Re: [RFC PATCH 03/12] powerpc/prom_init: Add the ESM call to prom_init

2019-06-30 Thread Alexey Kardashevskiy 



On 29/06/2019 08:33, Thiago Jung Bauermann wrote:
> 
> Hello Alexey,
> 
> Thanks for reviewing this patch!
> 
> Alexey Kardashevskiy  writes:
> 
>> On 21/05/2019 14:49, Thiago Jung Bauermann wrote:
>>> @@ -1707,6 +1723,43 @@ static void __init prom_close_stdin(void)
>>> }
>>>  }
>>>  
>>> +#ifdef CONFIG_PPC_SVM
>>> +static int prom_rtas_os_term_hcall(uint64_t args)
>>
>>
>> This is just an rtas hcall, nothing special about "os-term".
> 
> Sorry, unfortunately I don't understand how we're treating os-term
> especially. Do you mean that we should inline this function directly
> into prom_rtas_os_term()?

I meant the function name - prom_rtas_os_term_hcall - should rather be
prom_rtas_hcall.



> 
>>> +{
>>> +   register uint64_t arg1 asm("r3") = 0xf000;
>>> +   register uint64_t arg2 asm("r4") = args;
>>> +
>>> +   asm volatile("sc 1\n" : "=r" (arg1) :
>>> +   "r" (arg1),
>>> +   "r" (arg2) :);
>>> +   return arg1;
>>> +}
>>> +
>>> +static struct rtas_args __prombss os_term_args;
>>> +
>>> +static void __init prom_rtas_os_term(char *str)
>>> +{
>>> +   phandle rtas_node;
>>> +   __be32 val;
>>> +   u32 token;
>>> +
>>> +   prom_printf("%s: start...\n", __func__);
>>> +   rtas_node = call_prom("finddevice", 1, 1, ADDR("/rtas"));
>>> +   prom_printf("rtas_node: %x\n", rtas_node);
>>> +   if (!PHANDLE_VALID(rtas_node))
>>> +   return;
>>> +
>>> +   val = 0;
>>> +   prom_getprop(rtas_node, "ibm,os-term", , sizeof(val));
>>> +   token = be32_to_cpu(val);
>>> +   prom_printf("ibm,os-term: %x\n", token);
>>> +   if (token == 0)
>>> +   prom_panic("Could not get token for ibm,os-term\n");
>>> +   os_term_args.token = cpu_to_be32(token);
>>> +   prom_rtas_os_term_hcall((uint64_t)_term_args);
>>> +}
>>> +#endif /* CONFIG_PPC_SVM */
>>> +
>>>  /*
>>>   * Allocate room for and instantiate RTAS
>>>   */
> 

-- 
Alexey

Re: [RFC PATCH 03/12] powerpc/prom_init: Add the ESM call to prom_init

2019-06-28 Thread Thiago Jung Bauermann 


Hello Alexey,

Thanks for reviewing this patch!

Alexey Kardashevskiy  writes:

> On 21/05/2019 14:49, Thiago Jung Bauermann wrote:
>> @@ -1707,6 +1723,43 @@ static void __init prom_close_stdin(void)
>>  }
>>  }
>>  
>> +#ifdef CONFIG_PPC_SVM
>> +static int prom_rtas_os_term_hcall(uint64_t args)
>
>
> This is just an rtas hcall, nothing special about "os-term".

Sorry, unfortunately I don't understand how we're treating os-term
especially. Do you mean that we should inline this function directly
into prom_rtas_os_term()?

>> +{
>> +register uint64_t arg1 asm("r3") = 0xf000;
>> +register uint64_t arg2 asm("r4") = args;
>> +
>> +asm volatile("sc 1\n" : "=r" (arg1) :
>> +"r" (arg1),
>> +"r" (arg2) :);
>> +return arg1;
>> +}
>> +
>> +static struct rtas_args __prombss os_term_args;
>> +
>> +static void __init prom_rtas_os_term(char *str)
>> +{
>> +phandle rtas_node;
>> +__be32 val;
>> +u32 token;
>> +
>> +prom_printf("%s: start...\n", __func__);
>> +rtas_node = call_prom("finddevice", 1, 1, ADDR("/rtas"));
>> +prom_printf("rtas_node: %x\n", rtas_node);
>> +if (!PHANDLE_VALID(rtas_node))
>> +return;
>> +
>> +val = 0;
>> +prom_getprop(rtas_node, "ibm,os-term", , sizeof(val));
>> +token = be32_to_cpu(val);
>> +prom_printf("ibm,os-term: %x\n", token);
>> +if (token == 0)
>> +prom_panic("Could not get token for ibm,os-term\n");
>> +os_term_args.token = cpu_to_be32(token);
>> +prom_rtas_os_term_hcall((uint64_t)_term_args);
>> +}
>> +#endif /* CONFIG_PPC_SVM */
>> +
>>  /*
>>   * Allocate room for and instantiate RTAS
>>   */

-- 
Thiago Jung Bauermann
IBM Linux Technology Center

Re: [RFC PATCH 03/12] powerpc/prom_init: Add the ESM call to prom_init

2019-06-26 Thread Alexey Kardashevskiy 



On 21/05/2019 14:49, Thiago Jung Bauermann wrote:
> From: Ram Pai 
> 
> Make the Enter-Secure-Mode (ESM) ultravisor call to switch the VM to secure
> mode. Add "svm=" command line option to turn off switching to secure mode.
> Introduce CONFIG_PPC_SVM to control support for secure guests.
> 
> Signed-off-by: Ram Pai 
> [ Generate an RTAS os-term hcall when the ESM ucall fails. ]
> Signed-off-by: Michael Anderson 
> [ Cleaned up the code a bit. ]
> Signed-off-by: Thiago Jung Bauermann 
> ---
>  .../admin-guide/kernel-parameters.txt |   5 +
>  arch/powerpc/include/asm/ultravisor-api.h |   1 +
>  arch/powerpc/kernel/prom_init.c   | 124 ++
>  3 files changed, 130 insertions(+)
> 
> diff --git a/Documentation/admin-guide/kernel-parameters.txt 
> b/Documentation/admin-guide/kernel-parameters.txt
> index c45a19d654f3..7237d86b25c6 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -4501,6 +4501,11 @@
>   /sys/power/pm_test). Only available when CONFIG_PM_DEBUG
>   is set. Default value is 5.
>  
> + svm=[PPC]
> + Format: { on | off | y | n | 1 | 0 }
> + This parameter controls use of the Protected
> + Execution Facility on pSeries.
> +
>   swapaccount=[0|1]
>   [KNL] Enable accounting of swap in memory resource
>   controller if no parameter or 1 is given or disable
> diff --git a/arch/powerpc/include/asm/ultravisor-api.h 
> b/arch/powerpc/include/asm/ultravisor-api.h
> index 15e6ce77a131..0e8b72081718 100644
> --- a/arch/powerpc/include/asm/ultravisor-api.h
> +++ b/arch/powerpc/include/asm/ultravisor-api.h
> @@ -19,6 +19,7 @@
>  
>  /* opcodes */
>  #define UV_WRITE_PATE0xF104
> +#define UV_ESM   0xF110
>  #define UV_RETURN0xF11C
>  
>  #endif /* _ASM_POWERPC_ULTRAVISOR_API_H */
> diff --git a/arch/powerpc/kernel/prom_init.c b/arch/powerpc/kernel/prom_init.c
> index 523bb99d7676..5d8a3efb54f2 100644
> --- a/arch/powerpc/kernel/prom_init.c
> +++ b/arch/powerpc/kernel/prom_init.c
> @@ -44,6 +44,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  
>  #include 
>  
> @@ -174,6 +175,10 @@ static unsigned long __prombss prom_tce_alloc_end;
>  static bool __prombss prom_radix_disable;
>  #endif
>  
> +#ifdef CONFIG_PPC_SVM
> +static bool __prombss prom_svm_disable;
> +#endif
> +
>  struct platform_support {
>   bool hash_mmu;
>   bool radix_mmu;
> @@ -809,6 +814,17 @@ static void __init early_cmdline_parse(void)
>   if (prom_radix_disable)
>   prom_debug("Radix disabled from cmdline\n");
>  #endif /* CONFIG_PPC_PSERIES */
> +
> +#ifdef CONFIG_PPC_SVM
> + opt = prom_strstr(prom_cmd_line, "svm=");
> + if (opt) {
> + bool val;
> +
> + opt += sizeof("svm=") - 1;
> + if (!prom_strtobool(opt, ))
> + prom_svm_disable = !val;
> + }
> +#endif /* CONFIG_PPC_SVM */
>  }
>  
>  #ifdef CONFIG_PPC_PSERIES
> @@ -1707,6 +1723,43 @@ static void __init prom_close_stdin(void)
>   }
>  }
>  
> +#ifdef CONFIG_PPC_SVM
> +static int prom_rtas_os_term_hcall(uint64_t args)


This is just an rtas hcall, nothing special about "os-term".


> +{
> + register uint64_t arg1 asm("r3") = 0xf000;
> + register uint64_t arg2 asm("r4") = args;
> +
> + asm volatile("sc 1\n" : "=r" (arg1) :
> + "r" (arg1),
> + "r" (arg2) :);
> + return arg1;
> +}
> +
> +static struct rtas_args __prombss os_term_args;
> +
> +static void __init prom_rtas_os_term(char *str)
> +{
> + phandle rtas_node;
> + __be32 val;
> + u32 token;
> +
> + prom_printf("%s: start...\n", __func__);
> + rtas_node = call_prom("finddevice", 1, 1, ADDR("/rtas"));
> + prom_printf("rtas_node: %x\n", rtas_node);
> + if (!PHANDLE_VALID(rtas_node))
> + return;
> +
> + val = 0;
> + prom_getprop(rtas_node, "ibm,os-term", , sizeof(val));
> + token = be32_to_cpu(val);
> + prom_printf("ibm,os-term: %x\n", token);
> + if (token == 0)
> + prom_panic("Could not get token for ibm,os-term\n");
> + os_term_args.token = cpu_to_be32(token);
> + prom_rtas_os_term_hcall((uint64_t)_term_args);
> +}
> +#endif /* CONFIG_PPC_SVM */
> +
>  /*
>   * Allocate room for and instantiate RTAS
>   */
> @@ -3162,6 +3215,74 @@ static void unreloc_toc(void)
>  #endif
>  #endif
>  
> +#ifdef CONFIG_PPC_SVM
> +/*
> + * The ESM blob is a data structure with information needed by the 
> Ultravisor to
> + * validate the integrity of the secure guest.
> + */
> +static void *get_esm_blob(void)
> +{
> + /*
> +  * FIXME: We are still finalizing the details on how prom_init will grab
> +  * the ESM blob. When that is done, this function will be updated.