xref: /openbmc/qemu/hw/ppc/pef.c (revision 6016b7b4)
1 /*
2  * PEF (Protected Execution Facility) for POWER support
3  *
4  * Copyright Red Hat.
5  *
6  * This work is licensed under the terms of the GNU GPL, version 2 or later.
7  * See the COPYING file in the top-level directory.
8  *
9  */
10 
11 #include "qemu/osdep.h"
12 
13 #include "qapi/error.h"
14 #include "qom/object_interfaces.h"
15 #include "sysemu/kvm.h"
16 #include "migration/blocker.h"
17 #include "exec/confidential-guest-support.h"
18 #include "hw/ppc/pef.h"
19 
20 #define TYPE_PEF_GUEST "pef-guest"
21 OBJECT_DECLARE_SIMPLE_TYPE(PefGuest, PEF_GUEST)
22 
23 typedef struct PefGuest PefGuest;
24 typedef struct PefGuestClass PefGuestClass;
25 
26 struct PefGuestClass {
27     ConfidentialGuestSupportClass parent_class;
28 };
29 
30 /**
31  * PefGuest:
32  *
33  * The PefGuest object is used for creating and managing a PEF
34  * guest.
35  *
36  * # $QEMU \
37  *         -object pef-guest,id=pef0 \
38  *         -machine ...,confidential-guest-support=pef0
39  */
40 struct PefGuest {
41     ConfidentialGuestSupport parent_obj;
42 };
43 
44 static int kvmppc_svm_init(ConfidentialGuestSupport *cgs, Error **errp)
45 {
46 #ifdef CONFIG_KVM
47     static Error *pef_mig_blocker;
48 
49     if (!kvm_check_extension(kvm_state, KVM_CAP_PPC_SECURE_GUEST)) {
50         error_setg(errp,
51                    "KVM implementation does not support Secure VMs (is an ultravisor running?)");
52         return -1;
53     } else {
54         int ret = kvm_vm_enable_cap(kvm_state, KVM_CAP_PPC_SECURE_GUEST, 0, 1);
55 
56         if (ret < 0) {
57             error_setg(errp,
58                        "Error enabling PEF with KVM");
59             return -1;
60         }
61     }
62 
63     /* add migration blocker */
64     error_setg(&pef_mig_blocker, "PEF: Migration is not implemented");
65     /* NB: This can fail if --only-migratable is used */
66     migrate_add_blocker(pef_mig_blocker, &error_fatal);
67 
68     cgs->ready = true;
69 
70     return 0;
71 #else
72     g_assert_not_reached();
73 #endif
74 }
75 
76 /*
77  * Don't set error if KVM_PPC_SVM_OFF ioctl is invoked on kernels
78  * that don't support this ioctl.
79  */
80 static int kvmppc_svm_off(Error **errp)
81 {
82 #ifdef CONFIG_KVM
83     int rc;
84 
85     rc = kvm_vm_ioctl(KVM_STATE(current_accel()), KVM_PPC_SVM_OFF);
86     if (rc && rc != -ENOTTY) {
87         error_setg_errno(errp, -rc, "KVM_PPC_SVM_OFF ioctl failed");
88         return rc;
89     }
90     return 0;
91 #else
92     g_assert_not_reached();
93 #endif
94 }
95 
96 int pef_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
97 {
98     if (!object_dynamic_cast(OBJECT(cgs), TYPE_PEF_GUEST)) {
99         return 0;
100     }
101 
102     if (!kvm_enabled()) {
103         error_setg(errp, "PEF requires KVM");
104         return -1;
105     }
106 
107     return kvmppc_svm_init(cgs, errp);
108 }
109 
110 int pef_kvm_reset(ConfidentialGuestSupport *cgs, Error **errp)
111 {
112     if (!object_dynamic_cast(OBJECT(cgs), TYPE_PEF_GUEST)) {
113         return 0;
114     }
115 
116     /*
117      * If we don't have KVM we should never have been able to
118      * initialize PEF, so we should never get this far
119      */
120     assert(kvm_enabled());
121 
122     return kvmppc_svm_off(errp);
123 }
124 
125 OBJECT_DEFINE_TYPE_WITH_INTERFACES(PefGuest,
126                                    pef_guest,
127                                    PEF_GUEST,
128                                    CONFIDENTIAL_GUEST_SUPPORT,
129                                    { TYPE_USER_CREATABLE },
130                                    { NULL })
131 
132 static void pef_guest_class_init(ObjectClass *oc, void *data)
133 {
134 }
135 
136 static void pef_guest_init(Object *obj)
137 {
138 }
139 
140 static void pef_guest_finalize(Object *obj)
141 {
142 }
143