From: "Cédric Le Goater" <clg@kaod.org>
To: qemu-s390x@nongnu.org
Cc: qemu-devel@nongnu.org, "Thomas Huth" <thuth@redhat.com>,
"Halil Pasic" <pasic@linux.ibm.com>,
"Christian Borntraeger" <borntraeger@linux.ibm.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"David Hildenbrand" <david@redhat.com>,
"Ilya Leoshkevich" <iii@linux.ibm.com>,
"Eric Farman" <farman@linux.ibm.com>,
"Cédric Le Goater" <clg@redhat.com>
Subject: [PATCH 4/5] s390x/pv: Introduce a s390_pv_check() helper for runtime
Date: Wed, 4 Jan 2023 12:51:10 +0100 [thread overview]
Message-ID: <20230104115111.3240594-5-clg@kaod.org> (raw)
In-Reply-To: <20230104115111.3240594-1-clg@kaod.org>
From: Cédric Le Goater <clg@redhat.com>
If a secure kernel is started in a non-protected VM, the OS will hang
during boot without giving a proper error message to the user.
Perform the checks on Confidential Guest support at runtime with an
helper called from the service call switching the guest to protected
mode.
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
include/hw/s390x/pv.h | 2 ++
hw/s390x/pv.c | 14 ++++++++++++++
target/s390x/diag.c | 7 +++++++
3 files changed, 23 insertions(+)
diff --git a/include/hw/s390x/pv.h b/include/hw/s390x/pv.h
index 9360aa1091..ca7dac2e20 100644
--- a/include/hw/s390x/pv.h
+++ b/include/hw/s390x/pv.h
@@ -55,6 +55,7 @@ int kvm_s390_dump_init(void);
int kvm_s390_dump_cpu(S390CPU *cpu, void *buff);
int kvm_s390_dump_mem_state(uint64_t addr, size_t len, void *dest);
int kvm_s390_dump_completion_data(void *buff);
+bool s390_pv_check(Error **errp);
#else /* CONFIG_KVM */
static inline bool s390_is_pv(void) { return false; }
static inline int s390_pv_query_info(void) { return 0; }
@@ -75,6 +76,7 @@ static inline int kvm_s390_dump_cpu(S390CPU *cpu, void *buff) { return 0; }
static inline int kvm_s390_dump_mem_state(uint64_t addr, size_t len,
void *dest) { return 0; }
static inline int kvm_s390_dump_completion_data(void *buff) { return 0; }
+static inline bool s390_pv_check(Error **errp) { return false; }
#endif /* CONFIG_KVM */
int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error **errp);
diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c
index 8d0d3f4adc..96c0728ec9 100644
--- a/hw/s390x/pv.c
+++ b/hw/s390x/pv.c
@@ -307,6 +307,20 @@ static bool s390_pv_guest_check(const Object *obj, Error **errp)
return s390_pv_check_cpus(errp) && s390_pv_check_host(errp);
}
+bool s390_pv_check(Error **errp)
+{
+ MachineState *ms = MACHINE(qdev_get_machine());
+ Object *obj = OBJECT(ms->cgs);
+
+ if (!obj) {
+ error_setg(errp, "Protected VM started without a Confidential"
+ " Guest support interface");
+ return false;
+ }
+
+ return s390_pv_guest_check(obj, errp);
+}
+
OBJECT_DEFINE_TYPE_WITH_INTERFACES(S390PVGuest,
s390_pv_guest,
S390_PV_GUEST,
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index 76b01dcd68..9b16e25930 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -79,6 +79,7 @@ void handle_diag_308(CPUS390XState *env, uint64_t r1, uint64_t r3, uintptr_t ra)
uint64_t addr = env->regs[r1];
uint64_t subcode = env->regs[r3];
IplParameterBlock *iplb;
+ Error *local_err = NULL;
if (env->psw.mask & PSW_MASK_PSTATE) {
s390_program_interrupt(env, PGM_PRIVILEGED, ra);
@@ -176,6 +177,12 @@ out:
return;
}
+ if (!s390_pv_check(&local_err)) {
+ error_report_err(local_err);
+ env->regs[r1 + 1] = DIAG_308_RC_INVAL_FOR_PV;
+ return;
+ }
+
s390_ipl_reset_request(cs, S390_RESET_PV);
break;
default:
--
2.38.1
next prev parent reply other threads:[~2023-01-04 11:52 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-04 11:51 [PATCH 0/5] s390x/pv: Improve protected VM support Cédric Le Goater
2023-01-04 11:51 ` [PATCH 1/5] confidential guest support: Introduce a 'check' class handler Cédric Le Goater
2023-01-05 8:46 ` Thomas Huth
2023-01-05 10:34 ` Philippe Mathieu-Daudé
2023-01-05 13:56 ` Cédric Le Goater
2023-01-04 11:51 ` [PATCH 2/5] s390x/pv: Implement CGS check handler Cédric Le Goater
2023-01-05 11:42 ` Thomas Huth
2023-01-05 13:58 ` Claudio Imbrenda
2023-01-05 14:47 ` Cédric Le Goater
2023-01-05 14:53 ` Thomas Huth
2023-01-05 17:12 ` Cédric Le Goater
2023-01-04 11:51 ` [PATCH 3/5] s390x/pv: Check for support on the host Cédric Le Goater
2023-01-05 11:46 ` Thomas Huth
2023-01-04 11:51 ` Cédric Le Goater [this message]
2023-01-05 12:33 ` [PATCH 4/5] s390x/pv: Introduce a s390_pv_check() helper for runtime Thomas Huth
2023-01-05 14:24 ` Claudio Imbrenda
2023-01-04 11:51 ` [PATCH 5/5] s390x/pv: Move check on hugepage under s390_pv_guest_check() Cédric Le Goater
2023-01-05 12:37 ` Thomas Huth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230104115111.3240594-5-clg@kaod.org \
--to=clg@kaod.org \
--cc=borntraeger@linux.ibm.com \
--cc=clg@redhat.com \
--cc=david@redhat.com \
--cc=farman@linux.ibm.com \
--cc=iii@linux.ibm.com \
--cc=pasic@linux.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=richard.henderson@linaro.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.