An alternate type's visit_type_FOO() fails when it runs into an
invalid ->type. If it's an input visit, we then need to free the the
object we got from visit_start_alternate(). We do that with
qapi_free_FOO(), which uses the dealloc visitor.
Trouble is that object is in a bad state: its ->type is invalid. So
the dealloc visitor will run into the same error again, and the error
recovery skips deallocating the alternate's (invalid) alternative.
Works, because qapi_free_FOO() ignores the error.
Avoid it instead: free the messed up object with by g_free().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200424084338.26803-11-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
visit_type_intN() and visit_type_uintN() fail when the value is out of
bounds.
This is appropriate with an input visitor: the value comes from input,
and input may be bad.
It should never happen with the other visitors: the value comes from
the caller, and callers must keep it within bounds. Assert that.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-10-armbru@redhat.com>
output_type_enum() fails when *obj is not a valid value of the enum
type. Should not happen. Drop the check, along with its unit tests.
This unmasks qapi_enum_lookup()'s assertion.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-9-armbru@redhat.com>
[Commit message tweaked]
The contract demands v->start_alternate() for input and dealloc
visitors, but visit_start_alternate() actually requires it for input
and clone visitors. Fix the contract, and delete superfluous
qapi_dealloc_start_alternate().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-8-armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-7-armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-6-armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-5-armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-4-armbru@redhat.com>
Call visit_check_list(). Missed in commit a4a1c70dc7 "qapi: Make
input visitors detect unvisited list tails".
Drop an irrelevant error_propagate() while there.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-3-armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20200424084338.26803-2-armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200415083048.14339-6-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
qdict_iter() has just three uses and no test coverage. Replace by
qdict_first(), qdict_next() for more concise code and less type
punning.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200415083048.14339-5-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
qlist_iter() has just three uses outside tests/. Replace by
QLIST_FOREACH_ENTRY() for more concise code and less type punning.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200415083048.14339-4-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200415083048.14339-3-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
[Coding style in moved code tidied up]
QLIST_FOREACH_ENTRY() traverses a tail queue manually. Use
QTAILQ_FIRST() and QTAILQ_NEXT() instead.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200415083048.14339-2-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
This is the first pull request for the 5.1 development period. It
contains all of the patches that were sent during the 5.0 timeframe.
This is an assortment of fixes for RISC-V, including fixes for the
Hypervisor extension, the Spike machine and an update to OpenSBI.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEE9sSsRtSTSGjTuM6PIeENKd+XcFQFAl6p4M0ACgkQIeENKd+X
cFSNnQf9F4GFTV/h6eVuJWZkZWvX+Qj0tutG3PkLZsuXg6EoB/U9NBNq4uZpQL1t
j3d/afS7e6rIlw7Jl678YtHvwEOwsE0xGoHj3DzpNCfs0KmtLO8TkTHvXaojEvUq
ubvUBLGBP9GbLmeZqKwbX9Mco1WVjxf7WEvbnjkN7KS1UVOahtjDlMa338VHdDpr
zlybucab/6CL+yZLMKXlEC44Jah2CR6Tg/JHFWgsgy0bUR36TrTgT/03ENfp0J/F
avXSHRmmzg9/nOf0/WBtWTUguYTfB4tI/13VWXQzO7Jl4MNkZuYU43sRXoUxiZgQ
264cqWrRAC4ym0QjXcw5JjuQF9aIVg==
=RyQo
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20200429-2' into staging
RISC-V pull request for 5.1
This is the first pull request for the 5.1 development period. It
contains all of the patches that were sent during the 5.0 timeframe.
This is an assortment of fixes for RISC-V, including fixes for the
Hypervisor extension, the Spike machine and an update to OpenSBI.
# gpg: Signature made Wed 29 Apr 2020 21:17:17 BST
# gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [full]
# Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054
* remotes/alistair/tags/pull-riscv-to-apply-20200429-2:
hw/riscv/spike: Allow more than one CPUs
hw/riscv/spike: Allow loading firmware separately using -bios option
hw/riscv: Add optional symbol callback ptr to riscv_load_firmware()
roms: opensbi: Upgrade from v0.6 to v0.7
linux-user/riscv: fix up struct target_ucontext definition
target/riscv: Add a sifive-e34 cpu type
riscv: sifive_e: Support changing CPU type
hw/riscv: Generate correct "mmu-type" for 32-bit machines
riscv: Fix Stage2 SV32 page table walk
riscv: AND stage-1 and stage-2 protection flags
riscv: Don't use stage-2 PTE lookup protection flags
riscv/sifive_u: Add a serial property to the sifive_u machine
riscv/sifive_u: Add a serial property to the sifive_u SoC
riscv/sifive_u: Fix up file ordering
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Currently, the upstream Spike ISA simulator allows more than
one CPUs so we update QEMU Spike machine on similar lines to
allow more than one CPUs.
The maximum number of CPUs for QEMU Spike machine is kept
same as QEMU Virt machine.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200427080644.168461-4-anup.patel@wdc.com
Message-Id: <20200427080644.168461-4-anup.patel@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
This patch adds an optional function pointer, "sym_cb", to
riscv_load_firmware() which provides the possibility to access
the symbol table during kernel loading.
The pointer is ignored, if supplied with flat (non-elf) firmware image.
The Spike board requires it locate the HTIF symbols from firmware ELF
passed via "-bios" option.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200427080644.168461-2-anup.patel@wdc.com
Message-Id: <20200427080644.168461-2-anup.patel@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Upgrade OpenSBI from v0.6 to v0.7 and the pre-built bios images.
The v0.7 release includes the following commits:
f64f4b9 lib: Add a new platform feature to bringup secondary harts
b677a9b lib: Implement hart hotplug
5b48240 lib: Add possible hart status values
e3f69fc lib: Implement Hart State Management (HSM) SBI extension
6704216 lib: Check MSIP bit after returning from WFI
82ae8e8 makefile: Do setup of the install target more flexible
e1a5b73 platform: sifive: fu540: allow sv32 as an mmu-type
8c83fb2 lib: Fix return type of sbi_hsm_hart_started()
00d332b include: Move bits related defines and macros to sbi_bitops.h
a148996 include: sbi_bitops: More useful bit operations
4a603eb platform: kendryte/k210: Set per-HART stack size to 8KB
678c3c3 include: sbi_scratch: Set per-HART scratch size to 4KB
2abc55b lib: Sort build objects in alphabetical order
6e87507 platform: ae350: Sort build objects in alphabetical order
650c0e5 lib: sbi: Fix coding style issues
078686d lib: serial: Fix coding style issues
3226bd9 lib: Simple bitmap library
c741abc include: Simple hartmask library
d6d7e18 lib: sbi_init: Don't allow HARTID greater than SBI_HARTMASK_MAX_BITS
a4a6a81 lib: Introduce SBI_TLB_INFO_INIT() helper macro
d963164 lib: sbi_tlb: Use sbi_hartmask in sbi_tlb_info
71d2b83 lib: Move all coldboot wait APIs to sbi_init.c
2b945fc lib: sbi_init: Use hartmask for coldboot wait
44ce5b9 include: Remove disabled_hart_mask from sbi_platform
2db381f lib: Introduce sbi_hsm_hart_started_mask() API
61f7768 lib: sbi_ecall_legacy: Use sbi_hsm_hart_started_mask() API
466fecb lib: sbi_system: Use sbi_hsm_hart_started_mask() API
9aad831 lib: sbi_ipi: Use sbi_hsm_hart_started_mask() API
eede1aa lib: sbi_hart: Remove HART available mask and related APIs
757bb44 docs: Remove out-of-date documentation
86d37bb lib: sbi: Fix misaligned trap handling
ffdc858 platform: ariane-fpga: Change license for ariane-fpga from GPL-2.0 to BSD-2
4b2f594 sbi: Add definitions for true/false
0cfe49a libfdt: Add INT32_MAX and UINT32_MAX in libfdt_env.h
baac7e0 libfdt: Upgrade to v1.5.1 release
f92147c include: Make sbi_hart_id_to_scratch() as macro
eeae3d9 firmware: fw_base: Optimize _hartid_to_scratch() implementation
16e7071 lib: sbi_hsm: Optimize sbi_hsm_hart_get_state() implementation
823345e include: Make sbi_current_hartid() as macro in riscv_asm.h
9aabba2 Makefile: Fix distclean make target
9275ed3 platform: ariane-fpga: Set per-HART stack size to 8KB
2343efd platform: Set per-HART stack size to 8KB in the template platform codes
72a0628 platform: Use one unified per-HART stack size macro for all platforms
327ba36 scripts: Cover sifive/fu540 in the 32-bit build
5fbcd62 lib: sbi: Update pmp_get() to return decoded size directly
dce8846 libfdt: Compile fdt_addresses.c
fcb1ded lib: utils: Add a fdt_reserved_memory_fixup() helper
666be6d platform: Clean up include header files
6af5576 lib: utils: Move PLIC DT fix up codes to fdt_helper.c
e846ce1 platform: andes/ae350: Fix up DT for reserved memory
8135520 platform: ariane-fpga: Fix up DT for reserved memory
c9a5268 platform: qemu/virt: Fix up DT for reserved memory
6f9bb83 platform: sifive/fu540: Fix up DT for reserved memory
1071f05 platform: sifive/fu540: Remove "stdout-path" fix-up
dd9439f lib: utils: Add a fdt_cpu_fixup() helper
3f1c847 platform: sifive/fu540: Replace cpu0 node fix-up with the new helper
db6a2b5 lib: utils: Add a general device tree fix-up helper
3f8d754 platform: Update to call general DT fix-up helper
87a7ef7 lib: sbi_scratch: Introduce HART id to scratch table
e23d3ba include: Simplify HART id to scratch macro
19bd531 lib: sbi_hsm: Simplify hart_get_state() and hart_started() APIs
3ebfe0e lib: sbi_tlb: Simplify sbi_tlb_entry_process() function
209134d lib: Handle failure of sbi_hartid_to_scratch() API
bd6ef02 include: sbi_platform: Improve sbi_platform_hart_disabled() API
c9f60fc lib: sbi_scratch: Don't set hartid_to_scratch table for disabled HART
680b098 lib: sbi_hsm: Don't use sbi_platform_hart_count() API
db187d6 lib: sbi_hsm: Remove scratch parameter from hart_started_mask() API
814f38d lib: sbi_hsm: Don't use sbi_platform_hart_disabled() API
75eec9d lib: Don't use sbi_platform_hart_count() API
c51f02c include: sbi_platform: Introduce HART index to HART id table
315a877 platform: sifive/fu540: Remove FU540_ENABLED_HART_MASK option
a0c88dd lib: Fix sbi_ecall_register_extension to prevent extension IDs overlap
9a74a64 lib: Check MSIP bit after returning from WFI
5968894 platform: Move ariane standalone fpga project to its own project
ed265b4 platform: fpga/ariane: Remove redundant plic address macros
fb84879 platform: Add OpenPiton platform support
d1d6560 platform: fpga/common: Add a fdt parsing helper functions
040e4e2 lib: utils: Move fdt fixup helper routines to a different file
4c37451 platform: openpiton: Read the device configurations from device tree
4d93586 lib: prevent coldboot_lottery from overflowing
550ba88 scripts: Extend create-binary-archive.sh for unified binary tar ball
160c885 lib: utils: Improve fdt_cpu_fixup() implementation
1de66d1 lib: Optimize unpriv load/store implementation
626467c lib: Remove scratch parameter from unpriv load/store functions
cb78a48 lib: sbi_trap: Remove scratch parameter from sbi_trap_redirect()
d11c79c lib: sbi_emulate_csr: Remove scratch and hartid parameter
5a7bd0c lib: sbi_illegal_insn: Remove mcause, scratch and hartid parameters
fe37d7d lib: sbi_misaligned_ldst: Remove mcause, scratch and hartid parameters
7487116 lib: sbi_ecall: Remove mcause, scratch and hartid parameters
40b221b lib: sbi_trap: Simplify sbi_trap_handler() API
7b211ff include: sbi_platform: Remove priv parameter from hart_start() callback
5b6957e include: Use more consistent name for atomic xchg() and cmpxchg()
dd0f21c lib: sbi_scratch: Introduce sbi_scratch_last_hartid() API
54b2779 include: sbi_tlb: Remove scratch parameter from sbi_tlb_request()
9e52a45 include: sbi_ipi: Remove scratch parameter from most functions
ec0d80f include: sbi_system: Remove scratch parameter and redundant functions
0a28ea5 include: sbi_timer: Remove scratch parameter from most funcitons
648507a include: sbi_console: Remove scratch parameter from sbi_dprintf()
e5a7f55 platform: thead/c910: Use HSM extension to boot secondary cores
f281de8 lib: irqchip/plic: Fix maximum priority threshold value
6c7922e lib: Support vector extension
615587c docs: Update README about supported SBI versions
66d0184 lib: Allow overriding SBI implementation ID
9f1b72c include: Bump-up version to 0.7
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
As struct target_ucontext will be transfered to signal handler, it
must keep pace with struct ucontext_t defined in Linux kernel.
Signed-off-by: LIU Zhiwei <zhiwei_liu@c-sky.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200412020830.607-1-zhiwei_liu@c-sky.com
Message-Id: <20200412020830.607-1-zhiwei_liu@c-sky.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
The sifive-e34 cpu type is the same as the sifive-e31 with the
single precision floating-point extension enabled.
Signed-off-by: Corey Wharton <coreyw7@fb.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Message-id: 20200313193429.8035-3-coreyw7@fb.com
Message-Id: <20200313193429.8035-3-coreyw7@fb.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Allows the CPU to be changed from the default via the -cpu command
line option.
Signed-off-by: Corey Wharton <coreyw7@fb.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200313193429.8035-2-coreyw7@fb.com
Message-Id: <20200313193429.8035-2-coreyw7@fb.com>
[ Changes by AF:
- Set "cpu-type" from the machine and not SoC
]
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
32-bit machine should have its CPU's "mmu-type" set to "riscv,sv32".
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 1583585319-26603-1-git-send-email-bmeng.cn@gmail.com
Message-Id: <1583585319-26603-1-git-send-email-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
As-per RISC-V H-Extension v0.5 draft, the Stage2 SV32 page table has
12bits of VPN[1] and 10bits of VPN[0]. The additional 2bits in VPN[1]
is required to handle the 34bit intermediate physical address coming
from Stage1 SV32 page table. The 12bits of VPN[1] implies that Stage2
SV32 level-0 page table will be 16KB in size with total 4096 enteries
where each entry maps 4MB of memory (same as Stage1 SV32 page table).
The get_physical_address() function is broken for Stage2 SV32 level-0
page table because it incorrectly computes output physical address for
Stage2 SV32 level-0 page table entry.
The root cause of the issue is that get_physical_address() uses the
"widened" variable to compute level-0 physical address mapping which
changes level-0 mapping size (instead of 4MB). We should use the
"widened" variable only for computing index of Stage2 SV32 level-0
page table.
Signed-off-by: Anup Patel <anup.patel@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200330082724.120444-1-anup.patel@wdc.com
Message-Id: <20200330082724.120444-1-anup.patel@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Take the result of stage-1 and stage-2 page table walks and AND the two
protection flags together. This way we require both to set permissions
instead of just stage-2.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Anup Patel <anup@brainfault.org>
Message-id: 846f1e18f5922d818bc464ec32c144ef314ec724.1585262586.git.alistair.francis@wdc.com
Message-Id: <846f1e18f5922d818bc464ec32c144ef314ec724.1585262586.git.alistair.francis@wdc.com>
When doing the fist of a two stage lookup (Hypervisor extensions) don't
set the current protection flags from the second stage lookup of the
base address PTE.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Anup Patel <anup@brainfault.org>
Message-id: 931db85d6890ed4bc2b527fd1011197cd28299aa.1585262586.git.alistair.francis@wdc.com
Message-Id: <931db85d6890ed4bc2b527fd1011197cd28299aa.1585262586.git.alistair.francis@wdc.com>
At present the board serial number is hard-coded to 1, and passed
to OTP model during initialization. Firmware (FSBL, U-Boot) uses
the serial number to generate a unique MAC address for the on-chip
ethernet controller. When multiple QEMU 'sifive_u' instances are
created and connected to the same subnet, they all have the same
MAC address hence it creates a unusable network.
A new "serial" property is introduced to specify the board serial
number. When not given, the default serial number 1 is used.
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Palmer Dabbelt <palmerdabbelt@google.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <1573916930-19068-1-git-send-email-bmeng.cn@gmail.com>
[ Changed by AF:
- Use the SoC's serial property to pass the info to the SoC
- Fixup commit title
- Rebase on file restructuring
]
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
At present the board serial number is hard-coded to 1, and passed
to OTP model during initialization. Firmware (FSBL, U-Boot) uses
the serial number to generate a unique MAC address for the on-chip
ethernet controller. When multiple QEMU 'sifive_u' instances are
created and connected to the same subnet, they all have the same
MAC address hence it creates a unusable network.
A new "serial" property is introduced to the sifive_u SoC to specify
the board serial number. When not given, the default serial number
1 is used.
Suggested-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Split the file into clear machine and SoC sections.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
linux/kvm.h is not available on all platforms. Let us move
s390_machine_inject_pv_error into pv.c as it uses KVM structures.
Also rename the function to s390_pv_inject_reset_error.
While at it, ipl.h needs an include for "exec/address-spaces.h"
as it uses address_space_memory.
Fixes: c3347ed0d2ee ("s390x: protvirt: Support unpack facility")
Reported-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20200406100158.5940-2-borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
PV_ENABLE (and maybe others) might return -EINTR when a signal is
pending. See the Linux kernel patch "s390/gmap: return proper error code
on ksm unsharing" for details. Let us retry the ioctl in that case.
Fixes: c3347ed0d2ee ("s390x: protvirt: Support unpack facility")
Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Acked-by: Janosch Frank <frankja@linux.vnet.ibm.com>
Tested-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20200327124616.34866-1-borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
In case the protection of the machine fails at s390_pv_vm_enable(),
we'll currently report the local_error variable. Problem is that
there's no migration blocker error that we can report at this point so
the pointer is always NULL which leads to a SEGFAULT.
Let's remove the error report.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com>
Fixes: 0141e1b47707 ("s390x: protvirt: Add migration blocker")
Message-Id: <20200326140505.2432-1-frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
The unpack facility is an indication that diagnose 308 subcodes 8-10
are available to the guest. That means, that the guest can put itself
into protected mode.
Once it is in protected mode, the hardware stops any attempt of VM
introspection by the hypervisor.
Some features are currently not supported in protected mode:
* vfio devices
* Migration
* Huge page backings
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200319131921.2367-17-frankja@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Let's add some documentation for the Protected VM functionality.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20200319131921.2367-16-frankja@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
For protected VMs status storing is not done by QEMU anymore.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200319131921.2367-15-frankja@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
For protected guests, we need to put the IO emulation results into the
SIDA, so SIE will write them into the guest at the next entry.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200319131921.2367-14-frankja@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
IO instruction data is routed through SIDAD for protected guests, so
adresses do not need to be checked, as this is kernel memory which is
always available.
Also the instruction data always starts at offset 0 of the SIDAD.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200319131921.2367-13-frankja@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
For protected guests the IPIB is written/read to/from the SIDA, so we
need those accesses to go through s390_cpu_pv_mem_read/write().
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200319131921.2367-12-frankja@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Handling of CPU reset and setting of the IPL psw from guest storage at
offset 0 is done by a Ultravisor call. Let's only fetch it if
necessary.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200319131921.2367-11-frankja@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
SCLP for a protected guest is done over the SIDAD, so we need to use
the s390_cpu_pv_mem_* functions to access the SIDAD instead of guest
memory when reading/writing SCBs.
To not confuse the sclp emulation, we set 0x4000 as the SCCB address,
since the function that injects the sclp external interrupt would
reject a zero sccb address.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20200319131921.2367-10-frankja@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
For protected guests, we need to put the STSI emulation results into
the SIDA, so SIE will write them into the guest at the next entry.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200319131921.2367-9-frankja@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Protected guests save the instruction control blocks in the SIDA
instead of QEMU/KVM directly accessing the guest's memory.
Let's introduce new functions to access the SIDA.
The memops for doing so are available with KVM_CAP_S390_PROTECTED, so
let's check for that.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200319131921.2367-8-frankja@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Protected VMs no longer intercept with code 4 for an instruction
interception. Instead they have codes 104 and 108 for protected
instruction interception and protected instruction notification
respectively.
The 104 mirrors the 4 interception.
The 108 is a notification interception to let KVM and QEMU know that
something changed and we need to update tracking information or
perform specific tasks. It's currently taken for the following
instructions:
* spx (To inform about the changed prefix location)
* sclp (On incorrect SCCB values, so we can inject a IRQ)
* sigp (All but "stop and store status")
* diag308 (Subcodes 0/1)
Of these exits only sclp errors, state changing sigps and diag308 will
reach QEMU. QEMU will do its parts of the job, while the ultravisor
has done the instruction part of the job.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200319131921.2367-7-frankja@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Ballooning in protected VMs can only be done when the guest shares the
pages it gives to the host. If pages are not shared, the integrity
checks will fail once those pages have been altered and are given back
to the guest.
As we currently do not yet have a solution for this we will continue
like this:
1. We block ballooning now in QEMU (with this patch).
2. Later we will provide a change to virtio that removes the blocker
and adds VIRTIO_F_IOMMU_PLATFORM automatically by QEMU when doing the
protvirt switch. This is OK, as the balloon driver in Linux (the only
supported guest) will refuse to work with the IOMMU_PLATFORM feature
bit set.
3. Later, we can fix the guest balloon driver to accept the IOMMU
feature bit and correctly exercise sharing and unsharing of balloon
pages.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200319131921.2367-6-frankja@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
The unpack facility provides the means to setup a protected guest. A
protected guest cannot be introspected by the hypervisor or any
user/administrator of the machine it is running on.
Protected guests are encrypted at rest and need a special boot
mechanism via diag308 subcode 8 and 10.
Code 8 sets the PV specific IPLB which is retained separately from
those set via code 5.
Code 10 is used to unpack the VM into protected memory, verify its
integrity and start it.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Co-developed-by: Christian Borntraeger <borntraeger@de.ibm.com> [Changes
to machine]
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20200323083606.24520-1-frankja@linux.ibm.com>
[CH: fixed up KVM_PV_VM_ -> KVM_PV_]
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
The second argument 'id' is a pointer. Pass NULL rather than 0.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Message-Id: <20200427005704.2475782-1-masahiroy@kernel.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
