search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
gitlab-ci.d/buildtest: Disintegrate the build-coroutine-sigaltstack job
[qemu/ar7.git] / hw / s390x / pv.c
blob49ea38236c769f0fd177bbce0c3065c5ba4a911c
1 /*
2 * Protected Virtualization functions
3 *
4 * Copyright IBM Corp. 2020
5 * Author(s):
6 * Janosch Frank <frankja@linux.ibm.com>
7 *
8 * This work is licensed under the terms of the GNU GPL, version 2 or (at
9 * your option) any later version. See the COPYING file in the top-level
10 * directory.
11 */
12 #include "qemu/osdep.h"
13
14 #include <linux/kvm.h>
15
16 #include "qapi/error.h"
17 #include "qemu/error-report.h"
18 #include "sysemu/kvm.h"
19 #include "sysemu/cpus.h"
20 #include "qom/object_interfaces.h"
21 #include "exec/confidential-guest-support.h"
22 #include "hw/s390x/ipl.h"
23 #include "hw/s390x/pv.h"
24 #include "hw/s390x/sclp.h"
25 #include "target/s390x/kvm/kvm_s390x.h"
26
27 static bool info_valid;
28 static struct kvm_s390_pv_info_vm info_vm;
29 static struct kvm_s390_pv_info_dump info_dump;
30
31 static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data)
32 {
33 struct kvm_pv_cmd pv_cmd = {
34 .cmd = cmd,
35 .data = (uint64_t)data,
36 };
37 int rc;
38
39 do {
40 rc = kvm_vm_ioctl(kvm_state, KVM_S390_PV_COMMAND, &pv_cmd);
41 } while (rc == -EINTR);
42
43 if (rc) {
44 error_report("KVM PV command %d (%s) failed: header rc %x rrc %x "
45 "IOCTL rc: %d", cmd, cmdname, pv_cmd.rc, pv_cmd.rrc,
46 rc);
47 }
48 return rc;
49 }
50
51 /*
52 * This macro lets us pass the command as a string to the function so
53 * we can print it on an error.
54 */
55 #define s390_pv_cmd(cmd, data) __s390_pv_cmd(cmd, #cmd, data)
56 #define s390_pv_cmd_exit(cmd, data) \
57 { \
58 int rc; \
59 \
60 rc = __s390_pv_cmd(cmd, #cmd, data);\
61 if (rc) { \
62 exit(1); \
63 } \
64 }
65
66 int s390_pv_query_info(void)
67 {
68 struct kvm_s390_pv_info info = {
69 .header.id = KVM_PV_INFO_VM,
70 .header.len_max = sizeof(info.header) + sizeof(info.vm),
71 };
72 int rc;
73
74 /* Info API's first user is dump so they are bundled */
75 if (!kvm_s390_get_protected_dump()) {
76 return 0;
77 }
78
79 rc = s390_pv_cmd(KVM_PV_INFO, &info);
80 if (rc) {
81 error_report("KVM PV INFO cmd %x failed: %s",
82 info.header.id, strerror(-rc));
83 return rc;
84 }
85 memcpy(&info_vm, &info.vm, sizeof(info.vm));
86
87 info.header.id = KVM_PV_INFO_DUMP;
88 info.header.len_max = sizeof(info.header) + sizeof(info.dump);
89 rc = s390_pv_cmd(KVM_PV_INFO, &info);
90 if (rc) {
91 error_report("KVM PV INFO cmd %x failed: %s",
92 info.header.id, strerror(-rc));
93 return rc;
94 }
95
96 memcpy(&info_dump, &info.dump, sizeof(info.dump));
97 info_valid = true;
98
99 return rc;
100 }
101
102 int s390_pv_vm_enable(void)
103 {
104 return s390_pv_cmd(KVM_PV_ENABLE, NULL);
105 }
106
107 void s390_pv_vm_disable(void)
108 {
109 s390_pv_cmd_exit(KVM_PV_DISABLE, NULL);
110 }
111
112 static void *s390_pv_do_unprot_async_fn(void *p)
113 {
114 s390_pv_cmd_exit(KVM_PV_ASYNC_CLEANUP_PERFORM, NULL);
115 return NULL;
116 }
117
118 bool s390_pv_vm_try_disable_async(void)
119 {
120 /*
121 * t is only needed to create the thread; once qemu_thread_create
122 * returns, it can safely be discarded.
123 */
124 QemuThread t;
125
126 if (!kvm_check_extension(kvm_state, KVM_CAP_S390_PROTECTED_ASYNC_DISABLE)) {
127 return false;
128 }
129 if (s390_pv_cmd(KVM_PV_ASYNC_CLEANUP_PREPARE, NULL) != 0) {
130 return false;
131 }
132
133 qemu_thread_create(&t, "async_cleanup", s390_pv_do_unprot_async_fn, NULL,
134 QEMU_THREAD_DETACHED);
135
136 return true;
137 }
138
139 int s390_pv_set_sec_parms(uint64_t origin, uint64_t length)
140 {
141 struct kvm_s390_pv_sec_parm args = {
142 .origin = origin,
143 .length = length,
144 };
145
146 return s390_pv_cmd(KVM_PV_SET_SEC_PARMS, &args);
147 }
148
149 /*
150 * Called for each component in the SE type IPL parameter block 0.
151 */
152 int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak)
153 {
154 struct kvm_s390_pv_unp args = {
155 .addr = addr,
156 .size = size,
157 .tweak = tweak,
158 };
159
160 return s390_pv_cmd(KVM_PV_UNPACK, &args);
161 }
162
163 void s390_pv_prep_reset(void)
164 {
165 s390_pv_cmd_exit(KVM_PV_PREP_RESET, NULL);
166 }
167
168 int s390_pv_verify(void)
169 {
170 return s390_pv_cmd(KVM_PV_VERIFY, NULL);
171 }
172
173 void s390_pv_unshare(void)
174 {
175 s390_pv_cmd_exit(KVM_PV_UNSHARE_ALL, NULL);
176 }
177
178 void s390_pv_inject_reset_error(CPUState *cs)
179 {
180 int r1 = (cs->kvm_run->s390_sieic.ipa & 0x00f0) >> 4;
181 CPUS390XState *env = &S390_CPU(cs)->env;
182
183 /* Report that we are unable to enter protected mode */
184 env->regs[r1 + 1] = DIAG_308_RC_INVAL_FOR_PV;
185 }
186
187 uint64_t kvm_s390_pv_dmp_get_size_cpu(void)
188 {
189 return info_dump.dump_cpu_buffer_len;
190 }
191
192 uint64_t kvm_s390_pv_dmp_get_size_completion_data(void)
193 {
194 return info_dump.dump_config_finalize_len;
195 }
196
197 uint64_t kvm_s390_pv_dmp_get_size_mem_state(void)
198 {
199 return info_dump.dump_config_mem_buffer_per_1m;
200 }
201
202 bool kvm_s390_pv_info_basic_valid(void)
203 {
204 return info_valid;
205 }
206
207 static int s390_pv_dump_cmd(uint64_t subcmd, uint64_t uaddr, uint64_t gaddr,
208 uint64_t len)
209 {
210 struct kvm_s390_pv_dmp dmp = {
211 .subcmd = subcmd,
212 .buff_addr = uaddr,
213 .buff_len = len,
214 .gaddr = gaddr,
215 };
216 int ret;
217
218 ret = s390_pv_cmd(KVM_PV_DUMP, (void *)&dmp);
219 if (ret) {
220 error_report("KVM DUMP command %ld failed", subcmd);
221 }
222 return ret;
223 }
224
225 int kvm_s390_dump_cpu(S390CPU *cpu, void *buff)
226 {
227 struct kvm_s390_pv_dmp dmp = {
228 .subcmd = KVM_PV_DUMP_CPU,
229 .buff_addr = (uint64_t)buff,
230 .gaddr = 0,
231 .buff_len = info_dump.dump_cpu_buffer_len,
232 };
233 struct kvm_pv_cmd pv = {
234 .cmd = KVM_PV_DUMP,
235 .data = (uint64_t)&dmp,
236 };
237
238 return kvm_vcpu_ioctl(CPU(cpu), KVM_S390_PV_CPU_COMMAND, &pv);
239 }
240
241 int kvm_s390_dump_init(void)
242 {
243 return s390_pv_dump_cmd(KVM_PV_DUMP_INIT, 0, 0, 0);
244 }
245
246 int kvm_s390_dump_mem_state(uint64_t gaddr, size_t len, void *dest)
247 {
248 return s390_pv_dump_cmd(KVM_PV_DUMP_CONFIG_STOR_STATE, (uint64_t)dest,
249 gaddr, len);
250 }
251
252 int kvm_s390_dump_completion_data(void *buff)
253 {
254 return s390_pv_dump_cmd(KVM_PV_DUMP_COMPLETE, (uint64_t)buff, 0,
255 info_dump.dump_config_finalize_len);
256 }
257
258 #define TYPE_S390_PV_GUEST "s390-pv-guest"
259 OBJECT_DECLARE_SIMPLE_TYPE(S390PVGuest, S390_PV_GUEST)
260
261 /**
262 * S390PVGuest:
263 *
264 * The S390PVGuest object is basically a dummy used to tell the
265 * confidential guest support system to use s390's PV mechanism.
266 *
267 * # $QEMU \
268 * -object s390-pv-guest,id=pv0 \
269 * -machine ...,confidential-guest-support=pv0
270 */
271 struct S390PVGuest {
272 ConfidentialGuestSupport parent_obj;
273 };
274
275 typedef struct S390PVGuestClass S390PVGuestClass;
276
277 struct S390PVGuestClass {
278 ConfidentialGuestSupportClass parent_class;
279 };
280
281 /*
282 * If protected virtualization is enabled, the amount of data that the
283 * Read SCP Info Service Call can use is limited to one page. The
284 * available space also depends on the Extended-Length SCCB (ELS)
285 * feature which can take more buffer space to store feature
286 * information. This impacts the maximum number of CPUs supported in
287 * the machine.
288 */
289 static uint32_t s390_pv_get_max_cpus(void)
290 {
291 int offset_cpu = s390_has_feat(S390_FEAT_EXTENDED_LENGTH_SCCB) ?
292 offsetof(ReadInfo, entries) : SCLP_READ_SCP_INFO_FIXED_CPU_OFFSET;
293
294 return (TARGET_PAGE_SIZE - offset_cpu) / sizeof(CPUEntry);
295 }
296
297 static bool s390_pv_check_cpus(Error **errp)
298 {
299 MachineState *ms = MACHINE(qdev_get_machine());
300 uint32_t pv_max_cpus = s390_pv_get_max_cpus();
301
302 if (ms->smp.max_cpus > pv_max_cpus) {
303 error_setg(errp, "Protected VMs support a maximum of %d CPUs",
304 pv_max_cpus);
305 return false;
306 }
307
308 return true;
309 }
310
311 static bool s390_pv_guest_check(ConfidentialGuestSupport *cgs, Error **errp)
312 {
313 return s390_pv_check_cpus(errp);
314 }
315
316 int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
317 {
318 if (!object_dynamic_cast(OBJECT(cgs), TYPE_S390_PV_GUEST)) {
319 return 0;
320 }
321
322 if (!s390_has_feat(S390_FEAT_UNPACK)) {
323 error_setg(errp,
324 "CPU model does not support Protected Virtualization");
325 return -1;
326 }
327
328 if (!s390_pv_guest_check(cgs, errp)) {
329 return -1;
330 }
331
332 cgs->ready = true;
333
334 return 0;
335 }
336
337 OBJECT_DEFINE_TYPE_WITH_INTERFACES(S390PVGuest,
338 s390_pv_guest,
339 S390_PV_GUEST,
340 CONFIDENTIAL_GUEST_SUPPORT,
341 { TYPE_USER_CREATABLE },
342 { NULL })
343
344 static void s390_pv_guest_class_init(ObjectClass *oc, void *data)
345 {
346 }
347
348 static void s390_pv_guest_init(Object *obj)
349 {
350 }
351
352 static void s390_pv_guest_finalize(Object *obj)
353 {
354 }
AR7 emulation for QEMU