Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2195829/?format=api
{ "id": 2195829, "url": "http://patchwork.ozlabs.org/api/patches/2195829/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260212062522.99565-21-anisinha@redhat.com/", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260212062522.99565-21-anisinha@redhat.com>", "list_archive_url": null, "date": "2026-02-12T06:25:04", "name": "[v4,20/31] i386/sev: add support for confidential guest reset", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "84ff2ba7b9c0169f057551724234e90ef518a58e", "submitter": { "id": 86030, "url": "http://patchwork.ozlabs.org/api/people/86030/?format=api", "name": "Ani Sinha", "email": "anisinha@redhat.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260212062522.99565-21-anisinha@redhat.com/mbox/", "series": [ { "id": 491935, "url": "http://patchwork.ozlabs.org/api/series/491935/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=491935", "date": "2026-02-12T06:24:45", "name": "Introduce support for confidential guest reset (x86)", "version": 4, "mbox": "http://patchwork.ozlabs.org/series/491935/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2195829/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2195829/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=OFmJmj9h;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=google header.b=TlzzqbJj;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fBQMW42YFz1xwL\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 12 Feb 2026 17:27:35 +1100 (AEDT)", "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1vqQAU-0000NH-JC; Thu, 12 Feb 2026 01:27:20 -0500", "from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <anisinha@redhat.com>)\n id 1vqQ9z-0008DU-Hb\n for qemu-devel@nongnu.org; Thu, 12 Feb 2026 01:26:43 -0500", "from us-smtp-delivery-124.mimecast.com ([170.10.129.124])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <anisinha@redhat.com>)\n id 1vqQ9x-0005It-Si\n for qemu-devel@nongnu.org; Thu, 12 Feb 2026 01:26:43 -0500", "from mail-pj1-f71.google.com (mail-pj1-f71.google.com\n [209.85.216.71]) by relay.mimecast.com with ESMTP with STARTTLS\n (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id\n us-mta-587-RE4yzThzP22hCJWd0OIN6A-1; Thu, 12 Feb 2026 01:26:39 -0500", "by mail-pj1-f71.google.com with SMTP id\n 98e67ed59e1d1-354c0234c1fso5776983a91.2\n for <qemu-devel@nongnu.org>; Wed, 11 Feb 2026 22:26:39 -0800 (PST)", "from rhel9-box.lan ([122.164.27.113])\n by smtp.googlemail.com with ESMTPSA id\n 98e67ed59e1d1-3567e7d95d8sm4894122a91.2.2026.02.11.22.26.35\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 11 Feb 2026 22:26:37 -0800 (PST)" ], "DKIM-Signature": [ "v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1770877601;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:cc:mime-version:mime-version:\n content-transfer-encoding:content-transfer-encoding:\n in-reply-to:in-reply-to:references:references;\n bh=0DJOQ6jwEso0pRS4a8bCDrKdsF6L0AYtEV0u9zd/jaU=;\n b=OFmJmj9hmUauZnXAnQHzB+nespDjoXGcaEgGVerv1MMaylsD8J691H62w0aQTf6NSPskq2\n xIfdCQVDffdmCQjaaQKuuNcKwJN6X+4DsPW2ASWYeaWBBkhydd+ZzwWDPZ+ubk0OhyE7WJ\n Je5UuVYdprtXzdTC4+qL9R5K/kdgVqg=", "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=redhat.com; s=google; t=1770877598; x=1771482398; darn=nongnu.org;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=0DJOQ6jwEso0pRS4a8bCDrKdsF6L0AYtEV0u9zd/jaU=;\n b=TlzzqbJjvV35uVM6+BMORRbTbHGMHwnK90lPpafG4HQYzaaho8oy0/J6GmMNPUjS0k\n +IDqIRJvglctPoZbCt/RQ4F5BKO5GgYMYATbDORuiSXpOO5eJe7M5allAEHjiRD6DHq5\n VM5hDJv0HCzfXUQdcXDY293/IizbmefGxRJ1Ql1qYwxYBZnsSN7ztpB49ZfDPAnztZM8\n 47R2l+Pw+y5xvlIl6YsbIgEn37el3P2BzXpYWUi5miivBmBIUUrNFzKaqRk9pKUJP48u\n bqmHLFrvAG2VLz2RikSmX2Ep/+3WRi2TZkuREItUdv/+AuNjSGATbc/iiKsbG5a+7e7n\n HcaA==" ], "X-MC-Unique": "RE4yzThzP22hCJWd0OIN6A-1", "X-Mimecast-MFC-AGG-ID": "RE4yzThzP22hCJWd0OIN6A_1770877598", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20230601; t=1770877598; x=1771482398;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=0DJOQ6jwEso0pRS4a8bCDrKdsF6L0AYtEV0u9zd/jaU=;\n b=hOEdd+VV6EXdEpjdQAz5acMep7ipXVp8HlSLMwMm5R6mh9D7ngjbvQBFt3PHwI2zy9\n FnpdJhrqJR1uehFG10HQq2Q6/uj3ifC1LGyyQpEmz+vCY2+jHKl3o/RpRq2VBVNHBXOe\n vvafvkSdZ3FJ5dkGOZmmya7lbs/yvhReC9CF73073pG+j1AFpV3aTem3rYcvF7x7s16H\n mRD2gjRq+OSQ8zxeviEu2/x8fNC9GsXOc0GXh5trElecz0KEn10MGohLlwkJKm9Cgbpo\n aQKaZE9pcr7jSOkHPBQfH5wJ19UjHe96PgsoEn+UykGSqG92ZqtzU+D4lSqnVUg7QWHC\n YXtg==", "X-Forwarded-Encrypted": "i=1;\n AJvYcCW6LGnAbm6d037Y9YsJM86jd2w4uJGUxcg9y0O5qH+O8+04JMuvBtdQ007DWzJW9iKi6rMhcJnJrrXH@nongnu.org", "X-Gm-Message-State": "AOJu0Yzq3yoX3kcNImgTkE72OZox/skWgDdqlfPuRzIIPFAelvvaI1c1\n lDkmpSDn4F48hbQBJm0ElLdT4/j7IVpUxO7uCbNbR/pXDjf9CttWJY6D9/yolmE6CVnFtmFDGWW\n 8BiL7dPoyieJmcIQOzfodllvF8OYb53aar08+09JnJ9SF7eKT3lRA8e7T", "X-Gm-Gg": "AZuq6aL8ayOj93ecjiyCkUeJo3L8nmfToSNnZaCVveC/3ffUes/NsRLtghqi4M+Od8b\n EQtDVRs8fMzkI7/pDBEiFM2KauvdWg7rAqvZH1C8Z0m5HXt6GozeOLm74Rm4yg6AilliPqlt++F\n E0uECgS0/WU+lJ0Jqn7Day3mjTXVyANtkFm9OwmzhLjI7/KM3llpO54aC6X/nN9O/wBuWIyc7Ls\n 0eABBhz1cPD2BPAHqlD+QpqcOKMgDx2Z+rZnr1hJbfMVa9Cw0qIX3kRH27A1w9eeT04xKjHNei8\n 1k1NI1fsfxUgvFiUMwo3f2CH6g/c2FlIKJK13b1gkLiI7a5rV9eHledW+7mAJHfT6rM8pui5vdC\n 6GG/1nOK2QmE5G96zp4+c5pCCVbfLnMwLSTLAVfC7Mdj3xXiLFdMNI7I=", "X-Received": [ "by 2002:a17:90a:d78c:b0:34c:6124:3616 with SMTP id\n 98e67ed59e1d1-3568f41819amr1375487a91.27.1770877598305;\n Wed, 11 Feb 2026 22:26:38 -0800 (PST)", "by 2002:a17:90a:d78c:b0:34c:6124:3616 with SMTP id\n 98e67ed59e1d1-3568f41819amr1375471a91.27.1770877597934;\n Wed, 11 Feb 2026 22:26:37 -0800 (PST)" ], "From": "Ani Sinha <anisinha@redhat.com>", "To": "Paolo Bonzini <pbonzini@redhat.com>,\n Marcelo Tosatti <mtosatti@redhat.com>,\n Zhao Liu <zhao1.liu@intel.com>", "Cc": "kraxel@redhat.com, Ani Sinha <anisinha@redhat.com>, kvm@vger.kernel.org,\n qemu-devel@nongnu.org", "Subject": "[PATCH v4 20/31] i386/sev: add support for confidential guest reset", "Date": "Thu, 12 Feb 2026 11:55:04 +0530", "Message-ID": "<20260212062522.99565-21-anisinha@redhat.com>", "X-Mailer": "git-send-email 2.42.0", "In-Reply-To": "<20260212062522.99565-1-anisinha@redhat.com>", "References": "<20260212062522.99565-1-anisinha@redhat.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Received-SPF": "pass client-ip=170.10.129.124;\n envelope-from=anisinha@redhat.com;\n helo=us-smtp-delivery-124.mimecast.com", "X-Spam_score_int": "-20", "X-Spam_score": "-2.1", "X-Spam_bar": "--", "X-Spam_report": "(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001,\n DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001,\n RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,\n SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no", "X-Spam_action": "no action", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "qemu development <qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org" }, "content": "When the KVM VM file descriptor changes as a part of the confidential guest\nreset mechanism, it necessary to create a new confidential guest context and\nre-encrypt the VM memory. This happens for SEV-ES and SEV-SNP virtual machines\nas a part of SEV_LAUNCH_FINISH, SEV_SNP_LAUNCH_FINISH operations.\n\nA new resettable interface for SEV module has been added. A new reset callback\nfor the reset 'exit' state has been implemented to perform the above operations\nwhen the VM file descriptor has changed during VM reset.\n\nTracepoints has been added also for tracing purpose.\n\nSigned-off-by: Ani Sinha <anisinha@redhat.com>\n---\n target/i386/sev.c | 58 ++++++++++++++++++++++++++++++++++++++++\n target/i386/trace-events | 1 +\n 2 files changed, 59 insertions(+)", "diff": "diff --git a/target/i386/sev.c b/target/i386/sev.c\nindex b3893e431c..549e624176 100644\n--- a/target/i386/sev.c\n+++ b/target/i386/sev.c\n@@ -30,8 +30,10 @@\n #include \"system/kvm.h\"\n #include \"kvm/kvm_i386.h\"\n #include \"sev.h\"\n+#include \"system/cpus.h\"\n #include \"system/system.h\"\n #include \"system/runstate.h\"\n+#include \"system/reset.h\"\n #include \"trace.h\"\n #include \"migration/blocker.h\"\n #include \"qom/object.h\"\n@@ -86,6 +88,10 @@ typedef struct QEMU_PACKED PaddedSevHashTable {\n uint8_t padding[ROUND_UP(sizeof(SevHashTable), 16) - sizeof(SevHashTable)];\n } PaddedSevHashTable;\n \n+static void sev_handle_reset(Object *obj, ResetType type);\n+\n+SevKernelLoaderContext sev_load_ctx = {};\n+\n QEMU_BUILD_BUG_ON(sizeof(PaddedSevHashTable) % 16 != 0);\n \n #define SEV_INFO_BLOCK_GUID \"00f771de-1a7e-4fcb-890e-68c77e2fb44e\"\n@@ -129,6 +135,7 @@ struct SevCommonState {\n uint8_t build_id;\n int sev_fd;\n SevState state;\n+ ResettableState reset_state;\n \n QTAILQ_HEAD(, SevLaunchVmsa) launch_vmsa;\n };\n@@ -1666,6 +1673,11 @@ sev_vm_state_change(void *opaque, bool running, RunState state)\n error_setg(&sev_mig_blocker,\n \"SEV: Migration is not implemented\");\n migrate_add_blocker(&sev_mig_blocker, &error_fatal);\n+ /*\n+ * mark SEV guest as resettable so that we can reinitialize\n+ * SEV upon reset.\n+ */\n+ qemu_register_resettable(OBJECT(sev_common));\n }\n }\n }\n@@ -1991,6 +2003,41 @@ static int sev_snp_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)\n return 0;\n }\n \n+/*\n+ * handle sev vm reset\n+ */\n+static void sev_handle_reset(Object *obj, ResetType type)\n+{\n+ SevCommonState *sev_common = SEV_COMMON(MACHINE(qdev_get_machine())->cgs);\n+ SevCommonStateClass *klass = SEV_COMMON_GET_CLASS(sev_common);\n+\n+ if (!sev_common) {\n+ return;\n+ }\n+\n+ if (!runstate_is_running()) {\n+ return;\n+ }\n+\n+ sev_add_kernel_loader_hashes(&sev_load_ctx, &error_fatal);\n+ if (sev_es_enabled() && !sev_snp_enabled()) {\n+ sev_launch_get_measure(NULL, NULL);\n+ }\n+ if (!sev_check_state(sev_common, SEV_STATE_RUNNING)) {\n+ /* this calls sev_snp_launch_finish() etc */\n+ klass->launch_finish(sev_common);\n+ }\n+\n+ trace_sev_handle_reset();\n+ return;\n+}\n+\n+static ResettableState *sev_reset_state(Object *obj)\n+{\n+ SevCommonState *sev_common = SEV_COMMON(obj);\n+ return &sev_common->reset_state;\n+}\n+\n int\n sev_encrypt_flash(hwaddr gpa, uint8_t *ptr, uint64_t len, Error **errp)\n {\n@@ -2469,6 +2516,8 @@ bool sev_add_kernel_loader_hashes(SevKernelLoaderContext *ctx, Error **errp)\n return false;\n }\n \n+ /* save the context here so that it can be re-used when vm is reset */\n+ memcpy(&sev_load_ctx, ctx, sizeof(*ctx));\n return klass->build_kernel_loader_hashes(sev_common, area, ctx, errp);\n }\n \n@@ -2729,8 +2778,16 @@ static void\n sev_common_class_init(ObjectClass *oc, const void *data)\n {\n ConfidentialGuestSupportClass *klass = CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc);\n+ ResettableClass *rc = RESETTABLE_CLASS(oc);\n \n klass->kvm_init = sev_common_kvm_init;\n+ /*\n+ * the exit phase makes sure sev handles reset after all legacy resets\n+ * have taken place (in the hold phase) and IGVM has also properly\n+ * set up the boot state.\n+ */\n+ rc->phases.exit = sev_handle_reset;\n+ rc->get_state = sev_reset_state;\n \n object_class_property_add_str(oc, \"sev-device\",\n sev_common_get_sev_device,\n@@ -2780,6 +2837,7 @@ static const TypeInfo sev_common_info = {\n .abstract = true,\n .interfaces = (const InterfaceInfo[]) {\n { TYPE_USER_CREATABLE },\n+ { TYPE_RESETTABLE_INTERFACE },\n { }\n }\n };\ndiff --git a/target/i386/trace-events b/target/i386/trace-events\nindex 51301673f0..b320f655ee 100644\n--- a/target/i386/trace-events\n+++ b/target/i386/trace-events\n@@ -14,3 +14,4 @@ kvm_sev_attestation_report(const char *mnonce, const char *data) \"mnonce %s data\n kvm_sev_snp_launch_start(uint64_t policy, char *gosvw) \"policy 0x%\" PRIx64 \" gosvw %s\"\n kvm_sev_snp_launch_update(uint64_t src, uint64_t gpa, uint64_t len, const char *type) \"src 0x%\" PRIx64 \" gpa 0x%\" PRIx64 \" len 0x%\" PRIx64 \" (%s page)\"\n kvm_sev_snp_launch_finish(char *id_block, char *id_auth, char *host_data) \"id_block %s id_auth %s host_data %s\"\n+sev_handle_reset(void) \"\"\n", "prefixes": [ "v4", "20/31" ] }