From nobody Sun Apr 12 05:58:01 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=@amazon.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=amazon.com ARC-Seal: i=1; a=rsa-sha256; t=1772057355; cv=none; d=zohomail.com; s=zohoarc; b=SqdHraS/tGHjzb4OaLFSk9BDOskOTc59S+Arj0e0hw/WcsOpBmgX48Qvfs3hYRpbmEA7kgCSSzIgGdC464xAJtLTCNOE2zVOPuz+B8QebaTuPuOf9iFMHwuiwuZ5/FAOhnlF1O1beeL7pqG1hV8UyG6s/UwhLoYgiUMliWNXyPY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1772057355; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=hKg80vcjhwVyaAMjAPlJL47yWajpQhi5gfbyyrIibqE=; b=Jv8JxXOEdMKpJuq+77xbPB7Gzw+QH+rsvV1ufT6cettAsUIaY66+CEVTXKwaTC6aYsiu/ZtfQfSLlbW0OmBowRMc3UGpGD0luKN0D8nkMY/hBPNu0cuFV7cEWjOC0Faae/Bll5jJdn7ajP1yFtDPifc8y7MPeX00ZCaTZdNGDDw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=@amazon.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1772057355751927.0423685253525; Wed, 25 Feb 2026 14:09:15 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vvN44-0006i6-OF; Wed, 25 Feb 2026 17:09:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vvN3x-0006Yq-T1; Wed, 25 Feb 2026 17:08:59 -0500 Received: from pdx-out-015.esa.us-west-2.outbound.mail-perimeter.amazon.com ([50.112.246.219]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vvN3m-0000xV-1V; Wed, 25 Feb 2026 17:08:56 -0500 Received: from ip-10-5-6-203.us-west-2.compute.internal (HELO smtpout.naws.us-west-2.prod.farcaster.email.amazon.dev) ([10.5.6.203]) by internal-pdx-out-015.esa.us-west-2.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Feb 2026 22:08:44 +0000 Received: from EX19MTAUWB002.ant.amazon.com [205.251.233.48:7305] by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.12.226:2525] with esmtp (Farcaster) id 7dc35f0a-2d1d-4998-a4ab-908d61a0d051; Wed, 25 Feb 2026 22:08:43 +0000 (UTC) Received: from EX19D020UWC004.ant.amazon.com (10.13.138.149) by EX19MTAUWB002.ant.amazon.com (10.250.64.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.37; Wed, 25 Feb 2026 22:08:41 +0000 Received: from ip-10-253-83-51.amazon.com (172.19.99.218) by EX19D020UWC004.ant.amazon.com (10.13.138.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.37; Wed, 25 Feb 2026 22:08:38 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2; t=1772057326; x=1803593326; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=hKg80vcjhwVyaAMjAPlJL47yWajpQhi5gfbyyrIibqE=; b=g9YvSwUtNnmMJoj/olvTbhdcEasyfgFBduqcWU7CyTJiC4cotqtGuAb7 Ur1oOWjeqLFnYfz/+FU95yU5MNCjMqAGvyr4WJRuBCpgDcsePTM/kROKn x5SkvzemKkmuWmF1vkNzB1a8DiOQrZRuEDi6KNKA4IdA4P7igHEKWB/0Z sybvjh2JonB43HiIHkmta698Nj4x+hNsBuAsDaZfCZaBUvi4a62UD2/gS QzpVYlC4KF+CoTCILt90Q4kNmtis/vcM5TFi3L8Pz47yyObqGfgak8gxa xxotomkkPTPpz66vZssNa4cjUhlZGnor5+QjL7OsIaSXjU36t7tnTHLdA Q==; X-CSE-ConnectionGUID: keWSL0H+TNeoFmInim4Saw== X-CSE-MsgGUID: /fls2Kv6Q9CX5vTBfBY4fg== X-IronPort-AV: E=Sophos;i="6.21,311,1763424000"; d="scan'208";a="13629814" X-Farcaster-Flow-ID: 7dc35f0a-2d1d-4998-a4ab-908d61a0d051 From: Alexander Graf To: CC: , Peter Maydell , "Thomas Huth" , , , , , Cornelia Huck , , Dorjoy Chowdhury , Pierrick Bouvier , Paolo Bonzini , Tyler Fanelli , , Subject: [PATCH v3 03/11] hw/nitro: Add Nitro Vsock Bus Date: Wed, 25 Feb 2026 22:07:57 +0000 Message-ID: <20260225220807.33092-4-graf@amazon.com> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20260225220807.33092-1-graf@amazon.com> References: <20260225220807.33092-1-graf@amazon.com> MIME-Version: 1.0 X-Originating-IP: [172.19.99.218] X-ClientProxiedBy: EX19D032UWB002.ant.amazon.com (10.13.139.190) To EX19D020UWC004.ant.amazon.com (10.13.138.149) Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=50.112.246.219; envelope-from=prvs=509822c20=graf@amazon.de; helo=pdx-out-015.esa.us-west-2.outbound.mail-perimeter.amazon.com X-Spam_score_int: -1 X-Spam_score: -0.2 X-Spam_bar: / X-Spam_report: (-0.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.734, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.78, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, UNPARSEABLE_RELAY=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @amazon.com) X-ZM-MESSAGEID: 1772057356690158500 Add a dedicated bus for Nitro Enclave vsock devices. In Nitro Enclaves, communication between parent and enclave/hypervisor happens almost exclusively through vsock. The nitro-vsock-bus models this dependency in QEMU, which allows devices in this bus to implement individual services on top of vsock. The nitro machine spawns this bus by creating the included nitro-vsock-bridge sysbus device. The nitro accel then advertises the Enclave's CID to the bus by calling nitro_vsock_bridge_start_enclave() on the bridge device as soon as it knows the CID. Nitro vsock devices can listen to that event and learn the Enclave's CID when it is available to perform actions, such as connect to the debug serial vsock port. Suggested-by: Paolo Bonzini Signed-off-by: Alexander Graf --- MAINTAINERS | 6 ++ hw/Kconfig | 1 + hw/meson.build | 1 + hw/nitro/Kconfig | 2 + hw/nitro/meson.build | 1 + hw/nitro/nitro-vsock-bus.c | 98 ++++++++++++++++++++++++++++++ hw/nitro/trace-events | 2 + hw/nitro/trace.h | 4 ++ include/hw/nitro/nitro-vsock-bus.h | 71 ++++++++++++++++++++++ meson.build | 1 + 10 files changed, 187 insertions(+) create mode 100644 hw/nitro/Kconfig create mode 100644 hw/nitro/meson.build create mode 100644 hw/nitro/nitro-vsock-bus.c create mode 100644 hw/nitro/trace-events create mode 100644 hw/nitro/trace.h create mode 100644 include/hw/nitro/nitro-vsock-bus.h diff --git a/MAINTAINERS b/MAINTAINERS index d3aa6d6732..44da7a5fc5 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -3016,6 +3016,12 @@ F: hw/vmapple/* F: include/hw/vmapple/* F: docs/system/arm/vmapple.rst =20 +Nitro Enclaves (native) +M: Alexander Graf +S: Maintained +F: hw/nitro/ +F: include/hw/nitro/ + Subsystems ---------- Overall Audio backends diff --git a/hw/Kconfig b/hw/Kconfig index f8f92b5d03..b3ce1520a6 100644 --- a/hw/Kconfig +++ b/hw/Kconfig @@ -22,6 +22,7 @@ source isa/Kconfig source mem/Kconfig source misc/Kconfig source net/Kconfig +source nitro/Kconfig source nubus/Kconfig source nvme/Kconfig source nvram/Kconfig diff --git a/hw/meson.build b/hw/meson.build index 66e46b8090..36da5322f7 100644 --- a/hw/meson.build +++ b/hw/meson.build @@ -44,6 +44,7 @@ subdir('isa') subdir('mem') subdir('misc') subdir('net') +subdir('nitro') subdir('nubus') subdir('nvme') subdir('nvram') diff --git a/hw/nitro/Kconfig b/hw/nitro/Kconfig new file mode 100644 index 0000000000..767472cb2c --- /dev/null +++ b/hw/nitro/Kconfig @@ -0,0 +1,2 @@ +config NITRO_VSOCK_BUS + bool diff --git a/hw/nitro/meson.build b/hw/nitro/meson.build new file mode 100644 index 0000000000..7e2807f137 --- /dev/null +++ b/hw/nitro/meson.build @@ -0,0 +1 @@ +system_ss.add(when: 'CONFIG_NITRO_VSOCK_BUS', if_true: files('nitro-vsock-= bus.c')) diff --git a/hw/nitro/nitro-vsock-bus.c b/hw/nitro/nitro-vsock-bus.c new file mode 100644 index 0000000000..eed29df512 --- /dev/null +++ b/hw/nitro/nitro-vsock-bus.c @@ -0,0 +1,98 @@ +/* + * Nitro Enclave Vsock Bus + * + * Copyright =C2=A9 2026 Amazon.com, Inc. or its affiliates. All Rights Re= served. + * + * Authors: + * Alexander Graf + * + * A bus for Nitro Enclave vsock devices. In Nitro Enclaves, communication + * between parent and enclave/hypervisor happens almost exclusively through + * vsock. The nitro-vsock-bus models this dependency in QEMU, which allows + * devices in this bus to implement individual services on top of vsock. + * + * The nitro accel advertises the Enclave's CID to the bus by calling + * nitro_vsock_bridge_start_enclave() on the bridge device as soon as it + * knows the CID. + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "qemu/osdep.h" +#include "qapi/error.h" +#include "monitor/qdev.h" +#include "hw/core/sysbus.h" +#include "hw/nitro/nitro-vsock-bus.h" + +void nitro_vsock_bridge_start_enclave(NitroVsockBridge *bridge, + uint32_t enclave_cid, Error **errp) +{ + ERRP_GUARD(); + BusState *qbus =3D BUS(&bridge->bus); + BusChild *kid; + + bridge->enclave_cid =3D enclave_cid; + + QTAILQ_FOREACH(kid, &qbus->children, sibling) { + NitroVsockDevice *ndev =3D NITRO_VSOCK_DEVICE(kid->child); + NitroVsockDeviceClass *ndc =3D NITRO_VSOCK_DEVICE_GET_CLASS(ndev); + + if (ndc->enclave_started) { + ndc->enclave_started(ndev, enclave_cid, errp); + if (*errp) { + return; + } + } + } +} + +NitroVsockBridge *nitro_vsock_bridge_create(void) +{ + DeviceState *dev =3D qdev_new(TYPE_NITRO_VSOCK_BRIDGE); + + qdev_set_id(dev, g_strdup("nitro-vsock"), &error_fatal); + sysbus_realize_and_unref(SYS_BUS_DEVICE(dev), &error_fatal); + + return NITRO_VSOCK_BRIDGE(dev); +} + +static void nitro_vsock_bridge_init(Object *obj) +{ + NitroVsockBridge *s =3D NITRO_VSOCK_BRIDGE(obj); + + qbus_init(&s->bus, sizeof(s->bus), TYPE_NITRO_VSOCK_BUS, + DEVICE(s), "nitro-vsock"); + object_property_add_uint32_ptr(obj, "enclave-cid", + &s->enclave_cid, OBJ_PROP_FLAG_READ); +} + +static void nitro_vsock_device_class_init(ObjectClass *oc, const void *dat= a) +{ + DeviceClass *dc =3D DEVICE_CLASS(oc); + + dc->bus_type =3D TYPE_NITRO_VSOCK_BUS; +} + +static const TypeInfo nitro_vsock_bus_types[] =3D { + { + .name =3D TYPE_NITRO_VSOCK_BUS, + .parent =3D TYPE_BUS, + .instance_size =3D sizeof(NitroVsockBus), + }, + { + .name =3D TYPE_NITRO_VSOCK_BRIDGE, + .parent =3D TYPE_SYS_BUS_DEVICE, + .instance_size =3D sizeof(NitroVsockBridge), + .instance_init =3D nitro_vsock_bridge_init, + }, + { + .name =3D TYPE_NITRO_VSOCK_DEVICE, + .parent =3D TYPE_DEVICE, + .instance_size =3D sizeof(NitroVsockDevice), + .class_size =3D sizeof(NitroVsockDeviceClass), + .class_init =3D nitro_vsock_device_class_init, + .abstract =3D true, + }, +}; + +DEFINE_TYPES(nitro_vsock_bus_types); diff --git a/hw/nitro/trace-events b/hw/nitro/trace-events new file mode 100644 index 0000000000..9ccc579048 --- /dev/null +++ b/hw/nitro/trace-events @@ -0,0 +1,2 @@ +# See docs/devel/tracing.rst for syntax documentation. + diff --git a/hw/nitro/trace.h b/hw/nitro/trace.h new file mode 100644 index 0000000000..b455d6c17b --- /dev/null +++ b/hw/nitro/trace.h @@ -0,0 +1,4 @@ +/* + * SPDX-License-Identifier: GPL-2.0-or-later + */ +#include "trace/trace-hw_nitro.h" diff --git a/include/hw/nitro/nitro-vsock-bus.h b/include/hw/nitro/nitro-vs= ock-bus.h new file mode 100644 index 0000000000..064260aa41 --- /dev/null +++ b/include/hw/nitro/nitro-vsock-bus.h @@ -0,0 +1,71 @@ +/* + * Nitro Enclave Vsock Bus + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#ifndef HW_NITRO_VSOCK_BUS_H +#define HW_NITRO_VSOCK_BUS_H + +#include "hw/core/qdev.h" +#include "hw/core/sysbus.h" +#include "qom/object.h" + +#define TYPE_NITRO_VSOCK_BUS "nitro-vsock-bus" +OBJECT_DECLARE_SIMPLE_TYPE(NitroVsockBus, NITRO_VSOCK_BUS) + +#define TYPE_NITRO_VSOCK_BRIDGE "nitro-vsock-bridge" +OBJECT_DECLARE_SIMPLE_TYPE(NitroVsockBridge, NITRO_VSOCK_BRIDGE) + +#define TYPE_NITRO_VSOCK_DEVICE "nitro-vsock-device" +OBJECT_DECLARE_TYPE(NitroVsockDevice, NitroVsockDeviceClass, + NITRO_VSOCK_DEVICE) + +struct NitroVsockBus { + BusState parent_obj; +}; + +struct NitroVsockBridge { + SysBusDevice parent_obj; + + NitroVsockBus bus; + uint32_t enclave_cid; +}; + +struct NitroVsockDevice { + DeviceState parent_obj; +}; + +struct NitroVsockDeviceClass { + DeviceClass parent_class; + + /* + * Called after the enclave has been started and the CID is known. + * Devices use this to establish vsock connections to the enclave. + */ + void (*enclave_started)(NitroVsockDevice *dev, uint32_t enclave_cid, + Error **errp); +}; + +/* + * Machine helper to create the Nitro vsock bridge sysbus device. + */ +NitroVsockBridge *nitro_vsock_bridge_create(void); + +/* + * Find the Nitro vsock bridge on the sysbus. + */ +static inline NitroVsockBridge *nitro_vsock_bridge_find(void) +{ + return NITRO_VSOCK_BRIDGE( + object_resolve_path_type("", TYPE_NITRO_VSOCK_BRIDGE, NULL)); +} + +/* + * Notify the bridge that the enclave has started. Dispatches + * enclave_started() to all devices on the bus. + */ +void nitro_vsock_bridge_start_enclave(NitroVsockBridge *bridge, + uint32_t enclave_cid, Error **errp); + +#endif /* HW_NITRO_VSOCK_BUS_H */ diff --git a/meson.build b/meson.build index 4af32c3e1f..b68dbae072 100644 --- a/meson.build +++ b/meson.build @@ -3623,6 +3623,7 @@ if have_system 'hw/misc/macio', 'hw/net', 'hw/net/can', + 'hw/nitro', 'hw/nubus', 'hw/nvme', 'hw/nvram', --=20 2.47.1 Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christof Hellmis, Andreas Stieger Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597