From: Bharata B Rao <bharata@linux.ibm.com>
To: "Cédric Le Goater" <clg@kaod.org>
Cc: linuxram@us.ibm.com, Greg Kurz <groug@kaod.org>,
qemu-devel@nongnu.org, paulus@ozlabs.org, qemu-ppc@nongnu.org,
david@gibson.dropbear.id.au
Subject: Re: [PATCH v2 ppc-for-5.0 2/2] ppc/spapr: Support reboot of secure pseries guest
Date: Thu, 12 Dec 2019 14:23:43 +0530 [thread overview]
Message-ID: <20191212085343.GB28362@in.ibm.com> (raw)
In-Reply-To: <aeadba2d-1699-a750-2dc2-cf9921e57680@kaod.org>
On Thu, Dec 12, 2019 at 08:34:57AM +0100, Cédric Le Goater wrote:
> Hello Bharata,
>
>
> On 12/12/2019 06:50, Bharata B Rao wrote:
> > A pseries guest can be run as a secure guest on Ultravisor-enabled
> > POWER platforms. When such a secure guest is reset, we need to
> > release/reset a few resources both on ultravisor and hypervisor side.
> > This is achieved by invoking this new ioctl KVM_PPC_SVM_OFF from the
> > machine reset path.
> >
> > As part of this ioctl, the secure guest is essentially transitioned
> > back to normal mode so that it can reboot like a regular guest and
> > become secure again.
> >
> > This ioctl has no effect when invoked for a normal guest. If this ioctl
> > fails for a secure guest, the guest is terminated.
>
> This looks OK.
>
> > Signed-off-by: Bharata B Rao <bharata@linux.ibm.com>
> > ---
> > hw/ppc/spapr.c | 15 +++++++++++++++
> > target/ppc/kvm.c | 7 +++++++
> > target/ppc/kvm_ppc.h | 6 ++++++
> > 3 files changed, 28 insertions(+)
> >
> > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > index f11422fc41..25e1a3446e 100644
> > --- a/hw/ppc/spapr.c
> > +++ b/hw/ppc/spapr.c
> > @@ -1597,6 +1597,21 @@ static void spapr_machine_reset(MachineState *machine)
> > void *fdt;
> > int rc;
> >
> > + /*
> > + * KVM_PPC_SVM_OFF ioctl can fail for secure guests, check and
> > + * exit in that case. However check for -ENOTTY explicitly
> > + * to ensure that we don't terminate normal guests that are
> > + * running on kernels which don't support this ioctl.
> > + *
> > + * Also, this ioctl returns 0 for normal guests on kernels where
> > + * this ioctl is supported.
> > + */
> > + rc = kvmppc_svm_off();
> > + if (rc && rc != -ENOTTY) {
>
> I would put these low level tests under kvmppc_svm_off().
Makes sense.
>
> > + error_report("Reset of secure guest failed, exiting...");
> > + exit(EXIT_FAILURE);
>
> The exit() could probably go under kvmppc_svm_off() also.
May be not. Then error_report would have also have to go in.
Doesn't make sense to print this error from there.
Regards,
Bharata.
next prev parent reply other threads:[~2019-12-12 8:56 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-12 5:50 [PATCH v2 ppc-for-5.0 0/2] ppc/spapr: Support reboot of secure pseries guest Bharata B Rao
2019-12-12 5:50 ` [PATCH v2 ppc-for-5.0 1/2] linux-headers: Update Bharata B Rao
2019-12-12 5:50 ` [PATCH v2 ppc-for-5.0 2/2] ppc/spapr: Support reboot of secure pseries guest Bharata B Rao
2019-12-12 7:34 ` Cédric Le Goater
2019-12-12 8:53 ` Bharata B Rao [this message]
2019-12-12 12:32 ` Greg Kurz
2019-12-13 5:52 ` David Gibson
2019-12-12 12:27 ` Greg Kurz
2019-12-13 4:04 ` Bharata B Rao
2019-12-13 5:54 ` David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191212085343.GB28362@in.ibm.com \
--to=bharata@linux.ibm.com \
--cc=clg@kaod.org \
--cc=david@gibson.dropbear.id.au \
--cc=groug@kaod.org \
--cc=linuxram@us.ibm.com \
--cc=paulus@ozlabs.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.