8090..36da5322f7 100644\n--- a/hw/meson.build\n+++ b/hw/meson.build\n@@ -44,6 +44,7 @@ subdir('isa')\n subdir('mem')\n subdir('misc')\n subdir('net')\n+subdir('nitro')\n subdir('nubus')\n subdir('nvme')\n subdir('nvram')\ndiff --git a/hw/nitro/Kconfig b/hw/nitro/Kconfig\nnew file mode 100644\nindex 0000000000..86c817c766\n--- /dev/null\n+++ b/hw/nitro/Kconfig\n@@ -0,0 +1,3 @@\n+config NITRO_SERIAL_VSOCK\n+ bool\n+ depends on NITRO\ndiff --git a/hw/nitro/meson.build b/hw/nitro/meson.build\nnew file mode 100644\nindex 0000000000..d95ed8dd79\n--- /dev/null\n+++ b/hw/nitro/meson.build\n@@ -0,0 +1 @@\n+system_ss.add(when: 'CONFIG_NITRO_SERIAL_VSOCK', if_true: files('serial-vsock.c'))\ndiff --git a/hw/nitro/serial-vsock.c b/hw/nitro/serial-vsock.c\nnew file mode 100644\nindex 0000000000..12d6804a33\n--- /dev/null\n+++ b/hw/nitro/serial-vsock.c\n@@ -0,0 +1,154 @@\n+/*\n+ * Nitro Enclave Vsock Serial\n+ *\n+ * Copyright © 2026 Amazon.com, Inc. or its affiliates. All Rights Reserved.\n+ *\n+ * Authors:\n+ * Alexander Graf <graf@amazon.com>\n+ *\n+ * With Nitro Enclaves in debug mode, the Nitro Hypervisor provides a vsock\n+ * port that the parent can connect to to receive serial console output of\n+ * the Enclave. This driver implements short-circuit logic to establish the\n+ * vsock connection to that port and feed its data into a chardev, so that\n+ * a machine model can use it as serial device.\n+ *\n+ * SPDX-License-Identifier: GPL-2.0-or-later\n+ */\n+\n+#include \"qemu/osdep.h\"\n+#include \"qemu/error-report.h\"\n+#include \"qapi/error.h\"\n+#include \"qapi/visitor.h\"\n+#include \"chardev/char.h\"\n+#include \"chardev/char-fe.h\"\n+#include \"hw/core/qdev-properties.h\"\n+#include \"hw/core/qdev-properties-system.h\"\n+#include \"hw/core/sysbus.h\"\n+#include \"hw/nitro/serial-vsock.h\"\n+#include \"trace.h\"\n+\n+#define CONSOLE_PORT_START 10000\n+#define VMADDR_CID_HYPERVISOR_STR \"0\"\n+\n+static int nitro_serial_vsock_can_read(void *opaque)\n+{\n+ NitroSerialVsockState *s = opaque;\n+\n+ /* Refuse vsock input until the output backend is ready */\n+ return qemu_chr_fe_backend_open(&s->output) ? 4096 : 0;\n+}\n+\n+static void nitro_serial_vsock_read(void *opaque, const uint8_t *buf, int size)\n+{\n+ NitroSerialVsockState *s = opaque;\n+\n+ /* Forward all vsock data to the output chardev */\n+ qemu_chr_fe_write_all(&s->output, buf, size);\n+}\n+\n+static void nitro_serial_vsock_event(void *opaque, QEMUChrEvent event)\n+{\n+ /* No need to action on connect/disconnect events, but trace for debug */\n+ trace_nitro_serial_vsock_event(event);\n+}\n+\n+static void nitro_serial_vsock_set_cid(Object *obj, Visitor *v,\n+ const char *name, void *opaque,\n+ Error **errp)\n+{\n+ NitroSerialVsockState *s = NITRO_SERIAL_VSOCK(obj);\n+ uint32_t cid, port;\n+ g_autofree char *chardev_id = NULL;\n+ Chardev *chr;\n+ ChardevBackend *backend;\n+ ChardevSocket *sock;\n+\n+ if (!visit_type_uint32(v, name, &cid, errp)) {\n+ return;\n+ }\n+\n+ s->cid = cid;\n+ port = cid + CONSOLE_PORT_START;\n+\n+ /*\n+ * We know the Enclave CID to connect to now. Create a vsock\n+ * client chardev that connects to the Enclave's console.\n+ */\n+ chardev_id = g_strdup_printf(\"nitro-console-%u\", cid);\n+\n+ backend = g_new0(ChardevBackend, 1);\n+ backend->type = CHARDEV_BACKEND_KIND_SOCKET;\n+ sock = backend->u.socket.data = g_new0(ChardevSocket, 1);\n+ sock->addr = g_new0(SocketAddressLegacy, 1);\n+ sock->addr->type = SOCKET_ADDRESS_TYPE_VSOCK;\n+ sock->addr->u.vsock.data = g_new0(VsockSocketAddress, 1);\n+ sock->addr->u.vsock.data->cid = g_strdup(VMADDR_CID_HYPERVISOR_STR);\n+ sock->addr->u.vsock.data->port = g_strdup_printf(\"%u\", port);\n+ sock->server = false;\n+ sock->has_server = true;\n+\n+ chr = qemu_chardev_new(chardev_id, TYPE_CHARDEV_SOCKET,\n+ backend, NULL, errp);\n+ if (!chr) {\n+ return;\n+ }\n+\n+ if (!qemu_chr_fe_init(&s->vsock, chr, errp)) {\n+ return;\n+ }\n+\n+ qemu_chr_fe_set_handlers(&s->vsock,\n+ nitro_serial_vsock_can_read,\n+ nitro_serial_vsock_read,\n+ nitro_serial_vsock_event,\n+ NULL, s, NULL, true);\n+}\n+\n+static void nitro_serial_vsock_get_cid(Object *obj, Visitor *v,\n+ const char *name, void *opaque,\n+ Error **errp)\n+{\n+ NitroSerialVsockState *s = NITRO_SERIAL_VSOCK(obj);\n+ uint32_t cid = s->cid;\n+\n+ visit_type_uint32(v, name, &cid, errp);\n+}\n+\n+static void nitro_serial_vsock_realize(DeviceState *dev, Error **errp)\n+{\n+ /*\n+ * At realize we don't know the Enclave CID yet, because the nitro accel\n+ * first needs to launch the Enclave. Delay creation of the connection\n+ * until the nitro accel pushes the CID as QOM property.\n+ */\n+}\n+\n+static const Property nitro_serial_vsock_props[] = {\n+ DEFINE_PROP_CHR(\"chardev\", NitroSerialVsockState, output),\n+};\n+\n+static void nitro_serial_vsock_class_init(ObjectClass *oc, const void *data)\n+{\n+ DeviceClass *dc = DEVICE_CLASS(oc);\n+ dc->realize = nitro_serial_vsock_realize;\n+ device_class_set_props(dc, nitro_serial_vsock_props);\n+\n+ object_class_property_add(oc, \"enclave-cid\", \"uint32\",\n+ nitro_serial_vsock_get_cid,\n+ nitro_serial_vsock_set_cid,\n+ NULL, NULL);\n+}\n+\n+static const TypeInfo nitro_serial_vsock_info = {\n+ .name = TYPE_NITRO_SERIAL_VSOCK,\n+ .parent = TYPE_SYS_BUS_DEVICE,\n+ .instance_size = sizeof(NitroSerialVsockState),\n+ .class_init = nitro_serial_vsock_class_init,\n+};\n+\n+static void nitro_serial_vsock_register(void)\n+{\n+ type_register_static(&nitro_serial_vsock_info);\n+}\n+\n+type_init(nitro_serial_vsock_register);\ndiff --git a/hw/nitro/trace-events b/hw/nitro/trace-events\nnew file mode 100644\nindex 0000000000..20617a024a\n--- /dev/null\n+++ b/hw/nitro/trace-events\n@@ -0,0 +1,4 @@\n+# See docs/devel/tracing.rst for syntax documentation.\n+\n+# serial-vsock.c\n+nitro_serial_vsock_event(int event) \"event %d\"\ndiff --git a/hw/nitro/trace.h b/hw/nitro/trace.h\nnew file mode 100644\nindex 0000000000..b455d6c17b\n--- /dev/null\n+++ b/hw/nitro/trace.h\n@@ -0,0 +1,4 @@\n+/*\n+ * SPDX-License-Identifier: GPL-2.0-or-later\n+ */\n+#include \"trace/trace-hw_nitro.h\"\ndiff --git a/include/hw/nitro/serial-vsock.h b/include/hw/nitro/serial-vsock.h\nnew file mode 100644\nindex 0000000000..92c9374eeb\n--- /dev/null\n+++ b/include/hw/nitro/serial-vsock.h\n@@ -0,0 +1,26 @@\n+/*\n+ * Nitro Enclave Serial (vsock)\n+ *\n+ * SPDX-License-Identifier: GPL-2.0-or-later\n+ */\n+\n+#ifndef HW_CHAR_NITRO_SERIAL_VSOCK_H\n+#define HW_CHAR_NITRO_SERIAL_VSOCK_H\n+\n+#include \"hw/core/qdev.h\"\n+#include \"hw/core/sysbus.h\"\n+#include \"chardev/char-fe.h\"\n+#include \"qom/object.h\"\n+\n+#define TYPE_NITRO_SERIAL_VSOCK \"nitro-serial-vsock\"\n+OBJECT_DECLARE_SIMPLE_TYPE(NitroSerialVsockState, NITRO_SERIAL_VSOCK)\n+\n+struct NitroSerialVsockState {\n+ SysBusDevice parent_obj;\n+\n+ CharFrontend output; /* chardev to write console output to */\n+ CharFrontend vsock; /* vsock chardev to enclave console */\n+ uint32_t cid;\n+};\n+\n+#endif /* HW_CHAR_NITRO_SERIAL_VSOCK_H */\ndiff --git a/meson.build b/meson.build\nindex bdeee65db2..3c6fa7a55a 100644\n--- a/meson.build\n+++ b/meson.build\n@@ -3634,6 +3634,7 @@ if have_system\n 'hw/misc/macio',\n 'hw/net',\n 'hw/net/can',\n+ 'hw/nitro',\n 'hw/nubus',\n 'hw/nvme',\n 'hw/nvram',\n", "prefixes": [ "04/10" ] }