From: Christian Borntraeger <borntraeger@de.ibm.com>
To: Janosch Frank <frankja@linux.ibm.com>, qemu-devel@nongnu.org
Cc: qemu-s390x@nongnu.org, cohuck@redhat.com, david@redhat.com
Subject: Re: [PATCH v6 02/18] s390x: protvirt: Add diag308 subcodes 8 - 10
Date: Wed, 4 Mar 2020 19:59:03 +0100 [thread overview]
Message-ID: <0e56347f-eb63-84e8-3d6d-cbdac47a22f6@de.ibm.com> (raw)
In-Reply-To: <20200304114231.23493-3-frankja@linux.ibm.com>
On 04.03.20 12:42, Janosch Frank wrote:
> For diag308 subcodes 8 - 10 we have a new ipib of type 5. The ipib
> holds the address and length of the secure execution header, as well
> as a list of guest components.
>
> Each component is a block of memory, for example kernel or initrd,
> which needs to be decrypted by the Ultravisor in order to run a
> protected VM. The secure execution header instructs the Ultravisor on
> how to handle the protected VM and its components.
>
> Subcodes 8 and 9 are similiar to 5 and 6 and subcode 10 will finally
> start the protected guest.
>
> Subcodes 8-10 are not valid in protected mode, we have to do a subcode
> 3 and then the 8 and 10 combination for a protected reboot.
>
> Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
> ---
> hw/s390x/ipl.c | 47 ++++++++++++++++++++++++++++++++++++++++++---
> hw/s390x/ipl.h | 32 ++++++++++++++++++++++++++++++
> target/s390x/diag.c | 26 ++++++++++++++++++++++---
> 3 files changed, 99 insertions(+), 6 deletions(-)
>
> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
> index 9c1ecd423c..80c6ab233a 100644
> --- a/hw/s390x/ipl.c
> +++ b/hw/s390x/ipl.c
Can you update the copyright dates for files that you touch?
> @@ -538,15 +538,55 @@ static bool is_virtio_scsi_device(IplParameterBlock *iplb)
> return is_virtio_ccw_device_of_type(iplb, VIRTIO_ID_SCSI);
> }
>
> +int s390_ipl_pv_check_components(IplParameterBlock *iplb)
> +{
> + int i;
> + IPLBlockPV *ipib_pv = &iplb->pv;
> +
> + if (ipib_pv->num_comp == 0) {
> + return -EINVAL;
> + }
> +
> + for (i = 0; i < ipib_pv->num_comp; i++) {
> + /* Addr must be 4k aligned */
> + if (ipib_pv->components[i].addr & ~TARGET_PAGE_MASK) {
> + return -EINVAL;
> + }
> +
> + /* Tweak prefix is monotonously increasing with each component */
> + if (i < ipib_pv->num_comp - 1 &&
Why do we need this check? Isnt that already ensured by the for loop?
> + ipib_pv->components[i].tweak_pref >
> + ipib_pv->components[i + 1].tweak_pref) {
I think i+1 must be greater than i. So ">=" instead?
> + return -EINVAL;
> + }
> + }
> + return 0;
> +}
> +
> void s390_ipl_update_diag308(IplParameterBlock *iplb)
maybe add a comment that explains that a guest can have 2 IPLBs. one for
the secure guest and one thsat we go back to when rebooting.
> {
> S390IPLState *ipl = get_ipl_device();
>
> - ipl->iplb = *iplb;
> - ipl->iplb_valid = true;
> + if (iplb->pbt == S390_IPL_TYPE_PV) {
> + ipl->iplb_pv = *iplb;
> + ipl->iplb_valid_pv = true;
> + } else {
> + ipl->iplb = *iplb;
> + ipl->iplb_valid = true;
> + }
> ipl->netboot = is_virtio_net_device(iplb);
> }
>
> +IplParameterBlock *s390_ipl_get_iplb_secure(void)
> +{
> + S390IPLState *ipl = get_ipl_device();
> +
> + if (!ipl->iplb_valid_pv) {
> + return NULL;
> + }
> + return &ipl->iplb_pv;
> +}
> +
> IplParameterBlock *s390_ipl_get_iplb(void)
> {
> S390IPLState *ipl = get_ipl_device();
> @@ -561,7 +601,8 @@ void s390_ipl_reset_request(CPUState *cs, enum s390_reset reset_type)
> {
> S390IPLState *ipl = get_ipl_device();
>
> - if (reset_type == S390_RESET_EXTERNAL || reset_type == S390_RESET_REIPL) {
> + if (reset_type == S390_RESET_EXTERNAL || reset_type == S390_RESET_REIPL ||
> + reset_type == S390_RESET_PV) {
> /* use CPU 0 for full resets */
> ipl->reset_cpu_index = 0;
> } else {
> diff --git a/hw/s390x/ipl.h b/hw/s390x/ipl.h
> index d4813105db..04be63cee1 100644
> --- a/hw/s390x/ipl.h
> +++ b/hw/s390x/ipl.h
> @@ -15,6 +15,24 @@
> #include "cpu.h"
> #include "hw/qdev-core.h"
>
> +struct IPLBlockPVComp {
> + uint64_t tweak_pref;
> + uint64_t addr;
> + uint64_t size;
> +} QEMU_PACKED;
> +typedef struct IPLBlockPVComp IPLBlockPVComp;
> +
> +struct IPLBlockPV {
> + uint8_t reserved[87];
> + uint8_t version;
> + uint32_t reserved70;
Here you have 70 (the offset in hex I guess), I tßhink this is an odd name. In addition the reserved field 2 lines above has no address part in its
name.
next prev parent reply other threads:[~2020-03-04 19:00 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-04 11:42 [PATCH v6 00/18] s390x: Protected Virtualization support Janosch Frank
2020-03-04 11:42 ` [PATCH v6 01/18] Sync pv Janosch Frank
2020-03-04 11:42 ` [PATCH v6 02/18] s390x: protvirt: Add diag308 subcodes 8 - 10 Janosch Frank
2020-03-04 17:04 ` David Hildenbrand
2020-03-05 12:04 ` Janosch Frank
2020-03-05 12:24 ` Janosch Frank
2020-03-05 12:30 ` David Hildenbrand
2020-03-04 17:04 ` David Hildenbrand
2020-03-04 17:06 ` David Hildenbrand
2020-03-06 9:59 ` Janosch Frank
2020-03-04 18:59 ` Christian Borntraeger [this message]
2020-03-05 14:39 ` Janosch Frank
2020-03-04 11:42 ` [PATCH v6 03/18] s390x: protvirt: Support unpack facility Janosch Frank
2020-03-05 13:51 ` David Hildenbrand
2020-03-05 14:10 ` Janosch Frank
2020-03-05 14:15 ` David Hildenbrand
2020-03-05 14:20 ` Janosch Frank
2020-03-05 14:23 ` David Hildenbrand
2020-03-05 14:24 ` Janosch Frank
2020-03-05 13:52 ` David Hildenbrand
2020-03-05 14:15 ` Janosch Frank
2020-03-06 11:48 ` Christian Borntraeger
2020-03-06 13:36 ` Janosch Frank
2020-03-04 11:42 ` [PATCH v6 04/18] s390x: protvirt: Add migration blocker Janosch Frank
2020-03-04 17:13 ` David Hildenbrand
2020-03-05 9:16 ` Janosch Frank
2020-03-05 9:30 ` David Hildenbrand
2020-03-04 11:42 ` [PATCH v6 05/18] s390x: protvirt: Handle diag 308 subcodes 0,1,3,4 Janosch Frank
2020-03-04 11:42 ` [PATCH v6 06/18] s390x: protvirt: Inhibit balloon when switching to protected mode Janosch Frank
2020-03-05 12:00 ` Christian Borntraeger
2020-03-04 11:42 ` [PATCH v6 07/18] s390x: protvirt: KVM intercept changes Janosch Frank
2020-03-04 11:42 ` [PATCH v6 08/18] s390x: Add SIDA memory ops Janosch Frank
2020-03-04 17:39 ` David Hildenbrand
2020-03-05 9:23 ` Janosch Frank
2020-03-04 11:42 ` [PATCH v6 09/18] s390x: protvirt: Move STSI data over SIDAD Janosch Frank
2020-03-04 17:43 ` David Hildenbrand
2020-03-05 9:27 ` Janosch Frank
2020-03-04 11:42 ` [PATCH v6 10/18] s390x: protvirt: SCLP interpretation Janosch Frank
2020-03-04 17:48 ` David Hildenbrand
2020-03-05 9:34 ` Janosch Frank
2020-03-05 10:09 ` David Hildenbrand
2020-03-04 11:42 ` [PATCH v6 11/18] s390x: protvirt: Set guest IPL PSW Janosch Frank
2020-03-04 17:51 ` David Hildenbrand
2020-03-04 11:42 ` [PATCH v6 12/18] s390x: protvirt: Move diag 308 data over SIDAD Janosch Frank
2020-03-04 17:54 ` David Hildenbrand
2020-03-04 11:42 ` [PATCH v6 13/18] s390x: protvirt: Disable address checks for PV guest IO emulation Janosch Frank
2020-03-04 17:55 ` David Hildenbrand
2020-03-05 9:42 ` Janosch Frank
2020-03-05 10:00 ` David Hildenbrand
2020-03-05 11:26 ` Janosch Frank
2020-03-05 11:37 ` David Hildenbrand
2020-03-04 11:42 ` [PATCH v6 14/18] s390x: protvirt: Move IO control structures over SIDA Janosch Frank
2020-03-04 18:56 ` David Hildenbrand
2020-03-05 9:55 ` Janosch Frank
2020-03-05 10:01 ` David Hildenbrand
2020-03-04 11:42 ` [PATCH v6 15/18] s390x: protvirt: Handle SIGP store status correctly Janosch Frank
2020-03-04 18:41 ` David Hildenbrand
2020-03-05 9:59 ` Janosch Frank
2020-03-04 11:42 ` [PATCH v6 16/18] s390x: Add unpack facility feature to GA1 Janosch Frank
2020-03-04 18:42 ` David Hildenbrand
2020-03-06 10:14 ` Janosch Frank
2020-03-06 10:22 ` David Hildenbrand
2020-03-04 11:42 ` [PATCH v6 17/18] docs: Add protvirt docs Janosch Frank
2020-03-04 19:09 ` David Hildenbrand
2020-03-09 9:51 ` Janosch Frank
2020-03-04 11:42 ` [PATCH v6 18/18] pc-bios: s390x: Save iplb location in lowcore Janosch Frank
2020-03-04 12:40 ` David Hildenbrand
2020-03-04 13:25 ` Christian Borntraeger
2020-03-04 13:37 ` David Hildenbrand
2020-03-05 17:04 ` Christian Borntraeger
2020-03-04 17:15 ` [PATCH v6 00/18] s390x: Protected Virtualization support David Hildenbrand
2020-03-04 17:45 ` Christian Borntraeger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0e56347f-eb63-84e8-3d6d-cbdac47a22f6@de.ibm.com \
--to=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=frankja@linux.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.