From: Janosch Frank <frankja@linux.ibm.com>
To: qemu-devel@nongnu.org
Cc: mihajlov@linux.ibm.com, qemu-s390x@nongnu.org, cohuck@redhat.com,
david@redhat.com
Subject: [PATCH v3 07/17] s390x: protvirt: Handle diag 308 subcodes 0,1,3,4
Date: Fri, 14 Feb 2020 10:16:26 -0500 [thread overview]
Message-ID: <20200214151636.8764-8-frankja@linux.ibm.com> (raw)
In-Reply-To: <20200214151636.8764-1-frankja@linux.ibm.com>
As we now have access to the protection state of the cpus, we can
implement special handling of diag 308 subcodes for cpus in the
protected state.
For subcodes 0 and 1 we need to unshare all pages before continuing,
so the guest doesn't accidentally expose data when dumping.
For subcode 3/4 we tear down the protected VM and reboot into
unprotected mode. We do not provide a secure reboot.
Before we can do the unshare calls, we need to mark all cpus as
stopped.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
---
hw/s390x/s390-virtio-ccw.c | 41 +++++++++++++++++++++++++++++++++++---
target/s390x/diag.c | 4 ++++
2 files changed, 42 insertions(+), 3 deletions(-)
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index d64724af91..7eee236635 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -370,6 +370,20 @@ static void s390_machine_inject_pv_error(CPUState *cs)
env->regs[r1 + 1] = 0xa02;
}
+static void s390_pv_prepare_reset(CPUS390XState *env)
+{
+ CPUState *cs;
+
+ if (!env->pv) {
+ return;
+ }
+ CPU_FOREACH(cs) {
+ s390_cpu_set_state(S390_CPU_STATE_STOPPED, S390_CPU(cs));
+ }
+ s390_pv_unshare();
+ s390_pv_perf_clear_reset();
+}
+
static void s390_machine_reset(MachineState *machine)
{
enum s390_reset reset_type;
@@ -377,6 +391,7 @@ static void s390_machine_reset(MachineState *machine)
S390CPU *cpu;
S390CcwMachineState *ms = S390_CCW_MACHINE(machine);
static Error *local_err;
+ CPUS390XState *env;
/* get the reset parameters, reset them once done */
s390_ipl_get_reset_request(&cs, &reset_type);
@@ -385,10 +400,20 @@ static void s390_machine_reset(MachineState *machine)
s390_cmma_reset();
cpu = S390_CPU(cs);
+ env = &cpu->env;
switch (reset_type) {
case S390_RESET_EXTERNAL:
case S390_RESET_REIPL:
+ if (ms->pv) {
+ CPU_FOREACH(t) {
+ s390_pv_vcpu_destroy(t);
+ }
+ s390_pv_vm_destroy();
+ ms->pv = false;
+ migrate_del_blocker(pv_mig_blocker);
+ }
+
qemu_devices_reset();
s390_crypto_reset();
@@ -396,21 +421,31 @@ static void s390_machine_reset(MachineState *machine)
run_on_cpu(cs, s390_do_cpu_ipl, RUN_ON_CPU_NULL);
break;
case S390_RESET_MODIFIED_CLEAR:
+ /*
+ * Susbsystem reset needs to be done before we unshare memory
+ * and loose access to VIRTIO structures in guest memory.
+ */
+ subsystem_reset();
+ s390_crypto_reset();
+ s390_pv_prepare_reset(env);
CPU_FOREACH(t) {
run_on_cpu(t, s390_do_cpu_full_reset, RUN_ON_CPU_NULL);
}
- subsystem_reset();
- s390_crypto_reset();
run_on_cpu(cs, s390_do_cpu_load_normal, RUN_ON_CPU_NULL);
break;
case S390_RESET_LOAD_NORMAL:
+ /*
+ * Susbsystem reset needs to be done before we unshare memory
+ * and loose access to VIRTIO structures in guest memory.
+ */
+ subsystem_reset();
+ s390_pv_prepare_reset(env);
CPU_FOREACH(t) {
if (t == cs) {
continue;
}
run_on_cpu(t, s390_do_cpu_reset, RUN_ON_CPU_NULL);
}
- subsystem_reset();
run_on_cpu(cs, s390_do_cpu_initial_reset, RUN_ON_CPU_NULL);
run_on_cpu(cs, s390_do_cpu_load_normal, RUN_ON_CPU_NULL);
break;
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index 4ba6033609..6aaeef6029 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -68,6 +68,10 @@ int handle_diag_288(CPUS390XState *env, uint64_t r1, uint64_t r3)
static int diag308_parm_check(CPUS390XState *env, uint64_t r1, uint64_t addr,
uintptr_t ra, bool write)
{
+ /* Handled by the Ultravisor */
+ if (env->pv) {
+ return 0;
+ }
if ((r1 & 1) || (addr & ~TARGET_PAGE_MASK)) {
s390_program_interrupt(env, PGM_SPECIFICATION, ra);
return -1;
--
2.20.1
next prev parent reply other threads:[~2020-02-14 15:18 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-14 15:16 [PATCH v3 00/17] s390x: Protected Virtualization support Janosch Frank
2020-02-14 15:16 ` [PATCH v3 01/17] Header sync Janosch Frank
2020-02-14 15:16 ` [PATCH v3 02/17] s390x: Add missing vcpu reset functions Janosch Frank
2020-02-18 12:29 ` Cornelia Huck
2020-02-18 13:12 ` Janosch Frank
2020-02-18 17:17 ` Cornelia Huck
2020-02-14 15:16 ` [PATCH v3 03/17] Sync pv Janosch Frank
2020-02-14 15:16 ` [PATCH v3 04/17] s390x: protvirt: Add diag308 subcodes 8 - 10 Janosch Frank
2020-02-20 10:07 ` Cornelia Huck
2020-02-20 11:06 ` Janosch Frank
2020-02-14 15:16 ` [PATCH v3 05/17] s390x: protvirt: Support unpack facility Janosch Frank
2020-02-20 10:39 ` Cornelia Huck
2020-02-20 11:21 ` Janosch Frank
2020-02-14 15:16 ` [PATCH v3 06/17] s390x: protvirt: Add migration blocker Janosch Frank
2020-02-20 10:48 ` Cornelia Huck
2020-02-20 11:24 ` Janosch Frank
2020-02-20 11:39 ` Cornelia Huck
2020-02-20 11:42 ` Janosch Frank
2020-02-14 15:16 ` Janosch Frank [this message]
2020-02-14 15:16 ` [PATCH v3 08/17] s390x: protvirt: KVM intercept changes Janosch Frank
2020-02-14 15:16 ` [PATCH v3 09/17] s390: protvirt: Move STSI data over SIDAD Janosch Frank
2020-02-20 10:54 ` Cornelia Huck
2020-02-20 11:25 ` Janosch Frank
2020-02-14 15:16 ` [PATCH v3 10/17] s390x: Add SIDA memory ops Janosch Frank
2020-02-14 15:16 ` [PATCH v3 11/17] s390x: protvirt: SCLP interpretation Janosch Frank
2020-02-14 15:16 ` [PATCH v3 12/17] s390x: protvirt: Set guest IPL PSW Janosch Frank
2020-02-14 15:16 ` [PATCH v3 13/17] s390x: protvirt: Move diag 308 data over SIDAD Janosch Frank
2020-02-20 11:00 ` Cornelia Huck
2020-02-20 11:29 ` Janosch Frank
2020-02-14 15:16 ` [PATCH v3 14/17] s390x: protvirt: Disable address checks for PV guest IO emulation Janosch Frank
2020-02-14 15:16 ` [PATCH v3 15/17] s390x: protvirt: Move IO control structures over SIDA Janosch Frank
2020-02-14 15:16 ` [PATCH v3 16/17] s390x: protvirt: Handle SIGP store status correctly Janosch Frank
2020-02-20 11:02 ` Cornelia Huck
2020-02-20 11:30 ` Janosch Frank
2020-02-20 11:34 ` Cornelia Huck
2020-02-14 15:16 ` [PATCH v3 17/17] s390x: For now add unpack feature to GA1 Janosch Frank
2020-02-14 16:33 ` [PATCH v3 00/17] s390x: Protected Virtualization support no-reply
2020-02-18 13:13 ` Cornelia Huck
2020-02-18 13:15 ` Janosch Frank
2020-02-18 13:24 ` Cornelia Huck
2020-02-18 13:56 ` Janosch Frank
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200214151636.8764-8-frankja@linux.ibm.com \
--to=frankja@linux.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=mihajlov@linux.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).