Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220606124333.2060567-19-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
This patch adds replay description page, converting prior
text from docs/replay.txt.
The text was also updated and some sections were moved
to devel part of the docs.
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <165364839601.688121.5131456980322853233.stgit@pasha-ThinkPad-X280>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
In commit 5814d587fe we added support for emulating
FEAT_HCX (Support for the HCRX_EL2 register). However we
forgot to add it to the list in emulated.rst. Correct the
omission.
Fixes: 5814d587fe ("target/arm: Enable FEAT_HCX for -cpu max")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220520084320.424166-1-peter.maydell@linaro.org
The alternative small firmware needs a few words of what it can and
absolutely cannot do; this adds those words.
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Message-Id: <20220506055124.3822112-1-aik@ozlabs.ru>
[danielhb: added linebreaks before and after table]
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
rSTify docs/hyperv.txt and link it from docs/system/target-i386.rst.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20220525115949.1294004-7-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Add fby35 to the list of Aspeed boards.
Signed-off-by: Peter Delevoryas <pdel@fb.com>
Message-Id: <20220506193354.990532-2-pdel@fb.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
The Armv8.4 feature FEAT_IDST specifies that exceptions generated by
read accesses to the feature ID space should report a syndrome code
of 0x18 (EC_SYSTEMREGISTERTRAP) rather than 0x00 (EC_UNCATEGORIZED).
The feature ID space is defined to be:
op0 == 3, op1 == {0,1,3}, CRn == 0, CRm == {0-7}, op2 == {0-7}
In our implementation we might return the EC_UNCATEGORIZED syndrome
value for a system register access in four cases:
* no reginfo struct in the hashtable
* cp_access_ok() fails (ie ri->access doesn't permit the access)
* ri->accessfn returns CP_ACCESS_TRAP_UNCATEGORIZED at runtime
* ri->type includes ARM_CP_RAISES_EXC, and the readfn raises
an UNDEF exception at runtime
We have very few regdefs that set ARM_CP_RAISES_EXC, and none of
them are in the feature ID space. (In the unlikely event that any
are added in future they would need to take care of setting the
correct syndrome themselves.) This patch deals with the other
three cases, and enables FEAT_IDST for AArch64 -cpu max.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220509155457.3560724-1-peter.maydell@linaro.org
Enable the FEAT_S2FWB for -cpu max. Since FEAT_S2FWB requires that
CLIDR_EL1.{LoUU,LoUIS} are zero, we explicitly squash these (the
inherited CLIDR_EL1 value from the Cortex-A57 has them as 1).
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220505183950.2781801-5-peter.maydell@linaro.org
Provide an introduction to the main components of a CXL system,
with detailed explanation of memory interleaving, example command
lines and kernel configuration.
This was a challenging document to write due to the need to extract
only that subset of CXL information which is relevant to either
users of QEMU emulation of CXL or to those interested in the
implementation. Much of CXL is concerned with specific elements of
the protocol, management of memory pooling etc which is simply
not relevant to what is currently planned for CXL emulation
in QEMU. All comments welcome
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220429144110.25167-43-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Enable the n1 for virt and sbsa board use.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220506180242.216785-25-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Enable the a76 for virt and sbsa board use.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220506180242.216785-24-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This extension concerns not merging memory access, which TCG does
not implement. Thus we can trivially enable this feature.
Add a comment to handle_hint for the DGH instruction, but no code.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220506180242.216785-23-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This extension concerns cache speculation, which TCG does
not implement. Thus we can trivially enable this feature.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220506180242.216785-22-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
There is no branch prediction in TCG, therefore there is no
need to actually include the context number into the predictor.
Therefore all we need to do is add the state for SCXTNUM_ELx.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220506180242.216785-21-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This extension concerns branch speculation, which TCG does
not implement. Thus we can trivially enable this feature.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220506180242.216785-20-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This feature is AArch64 only, and applies to physical SErrors,
which QEMU does not implement, thus the feature is a nop.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220506180242.216785-19-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220506180242.216785-18-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This extension concerns changes to the External Debug interface,
with Secure and Non-secure access to the debug registers, and all
of it is outside the scope of QEMU. Indicating support for this
is mandatory with FEAT_SEL2, which we do implement.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220506180242.216785-13-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The only portion of FEAT_Debugv8p2 that is relevant to QEMU
is CONTEXTIDR_EL2, which is also conditionally implemented
with FEAT_VHE. The rest of the debug extension concerns the
External debug interface, which is outside the scope of QEMU.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220506180242.216785-12-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Imply the TPM sysbus devices. This allows users to add TPM devices to
the RISC-V virt board.
This was tested by first creating an emulated TPM device:
swtpm socket --tpm2 -t -d --tpmstate dir=/tmp/tpm \
--ctrl type=unixio,path=swtpm-sock
Then launching QEMU with:
-chardev socket,id=chrtpm,path=swtpm-sock \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
-device tpm-tis-device,tpmdev=tpm0
The TPM device can be seen in the memory tree and the generated device
tree.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/942
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220427234146.1130752-7-alistair.francis@opensource.wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
The description in the Arm ARM of the requirements of FEAT_BBM is
admirably clear on the guarantees it provides software, but slightly
more obscure on what that means for implementations. The description
of the equivalent SMMU feature in the SMMU specification (IHI0070D.b
section 3.21.1) is perhaps a bit more detailed and includes some
example valid implementation choices. (The SMMU version of this
feature is slightly tighter than the CPU version: the CPU is permitted
to raise TLB Conflict aborts in some situations that the SMMU may
not. This doesn't matter for QEMU because we don't want to do TLB
Conflict aborts anyway.)
The informal summary of FEAT_BBM is that it is about permitting an OS
to switch a range of memory between "covered by a huge page" and
"covered by a sequence of normal pages" without having to engage in
the 'break-before-make' dance that has traditionally been
necessary. The 'break-before-make' sequence is:
* replace the old translation table entry with an invalid entry
* execute a DSB insn
* execute a broadcast TLB invalidate insn
* execute a DSB insn
* write the new translation table entry
* execute a DSB insn
The point of this is to ensure that no TLB can simultaneously contain
TLB entries for the old and the new entry, which would traditionally
be UNPREDICTABLE (allowing the CPU to generate a TLB Conflict fault
or to use a random mishmash of values from the old and the new
entry). FEAT_BBM level 2 says "for the specific case where the only
thing that changed is the size of the block, the TLB is guaranteed
not to do weird things even if there are multiple entries for an
address", which means that software can now do:
* replace old translation table entry with new entry
* DSB
* broadcast TLB invalidate
* DSB
As the SMMU spec notes, valid ways to do this include:
* if there are multiple entries in the TLB for an address,
choose one of them and use it, ignoring the others
* if there are multiple entries in the TLB for an address,
throw them all out and do a page table walk to get a new one
QEMU's page table walk implementation for Arm CPUs already meets the
requirements for FEAT_BBM level 2. When we cache an entry in our TCG
TLB, we do so only for the specific (non-huge) page that the address
is in, and there is no way for the TLB data structure to ever have
more than one TLB entry for that page. (We handle huge pages only in
that we track what part of the address space is covered by huge pages
so that a TLB invalidate operation for an address in a huge page
results in an invalidation of the whole TLB.) We ignore the Contiguous
bit in page table entries, so we don't have to do anything for the
parts of FEAT_BBM that deal with changis to the Contiguous bit.
FEAT_BBM level 2 also requires that the nT bit in block descriptors
must be ignored; since commit 39a1fd2528 we do this.
It's therefore safe for QEMU to advertise FEAT_BBM level 2 by
setting ID_AA64MMFR2_EL1.BBM to 2.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220426160422.2353158-3-peter.maydell@linaro.org
The Arm FEAT_TTL architectural feature allows the guest to provide an
optional hint in an AArch64 TLB invalidate operation about which
translation table level holds the leaf entry for the address being
invalidated. QEMU's TLB implementation doesn't need that hint, and
we correctly ignore the (previously RES0) bits in TLB invalidate
operation values that are now used for the TTL field. So we can
simply advertise support for it in our 'max' CPU.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220426160422.2353158-2-peter.maydell@linaro.org
Add support for the TCG GICv4 to the virt board. For the board,
the GICv4 is very similar to the GICv3, with the only difference
being the size of the redistributor frame. The changes here are thus:
* calculating virt_redist_capacity correctly for GICv4
* changing various places which were "if GICv3" to be "if not GICv2"
* the commandline option handling
Note that using GICv4 reduces the maximum possible number of CPUs on
the virt board from 512 to 317, because we can now only fit half as
many redistributors into the redistributor regions we have defined.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220408141550.1271295-42-peter.maydell@linaro.org
Describe that the gic-version influences the maximum number of CPUs.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Message-id: 20220413231456.35811-1-heinrich.schuchardt@canonical.com
[PMM: minor punctuation tweaks]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add a section explaining how the Guest Owner should calculate the
expected guest launch measurement for SEV and SEV-ES.
Also update the name and links to the SEV API Spec document.
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20220217110059.2320497-1-dovmurik@linux.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Message-id: 20220402204523.32643-1-pisa@cmp.felk.cvut.cz
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* Fixup checks for ext_zb[abcs]
* Add AIA support for virt machine
* Increase maximum number of CPUs in virt machine
* Fixup OpenTitan SPI address
* Add support for zfinx, zdinx and zhinx{min} extensions
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEE9sSsRtSTSGjTuM6PIeENKd+XcFQFAmIgUZ8ACgkQIeENKd+X
cFTzegf8DbUYFLpyfURm6bJoJfLQHjtjB4Hs6PnszJZZAEtC6Ia+551TDjh93vTf
GTbpWm0BlugQqEeyg+Mioe2mb2EhK2w208RGXRSDjT9QFVOaIp83NDAjaQTPqs22
XC35ygJYuo1Yf0WoJV77aB6IYPZB3ba5i+dkGb6lk60Ru5ULqoLvqp73tNe5KvNB
uVAEy+ubzjmzWs5hGPw95HqTIbcMGnlHew4XU6xJaiJixSy71Z5nOCCn+2sxk+6A
QW59Onglyfk01F9ac3GMLvi2e+FUdj0S0y07oVqchzxXWYpYwgTO4Xkt794c8mqU
T02kuelfubr1qH1z/IolStju1JnaXw==
=LzOY
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20220303' into staging
Fifth RISC-V PR for QEMU 7.0
* Fixup checks for ext_zb[abcs]
* Add AIA support for virt machine
* Increase maximum number of CPUs in virt machine
* Fixup OpenTitan SPI address
* Add support for zfinx, zdinx and zhinx{min} extensions
# gpg: Signature made Thu 03 Mar 2022 05:26:55 GMT
# gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [full]
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054
* remotes/alistair/tags/pull-riscv-to-apply-20220303:
target/riscv: expose zfinx, zdinx, zhinx{min} properties
target/riscv: add support for zhinx/zhinxmin
target/riscv: add support for zdinx
target/riscv: add support for zfinx
target/riscv: hardwire mstatus.FS to zero when enable zfinx
target/riscv: add cfg properties for zfinx, zdinx and zhinx{min}
hw: riscv: opentitan: fixup SPI addresses
hw/riscv: virt: Increase maximum number of allowed CPUs
docs/system: riscv: Document AIA options for virt machine
hw/riscv: virt: Add optional AIA IMSIC support to virt machine
hw/intc: Add RISC-V AIA IMSIC device emulation
hw/riscv: virt: Add optional AIA APLIC support to virt machine
target/riscv: fix inverted checks for ext_zb[abcs]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
We have two new machine options "aia" and "aia-guests" available
for the RISC-V virt machine so let's document these options.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Signed-off-by: Anup Patel <anup@brainfault.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-Id: <20220220085526.808674-5-anup@brainfault.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
This feature widens physical addresses (and intermediate physical
addresses for 2-stage translation) from 48 to 52 bits, when using
4k or 16k pages.
This introduces the DS bit to TCR_ELx, which is RES0 unless the
page size is enabled and supports LPA2, resulting in the effective
value of DS for a given table walk. The DS bit changes the format
of the page table descriptor slightly, moving the PS field out to
TCR so that all pages have the same sharability and repurposing
those bits of the page table descriptor for the highest bits of
the output address.
Do not yet enable FEAT_LPA2; we need extra plumbing to avoid
tickling an old kernel bug.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220301215958.157011-17-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This feature widens physical addresses (and intermediate physical
addresses for 2-stage translation) from 48 to 52 bits, when using
64k pages. The only thing left at this point is to handle the
extra bits in the TTBR and in the table descriptors.
Note that PAR_EL1 and HPFAR_EL2 are nominally extended, but we don't
mask out the high bits when writing to those registers, so no changes
are required there.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220301215958.157011-11-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This feature is relatively small, as it applies only to
64k pages and thus requires no additional changes to the
table descriptor walking algorithm, only a change to the
minimum TSZ (which is the inverse of the maximum virtual
address space size).
Note that this feature widens VBAR_ELx, but we already
treat the register as being 64 bits wide.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220301215958.157011-10-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* Removal of the swift-bmc machine
* New Secure Boot Controller model
* Improvements on the rainier machine
* Various small cleanups
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmIbOjkACgkQUaNDx8/7
7KHl4w//QySSZtdkk0fLIHg6q4aSeehLZWro5JVRs+ZGtmM6ixi95RNQwEyiM3g6
fHbkgsE3YHh3rnX5KckTPwMq+LctLSebrUtOvHQyTcHckCjwn90Vyaw7hSBROeGz
8Yieb6qda2kEnX61yGlE80go3WDuA2kyRw2bvHOhT5Vzsb2Xq8xflziFv+gHH4NT
Hf/AiCSh6uCILT0JyhZF4Swzip+jDGytryPdBThBtptShyscCgIKb9GqVTVHbWXi
dCe+eDDPUm7npOfP5RmHE249tz+SwS+YejTShewt0FALzglxu/GZI3UNEg0Ays+0
E7uWeSFrgQE5lZvht3Z7Duc0GCGQxYkVwhUtr2e/9dLUIRTrcdj/55h/VgeaSzR5
3RXtbwNAaumE0JdgKXFwmBuPNRNzZa89hrBcvswkcVXtlB2hsWlWLniKJHbafNHk
vOMABrEeWCZYT794J0yFrunCUFPCNUXpPYJJdRBeIktiHzRGJYHraX7i/aJ5ltse
VaDVbEdHaB11H8Y2cQJtjda/zM84DaqGQj9EkQPCRe7w3bnWQLSJ1qcahszV0P+Z
y+DkoFRr3LKVE9dIS/N4gwIBWk5AymqSqAVizQ61rq8ZetUNdgTT12EC39djhATi
OfudYiQKc33gvYOLLFSST2tiv/NK/GfIGc2Ag1qME30NYnam50Q=
=0F2M
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/legoater/tags/pull-aspeed-20220227' into staging
aspeed queue:
* Removal of the swift-bmc machine
* New Secure Boot Controller model
* Improvements on the rainier machine
* Various small cleanups
# gpg: Signature made Sun 27 Feb 2022 08:45:45 GMT
# gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1
* remotes/legoater/tags/pull-aspeed-20220227:
aspeed/sdmc: Add trace events
aspeed/smc: Add an address mask on segment registers
aspeed: Introduce a create_pca9552() helper
aspeed: rainier: Add strap values taken from hardware
aspeed: rainier: Add i2c LED devices
ast2600: Add Secure Boot Controller model
arm: Remove swift-bmc machine
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
It was scheduled for removal in 7.0.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
- Improves documentation of SSH fingerprint checking
- Fixes SHA256 fingerprints with non-blockdev usage
- Blocks the clone3, setns, unshare & execveat syscalls
with seccomp
- Blocks process spawning via clone syscall, but allows
threads, with seccomp
- Takes over seccomp maintainer role
- Expands firmware descriptor spec to allow flash
without NVRAM
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmIOOBkACgkQvobrtBUQ
T9/ruhAAr8jkAH8FN5ftx2/L7q8SHpjPupue1CJ0Nl/ykmYhTGc+SqC3R2nZWOk2
Ws8hHVcDVT1lhrGxPtU7o+JPC1TebJTsloimJoKQY3qfdvZadJeR/4KsOUzi2ruu
VZ6HiYvZc1c9T+NPf3QRhBo7yyascKWKWHDseUNIt/2DiefCox4QFUDDMG86HiQF
KK30xWTvwJdcPxRlbfZbWRoqA0v4OoSDK6Ftp94FQSNBkExO85kstDq3xVaApf8H
DE1QD7gf+dvz11wVuFhrf4d1EH032nU0p0kMxhABc4/kZXo5iWXohhzML3/MUEVT
pe5/9pzUdWpfXQd/2r7x2PyPgySAG7lGbkgltowY52qnRPaNw9ukwkFCFAj8wiD8
FT2ghvkYD3zLfnZ3nuuzJVjf3pXgCc5VcfXaoffT72a7gpI1LTuEqPFwo04imV4l
21fYFx26mYTGCLH1CwVw8MQ2z/dg6uorT/NHdmRA/KrYJ1Elay2K7DV3Z5jOM5MI
0Ll5HkfsUut+1rioUjNgmlQ+96k/G0P0hVUoTUIcgl3U/GDx2+ypcrNTfmEcaCLV
bOhsjtrcg/KAXsCSbvnfDe3bWf0txnscyqoilEzDahLvciWG3d6qlhczLy29LGb4
/w7iqnUcSygXc+a9/ckVo1h5fo0i9qb3W8Pw9klapvz6SGJ83g4=
=PeCY
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/berrange-gitlab/tags/misc-next-pull-request' into staging
This misc series of changes:
- Improves documentation of SSH fingerprint checking
- Fixes SHA256 fingerprints with non-blockdev usage
- Blocks the clone3, setns, unshare & execveat syscalls
with seccomp
- Blocks process spawning via clone syscall, but allows
threads, with seccomp
- Takes over seccomp maintainer role
- Expands firmware descriptor spec to allow flash
without NVRAM
# gpg: Signature made Thu 17 Feb 2022 11:57:13 GMT
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* remotes/berrange-gitlab/tags/misc-next-pull-request:
docs: expand firmware descriptor to allow flash without NVRAM
MAINTAINERS: take over seccomp from Eduardo Otubo
seccomp: block setns, unshare and execveat syscalls
seccomp: block use of clone3 syscall
seccomp: fix blocking of process spawning
seccomp: add unit test for seccomp filtering
seccomp: allow action to be customized per syscall
block: print the server key type and fingerprint on failure
block: support sha256 fingerprint with pre-blockdev options
block: better document SSH host key fingerprint checking
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This is the BMC attached to the OpenBMC Mori board.
Signed-off-by: Patrick Venture <venture@google.com>
Reviewed-by: Chris Rauer <crauer@google.com>
Reviewed-by: Ilkyun Choi <ikchoi@google.com>
Message-id: 20220208233104.284425-1-venture@google.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The docs still illustrate host key fingerprint checking using the old
md5 hashes which are considered insecure and obsolete. Change it to
illustrate using a sha256 hash. Also show how to extract the hash
value from the known_hosts file.
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Since the hypervisor extension been non experimental and enabled for
default CPU, the previous command is no longer available and the
option `x-h=true` or `h=true` is also no longer required.
Signed-off-by: Yu Li <liyu.yukiteru@bytedance.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <9040401e-8f87-ef4a-d840-6703f08d068c@bytedance.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Also rstfy the documentation for AMD SEV, and link it.
The documentation for PEF had been merged into the pseries doc,
fix the reference.
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220204161251.241877-1-cohuck@redhat.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Buglink: https://gitlab.com/qemu-project/qemu/-/issues/527
Signed-off-by: Lucas Ramage <lucas.ramage@infinite-omicron.com>
Message-id: 20220105205628.5491-1-oxr463@gmx.us
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: Move to docs/system/devices/ rather than top-level;
fix a pre-existing typo in passing]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Add basic support for Pointer Authentication when running a KVM
guest and that the host supports it, loosely based on the SVE
support.
Although the feature is enabled by default when the host advertises
it, it is possible to disable it by setting the 'pauth=off' CPU
property. The 'pauth' comment is removed from cpu-features.rst,
as it is now common to both TCG and KVM.
Tested on an Apple M1 running 5.16-rc6.
Cc: Eric Auger <eric.auger@redhat.com>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220107150154.2490308-1-maz@kernel.org
[PMM: fixed indentation]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
- fix compiler warnings with ui and sdl
- update QXL/spice dependancy
- skip I/O tests on Alpine
- update fedora image to latest version
- integrate lcitool and regenerate docker images
- favour CONFIG_LINUX_USER over CONFIG_LINUX
- add libfuse3 dependencies to docker images
- add dtb-kaslr-seed control knob to virt machine
- fix build breakage from HMP update
- update docs for C standard and suffix usage
- add more logging for debugging user hole finding
- expand reserve for brk() for static 64 bit programs
- fix bug with linux-user hole calculation
- avoid affecting flags when printing results in float tests
- add float reference files for ppc64
- update FreeBSD to 12.3
- add bison dependancy to tricore images
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmHm7y4ACgkQ+9DbCVqe
KkSsDwgAgWiOUtnPxNnZ3PuLQpIDCGSotjshCXo9PhPu/SWedvMfTftPU+g3wxbl
+A2GZcNnVPaOrJo7hfDtOtir9UJUFTmyv8KtPhUYmtxxiv3HWM1RvgrBQnMEvo5A
GFAq6jSFclH4HTSxz4FHbEl0TM3feQbSfbMWI6Q1Q+aPm8hWSzhClIqBCwsJJdm8
hi76BE9o94BtvA6Qv2CoPvGsOzpV0X0VXaljf1W927BzJu+b0wEGwIm61+eovNsh
DS2kDZk+PpiYeRN/oC40Z6ozR/Lf/jZ/87AnN3gV/yLDwa5cafA+GtmcKMx1IJIc
BVm0bJo+KzHfYiVjYTJhsU7C2W71PA==
=uBQq
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/stsquad/tags/pull-for-7.0-180122-2' into staging
Various testing and other misc updates:
- fix compiler warnings with ui and sdl
- update QXL/spice dependancy
- skip I/O tests on Alpine
- update fedora image to latest version
- integrate lcitool and regenerate docker images
- favour CONFIG_LINUX_USER over CONFIG_LINUX
- add libfuse3 dependencies to docker images
- add dtb-kaslr-seed control knob to virt machine
- fix build breakage from HMP update
- update docs for C standard and suffix usage
- add more logging for debugging user hole finding
- expand reserve for brk() for static 64 bit programs
- fix bug with linux-user hole calculation
- avoid affecting flags when printing results in float tests
- add float reference files for ppc64
- update FreeBSD to 12.3
- add bison dependancy to tricore images
# gpg: Signature made Tue 18 Jan 2022 16:47:42 GMT
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* remotes/stsquad/tags/pull-for-7.0-180122-2: (31 commits)
docker: include bison in debian-tricore-cross
FreeBSD: Upgrade to 12.3 release
test/tcg/ppc64le: Add float reference files
tests/tcg/multiarch: Read fp flags before printf
linux-user: don't adjust base of found hole
linux-user/elfload: add extra logging for hole finding
linux-user: expand reserved brk space for 64bit guests
docs/devel: more documentation on the use of suffixes
docs/devel: update C standard to C11
monitor: move x-query-profile into accel/tcg to fix build
hw/arm: add control knob to disable kaslr_seed via DTB
tests/docker: add libfuse3 development headers
tests/tcg: use CONFIG_LINUX_USER, not CONFIG_LINUX
tests/docker: auto-generate alpine.docker with lcitool
tests/docker: fully expand the alpine package list
tests/docker: fix sorting of alpine image package lists
tests/docker: updates to alpine package list
.gitlab-ci.d/cirrus: auto-generate variables with lcitool
tests/docker: remove ubuntu.docker container
tests/docker: auto-generate opensuse-leap.docker with lcitool
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Generally a guest needs an external source of randomness to properly
enable things like address space randomisation. However in a trusted
boot environment where the firmware will cryptographically verify
components having random data in the DTB will cause verification to
fail. Add a control knob so we can prevent this being added to the
system DTB.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Message-Id: <20220105135009.1584676-22-alex.bennee@linaro.org>
The Protected Execution Facility is only available with the pseries
machine, so let's merge the old ASCII text into the new RST file now.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220105103232.405204-1-thuth@redhat.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>