From nobody Fri Dec 19 19:00:38 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1613395892; cv=none; d=zohomail.com; s=zohoarc; b=LyZnsk3ncO4jtHQEN4bnxu2NoS/MECFVKSBGEKX1eeFVmBpGf1PAg4grM71uWP6KH+Dvvaz9nZ+0sQLyZLPnpL6b71ZRS2nA5t0GbXTNqWCY3X2wRCncokW8fx0LcuzAbpnhpjbZ5KZUHHU3WzE62vg5iFd5XgaSlDCZ5gcrwYc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1613395892; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=OJI3qM7gIOXePDLd73m8wlmDXyNbPRnqK0YSUpDiyi0=; b=JZoUgHh2ALDpYKYYZX2jxe74r2iTP1Hr0Zbyr8vVXg5K/aSGGrum1WvpJlLfSFhu3vE+GXfJtCCXvBSrn78HhfkEaYVMuzMrs30wMXJ4zDvnsm+cUajZJS7BGD6o4ISs6qhv5Z1cImEwXomNuziUBdZ4YIwUhKisEExp7o7EMAs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 161339589190246.10277598178834; Mon, 15 Feb 2021 05:31:31 -0800 (PST) Received: from localhost ([::1]:49590 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lBdyM-0000Z5-SU for importer@patchew.org; Mon, 15 Feb 2021 08:31:30 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:59936) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lBdjv-0005UU-Ct for qemu-devel@nongnu.org; Mon, 15 Feb 2021 08:16:35 -0500 Received: from mail-ed1-x534.google.com ([2a00:1450:4864:20::534]:41555) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lBdjt-0005VK-Jm for qemu-devel@nongnu.org; Mon, 15 Feb 2021 08:16:35 -0500 Received: by mail-ed1-x534.google.com with SMTP id v9so3592210edw.8 for ; Mon, 15 Feb 2021 05:16:33 -0800 (PST) Received: from avogadro.lan ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id o4sm9950184edw.78.2021.02.15.05.16.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Feb 2021 05:16:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=OJI3qM7gIOXePDLd73m8wlmDXyNbPRnqK0YSUpDiyi0=; b=AtQD/u70Fv/u26K0rE5+n/ktk5mmCF6vE+D2To/Icxqd0wuU6emNLgNRISZ5PDC5Ff XLstY+5xAKugacxRW3itkd8lSOV1wfrHuTlY5RaBBx19TzhV8t+PlQoumaiJij6Cr5l0 KiBUOdruKqslTy5TD0mYV3VF9la4CmAwB+3rwSDKTDDiGld0R98Vl2SVfsza9I6xN2yc GG0g2jbj1jEEznplzAvCU8LHSdBweNKXYRs2SiZVOheyw0bhcZuwUZJwWmYVukIzoif3 wlrfI1riCxWQ4yMovGyyfiydPZufdhgDi603Dqbf6Q6UnR+2150Ui2J1XQrJPASnOHc3 2Epg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=OJI3qM7gIOXePDLd73m8wlmDXyNbPRnqK0YSUpDiyi0=; b=Gw6+p7RKo2glpZSn/dx2ReP1TuLmsKwK+MUmrq9M8tSeo+nqInh+iYOlK6LBDPNcfm qwKqkRMIRE3hK6NJ9eFVkiz2jzHMBDCDG1/KvnN1gGSFXWUukrGD/kbmG6jB3kCq4MGD w4jFGL05J5Nt8mmduTygguhK3u4TuOEQ1OcnIGCkAP99x95ShI2gSfyNq3iBrUHCBkXV QkCBF+uFTAda4SYFVZ2Kyd2taxR8KZOmzVOS251fU2kS8dLyHlTpR8KnZZLoFVAbqY74 RLTb4SKJ2sRZDe1/88n2/T5Q7aKioDNTl34sfxYHx6sRTUZ5xSe3o3K3/68RAWm2SNCg mZbw== X-Gm-Message-State: AOAM530dAg0u/Q5w5OVWHu2utXIPW4NEHz9bU2vY+Nl5HiUR6YWTJk1Q y7RShaZilFjcqKS+cJ85yy0tZPzhsuY= X-Google-Smtp-Source: ABdhPJz7j+X6NtzdNy1/SsJNsiwTjpmVzXcVZKbafGONuZfY2okZiU1ZGELrndDVGtIoE+KyREwWsQ== X-Received: by 2002:a05:6402:1806:: with SMTP id g6mr4588088edy.120.1613394992312; Mon, 15 Feb 2021 05:16:32 -0800 (PST) From: Paolo Bonzini To: qemu-devel@nongnu.org Subject: [PULL 06/19] sev/i386: Don't allow a system reset under an SEV-ES guest Date: Mon, 15 Feb 2021 14:16:13 +0100 Message-Id: <20210215131626.65640-7-pbonzini@redhat.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210215131626.65640-1-pbonzini@redhat.com> References: <20210215131626.65640-1-pbonzini@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::534; envelope-from=paolo.bonzini@gmail.com; helo=mail-ed1-x534.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Tom Lendacky , Aleksandar Rikalo , Peter Maydell , David Hildenbrand , "Dr . David Alan Gilbert" , Venu Busireddy , Aurelien Jarno , David Gibson Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" From: Tom Lendacky An SEV-ES guest does not allow register state to be altered once it has been measured. When an SEV-ES guest issues a reboot command, Qemu will reset the vCPU state and resume the guest. This will cause failures under SEV-ES. Prevent that from occuring by introducing an arch-specific callback that returns a boolean indicating whether vCPUs are resettable. Cc: Peter Maydell Cc: Aurelien Jarno Cc: Jiaxun Yang Cc: Aleksandar Rikalo Cc: David Gibson Cc: David Hildenbrand Reviewed-by: Dr. David Alan Gilbert Signed-off-by: Tom Lendacky Reviewed-by: Venu Busireddy Message-Id: <1ac39c441b9a3e970e9556e1cc29d0a0814de6fd.1611682609.git.thomas= .lendacky@amd.com> Signed-off-by: Paolo Bonzini --- accel/kvm/kvm-all.c | 5 +++++ include/sysemu/cpus.h | 2 ++ include/sysemu/hw_accel.h | 5 +++++ include/sysemu/kvm.h | 10 ++++++++++ softmmu/cpus.c | 5 +++++ softmmu/runstate.c | 3 +++ target/arm/kvm.c | 5 +++++ target/i386/kvm/kvm.c | 6 ++++++ target/mips/kvm.c | 5 +++++ target/ppc/kvm.c | 5 +++++ target/s390x/kvm.c | 5 +++++ 11 files changed, 56 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index bf61ef4b54..84c943fcdb 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -2312,6 +2312,11 @@ void kvm_flush_coalesced_mmio_buffer(void) s->coalesced_flush_in_progress =3D false; } =20 +bool kvm_cpu_check_are_resettable(void) +{ + return kvm_arch_cpu_check_are_resettable(); +} + static void do_kvm_cpu_synchronize_state(CPUState *cpu, run_on_cpu_data ar= g) { if (!cpu->vcpu_dirty) { diff --git a/include/sysemu/cpus.h b/include/sysemu/cpus.h index 2cd74392e0..868f1192de 100644 --- a/include/sysemu/cpus.h +++ b/include/sysemu/cpus.h @@ -41,6 +41,8 @@ extern int icount_align_option; /* Unblock cpu */ void qemu_cpu_kick_self(void); =20 +bool cpus_are_resettable(void); + void cpu_synchronize_all_states(void); void cpu_synchronize_all_post_reset(void); void cpu_synchronize_all_post_init(void); diff --git a/include/sysemu/hw_accel.h b/include/sysemu/hw_accel.h index ffed6192a3..61672f9b32 100644 --- a/include/sysemu/hw_accel.h +++ b/include/sysemu/hw_accel.h @@ -22,4 +22,9 @@ void cpu_synchronize_post_reset(CPUState *cpu); void cpu_synchronize_post_init(CPUState *cpu); void cpu_synchronize_pre_loadvm(CPUState *cpu); =20 +static inline bool cpu_check_are_resettable(void) +{ + return kvm_enabled() ? kvm_cpu_check_are_resettable() : true; +} + #endif /* QEMU_HW_ACCEL_H */ diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h index c5546bdecc..687c598be9 100644 --- a/include/sysemu/kvm.h +++ b/include/sysemu/kvm.h @@ -541,4 +541,14 @@ int kvm_get_max_memslots(void); /* Notify resamplefd for EOI of specific interrupts. */ void kvm_resample_fd_notify(int gsi); =20 +/** + * kvm_cpu_check_are_resettable - return whether CPUs can be reset + * + * Returns: true: CPUs are resettable + * false: CPUs are not resettable + */ +bool kvm_cpu_check_are_resettable(void); + +bool kvm_arch_cpu_check_are_resettable(void); + #endif diff --git a/softmmu/cpus.c b/softmmu/cpus.c index 112eba9d54..a7ee431187 100644 --- a/softmmu/cpus.c +++ b/softmmu/cpus.c @@ -194,6 +194,11 @@ void cpu_synchronize_pre_loadvm(CPUState *cpu) } } =20 +bool cpus_are_resettable(void) +{ + return cpu_check_are_resettable(); +} + int64_t cpus_get_virtual_clock(void) { /* diff --git a/softmmu/runstate.c b/softmmu/runstate.c index a7fcb603f7..2874417b61 100644 --- a/softmmu/runstate.c +++ b/softmmu/runstate.c @@ -528,6 +528,9 @@ void qemu_system_reset_request(ShutdownCause reason) if (reboot_action =3D=3D REBOOT_ACTION_SHUTDOWN && reason !=3D SHUTDOWN_CAUSE_SUBSYSTEM_RESET) { shutdown_requested =3D reason; + } else if (!cpus_are_resettable()) { + error_report("cpus are not resettable, terminating"); + shutdown_requested =3D reason; } else { reset_requested =3D reason; } diff --git a/target/arm/kvm.c b/target/arm/kvm.c index ffe186de8d..00e124c812 100644 --- a/target/arm/kvm.c +++ b/target/arm/kvm.c @@ -1045,3 +1045,8 @@ int kvm_arch_msi_data_to_gsi(uint32_t data) { return (data - 32) & 0xffff; } + +bool kvm_arch_cpu_check_are_resettable(void) +{ + return true; +} diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index f56a8536d0..d10667b21b 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -27,6 +27,7 @@ #include "sysemu/kvm_int.h" #include "sysemu/runstate.h" #include "kvm_i386.h" +#include "sev_i386.h" #include "hyperv.h" #include "hyperv-proto.h" =20 @@ -4821,3 +4822,8 @@ bool kvm_has_waitpkg(void) { return has_msr_umwait; } + +bool kvm_arch_cpu_check_are_resettable(void) +{ + return !sev_es_enabled(); +} diff --git a/target/mips/kvm.c b/target/mips/kvm.c index 84fb10ea35..123ec1be7e 100644 --- a/target/mips/kvm.c +++ b/target/mips/kvm.c @@ -1290,3 +1290,8 @@ int mips_kvm_type(MachineState *machine, const char *= vm_type) =20 return -1; } + +bool kvm_arch_cpu_check_are_resettable(void) +{ + return true; +} diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c index 0c5056dd5b..298c1f882c 100644 --- a/target/ppc/kvm.c +++ b/target/ppc/kvm.c @@ -2929,3 +2929,8 @@ void kvmppc_set_reg_tb_offset(PowerPCCPU *cpu, int64_= t tb_offset) kvm_set_one_reg(cs, KVM_REG_PPC_TB_OFFSET, &tb_offset); } } + +bool kvm_arch_cpu_check_are_resettable(void) +{ + return true; +} diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c index dc27fa36c9..7a892d663d 100644 --- a/target/s390x/kvm.c +++ b/target/s390x/kvm.c @@ -2599,3 +2599,8 @@ void kvm_s390_stop_interrupt(S390CPU *cpu) =20 kvm_s390_vcpu_interrupt(cpu, &irq); } + +bool kvm_arch_cpu_check_are_resettable(void) +{ + return true; +} --=20 2.29.2