From: Janosch Frank <frankja@linux.ibm.com>
To: qemu-devel@nongnu.org
Cc: mihajlov@linux.ibm.com, qemu-s390x@nongnu.org, cohuck@redhat.com,
david@redhat.com
Subject: [PATCH v3 07/17] s390x: protvirt: Handle diag 308 subcodes 0,1,3,4
Date: Fri, 14 Feb 2020 10:16:26 -0500 [thread overview]
Message-ID: <20200214151636.8764-8-frankja@linux.ibm.com> (raw)
In-Reply-To: <20200214151636.8764-1-frankja@linux.ibm.com>
As we now have access to the protection state of the cpus, we can
implement special handling of diag 308 subcodes for cpus in the
protected state.
For subcodes 0 and 1 we need to unshare all pages before continuing,
so the guest doesn't accidentally expose data when dumping.
For subcode 3/4 we tear down the protected VM and reboot into
unprotected mode. We do not provide a secure reboot.
Before we can do the unshare calls, we need to mark all cpus as
stopped.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
---
hw/s390x/s390-virtio-ccw.c | 41 +++++++++++++++++++++++++++++++++++---
target/s390x/diag.c | 4 ++++
2 files changed, 42 insertions(+), 3 deletions(-)
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index d64724af91..7eee236635 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -370,6 +370,20 @@ static void s390_machine_inject_pv_error(CPUState *cs)
env->regs[r1 + 1] = 0xa02;
}
+static void s390_pv_prepare_reset(CPUS390XState *env)
+{
+ CPUState *cs;
+
+ if (!env->pv) {
+ return;
+ }
+ CPU_FOREACH(cs) {
+ s390_cpu_set_state(S390_CPU_STATE_STOPPED, S390_CPU(cs));
+ }
+ s390_pv_unshare();
+ s390_pv_perf_clear_reset();
+}
+
static void s390_machine_reset(MachineState *machine)
{
enum s390_reset reset_type;
@@ -377,6 +391,7 @@ static void s390_machine_reset(MachineState *machine)
S390CPU *cpu;
S390CcwMachineState *ms = S390_CCW_MACHINE(machine);
static Error *local_err;
+ CPUS390XState *env;
/* get the reset parameters, reset them once done */
s390_ipl_get_reset_request(&cs, &reset_type);
@@ -385,10 +400,20 @@ static void s390_machine_reset(MachineState *machine)
s390_cmma_reset();
cpu = S390_CPU(cs);
+ env = &cpu->env;
switch (reset_type) {
case S390_RESET_EXTERNAL:
case S390_RESET_REIPL:
+ if (ms->pv) {
+ CPU_FOREACH(t) {
+ s390_pv_vcpu_destroy(t);
+ }
+ s390_pv_vm_destroy();
+ ms->pv = false;
+ migrate_del_blocker(pv_mig_blocker);
+ }
+
qemu_devices_reset();
s390_crypto_reset();
@@ -396,21 +421,31 @@ static void s390_machine_reset(MachineState *machine)
run_on_cpu(cs, s390_do_cpu_ipl, RUN_ON_CPU_NULL);
break;
case S390_RESET_MODIFIED_CLEAR:
+ /*
+ * Susbsystem reset needs to be done before we unshare memory
+ * and loose access to VIRTIO structures in guest memory.
+ */
+ subsystem_reset();
+ s390_crypto_reset();
+ s390_pv_prepare_reset(env);
CPU_FOREACH(t) {
run_on_cpu(t, s390_do_cpu_full_reset, RUN_ON_CPU_NULL);
}
- subsystem_reset();
- s390_crypto_reset();
run_on_cpu(cs, s390_do_cpu_load_normal, RUN_ON_CPU_NULL);
break;
case S390_RESET_LOAD_NORMAL:
+ /*
+ * Susbsystem reset needs to be done before we unshare memory
+ * and loose access to VIRTIO structures in guest memory.
+ */
+ subsystem_reset();
+ s390_pv_prepare_reset(env);
CPU_FOREACH(t) {
if (t == cs) {
continue;
}
run_on_cpu(t, s390_do_cpu_reset, RUN_ON_CPU_NULL);
}
- subsystem_reset();
run_on_cpu(cs, s390_do_cpu_initial_reset, RUN_ON_CPU_NULL);
run_on_cpu(cs, s390_do_cpu_load_normal, RUN_ON_CPU_NULL);
break;
diff --git a/target/s390x/diag.c b/target/s390x/diag.c
index 4ba6033609..6aaeef6029 100644
--- a/target/s390x/diag.c
+++ b/target/s390x/diag.c
@@ -68,6 +68,10 @@ int handle_diag_288(CPUS390XState *env, uint64_t r1, uint64_t r3)
static int diag308_parm_check(CPUS390XState *env, uint64_t r1, uint64_t addr,
uintptr_t ra, bool write)
{
+ /* Handled by the Ultravisor */
+ if (env->pv) {
+ return 0;
+ }
if ((r1 & 1) || (addr & ~TARGET_PAGE_MASK)) {
s390_program_interrupt(env, PGM_SPECIFICATION, ra);
return -1;
--
2.20.1
next prev parent reply other threads:[~2020-02-14 15:18 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-14 15:16 [PATCH v3 00/17] s390x: Protected Virtualization support Janosch Frank
2020-02-14 15:16 ` [PATCH v3 01/17] Header sync Janosch Frank
2020-02-14 15:16 ` [PATCH v3 02/17] s390x: Add missing vcpu reset functions Janosch Frank
2020-02-18 12:29 ` Cornelia Huck
2020-02-18 13:12 ` Janosch Frank
2020-02-18 17:17 ` Cornelia Huck
2020-02-14 15:16 ` [PATCH v3 03/17] Sync pv Janosch Frank
2020-02-14 15:16 ` [PATCH v3 04/17] s390x: protvirt: Add diag308 subcodes 8 - 10 Janosch Frank
2020-02-20 10:07 ` Cornelia Huck
2020-02-20 11:06 ` Janosch Frank
2020-02-14 15:16 ` [PATCH v3 05/17] s390x: protvirt: Support unpack facility Janosch Frank
2020-02-20 10:39 ` Cornelia Huck
2020-02-20 11:21 ` Janosch Frank
2020-02-14 15:16 ` [PATCH v3 06/17] s390x: protvirt: Add migration blocker Janosch Frank
2020-02-20 10:48 ` Cornelia Huck
2020-02-20 11:24 ` Janosch Frank
2020-02-20 11:39 ` Cornelia Huck
2020-02-20 11:42 ` Janosch Frank
2020-02-14 15:16 ` Janosch Frank [this message]
2020-02-14 15:16 ` [PATCH v3 08/17] s390x: protvirt: KVM intercept changes Janosch Frank
2020-02-14 15:16 ` [PATCH v3 09/17] s390: protvirt: Move STSI data over SIDAD Janosch Frank
2020-02-20 10:54 ` Cornelia Huck
2020-02-20 11:25 ` Janosch Frank
2020-02-14 15:16 ` [PATCH v3 10/17] s390x: Add SIDA memory ops Janosch Frank
2020-02-14 15:16 ` [PATCH v3 11/17] s390x: protvirt: SCLP interpretation Janosch Frank
2020-02-14 15:16 ` [PATCH v3 12/17] s390x: protvirt: Set guest IPL PSW Janosch Frank
2020-02-14 15:16 ` [PATCH v3 13/17] s390x: protvirt: Move diag 308 data over SIDAD Janosch Frank
2020-02-20 11:00 ` Cornelia Huck
2020-02-20 11:29 ` Janosch Frank
2020-02-14 15:16 ` [PATCH v3 14/17] s390x: protvirt: Disable address checks for PV guest IO emulation Janosch Frank
2020-02-14 15:16 ` [PATCH v3 15/17] s390x: protvirt: Move IO control structures over SIDA Janosch Frank
2020-02-14 15:16 ` [PATCH v3 16/17] s390x: protvirt: Handle SIGP store status correctly Janosch Frank
2020-02-20 11:02 ` Cornelia Huck
2020-02-20 11:30 ` Janosch Frank
2020-02-20 11:34 ` Cornelia Huck
2020-02-14 15:16 ` [PATCH v3 17/17] s390x: For now add unpack feature to GA1 Janosch Frank
2020-02-14 16:33 ` [PATCH v3 00/17] s390x: Protected Virtualization support no-reply
2020-02-18 13:13 ` Cornelia Huck
2020-02-18 13:15 ` Janosch Frank
2020-02-18 13:24 ` Cornelia Huck
2020-02-18 13:56 ` Janosch Frank
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200214151636.8764-8-frankja@linux.ibm.com \
--to=frankja@linux.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=mihajlov@linux.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.