Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2195855/?format=api
{ "id": 2195855, "url": "http://patchwork.ozlabs.org/api/patches/2195855/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260212062522.99565-16-anisinha@redhat.com/", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260212062522.99565-16-anisinha@redhat.com>", "list_archive_url": null, "date": "2026-02-12T06:24:59", "name": "[v4,15/31] i386/tdx: finalize TDX guest state upon reset", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "a93b7d5d080a93b84933bf4c901bd712f67df358", "submitter": { "id": 86030, "url": "http://patchwork.ozlabs.org/api/people/86030/?format=api", "name": "Ani Sinha", "email": "anisinha@redhat.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260212062522.99565-16-anisinha@redhat.com/mbox/", "series": [ { "id": 491935, "url": "http://patchwork.ozlabs.org/api/series/491935/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=491935", "date": "2026-02-12T06:24:45", "name": "Introduce support for confidential guest reset (x86)", "version": 4, "mbox": "http://patchwork.ozlabs.org/series/491935/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2195855/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2195855/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=Wy78EA60;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=google header.b=MyVhMt45;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fBQPs14lXz1xvb\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 12 Feb 2026 17:29:37 +1100 (AEDT)", "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1vqQ9l-0007px-0h; Thu, 12 Feb 2026 01:26:29 -0500", "from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <anisinha@redhat.com>)\n id 1vqQ9j-0007pj-Dt\n for qemu-devel@nongnu.org; Thu, 12 Feb 2026 01:26:27 -0500", "from us-smtp-delivery-124.mimecast.com ([170.10.133.124])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <anisinha@redhat.com>)\n id 1vqQ9h-0005GW-QP\n for qemu-devel@nongnu.org; Thu, 12 Feb 2026 01:26:27 -0500", "from mail-pg1-f200.google.com (mail-pg1-f200.google.com\n [209.85.215.200]) by relay.mimecast.com with ESMTP with STARTTLS\n (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id\n us-mta-338-yRju11d6O6iIUIt3XRyu-Q-1; Thu, 12 Feb 2026 01:26:23 -0500", "by mail-pg1-f200.google.com with SMTP id\n 41be03b00d2f7-c6e18f1cb86so2858451a12.0\n for <qemu-devel@nongnu.org>; Wed, 11 Feb 2026 22:26:23 -0800 (PST)", "from rhel9-box.lan ([122.164.27.113])\n by smtp.googlemail.com with ESMTPSA id\n 98e67ed59e1d1-3567e7d95d8sm4894122a91.2.2026.02.11.22.26.19\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 11 Feb 2026 22:26:21 -0800 (PST)" ], "DKIM-Signature": [ "v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1770877585;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:cc:mime-version:mime-version:\n content-transfer-encoding:content-transfer-encoding:\n in-reply-to:in-reply-to:references:references;\n bh=kdx//uhe0dGZAW7ELRMRtjQOSKo80AjzaA5Q7pgL+h8=;\n b=Wy78EA60hTkWSyYoslH8x+mV0+WazeYatzk6feFygGTf4RvCzB2rc22DsMeAWKakSC7swM\n bD6PJi41EVKvp0gPwxTMUidj9RkXKGs0kzW8+AK93cIUA9wjmt3L77SquH0ihCKFBL0FlY\n ARSkNEJZ9PydeW9OmgNCgM1kGnoKLFE=", "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=redhat.com; s=google; t=1770877582; x=1771482382; darn=nongnu.org;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=kdx//uhe0dGZAW7ELRMRtjQOSKo80AjzaA5Q7pgL+h8=;\n b=MyVhMt45e1UmGbS6JkPJtVmyi+4IzQnm9K6/2okfG4LKdfw1U60G+30oZFo6ti77rn\n xh/HPG+9fIF31svg01Cr7mI5aY8WR+ecCiFH9jVy3fu/O1wF5bEI25gtnfwvGQVty4Tj\n oJJeE+eiNq+tzyajwfrZSCw7eyFYRIlB4EnMmpsrd9oPqwStGQS9Fwmf2OAl6zUIEN0D\n I/IIVQqojpQP6LDIugGQpKkGgeBkKp8ySYZlqMMfU4ii7OwWtQki2QDrQUuwMiLvptxe\n Dzl50TCBOzsiFdrJ4KIKDFD+umTkSn0web2BUPAcXGhatBgVlsbeTZbTF2T+Tr8Zumul\n GJ/A==" ], "X-MC-Unique": "yRju11d6O6iIUIt3XRyu-Q-1", "X-Mimecast-MFC-AGG-ID": "yRju11d6O6iIUIt3XRyu-Q_1770877582", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20230601; t=1770877582; x=1771482382;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=kdx//uhe0dGZAW7ELRMRtjQOSKo80AjzaA5Q7pgL+h8=;\n b=ReJ0jzvU+0JsQz39+dwOZj+75Tg9fMlE83Q1avusMEdPJtx8fkrjHU9R090OzfHaz/\n YjvEClvNd62rSvWS/I1CU318PS04McDWlaK23XZRfj+X42rzh6iNIpRLeKSgBjy4aQtJ\n IfydSTUl6LCMfoD7p3+FhMNo6gqlL60CBtrtlVlxPHrFpxzn7Y9rfk3oKg3v/i/KrgYS\n w/2OZbfuV6C6iMdoNcTPKUMruTpFTdp/R1t5OaN4jC5s2RPAsAtILDiGW+zlrYYHzJU4\n IQLk3O4cVjCsFdVBRLDQHPbaV22cn0EVsGlrFZM2o45z7homvd9uvMoOmQhv7BeuFlMA\n HuVA==", "X-Forwarded-Encrypted": "i=1;\n AJvYcCUqeY4pYIngRxkR9KqMF/FrkttEKZkLo0Bqqy3gSbo8xY9DfEtnYPdyiDgDzh/iirWaxpJcCC1ZfUsb@nongnu.org", "X-Gm-Message-State": "AOJu0Yw9O6n8O1e//HUsLDV9xdIeDyiQrd+RGoy/iMC9hKypC4YKYzT0\n lhZDLd/PPq2+zrchmRh+LXkG2ONuTwJRTPg1rwIz2B7w8Genu2yxKbonVyq6aVgWh14Kbbl/C4O\n sBTwikl6bDDmg2uYKgmj/yhFXype0x/iG8AjwzEtztz8u7MWiT4Q0hb8T", "X-Gm-Gg": "AZuq6aJ4jxk5b3/mjyA/9NYG/rgz6vr1pBHzQGSqWy7c5BfnNMIme9b6rj0yyRot5Yz\n 16C3Xj3n7V1UQvgJoYHIMLyK4KjFyJb7ZoxwFerDTGeAaODEhpIXW0lAl6ucMnHifefE0DS7R+7\n 7pHpBMf1FI5UNjdNcYsv07ybiWJRUaeHMEU7YzaIRv0Zn+oGeCDpqbbGZoydpNilvLiBb003Hmd\n UjCbxceIG/Pc/+ljOSBQQx4yveimp+kPyphKmPE7gmz8HzTR8PCfUuwVVeGf7XDsixkiT/EwiMd\n hdP5D59IjxuKWwg19wR+i7qQMNPypH/Q+WUNGS0d8oisrUqMAw0t9vG2x1b/IvwGNYJC6WuHbql\n S7aHRYsurRyMJWjy/jPOnEXglOom+pXzEmKaBztyze1SXISL+oNEtvgA=", "X-Received": [ "by 2002:a05:6a20:2454:b0:366:14ac:e1fc with SMTP id\n adf61e73a8af0-3944897ea14mr1768766637.78.1770877582401;\n Wed, 11 Feb 2026 22:26:22 -0800 (PST)", "by 2002:a05:6a20:2454:b0:366:14ac:e1fc with SMTP id\n adf61e73a8af0-3944897ea14mr1768746637.78.1770877582040;\n Wed, 11 Feb 2026 22:26:22 -0800 (PST)" ], "From": "Ani Sinha <anisinha@redhat.com>", "To": "Paolo Bonzini <pbonzini@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>", "Cc": "kraxel@redhat.com, Ani Sinha <anisinha@redhat.com>, kvm@vger.kernel.org,\n qemu-devel@nongnu.org", "Subject": "[PATCH v4 15/31] i386/tdx: finalize TDX guest state upon reset", "Date": "Thu, 12 Feb 2026 11:54:59 +0530", "Message-ID": "<20260212062522.99565-16-anisinha@redhat.com>", "X-Mailer": "git-send-email 2.42.0", "In-Reply-To": "<20260212062522.99565-1-anisinha@redhat.com>", "References": "<20260212062522.99565-1-anisinha@redhat.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Received-SPF": "pass client-ip=170.10.133.124;\n envelope-from=anisinha@redhat.com;\n helo=us-smtp-delivery-124.mimecast.com", "X-Spam_score_int": "-20", "X-Spam_score": "-2.1", "X-Spam_bar": "--", "X-Spam_report": "(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001,\n DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001,\n RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,\n SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no", "X-Spam_action": "no action", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "qemu development <qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org" }, "content": "When the confidential virtual machine KVM file descriptor changes due to the\nguest reset, some TDX specific setup steps needs to be done again. This\nincludes finalizing the initial guest launch state again. This change\nre-executes some parts of the TDX setup during the device reset phaze using a\nresettable interface. This finalizes the guest launch state again and locks\nit in. Machine done notifier which was previously used is no longer needed as\nthe same code is now executed as a part of VM reset.\n\nSigned-off-by: Ani Sinha <anisinha@redhat.com>\n---\n target/i386/kvm/tdx.c | 38 +++++++++++++++++++++++++++++++-----\n target/i386/kvm/tdx.h | 1 +\n target/i386/kvm/trace-events | 3 +++\n 3 files changed, 37 insertions(+), 5 deletions(-)", "diff": "diff --git a/target/i386/kvm/tdx.c b/target/i386/kvm/tdx.c\nindex fd8e3de969..37e91d95e1 100644\n--- a/target/i386/kvm/tdx.c\n+++ b/target/i386/kvm/tdx.c\n@@ -19,6 +19,7 @@\n #include \"crypto/hash.h\"\n #include \"system/kvm_int.h\"\n #include \"system/runstate.h\"\n+#include \"system/reset.h\"\n #include \"system/system.h\"\n #include \"system/ramblock.h\"\n #include \"system/address-spaces.h\"\n@@ -38,6 +39,7 @@\n #include \"kvm_i386.h\"\n #include \"tdx.h\"\n #include \"tdx-quote-generator.h\"\n+#include \"trace.h\"\n \n #include \"standard-headers/asm-x86/kvm_para.h\"\n \n@@ -389,9 +391,19 @@ static void tdx_finalize_vm(Notifier *notifier, void *unused)\n CONFIDENTIAL_GUEST_SUPPORT(tdx_guest)->ready = true;\n }\n \n-static Notifier tdx_machine_done_notify = {\n- .notify = tdx_finalize_vm,\n-};\n+static void tdx_handle_reset(Object *obj, ResetType type)\n+{\n+ if (!runstate_is_running() && !phase_check(PHASE_MACHINE_READY)) {\n+ return;\n+ }\n+\n+ if (!kvm_enable_hypercall(BIT_ULL(KVM_HC_MAP_GPA_RANGE))) {\n+ error_setg(&error_fatal, \"KVM_HC_MAP_GPA_RANGE not enabled for guest\");\n+ }\n+\n+ tdx_finalize_vm(NULL, NULL);\n+ trace_tdx_handle_reset();\n+}\n \n /*\n * Some CPUID bits change from fixed1 to configurable bits when TDX module\n@@ -738,8 +750,6 @@ static int tdx_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)\n */\n kvm_readonly_mem_allowed = false;\n \n- qemu_add_machine_init_done_notifier(&tdx_machine_done_notify);\n-\n tdx_guest = tdx;\n return 0;\n }\n@@ -1505,6 +1515,7 @@ OBJECT_DEFINE_TYPE_WITH_INTERFACES(TdxGuest,\n TDX_GUEST,\n X86_CONFIDENTIAL_GUEST,\n { TYPE_USER_CREATABLE },\n+ { TYPE_RESETTABLE_INTERFACE },\n { NULL })\n \n static void tdx_guest_init(Object *obj)\n@@ -1538,16 +1549,24 @@ static void tdx_guest_init(Object *obj)\n \n tdx->event_notify_vector = -1;\n tdx->event_notify_apicid = -1;\n+ qemu_register_resettable(obj);\n }\n \n static void tdx_guest_finalize(Object *obj)\n {\n }\n \n+static ResettableState *tdx_reset_state(Object *obj)\n+{\n+ TdxGuest *tdx = TDX_GUEST(obj);\n+ return &tdx->reset_state;\n+}\n+\n static void tdx_guest_class_init(ObjectClass *oc, const void *data)\n {\n ConfidentialGuestSupportClass *klass = CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc);\n X86ConfidentialGuestClass *x86_klass = X86_CONFIDENTIAL_GUEST_CLASS(oc);\n+ ResettableClass *rc = RESETTABLE_CLASS(oc);\n \n klass->kvm_init = tdx_kvm_init;\n klass->can_rebuild_guest_state = true;\n@@ -1555,4 +1574,13 @@ static void tdx_guest_class_init(ObjectClass *oc, const void *data)\n x86_klass->cpu_instance_init = tdx_cpu_instance_init;\n x86_klass->adjust_cpuid_features = tdx_adjust_cpuid_features;\n x86_klass->check_features = tdx_check_features;\n+\n+ /*\n+ * the exit phase makes sure sev handles reset after all legacy resets\n+ * have taken place (in the hold phase) and IGVM has also properly\n+ * set up the boot state.\n+ */\n+ rc->phases.exit = tdx_handle_reset;\n+ rc->get_state = tdx_reset_state;\n+\n }\ndiff --git a/target/i386/kvm/tdx.h b/target/i386/kvm/tdx.h\nindex 1c38faf983..264fbe530c 100644\n--- a/target/i386/kvm/tdx.h\n+++ b/target/i386/kvm/tdx.h\n@@ -70,6 +70,7 @@ typedef struct TdxGuest {\n \n uint32_t event_notify_vector;\n uint32_t event_notify_apicid;\n+ ResettableState reset_state;\n } TdxGuest;\n \n #ifdef CONFIG_TDX\ndiff --git a/target/i386/kvm/trace-events b/target/i386/kvm/trace-events\nindex 2d213c9f9b..a386234571 100644\n--- a/target/i386/kvm/trace-events\n+++ b/target/i386/kvm/trace-events\n@@ -14,3 +14,6 @@ kvm_xen_soft_reset(void) \"\"\n kvm_xen_set_shared_info(uint64_t gfn) \"shared info at gfn 0x%\" PRIx64\n kvm_xen_set_vcpu_attr(int cpu, int type, uint64_t gpa) \"vcpu attr cpu %d type %d gpa 0x%\" PRIx64\n kvm_xen_set_vcpu_callback(int cpu, int vector) \"callback vcpu %d vector %d\"\n+\n+# tdx.c\n+tdx_handle_reset(void) \"\"\n", "prefixes": [ "v4", "15/31" ] }