[mirror_qemu.git] / hw / ppc / pef.c

/*
 * PEF (Protected Execution Facility) for POWER support
 *
 * Copyright Red Hat.
 *
 * This work is licensed under the terms of the GNU GPL, version 2 or later.
 * See the COPYING file in the top-level directory.
 *
 */

#include "qemu/osdep.h"

#include "qapi/error.h"
#include "qom/object_interfaces.h"
#include "sysemu/kvm.h"
#include "migration/blocker.h"
#include "exec/confidential-guest-support.h"

#define TYPE_PEF_GUEST "pef-guest"
OBJECT_DECLARE_SIMPLE_TYPE(PefGuest, PEF_GUEST)

typedef struct PefGuest PefGuest;
typedef struct PefGuestClass PefGuestClass;

struct PefGuestClass {
    ConfidentialGuestSupportClass parent_class;
};

/**
 * PefGuest:
 *
 * The PefGuest object is used for creating and managing a PEF
 * guest.
 *
 * # $QEMU \
 *         -object pef-guest,id=pef0 \
 *         -machine ...,confidential-guest-support=pef0
 */
struct PefGuest {
    ConfidentialGuestSupport parent_obj;
};

static int kvmppc_svm_init(ConfidentialGuestSupport *cgs, Error **errp)
{
#ifdef CONFIG_KVM
    static Error *pef_mig_blocker;

    if (!kvm_check_extension(kvm_state, KVM_CAP_PPC_SECURE_GUEST)) {
        error_setg(errp,
                   "KVM implementation does not support Secure VMs (is an ultravisor running?)");
        return -1;
    } else {
        int ret = kvm_vm_enable_cap(kvm_state, KVM_CAP_PPC_SECURE_GUEST, 0, 1);

        if (ret < 0) {
            error_setg(errp,
                       "Error enabling PEF with KVM");
            return -1;
        }
    }

    /* add migration blocker */
    error_setg(&pef_mig_blocker, "PEF: Migration is not implemented");
    /* NB: This can fail if --only-migratable is used */
    migrate_add_blocker(&pef_mig_blocker, &error_fatal);

    cgs->ready = true;

    return 0;
#else
    g_assert_not_reached();
#endif
}

/*
 * Don't set error if KVM_PPC_SVM_OFF ioctl is invoked on kernels
 * that don't support this ioctl.
 */
static int kvmppc_svm_off(Error **errp)
{
#ifdef CONFIG_KVM
    int rc;

    rc = kvm_vm_ioctl(KVM_STATE(current_accel()), KVM_PPC_SVM_OFF);
    if (rc && rc != -ENOTTY) {
        error_setg_errno(errp, -rc, "KVM_PPC_SVM_OFF ioctl failed");
        return rc;
    }
    return 0;
#else
    g_assert_not_reached();
#endif
}

static int pef_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
{
    if (!object_dynamic_cast(OBJECT(cgs), TYPE_PEF_GUEST)) {
        return 0;
    }

    if (!kvm_enabled()) {
        error_setg(errp, "PEF requires KVM");
        return -1;
    }

    return kvmppc_svm_init(cgs, errp);
}

static int pef_kvm_reset(ConfidentialGuestSupport *cgs, Error **errp)
{
    if (!object_dynamic_cast(OBJECT(cgs), TYPE_PEF_GUEST)) {
        return 0;
    }

    /*
     * If we don't have KVM we should never have been able to
     * initialize PEF, so we should never get this far
     */
    assert(kvm_enabled());

    return kvmppc_svm_off(errp);
}

OBJECT_DEFINE_TYPE_WITH_INTERFACES(PefGuest,
                                   pef_guest,
                                   PEF_GUEST,
                                   CONFIDENTIAL_GUEST_SUPPORT,
                                   { TYPE_USER_CREATABLE },
                                   { NULL })

static void pef_guest_class_init(ObjectClass *oc, void *data)
{
    ConfidentialGuestSupportClass *klass = CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc);

    klass->kvm_init = pef_kvm_init;
    klass->kvm_reset = pef_kvm_reset;
}

static void pef_guest_init(Object *obj)
{
}

static void pef_guest_finalize(Object *obj)
{
}
Commit	Line	Data
6c8ebe30 DG	1	/*
	2	* PEF (Protected Execution Facility) for POWER support
	3	*
	4	* Copyright Red Hat.
	5	*
	6	* This work is licensed under the terms of the GNU GPL, version 2 or later.
	7	* See the COPYING file in the top-level directory.
	8	*
	9	*/
	10
	11	#include "qemu/osdep.h"
	12
	13	#include "qapi/error.h"
	14	#include "qom/object_interfaces.h"
	15	#include "sysemu/kvm.h"
	16	#include "migration/blocker.h"
	17	#include "exec/confidential-guest-support.h"
6c8ebe30 DG	18
	19	#define TYPE_PEF_GUEST "pef-guest"
	20	OBJECT_DECLARE_SIMPLE_TYPE(PefGuest, PEF_GUEST)
	21
	22	typedef struct PefGuest PefGuest;
	23	typedef struct PefGuestClass PefGuestClass;
	24
	25	struct PefGuestClass {
	26	ConfidentialGuestSupportClass parent_class;
	27	};
	28
	29	/**
	30	* PefGuest:
	31	*
	32	* The PefGuest object is used for creating and managing a PEF
	33	* guest.
	34	*
	35	* # $QEMU \
	36	* -object pef-guest,id=pef0 \
	37	* -machine ...,confidential-guest-support=pef0
	38	*/
	39	struct PefGuest {
	40	ConfidentialGuestSupport parent_obj;
	41	};
	42
b873ed83	43	static int kvmppc_svm_init(ConfidentialGuestSupport cgs, Error *errp)
6c8ebe30 DG	44	{
6c8ebe30 DG	45	#ifdef CONFIG_KVM
6742eefc DG	46	static Error *pef_mig_blocker;
6742eefc DG	47
6c8ebe30 DG	48	if (!kvm_check_extension(kvm_state, KVM_CAP_PPC_SECURE_GUEST)) {
	49	error_setg(errp,
	50	"KVM implementation does not support Secure VMs (is an ultravisor running?)");
	51	return -1;
	52	} else {
	53	int ret = kvm_vm_enable_cap(kvm_state, KVM_CAP_PPC_SECURE_GUEST, 0, 1);
	54
	55	if (ret < 0) {
	56	error_setg(errp,
	57	"Error enabling PEF with KVM");
	58	return -1;
	59	}
	60	}
	61
6742eefc DG	62	/* add migration blocker */
	63	error_setg(&pef_mig_blocker, "PEF: Migration is not implemented");
	64	/* NB: This can fail if --only-migratable is used */
c8a7fc51	65	migrate_add_blocker(&pef_mig_blocker, &error_fatal);
6742eefc	66
b873ed83 DHB	67	cgs->ready = true;
b873ed83 DHB	68
6c8ebe30 DG	69	return 0;
	70	#else
	71	g_assert_not_reached();
	72	#endif
	73	}
	74
	75	/*
	76	* Don't set error if KVM_PPC_SVM_OFF ioctl is invoked on kernels
	77	* that don't support this ioctl.
	78	*/
	79	static int kvmppc_svm_off(Error **errp)
	80	{
	81	#ifdef CONFIG_KVM
	82	int rc;
	83
	84	rc = kvm_vm_ioctl(KVM_STATE(current_accel()), KVM_PPC_SVM_OFF);
	85	if (rc && rc != -ENOTTY) {
	86	error_setg_errno(errp, -rc, "KVM_PPC_SVM_OFF ioctl failed");
	87	return rc;
	88	}
	89	return 0;
	90	#else
	91	g_assert_not_reached();
	92	#endif
	93	}
	94
00a238b1	95	static int pef_kvm_init(ConfidentialGuestSupport cgs, Error *errp)
6c8ebe30 DG	96	{
	97	if (!object_dynamic_cast(OBJECT(cgs), TYPE_PEF_GUEST)) {
	98	return 0;
	99	}
	100
	101	if (!kvm_enabled()) {
	102	error_setg(errp, "PEF requires KVM");
	103	return -1;
	104	}
	105
b873ed83	106	return kvmppc_svm_init(cgs, errp);
6c8ebe30 DG	107	}
6c8ebe30 DG	108
00a238b1	109	static int pef_kvm_reset(ConfidentialGuestSupport cgs, Error *errp)
6c8ebe30 DG	110	{
	111	if (!object_dynamic_cast(OBJECT(cgs), TYPE_PEF_GUEST)) {
	112	return 0;
	113	}
	114
	115	/*
	116	* If we don't have KVM we should never have been able to
	117	* initialize PEF, so we should never get this far
	118	*/
	119	assert(kvm_enabled());
	120
	121	return kvmppc_svm_off(errp);
	122	}
	123
	124	OBJECT_DEFINE_TYPE_WITH_INTERFACES(PefGuest,
	125	pef_guest,
	126	PEF_GUEST,
	127	CONFIDENTIAL_GUEST_SUPPORT,
	128	{ TYPE_USER_CREATABLE },
	129	{ NULL })
	130
	131	static void pef_guest_class_init(ObjectClass oc, void data)
	132	{
00a238b1 XL	133	ConfidentialGuestSupportClass *klass = CONFIDENTIAL_GUEST_SUPPORT_CLASS(oc);
	134
	135	klass->kvm_init = pef_kvm_init;
	136	klass->kvm_reset = pef_kvm_reset;
6c8ebe30 DG	137	}
	138
	139	static void pef_guest_init(Object *obj)
	140	{
	141	}
	142
	143	static void pef_guest_finalize(Object *obj)
	144	{
	145	}