2020-03-23 11:36:06 +03:00
|
|
|
/*
|
|
|
|
* Protected Virtualization header
|
|
|
|
*
|
|
|
|
* Copyright IBM Corp. 2020
|
|
|
|
* Author(s):
|
|
|
|
* Janosch Frank <frankja@linux.ibm.com>
|
|
|
|
*
|
|
|
|
* This work is licensed under the terms of the GNU GPL, version 2 or (at
|
|
|
|
* your option) any later version. See the COPYING file in the top-level
|
|
|
|
* directory.
|
|
|
|
*/
|
|
|
|
#ifndef HW_S390_PV_H
|
|
|
|
#define HW_S390_PV_H
|
|
|
|
|
s390: Recognize confidential-guest-support option
At least some s390 cpu models support "Protected Virtualization" (PV),
a mechanism to protect guests from eavesdropping by a compromised
hypervisor.
This is similar in function to other mechanisms like AMD's SEV and
POWER's PEF, which are controlled by the "confidential-guest-support"
machine option. s390 is a slightly special case, because we already
supported PV, simply by using a CPU model with the required feature
(S390_FEAT_UNPACK).
To integrate this with the option used by other platforms, we
implement the following compromise:
- When the confidential-guest-support option is set, s390 will
recognize it, verify that the CPU can support PV (failing if not)
and set virtio default options necessary for encrypted or protected
guests, as on other platforms. i.e. if confidential-guest-support
is set, we will either create a guest capable of entering PV mode,
or fail outright.
- If confidential-guest-support is not set, guests might still be
able to enter PV mode, if the CPU has the right model. This may be
a little surprising, but shouldn't actually be harmful.
To start a guest supporting Protected Virtualization using the new
option use the command line arguments:
-object s390-pv-guest,id=pv0 -machine confidential-guest-support=pv0
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
2020-07-23 07:36:45 +03:00
|
|
|
#include "qapi/error.h"
|
|
|
|
#include "sysemu/kvm.h"
|
2023-05-10 13:55:31 +03:00
|
|
|
#include "hw/s390x/s390-virtio-ccw.h"
|
s390: Recognize confidential-guest-support option
At least some s390 cpu models support "Protected Virtualization" (PV),
a mechanism to protect guests from eavesdropping by a compromised
hypervisor.
This is similar in function to other mechanisms like AMD's SEV and
POWER's PEF, which are controlled by the "confidential-guest-support"
machine option. s390 is a slightly special case, because we already
supported PV, simply by using a CPU model with the required feature
(S390_FEAT_UNPACK).
To integrate this with the option used by other platforms, we
implement the following compromise:
- When the confidential-guest-support option is set, s390 will
recognize it, verify that the CPU can support PV (failing if not)
and set virtio default options necessary for encrypted or protected
guests, as on other platforms. i.e. if confidential-guest-support
is set, we will either create a guest capable of entering PV mode,
or fail outright.
- If confidential-guest-support is not set, guests might still be
able to enter PV mode, if the CPU has the right model. This may be
a little surprising, but shouldn't actually be harmful.
To start a guest supporting Protected Virtualization using the new
option use the command line arguments:
-object s390-pv-guest,id=pv0 -machine confidential-guest-support=pv0
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
2020-07-23 07:36:45 +03:00
|
|
|
|
2020-03-23 11:36:06 +03:00
|
|
|
#ifdef CONFIG_KVM
|
2020-04-06 13:01:58 +03:00
|
|
|
#include "cpu.h"
|
2020-03-23 11:36:06 +03:00
|
|
|
|
|
|
|
static inline bool s390_is_pv(void)
|
|
|
|
{
|
|
|
|
static S390CcwMachineState *ccw;
|
|
|
|
Object *obj;
|
|
|
|
|
|
|
|
if (ccw) {
|
|
|
|
return ccw->pv;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* we have to bail out for the "none" machine */
|
|
|
|
obj = object_dynamic_cast(qdev_get_machine(),
|
|
|
|
TYPE_S390_CCW_MACHINE);
|
|
|
|
if (!obj) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
ccw = S390_CCW_MACHINE(obj);
|
|
|
|
return ccw->pv;
|
|
|
|
}
|
|
|
|
|
2022-10-17 11:38:19 +03:00
|
|
|
int s390_pv_query_info(void);
|
2020-03-23 11:36:06 +03:00
|
|
|
int s390_pv_vm_enable(void);
|
|
|
|
void s390_pv_vm_disable(void);
|
2023-05-10 13:55:31 +03:00
|
|
|
bool s390_pv_vm_try_disable_async(S390CcwMachineState *ms);
|
2020-03-23 11:36:06 +03:00
|
|
|
int s390_pv_set_sec_parms(uint64_t origin, uint64_t length);
|
|
|
|
int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak);
|
2020-05-05 15:41:59 +03:00
|
|
|
void s390_pv_prep_reset(void);
|
2020-03-23 11:36:06 +03:00
|
|
|
int s390_pv_verify(void);
|
|
|
|
void s390_pv_unshare(void);
|
2020-04-06 13:01:58 +03:00
|
|
|
void s390_pv_inject_reset_error(CPUState *cs);
|
2022-10-17 11:38:19 +03:00
|
|
|
uint64_t kvm_s390_pv_dmp_get_size_cpu(void);
|
|
|
|
uint64_t kvm_s390_pv_dmp_get_size_mem_state(void);
|
|
|
|
uint64_t kvm_s390_pv_dmp_get_size_completion_data(void);
|
|
|
|
bool kvm_s390_pv_info_basic_valid(void);
|
2022-10-17 11:38:21 +03:00
|
|
|
int kvm_s390_dump_init(void);
|
|
|
|
int kvm_s390_dump_cpu(S390CPU *cpu, void *buff);
|
|
|
|
int kvm_s390_dump_mem_state(uint64_t addr, size_t len, void *dest);
|
|
|
|
int kvm_s390_dump_completion_data(void *buff);
|
2020-03-23 11:36:06 +03:00
|
|
|
#else /* CONFIG_KVM */
|
|
|
|
static inline bool s390_is_pv(void) { return false; }
|
2022-10-17 11:38:19 +03:00
|
|
|
static inline int s390_pv_query_info(void) { return 0; }
|
2020-03-23 11:36:06 +03:00
|
|
|
static inline int s390_pv_vm_enable(void) { return 0; }
|
|
|
|
static inline void s390_pv_vm_disable(void) {}
|
2023-05-10 13:55:31 +03:00
|
|
|
static inline bool s390_pv_vm_try_disable_async(S390CcwMachineState *ms) { return false; }
|
2020-03-23 11:36:06 +03:00
|
|
|
static inline int s390_pv_set_sec_parms(uint64_t origin, uint64_t length) { return 0; }
|
|
|
|
static inline int s390_pv_unpack(uint64_t addr, uint64_t size, uint64_t tweak) { return 0; }
|
2020-05-05 15:41:59 +03:00
|
|
|
static inline void s390_pv_prep_reset(void) {}
|
2020-03-23 11:36:06 +03:00
|
|
|
static inline int s390_pv_verify(void) { return 0; }
|
|
|
|
static inline void s390_pv_unshare(void) {}
|
2020-04-06 13:01:58 +03:00
|
|
|
static inline void s390_pv_inject_reset_error(CPUState *cs) {};
|
2022-10-17 11:38:19 +03:00
|
|
|
static inline uint64_t kvm_s390_pv_dmp_get_size_cpu(void) { return 0; }
|
|
|
|
static inline uint64_t kvm_s390_pv_dmp_get_size_mem_state(void) { return 0; }
|
|
|
|
static inline uint64_t kvm_s390_pv_dmp_get_size_completion_data(void) { return 0; }
|
|
|
|
static inline bool kvm_s390_pv_info_basic_valid(void) { return false; }
|
2022-10-17 11:38:21 +03:00
|
|
|
static inline int kvm_s390_dump_init(void) { return 0; }
|
|
|
|
static inline int kvm_s390_dump_cpu(S390CPU *cpu, void *buff) { return 0; }
|
|
|
|
static inline int kvm_s390_dump_mem_state(uint64_t addr, size_t len,
|
|
|
|
void *dest) { return 0; }
|
|
|
|
static inline int kvm_s390_dump_completion_data(void *buff) { return 0; }
|
2020-03-23 11:36:06 +03:00
|
|
|
#endif /* CONFIG_KVM */
|
|
|
|
|
s390: Recognize confidential-guest-support option
At least some s390 cpu models support "Protected Virtualization" (PV),
a mechanism to protect guests from eavesdropping by a compromised
hypervisor.
This is similar in function to other mechanisms like AMD's SEV and
POWER's PEF, which are controlled by the "confidential-guest-support"
machine option. s390 is a slightly special case, because we already
supported PV, simply by using a CPU model with the required feature
(S390_FEAT_UNPACK).
To integrate this with the option used by other platforms, we
implement the following compromise:
- When the confidential-guest-support option is set, s390 will
recognize it, verify that the CPU can support PV (failing if not)
and set virtio default options necessary for encrypted or protected
guests, as on other platforms. i.e. if confidential-guest-support
is set, we will either create a guest capable of entering PV mode,
or fail outright.
- If confidential-guest-support is not set, guests might still be
able to enter PV mode, if the CPU has the right model. This may be
a little surprising, but shouldn't actually be harmful.
To start a guest supporting Protected Virtualization using the new
option use the command line arguments:
-object s390-pv-guest,id=pv0 -machine confidential-guest-support=pv0
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
2020-07-23 07:36:45 +03:00
|
|
|
int s390_pv_kvm_init(ConfidentialGuestSupport *cgs, Error **errp);
|
|
|
|
static inline int s390_pv_init(ConfidentialGuestSupport *cgs, Error **errp)
|
|
|
|
{
|
|
|
|
if (!cgs) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
if (kvm_enabled()) {
|
|
|
|
return s390_pv_kvm_init(cgs, errp);
|
|
|
|
}
|
|
|
|
|
|
|
|
error_setg(errp, "Protected Virtualization requires KVM");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2020-03-23 11:36:06 +03:00
|
|
|
#endif /* HW_S390_PV_H */
|