1 /*
2 * Protected Virtualization functions
3 *
4 * Copyright IBM Corp. 2020
5 * Author(s):
6 * Janosch Frank <frankja@linux.ibm.com>
7 *
8 * This work is licensed under the terms of the GNU GPL, version 2 or (at
9 * your option) any later version. See the COPYING file in the top-level
10 * directory.
11 */
12 #include "qemu/osdep.h"
13
14 #include <linux/kvm.h>
15
16 #include "qemu/units.h"
17 #include "qapi/error.h"
18 #include "qemu/error-report.h"
19 #include "sysemu/kvm.h"
20 #include "sysemu/cpus.h"
21 #include "qom/object_interfaces.h"
22 #include "exec/confidential-guest-support.h"
23 #include "hw/s390x/ipl.h"
24 #include "hw/s390x/sclp.h"
25 #include "target/s390x/kvm/kvm_s390x.h"
26 #include "target/s390x/kvm/pv.h"
27
28 static bool info_valid;
29 static struct kvm_s390_pv_info_vm info_vm;
30 static struct kvm_s390_pv_info_dump info_dump;
31
__s390_pv_cmd(uint32_t cmd,const char * cmdname,void * data,int * pvrc)32 static int __s390_pv_cmd(uint32_t cmd, const char *cmdname, void *data,
33 int *pvrc)
34 {
35 struct kvm_pv_cmd pv_cmd = {
36 .cmd = cmd,
37 .data = (uint64_t)data,
38 };
39 int rc;
40
41 do {
42 rc = kvm_vm_ioctl(kvm_state, KVM_S390_PV_COMMAND, &pv_cmd);
43 } while (rc == -EINTR);
44
45 if (rc) {
46 error_report("KVM PV command %d (%s) failed: header rc %x rrc %x "
47 "IOCTL rc: %d", cmd, cmdname, pv_cmd.rc, pv_cmd.rrc,
48 rc);
49 }
50 if (pvrc) {
51 *pvrc = pv_cmd.rc;
52 }
53 return rc;
54 }
55
56 /*
57 * This macro lets us pass the command as a string to the function so
58 * we can print it on an error.
59 */
60 #define s390_pv_cmd(cmd, data) __s390_pv_cmd(cmd, #cmd, data, NULL)
61 #define s390_pv_cmd_pvrc(cmd, data, pvrc) __s390_pv_cmd(cmd, #cmd, data, pvrc)
62 #define s390_pv_cmd_exit(cmd, data) \
63 { \
64 int rc; \
65 \
66 rc = __s390_pv_cmd(cmd, #cmd, data, NULL); \
67 if (rc) { \
68 exit(1); \
69 } \
70 }
71
s390_pv_query_info(void)72 int s390_pv_query_info(void)
73 {
74 struct kvm_s390_pv_info info = {
75 .header.id = KVM_PV_INFO_VM,
76 .header.len_max = sizeof(info.header) + sizeof(info.vm),
77 };
78 int rc;
79
80 /* Info API's first user is dump so they are bundled */
81 if (!kvm_s390_get_protected_dump()) {
82 return 0;
83 }
84
85 rc = s390_pv_cmd(KVM_PV_INFO, &info);
86 if (rc) {
87 error_report("KVM PV INFO cmd %x failed: %s",
88 info.header.id, strerror(-rc));
89 return rc;
90 }
91 memcpy(&info_vm, &info.vm, sizeof(info.vm));
92
93 info.header.id = KVM_PV_INFO_DUMP;
94 info.header.len_max = sizeof(info.header) + sizeof(info.dump);
95 rc = s390_pv_cmd(KVM_PV_INFO, &info);
96 if (rc) {
97 error_report("KVM PV INFO cmd %x failed: %s",
98 info.header.id, strerror(-rc));
99 return rc;
100 }
101
102 memcpy(&info_dump, &info.dump, sizeof(info.dump));
103 info_valid = true;
104
105 return rc;
106 }
107
s390_pv_vm_enable(void)108 int s390_pv_vm_enable(void)
109 {
110 return s390_pv_cmd(KVM_PV_ENABLE, NULL);
111 }
112
s390_pv_vm_disable(void)113 void s390_pv_vm_disable(void)
114 {
115 s390_pv_cmd_exit(KVM_PV_DISABLE, NULL);
116 }
117
s390_pv_do_unprot_async_fn(void * p)118 static void *s390_pv_do_unprot_async_fn(void *p)
119 {
120 s390_pv_cmd_exit(KVM_PV_ASYNC_CLEANUP_PERFORM, NULL);
121 return NULL;
122 }
123
s390_pv_vm_try_disable_async(S390CcwMachineState * ms)124 bool s390_pv_vm_try_disable_async(S390CcwMachineState *ms)
125 {
126 /*
127 * t is only needed to create the thread; once qemu_thread_create
128 * returns, it can safely be discarded.
129 */
130 QemuThread t;
131
132 /*
133 * If the feature is not present or if the VM is not larger than 2 GiB,
134 * KVM_PV_ASYNC_CLEANUP_PREPARE fill fail; no point in attempting it.
135 */
136 if ((MACHINE(ms)->maxram_size <= 2 * GiB) ||
137 !kvm_check_extension(kvm_state, KVM_CAP_S390_PROTECTED_ASYNC_DISABLE)) {
138 return false;
139 }
140 if (s390_pv_cmd(KVM_PV_ASYNC_CLEANUP_PREPARE, NULL) != 0) {
141 return false;
142 }
143
144 qemu_thread_create(&t, "async_cleanup", s390_pv_do_unprot_async_fn, NULL,
145 QEMU_THREAD_DETACHED);
146
147 return true;
148 }
149
s390_pv_set_sec_parms(uint64_t origin,uint64_t length,Error ** errp)150 int s390_pv_set_sec_parms(uint64_t origin, uint64_t length, Error **errp)
151 {
152 int ret, pvrc;
153 struct kvm_s390_pv_sec_parm args = {
154 .origin = origin,
155 .length = length,
156 };
157
158 ret = s390_pv_cmd_pvrc(KVM_PV_SET_SEC_PARMS, &args, &pvrc);
159 if (ret) {
160 error_setg(errp, "Failed to set secure execution parameters");
161 if (pvrc == 0x108) {
162 error_append_hint(errp, "Please check whether the image is "
163 "correctly encrypted for this host\n");
164 }
165 }
166
167 return ret;
168 }
169
170 /*
171 * Called for each component in the SE type IPL parameter block 0.
172 */
s390_pv_unpack(uint64_t addr,uint64_t size,uint64_t tweak)173 int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak)
174 {
175 struct kvm_s390_pv_unp args = {
176 .addr = addr,
177 .size = size,
178 .tweak = tweak,
179 };
180
181 return s390_pv_cmd(KVM_PV_UNPACK, &args);
182 }
183
s390_pv_prep_reset(void)184 void s390_pv_prep_reset(void)
185 {
186 s390_pv_cmd_exit(KVM_PV_PREP_RESET, NULL);
187 }
188
s390_pv_verify(void)189 int s390_pv_verify(void)
190 {
191 return s390_pv_cmd(KVM_PV_VERIFY, NULL);
192 }
193
s390_pv_unshare(void)194 void s390_pv_unshare(void)
195 {
196 s390_pv_cmd_exit(KVM_PV_UNSHARE_ALL, NULL);
197 }
198
s390_pv_inject_reset_error(CPUState * cs)199 void s390_pv_inject_reset_error(CPUState *cs)
200 {
201 int r1 = (cs->kvm_run->s390_sieic.ipa & 0x00f0) >> 4;
202 CPUS390XState *env = &S390_CPU(cs)->env;
203
204 /* Report that we are unable to enter protected mode */
205 env->regs[r1 + 1] = DIAG_308_RC_INVAL_FOR_PV;
206 }
207
kvm_s390_pv_dmp_get_size_cpu(void)208 uint64_t kvm_s390_pv_dmp_get_size_cpu(void)
209 {
210 return info_dump.dump_cpu_buffer_len;
211 }
212
kvm_s390_pv_dmp_get_size_completion_data(void)213 uint64_t kvm_s390_pv_dmp_get_size_completion_data(void)
214 {
215 return info_dump.dump_config_finalize_len;
216 }
217
kvm_s390_pv_dmp_get_size_mem_state(void)218 uint64_t kvm_s390_pv_dmp_get_size_mem_state(void)
219 {
220 return info_dump.dump_config_mem_buffer_per_1m;
221 }
222
kvm_s390_pv_info_basic_valid(void)223 bool kvm_s390_pv_info_basic_valid(void)
224 {
225 return info_valid;
226 }
227
s390_pv_dump_cmd(uint64_t subcmd,uint64_t uaddr,uint64_t gaddr,uint64_t len)228 static int s390_pv_dump_cmd(uint64_t subcmd, uint64_t uaddr, uint64_t gaddr,
229 uint64_t len)
230 {
231 struct kvm_s390_pv_dmp dmp = {
232 .subcmd = subcmd,
233 .buff_addr = uaddr,
234 .buff_len = len,
235 .gaddr = gaddr,
236 };
237 int ret;
238
239 ret = s390_pv_cmd(KVM_PV_DUMP, (void *)&dmp);
240 if (ret) {
241 error_report("KVM DUMP command %ld failed", subcmd);
242 }
243 return ret;
244 }
245
kvm_s390_dump_cpu(S390CPU * cpu,void * buff)246 int kvm_s390_dump_cpu(S390CPU *cpu, void *buff)
247 {
248 struct kvm_s390_pv_dmp dmp = {
249 .subcmd = KVM_PV_DUMP_CPU,
250 .buff_addr = (uint64_t)buff,
251 .gaddr = 0,
252 .buff_len = info_dump.dump_cpu_buffer_len,
253 };
254 struct kvm_pv_cmd pv = {
255 .cmd = KVM_PV_DUMP,
256 .data = (uint64_t)&dmp,
257 };
258
259 return kvm_vcpu_ioctl(CPU(cpu), KVM_S390_PV_CPU_COMMAND, &pv);
260 }
261
kvm_s390_dump_init(void)262 int kvm_s390_dump_init(void)
263 {
264 return s390_pv_dump_cmd(KVM_PV_DUMP_INIT, 0, 0, 0);
265 }
266
kvm_s390_dump_mem_state(uint64_t gaddr,size_t len,void * dest)267 int kvm_s390_dump_mem_state(uint64_t gaddr, size_t len, void *dest)
268 {
269 return s390_pv_dump_cmd(KVM_PV_DUMP_CONFIG_STOR_STATE, (uint64_t)dest,
270 gaddr, len);
271 }
272
kvm_s390_dump_completion_data(void * buff)273 int kvm_s390_dump_completion_data(void *buff)
274 {
275 return s390_pv_dump_cmd(KVM_PV_DUMP_COMPLETE, (uint64_t)buff, 0,
276 info_dump.dump_config_finalize_len);
277 }
278
279 #define TYPE_S390_PV_GUEST "s390-pv-guest"
280 OBJECT_DECLARE_SIMPLE_TYPE(S390PVGuest, S390_PV_GUEST)
281
282 /**
283 * S390PVGuest:
284 *
285 * The S390PVGuest object is basically a dummy used to tell the
286 * confidential guest support system to use s390's PV mechanism.
287 *
288 * # $QEMU \
289 * -object s390-pv-guest,id=pv0 \
290 * -machine ...,confidential-guest-support=pv0
291 */
292 struct S390PVGuest {
293 ConfidentialGuestSupport parent_obj;
294 };
295
296 typedef struct S390PVGuestClass S390PVGuestClass;
297
298 struct S390PVGuestClass {
299 ConfidentialGuestSupportClass parent_class;
300 };
301
302 /*
303 * If protected virtualization is enabled, the amount of data that the
304 * Read SCP Info Service Call can use is limited to one page. The
305 * available space also depends on the Extended-Length SCCB (ELS)
306 * feature which can take more buffer space to store feature
307 * information. This impacts the maximum number of CPUs supported in
308 * the machine.
309 */
s390_pv_get_max_cpus(void)310 static uint32_t s390_pv_get_max_cpus(void)
311 {
312 int offset_cpu = s390_has_feat(S390_FEAT_EXTENDED_LENGTH_SCCB) ?
313 offsetof(ReadInfo, entries) : SCLP_READ_SCP_INFO_FIXED_CPU_OFFSET;
314
315 return (TARGET_PAGE_SIZE - offset_cpu) / sizeof(CPUEntry);
316 }
317
s390_pv_check_cpus(Error ** errp)318 static bool s390_pv_check_cpus(Error **errp)
319 {
320 MachineState *ms = MACHINE(qdev_get_machine());
321 uint32_t pv_max_cpus = s390_pv_get_max_cpus();
322
323 if (ms->smp.max_cpus > pv_max_cpus) {
324 error_setg(errp, "Protected VMs support a maximum of %d CPUs",
325 pv_max_cpus);
326 return false;
327 }
328
329 return true;
330 }
331
s390_pv_guest_check(ConfidentialGuestSupport * cgs,Error ** errp)332 static bool s390_pv_guest_check(ConfidentialGuestSupport *cgs, Error **errp)
333 {
334 return s390_pv_check_cpus(errp);
335 }
336
s390_pv_kvm_init(ConfidentialGuestSupport * cgs,Error ** errp)337 static int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
338 {
339 if (!object_dynamic_cast(OBJECT(cgs), TYPE_S390_PV_GUEST)) {
340 return 0;
341 }
342
343 if (!kvm_enabled()) {
344 error_setg(errp, "Protected Virtualization requires KVM");
345 return -1;
346 }
347
348 if (!s390_has_feat(S390_FEAT_UNPACK)) {
349 error_setg(errp,
350 "CPU model does not support Protected Virtualization");
351 return -1;
352 }
353
354 if (!s390_pv_guest_check(cgs, errp)) {
355 return -1;
356 }
357
358 cgs->ready = true;
359
360 return 0;
361 }
362
363 OBJECT_DEFINE_TYPE_WITH_INTERFACES(S390PVGuest,
364 s390_pv_guest,
365 S390_PV_GUEST,
366 CONFIDENTIAL_GUEST_SUPPORT,
367 { TYPE_USER_CREATABLE },
368 { NULL })
369
s390_pv_guest_class_init(ObjectClass * oc,void * data)370 static void s390_pv_guest_class_init(ObjectClass *oc, void *data)
371 {
372 ConfidentialGuestSupportClass *klass = CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc);
373
374 klass->kvm_init = s390_pv_kvm_init;
375 }
376
s390_pv_guest_init(Object * obj)377 static void s390_pv_guest_init(Object *obj)
378 {
379 }
380
s390_pv_guest_finalize(Object * obj)381 static void s390_pv_guest_finalize(Object *obj)
382 {
383 }
384