1 /*
2 * Protected Virtualization functions
3 *
4 * Copyright IBM Corp. 2020
5 * Author(s):
6 * Janosch Frank <frankja@linux.ibm.com>
7 *
8 * This work is licensed under the terms of the GNU GPL, version 2 or (at
9 * your option) any later version. See the COPYING file in the top-level
10 * directory.
11 */
12 #include "qemu/osdep.h"
13
14 #include <linux/kvm.h>
15
16 #include "qemu/units.h"
17 #include "qapi/error.h"
18 #include "qemu/error-report.h"
19 #include "sysemu/kvm.h"
20 #include "sysemu/cpus.h"
21 #include "qom/object_interfaces.h"
22 #include "exec/confidential-guest-support.h"
23 #include "hw/s390x/ipl.h"
24 #include "hw/s390x/sclp.h"
25 #include "target/s390x/kvm/kvm_s390x.h"
26 #include "target/s390x/kvm/pv.h"
27
28 static bool info_valid;
29 static struct kvm_s390_pv_info_vm info_vm;
30 static struct kvm_s390_pv_info_dump info_dump;
31
__s390_pv_cmd(uint32_t cmd,const char * cmdname,void * data)32 static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data)
33 {
34 struct kvm_pv_cmd pv_cmd = {
35 .cmd = cmd,
36 .data = (uint64_t)data,
37 };
38 int rc;
39
40 do {
41 rc = kvm_vm_ioctl(kvm_state, KVM_S390_PV_COMMAND, &pv_cmd);
42 } while (rc == -EINTR);
43
44 if (rc) {
45 error_report("KVM PV command %d (%s) failed: header rc %x rrc %x "
46 "IOCTL rc: %d", cmd, cmdname, pv_cmd.rc, pv_cmd.rrc,
47 rc);
48 }
49 return rc;
50 }
51
52 /*
53 * This macro lets us pass the command as a string to the function so
54 * we can print it on an error.
55 */
56 #define s390_pv_cmd(cmd, data) __s390_pv_cmd(cmd, #cmd, data)
57 #define s390_pv_cmd_exit(cmd, data) \
58 { \
59 int rc; \
60 \
61 rc = __s390_pv_cmd(cmd, #cmd, data);\
62 if (rc) { \
63 exit(1); \
64 } \
65 }
66
s390_pv_query_info(void)67 int s390_pv_query_info(void)
68 {
69 struct kvm_s390_pv_info info = {
70 .header.id = KVM_PV_INFO_VM,
71 .header.len_max = sizeof(info.header) + sizeof(info.vm),
72 };
73 int rc;
74
75 /* Info API's first user is dump so they are bundled */
76 if (!kvm_s390_get_protected_dump()) {
77 return 0;
78 }
79
80 rc = s390_pv_cmd(KVM_PV_INFO, &info);
81 if (rc) {
82 error_report("KVM PV INFO cmd %x failed: %s",
83 info.header.id, strerror(-rc));
84 return rc;
85 }
86 memcpy(&info_vm, &info.vm, sizeof(info.vm));
87
88 info.header.id = KVM_PV_INFO_DUMP;
89 info.header.len_max = sizeof(info.header) + sizeof(info.dump);
90 rc = s390_pv_cmd(KVM_PV_INFO, &info);
91 if (rc) {
92 error_report("KVM PV INFO cmd %x failed: %s",
93 info.header.id, strerror(-rc));
94 return rc;
95 }
96
97 memcpy(&info_dump, &info.dump, sizeof(info.dump));
98 info_valid = true;
99
100 return rc;
101 }
102
s390_pv_vm_enable(void)103 int s390_pv_vm_enable(void)
104 {
105 return s390_pv_cmd(KVM_PV_ENABLE, NULL);
106 }
107
s390_pv_vm_disable(void)108 void s390_pv_vm_disable(void)
109 {
110 s390_pv_cmd_exit(KVM_PV_DISABLE, NULL);
111 }
112
s390_pv_do_unprot_async_fn(void * p)113 static void *s390_pv_do_unprot_async_fn(void *p)
114 {
115 s390_pv_cmd_exit(KVM_PV_ASYNC_CLEANUP_PERFORM, NULL);
116 return NULL;
117 }
118
s390_pv_vm_try_disable_async(S390CcwMachineState * ms)119 bool s390_pv_vm_try_disable_async(S390CcwMachineState *ms)
120 {
121 /*
122 * t is only needed to create the thread; once qemu_thread_create
123 * returns, it can safely be discarded.
124 */
125 QemuThread t;
126
127 /*
128 * If the feature is not present or if the VM is not larger than 2 GiB,
129 * KVM_PV_ASYNC_CLEANUP_PREPARE fill fail; no point in attempting it.
130 */
131 if ((MACHINE(ms)->maxram_size <= 2 * GiB) ||
132 !kvm_check_extension(kvm_state, KVM_CAP_S390_PROTECTED_ASYNC_DISABLE)) {
133 return false;
134 }
135 if (s390_pv_cmd(KVM_PV_ASYNC_CLEANUP_PREPARE, NULL) != 0) {
136 return false;
137 }
138
139 qemu_thread_create(&t, "async_cleanup", s390_pv_do_unprot_async_fn, NULL,
140 QEMU_THREAD_DETACHED);
141
142 return true;
143 }
144
s390_pv_set_sec_parms(uint64_t origin,uint64_t length)145 int s390_pv_set_sec_parms(uint64_t origin, uint64_t length)
146 {
147 struct kvm_s390_pv_sec_parm args = {
148 .origin = origin,
149 .length = length,
150 };
151
152 return s390_pv_cmd(KVM_PV_SET_SEC_PARMS, &args);
153 }
154
155 /*
156 * Called for each component in the SE type IPL parameter block 0.
157 */
s390_pv_unpack(uint64_t addr,uint64_t size,uint64_t tweak)158 int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak)
159 {
160 struct kvm_s390_pv_unp args = {
161 .addr = addr,
162 .size = size,
163 .tweak = tweak,
164 };
165
166 return s390_pv_cmd(KVM_PV_UNPACK, &args);
167 }
168
s390_pv_prep_reset(void)169 void s390_pv_prep_reset(void)
170 {
171 s390_pv_cmd_exit(KVM_PV_PREP_RESET, NULL);
172 }
173
s390_pv_verify(void)174 int s390_pv_verify(void)
175 {
176 return s390_pv_cmd(KVM_PV_VERIFY, NULL);
177 }
178
s390_pv_unshare(void)179 void s390_pv_unshare(void)
180 {
181 s390_pv_cmd_exit(KVM_PV_UNSHARE_ALL, NULL);
182 }
183
s390_pv_inject_reset_error(CPUState * cs)184 void s390_pv_inject_reset_error(CPUState *cs)
185 {
186 int r1 = (cs->kvm_run->s390_sieic.ipa & 0x00f0) >> 4;
187 CPUS390XState *env = &S390_CPU(cs)->env;
188
189 /* Report that we are unable to enter protected mode */
190 env->regs[r1 + 1] = DIAG_308_RC_INVAL_FOR_PV;
191 }
192
kvm_s390_pv_dmp_get_size_cpu(void)193 uint64_t kvm_s390_pv_dmp_get_size_cpu(void)
194 {
195 return info_dump.dump_cpu_buffer_len;
196 }
197
kvm_s390_pv_dmp_get_size_completion_data(void)198 uint64_t kvm_s390_pv_dmp_get_size_completion_data(void)
199 {
200 return info_dump.dump_config_finalize_len;
201 }
202
kvm_s390_pv_dmp_get_size_mem_state(void)203 uint64_t kvm_s390_pv_dmp_get_size_mem_state(void)
204 {
205 return info_dump.dump_config_mem_buffer_per_1m;
206 }
207
kvm_s390_pv_info_basic_valid(void)208 bool kvm_s390_pv_info_basic_valid(void)
209 {
210 return info_valid;
211 }
212
s390_pv_dump_cmd(uint64_t subcmd,uint64_t uaddr,uint64_t gaddr,uint64_t len)213 static int s390_pv_dump_cmd(uint64_t subcmd, uint64_t uaddr, uint64_t gaddr,
214 uint64_t len)
215 {
216 struct kvm_s390_pv_dmp dmp = {
217 .subcmd = subcmd,
218 .buff_addr = uaddr,
219 .buff_len = len,
220 .gaddr = gaddr,
221 };
222 int ret;
223
224 ret = s390_pv_cmd(KVM_PV_DUMP, (void *)&dmp);
225 if (ret) {
226 error_report("KVM DUMP command %ld failed", subcmd);
227 }
228 return ret;
229 }
230
kvm_s390_dump_cpu(S390CPU * cpu,void * buff)231 int kvm_s390_dump_cpu(S390CPU *cpu, void *buff)
232 {
233 struct kvm_s390_pv_dmp dmp = {
234 .subcmd = KVM_PV_DUMP_CPU,
235 .buff_addr = (uint64_t)buff,
236 .gaddr = 0,
237 .buff_len = info_dump.dump_cpu_buffer_len,
238 };
239 struct kvm_pv_cmd pv = {
240 .cmd = KVM_PV_DUMP,
241 .data = (uint64_t)&dmp,
242 };
243
244 return kvm_vcpu_ioctl(CPU(cpu), KVM_S390_PV_CPU_COMMAND, &pv);
245 }
246
kvm_s390_dump_init(void)247 int kvm_s390_dump_init(void)
248 {
249 return s390_pv_dump_cmd(KVM_PV_DUMP_INIT, 0, 0, 0);
250 }
251
kvm_s390_dump_mem_state(uint64_t gaddr,size_t len,void * dest)252 int kvm_s390_dump_mem_state(uint64_t gaddr, size_t len, void *dest)
253 {
254 return s390_pv_dump_cmd(KVM_PV_DUMP_CONFIG_STOR_STATE, (uint64_t)dest,
255 gaddr, len);
256 }
257
kvm_s390_dump_completion_data(void * buff)258 int kvm_s390_dump_completion_data(void *buff)
259 {
260 return s390_pv_dump_cmd(KVM_PV_DUMP_COMPLETE, (uint64_t)buff, 0,
261 info_dump.dump_config_finalize_len);
262 }
263
264 #define TYPE_S390_PV_GUEST "s390-pv-guest"
265 OBJECT_DECLARE_SIMPLE_TYPE(S390PVGuest, S390_PV_GUEST)
266
267 /**
268 * S390PVGuest:
269 *
270 * The S390PVGuest object is basically a dummy used to tell the
271 * confidential guest support system to use s390's PV mechanism.
272 *
273 * # $QEMU \
274 * -object s390-pv-guest,id=pv0 \
275 * -machine ...,confidential-guest-support=pv0
276 */
277 struct S390PVGuest {
278 ConfidentialGuestSupport parent_obj;
279 };
280
281 typedef struct S390PVGuestClass S390PVGuestClass;
282
283 struct S390PVGuestClass {
284 ConfidentialGuestSupportClass parent_class;
285 };
286
287 /*
288 * If protected virtualization is enabled, the amount of data that the
289 * Read SCP Info Service Call can use is limited to one page. The
290 * available space also depends on the Extended-Length SCCB (ELS)
291 * feature which can take more buffer space to store feature
292 * information. This impacts the maximum number of CPUs supported in
293 * the machine.
294 */
s390_pv_get_max_cpus(void)295 static uint32_t s390_pv_get_max_cpus(void)
296 {
297 int offset_cpu = s390_has_feat(S390_FEAT_EXTENDED_LENGTH_SCCB) ?
298 offsetof(ReadInfo, entries) : SCLP_READ_SCP_INFO_FIXED_CPU_OFFSET;
299
300 return (TARGET_PAGE_SIZE - offset_cpu) / sizeof(CPUEntry);
301 }
302
s390_pv_check_cpus(Error ** errp)303 static bool s390_pv_check_cpus(Error **errp)
304 {
305 MachineState *ms = MACHINE(qdev_get_machine());
306 uint32_t pv_max_cpus = s390_pv_get_max_cpus();
307
308 if (ms->smp.max_cpus > pv_max_cpus) {
309 error_setg(errp, "Protected VMs support a maximum of %d CPUs",
310 pv_max_cpus);
311 return false;
312 }
313
314 return true;
315 }
316
s390_pv_guest_check(ConfidentialGuestSupport * cgs,Error ** errp)317 static bool s390_pv_guest_check(ConfidentialGuestSupport *cgs, Error **errp)
318 {
319 return s390_pv_check_cpus(errp);
320 }
321
s390_pv_kvm_init(ConfidentialGuestSupport * cgs,Error ** errp)322 int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
323 {
324 if (!object_dynamic_cast(OBJECT(cgs), TYPE_S390_PV_GUEST)) {
325 return 0;
326 }
327
328 if (!s390_has_feat(S390_FEAT_UNPACK)) {
329 error_setg(errp,
330 "CPU model does not support Protected Virtualization");
331 return -1;
332 }
333
334 if (!s390_pv_guest_check(cgs, errp)) {
335 return -1;
336 }
337
338 cgs->ready = true;
339
340 return 0;
341 }
342
343 OBJECT_DEFINE_TYPE_WITH_INTERFACES(S390PVGuest,
344 s390_pv_guest,
345 S390_PV_GUEST,
346 CONFIDENTIAL_GUEST_SUPPORT,
347 { TYPE_USER_CREATABLE },
348 { NULL })
349
s390_pv_guest_class_init(ObjectClass * oc,void * data)350 static void s390_pv_guest_class_init(ObjectClass *oc, void *data)
351 {
352 }
353
s390_pv_guest_init(Object * obj)354 static void s390_pv_guest_init(Object *obj)
355 {
356 }
357
s390_pv_guest_finalize(Object * obj)358 static void s390_pv_guest_finalize(Object *obj)
359 {
360 }
361