Re: [PATCH v2 03/13] s390x: protvirt: Support unpack facility

[Janosch Frank <frankja@linux.ibm.com>]

[-- Attachment #1.1: Type: text/plain, Size: 5834 bytes --]

On 12/4/19 12:34 PM, Thomas Huth wrote:
> On 04/12/2019 12.32, Janosch Frank wrote:
>> On 12/4/19 11:48 AM, Thomas Huth wrote:
>>> On 29/11/2019 10.47, Janosch Frank wrote:
>>>> When a guest has saved a ipib of type 5 and call diagnose308 with
>>>> subcode 10, we have to setup the protected processing environment via
>>>> Ultravisor calls. The calls are done by KVM and are exposed via an API.
>>>>
>>>> The following steps are necessary:
>>>> 1. Create a VM (register it with the Ultravisor)
>>>> 2. Create secure CPUs for all of our current cpus
>>>> 3. Forward the secure header to the Ultravisor (has all information on
>>>> how to decrypt the image and VM information)
>>>> 4. Protect image pages from the host and decrypt them
>>>> 5. Verify the image integrity
>>>>
>>>> Only after step 5 a protected VM is allowed to run.
>>>>
>>>> Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
>>>> ---
>>> [...]
>>>> +++ b/hw/s390x/pv.c
>>>> @@ -0,0 +1,118 @@
>>>> +/*
>>>> + * Secure execution functions
>>>> + *
>>>> + * Copyright IBM Corp. 2019
>>>> + * Author(s):
>>>> + *  Janosch Frank <frankja@linux.ibm.com>
>>>> + *
>>>> + * This work is licensed under the terms of the GNU GPL, version 2 or (at
>>>> + * your option) any later version. See the COPYING file in the top-level
>>>> + * directory.
>>>> + */
>>>> +#include "qemu/osdep.h"
>>>> +#include <sys/ioctl.h>
>>>> +
>>>> +#include <linux/kvm.h>
>>>> +
>>>> +#include "qemu/error-report.h"
>>>> +#include "sysemu/kvm.h"
>>>> +#include "pv.h"
>>>> +
>>>> +static int s390_pv_cmd(uint32_t cmd, void *data)
>>>> +{
>>>> +    int rc;
>>>> +    struct kvm_pv_cmd pv_cmd = {
>>>> +        .cmd = cmd,
>>>> +        .data = (uint64_t)data,
>>>> +    };
>>>> +
>>>> +    rc = kvm_vm_ioctl(kvm_state, KVM_S390_PV_COMMAND, &pv_cmd);
>>>> +    if (rc) {
>>>> +        error_report("KVM PV command failed cmd: %d rc: %d", cmd, rc);
>>>> +        exit(1);
>>>> +    }
>>>> +    return rc;
>>>> +}
>>>> +
>>>> +static int s390_pv_cmd_vcpu(CPUState *cs, uint32_t cmd, void *data)
>>>> +{
>>>> +    int rc;
>>>> +    struct kvm_pv_cmd pv_cmd = {
>>>> +        .cmd = cmd,
>>>> +        .data = (uint64_t)data,
>>>> +    };
>>>> +
>>>> +    rc = kvm_vcpu_ioctl(cs, KVM_S390_PV_COMMAND_VCPU, &pv_cmd);
>>>> +    if (rc) {
>>>> +        error_report("KVM PV VCPU command failed cmd: %d rc: %d", cmd, rc);
>>>> +        exit(1);
>>>> +    }
>>>> +    return rc;
>>>> +}
>>>> +
>>>> +int s390_pv_vm_create(void)
>>>> +{
>>>> +    return s390_pv_cmd(KVM_PV_VM_CREATE, NULL);
>>>> +}
>>>> +
>>>> +int s390_pv_vm_destroy(void)
>>>> +{
>>>> +    return s390_pv_cmd(KVM_PV_VM_DESTROY, NULL);
>>>> +}
>>>> +
>>>> +int s390_pv_vcpu_create(CPUState *cs)
>>>> +{
>>>> +    return s390_pv_cmd_vcpu(cs, KVM_PV_VCPU_CREATE, NULL);
>>>> +}
>>>> +
>>>> +int s390_pv_vcpu_destroy(CPUState *cs)
>>>> +{
>>>> +    S390CPU *cpu = S390_CPU(cs);
>>>> +    CPUS390XState *env = &cpu->env;
>>>> +    int rc;
>>>> +
>>>> +    rc = s390_pv_cmd_vcpu(cs, KVM_PV_VCPU_DESTROY, NULL);
>>>> +    if (!rc) {
>>>> +        env->pv = false;
>>>> +    }
>>>> +    return rc;
>>>> +}
>>>> +
>>>> +int s390_pv_set_sec_parms(uint64_t origin, uint64_t length)
>>>> +{
>>>> +    struct kvm_s390_pv_sec_parm args = {
>>>> +        .origin = origin,
>>>> +        .length = length,
>>>> +    };
>>>> +
>>>> +    return s390_pv_cmd(KVM_PV_VM_SET_SEC_PARMS, &args);
>>>> +}
>>>> +
>>>> +/*
>>>> + * Called for each component in the SE type IPL parameter block 0.
>>>> + */
>>>> +int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak)
>>>> +{
>>>> +    struct kvm_s390_pv_unp args = {
>>>> +        .addr = addr,
>>>> +        .size = size,
>>>> +        .tweak = tweak,
>>>> +    };
>>>> +
>>>> +    return s390_pv_cmd(KVM_PV_VM_UNPACK, &args);
>>>> +}
>>>> +
>>>> +int s390_pv_perf_clear_reset(void)
>>>> +{
>>>> +    return s390_pv_cmd(KVM_PV_VM_PERF_CLEAR_RESET, NULL);
>>>> +}
>>>> +
>>>> +int s390_pv_verify(void)
>>>> +{
>>>> +    return s390_pv_cmd(KVM_PV_VM_VERIFY, NULL);
>>>> +}
>>>> +
>>>> +int s390_pv_unshare(void)
>>>> +{
>>>> +    return s390_pv_cmd(KVM_PV_VM_UNSHARE, NULL);
>>>> +}
>>>> diff --git a/hw/s390x/pv.h b/hw/s390x/pv.h
>>>> new file mode 100644
>>>> index 0000000000..eb074e4bc9
>>>> --- /dev/null
>>>> +++ b/hw/s390x/pv.h
>>>> @@ -0,0 +1,26 @@
>>>> +/*
>>>> + * Protected Virtualization header
>>>> + *
>>>> + * Copyright IBM Corp. 2019
>>>> + * Author(s):
>>>> + *  Janosch Frank <frankja@linux.ibm.com>
>>>> + *
>>>> + * This work is licensed under the terms of the GNU GPL, version 2 or (at
>>>> + * your option) any later version. See the COPYING file in the top-level
>>>> + * directory.
>>>> + */
>>>> +
>>>> +#ifndef HW_S390_PV_H
>>>> +#define HW_S390_PV_H
>>>> +
>>>> +int s390_pv_vm_create(void);
>>>> +int s390_pv_vm_destroy(void);
>>>> +int s390_pv_vcpu_destroy(CPUState *cs);
>>>> +int s390_pv_vcpu_create(CPUState *cs);
>>>> +int s390_pv_set_sec_parms(uint64_t origin, uint64_t length);
>>>> +int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak);
>>>> +int s390_pv_perf_clear_reset(void);
>>>> +int s390_pv_verify(void);
>>>> +int s390_pv_unshare(void);
>>>
>>> I still think you should make all those functions returning "void"
>>> instead of "int" - since errors results in an exit() in s390_pv_cmd()
>>> and s390_pv_cmd_vcpu() anyway...
>>
>> Hey Thomas,
>>
>> I have requested an error code for diag 308 subcode 10 that tells the
>> VM, that we didn't succeed starting a secure guest. Once that is in
>> place, I'll need to check the return codes.
> 
> Ok, but then the exit()s need to go away, I assume?

That would be necessary to wire the rc up, yes.

> 
>  Thomas
> 



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]