{"id":2197733,"url":"http://patchwork.ozlabs.org/api/1.0/patches/2197733/?format=json","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/1.0/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260218114233.266178-28-anisinha@redhat.com>","date":"2026-02-18T11:42:20","name":"[v5,27/34] kvm/xen-emu: re-initialize capabilities during confidential guest reset","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"b1b6b0269ab3f1d0687452b0c94e5fa90c229cf7","submitter":{"id":86030,"url":"http://patchwork.ozlabs.org/api/1.0/people/86030/?format=json","name":"Ani Sinha","email":"anisinha@redhat.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20260218114233.266178-28-anisinha@redhat.com/mbox/","series":[{"id":492541,"url":"http://patchwork.ozlabs.org/api/1.0/series/492541/?format=json","date":"2026-02-18T11:41:56","name":"Introduce support for confidential guest reset (x86)","version":5,"mbox":"http://patchwork.ozlabs.org/series/492541/mbox/"}],"check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2197733/checks/","tags":{},"headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=Vv6AQx+7;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=google header.b=t7bPE/Pt;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fGF971lhsz1xvq\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 18 Feb 2026 22:46:51 +1100 (AEDT)","from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1vsfz8-0004hU-7o; Wed, 18 Feb 2026 06:44:50 -0500","from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <anisinha@redhat.com>)\n id 1vsfyZ-0003zG-MG\n for qemu-devel@nongnu.org; Wed, 18 Feb 2026 06:44:16 -0500","from us-smtp-delivery-124.mimecast.com ([170.10.133.124])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <anisinha@redhat.com>)\n id 1vsfyW-0007x3-8s\n for qemu-devel@nongnu.org; Wed, 18 Feb 2026 06:44:15 -0500","from mail-pl1-f197.google.com (mail-pl1-f197.google.com\n [209.85.214.197]) by relay.mimecast.com with ESMTP with STARTTLS\n (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id\n us-mta-426-Lsv1dRo5PZSkPSpkEwDnCA-1; Wed, 18 Feb 2026 06:44:10 -0500","by mail-pl1-f197.google.com with SMTP id\n d9443c01a7336-2ab0b2e804cso69692755ad.3\n for <qemu-devel@nongnu.org>; Wed, 18 Feb 2026 03:44:10 -0800 (PST)","from rhel9-box.lan ([117.99.83.54])\n by smtp.googlemail.com with ESMTPSA id\n d9443c01a7336-2ad1aaeab38sm127803425ad.82.2026.02.18.03.44.05\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 18 Feb 2026 03:44:08 -0800 (PST)"],"DKIM-Signature":["v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1771415051;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:cc:mime-version:mime-version:\n content-transfer-encoding:content-transfer-encoding:\n in-reply-to:in-reply-to:references:references;\n bh=Lc7U1GbS1JHxjc6G1Vv9nRCpYH775c/aB7pSkgG/wFs=;\n b=Vv6AQx+7FPzipL5BqjdS5w+JCSSTM3QXlwRnihfS1FA4BnlWE/4fbIo2/SQB0w+CoOyhUS\n c1eBpLxHpEyKC3+up4q0XZZCBGNDxWDMStE2NxQdhVwZhEEQdmTVS42gLvNk9xJMwuan8C\n cIdWP8mW7t/3UCMlx5K5b89GuXrm3f4=","v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=redhat.com; s=google; t=1771415049; x=1772019849; darn=nongnu.org;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=Lc7U1GbS1JHxjc6G1Vv9nRCpYH775c/aB7pSkgG/wFs=;\n b=t7bPE/PtL6Op3n/XOfREBTs15TYyr6++U6rqkcss0C+S8hOByUZ7ekrg5N6Htpg+oV\n za6ZJwjbR+gKnDFUcJo6pCWODPMSWDBbF1d+TqC87iuie3sjM9PfzFtg+X0szPfrg9PW\n OXj3Ty/XEFOeTg82CLfoWyErrUQToS4LFHSuHzpeaynJN7YIrO5vSHvV1uDUM7YrPDKo\n EEYqGo7nq5lbpp2j1TBAwfQgX03pOJeZnSYOiuMm7kAp+LDkjzS/HWSa9lCBxUZAFG+s\n C8DJCaDm4YwpJgMEDeYP2BN4rzgiaUtuEV9y26IXuZZyd9nfn7m0wBMBAZK5LBoZOhnI\n eV4Q=="],"X-MC-Unique":"Lsv1dRo5PZSkPSpkEwDnCA-1","X-Mimecast-MFC-AGG-ID":"Lsv1dRo5PZSkPSpkEwDnCA_1771415049","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20230601; t=1771415049; x=1772019849;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=Lc7U1GbS1JHxjc6G1Vv9nRCpYH775c/aB7pSkgG/wFs=;\n b=jpilxsBSn5LcYVcu6mPwiIddyf7M1oTXukkp8AnqVfEY1SIAiOePXR1dGZbdzNYf+u\n 9lA1h2agHYErhrKSVvHJ96trPhjEUPEJujmR0SYH+I87c4pFyXZGqzo6S/ckI9u5EV1g\n 3TpVedMjt/nHnyNVNhVxt6Fa/i0m2gOjaq8QZn/EnjRH4xDLfCvuCzhCnb42lLkGKz0d\n kNBXSwufK0LnZmz8MrOXUP2FEGArV94/6+B9a07xJk7JP+90ygxph6OHSsf3EBPF/3NA\n 2QQBSn4x0hKPxUKVQnHL793zP3mzTJ6dKgUXL00LX0Rl8zY6xa/TBntyvjCiKUTGuJ+Z\n PRBg==","X-Forwarded-Encrypted":"i=1;\n AJvYcCWw3kEjKXUqBrZYsM6UwfhbbD11cqOUp3A45CzoxwN+kl0j0FSFJi0DKiEsR14wfvIOMX/Xk30nRXtR@nongnu.org","X-Gm-Message-State":"AOJu0YxF+4N7+uuOh9s0ZQTHDRRhSdgIMkZ+RaHqd+rt4NkeFY4es5RF\n OBDaAwGxG+CT/mEp/IplyjKwgkeCtJrdcSgpUod5T4KQr+D+RhCJdYCPmA4YH+TdaT7tMuMDQQw\n PO5xeZVG8S091u5oKjRC+Tq/opZW8fXOWRa9mcrZaKTDo/sVnn/dVSenB","X-Gm-Gg":"AZuq6aKuHxabSAT6MWcD8X9RTMgQPGtLrZQSDv65nz6Lim1qLUgbWFHpiJuxJc9J2ra\n 6zeqw7dltenFSbGDYpj1rZlUcR7J08oEvtwJ1KhoYAXA2f29XkghzskrpDCQLAd+SG6ACoNqwfy\n 6KYn+/whT1EartCAVvMZ10fH2Ynd1EV0XqpH2DmcLKSNqFPK+6GCs3o7rFHA/LmqCur0Gvp4B02\n KCWcwBNQhFRyq/BoKx/VgZeoH7OOdQJcTWcf/y7SKFKMlwL6XVEEkLwQlY01HleW85tqDpGwQWN\n 8f0Xxbi3w7MeULKgY0rg4GlkNVrGGr42/MZL+8oqNIjik7TQMAPQ4SteZBS632Mn7TRpQaPTqel\n 2Qmr520jKbY4qnModmTObi7ucHnRq9oPBRxM1d6jZYhRRMgyLQK6t","X-Received":["by 2002:a17:902:cccd:b0:297:cf96:45bd with SMTP id\n d9443c01a7336-2ad50eb31b4mr16065715ad.19.1771415049244;\n Wed, 18 Feb 2026 03:44:09 -0800 (PST)","by 2002:a17:902:cccd:b0:297:cf96:45bd with SMTP id\n d9443c01a7336-2ad50eb31b4mr16065545ad.19.1771415048913;\n Wed, 18 Feb 2026 03:44:08 -0800 (PST)"],"From":"Ani Sinha <anisinha@redhat.com>","To":"David Woodhouse <dwmw2@infradead.org>, Paul Durrant <paul@xen.org>,\n Paolo Bonzini <pbonzini@redhat.com>, Marcelo Tosatti <mtosatti@redhat.com>","Cc":"Ani Sinha <anisinha@redhat.com>, kraxel@redhat.com, kvm@vger.kernel.org,\n qemu-devel@nongnu.org","Subject":"[PATCH v5 27/34] kvm/xen-emu: re-initialize capabilities during\n confidential guest reset","Date":"Wed, 18 Feb 2026 17:12:20 +0530","Message-ID":"<20260218114233.266178-28-anisinha@redhat.com>","X-Mailer":"git-send-email 2.42.0","In-Reply-To":"<20260218114233.266178-1-anisinha@redhat.com>","References":"<20260218114233.266178-1-anisinha@redhat.com>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","Received-SPF":"pass client-ip=170.10.133.124;\n envelope-from=anisinha@redhat.com;\n helo=us-smtp-delivery-124.mimecast.com","X-Spam_score_int":"-20","X-Spam_score":"-2.1","X-Spam_bar":"--","X-Spam_report":"(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.043,\n DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001,\n RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,\n SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no","X-Spam_action":"no action","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"qemu development <qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<https://lists.nongnu.org/archive/html/qemu-devel>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"},"content":"On confidential guests KVM virtual machine file descriptor changes as a\npart of the guest reset process. Xen capabilities needs to be re-initialized in\nKVM against the new file descriptor.\n\nSigned-off-by: Ani Sinha <anisinha@redhat.com>\n---\n target/i386/kvm/xen-emu.c | 50 +++++++++++++++++++++++++++++++++++++--\n 1 file changed, 48 insertions(+), 2 deletions(-)","diff":"diff --git a/target/i386/kvm/xen-emu.c b/target/i386/kvm/xen-emu.c\nindex 52de019834..69527145eb 100644\n--- a/target/i386/kvm/xen-emu.c\n+++ b/target/i386/kvm/xen-emu.c\n@@ -44,9 +44,12 @@\n \n #include \"xen-compat.h\"\n \n+NotifierWithReturn xen_vmfd_change_notifier;\n+static bool hyperv_enabled;\n static void xen_vcpu_singleshot_timer_event(void *opaque);\n static void xen_vcpu_periodic_timer_event(void *opaque);\n static int vcpuop_stop_singleshot_timer(CPUState *cs);\n+static int do_initialize_xen_caps(KVMState *s, uint32_t hypercall_msr);\n \n #ifdef TARGET_X86_64\n #define hypercall_compat32(longmode) (!(longmode))\n@@ -54,6 +57,30 @@ static int vcpuop_stop_singleshot_timer(CPUState *cs);\n #define hypercall_compat32(longmode) (false)\n #endif\n \n+static int xen_handle_vmfd_change(NotifierWithReturn *n,\n+                                  void *data, Error** errp)\n+{\n+    int ret;\n+\n+    /* we are not interested in pre vmfd change notification */\n+    if (((VmfdChangeNotifier *)data)->pre) {\n+        return 0;\n+    }\n+\n+    ret = do_initialize_xen_caps(kvm_state, XEN_HYPERCALL_MSR);\n+    if (ret < 0) {\n+        return ret;\n+    }\n+\n+    if (hyperv_enabled) {\n+        ret = do_initialize_xen_caps(kvm_state, XEN_HYPERCALL_MSR_HYPERV);\n+        if (ret < 0) {\n+            return ret;\n+        }\n+    }\n+    return 0;\n+}\n+\n static bool kvm_gva_to_gpa(CPUState *cs, uint64_t gva, uint64_t *gpa,\n                            size_t *len, bool is_write)\n {\n@@ -111,15 +138,16 @@ static inline int kvm_copy_to_gva(CPUState *cs, uint64_t gva, void *buf,\n     return kvm_gva_rw(cs, gva, buf, sz, true);\n }\n \n-int kvm_xen_init(KVMState *s, uint32_t hypercall_msr)\n+static int do_initialize_xen_caps(KVMState *s, uint32_t hypercall_msr)\n {\n+    int xen_caps, ret;\n     const int required_caps = KVM_XEN_HVM_CONFIG_HYPERCALL_MSR |\n         KVM_XEN_HVM_CONFIG_INTERCEPT_HCALL | KVM_XEN_HVM_CONFIG_SHARED_INFO;\n+\n     struct kvm_xen_hvm_config cfg = {\n         .msr = hypercall_msr,\n         .flags = KVM_XEN_HVM_CONFIG_INTERCEPT_HCALL,\n     };\n-    int xen_caps, ret;\n \n     xen_caps = kvm_check_extension(s, KVM_CAP_XEN_HVM);\n     if (required_caps & ~xen_caps) {\n@@ -143,6 +171,21 @@ int kvm_xen_init(KVMState *s, uint32_t hypercall_msr)\n                      strerror(-ret));\n         return ret;\n     }\n+    return xen_caps;\n+}\n+\n+int kvm_xen_init(KVMState *s, uint32_t hypercall_msr)\n+{\n+    int xen_caps;\n+\n+    xen_caps = do_initialize_xen_caps(s, hypercall_msr);\n+    if (xen_caps < 0) {\n+        return xen_caps;\n+    }\n+\n+    if (!hyperv_enabled && (hypercall_msr == XEN_HYPERCALL_MSR_HYPERV)) {\n+        hyperv_enabled = true;\n+    }\n \n     /* If called a second time, don't repeat the rest of the setup. */\n     if (s->xen_caps) {\n@@ -185,6 +228,9 @@ int kvm_xen_init(KVMState *s, uint32_t hypercall_msr)\n     xen_primary_console_reset();\n     xen_xenstore_reset();\n \n+    xen_vmfd_change_notifier.notify = xen_handle_vmfd_change;\n+    kvm_vmfd_add_change_notifier(&xen_vmfd_change_notifier);\n+\n     return 0;\n }\n \n","prefixes":["v5","27/34"]}