hw/ppc/pef.c

   1 /*
   2  * PEF (Protected Execution Facility) for POWER support
   3  *
   4  * Copyright Red Hat.
   5  *
   6  * This work is licensed under the terms of the GNU GPL, version 2 or later.
   7  * See the COPYING file in the top-level directory.
   8  *
   9  */
  10
  11 #include "qemu/osdep.h"
  12
  13 #include "qapi/error.h"
  14 #include "qom/object_interfaces.h"
  15 #include "sysemu/kvm.h"
  16 #include "migration/blocker.h"
  17 #include "exec/confidential-guest-support.h"
  18 #include "hw/ppc/pef.h"
  19
  20 #define TYPE_PEF_GUEST "pef-guest"
  21 OBJECT_DECLARE_SIMPLE_TYPE(PefGuest, PEF_GUEST)
  22
  23 typedef struct PefGuest PefGuest;
  24 typedef struct PefGuestClass PefGuestClass;
  25
  26 struct PefGuestClass {
  27     ConfidentialGuestSupportClass parent_class;
  28 };
  29
  30 /**
  31  * PefGuest:
  32  *
  33  * The PefGuest object is used for creating and managing a PEF
  34  * guest.
  35  *
  36  * # $QEMU \
  37  *         -object pef-guest,id=pef0 \
  38  *         -machine ...,confidential-guest-support=pef0
  39  */
  40 struct PefGuest {
  41     ConfidentialGuestSupport parent_obj;
  42 };
  43
  44 static int kvmppc_svm_init(Error **errp)
  45 {
  46 #ifdef CONFIG_KVM
  47     if (!kvm_check_extension(kvm_state, KVM_CAP_PPC_SECURE_GUEST)) {
  48         error_setg(errp,
  49                    "KVM implementation does not support Secure VMs (is an ultravisor running?)");
  50         return -1;
  51     } else {
  52         int ret = kvm_vm_enable_cap(kvm_state, KVM_CAP_PPC_SECURE_GUEST, 0, 1);
  53
  54         if (ret < 0) {
  55             error_setg(errp,
  56                        "Error enabling PEF with KVM");
  57             return -1;
  58         }
  59     }
  60
  61     return 0;
  62 #else
  63     g_assert_not_reached();
  64 #endif
  65 }
  66
  67 /*
  68  * Don't set error if KVM_PPC_SVM_OFF ioctl is invoked on kernels
  69  * that don't support this ioctl.
  70  */
  71 static int kvmppc_svm_off(Error **errp)
  72 {
  73 #ifdef CONFIG_KVM
  74     int rc;
  75
  76     rc = kvm_vm_ioctl(KVM_STATE(current_accel()), KVM_PPC_SVM_OFF);
  77     if (rc && rc != -ENOTTY) {
  78         error_setg_errno(errp, -rc, "KVM_PPC_SVM_OFF ioctl failed");
  79         return rc;
  80     }
  81     return 0;
  82 #else
  83     g_assert_not_reached();
  84 #endif
  85 }
  86
  87 int pef_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
  88 {
  89     if (!object_dynamic_cast(OBJECT(cgs), TYPE_PEF_GUEST)) {
  90         return 0;
  91     }
  92
  93     if (!kvm_enabled()) {
  94         error_setg(errp, "PEF requires KVM");
  95         return -1;
  96     }
  97
  98     return kvmppc_svm_init(errp);
  99 }
 100
 101 int pef_kvm_reset(ConfidentialGuestSupport *cgs, Error **errp)
 102 {
 103     if (!object_dynamic_cast(OBJECT(cgs), TYPE_PEF_GUEST)) {
 104         return 0;
 105     }
 106
 107     /*
 108      * If we don't have KVM we should never have been able to
 109      * initialize PEF, so we should never get this far
 110      */
 111     assert(kvm_enabled());
 112
 113     return kvmppc_svm_off(errp);
 114 }
 115
 116 OBJECT_DEFINE_TYPE_WITH_INTERFACES(PefGuest,
 117                                    pef_guest,
 118                                    PEF_GUEST,
 119                                    CONFIDENTIAL_GUEST_SUPPORT,
 120                                    { TYPE_USER_CREATABLE },
 121                                    { NULL })
 122
 123 static void pef_guest_class_init(ObjectClass *oc, void *data)
 124 {
 125 }
 126
 127 static void pef_guest_init(Object *obj)
 128 {
 129 }
 130
 131 static void pef_guest_finalize(Object *obj)
 132 {
 133 }