* [PATCH 1/1] s390x/protvirt: allow to IPL secure execution guests with -no-reboot
@ 2020-07-21 10:32 Christian Borntraeger
2020-07-21 10:49 ` Viktor Mihajlovski
` (3 more replies)
0 siblings, 4 replies; 8+ messages in thread
From: Christian Borntraeger @ 2020-07-21 10:32 UTC (permalink / raw)
To: qemu-devel, Cornelia Huck
Cc: Thomas Huth, Janosch Frank, David Hildenbrand, Halil Pasic,
Christian Borntraeger, qemu-s390x
Right now -no-reboot does prevent secure execution guests from running.
This is right from an implementation aspect, as we have modeled the
transition from non-secure to secure as a program directed IPL.
From a user perspective, this is not the behavior of least surprise.
We should implement the IPL into secure mode similar to the functions
that we use for kdump/kexec. In other words we do not stop here when
-no-reboot is specified on the command line. Like function 0 or function
1 Function 10 is not a classic reboot. For example it can only be called
once. To call it a 2nd time a real reboot/reset must happen in-between.
So function code 10 is more or less a state transition reset, but not a
"standard" reset or reboot.
Fixes: 4d226deafc44 ("s390x: protvirt: Support unpack facility")
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
hw/s390x/ipl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
index ce21494c08..e312a35133 100644
--- a/hw/s390x/ipl.c
+++ b/hw/s390x/ipl.c
@@ -633,7 +633,8 @@ void s390_ipl_reset_request(CPUState *cs, enum s390_reset reset_type)
}
}
if (reset_type == S390_RESET_MODIFIED_CLEAR ||
- reset_type == S390_RESET_LOAD_NORMAL) {
+ reset_type == S390_RESET_LOAD_NORMAL ||
+ reset_type == S390_RESET_PV) {
/* ignore -no-reboot, send no event */
qemu_system_reset_request(SHUTDOWN_CAUSE_SUBSYSTEM_RESET);
} else {
--
2.25.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 1/1] s390x/protvirt: allow to IPL secure execution guests with -no-reboot
2020-07-21 10:32 [PATCH 1/1] s390x/protvirt: allow to IPL secure execution guests with -no-reboot Christian Borntraeger
@ 2020-07-21 10:49 ` Viktor Mihajlovski
2020-07-21 10:55 ` David Hildenbrand
` (2 subsequent siblings)
3 siblings, 0 replies; 8+ messages in thread
From: Viktor Mihajlovski @ 2020-07-21 10:49 UTC (permalink / raw)
To: qemu-devel
On 7/21/20 12:32 PM, Christian Borntraeger wrote:
> Right now -no-reboot does prevent secure execution guests from running.
> This is right from an implementation aspect, as we have modeled the
> transition from non-secure to secure as a program directed IPL.
> From a user perspective, this is not the behavior of least surprise.
>
> We should implement the IPL into secure mode similar to the functions
> that we use for kdump/kexec. In other words we do not stop here when
> -no-reboot is specified on the command line. Like function 0 or function
> 1 Function 10 is not a classic reboot. For example it can only be called
> once. To call it a 2nd time a real reboot/reset must happen in-between.
> So function code 10 is more or less a state transition reset, but not a
> "standard" reset or reboot.
>
> Fixes: 4d226deafc44 ("s390x: protvirt: Support unpack facility")
> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
> ---
> hw/s390x/ipl.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
> index ce21494c08..e312a35133 100644
> --- a/hw/s390x/ipl.c
> +++ b/hw/s390x/ipl.c
> @@ -633,7 +633,8 @@ void s390_ipl_reset_request(CPUState *cs, enum s390_reset reset_type)
> }
> }
> if (reset_type == S390_RESET_MODIFIED_CLEAR ||
> - reset_type == S390_RESET_LOAD_NORMAL) {
> + reset_type == S390_RESET_LOAD_NORMAL ||
> + reset_type == S390_RESET_PV) {
> /* ignore -no-reboot, send no event */
> qemu_system_reset_request(SHUTDOWN_CAUSE_SUBSYSTEM_RESET);
> } else {
>
I agree that the observable behavior is more logical this way, as the
transition to secure mode is more like to kexec (transfer control to an
in-memory kernel) than to the other IPL methods (boot from a device).
Acked-by: Viktor Mihajlovski <mihajlov@linux.ibm.com>
--
Kind Regards,
Viktor
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/1] s390x/protvirt: allow to IPL secure execution guests with -no-reboot
2020-07-21 10:32 [PATCH 1/1] s390x/protvirt: allow to IPL secure execution guests with -no-reboot Christian Borntraeger
2020-07-21 10:49 ` Viktor Mihajlovski
@ 2020-07-21 10:55 ` David Hildenbrand
2020-07-21 12:25 ` Janosch Frank
2020-07-23 17:15 ` Cornelia Huck
3 siblings, 0 replies; 8+ messages in thread
From: David Hildenbrand @ 2020-07-21 10:55 UTC (permalink / raw)
To: Christian Borntraeger, qemu-devel, Cornelia Huck
Cc: Halil Pasic, qemu-s390x, Janosch Frank, Thomas Huth
On 21.07.20 12:32, Christian Borntraeger wrote:
> Right now -no-reboot does prevent secure execution guests from running.
> This is right from an implementation aspect, as we have modeled the
> transition from non-secure to secure as a program directed IPL.
> From a user perspective, this is not the behavior of least surprise.
>
> We should implement the IPL into secure mode similar to the functions
> that we use for kdump/kexec. In other words we do not stop here when
> -no-reboot is specified on the command line. Like function 0 or function
> 1 Function 10 is not a classic reboot. For example it can only be called
> once. To call it a 2nd time a real reboot/reset must happen in-between.
> So function code 10 is more or less a state transition reset, but not a
> "standard" reset or reboot.
>
> Fixes: 4d226deafc44 ("s390x: protvirt: Support unpack facility")
> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
> ---
> hw/s390x/ipl.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
> index ce21494c08..e312a35133 100644
> --- a/hw/s390x/ipl.c
> +++ b/hw/s390x/ipl.c
> @@ -633,7 +633,8 @@ void s390_ipl_reset_request(CPUState *cs, enum s390_reset reset_type)
> }
> }
> if (reset_type == S390_RESET_MODIFIED_CLEAR ||
> - reset_type == S390_RESET_LOAD_NORMAL) {
> + reset_type == S390_RESET_LOAD_NORMAL ||
> + reset_type == S390_RESET_PV) {
> /* ignore -no-reboot, send no event */
> qemu_system_reset_request(SHUTDOWN_CAUSE_SUBSYSTEM_RESET);
> } else {
>
Reviewed-by: David Hildenbrand <david@redhat.com>
--
Thanks,
David / dhildenb
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/1] s390x/protvirt: allow to IPL secure execution guests with -no-reboot
2020-07-21 10:32 [PATCH 1/1] s390x/protvirt: allow to IPL secure execution guests with -no-reboot Christian Borntraeger
2020-07-21 10:49 ` Viktor Mihajlovski
2020-07-21 10:55 ` David Hildenbrand
@ 2020-07-21 12:25 ` Janosch Frank
2020-07-21 12:29 ` Christian Borntraeger
2020-07-23 17:15 ` Cornelia Huck
3 siblings, 1 reply; 8+ messages in thread
From: Janosch Frank @ 2020-07-21 12:25 UTC (permalink / raw)
To: Christian Borntraeger, qemu-devel, Cornelia Huck
Cc: Halil Pasic, Thomas Huth, qemu-s390x, David Hildenbrand
[-- Attachment #1.1: Type: text/plain, Size: 1836 bytes --]
On 7/21/20 12:32 PM, Christian Borntraeger wrote:
> Right now -no-reboot does prevent secure execution guests from running.
s/-no-reboot/--no-reboot/
> This is right from an implementation aspect, as we have modeled the
> transition from non-secure to secure as a program directed IPL.
s/secure/protected/
> From a user perspective, this is not the behavior of least surprise.
>
> We should implement the IPL into secure mode similar to the functions
s/secure/protected/
> that we use for kdump/kexec. In other words we do not stop here when
> -no-reboot is specified on the command line. Like function 0 or function
> 1 Function 10 is not a classic reboot. For example it can only be called
s/Function/function/ and maybe also add a comma
> once. To call it a 2nd time a real reboot/reset must happen in-between.
> So function code 10 is more or less a state transition reset, but not a
> "standard" reset or reboot.
>
> Fixes: 4d226deafc44 ("s390x: protvirt: Support unpack facility")
> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
> ---
> hw/s390x/ipl.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
> index ce21494c08..e312a35133 100644
> --- a/hw/s390x/ipl.c
> +++ b/hw/s390x/ipl.c
> @@ -633,7 +633,8 @@ void s390_ipl_reset_request(CPUState *cs, enum s390_reset reset_type)
> }
> }
> if (reset_type == S390_RESET_MODIFIED_CLEAR ||
> - reset_type == S390_RESET_LOAD_NORMAL) {
> + reset_type == S390_RESET_LOAD_NORMAL ||
> + reset_type == S390_RESET_PV) {
> /* ignore -no-reboot, send no event */
> qemu_system_reset_request(SHUTDOWN_CAUSE_SUBSYSTEM_RESET);
> } else {
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/1] s390x/protvirt: allow to IPL secure execution guests with -no-reboot
2020-07-21 12:25 ` Janosch Frank
@ 2020-07-21 12:29 ` Christian Borntraeger
2020-07-23 15:05 ` Cornelia Huck
0 siblings, 1 reply; 8+ messages in thread
From: Christian Borntraeger @ 2020-07-21 12:29 UTC (permalink / raw)
To: Janosch Frank, qemu-devel, Cornelia Huck
Cc: Halil Pasic, Thomas Huth, qemu-s390x, David Hildenbrand
On 21.07.20 14:25, Janosch Frank wrote:
> On 7/21/20 12:32 PM, Christian Borntraeger wrote:
>> Right now -no-reboot does prevent secure execution guests from running.
>
> s/-no-reboot/--no-reboot/
Actually qemu --help gives the parameters with just one "-"
Not sure about secure vs protected. Whatever Conny prefers.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/1] s390x/protvirt: allow to IPL secure execution guests with -no-reboot
2020-07-21 12:29 ` Christian Borntraeger
@ 2020-07-23 15:05 ` Cornelia Huck
2020-07-23 15:52 ` Christian Borntraeger
0 siblings, 1 reply; 8+ messages in thread
From: Cornelia Huck @ 2020-07-23 15:05 UTC (permalink / raw)
To: Christian Borntraeger
Cc: Thomas Huth, Janosch Frank, David Hildenbrand, qemu-devel,
Halil Pasic, qemu-s390x
On Tue, 21 Jul 2020 14:29:29 +0200
Christian Borntraeger <borntraeger@de.ibm.com> wrote:
> On 21.07.20 14:25, Janosch Frank wrote:
> > On 7/21/20 12:32 PM, Christian Borntraeger wrote:
> >> Right now -no-reboot does prevent secure execution guests from running.
> >
> > s/-no-reboot/--no-reboot/
>
> Actually qemu --help gives the parameters with just one "-"
>
>
> Not sure about secure vs protected. Whatever Conny prefers.
The doc seems to talk about "protected virtualization", "protected
mode", and "secure guests". What about (slight rewording):
"s390x/protvirt: allow to IPL secure guests with -no-reboot
Right now, -no-reboot prevents secure guests from running. This is
correct from an implementation point of view, as we have modeled the
transition from non-secure to secure as a program directed IPL. From a
user perspective, this is not the behavior of least surprise.
We should implement the IPL into protected mode similar to the functions
that we use for kdump/kexec. In other words, we do not stop here when
-no-reboot is specified on the command line. Like function 0 or function
1, function 10 is not a classic reboot. For example, it can only be called
once. Before calling it a second time, a real reboot/reset must happen
in-between. So function code 10 is more or less a state transition
reset, but not a "standard" reset or reboot."
I think this is still appropriate for hard freeze.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/1] s390x/protvirt: allow to IPL secure execution guests with -no-reboot
2020-07-23 15:05 ` Cornelia Huck
@ 2020-07-23 15:52 ` Christian Borntraeger
0 siblings, 0 replies; 8+ messages in thread
From: Christian Borntraeger @ 2020-07-23 15:52 UTC (permalink / raw)
To: Cornelia Huck
Cc: Thomas Huth, Janosch Frank, David Hildenbrand, qemu-devel,
Halil Pasic, qemu-s390x
On 23.07.20 17:05, Cornelia Huck wrote:
> On Tue, 21 Jul 2020 14:29:29 +0200
> Christian Borntraeger <borntraeger@de.ibm.com> wrote:
>
>> On 21.07.20 14:25, Janosch Frank wrote:
>>> On 7/21/20 12:32 PM, Christian Borntraeger wrote:
>>>> Right now -no-reboot does prevent secure execution guests from running.
>>>
>>> s/-no-reboot/--no-reboot/
>>
>> Actually qemu --help gives the parameters with just one "-"
>>
>>
>> Not sure about secure vs protected. Whatever Conny prefers.
>
> The doc seems to talk about "protected virtualization", "protected
> mode", and "secure guests". What about (slight rewording):
>
> "s390x/protvirt: allow to IPL secure guests with -no-reboot
>
> Right now, -no-reboot prevents secure guests from running. This is
> correct from an implementation point of view, as we have modeled the
> transition from non-secure to secure as a program directed IPL. From a
> user perspective, this is not the behavior of least surprise.
>
> We should implement the IPL into protected mode similar to the functions
> that we use for kdump/kexec. In other words, we do not stop here when
> -no-reboot is specified on the command line. Like function 0 or function
> 1, function 10 is not a classic reboot. For example, it can only be called
> once. Before calling it a second time, a real reboot/reset must happen
> in-between. So function code 10 is more or less a state transition
> reset, but not a "standard" reset or reboot."
>
> I think this is still appropriate for hard freeze.
i agree. Can you pick this up and fixup the patch description according to
your preference? Your proposal looks fine.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/1] s390x/protvirt: allow to IPL secure execution guests with -no-reboot
2020-07-21 10:32 [PATCH 1/1] s390x/protvirt: allow to IPL secure execution guests with -no-reboot Christian Borntraeger
` (2 preceding siblings ...)
2020-07-21 12:25 ` Janosch Frank
@ 2020-07-23 17:15 ` Cornelia Huck
3 siblings, 0 replies; 8+ messages in thread
From: Cornelia Huck @ 2020-07-23 17:15 UTC (permalink / raw)
To: Christian Borntraeger
Cc: Thomas Huth, Janosch Frank, David Hildenbrand, qemu-devel,
Halil Pasic, qemu-s390x
On Tue, 21 Jul 2020 06:32:02 -0400
Christian Borntraeger <borntraeger@de.ibm.com> wrote:
> Right now -no-reboot does prevent secure execution guests from running.
> This is right from an implementation aspect, as we have modeled the
> transition from non-secure to secure as a program directed IPL.
> From a user perspective, this is not the behavior of least surprise.
>
> We should implement the IPL into secure mode similar to the functions
> that we use for kdump/kexec. In other words we do not stop here when
> -no-reboot is specified on the command line. Like function 0 or function
> 1 Function 10 is not a classic reboot. For example it can only be called
> once. To call it a 2nd time a real reboot/reset must happen in-between.
> So function code 10 is more or less a state transition reset, but not a
> "standard" reset or reboot.
>
> Fixes: 4d226deafc44 ("s390x: protvirt: Support unpack facility")
> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
> ---
> hw/s390x/ipl.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
> index ce21494c08..e312a35133 100644
> --- a/hw/s390x/ipl.c
> +++ b/hw/s390x/ipl.c
> @@ -633,7 +633,8 @@ void s390_ipl_reset_request(CPUState *cs, enum s390_reset reset_type)
> }
> }
> if (reset_type == S390_RESET_MODIFIED_CLEAR ||
> - reset_type == S390_RESET_LOAD_NORMAL) {
> + reset_type == S390_RESET_LOAD_NORMAL ||
> + reset_type == S390_RESET_PV) {
> /* ignore -no-reboot, send no event */
> qemu_system_reset_request(SHUTDOWN_CAUSE_SUBSYSTEM_RESET);
> } else {
Thanks, queued to s390-fixes.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-07-23 17:16 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-21 10:32 [PATCH 1/1] s390x/protvirt: allow to IPL secure execution guests with -no-reboot Christian Borntraeger
2020-07-21 10:49 ` Viktor Mihajlovski
2020-07-21 10:55 ` David Hildenbrand
2020-07-21 12:25 ` Janosch Frank
2020-07-21 12:29 ` Christian Borntraeger
2020-07-23 15:05 ` Cornelia Huck
2020-07-23 15:52 ` Christian Borntraeger
2020-07-23 17:15 ` Cornelia Huck
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.