From: Cornelia Huck <cohuck@redhat.com>
To: Janosch Frank <frankja@linux.ibm.com>
Cc: thuth@redhat.com, pmorel@linux.ibm.com, david@redhat.com,
qemu-devel@nongnu.org, borntraeger@de.ibm.com,
qemu-s390x@nongnu.org, mihajlov@linux.ibm.com
Subject: Re: [PATCH 06/15] s390x: protvirt: Support unpack facility
Date: Fri, 22 Nov 2019 14:39:49 +0100 [thread overview]
Message-ID: <20191122143949.4880aa1b.cohuck@redhat.com> (raw)
In-Reply-To: <20191120114334.2287-7-frankja@linux.ibm.com>
On Wed, 20 Nov 2019 06:43:25 -0500
Janosch Frank <frankja@linux.ibm.com> wrote:
> When a guest has saved a ipib of type 5 and call diagnose308 with
> subcode 10, we have to setup the protected processing environment via
> Ultravisor calls. The calls are done by KVM and are exposed via an API.
>
> The following steps are necessary:
> 1. Create a VM (register it with the Ultravisor)
> 2. Create secure CPUs for all of our current cpus
> 3. Forward the secure header to the Ultravisor (has all information on
> how to decrypt the image and VM information)
> 4. Protect image pages from the host and decrypt them
> 5. Verify the image integrity
>
> Only after step 5 a protected VM is allowed to run.
>
> Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
> ---
> hw/s390x/Makefile.objs | 1 +
> hw/s390x/ipl.c | 33 ++++++++
> hw/s390x/ipl.h | 2 +
> hw/s390x/pv.c | 118 ++++++++++++++++++++++++++++
> hw/s390x/pv.h | 26 ++++++
> hw/s390x/s390-virtio-ccw.c | 45 ++++++++---
> target/s390x/cpu_features_def.inc.h | 1 +
> 7 files changed, 216 insertions(+), 10 deletions(-)
> create mode 100644 hw/s390x/pv.c
> create mode 100644 hw/s390x/pv.h
>
> +static int s390_pv_cmd(uint32_t cmd, void *data)
> +{
> + int rc;
> + struct kvm_pv_cmd pv_cmd = {
> + .cmd = cmd,
> + .data = (uint64_t)data,
> + };
> +
> + rc = kvm_vm_ioctl(kvm_state, KVM_S390_PV_COMMAND, &pv_cmd);
> + if (rc) {
> + error_report("KVM PV command failed cmd: %d rc: %d", cmd, rc);
> + exit(1);
> + }
> + return rc;
> +}
> +
> +static int s390_pv_cmd_vcpu(CPUState *cs, uint32_t cmd, void *data)
> +{
> + int rc;
> + struct kvm_pv_cmd pv_cmd = {
> + .cmd = cmd,
> + .data = (uint64_t)data,
> + };
> +
> + rc = kvm_vcpu_ioctl(cs, KVM_S390_PV_COMMAND_VCPU, &pv_cmd);
> + if (rc) {
> + error_report("KVM PV VCPU command failed cmd: %d rc: %d", cmd, rc);
> + exit(1);
> + }
> + return rc;
> +}
If you do a hard exit for any rc != 0 anyway, returning rc does not
sound very useful :)
next prev parent reply other threads:[~2019-11-22 13:40 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-20 11:43 [PATCH 00/15] s390x: Protected Virtualization support Janosch Frank
2019-11-20 11:43 ` [PATCH 01/15] s390x: Cleanup cpu resets Janosch Frank
2019-11-21 11:10 ` Cornelia Huck
2019-11-21 11:32 ` Janosch Frank
2019-11-21 12:18 ` Cornelia Huck
2019-11-21 12:53 ` Thomas Huth
2019-11-21 13:11 ` Janosch Frank
2019-11-21 13:17 ` Thomas Huth
2019-11-20 11:43 ` [PATCH 02/15] s390x: Beautify diag308 handling Janosch Frank
2019-11-21 11:17 ` Cornelia Huck
2019-11-21 11:27 ` Janosch Frank
2019-11-21 11:21 ` David Hildenbrand
2019-11-21 11:28 ` Janosch Frank
2019-11-21 13:12 ` Thomas Huth
2019-11-21 13:20 ` Thomas Huth
2019-11-21 13:53 ` Janosch Frank
2019-11-20 11:43 ` [PATCH 03/15] s390x: protvirt: Add diag308 subcodes 8 - 10 Janosch Frank
2019-11-21 12:47 ` Cornelia Huck
2019-11-21 14:36 ` Thomas Huth
2020-02-07 7:56 ` Janosch Frank
2019-11-20 11:43 ` [PATCH 04/15] Header sync protvirt Janosch Frank
2019-11-21 12:59 ` Cornelia Huck
2019-11-21 13:12 ` Janosch Frank
2019-11-21 13:17 ` Cornelia Huck
2019-11-20 11:43 ` [PATCH 05/15] s390x: protvirt: Sync PV state Janosch Frank
2019-11-21 13:25 ` Cornelia Huck
2019-11-21 13:43 ` Janosch Frank
2019-11-21 14:43 ` Thomas Huth
2019-11-20 11:43 ` [PATCH 06/15] s390x: protvirt: Support unpack facility Janosch Frank
2019-11-20 13:43 ` Cornelia Huck
2019-11-21 11:33 ` Janosch Frank
2019-11-21 11:27 ` David Hildenbrand
2019-11-21 14:25 ` Janosch Frank
2019-11-21 14:28 ` David Hildenbrand
2019-11-21 14:31 ` Christian Borntraeger
2019-11-21 14:32 ` Janosch Frank
2019-11-22 13:39 ` Cornelia Huck [this message]
2019-11-22 13:49 ` Janosch Frank
2019-11-28 14:07 ` Thomas Huth
2019-11-28 14:20 ` Janosch Frank
2019-11-20 11:43 ` [PATCH 07/15] s390x: protvirt: Handle diag 308 subcodes 0,1,3,4 Janosch Frank
2019-11-21 13:50 ` Cornelia Huck
2019-11-21 14:00 ` Janosch Frank
2019-11-21 14:04 ` Janosch Frank
2019-11-21 14:17 ` Cornelia Huck
2019-11-21 14:23 ` Janosch Frank
2019-11-20 11:43 ` [PATCH 08/15] s390x: protvirt: KVM intercept changes Janosch Frank
2019-11-21 14:07 ` Cornelia Huck
2019-11-21 14:29 ` Janosch Frank
2019-11-21 15:11 ` Thomas Huth
2019-11-28 16:38 ` Janosch Frank
2019-11-28 16:45 ` Cornelia Huck
2019-11-28 16:54 ` Janosch Frank
2019-11-20 11:43 ` [PATCH 09/15] s390x: protvirt: SCLP interpretation Janosch Frank
2019-11-21 14:11 ` Cornelia Huck
2019-11-21 14:24 ` Janosch Frank
2019-11-22 13:48 ` Pierre Morel
2019-11-20 11:43 ` [PATCH 10/15] s390x: protvirt: Add new VCPU reset functions Janosch Frank
2019-11-20 11:43 ` [PATCH 11/15] RFC: s390x: Exit on vcpu reset error Janosch Frank
2019-11-21 12:14 ` David Hildenbrand
2019-11-21 12:19 ` Janosch Frank
2019-11-21 12:22 ` David Hildenbrand
2019-11-20 11:43 ` [PATCH 12/15] s390x: protvirt: Set guest IPL PSW Janosch Frank
2019-11-28 14:30 ` Thomas Huth
2019-11-28 15:39 ` Janosch Frank
2019-11-20 11:43 ` [PATCH 13/15] s390x: protvirt: Move diag 308 data over SIDAD Janosch Frank
2019-11-28 14:40 ` Thomas Huth
2019-11-28 16:08 ` Janosch Frank
2019-11-28 16:14 ` David Hildenbrand
2019-11-20 11:43 ` [PATCH 14/15] s390x: protvirt: Disable address checks for PV guest IO emulation Janosch Frank
2019-11-28 15:28 ` Thomas Huth
2019-11-28 15:36 ` Janosch Frank
2019-11-28 16:10 ` Janosch Frank
2019-11-28 16:18 ` Cornelia Huck
2019-11-28 16:24 ` Janosch Frank
2019-11-28 20:08 ` Thomas Huth
2019-11-20 11:43 ` [PATCH 15/15] s390x: protvirt: Handle SIGP store status correctly Janosch Frank
2019-11-21 11:24 ` David Hildenbrand
2019-11-21 11:29 ` Janosch Frank
2019-11-28 15:30 ` Thomas Huth
2019-11-20 13:26 ` [PATCH 00/15] s390x: Protected Virtualization support Cornelia Huck
2019-11-20 13:33 ` Janosch Frank
2019-11-21 9:13 ` Janosch Frank
2019-11-21 9:39 ` Cornelia Huck
2019-11-29 11:08 ` Daniel P. Berrangé
2019-11-29 12:14 ` Janosch Frank
2019-11-29 12:35 ` Daniel P. Berrangé
2019-11-29 14:02 ` Janosch Frank
2019-11-29 14:30 ` Viktor Mihajlovski
2019-12-03 10:49 ` Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191122143949.4880aa1b.cohuck@redhat.com \
--to=cohuck@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=david@redhat.com \
--cc=frankja@linux.ibm.com \
--cc=mihajlov@linux.ibm.com \
--cc=pmorel@linux.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.