hw/ppc/spapr.c | 1 + linux-headers/linux/kvm.h | 1 + target/ppc/kvm.c | 7 +++++++ target/ppc/kvm_ppc.h | 6 ++++++ 4 files changed, 15 insertions(+)
A pseries guest can be run as a secure guest on Ultravisor-enabled
POWER platforms. When such a secure guest is reset, we need to
release/reset a few resources both on ultravisor and hypervisor side.
This is achieved by invoking this new ioctl KVM_PPC_SVM_OFF from the
machine reset path.
As part of this ioctl, the secure guest is essentially transitioned
back to normal mode so that it can reboot like a regular guest and
become secure again.
This ioctl has no effect when invoked for a normal guest.
Signed-off-by: Bharata B Rao <bharata@linux.ibm.com>
---
* The ioctl implementation in the kernel can be found as part of this patchset:
https://www.spinics.net/lists/linux-mm/msg184366.html
* Updated linux-headers/linux/kvm.h here for completeness as the
definition of KVM_PPC_SVM_OFF isn't yet part of upstream kernel.
hw/ppc/spapr.c | 1 +
linux-headers/linux/kvm.h | 1 +
target/ppc/kvm.c | 7 +++++++
target/ppc/kvm_ppc.h | 6 ++++++
4 files changed, 15 insertions(+)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 821f0d4a49..6abf71f159 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1709,6 +1709,7 @@ static void spapr_machine_reset(MachineState *machine)
void *fdt;
int rc;
+ kvmppc_svm_off();
spapr_caps_apply(spapr);
first_ppc_cpu = POWERPC_CPU(first_cpu);
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index c8423e760c..9603fef9bf 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -1327,6 +1327,7 @@ struct kvm_s390_ucas_mapping {
#define KVM_PPC_GET_RMMU_INFO _IOW(KVMIO, 0xb0, struct kvm_ppc_rmmu_info)
/* Available with KVM_CAP_PPC_GET_CPU_CHAR */
#define KVM_PPC_GET_CPU_CHAR _IOR(KVMIO, 0xb1, struct kvm_ppc_cpu_char)
+#define KVM_PPC_SVM_OFF _IO(KVMIO, 0xb2)
/* ioctl for vm fd */
#define KVM_CREATE_DEVICE _IOWR(KVMIO, 0xe0, struct kvm_create_device)
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 8a06d3171e..079d83ce6c 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -2953,3 +2953,10 @@ void kvmppc_set_reg_tb_offset(PowerPCCPU *cpu, int64_t tb_offset)
kvm_set_one_reg(cs, KVM_REG_PPC_TB_OFFSET, &tb_offset);
}
}
+
+int kvmppc_svm_off(void)
+{
+ KVMState *s = KVM_STATE(current_machine->accelerator);
+
+ return kvm_vm_ioctl(s, KVM_PPC_SVM_OFF);
+}
diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h
index 98bd7d5da6..0fd80e1100 100644
--- a/target/ppc/kvm_ppc.h
+++ b/target/ppc/kvm_ppc.h
@@ -37,6 +37,7 @@ int kvmppc_booke_watchdog_enable(PowerPCCPU *cpu);
target_ulong kvmppc_configure_v3_mmu(PowerPCCPU *cpu,
bool radix, bool gtse,
uint64_t proc_tbl);
+int kvmppc_svm_off(void);
#ifndef CONFIG_USER_ONLY
bool kvmppc_spapr_use_multitce(void);
int kvmppc_spapr_enable_inkernel_multitce(void);
@@ -201,6 +202,11 @@ static inline target_ulong kvmppc_configure_v3_mmu(PowerPCCPU *cpu,
return 0;
}
+static inline int kvmppc_svm_off(void)
+{
+ return 0;
+}
+
static inline void kvmppc_set_reg_ppc_online(PowerPCCPU *cpu,
unsigned int online)
{
--
2.21.0
On Wed, Jul 10, 2019 at 11:36:21AM +0530, Bharata B Rao wrote:
> A pseries guest can be run as a secure guest on Ultravisor-enabled
> POWER platforms. When such a secure guest is reset, we need to
> release/reset a few resources both on ultravisor and hypervisor side.
> This is achieved by invoking this new ioctl KVM_PPC_SVM_OFF from the
> machine reset path.
>
> As part of this ioctl, the secure guest is essentially transitioned
> back to normal mode so that it can reboot like a regular guest and
> become secure again.
>
> This ioctl has no effect when invoked for a normal guest.
>
> Signed-off-by: Bharata B Rao <bharata@linux.ibm.com>
> ---
> * The ioctl implementation in the kernel can be found as part of this patchset:
> https://www.spinics.net/lists/linux-mm/msg184366.html
> * Updated linux-headers/linux/kvm.h here for completeness as the
> definition of KVM_PPC_SVM_OFF isn't yet part of upstream kernel.
The qemu change looks good to me. To actually merge this, the support
will need to go upstream in the kernel first, then we'll need an
update-kernel-headers as a separate patch.
>
> hw/ppc/spapr.c | 1 +
> linux-headers/linux/kvm.h | 1 +
> target/ppc/kvm.c | 7 +++++++
> target/ppc/kvm_ppc.h | 6 ++++++
> 4 files changed, 15 insertions(+)
>
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 821f0d4a49..6abf71f159 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -1709,6 +1709,7 @@ static void spapr_machine_reset(MachineState *machine)
> void *fdt;
> int rc;
>
> + kvmppc_svm_off();
> spapr_caps_apply(spapr);
>
> first_ppc_cpu = POWERPC_CPU(first_cpu);
> diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
> index c8423e760c..9603fef9bf 100644
> --- a/linux-headers/linux/kvm.h
> +++ b/linux-headers/linux/kvm.h
> @@ -1327,6 +1327,7 @@ struct kvm_s390_ucas_mapping {
> #define KVM_PPC_GET_RMMU_INFO _IOW(KVMIO, 0xb0, struct kvm_ppc_rmmu_info)
> /* Available with KVM_CAP_PPC_GET_CPU_CHAR */
> #define KVM_PPC_GET_CPU_CHAR _IOR(KVMIO, 0xb1, struct kvm_ppc_cpu_char)
> +#define KVM_PPC_SVM_OFF _IO(KVMIO, 0xb2)
>
> /* ioctl for vm fd */
> #define KVM_CREATE_DEVICE _IOWR(KVMIO, 0xe0, struct kvm_create_device)
> diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
> index 8a06d3171e..079d83ce6c 100644
> --- a/target/ppc/kvm.c
> +++ b/target/ppc/kvm.c
> @@ -2953,3 +2953,10 @@ void kvmppc_set_reg_tb_offset(PowerPCCPU *cpu, int64_t tb_offset)
> kvm_set_one_reg(cs, KVM_REG_PPC_TB_OFFSET, &tb_offset);
> }
> }
> +
> +int kvmppc_svm_off(void)
> +{
> + KVMState *s = KVM_STATE(current_machine->accelerator);
> +
> + return kvm_vm_ioctl(s, KVM_PPC_SVM_OFF);
> +}
> diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h
> index 98bd7d5da6..0fd80e1100 100644
> --- a/target/ppc/kvm_ppc.h
> +++ b/target/ppc/kvm_ppc.h
> @@ -37,6 +37,7 @@ int kvmppc_booke_watchdog_enable(PowerPCCPU *cpu);
> target_ulong kvmppc_configure_v3_mmu(PowerPCCPU *cpu,
> bool radix, bool gtse,
> uint64_t proc_tbl);
> +int kvmppc_svm_off(void);
> #ifndef CONFIG_USER_ONLY
> bool kvmppc_spapr_use_multitce(void);
> int kvmppc_spapr_enable_inkernel_multitce(void);
> @@ -201,6 +202,11 @@ static inline target_ulong kvmppc_configure_v3_mmu(PowerPCCPU *cpu,
> return 0;
> }
>
> +static inline int kvmppc_svm_off(void)
> +{
> + return 0;
> +}
> +
> static inline void kvmppc_set_reg_ppc_online(PowerPCCPU *cpu,
> unsigned int online)
> {
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
On Thu, Jul 11, 2019 at 11:31:00AM +1000, David Gibson wrote: > On Wed, Jul 10, 2019 at 11:36:21AM +0530, Bharata B Rao wrote: > > A pseries guest can be run as a secure guest on Ultravisor-enabled > > POWER platforms. When such a secure guest is reset, we need to > > release/reset a few resources both on ultravisor and hypervisor side. > > This is achieved by invoking this new ioctl KVM_PPC_SVM_OFF from the > > machine reset path. > > > > As part of this ioctl, the secure guest is essentially transitioned > > back to normal mode so that it can reboot like a regular guest and > > become secure again. > > > > This ioctl has no effect when invoked for a normal guest. > > > > Signed-off-by: Bharata B Rao <bharata@linux.ibm.com> > > --- > > * The ioctl implementation in the kernel can be found as part of this patchset: > > https://www.spinics.net/lists/linux-mm/msg184366.html > > * Updated linux-headers/linux/kvm.h here for completeness as the > > definition of KVM_PPC_SVM_OFF isn't yet part of upstream kernel. > > The qemu change looks good to me. To actually merge this, the support > will need to go upstream in the kernel first, then we'll need an > update-kernel-headers as a separate patch. Sure, Thanks. Will post again once ioctl support is included in the kernel. Regards, Bharata.
Patchew URL: https://patchew.org/QEMU/20190710060621.16430-1-bharata@linux.ibm.com/ Hi, This series seems to have some coding style problems. See output below for more information: Message-id: 20190710060621.16430-1-bharata@linux.ibm.com Type: series Subject: [Qemu-devel] [PATCH v0] ppc/spapr: Support reboot of secure pseries guest === TEST SCRIPT BEGIN === #!/bin/bash git rev-parse base > /dev/null || exit 0 git config --local diff.renamelimit 0 git config --local diff.renames True git config --local diff.algorithm histogram ./scripts/checkpatch.pl --mailback base.. === TEST SCRIPT END === From https://github.com/patchew-project/qemu * [new tag] patchew/20190710060621.16430-1-bharata@linux.ibm.com -> patchew/20190710060621.16430-1-bharata@linux.ibm.com Switched to a new branch 'test' 636a27f80f ppc/spapr: Support reboot of secure pseries guest === OUTPUT BEGIN === ERROR: code indent should never use tabs #79: FILE: target/ppc/kvm_ppc.h:207: +^Ireturn 0;$ total: 1 errors, 0 warnings, 42 lines checked Commit 636a27f80f0d (ppc/spapr: Support reboot of secure pseries guest) has style problems, please review. If any of these errors are false positives report them to the maintainer, see CHECKPATCH in MAINTAINERS. === OUTPUT END === Test command exited with code: 1 The full log is available at http://patchew.org/logs/20190710060621.16430-1-bharata@linux.ibm.com/testing.checkpatch/?type=message. --- Email generated automatically by Patchew [https://patchew.org/]. Please send your feedback to patchew-devel@redhat.com
On Tue, Jul 09, 2019 at 11:12:13PM -0700, no-reply@patchew.org wrote: > Patchew URL: https://patchew.org/QEMU/20190710060621.16430-1-bharata@linux.ibm.com/ > > > > Hi, > > This series seems to have some coding style problems. See output below for > more information: > > Message-id: 20190710060621.16430-1-bharata@linux.ibm.com > Type: series > Subject: [Qemu-devel] [PATCH v0] ppc/spapr: Support reboot of secure pseries guest > > === TEST SCRIPT BEGIN === > #!/bin/bash > git rev-parse base > /dev/null || exit 0 > git config --local diff.renamelimit 0 > git config --local diff.renames True > git config --local diff.algorithm histogram > ./scripts/checkpatch.pl --mailback base.. > === TEST SCRIPT END === > > From https://github.com/patchew-project/qemu > * [new tag] patchew/20190710060621.16430-1-bharata@linux.ibm.com -> patchew/20190710060621.16430-1-bharata@linux.ibm.com > Switched to a new branch 'test' > 636a27f80f ppc/spapr: Support reboot of secure pseries guest > > === OUTPUT BEGIN === > ERROR: code indent should never use tabs > #79: FILE: target/ppc/kvm_ppc.h:207: > +^Ireturn 0;$ Ah, yeah, fix this too, please. > total: 1 errors, 0 warnings, 42 lines checked > > Commit 636a27f80f0d (ppc/spapr: Support reboot of secure pseries guest) has style problems, please review. If any of these errors > are false positives report them to the maintainer, see > CHECKPATCH in MAINTAINERS. > === OUTPUT END === > > Test command exited with code: 1 > > > The full log is available at > http://patchew.org/logs/20190710060621.16430-1-bharata@linux.ibm.com/testing.checkpatch/?type=message. > --- > Email generated automatically by Patchew [https://patchew.org/]. > Please send your feedback to patchew-devel@redhat.com -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
© 2016 - 2024 Red Hat, Inc.