Re: [PATCH v11 03/16] s390x: protvirt: Support unpack facility

Fri, 20 Mar 2020 14:14:44 -0700 

On Thu, 2020-03-19 at 09:19 -0400, Janosch Frank wrote:
> The unpack facility provides the means to setup a protected guest. A
> protected guest cannot be introspected by the hypervisor or any
> user/administrator of the machine it is running on.
> 
> Protected guests are encrypted at rest and need a special boot
> mechanism via diag308 subcode 8 and 10.
> 
> Code 8 sets the PV specific IPLB which is retained separately from
> those set via code 5.
> 
> Code 10 is used to unpack the VM into protected memory, verify its
> integrity and start it.
> 
> Signed-off-by: Janosch Frank <fran...@linux.ibm.com>
> Co-developed-by: Christian Borntraeger <borntrae...@de.ibm.com>
> [Changes
> to machine]
> Reviewed-by: David Hildenbrand <da...@redhat.com>
> Reviewed-by: Claudio Imbrenda <imbre...@linux.ibm.com>
> Reviewed-by: Cornelia Huck <coh...@redhat.com>
> ---
>  MAINTAINERS                         |   2 +
>  hw/s390x/Makefile.objs              |   1 +
>  hw/s390x/ipl.c                      |  59 +++++++++++++-
>  hw/s390x/ipl.h                      |  91 ++++++++++++++++++++-
>  hw/s390x/pv.c                       |  98 +++++++++++++++++++++++
>  hw/s390x/s390-virtio-ccw.c          | 119
> +++++++++++++++++++++++++++-
>  include/hw/s390x/pv.h               |  55 +++++++++++++
>  include/hw/s390x/s390-virtio-ccw.h  |   1 +
>  target/s390x/cpu.c                  |   1 +
>  target/s390x/cpu_features_def.inc.h |   1 +
>  target/s390x/diag.c                 |  39 ++++++++-
>  target/s390x/kvm-stub.c             |   5 ++
>  target/s390x/kvm.c                  |   5 ++
>  target/s390x/kvm_s390x.h            |   1 +
>  14 files changed, 468 insertions(+), 10 deletions(-)
>  create mode 100644 hw/s390x/pv.c
>  create mode 100644 include/hw/s390x/pv.h
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index dfbd5b0c5de9074c..f4e09213f945a716 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -391,6 +391,8 @@ F: target/s390x/machine.c
>  F: target/s390x/sigp.c
>  F: target/s390x/cpu_features*.[ch]
>  F: target/s390x/cpu_models.[ch]
> +F: hw/s390x/pv.c
> +F: include/hw/s390x/pv.h
>  F: hw/intc/s390_flic.c
>  F: hw/intc/s390_flic_kvm.c
>  F: include/hw/s390x/s390_flic.h
> diff --git a/hw/s390x/Makefile.objs b/hw/s390x/Makefile.objs
> index e02ed80b6829a511..a46a1c7894e0f612 100644
> --- a/hw/s390x/Makefile.objs
> +++ b/hw/s390x/Makefile.objs
> @@ -31,6 +31,7 @@ obj-y += tod-qemu.o
>  obj-$(CONFIG_KVM) += tod-kvm.o
>  obj-$(CONFIG_KVM) += s390-skeys-kvm.o
>  obj-$(CONFIG_KVM) += s390-stattrib-kvm.o
> +obj-$(CONFIG_KVM) += pv.o
>  obj-y += s390-ccw.o
>  obj-y += ap-device.o
>  obj-y += ap-bridge.o
> diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
> index b81942e1e6f9002e..6e21cd453b51b4ff 100644
> --- a/hw/s390x/ipl.c
> +++ b/hw/s390x/ipl.c
> @@ -1,10 +1,11 @@
>  /*
>   * bootloader support
>   *
> - * Copyright IBM, Corp. 2012
> + * Copyright IBM, Corp. 2012, 2020
>   *
>   * Authors:
>   *  Christian Borntraeger <borntrae...@de.ibm.com>
> + *  Janosch Frank <fran...@linux.ibm.com>
>   *
>   * This work is licensed under the terms of the GNU GPL, version 2
> or (at your
>   * option) any later version.  See the COPYING file in the top-level 
> directory.
> @@ -27,6 +28,7 @@
>  #include "hw/s390x/vfio-ccw.h"
>  #include "hw/s390x/css.h"
>  #include "hw/s390x/ebcdic.h"
> +#include "hw/s390x/pv.h"
>  #include "ipl.h"
>  #include "qemu/error-report.h"
>  #include "qemu/config-file.h"
> @@ -566,12 +568,31 @@ void s390_ipl_update_diag308(IplParameterBlock
> *iplb)
>  {
>      S390IPLState *ipl = get_ipl_device();
>  
> -    ipl->iplb = *iplb;
> -    ipl->iplb_valid = true;
> +    /*
> +     * The IPLB set and retrieved by subcodes 8/9 is completely
> +     * separate from the one managed via subcodes 5/6.
> +     */
> +    if (iplb->pbt == S390_IPL_TYPE_PV) {
> +        ipl->iplb_pv = *iplb;
> +        ipl->iplb_valid_pv = true;
> +    } else {
> +        ipl->iplb = *iplb;
> +        ipl->iplb_valid = true;
> +    }
>      ipl->netboot = is_virtio_net_device(iplb);
>      update_machine_ipl_properties(iplb);
>  }
>  
> +IplParameterBlock *s390_ipl_get_iplb_pv(void)
> +{
> +    S390IPLState *ipl = get_ipl_device();
> +
> +    if (!ipl->iplb_valid_pv) {
> +        return NULL;
> +    }
> +    return &ipl->iplb_pv;
> +}
> +
>  IplParameterBlock *s390_ipl_get_iplb(void)
>  {
>      S390IPLState *ipl = get_ipl_device();
> @@ -660,6 +681,38 @@ static void s390_ipl_prepare_qipl(S390CPU *cpu)
>      cpu_physical_memory_unmap(addr, len, 1, len);
>  }
>  
> +int s390_ipl_prepare_pv_header(void)
> +{
> +    IplParameterBlock *ipib = s390_ipl_get_iplb_pv();
> +    IPLBlockPV *ipib_pv = &ipib->pv;
> +    void *hdr = g_malloc(ipib_pv->pv_header_len);
> +    int rc;
> +
> +    cpu_physical_memory_read(ipib_pv->pv_header_addr, hdr,
> +                             ipib_pv->pv_header_len);
> +    rc = s390_pv_set_sec_parms((uint64_t)hdr,
> +                               ipib_pv->pv_header_len);

This causes a compiler issue when building for 32 bit x86 as follows:

/home/abuild/rpmbuild/BUILD/qemu-4.2.0/hw/s390x/ipl.c: In function
's390_ipl_prepare_pv_header':
/home/abuild/rpmbuild/BUILD/qemu-4.2.0/hw/s390x/ipl.c:659:32: error:
cast from pointer to integer of different size [-Werror=pointer-to-int-
cast]
  659 |     rc = s390_pv_set_sec_parms((uint64_t)hdr,
      |                                ^


- Bruce

Reply via email to